Annotation of src/usr.bin/ssh/servconf.c, Revision 1.2
1.1 deraadt 1: /*
2:
3: servconf.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Mon Aug 21 15:48:58 1995 ylo
11:
12: */
13:
14: #include "includes.h"
1.2 ! deraadt 15: RCSID("$Id: servconf.c,v 1.1 1999/09/26 20:53:37 deraadt Exp $");
1.1 deraadt 16:
17: #include "ssh.h"
18: #include "servconf.h"
19: #include "xmalloc.h"
20:
21: /* Initializes the server options to their default values. */
22:
23: void initialize_server_options(ServerOptions *options)
24: {
25: memset(options, 0, sizeof(*options));
26: options->port = -1;
27: options->listen_addr.s_addr = INADDR_ANY;
28: options->host_key_file = NULL;
29: options->random_seed_file = NULL;
30: options->server_key_bits = -1;
31: options->login_grace_time = -1;
32: options->key_regeneration_time = -1;
33: options->permit_root_login = -1;
34: options->ignore_rhosts = -1;
35: options->quiet_mode = -1;
36: options->fascist_logging = -1;
37: options->print_motd = -1;
38: options->x11_forwarding = -1;
1.2 ! deraadt 39: options->x11_display_offset = -1;
1.1 deraadt 40: options->strict_modes = -1;
41: options->keepalives = -1;
42: options->log_facility = (SyslogFacility)-1;
43: options->rhosts_authentication = -1;
44: options->rhosts_rsa_authentication = -1;
45: options->rsa_authentication = -1;
46: #ifdef KRB4
47: options->kerberos_authentication = -1;
48: options->kerberos_or_local_passwd = -1;
49: #endif
50: #if defined(KRB4) || defined(AFS)
51: options->kerberos_ticket_cleanup = -1;
52: #endif
53: #ifdef KERBEROS_TGT_PASSING
54: options->kerberos_tgt_passing = -1;
55: #endif
56: #ifdef AFS
57: options->afs_token_passing = -1;
58: #endif
59: options->password_authentication = -1;
60: options->permit_empty_passwd = -1;
61: options->num_allow_hosts = 0;
62: options->num_deny_hosts = 0;
63: }
64:
65: void fill_default_server_options(ServerOptions *options)
66: {
67: if (options->port == -1)
68: {
69: struct servent *sp;
70:
71: sp = getservbyname(SSH_SERVICE_NAME, "tcp");
72: if (sp)
73: options->port = ntohs(sp->s_port);
74: else
75: options->port = SSH_DEFAULT_PORT;
76: endservent();
77: }
78: if (options->host_key_file == NULL)
79: options->host_key_file = HOST_KEY_FILE;
80: if (options->random_seed_file == NULL)
81: options->random_seed_file = SSH_DAEMON_SEED_FILE;
82: if (options->server_key_bits == -1)
83: options->server_key_bits = 768;
84: if (options->login_grace_time == -1)
85: options->login_grace_time = 600;
86: if (options->key_regeneration_time == -1)
87: options->key_regeneration_time = 3600;
88: if (options->permit_root_login == -1)
89: options->permit_root_login = 1;
90: if (options->ignore_rhosts == -1)
91: options->ignore_rhosts = 0;
92: if (options->quiet_mode == -1)
93: options->quiet_mode = 0;
94: if (options->fascist_logging == -1)
95: options->fascist_logging = 1;
96: if (options->print_motd == -1)
97: options->print_motd = 1;
98: if (options->x11_forwarding == -1)
99: options->x11_forwarding = 1;
1.2 ! deraadt 100: if (options->x11_display_offset == -1)
! 101: options->x11_display_offset = 1;
1.1 deraadt 102: if (options->strict_modes == -1)
103: options->strict_modes = 1;
104: if (options->keepalives == -1)
105: options->keepalives = 1;
106: if (options->log_facility == (SyslogFacility)(-1))
107: options->log_facility = SYSLOG_FACILITY_DAEMON;
108: if (options->rhosts_authentication == -1)
109: options->rhosts_authentication = 0;
110: if (options->rhosts_rsa_authentication == -1)
111: options->rhosts_rsa_authentication = 1;
112: if (options->rsa_authentication == -1)
113: options->rsa_authentication = 1;
114: #ifdef KRB4
115: if (options->kerberos_authentication == -1)
116: options->kerberos_authentication = 1;
117: if (options->kerberos_or_local_passwd == -1)
118: options->kerberos_or_local_passwd = 0;
119: #endif
120: #if defined(KRB4) || defined(AFS)
