Annotation of src/usr.bin/ssh/servconf.c, Revision 1.10
1.1 deraadt 1: /*
2:
3: servconf.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Mon Aug 21 15:48:58 1995 ylo
11:
12: */
13:
14: #include "includes.h"
1.10 ! markus 15: RCSID("$Id: servconf.c,v 1.9 1999/10/02 19:18:22 deraadt Exp $");
1.1 deraadt 16:
17: #include "ssh.h"
18: #include "servconf.h"
19: #include "xmalloc.h"
20:
21: /* Initializes the server options to their default values. */
22:
23: void initialize_server_options(ServerOptions *options)
24: {
25: memset(options, 0, sizeof(*options));
26: options->port = -1;
1.3 deraadt 27: options->listen_addr.s_addr = htonl(INADDR_ANY);
1.1 deraadt 28: options->host_key_file = NULL;
29: options->server_key_bits = -1;
30: options->login_grace_time = -1;
31: options->key_regeneration_time = -1;
32: options->permit_root_login = -1;
33: options->ignore_rhosts = -1;
34: options->quiet_mode = -1;
35: options->fascist_logging = -1;
36: options->print_motd = -1;
37: options->x11_forwarding = -1;
1.2 deraadt 38: options->x11_display_offset = -1;
1.1 deraadt 39: options->strict_modes = -1;
40: options->keepalives = -1;
41: options->log_facility = (SyslogFacility)-1;
42: options->rhosts_authentication = -1;
43: options->rhosts_rsa_authentication = -1;
44: options->rsa_authentication = -1;
45: #ifdef KRB4
46: options->kerberos_authentication = -1;
47: options->kerberos_or_local_passwd = -1;
48: options->kerberos_ticket_cleanup = -1;
49: #endif
1.4 dugsong 50: #ifdef AFS
1.1 deraadt 51: options->kerberos_tgt_passing = -1;
52: options->afs_token_passing = -1;
53: #endif
54: options->password_authentication = -1;
1.10 ! markus 55: #ifdef SKEY
! 56: options->skey_authentication = -1;
! 57: #endif
1.1 deraadt 58: options->permit_empty_passwd = -1;
59: options->num_allow_hosts = 0;
60: options->num_deny_hosts = 0;
61: }
62:
63: void fill_default_server_options(ServerOptions *options)
64: {
65: if (options->port == -1)
66: {
67: struct servent *sp;
68:
69: sp = getservbyname(SSH_SERVICE_NAME, "tcp");
70: if (sp)
71: options->port = ntohs(sp->s_port);
72: else
73: options->port = SSH_DEFAULT_PORT;
74: endservent();
75: }
76: if (options->host_key_file == NULL)
77: options->host_key_file = HOST_KEY_FILE;
78: if (options->server_key_bits == -1)
79: options->server_key_bits = 768;
80: if (options->login_grace_time == -1)
81: options->login_grace_time = 600;
82: if (options->key_regeneration_time == -1)
83: options->key_regeneration_time = 3600;
84: if (options->permit_root_login == -1)
85: options->permit_root_login = 1;
86: if (options->ignore_rhosts == -1)
87: options->ignore_rhosts = 0;
88: if (options->quiet_mode == -1)
89: options->quiet_mode = 0;
90: if (options->fascist_logging == -1)
91: options->fascist_logging = 1;
92: if (options->print_motd == -1)
93: options->print_motd = 1;
94: if (options->x11_forwarding == -1)
95: options->x11_forwarding = 1;
1.2 deraadt 96: if (options->x11_display_offset == -1)
97: options->x11_display_offset = 1;
1.1 deraadt 98: if (options->strict_modes == -1)
99: options->strict_modes = 1;
100: if (options->keepalives == -1)
101: options->keepalives = 1;
102: if (options->log_facility == (SyslogFacility)(-1))
103: options->log_facility = SYSLOG_FACILITY_DAEMON;
104: if (options->rhosts_authentication == -1)
105: options->rhosts_authentication = 0;
106: if (options->rhosts_rsa_authentication == -1)
107: options->rhosts_rsa_authentication = 1;
108: if (options->rsa_authentication == -1)
109: options->rsa_authentication = 1;
110: #ifdef KRB4
111: if (options->kerberos_authentication == -1)
1.5 dugsong 112: options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
1.1 deraadt 113: if (options->kerberos_or_local_passwd == -1)
114: options->kerberos_or_local_passwd = 0;
115: if (options->kerberos_ticket_cleanup == -1)
116: options->kerberos_ticket_cleanup = 1;
1.4 dugsong 117: #endif /* KRB4 */
118: #ifdef AFS
