Annotation of src/usr.bin/ssh/servconf.c, Revision 1.11
1.1 deraadt 1: /*
2:
3: servconf.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Mon Aug 21 15:48:58 1995 ylo
11:
12: */
13:
14: #include "includes.h"
1.11 ! markus 15: RCSID("$Id: servconf.c,v 1.10 1999/10/07 21:45:02 markus Exp $");
1.1 deraadt 16:
17: #include "ssh.h"
18: #include "servconf.h"
19: #include "xmalloc.h"
20:
21: /* Initializes the server options to their default values. */
22:
23: void initialize_server_options(ServerOptions *options)
24: {
25: memset(options, 0, sizeof(*options));
26: options->port = -1;
1.3 deraadt 27: options->listen_addr.s_addr = htonl(INADDR_ANY);
1.1 deraadt 28: options->host_key_file = NULL;
29: options->server_key_bits = -1;
30: options->login_grace_time = -1;
31: options->key_regeneration_time = -1;
32: options->permit_root_login = -1;
33: options->ignore_rhosts = -1;
34: options->quiet_mode = -1;
35: options->fascist_logging = -1;
36: options->print_motd = -1;
1.11 ! markus 37: options->check_mail = -1;
1.1 deraadt 38: options->x11_forwarding = -1;
1.2 deraadt 39: options->x11_display_offset = -1;
1.1 deraadt 40: options->strict_modes = -1;
41: options->keepalives = -1;
42: options->log_facility = (SyslogFacility)-1;
43: options->rhosts_authentication = -1;
44: options->rhosts_rsa_authentication = -1;
45: options->rsa_authentication = -1;
46: #ifdef KRB4
47: options->kerberos_authentication = -1;
48: options->kerberos_or_local_passwd = -1;
49: options->kerberos_ticket_cleanup = -1;
50: #endif
1.4 dugsong 51: #ifdef AFS
1.1 deraadt 52: options->kerberos_tgt_passing = -1;
53: options->afs_token_passing = -1;
54: #endif
55: options->password_authentication = -1;
1.10 markus 56: #ifdef SKEY
57: options->skey_authentication = -1;
58: #endif
1.1 deraadt 59: options->permit_empty_passwd = -1;
60: options->num_allow_hosts = 0;
61: options->num_deny_hosts = 0;
62: }
63:
64: void fill_default_server_options(ServerOptions *options)
65: {
66: if (options->port == -1)
67: {
68: struct servent *sp;
69:
70: sp = getservbyname(SSH_SERVICE_NAME, "tcp");
71: if (sp)
72: options->port = ntohs(sp->s_port);
73: else
74: options->port = SSH_DEFAULT_PORT;
75: endservent();
76: }
77: if (options->host_key_file == NULL)
78: options->host_key_file = HOST_KEY_FILE;
79: if (options->server_key_bits == -1)
80: options->server_key_bits = 768;
81: if (options->login_grace_time == -1)
82: options->login_grace_time = 600;
83: if (options->key_regeneration_time == -1)
84: options->key_regeneration_time = 3600;
85: if (options->permit_root_login == -1)
86: options->permit_root_login = 1;
87: if (options->ignore_rhosts == -1)
88: options->ignore_rhosts = 0;
89: if (options->quiet_mode == -1)
90: options->quiet_mode = 0;
1.11 ! markus 91: if (options->check_mail == -1)
! 92: options->check_mail = 0;
1.1 deraadt 93: if (options->fascist_logging == -1)
94: options->fascist_logging = 1;
95: if (options->print_motd == -1)
96: options->print_motd = 1;
97: if (options->x11_forwarding == -1)
98: options->x11_forwarding = 1;
1.2 deraadt 99: if (options->x11_display_offset == -1)
100: options->x11_display_offset = 1;
1.1 deraadt 101: if (options->strict_modes == -1)
102: options->strict_modes = 1;
103: if (options->keepalives == -1)
104: options->keepalives = 1;
105: if (options->log_facility == (SyslogFacility)(-1))
106: options->log_facility = SYSLOG_FACILITY_DAEMON;
107: if (options->rhosts_authentication == -1)
108: options->rhosts_authentication = 0;
109: if (options->rhosts_rsa_authentication == -1)
110: options->rhosts_rsa_authentication = 1;
111: if (options->rsa_authentication == -1)
112: options->rsa_authentication = 1;
113: #ifdef KRB4
114: if (options->kerberos_authentication == -1)
1.5 dugsong 115: options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
1.1 deraadt 116: if (options->kerberos_or_local_passwd == -1)
117: options->kerberos_or_local_passwd = 0;
118: if (options->kerberos_ticket_cleanup == -1)
119: options->kerberos_ticket_cleanup = 1;
1.4 dugsong 120: #endif /* KRB4 */
