Annotation of src/usr.bin/ssh/servconf.c, Revision 1.27
1.1 deraadt 1: /*
1.26 deraadt 2: *
3: * servconf.c
4: *
5: * Author: Tatu Ylonen <ylo@cs.hut.fi>
6: *
7: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: * All rights reserved
9: *
10: * Created: Mon Aug 21 15:48:58 1995 ylo
11: *
12: */
1.1 deraadt 13:
14: #include "includes.h"
1.27 ! markus 15: RCSID("$Id: servconf.c,v 1.26 1999/11/24 00:26:03 deraadt Exp $");
1.1 deraadt 16:
17: #include "ssh.h"
18: #include "servconf.h"
19: #include "xmalloc.h"
20:
21: /* Initializes the server options to their default values. */
22:
1.25 markus 23: void
24: initialize_server_options(ServerOptions *options)
1.1 deraadt 25: {
1.25 markus 26: memset(options, 0, sizeof(*options));
27: options->port = -1;
28: options->listen_addr.s_addr = htonl(INADDR_ANY);
29: options->host_key_file = NULL;
30: options->server_key_bits = -1;
31: options->login_grace_time = -1;
32: options->key_regeneration_time = -1;
33: options->permit_root_login = -1;
34: options->ignore_rhosts = -1;
35: options->ignore_user_known_hosts = -1;
36: options->print_motd = -1;
37: options->check_mail = -1;
38: options->x11_forwarding = -1;
39: options->x11_display_offset = -1;
40: options->strict_modes = -1;
41: options->keepalives = -1;
42: options->log_facility = (SyslogFacility) - 1;
43: options->log_level = (LogLevel) - 1;
44: options->rhosts_authentication = -1;
45: options->rhosts_rsa_authentication = -1;
46: options->rsa_authentication = -1;
1.1 deraadt 47: #ifdef KRB4
1.25 markus 48: options->kerberos_authentication = -1;
49: options->kerberos_or_local_passwd = -1;
50: options->kerberos_ticket_cleanup = -1;
1.1 deraadt 51: #endif
1.4 dugsong 52: #ifdef AFS
1.25 markus 53: options->kerberos_tgt_passing = -1;
54: options->afs_token_passing = -1;
1.1 deraadt 55: #endif
1.25 markus 56: options->password_authentication = -1;
1.10 markus 57: #ifdef SKEY
1.25 markus 58: options->skey_authentication = -1;
1.10 markus 59: #endif
1.25 markus 60: options->permit_empty_passwd = -1;
61: options->use_login = -1;
62: options->num_allow_users = 0;
63: options->num_deny_users = 0;
64: options->num_allow_groups = 0;
65: options->num_deny_groups = 0;
1.1 deraadt 66: }
67:
1.25 markus 68: void
69: fill_default_server_options(ServerOptions *options)
1.1 deraadt 70: {
1.25 markus 71: if (options->port == -1) {
72: struct servent *sp;
73:
74: sp = getservbyname(SSH_SERVICE_NAME, "tcp");
75: if (sp)
76: options->port = ntohs(sp->s_port);
77: else
78: options->port = SSH_DEFAULT_PORT;
79: endservent();
80: }
81: if (options->host_key_file == NULL)
82: options->host_key_file = HOST_KEY_FILE;
83: if (options->server_key_bits == -1)
84: options->server_key_bits = 768;
85: if (options->login_grace_time == -1)
86: options->login_grace_time = 600;
87: if (options->key_regeneration_time == -1)
88: options->key_regeneration_time = 3600;
89: if (options->permit_root_login == -1)
90: options->permit_root_login = 1; /* yes */
91: if (options->ignore_rhosts == -1)
92: options->ignore_rhosts = 0;
93: if (options->ignore_user_known_hosts == -1)
94: options->ignore_user_known_hosts = 0;
95: if (options->check_mail == -1)
96: options->check_mail = 0;
97: if (options->print_motd == -1)
98: options->print_motd = 1;
99: if (options->x11_forwarding == -1)
