Annotation of src/usr.bin/ssh/servconf.c, Revision 1.1
1.1 ! deraadt 1: /*
! 2:
! 3: servconf.c
! 4:
! 5: Author: Tatu Ylonen <ylo@cs.hut.fi>
! 6:
! 7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
! 8: All rights reserved
! 9:
! 10: Created: Mon Aug 21 15:48:58 1995 ylo
! 11:
! 12: */
! 13:
! 14: #include "includes.h"
! 15: RCSID("$Id: servconf.c,v 1.8 1999/06/12 09:22:04 bg Exp $");
! 16:
! 17: #include "ssh.h"
! 18: #include "servconf.h"
! 19: #include "xmalloc.h"
! 20:
! 21: /* Initializes the server options to their default values. */
! 22:
! 23: void initialize_server_options(ServerOptions *options)
! 24: {
! 25: memset(options, 0, sizeof(*options));
! 26: options->port = -1;
! 27: options->listen_addr.s_addr = INADDR_ANY;
! 28: options->host_key_file = NULL;
! 29: options->random_seed_file = NULL;
! 30: options->server_key_bits = -1;
! 31: options->login_grace_time = -1;
! 32: options->key_regeneration_time = -1;
! 33: options->permit_root_login = -1;
! 34: options->ignore_rhosts = -1;
! 35: options->quiet_mode = -1;
! 36: options->fascist_logging = -1;
! 37: options->print_motd = -1;
! 38: options->x11_forwarding = -1;
! 39: options->strict_modes = -1;
! 40: options->keepalives = -1;
! 41: options->log_facility = (SyslogFacility)-1;
! 42: options->rhosts_authentication = -1;
! 43: options->rhosts_rsa_authentication = -1;
! 44: options->rsa_authentication = -1;
! 45: #ifdef KRB4
! 46: options->kerberos_authentication = -1;
! 47: options->kerberos_or_local_passwd = -1;
! 48: #endif
! 49: #if defined(KRB4) || defined(AFS)
! 50: options->kerberos_ticket_cleanup = -1;
! 51: #endif
! 52: #ifdef KERBEROS_TGT_PASSING
! 53: options->kerberos_tgt_passing = -1;
! 54: #endif
! 55: #ifdef AFS
! 56: options->afs_token_passing = -1;
! 57: #endif
! 58: options->password_authentication = -1;
! 59: options->permit_empty_passwd = -1;
! 60: options->num_allow_hosts = 0;
! 61: options->num_deny_hosts = 0;
! 62: }
! 63:
! 64: void fill_default_server_options(ServerOptions *options)
! 65: {
! 66: if (options->port == -1)
! 67: {
! 68: struct servent *sp;
! 69:
! 70: sp = getservbyname(SSH_SERVICE_NAME, "tcp");
! 71: if (sp)
! 72: options->port = ntohs(sp->s_port);
! 73: else
! 74: options->port = SSH_DEFAULT_PORT;
! 75: endservent();
! 76: }
! 77: if (options->host_key_file == NULL)
! 78: options->host_key_file = HOST_KEY_FILE;
! 79: if (options->random_seed_file == NULL)
! 80: options->random_seed_file = SSH_DAEMON_SEED_FILE;
! 81: if (options->server_key_bits == -1)
! 82: options->server_key_bits = 768;
! 83: if (options->login_grace_time == -1)
! 84: options->login_grace_time = 600;
! 85: if (options->key_regeneration_time == -1)
! 86: options->key_regeneration_time = 3600;
! 87: if (options->permit_root_login == -1)
! 88: options->permit_root_login = 1;
! 89: if (options->ignore_rhosts == -1)
! 90: options->ignore_rhosts = 0;
! 91: if (options->quiet_mode == -1)
! 92: options->quiet_mode = 0;
! 93: if (options->fascist_logging == -1)
! 94: options->fascist_logging = 1;
! 95: if (options->print_motd == -1)
! 96: options->print_motd = 1;
! 97: if (options->x11_forwarding == -1)
! 98: options->x11_forwarding = 1;
! 99: if (options->strict_modes == -1)
! 100: options->strict_modes = 1;
! 101: if (options->keepalives == -1)
! 102: options->keepalives = 1;
! 103: if (options->log_facility == (SyslogFacility)(-1))
! 104: options->log_facility = SYSLOG_FACILITY_DAEMON;
! 105: if (options->rhosts_authentication == -1)
! 106: options->rhosts_authentication = 0;
! 107: if (options->rhosts_rsa_authentication == -1)
! 108: options->rhosts_rsa_authentication = 1;
! 109: if (options->rsa_authentication == -1)
! 110: options->rsa_authentication = 1;
! 111: #ifdef KRB4
! 112: if (options->kerberos_authentication == -1)
! 113: options->kerberos_authentication = 1;
! 114: if (options->kerberos_or_local_passwd == -1)
! 115: options->kerberos_or_local_passwd = 0;
! 116: #endif