121: #ifdef AFS
1.1 deraadt 122: if (options->kerberos_tgt_passing == -1)
123: options->kerberos_tgt_passing = 0;
124: if (options->afs_token_passing == -1)
1.5 dugsong 125: options->afs_token_passing = k_hasafs();
1.4 dugsong 126: #endif /* AFS */
1.1 deraadt 127: if (options->password_authentication == -1)
128: options->password_authentication = 1;
1.10 markus 129: #ifdef SKEY
130: if (options->skey_authentication == -1)
131: options->skey_authentication = 1;
132: #endif
1.1 deraadt 133: if (options->permit_empty_passwd == -1)
1.10 markus 134: options->permit_empty_passwd = 1;
1.1 deraadt 135: }
136:
137: #define WHITESPACE " \t\r\n"
138:
139: /* Keyword tokens. */
140: typedef enum
141: {
142: sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
143: sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
144: sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
145: #ifdef KRB4
1.4 dugsong 146: sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
1.1 deraadt 147: #endif
148: #ifdef AFS
1.4 dugsong 149: sKerberosTgtPassing, sAFSTokenPassing,
1.1 deraadt 150: #endif
1.10 markus 151: #ifdef SKEY
152: sSkeyAuthentication,
153: #endif
1.1 deraadt 154: sPasswordAuthentication, sAllowHosts, sDenyHosts, sListenAddress,
1.2 deraadt 155: sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
1.11 ! markus 156: sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail
1.1 deraadt 157: } ServerOpCodes;
158:
159: /* Textual representation of the tokens. */
160: static struct
161: {
162: const char *name;
163: ServerOpCodes opcode;
164: } keywords[] =
165: {
166: { "port", sPort },
167: { "hostkey", sHostKeyFile },
168: { "serverkeybits", sServerKeyBits },
169: { "logingracetime", sLoginGraceTime },
170: { "keyregenerationinterval", sKeyRegenerationTime },
171: { "permitrootlogin", sPermitRootLogin },
172: { "quietmode", sQuietMode },
173: { "fascistlogging", sFascistLogging },
174: { "syslogfacility", sLogFacility },
175: { "rhostsauthentication", sRhostsAuthentication },
176: { "rhostsrsaauthentication", sRhostsRSAAuthentication },
177: { "rsaauthentication", sRSAAuthentication },
178: #ifdef KRB4
179: { "kerberosauthentication", sKerberosAuthentication },
180: { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
181: { "kerberosticketcleanup", sKerberosTicketCleanup },
182: #endif
1.4 dugsong 183: #ifdef AFS
1.1 deraadt 184: { "kerberostgtpassing", sKerberosTgtPassing },
185: { "afstokenpassing", sAFSTokenPassing },
186: #endif
187: { "passwordauthentication", sPasswordAuthentication },
1.10 markus 188: #ifdef SKEY
189: { "skeyauthentication", sSkeyAuthentication },
190: #endif
1.1 deraadt 191: { "allowhosts", sAllowHosts },
1.11 ! markus 192: { "checkmail", sCheckMail },
1.1 deraadt 193: { "denyhosts", sDenyHosts },
194: { "listenaddress", sListenAddress },
195: { "printmotd", sPrintMotd },
196: { "ignorerhosts", sIgnoreRhosts },
197: { "x11forwarding", sX11Forwarding },
1.2 deraadt 198: { "x11displayoffset", sX11DisplayOffset },
1.1 deraadt 199: { "strictmodes", sStrictModes },
200: { "permitemptypasswords", sEmptyPasswd },
201: { "randomseed", sRandomSeedFile },
202: { "keepalive", sKeepAlives },
203: { NULL, 0 }
204: };
205:
206: static struct
207: {
208: const char *name;
209: SyslogFacility facility;
210: } log_facilities[] =
211: {
212: { "DAEMON", SYSLOG_FACILITY_DAEMON },
213: { "USER", SYSLOG_FACILITY_USER },
214: { "AUTH", SYSLOG_FACILITY_AUTH },
215: { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
216: { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
217: { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
218: { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
219: { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
220: { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
221: { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
222: { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
223: { NULL, 0 }
224: };
225:
226: /* Returns the number of the token pointed to by cp of length len.