100: options->x11_forwarding = 1;
101: if (options->x11_display_offset == -1)
102: options->x11_display_offset = 1;
103: if (options->strict_modes == -1)
104: options->strict_modes = 1;
105: if (options->keepalives == -1)
106: options->keepalives = 1;
107: if (options->log_facility == (SyslogFacility) (-1))
108: options->log_facility = SYSLOG_FACILITY_AUTH;
109: if (options->log_level == (LogLevel) (-1))
110: options->log_level = SYSLOG_LEVEL_INFO;
111: if (options->rhosts_authentication == -1)
112: options->rhosts_authentication = 0;
113: if (options->rhosts_rsa_authentication == -1)
114: options->rhosts_rsa_authentication = 1;
115: if (options->rsa_authentication == -1)
116: options->rsa_authentication = 1;
1.1 deraadt 117: #ifdef KRB4
1.25 markus 118: if (options->kerberos_authentication == -1)
119: options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
120: if (options->kerberos_or_local_passwd == -1)
121: options->kerberos_or_local_passwd = 1;
122: if (options->kerberos_ticket_cleanup == -1)
123: options->kerberos_ticket_cleanup = 1;
1.4 dugsong 124: #endif /* KRB4 */
125: #ifdef AFS
1.25 markus 126: if (options->kerberos_tgt_passing == -1)
127: options->kerberos_tgt_passing = 0;
128: if (options->afs_token_passing == -1)
129: options->afs_token_passing = k_hasafs();
1.4 dugsong 130: #endif /* AFS */
1.25 markus 131: if (options->password_authentication == -1)
132: options->password_authentication = 1;
1.10 markus 133: #ifdef SKEY
1.25 markus 134: if (options->skey_authentication == -1)
135: options->skey_authentication = 1;
1.10 markus 136: #endif
1.25 markus 137: if (options->permit_empty_passwd == -1)
138: options->permit_empty_passwd = 1;
139: if (options->use_login == -1)
140: options->use_login = 0;
1.1 deraadt 141: }
142:
143: #define WHITESPACE " \t\r\n"
144:
145: /* Keyword tokens. */
1.25 markus 146: typedef enum {
147: sBadOption, /* == unknown option */
148: sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
149: sPermitRootLogin, sLogFacility, sLogLevel,
150: sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
1.1 deraadt 151: #ifdef KRB4
1.25 markus 152: sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
1.1 deraadt 153: #endif
154: #ifdef AFS
1.25 markus 155: sKerberosTgtPassing, sAFSTokenPassing,
1.1 deraadt 156: #endif
1.10 markus 157: #ifdef SKEY
1.25 markus 158: sSkeyAuthentication,
1.10 markus 159: #endif
1.25 markus 160: sPasswordAuthentication, sListenAddress,
161: sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
162: sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
163: sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
164: sIgnoreUserKnownHosts
1.1 deraadt 165: } ServerOpCodes;
166:
167: /* Textual representation of the tokens. */
1.25 markus 168: static struct {
169: const char *name;
170: ServerOpCodes opcode;
171: } keywords[] = {
172: { "port", sPort },
173: { "hostkey", sHostKeyFile },
174: { "serverkeybits", sServerKeyBits },
175: { "logingracetime", sLoginGraceTime },
176: { "keyregenerationinterval", sKeyRegenerationTime },
177: { "permitrootlogin", sPermitRootLogin },
178: { "syslogfacility", sLogFacility },
179: { "loglevel", sLogLevel },
180: { "rhostsauthentication", sRhostsAuthentication },
181: { "rhostsrsaauthentication", sRhostsRSAAuthentication },
182: { "rsaauthentication", sRSAAuthentication },