1.1 deraadt 119: if (options->kerberos_tgt_passing == -1)
120: options->kerberos_tgt_passing = 0;
121: if (options->afs_token_passing == -1)
1.5 dugsong 122: options->afs_token_passing = k_hasafs();
1.4 dugsong 123: #endif /* AFS */
1.1 deraadt 124: if (options->password_authentication == -1)
125: options->password_authentication = 1;
1.10 ! markus 126: #ifdef SKEY
! 127: if (options->skey_authentication == -1)
! 128: options->skey_authentication = 1;
! 129: #endif
1.1 deraadt 130: if (options->permit_empty_passwd == -1)
1.10 ! markus 131: options->permit_empty_passwd = 1;
1.1 deraadt 132: }
133:
134: #define WHITESPACE " \t\r\n"
135:
136: /* Keyword tokens. */
137: typedef enum
138: {
139: sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
140: sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
141: sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
142: #ifdef KRB4
1.4 dugsong 143: sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
1.1 deraadt 144: #endif
145: #ifdef AFS
1.4 dugsong 146: sKerberosTgtPassing, sAFSTokenPassing,
1.1 deraadt 147: #endif
1.10 ! markus 148: #ifdef SKEY
! 149: sSkeyAuthentication,
! 150: #endif
1.1 deraadt 151: sPasswordAuthentication, sAllowHosts, sDenyHosts, sListenAddress,
1.2 deraadt 152: sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
1.1 deraadt 153: sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives
154: } ServerOpCodes;
155:
156: /* Textual representation of the tokens. */
157: static struct
158: {
159: const char *name;
160: ServerOpCodes opcode;
161: } keywords[] =
162: {
163: { "port", sPort },
164: { "hostkey", sHostKeyFile },
165: { "serverkeybits", sServerKeyBits },
166: { "logingracetime", sLoginGraceTime },
167: { "keyregenerationinterval", sKeyRegenerationTime },
168: { "permitrootlogin", sPermitRootLogin },
169: { "quietmode", sQuietMode },
170: { "fascistlogging", sFascistLogging },
171: { "syslogfacility", sLogFacility },
172: { "rhostsauthentication", sRhostsAuthentication },
173: { "rhostsrsaauthentication", sRhostsRSAAuthentication },
174: { "rsaauthentication", sRSAAuthentication },
175: #ifdef KRB4
176: { "kerberosauthentication", sKerberosAuthentication },
177: { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
178: { "kerberosticketcleanup", sKerberosTicketCleanup },
179: #endif
1.4 dugsong 180: #ifdef AFS
1.1 deraadt 181: { "kerberostgtpassing", sKerberosTgtPassing },
182: { "afstokenpassing", sAFSTokenPassing },
183: #endif
184: { "passwordauthentication", sPasswordAuthentication },
1.10 ! markus 185: #ifdef SKEY
! 186: { "skeyauthentication", sSkeyAuthentication },
! 187: #endif
1.1 deraadt 188: { "allowhosts", sAllowHosts },
189: { "denyhosts", sDenyHosts },
190: { "listenaddress", sListenAddress },
191: { "printmotd", sPrintMotd },
192: { "ignorerhosts", sIgnoreRhosts },
193: { "x11forwarding", sX11Forwarding },
1.2 deraadt 194: { "x11displayoffset", sX11DisplayOffset },
1.1 deraadt 195: { "strictmodes", sStrictModes },
196: { "permitemptypasswords", sEmptyPasswd },
197: { "randomseed", sRandomSeedFile },
198: { "keepalive", sKeepAlives },
199: { NULL, 0 }
200: };
201:
202: static struct
203: {
204: const char *name;
205: SyslogFacility facility;
206: } log_facilities[] =
207: {
208: { "DAEMON", SYSLOG_FACILITY_DAEMON },
209: { "USER", SYSLOG_FACILITY_USER },
210: { "AUTH", SYSLOG_FACILITY_AUTH },
211: { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
212: { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
213: { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
214: { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
215: { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
216: { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
217: { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
218: { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
219: { NULL, 0 }
220: };
221:
222: /* Returns the number of the token pointed to by cp of length len.