227: Never returns if the token is not known. */
228:
229: static ServerOpCodes parse_token(const char *cp, const char *filename,
230: int linenum)
231: {
232: unsigned int i;
233:
234: for (i = 0; keywords[i].name; i++)
235: if (strcmp(cp, keywords[i].name) == 0)
236: return keywords[i].opcode;
237:
238: fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
239: filename, linenum, cp);
240: exit(1);
241: }
242:
243: /* Reads the server configuration file. */
244:
245: void read_server_config(ServerOptions *options, const char *filename)
246: {
247: FILE *f;
248: char line[1024];
249: char *cp, **charptr;
250: int linenum, *intptr, i, value;
251: ServerOpCodes opcode;
252:
253: f = fopen(filename, "r");
254: if (!f)
255: {
256: perror(filename);
257: return;
258: }
259:
260: linenum = 0;
261: while (fgets(line, sizeof(line), f))
262: {
263: linenum++;
264: cp = line + strspn(line, WHITESPACE);
265: if (!*cp || *cp == '#')
266: continue;
267: cp = strtok(cp, WHITESPACE);
268: {
269: char *t = cp;
270: for (; *t != 0; t++)
271: if ('A' <= *t && *t <= 'Z')
272: *t = *t - 'A' + 'a'; /* tolower */
273:
274: }
275: opcode = parse_token(cp, filename, linenum);
276: switch (opcode)
277: {
278: case sPort:
279: intptr = &options->port;
280: parse_int:
281: cp = strtok(NULL, WHITESPACE);
282: if (!cp)
283: {
284: fprintf(stderr, "%s line %d: missing integer value.\n",
285: filename, linenum);
286: exit(1);
287: }
288: value = atoi(cp);
289: if (*intptr == -1)
290: *intptr = value;
291: break;
292:
293: case sServerKeyBits:
294: intptr = &options->server_key_bits;
295: goto parse_int;
296:
297: case sLoginGraceTime:
298: intptr = &options->login_grace_time;
299: goto parse_int;
300:
301: case sKeyRegenerationTime:
302: intptr = &options->key_regeneration_time;
303: goto parse_int;
304:
305: case sListenAddress:
306: cp = strtok(NULL, WHITESPACE);
307: if (!cp)
308: {
309: fprintf(stderr, "%s line %d: missing inet addr.\n",
310: filename, linenum);
311: exit(1);
312: }
313: options->listen_addr.s_addr = inet_addr(cp);
314: break;
315:
316: case sHostKeyFile:
317: charptr = &options->host_key_file;
318: cp = strtok(NULL, WHITESPACE);
319: if (!cp)
320: {
321: fprintf(stderr, "%s line %d: missing file name.\n",
322: filename, linenum);
323: exit(1);
324: }
325: if (*charptr == NULL)
326: *charptr = tilde_expand_filename(cp, getuid());
327: break;
328:
329: case sRandomSeedFile:
1.8 deraadt 330: fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
1.7 provos 331: filename, linenum);
332: cp = strtok(NULL, WHITESPACE);
333: break;
1.1 deraadt 334:
335: case sPermitRootLogin:
336: intptr = &options->permit_root_login;
337: parse_flag:
338: cp = strtok(NULL, WHITESPACE);
339: if (!cp)
340: {
341: fprintf(stderr, "%s line %d: missing yes/no argument.\n",
342: filename, linenum);
343: exit(1);
344: }
345: if (strcmp(cp, "yes") == 0)
346: value = 1;
347: else
348: if (strcmp(cp, "no") == 0)
349: value = 0;
350: else
351: {
352: fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
353: filename, linenum, cp);
354: exit(1);
355: }
356: if (*intptr == -1)
357: *intptr = value;
358: break;
359:
360: case sIgnoreRhosts:
361: intptr = &options->ignore_rhosts;
362: goto parse_flag;
363:
364: case sQuietMode:
365: intptr = &options->quiet_mode;
366: goto parse_flag;
367:
368: case sFascistLogging:
369: intptr = &options->fascist_logging;
370: goto parse_flag;
371:
372: case sRhostsAuthentication:
373: intptr = &options->rhosts_authentication;
374: goto parse_flag;
375:
376: case sRhostsRSAAuthentication:
377: intptr = &options->rhosts_rsa_authentication;
378: goto parse_flag;
379:
380: case sRSAAuthentication:
381: intptr = &options->rsa_authentication;
382: goto parse_flag;
383:
384: #ifdef KRB4
385: case sKerberosAuthentication:
386: intptr = &options->kerberos_authentication;
387: goto parse_flag;
388:
389: case sKerberosOrLocalPasswd:
390: intptr = &options->kerberos_or_local_passwd;
391: goto parse_flag;
392:
393: case sKerberosTicketCleanup:
394: intptr = &options->kerberos_ticket_cleanup;
395: goto parse_flag;
396: #endif
397:
1.4 dugsong 398: #ifdef AFS
1.1 deraadt 399: case sKerberosTgtPassing:
400: intptr = &options->kerberos_tgt_passing;
401: goto parse_flag;
402:
403: case sAFSTokenPassing:
404: intptr = &options->afs_token_passing;
405: goto parse_flag;
406: #endif
407:
408: case sPasswordAuthentication:
409: intptr = &options->password_authentication;
410: goto parse_flag;
1.11 ! markus 411:
! 412: case sCheckMail:
! 413: intptr = &options->check_mail;
! 414: goto parse_flag;
1.10 markus 415:
416: #ifdef SKEY
417: case sSkeyAuthentication:
418: intptr = &options->skey_authentication;
419: goto parse_flag;
420: #endif
1.1 deraadt 421:
422: case sPrintMotd:
423: intptr = &options->print_motd;
424: goto parse_flag;
425:
426: case sX11Forwarding:
427: intptr = &options->x11_forwarding;
428: goto parse_flag;
1.2 deraadt 429:
430: case sX11DisplayOffset:
431: intptr = &options->x11_display_offset;
432: goto parse_int;
1.1 deraadt 433:
434: case sStrictModes:
435: intptr = &options->strict_modes;
436: goto parse_flag;
437:
438: case sKeepAlives:
439: intptr = &options->keepalives;
440: goto parse_flag;
441:
442: case sEmptyPasswd:
443: intptr = &options->permit_empty_passwd;
444: goto parse_flag;
445:
446: case sLogFacility:
447: cp = strtok(NULL, WHITESPACE);
448: if (!cp)
449: {
450: fprintf(stderr, "%s line %d: missing facility name.\n",
451: filename, linenum);
452: exit(1);
453: }
454: for (i = 0; log_facilities[i].name; i++)
455: if (strcmp(log_facilities[i].name, cp) == 0)
456: break;
457: if (!log_facilities[i].name)
458: {
459: fprintf(stderr, "%s line %d: unsupported log facility %s\n",
460: filename, linenum, cp);
461: exit(1);
462: }
463: if (options->log_facility == (SyslogFacility)(-1))
464: options->log_facility = log_facilities[i].facility;
465: break;
466:
467: case sAllowHosts:
468: while ((cp = strtok(NULL, WHITESPACE)))
469: {
470: if (options->num_allow_hosts >= MAX_ALLOW_HOSTS)
471: {
472: fprintf(stderr, "%s line %d: too many allow hosts.\n",
473: filename, linenum);
474: exit(1);
475: }
476: options->allow_hosts[options->num_allow_hosts++] = xstrdup(cp);
477: }
478: break;
479:
480: case sDenyHosts:
481: while ((cp = strtok(NULL, WHITESPACE)))
482: {
483: if (options->num_deny_hosts >= MAX_DENY_HOSTS)
484: {
485: fprintf(stderr, "%s line %d: too many deny hosts.\n",
486: filename, linenum);
487: exit(1);
488: }
489: options->deny_hosts[options->num_deny_hosts++] = xstrdup(cp);
490: }
491: break;
492:
493: default:
494: fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
495: filename, linenum, cp, opcode);
496: exit(1);
497: }
498: if (strtok(NULL, WHITESPACE) != NULL)
499: {
500: fprintf(stderr, "%s line %d: garbage at end of line.\n",
501: filename, linenum);
502: exit(1);
503: }
504: }
505: fclose(f);
506: }