=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/servconf.c,v retrieving revision 1.127.2.2 retrieving revision 1.128 diff -u -r1.127.2.2 -r1.128 --- src/usr.bin/ssh/servconf.c 2004/08/19 22:37:32 1.127.2.2 +++ src/usr.bin/ssh/servconf.c 2003/09/29 20:19:57 1.128 @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.127.2.2 2004/08/19 22:37:32 brad Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.128 2003/09/29 20:19:57 markus Exp $"); #include "ssh.h" #include "log.h" @@ -18,6 +18,7 @@ #include "xmalloc.h" #include "compat.h" #include "pathnames.h" +#include "tildexpand.h" #include "misc.h" #include "cipher.h" #include "kex.h" @@ -55,7 +56,7 @@ options->x11_use_localhost = -1; options->xauth_location = NULL; options->strict_modes = -1; - options->tcp_keep_alive = -1; + options->keepalives = -1; options->log_facility = SYSLOG_FACILITY_NOT_SET; options->log_level = SYSLOG_LEVEL_NOT_SET; options->rhosts_rsa_authentication = -1; @@ -66,7 +67,6 @@ options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; options->kerberos_ticket_cleanup = -1; - options->kerberos_get_afs_token = -1; options->gss_authentication=-1; options->gss_cleanup_creds = -1; options->password_authentication = -1; @@ -89,14 +89,12 @@ options->max_startups_begin = -1; options->max_startups_rate = -1; options->max_startups = -1; - options->max_authtries = -1; options->banner = NULL; options->use_dns = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; - options->num_accept_env = 0; /* Needs to be accessable in many places */ use_privsep = -1; @@ -151,8 +149,8 @@ options->xauth_location = _PATH_XAUTH; if (options->strict_modes == -1) options->strict_modes = 1; - if (options->tcp_keep_alive == -1) - options->tcp_keep_alive = 1; + if (options->keepalives == -1) + options->keepalives = 1; if (options->log_facility == SYSLOG_FACILITY_NOT_SET) options->log_facility = SYSLOG_FACILITY_AUTH; if (options->log_level == SYSLOG_LEVEL_NOT_SET) @@ -173,8 +171,6 @@ options->kerberos_or_local_passwd = 1; if (options->kerberos_ticket_cleanup == -1) options->kerberos_ticket_cleanup = 1; - if (options->kerberos_get_afs_token == -1) - options->kerberos_get_afs_token = 0; if (options->gss_authentication == -1) options->gss_authentication = 0; if (options->gss_cleanup_creds == -1) @@ -203,8 +199,6 @@ options->max_startups_rate = 100; /* 100% */ if (options->max_startups_begin == -1) options->max_startups_begin = options->max_startups; - if (options->max_authtries == -1) - options->max_authtries = DEFAULT_AUTH_FAIL_MAX; if (options->use_dns == -1) options->use_dns = 1; if (options->client_alive_interval == -1) @@ -233,21 +227,19 @@ sPermitRootLogin, sLogFacility, sLogLevel, sRhostsRSAAuthentication, sRSAAuthentication, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, - sKerberosGetAFSToken, sKerberosTgtPassing, sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, - sStrictModes, sEmptyPasswd, sTCPKeepAlive, + sStrictModes, sEmptyPasswd, sKeepAlives, sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, - sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, - sMaxStartups, sMaxAuthTries, + sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, sBanner, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, + sGssAuthentication, sGssCleanupCreds, sUsePrivilegeSeparation, sDeprecated, sUnsupported } ServerOpCodes; @@ -278,12 +270,10 @@ { "kerberosauthentication", sKerberosAuthentication }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, { "kerberosticketcleanup", sKerberosTicketCleanup }, - { "kerberosgetafstoken", sKerberosGetAFSToken }, #else { "kerberosauthentication", sUnsupported }, { "kerberosorlocalpasswd", sUnsupported }, { "kerberosticketcleanup", sUnsupported }, - { "kerberosgetafstoken", sUnsupported }, #endif { "kerberostgtpassing", sUnsupported }, { "afstokenpassing", sUnsupported }, @@ -313,8 +303,7 @@ { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, { "compression", sCompression }, - { "tcpkeepalive", sTCPKeepAlive }, - { "keepalive", sTCPKeepAlive }, /* obsolete alias */ + { "keepalive", sKeepAlives }, { "allowtcpforwarding", sAllowTcpForwarding }, { "allowusers", sAllowUsers }, { "denyusers", sDenyUsers }, @@ -326,7 +315,6 @@ { "gatewayports", sGatewayPorts }, { "subsystem", sSubsystem }, { "maxstartups", sMaxStartups }, - { "maxauthtries", sMaxAuthTries }, { "banner", sBanner }, { "usedns", sUseDNS }, { "verifyreversemapping", sDeprecated }, @@ -336,7 +324,6 @@ { "authorizedkeysfile", sAuthorizedKeysFile }, { "authorizedkeysfile2", sAuthorizedKeysFile2 }, { "useprivilegeseparation", sUsePrivilegeSeparation}, - { "acceptenv", sAcceptEnv }, { NULL, sBadOption } }; @@ -605,10 +592,6 @@ intptr = &options->kerberos_ticket_cleanup; goto parse_flag; - case sKerberosGetAFSToken: - intptr = &options->kerberos_get_afs_token; - goto parse_flag; - case sGssAuthentication: intptr = &options->gss_authentication; goto parse_flag; @@ -657,8 +640,8 @@ intptr = &options->strict_modes; goto parse_flag; - case sTCPKeepAlive: - intptr = &options->tcp_keep_alive; + case sKeepAlives: + intptr = &options->keepalives; goto parse_flag; case sEmptyPasswd: @@ -833,10 +816,6 @@ options->max_startups = options->max_startups_begin; break; - case sMaxAuthTries: - intptr = &options->max_authtries; - goto parse_int; - case sBanner: charptr = &options->banner; goto parse_filename; @@ -861,19 +840,6 @@ intptr = &options->client_alive_count_max; goto parse_int; - case sAcceptEnv: - while ((arg = strdelim(&cp)) && *arg != '\0') { - if (strchr(arg, '=') != NULL) - fatal("%s line %d: Invalid environment name.", - filename, linenum); - if (options->num_accept_env >= MAX_ACCEPT_ENV) - fatal("%s line %d: too many allow env.", - filename, linenum); - options->accept_env[options->num_accept_env++] = - xstrdup(arg); - } - break; - case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); @@ -901,50 +867,26 @@ /* Reads the server configuration file. */ void -load_server_config(const char *filename, Buffer *conf) +read_server_config(ServerOptions *options, const char *filename) { - char line[1024], *cp; + int linenum, bad_options = 0; + char line[1024]; FILE *f; - debug2("%s: filename %s", __func__, filename); - if ((f = fopen(filename, "r")) == NULL) { + debug2("read_server_config: filename %s", filename); + f = fopen(filename, "r"); + if (!f) { perror(filename); exit(1); } - buffer_clear(conf); + linenum = 0; while (fgets(line, sizeof(line), f)) { - /* - * Trim out comments and strip whitespace - * NB - preserve newlines, they are needed to reproduce - * line numbers later for error messages - */ - if ((cp = strchr(line, '#')) != NULL) - memcpy(cp, "\n", 2); - cp = line + strspn(line, " \t\r"); - - buffer_append(conf, cp, strlen(cp)); - } - buffer_append(conf, "\0", 1); - fclose(f); - debug2("%s: done config len = %d", __func__, buffer_len(conf)); -} - -void -parse_server_config(ServerOptions *options, const char *filename, Buffer *conf) -{ - int linenum, bad_options = 0; - char *cp, *obuf, *cbuf; - - debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); - - obuf = cbuf = xstrdup(buffer_ptr(conf)); - linenum = 1; - while((cp = strsep(&cbuf, "\n")) != NULL) { - if (process_server_config_line(options, cp, filename, - linenum++) != 0) + /* Update line number counter. */ + linenum++; + if (process_server_config_line(options, line, filename, linenum) != 0) bad_options++; } - xfree(obuf); + fclose(f); if (bad_options > 0) fatal("%s: terminating, %d bad configuration options", filename, bad_options);