223: Never returns if the token is not known. */
224:
225: static ServerOpCodes parse_token(const char *cp, const char *filename,
226: int linenum)
227: {
228: unsigned int i;
229:
230: for (i = 0; keywords[i].name; i++)
231: if (strcmp(cp, keywords[i].name) == 0)
232: return keywords[i].opcode;
233:
234: fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
235: filename, linenum, cp);
236: exit(1);
237: }
238:
239: /* Reads the server configuration file. */
240:
241: void read_server_config(ServerOptions *options, const char *filename)
242: {
243: FILE *f;
244: char line[1024];
245: char *cp, **charptr;
246: int linenum, *intptr, i, value;
247: ServerOpCodes opcode;
248:
249: f = fopen(filename, "r");
250: if (!f)
251: {
252: perror(filename);
253: return;
254: }
255:
256: linenum = 0;
257: while (fgets(line, sizeof(line), f))
258: {
259: linenum++;
260: cp = line + strspn(line, WHITESPACE);
261: if (!*cp || *cp == '#')
262: continue;
263: cp = strtok(cp, WHITESPACE);
264: {
265: char *t = cp;
266: for (; *t != 0; t++)
267: if ('A' <= *t && *t <= 'Z')
268: *t = *t - 'A' + 'a'; /* tolower */
269:
270: }
271: opcode = parse_token(cp, filename, linenum);
272: switch (opcode)
273: {
274: case sPort:
275: intptr = &options->port;
276: parse_int:
277: cp = strtok(NULL, WHITESPACE);
278: if (!cp)
279: {
280: fprintf(stderr, "%s line %d: missing integer value.\n",
281: filename, linenum);
282: exit(1);
283: }
284: value = atoi(cp);
285: if (*intptr == -1)
286: *intptr = value;
287: break;
288:
289: case sServerKeyBits:
290: intptr = &options->server_key_bits;
291: goto parse_int;
292:
293: case sLoginGraceTime:
294: intptr = &options->login_grace_time;
295: goto parse_int;
296:
297: case sKeyRegenerationTime:
298: intptr = &options->key_regeneration_time;
299: goto parse_int;
300:
301: case sListenAddress:
302: cp = strtok(NULL, WHITESPACE);
303: if (!cp)
304: {
305: fprintf(stderr, "%s line %d: missing inet addr.\n",
306: filename, linenum);
307: exit(1);
308: }
309: options->listen_addr.s_addr = inet_addr(cp);
310: break;
311:
312: case sHostKeyFile:
313: charptr = &options->host_key_file;
314: cp = strtok(NULL, WHITESPACE);
315: if (!cp)
316: {
317: fprintf(stderr, "%s line %d: missing file name.\n",
318: filename, linenum);
319: exit(1);
320: }
321: if (*charptr == NULL)
322: *charptr = tilde_expand_filename(cp, getuid());
323: break;
324:
325: case sRandomSeedFile:
1.8 deraadt 326: fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
1.7 provos 327: filename, linenum);
328: cp = strtok(NULL, WHITESPACE);
329: break;
1.1 deraadt 330:
331: case sPermitRootLogin:
332: intptr = &options->permit_root_login;
333: parse_flag:
334: cp = strtok(NULL, WHITESPACE);
335: if (!cp)
336: {
337: fprintf(stderr, "%s line %d: missing yes/no argument.\n",
338: filename, linenum);
339: exit(1);
340: }
341: if (strcmp(cp, "yes") == 0)
342: value = 1;
343: else
344: if (strcmp(cp, "no") == 0)
345: value = 0;
346: else
347: {
348: fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
349: filename, linenum, cp);
350: exit(1);
351: }
352: if (*intptr == -1)
353: *intptr = value;
354: break;
355:
356: case sIgnoreRhosts:
357: intptr = &options->ignore_rhosts;
358: goto parse_flag;
359:
360: case sQuietMode:
361: intptr = &options->quiet_mode;
362: goto parse_flag;
363:
364: case sFascistLogging:
365: intptr = &options->fascist_logging;