1.1 deraadt 183: #ifdef KRB4
1.25 markus 184: { "kerberosauthentication", sKerberosAuthentication },
185: { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
186: { "kerberosticketcleanup", sKerberosTicketCleanup },
1.1 deraadt 187: #endif
1.4 dugsong 188: #ifdef AFS
1.25 markus 189: { "kerberostgtpassing", sKerberosTgtPassing },
190: { "afstokenpassing", sAFSTokenPassing },
1.1 deraadt 191: #endif
1.25 markus 192: { "passwordauthentication", sPasswordAuthentication },
1.10 markus 193: #ifdef SKEY
1.25 markus 194: { "skeyauthentication", sSkeyAuthentication },
1.10 markus 195: #endif
1.25 markus 196: { "checkmail", sCheckMail },
197: { "listenaddress", sListenAddress },
198: { "printmotd", sPrintMotd },
199: { "ignorerhosts", sIgnoreRhosts },
200: { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
201: { "x11forwarding", sX11Forwarding },
202: { "x11displayoffset", sX11DisplayOffset },
203: { "strictmodes", sStrictModes },
204: { "permitemptypasswords", sEmptyPasswd },
205: { "uselogin", sUseLogin },
206: { "randomseed", sRandomSeedFile },
207: { "keepalive", sKeepAlives },
208: { "allowusers", sAllowUsers },
209: { "denyusers", sDenyUsers },
210: { "allowgroups", sAllowGroups },
211: { "denygroups", sDenyGroups },
212: { NULL, 0 }
1.1 deraadt 213: };
214:
1.27 ! markus 215: /*
! 216: * Returns the number of the token pointed to by cp of length len. Never
! 217: * returns if the token is not known.
! 218: */
1.1 deraadt 219:
1.25 markus 220: static ServerOpCodes
221: parse_token(const char *cp, const char *filename,
222: int linenum)
1.1 deraadt 223: {
1.25 markus 224: unsigned int i;
1.1 deraadt 225:
1.25 markus 226: for (i = 0; keywords[i].name; i++)
227: if (strcmp(cp, keywords[i].name) == 0)
228: return keywords[i].opcode;
229:
230: fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
231: filename, linenum, cp);
232: return sBadOption;
1.1 deraadt 233: }
234:
235: /* Reads the server configuration file. */
236:
1.25 markus 237: void
238: read_server_config(ServerOptions *options, const char *filename)
1.1 deraadt 239: {
1.25 markus 240: FILE *f;
241: char line[1024];
242: char *cp, **charptr;
243: int linenum, *intptr, value;
244: int bad_options = 0;
245: ServerOpCodes opcode;
246:
247: f = fopen(filename, "r");
248: if (!f) {
249: perror(filename);
1.1 deraadt 250: exit(1);
1.25 markus 251: }
252: linenum = 0;
253: while (fgets(line, sizeof(line), f)) {
254: linenum++;
255: cp = line + strspn(line, WHITESPACE);
256: if (!*cp || *cp == '#')
257: continue;
258: cp = strtok(cp, WHITESPACE);
259: {
260: char *t = cp;
261: for (; *t != 0; t++)
262: if ('A' <= *t && *t <= 'Z')
263: *t = *t - 'A' + 'a'; /* tolower */
264:
265: }
266: opcode = parse_token(cp, filename, linenum);
267: switch (opcode) {
268: case sBadOption:
269: bad_options++;
270: continue;
271: case sPort:
272: intptr = &options->port;
273: parse_int:
274: cp = strtok(NULL, WHITESPACE);
275: if (!cp) {
276: fprintf(stderr, "%s line %d: missing integer value.\n",
277: filename, linenum);
278: exit(1);
279: }
280: value = atoi(cp);
281: if (*intptr == -1)
282: *intptr = value;
283: break;
284:
285: case sServerKeyBits:
286: intptr = &options->server_key_bits;
287: goto parse_int;
288:
289: case sLoginGraceTime:
290: intptr = &options->login_grace_time;