121: if (options->kerberos_ticket_cleanup == -1)
122: options->kerberos_ticket_cleanup = 1;
123: #endif
124: #ifdef KERBEROS_TGT_PASSING
125: if (options->kerberos_tgt_passing == -1)
126: options->kerberos_tgt_passing = 0;
127: #endif
128: #ifdef AFS
129: if (options->afs_token_passing == -1)
130: options->afs_token_passing = 1;
131: #endif
132: if (options->password_authentication == -1)
133: options->password_authentication = 1;
134: if (options->permit_empty_passwd == -1)
135: options->permit_empty_passwd = 1;
136: }
137:
138: #define WHITESPACE " \t\r\n"
139:
140: /* Keyword tokens. */
141: typedef enum
142: {
143: sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
144: sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
145: sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
146: #ifdef KRB4
147: sKerberosAuthentication, sKerberosOrLocalPasswd,
148: #endif
149: #if defined(KRB4) || defined(AFS)
150: sKerberosTicketCleanup,
151: #endif
152: #ifdef KERBEROS_TGT_PASSING
153: sKerberosTgtPassing,
154: #endif
155: #ifdef AFS
156: sAFSTokenPassing,
157: #endif
158: sPasswordAuthentication, sAllowHosts, sDenyHosts, sListenAddress,
1.2 ! deraadt 159: sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
1.1 deraadt 160: sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives
161: } ServerOpCodes;
162:
163: /* Textual representation of the tokens. */
164: static struct
165: {
166: const char *name;
167: ServerOpCodes opcode;
168: } keywords[] =
169: {
170: { "port", sPort },
171: { "hostkey", sHostKeyFile },
172: { "serverkeybits", sServerKeyBits },
173: { "logingracetime", sLoginGraceTime },
174: { "keyregenerationinterval", sKeyRegenerationTime },
175: { "permitrootlogin", sPermitRootLogin },
176: { "quietmode", sQuietMode },
177: { "fascistlogging", sFascistLogging },
178: { "syslogfacility", sLogFacility },
179: { "rhostsauthentication", sRhostsAuthentication },
180: { "rhostsrsaauthentication", sRhostsRSAAuthentication },
181: { "rsaauthentication", sRSAAuthentication },
182: #ifdef KRB4
183: { "kerberosauthentication", sKerberosAuthentication },
184: { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
185: #endif
186: #if defined(KRB4) || defined(AFS)
187: { "kerberosticketcleanup", sKerberosTicketCleanup },
188: #endif
189: #ifdef KERBEROS_TGT_PASSING
190: { "kerberostgtpassing", sKerberosTgtPassing },
191: #endif
192: #ifdef AFS
193: { "afstokenpassing", sAFSTokenPassing },
194: #endif
195: { "passwordauthentication", sPasswordAuthentication },
196: { "allowhosts", sAllowHosts },
197: { "denyhosts", sDenyHosts },
198: { "listenaddress", sListenAddress },
199: { "printmotd", sPrintMotd },
200: { "ignorerhosts", sIgnoreRhosts },
201: { "x11forwarding", sX11Forwarding },
1.2 ! deraadt 202: { "x11displayoffset", sX11DisplayOffset },
1.1 deraadt 203: { "strictmodes", sStrictModes },
204: { "permitemptypasswords", sEmptyPasswd },
205: { "randomseed", sRandomSeedFile },
206: { "keepalive", sKeepAlives },
207: { NULL, 0 }
208: };
209:
210: static struct
211: {
212: const char *name;
213: SyslogFacility facility;
214: } log_facilities[] =
215: {
216: { "DAEMON", SYSLOG_FACILITY_DAEMON },
217: { "USER", SYSLOG_FACILITY_USER },
218: { "AUTH", SYSLOG_FACILITY_AUTH },
219: { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
220: { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
221: { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
222: { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
223: { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
224: { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
225: { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
226: { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
227: { NULL, 0 }
228: };
229:
230: /* Returns the number of the token pointed to by cp of length len.
