Annotation of src/usr.bin/ssh/servconf.c, Revision 1.12
1.1 deraadt 1: /*
2:
3: servconf.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Mon Aug 21 15:48:58 1995 ylo
11:
12: */
13:
14: #include "includes.h"
1.12 ! markus 15: RCSID("$Id: servconf.c,v 1.11 1999/10/07 22:46:32 markus Exp $");
1.1 deraadt 16:
17: #include "ssh.h"
18: #include "servconf.h"
19: #include "xmalloc.h"
20:
21: /* Initializes the server options to their default values. */
22:
23: void initialize_server_options(ServerOptions *options)
24: {
25: memset(options, 0, sizeof(*options));
26: options->port = -1;
1.3 deraadt 27: options->listen_addr.s_addr = htonl(INADDR_ANY);
1.1 deraadt 28: options->host_key_file = NULL;
29: options->server_key_bits = -1;
30: options->login_grace_time = -1;
31: options->key_regeneration_time = -1;
32: options->permit_root_login = -1;
33: options->ignore_rhosts = -1;
34: options->quiet_mode = -1;
35: options->fascist_logging = -1;
36: options->print_motd = -1;
1.11 markus 37: options->check_mail = -1;
1.1 deraadt 38: options->x11_forwarding = -1;
1.2 deraadt 39: options->x11_display_offset = -1;
1.1 deraadt 40: options->strict_modes = -1;
41: options->keepalives = -1;
42: options->log_facility = (SyslogFacility)-1;
43: options->rhosts_authentication = -1;
44: options->rhosts_rsa_authentication = -1;
45: options->rsa_authentication = -1;
46: #ifdef KRB4
47: options->kerberos_authentication = -1;
48: options->kerberos_or_local_passwd = -1;
49: options->kerberos_ticket_cleanup = -1;
50: #endif
1.4 dugsong 51: #ifdef AFS
1.1 deraadt 52: options->kerberos_tgt_passing = -1;
53: options->afs_token_passing = -1;
54: #endif
55: options->password_authentication = -1;
1.10 markus 56: #ifdef SKEY
57: options->skey_authentication = -1;
58: #endif
1.1 deraadt 59: options->permit_empty_passwd = -1;
1.12 ! markus 60: options->use_login = -1;
1.1 deraadt 61: options->num_allow_hosts = 0;
62: options->num_deny_hosts = 0;
63: }
64:
65: void fill_default_server_options(ServerOptions *options)
66: {
67: if (options->port == -1)
68: {
69: struct servent *sp;
70:
71: sp = getservbyname(SSH_SERVICE_NAME, "tcp");
72: if (sp)
73: options->port = ntohs(sp->s_port);
74: else
75: options->port = SSH_DEFAULT_PORT;
76: endservent();
77: }
78: if (options->host_key_file == NULL)
79: options->host_key_file = HOST_KEY_FILE;
80: if (options->server_key_bits == -1)
81: options->server_key_bits = 768;
82: if (options->login_grace_time == -1)
83: options->login_grace_time = 600;
84: if (options->key_regeneration_time == -1)
85: options->key_regeneration_time = 3600;
86: if (options->permit_root_login == -1)
87: options->permit_root_login = 1;
88: if (options->ignore_rhosts == -1)
89: options->ignore_rhosts = 0;
90: if (options->quiet_mode == -1)
91: options->quiet_mode = 0;
1.11 markus 92: if (options->check_mail == -1)
93: options->check_mail = 0;
1.1 deraadt 94: if (options->fascist_logging == -1)
95: options->fascist_logging = 1;
96: if (options->print_motd == -1)
97: options->print_motd = 1;
98: if (options->x11_forwarding == -1)
99: options->x11_forwarding = 1;
1.2 deraadt 100: if (options->x11_display_offset == -1)
101: options->x11_display_offset = 1;
1.1 deraadt 102: if (options->strict_modes == -1)
103: options->strict_modes = 1;
104: if (options->keepalives == -1)
105: options->keepalives = 1;
106: if (options->log_facility == (SyslogFacility)(-1))
107: options->log_facility = SYSLOG_FACILITY_DAEMON;
108: if (options->rhosts_authentication == -1)
109: options->rhosts_authentication = 0;
110: if (options->rhosts_rsa_authentication == -1)
111: options->rhosts_rsa_authentication = 1;
112: if (options->rsa_authentication == -1)
113: options->rsa_authentication = 1;
114: #ifdef KRB4
115: if (options->kerberos_authentication == -1)
1.5 dugsong 116: options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
1.1 deraadt 117: if (options->kerberos_or_local_passwd == -1)
118: options->kerberos_or_local_passwd = 0;
119: if (options->kerberos_ticket_cleanup == -1)
120: options->kerberos_ticket_cleanup = 1;
1.4 dugsong 121: #endif /* KRB4 */
122: #ifdef AFS