! 117: #if defined(KRB4) || defined(AFS)
! 118: if (options->kerberos_ticket_cleanup == -1)
! 119: options->kerberos_ticket_cleanup = 1;
! 120: #endif
! 121: #ifdef KERBEROS_TGT_PASSING
! 122: if (options->kerberos_tgt_passing == -1)
! 123: options->kerberos_tgt_passing = 0;
! 124: #endif
! 125: #ifdef AFS
! 126: if (options->afs_token_passing == -1)
! 127: options->afs_token_passing = 1;
! 128: #endif
! 129: if (options->password_authentication == -1)
! 130: options->password_authentication = 1;
! 131: if (options->permit_empty_passwd == -1)
! 132: options->permit_empty_passwd = 1;
! 133: }
! 134:
! 135: #define WHITESPACE " \t\r\n"
! 136:
! 137: /* Keyword tokens. */
! 138: typedef enum
! 139: {
! 140: sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
! 141: sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
! 142: sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
! 143: #ifdef KRB4
! 144: sKerberosAuthentication, sKerberosOrLocalPasswd,
! 145: #endif
! 146: #if defined(KRB4) || defined(AFS)
! 147: sKerberosTicketCleanup,
! 148: #endif
! 149: #ifdef KERBEROS_TGT_PASSING
! 150: sKerberosTgtPassing,
! 151: #endif
! 152: #ifdef AFS
! 153: sAFSTokenPassing,
! 154: #endif
! 155: sPasswordAuthentication, sAllowHosts, sDenyHosts, sListenAddress,
! 156: sPrintMotd, sIgnoreRhosts, sX11Forwarding,
! 157: sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives
! 158: } ServerOpCodes;
! 159:
! 160: /* Textual representation of the tokens. */
! 161: static struct
! 162: {
! 163: const char *name;
! 164: ServerOpCodes opcode;
! 165: } keywords[] =
! 166: {
! 167: { "port", sPort },
! 168: { "hostkey", sHostKeyFile },
! 169: { "serverkeybits", sServerKeyBits },
! 170: { "logingracetime", sLoginGraceTime },
! 171: { "keyregenerationinterval", sKeyRegenerationTime },
! 172: { "permitrootlogin", sPermitRootLogin },
! 173: { "quietmode", sQuietMode },
! 174: { "fascistlogging", sFascistLogging },
! 175: { "syslogfacility", sLogFacility },
! 176: { "rhostsauthentication", sRhostsAuthentication },
! 177: { "rhostsrsaauthentication", sRhostsRSAAuthentication },
! 178: { "rsaauthentication", sRSAAuthentication },
! 179: #ifdef KRB4
! 180: { "kerberosauthentication", sKerberosAuthentication },
! 181: { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
! 182: #endif
! 183: #if defined(KRB4) || defined(AFS)
! 184: { "kerberosticketcleanup", sKerberosTicketCleanup },
! 185: #endif
! 186: #ifdef KERBEROS_TGT_PASSING
! 187: { "kerberostgtpassing", sKerberosTgtPassing },
! 188: #endif
! 189: #ifdef AFS
! 190: { "afstokenpassing", sAFSTokenPassing },
! 191: #endif
! 192: { "passwordauthentication", sPasswordAuthentication },
! 193: { "allowhosts", sAllowHosts },
! 194: { "denyhosts", sDenyHosts },
! 195: { "listenaddress", sListenAddress },
! 196: { "printmotd", sPrintMotd },
! 197: { "ignorerhosts", sIgnoreRhosts },
! 198: { "x11forwarding", sX11Forwarding },
! 199: { "strictmodes", sStrictModes },
! 200: { "permitemptypasswords", sEmptyPasswd },
! 201: { "randomseed", sRandomSeedFile },
! 202: { "keepalive", sKeepAlives },
! 203: { NULL, 0 }
! 204: };
! 205:
! 206: static struct
! 207: {
! 208: const char *name;
! 209: SyslogFacility facility;
! 210: } log_facilities[] =
! 211: {
! 212: { "DAEMON", SYSLOG_FACILITY_DAEMON },
! 213: { "USER", SYSLOG_FACILITY_USER },
! 214: { "AUTH", SYSLOG_FACILITY_AUTH },
! 215: { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
! 216: { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
! 217: { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
! 218: { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
! 219: { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
! 220: { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
! 221: { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
! 222: { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
! 223: { NULL, 0 }
! 224: };
! 225:
! 226: /* Returns the number of the token pointed to by cp of length len.