291: goto parse_int;
292:
293: case sKeyRegenerationTime:
294: intptr = &options->key_regeneration_time;
295: goto parse_int;
296:
297: case sListenAddress:
298: cp = strtok(NULL, WHITESPACE);
299: if (!cp) {
300: fprintf(stderr, "%s line %d: missing inet addr.\n",
301: filename, linenum);
302: exit(1);
303: }
304: options->listen_addr.s_addr = inet_addr(cp);
305: break;
306:
307: case sHostKeyFile:
308: charptr = &options->host_key_file;
309: cp = strtok(NULL, WHITESPACE);
310: if (!cp) {
311: fprintf(stderr, "%s line %d: missing file name.\n",
312: filename, linenum);
313: exit(1);
314: }
315: if (*charptr == NULL)
316: *charptr = tilde_expand_filename(cp, getuid());
317: break;
318:
319: case sRandomSeedFile:
320: fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
321: filename, linenum);
322: cp = strtok(NULL, WHITESPACE);
323: break;
324:
325: case sPermitRootLogin:
326: intptr = &options->permit_root_login;
327: cp = strtok(NULL, WHITESPACE);
328: if (!cp) {
329: fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
330: filename, linenum);
331: exit(1);
332: }
333: if (strcmp(cp, "without-password") == 0)
334: value = 2;
335: else if (strcmp(cp, "yes") == 0)
336: value = 1;
337: else if (strcmp(cp, "no") == 0)
338: value = 0;
339: else {
340: fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
341: filename, linenum, cp);
342: exit(1);
343: }
344: if (*intptr == -1)
345: *intptr = value;
346: break;
347:
348: case sIgnoreRhosts:
349: intptr = &options->ignore_rhosts;
350: parse_flag:
351: cp = strtok(NULL, WHITESPACE);
352: if (!cp) {
353: fprintf(stderr, "%s line %d: missing yes/no argument.\n",
354: filename, linenum);
355: exit(1);
356: }
357: if (strcmp(cp, "yes") == 0)
358: value = 1;
359: else if (strcmp(cp, "no") == 0)
360: value = 0;
361: else {
362: fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
363: filename, linenum, cp);
364: exit(1);
365: }
366: if (*intptr == -1)
367: *intptr = value;
368: break;
369:
370: case sIgnoreUserKnownHosts:
371: intptr = &options->ignore_user_known_hosts;
372: goto parse_int;
373:
374: case sRhostsAuthentication:
375: intptr = &options->rhosts_authentication;
376: goto parse_flag;
377:
378: case sRhostsRSAAuthentication:
379: intptr = &options->rhosts_rsa_authentication;
380: goto parse_flag;
381:
382: case sRSAAuthentication:
383: intptr = &options->rsa_authentication;
384: goto parse_flag;
385:
1.1 deraadt 386: #ifdef KRB4
1.25 markus 387: case sKerberosAuthentication:
388: intptr = &options->kerberos_authentication;
389: goto parse_flag;
390:
391: case sKerberosOrLocalPasswd:
392: intptr = &options->kerberos_or_local_passwd;
393: goto parse_flag;
394:
395: case sKerberosTicketCleanup:
396: intptr = &options->kerberos_ticket_cleanup;
397: goto parse_flag;
1.1 deraadt 398: #endif
1.25 markus 399:
1.4 dugsong 400: #ifdef AFS
1.25 markus 401: case sKerberosTgtPassing:
402: intptr = &options->kerberos_tgt_passing;
403: goto parse_flag;
404:
405: case sAFSTokenPassing:
406: intptr = &options->afs_token_passing;
407: goto parse_flag;
408: #endif
409:
410: case sPasswordAuthentication:
411: intptr = &options->password_authentication;
412: goto parse_flag;
413:
414: case sCheckMail:
415: intptr = &options->check_mail;
416: goto parse_flag;
1.10 markus 417:
418: #ifdef SKEY