1.1 deraadt 123: if (options->kerberos_tgt_passing == -1)
124: options->kerberos_tgt_passing = 0;
125: if (options->afs_token_passing == -1)
1.5 dugsong 126: options->afs_token_passing = k_hasafs();
1.4 dugsong 127: #endif /* AFS */
1.1 deraadt 128: if (options->password_authentication == -1)
129: options->password_authentication = 1;
1.10 markus 130: #ifdef SKEY
131: if (options->skey_authentication == -1)
132: options->skey_authentication = 1;
133: #endif
1.1 deraadt 134: if (options->permit_empty_passwd == -1)
1.10 markus 135: options->permit_empty_passwd = 1;
1.12 ! markus 136: if (options->use_login == -1)
! 137: options->use_login = 0;
1.1 deraadt 138: }
139:
140: #define WHITESPACE " \t\r\n"
141:
142: /* Keyword tokens. */
143: typedef enum
144: {
145: sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
146: sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
147: sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
148: #ifdef KRB4
1.4 dugsong 149: sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
1.1 deraadt 150: #endif
151: #ifdef AFS
1.4 dugsong 152: sKerberosTgtPassing, sAFSTokenPassing,
1.1 deraadt 153: #endif
1.10 markus 154: #ifdef SKEY
155: sSkeyAuthentication,
156: #endif
1.1 deraadt 157: sPasswordAuthentication, sAllowHosts, sDenyHosts, sListenAddress,
1.2 deraadt 158: sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
1.12 ! markus 159: sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
! 160: sUseLogin
1.1 deraadt 161: } ServerOpCodes;
162:
163: /* Textual representation of the tokens. */
164: static struct
165: {
166: const char *name;
167: ServerOpCodes opcode;
168: } keywords[] =
169: {
170: { "port", sPort },
171: { "hostkey", sHostKeyFile },
172: { "serverkeybits", sServerKeyBits },
173: { "logingracetime", sLoginGraceTime },
174: { "keyregenerationinterval", sKeyRegenerationTime },
175: { "permitrootlogin", sPermitRootLogin },
176: { "quietmode", sQuietMode },
177: { "fascistlogging", sFascistLogging },
178: { "syslogfacility", sLogFacility },
179: { "rhostsauthentication", sRhostsAuthentication },
180: { "rhostsrsaauthentication", sRhostsRSAAuthentication },
181: { "rsaauthentication", sRSAAuthentication },
182: #ifdef KRB4
183: { "kerberosauthentication", sKerberosAuthentication },
184: { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
185: { "kerberosticketcleanup", sKerberosTicketCleanup },
186: #endif
1.4 dugsong 187: #ifdef AFS
1.1 deraadt 188: { "kerberostgtpassing", sKerberosTgtPassing },
189: { "afstokenpassing", sAFSTokenPassing },
190: #endif
191: { "passwordauthentication", sPasswordAuthentication },
1.10 markus 192: #ifdef SKEY
193: { "skeyauthentication", sSkeyAuthentication },
194: #endif
1.1 deraadt 195: { "allowhosts", sAllowHosts },
1.11 markus 196: { "checkmail", sCheckMail },
1.1 deraadt 197: { "denyhosts", sDenyHosts },
198: { "listenaddress", sListenAddress },
199: { "printmotd", sPrintMotd },
200: { "ignorerhosts", sIgnoreRhosts },
201: { "x11forwarding", sX11Forwarding },
1.2 deraadt 202: { "x11displayoffset", sX11DisplayOffset },
1.1 deraadt 203: { "strictmodes", sStrictModes },
204: { "permitemptypasswords", sEmptyPasswd },
1.12 ! markus 205: { "uselogin", sUseLogin },
1.1 deraadt 206: { "randomseed", sRandomSeedFile },
207: { "keepalive", sKeepAlives },
208: { NULL, 0 }
209: };
210:
211: static struct
212: {
213: const char *name;
214: SyslogFacility facility;
215: } log_facilities[] =
216: {
217: { "DAEMON", SYSLOG_FACILITY_DAEMON },
218: { "USER", SYSLOG_FACILITY_USER },
219: { "AUTH", SYSLOG_FACILITY_AUTH },
220: { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
221: { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
222: { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
223: { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
224: { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
225: { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
226: { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
227: { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
228: { NULL, 0 }
229: };
230:
231: /* Returns the number of the token pointed to by cp of length len.