! 227: Never returns if the token is not known. */
! 228:
! 229: static ServerOpCodes parse_token(const char *cp, const char *filename,
! 230: int linenum)
! 231: {
! 232: unsigned int i;
! 233:
! 234: for (i = 0; keywords[i].name; i++)
! 235: if (strcmp(cp, keywords[i].name) == 0)
! 236: return keywords[i].opcode;
! 237:
! 238: fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
! 239: filename, linenum, cp);
! 240: exit(1);
! 241: }
! 242:
! 243: /* Reads the server configuration file. */
! 244:
! 245: void read_server_config(ServerOptions *options, const char *filename)
! 246: {
! 247: FILE *f;
! 248: char line[1024];
! 249: char *cp, **charptr;
! 250: int linenum, *intptr, i, value;
! 251: ServerOpCodes opcode;
! 252:
! 253: f = fopen(filename, "r");
! 254: if (!f)
! 255: {
! 256: perror(filename);
! 257: return;
! 258: }
! 259:
! 260: linenum = 0;
! 261: while (fgets(line, sizeof(line), f))
! 262: {
! 263: linenum++;
! 264: cp = line + strspn(line, WHITESPACE);
! 265: if (!*cp || *cp == '#')
! 266: continue;
! 267: cp = strtok(cp, WHITESPACE);
! 268: {
! 269: char *t = cp;
! 270: for (; *t != 0; t++)
! 271: if ('A' <= *t && *t <= 'Z')
! 272: *t = *t - 'A' + 'a'; /* tolower */
! 273:
! 274: }
! 275: opcode = parse_token(cp, filename, linenum);
! 276: switch (opcode)
! 277: {
! 278: case sPort:
! 279: intptr = &options->port;
! 280: parse_int:
! 281: cp = strtok(NULL, WHITESPACE);
! 282: if (!cp)
! 283: {
! 284: fprintf(stderr, "%s line %d: missing integer value.\n",
! 285: filename, linenum);
! 286: exit(1);
! 287: }
! 288: value = atoi(cp);
! 289: if (*intptr == -1)
! 290: *intptr = value;
! 291: break;
! 292:
! 293: case sServerKeyBits:
! 294: intptr = &options->server_key_bits;
! 295: goto parse_int;
! 296:
! 297: case sLoginGraceTime:
! 298: intptr = &options->login_grace_time;
! 299: goto parse_int;
! 300:
! 301: case sKeyRegenerationTime:
! 302: intptr = &options->key_regeneration_time;
! 303: goto parse_int;
! 304:
! 305: case sListenAddress:
! 306: cp = strtok(NULL, WHITESPACE);
! 307: if (!cp)
! 308: {
! 309: fprintf(stderr, "%s line %d: missing inet addr.\n",
! 310: filename, linenum);
! 311: exit(1);
! 312: }
! 313: #ifdef BROKEN_INET_ADDR
! 314: options->listen_addr.s_addr = inet_network(cp);
! 315: #else /* BROKEN_INET_ADDR */
! 316: options->listen_addr.s_addr = inet_addr(cp);
! 317: #endif /* BROKEN_INET_ADDR */
! 318: break;
! 319:
! 320: case sHostKeyFile:
! 321: charptr = &options->host_key_file;
! 322: parse_pathname:
! 323: cp = strtok(NULL, WHITESPACE);
! 324: if (!cp)
! 325: {
! 326: fprintf(stderr, "%s line %d: missing file name.\n",
! 327: filename, linenum);
! 328: exit(1);
! 329: }
! 330: if (*charptr == NULL)
! 331: *charptr = tilde_expand_filename(cp, getuid());
! 332: break;
! 333:
! 334: case sRandomSeedFile:
! 335: charptr = &options->random_seed_file;
! 336: goto parse_pathname;
! 337:
! 338: case sPermitRootLogin:
! 339: intptr = &options->permit_root_login;
! 340: parse_flag:
! 341: cp = strtok(NULL, WHITESPACE);
! 342: if (!cp)
! 343: {
! 344: fprintf(stderr, "%s line %d: missing yes/no argument.\n",
! 345: filename, linenum);
! 346: exit(1);
! 347: }
! 348: if (strcmp(cp, "yes") == 0)
! 349: value = 1;
! 350: else
! 351: if (strcmp(cp, "no") == 0)
! 352: value = 0;
! 353: else
! 354: {
! 355: fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
! 356: filename, linenum, cp);
! 357: exit(1);
! 358: }
! 359: if (*intptr == -1)
! 360: *intptr = value;
! 361: break;
! 362:
! 363: case sIgnoreRhosts:
! 364: intptr = &options->ignore_rhosts;
! 365: goto parse_flag;
! 366:
! 367: case sQuietMode:
! 368: intptr = &options->quiet_mode;
! 369: goto parse_flag;
! 370:
! 371: case sFascistLogging:
! 372: intptr = &options->fascist_logging;
! 373: goto parse_flag;
! 374:
! 375: case sRhostsAuthentication:
! 376: intptr = &options->rhosts_authentication;
! 377: goto parse_flag;
! 378:
! 379: case sRhostsRSAAuthentication:
! 380: intptr = &options->rhosts_rsa_authentication;
! 381: goto parse_flag;
! 382:
! 383: case sRSAAuthentication:
! 384: intptr = &options->rsa_authentication;
! 385: goto parse_flag;
! 386:
! 387: #ifdef KRB4
! 388: case sKerberosAuthentication:
! 389: intptr = &options->kerberos_authentication;
! 390: goto parse_flag;
! 391:
! 392: case sKerberosOrLocalPasswd:
! 393: intptr = &options->kerberos_or_local_passwd;
! 394: goto parse_flag;
! 395: #endif
! 396:
! 397: #if defined(KRB4) || defined(AFS)
! 398: case sKerberosTicketCleanup:
! 399: intptr = &options->kerberos_ticket_cleanup;
! 400: goto parse_flag;
! 401: #endif
! 402:
! 403: #ifdef KERBEROS_TGT_PASSING
! 404: case sKerberosTgtPassing:
! 405: intptr = &options->kerberos_tgt_passing;
! 406: goto parse_flag;
! 407: #endif
! 408:
! 409: #ifdef AFS
! 410: case sAFSTokenPassing:
! 411: intptr = &options->afs_token_passing;
! 412: goto parse_flag;
! 413: #endif
! 414:
! 415: case sPasswordAuthentication:
! 416: intptr = &options->password_authentication;
! 417: goto parse_flag;
! 418:
! 419: case sPrintMotd:
! 420: intptr = &options->print_motd;
! 421: goto parse_flag;
! 422:
! 423: case sX11Forwarding:
! 424: intptr = &options->x11_forwarding;
! 425: goto parse_flag;
! 426:
! 427: case sStrictModes:
! 428: intptr = &options->strict_modes;
! 429: goto parse_flag;
! 430:
! 431: case sKeepAlives:
! 432: intptr = &options->keepalives;
! 433: goto parse_flag;
! 434:
! 435: case sEmptyPasswd:
! 436: intptr = &options->permit_empty_passwd;
! 437: goto parse_flag;
! 438:
! 439: case sLogFacility:
! 440: cp = strtok(NULL, WHITESPACE);
! 441: if (!cp)
! 442: {
! 443: fprintf(stderr, "%s line %d: missing facility name.\n",
! 444: filename, linenum);
! 445: exit(1);
! 446: }
! 447: for (i = 0; log_facilities[i].name; i++)
! 448: if (strcmp(log_facilities[i].name, cp) == 0)
! 449: break;
! 450: if (!log_facilities[i].name)
! 451: {
! 452: fprintf(stderr, "%s line %d: unsupported log facility %s\n",
! 453: filename, linenum, cp);
! 454: exit(1);
! 455: }
! 456: if (options->log_facility == (SyslogFacility)(-1))
! 457: options->log_facility = log_facilities[i].facility;
! 458: break;
! 459:
! 460: case sAllowHosts:
! 461: while ((cp = strtok(NULL, WHITESPACE)))
! 462: {
! 463: if (options->num_allow_hosts >= MAX_ALLOW_HOSTS)
! 464: {
! 465: fprintf(stderr, "%s line %d: too many allow hosts.\n",
! 466: filename, linenum);
! 467: exit(1);
! 468: }
! 469: options->allow_hosts[options->num_allow_hosts++] = xstrdup(cp);
! 470: }
! 471: break;
! 472:
! 473: case sDenyHosts:
! 474: while ((cp = strtok(NULL, WHITESPACE)))
! 475: {
! 476: if (options->num_deny_hosts >= MAX_DENY_HOSTS)
! 477: {
! 478: fprintf(stderr, "%s line %d: too many deny hosts.\n",
! 479: filename, linenum);
! 480: exit(1);
! 481: }
! 482: options->deny_hosts[options->num_deny_hosts++] = xstrdup(cp);
! 483: }
! 484: break;
! 485:
! 486: default:
! 487: fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
! 488: filename, linenum, cp, opcode);
! 489: exit(1);
! 490: }
! 491: if (strtok(NULL, WHITESPACE) != NULL)
! 492: {
! 493: fprintf(stderr, "%s line %d: garbage at end of line.\n",
! 494: filename, linenum);
! 495: exit(1);
! 496: }
! 497: }
! 498: fclose(f);
! 499: }