1.25 markus 419: case sSkeyAuthentication:
420: intptr = &options->skey_authentication;
421: goto parse_flag;
422: #endif
423:
424: case sPrintMotd:
425: intptr = &options->print_motd;
426: goto parse_flag;
427:
428: case sX11Forwarding:
429: intptr = &options->x11_forwarding;
430: goto parse_flag;
431:
432: case sX11DisplayOffset:
433: intptr = &options->x11_display_offset;
434: goto parse_int;
435:
436: case sStrictModes:
437: intptr = &options->strict_modes;
438: goto parse_flag;
439:
440: case sKeepAlives:
441: intptr = &options->keepalives;
442: goto parse_flag;
443:
444: case sEmptyPasswd:
445: intptr = &options->permit_empty_passwd;
446: goto parse_flag;
447:
448: case sUseLogin:
449: intptr = &options->use_login;
450: goto parse_flag;
451:
452: case sLogFacility:
453: intptr = (int *) &options->log_facility;
454: cp = strtok(NULL, WHITESPACE);
455: value = log_facility_number(cp);
456: if (value == (SyslogFacility) - 1)
457: fatal("%.200s line %d: unsupported log facility '%s'\n",
458: filename, linenum, cp ? cp : "<NONE>");
459: if (*intptr == -1)
460: *intptr = (SyslogFacility) value;
461: break;
462:
463: case sLogLevel:
464: intptr = (int *) &options->log_level;
465: cp = strtok(NULL, WHITESPACE);
466: value = log_level_number(cp);
467: if (value == (LogLevel) - 1)
468: fatal("%.200s line %d: unsupported log level '%s'\n",
469: filename, linenum, cp ? cp : "<NONE>");
470: if (*intptr == -1)
471: *intptr = (LogLevel) value;
472: break;
473:
474: case sAllowUsers:
475: while ((cp = strtok(NULL, WHITESPACE))) {
476: if (options->num_allow_users >= MAX_ALLOW_USERS) {
477: fprintf(stderr, "%s line %d: too many allow users.\n",
478: filename, linenum);
479: exit(1);
480: }
481: options->allow_users[options->num_allow_users++] = xstrdup(cp);
482: }
483: break;
484:
485: case sDenyUsers:
486: while ((cp = strtok(NULL, WHITESPACE))) {
487: if (options->num_deny_users >= MAX_DENY_USERS) {
488: fprintf(stderr, "%s line %d: too many deny users.\n",
489: filename, linenum);
490: exit(1);
491: }
492: options->deny_users[options->num_deny_users++] = xstrdup(cp);
493: }
494: break;
495:
496: case sAllowGroups:
497: while ((cp = strtok(NULL, WHITESPACE))) {
498: if (options->num_allow_groups >= MAX_ALLOW_GROUPS) {
499: fprintf(stderr, "%s line %d: too many allow groups.\n",
500: filename, linenum);
501: exit(1);
502: }
503: options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
504: }
505: break;
506:
507: case sDenyGroups:
508: while ((cp = strtok(NULL, WHITESPACE))) {
509: if (options->num_deny_groups >= MAX_DENY_GROUPS) {
510: fprintf(stderr, "%s line %d: too many deny groups.\n",
511: filename, linenum);
512: exit(1);
513: }
514: options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
515: }
516: break;
517:
518: default:
519: fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
520: filename, linenum, cp, opcode);
521: exit(1);
1.13 markus 522: }
1.25 markus 523: if (strtok(NULL, WHITESPACE) != NULL) {
524: fprintf(stderr, "%s line %d: garbage at end of line.\n",
525: filename, linenum);
526: exit(1);
1.13 markus 527: }
1.1 deraadt 528: }
1.25 markus 529: fclose(f);
530: if (bad_options > 0) {
531: fprintf(stderr, "%s: terminating, %d bad configuration options\n",
532: filename, bad_options);
533: exit(1);
1.1 deraadt 534: }
535: }