232: Never returns if the token is not known. */
233:
234: static ServerOpCodes parse_token(const char *cp, const char *filename,
235: int linenum)
236: {
237: unsigned int i;
238:
239: for (i = 0; keywords[i].name; i++)
240: if (strcmp(cp, keywords[i].name) == 0)
241: return keywords[i].opcode;
242:
243: fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
244: filename, linenum, cp);
245: exit(1);
246: }
247:
248: /* Reads the server configuration file. */
249:
250: void read_server_config(ServerOptions *options, const char *filename)
251: {
252: FILE *f;
253: char line[1024];
254: char *cp, **charptr;
255: int linenum, *intptr, i, value;
256: ServerOpCodes opcode;
257:
258: f = fopen(filename, "r");
259: if (!f)
260: {
261: perror(filename);
262: return;
263: }
264:
265: linenum = 0;
266: while (fgets(line, sizeof(line), f))
267: {
268: linenum++;
269: cp = line + strspn(line, WHITESPACE);
270: if (!*cp || *cp == '#')
271: continue;
272: cp = strtok(cp, WHITESPACE);
273: {
274: char *t = cp;
275: for (; *t != 0; t++)
276: if ('A' <= *t && *t <= 'Z')
277: *t = *t - 'A' + 'a'; /* tolower */
278:
279: }
280: opcode = parse_token(cp, filename, linenum);
281: switch (opcode)
282: {
283: case sPort:
284: intptr = &options->port;
285: parse_int:
286: cp = strtok(NULL, WHITESPACE);
287: if (!cp)
288: {
289: fprintf(stderr, "%s line %d: missing integer value.\n",
290: filename, linenum);
291: exit(1);
292: }
293: value = atoi(cp);
294: if (*intptr == -1)
295: *intptr = value;
296: break;
297:
298: case sServerKeyBits:
299: intptr = &options->server_key_bits;
300: goto parse_int;
301:
302: case sLoginGraceTime:
303: intptr = &options->login_grace_time;
304: goto parse_int;
305:
306: case sKeyRegenerationTime:
307: intptr = &options->key_regeneration_time;
308: goto parse_int;
309:
310: case sListenAddress:
311: cp = strtok(NULL, WHITESPACE);
312: if (!cp)
313: {
314: fprintf(stderr, "%s line %d: missing inet addr.\n",
315: filename, linenum);
316: exit(1);
317: }
318: options->listen_addr.s_addr = inet_addr(cp);
319: break;
320:
321: case sHostKeyFile:
322: charptr = &options->host_key_file;
323: cp = strtok(NULL, WHITESPACE);
324: if (!cp)
325: {
326: fprintf(stderr, "%s line %d: missing file name.\n",
327: filename, linenum);
328: exit(1);
329: }
330: if (*charptr == NULL)
331: *charptr = tilde_expand_filename(cp, getuid());
332: break;
333:
334: case sRandomSeedFile:
1.8 deraadt 335: fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
1.7 provos 336: filename, linenum);
337: cp = strtok(NULL, WHITESPACE);
338: break;
1.1 deraadt 339:
340: case sPermitRootLogin:
341: intptr = &options->permit_root_login;
342: parse_flag:
343: cp = strtok(NULL, WHITESPACE);
344: if (!cp)
345: {
346: fprintf(stderr, "%s line %d: missing yes/no argument.\n",
347: filename, linenum);
348: exit(1);
349: }
350: if (strcmp(cp, "yes") == 0)
351: value = 1;
352: else
353: if (strcmp(cp, "no") == 0)
354: value = 0;
355: else
356: {
357: fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
358: filename, linenum, cp);
359: exit(1);
360: }
361: if (*intptr == -1)
362: *intptr = value;
363: break;
364:
365: case sIgnoreRhosts:
366: intptr = &options->ignore_rhosts;
367: goto parse_flag;
368:
369: case sQuietMode:
370: intptr = &options->quiet_mode;
371: goto parse_flag;
372:
373: case sFascistLogging:
374: intptr = &options->fascist_logging;
375: goto parse_flag;
376:
377: case sRhostsAuthentication:
378: intptr = &options->rhosts_authentication;