231: Never returns if the token is not known. */
232:
233: static ServerOpCodes parse_token(const char *cp, const char *filename,
234: int linenum)
235: {
236: unsigned int i;
237:
238: for (i = 0; keywords[i].name; i++)
239: if (strcmp(cp, keywords[i].name) == 0)
240: return keywords[i].opcode;
241:
242: fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
243: filename, linenum, cp);
244: exit(1);
245: }
246:
247: /* Reads the server configuration file. */
248:
249: void read_server_config(ServerOptions *options, const char *filename)
250: {
251: FILE *f;
252: char line[1024];
253: char *cp, **charptr;
254: int linenum, *intptr, i, value;
255: ServerOpCodes opcode;
256:
257: f = fopen(filename, "r");
258: if (!f)
259: {
260: perror(filename);
261: return;
262: }
263:
264: linenum = 0;
265: while (fgets(line, sizeof(line), f))
266: {
267: linenum++;
268: cp = line + strspn(line, WHITESPACE);
269: if (!*cp || *cp == '#')
270: continue;
271: cp = strtok(cp, WHITESPACE);
272: {
273: char *t = cp;
274: for (; *t != 0; t++)
275: if ('A' <= *t && *t <= 'Z')
276: *t = *t - 'A' + 'a'; /* tolower */
277:
278: }
279: opcode = parse_token(cp, filename, linenum);
280: switch (opcode)
281: {
282: case sPort:
283: intptr = &options->port;
284: parse_int:
285: cp = strtok(NULL, WHITESPACE);
286: if (!cp)
287: {
288: fprintf(stderr, "%s line %d: missing integer value.\n",
289: filename, linenum);
290: exit(1);
291: }
292: value = atoi(cp);
293: if (*intptr == -1)
294: *intptr = value;
295: break;
296:
297: case sServerKeyBits:
298: intptr = &options->server_key_bits;
299: goto parse_int;
300:
301: case sLoginGraceTime:
302: intptr = &options->login_grace_time;
303: goto parse_int;
304:
305: case sKeyRegenerationTime:
306: intptr = &options->key_regeneration_time;
307: goto parse_int;
308:
309: case sListenAddress:
310: cp = strtok(NULL, WHITESPACE);
311: if (!cp)
312: {
313: fprintf(stderr, "%s line %d: missing inet addr.\n",
314: filename, linenum);
315: exit(1);
316: }
317: #ifdef BROKEN_INET_ADDR
318: options->listen_addr.s_addr = inet_network(cp);
319: #else /* BROKEN_INET_ADDR */
320: options->listen_addr.s_addr = inet_addr(cp);
321: #endif /* BROKEN_INET_ADDR */
322: break;
323:
324: case sHostKeyFile:
325: charptr = &options->host_key_file;
326: parse_pathname:
327: cp = strtok(NULL, WHITESPACE);
328: if (!cp)
329: {
330: fprintf(stderr, "%s line %d: missing file name.\n",
331: filename, linenum);
332: exit(1);
333: }
334: if (*charptr == NULL)
335: *charptr = tilde_expand_filename(cp, getuid());
336: break;
337:
338: case sRandomSeedFile:
339: charptr = &options->random_seed_file;
340: goto parse_pathname;
341:
342: case sPermitRootLogin:
343: intptr = &options->permit_root_login;
344: parse_flag:
345: cp = strtok(NULL, WHITESPACE);
346: if (!cp)
347: {
348: fprintf(stderr, "%s line %d: missing yes/no argument.\n",
349: filename, linenum);
350: exit(1);
351: }
352: if (strcmp(cp, "yes") == 0)
353: value = 1;
354: else
355: if (strcmp(cp, "no") == 0)
356: value = 0;
357: else
358: {
359: fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
360: filename, linenum, cp);
361: exit(1);
362: }
363: if (*intptr == -1)
364: *intptr = value;
365: break;
366:
367: case sIgnoreRhosts:
368: intptr = &options->ignore_rhosts;
369: goto parse_flag;
370:
371: case sQuietMode:
372: intptr = &options->quiet_mode;
373: goto parse_flag;