366: goto parse_flag;
367:
368: case sRhostsAuthentication:
369: intptr = &options->rhosts_authentication;
370: goto parse_flag;
371:
372: case sRhostsRSAAuthentication:
373: intptr = &options->rhosts_rsa_authentication;
374: goto parse_flag;
375:
376: case sRSAAuthentication:
377: intptr = &options->rsa_authentication;
378: goto parse_flag;
379:
380: #ifdef KRB4
381: case sKerberosAuthentication:
382: intptr = &options->kerberos_authentication;
383: goto parse_flag;
384:
385: case sKerberosOrLocalPasswd:
386: intptr = &options->kerberos_or_local_passwd;
387: goto parse_flag;
388:
389: case sKerberosTicketCleanup:
390: intptr = &options->kerberos_ticket_cleanup;
391: goto parse_flag;
392: #endif
393:
1.4 dugsong 394: #ifdef AFS
1.1 deraadt 395: case sKerberosTgtPassing:
396: intptr = &options->kerberos_tgt_passing;
397: goto parse_flag;
398:
399: case sAFSTokenPassing:
400: intptr = &options->afs_token_passing;
401: goto parse_flag;
402: #endif
403:
404: case sPasswordAuthentication:
405: intptr = &options->password_authentication;
406: goto parse_flag;
1.10 ! markus 407:
! 408: #ifdef SKEY
! 409: case sSkeyAuthentication:
! 410: intptr = &options->skey_authentication;
! 411: goto parse_flag;
! 412: #endif
1.1 deraadt 413:
414: case sPrintMotd:
415: intptr = &options->print_motd;
416: goto parse_flag;
417:
418: case sX11Forwarding:
419: intptr = &options->x11_forwarding;
420: goto parse_flag;
1.2 deraadt 421:
422: case sX11DisplayOffset:
423: intptr = &options->x11_display_offset;
424: goto parse_int;
1.1 deraadt 425:
426: case sStrictModes:
427: intptr = &options->strict_modes;
428: goto parse_flag;
429:
430: case sKeepAlives:
431: intptr = &options->keepalives;
432: goto parse_flag;
433:
434: case sEmptyPasswd:
435: intptr = &options->permit_empty_passwd;
436: goto parse_flag;
437:
438: case sLogFacility:
439: cp = strtok(NULL, WHITESPACE);
440: if (!cp)
441: {
442: fprintf(stderr, "%s line %d: missing facility name.\n",
443: filename, linenum);
444: exit(1);
445: }
446: for (i = 0; log_facilities[i].name; i++)
447: if (strcmp(log_facilities[i].name, cp) == 0)
448: break;
449: if (!log_facilities[i].name)
450: {
451: fprintf(stderr, "%s line %d: unsupported log facility %s\n",
452: filename, linenum, cp);
453: exit(1);
454: }
455: if (options->log_facility == (SyslogFacility)(-1))
456: options->log_facility = log_facilities[i].facility;
457: break;
458:
459: case sAllowHosts:
460: while ((cp = strtok(NULL, WHITESPACE)))
461: {
462: if (options->num_allow_hosts >= MAX_ALLOW_HOSTS)
463: {
464: fprintf(stderr, "%s line %d: too many allow hosts.\n",
465: filename, linenum);
466: exit(1);
467: }
468: options->allow_hosts[options->num_allow_hosts++] = xstrdup(cp);
469: }
470: break;
471:
472: case sDenyHosts:
473: while ((cp = strtok(NULL, WHITESPACE)))
474: {
475: if (options->num_deny_hosts >= MAX_DENY_HOSTS)
476: {
477: fprintf(stderr, "%s line %d: too many deny hosts.\n",
478: filename, linenum);
479: exit(1);
480: }
481: options->deny_hosts[options->num_deny_hosts++] = xstrdup(cp);
482: }
483: break;
484:
485: default:
486: fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
487: filename, linenum, cp, opcode);
488: exit(1);
489: }
490: if (strtok(NULL, WHITESPACE) != NULL)
491: {
492: fprintf(stderr, "%s line %d: garbage at end of line.\n",
493: filename, linenum);
494: exit(1);
495: }
496: }
497: fclose(f);
498: }