379: goto parse_flag;
380:
381: case sRhostsRSAAuthentication:
382: intptr = &options->rhosts_rsa_authentication;
383: goto parse_flag;
384:
385: case sRSAAuthentication:
386: intptr = &options->rsa_authentication;
387: goto parse_flag;
388:
389: #ifdef KRB4
390: case sKerberosAuthentication:
391: intptr = &options->kerberos_authentication;
392: goto parse_flag;
393:
394: case sKerberosOrLocalPasswd:
395: intptr = &options->kerberos_or_local_passwd;
396: goto parse_flag;
397:
398: case sKerberosTicketCleanup:
399: intptr = &options->kerberos_ticket_cleanup;
400: goto parse_flag;
401: #endif
402:
1.4 dugsong 403: #ifdef AFS
1.1 deraadt 404: case sKerberosTgtPassing:
405: intptr = &options->kerberos_tgt_passing;
406: goto parse_flag;
407:
408: case sAFSTokenPassing:
409: intptr = &options->afs_token_passing;
410: goto parse_flag;
411: #endif
412:
413: case sPasswordAuthentication:
414: intptr = &options->password_authentication;
415: goto parse_flag;
1.11 markus 416:
417: case sCheckMail:
418: intptr = &options->check_mail;
419: goto parse_flag;
1.10 markus 420:
421: #ifdef SKEY
422: case sSkeyAuthentication:
423: intptr = &options->skey_authentication;
424: goto parse_flag;
425: #endif
1.1 deraadt 426:
427: case sPrintMotd:
428: intptr = &options->print_motd;
429: goto parse_flag;
430:
431: case sX11Forwarding:
432: intptr = &options->x11_forwarding;
433: goto parse_flag;
1.2 deraadt 434:
435: case sX11DisplayOffset:
436: intptr = &options->x11_display_offset;
437: goto parse_int;
1.1 deraadt 438:
439: case sStrictModes:
440: intptr = &options->strict_modes;
441: goto parse_flag;
442:
443: case sKeepAlives:
444: intptr = &options->keepalives;
445: goto parse_flag;
446:
447: case sEmptyPasswd:
448: intptr = &options->permit_empty_passwd;
449: goto parse_flag;
1.12 ! markus 450:
! 451: case sUseLogin:
! 452: intptr = &options->use_login;
! 453: goto parse_flag;
1.1 deraadt 454:
455: case sLogFacility:
456: cp = strtok(NULL, WHITESPACE);
457: if (!cp)
458: {
459: fprintf(stderr, "%s line %d: missing facility name.\n",
460: filename, linenum);
461: exit(1);
462: }
463: for (i = 0; log_facilities[i].name; i++)
464: if (strcmp(log_facilities[i].name, cp) == 0)
465: break;
466: if (!log_facilities[i].name)
467: {
468: fprintf(stderr, "%s line %d: unsupported log facility %s\n",
469: filename, linenum, cp);
470: exit(1);
471: }
472: if (options->log_facility == (SyslogFacility)(-1))
473: options->log_facility = log_facilities[i].facility;
474: break;
475:
476: case sAllowHosts:
477: while ((cp = strtok(NULL, WHITESPACE)))
478: {
479: if (options->num_allow_hosts >= MAX_ALLOW_HOSTS)
480: {
481: fprintf(stderr, "%s line %d: too many allow hosts.\n",
482: filename, linenum);
483: exit(1);
484: }
485: options->allow_hosts[options->num_allow_hosts++] = xstrdup(cp);
486: }
487: break;
488:
489: case sDenyHosts:
490: while ((cp = strtok(NULL, WHITESPACE)))
491: {
492: if (options->num_deny_hosts >= MAX_DENY_HOSTS)
493: {
494: fprintf(stderr, "%s line %d: too many deny hosts.\n",
495: filename, linenum);
496: exit(1);
497: }
498: options->deny_hosts[options->num_deny_hosts++] = xstrdup(cp);
499: }
500: break;
501:
502: default:
503: fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
504: filename, linenum, cp, opcode);
505: exit(1);
506: }
507: if (strtok(NULL, WHITESPACE) != NULL)
508: {
509: fprintf(stderr, "%s line %d: garbage at end of line.\n",
510: filename, linenum);
511: exit(1);
512: }
513: }
514: fclose(f);
515: }