374:
375: case sFascistLogging:
376: intptr = &options->fascist_logging;
377: goto parse_flag;
378:
379: case sRhostsAuthentication:
380: intptr = &options->rhosts_authentication;
381: goto parse_flag;
382:
383: case sRhostsRSAAuthentication:
384: intptr = &options->rhosts_rsa_authentication;
385: goto parse_flag;
386:
387: case sRSAAuthentication:
388: intptr = &options->rsa_authentication;
389: goto parse_flag;
390:
391: #ifdef KRB4
392: case sKerberosAuthentication:
393: intptr = &options->kerberos_authentication;
394: goto parse_flag;
395:
396: case sKerberosOrLocalPasswd:
397: intptr = &options->kerberos_or_local_passwd;
398: goto parse_flag;
399: #endif
400:
401: #if defined(KRB4) || defined(AFS)
402: case sKerberosTicketCleanup:
403: intptr = &options->kerberos_ticket_cleanup;
404: goto parse_flag;
405: #endif
406:
407: #ifdef KERBEROS_TGT_PASSING
408: case sKerberosTgtPassing:
409: intptr = &options->kerberos_tgt_passing;
410: goto parse_flag;
411: #endif
412:
413: #ifdef AFS
414: case sAFSTokenPassing:
415: intptr = &options->afs_token_passing;
416: goto parse_flag;
417: #endif
418:
419: case sPasswordAuthentication:
420: intptr = &options->password_authentication;
421: goto parse_flag;
422:
423: case sPrintMotd:
424: intptr = &options->print_motd;
425: goto parse_flag;
426:
427: case sX11Forwarding:
428: intptr = &options->x11_forwarding;
429: goto parse_flag;
1.2 ! deraadt 430:
! 431: case sX11DisplayOffset:
! 432: intptr = &options->x11_display_offset;
! 433: goto parse_int;
1.1 deraadt 434:
435: case sStrictModes:
436: intptr = &options->strict_modes;
437: goto parse_flag;
438:
439: case sKeepAlives:
440: intptr = &options->keepalives;
441: goto parse_flag;
442:
443: case sEmptyPasswd:
444: intptr = &options->permit_empty_passwd;
445: goto parse_flag;
446:
447: case sLogFacility:
448: cp = strtok(NULL, WHITESPACE);
449: if (!cp)
450: {
451: fprintf(stderr, "%s line %d: missing facility name.\n",
452: filename, linenum);
453: exit(1);
454: }
455: for (i = 0; log_facilities[i].name; i++)
456: if (strcmp(log_facilities[i].name, cp) == 0)
457: break;
458: if (!log_facilities[i].name)
459: {
460: fprintf(stderr, "%s line %d: unsupported log facility %s\n",
461: filename, linenum, cp);
462: exit(1);
463: }
464: if (options->log_facility == (SyslogFacility)(-1))
465: options->log_facility = log_facilities[i].facility;
466: break;
467:
468: case sAllowHosts:
469: while ((cp = strtok(NULL, WHITESPACE)))
470: {
471: if (options->num_allow_hosts >= MAX_ALLOW_HOSTS)
472: {
473: fprintf(stderr, "%s line %d: too many allow hosts.\n",
474: filename, linenum);
475: exit(1);
476: }
477: options->allow_hosts[options->num_allow_hosts++] = xstrdup(cp);
478: }
479: break;
480:
481: case sDenyHosts:
482: while ((cp = strtok(NULL, WHITESPACE)))
483: {
484: if (options->num_deny_hosts >= MAX_DENY_HOSTS)
485: {
486: fprintf(stderr, "%s line %d: too many deny hosts.\n",
487: filename, linenum);
488: exit(1);
489: }
490: options->deny_hosts[options->num_deny_hosts++] = xstrdup(cp);
491: }
492: break;
493:
494: default:
495: fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
496: filename, linenum, cp, opcode);
497: exit(1);
498: }
499: if (strtok(NULL, WHITESPACE) != NULL)
500: {
501: fprintf(stderr, "%s line %d: garbage at end of line.\n",
502: filename, linenum);
503: exit(1);
504: }
505: }
506: fclose(f);
507: }