Annotation of src/usr.bin/ssh/servconf.c, Revision 1.4
1.1 deraadt 1: /*
2:
3: servconf.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Mon Aug 21 15:48:58 1995 ylo
11:
12: */
13:
14: #include "includes.h"
1.4 ! dugsong 15: RCSID("$Id: servconf.c,v 1.3 1999/09/29 00:10:16 deraadt Exp $");
1.1 deraadt 16:
17: #include "ssh.h"
18: #include "servconf.h"
19: #include "xmalloc.h"
20:
21: /* Initializes the server options to their default values. */
22:
23: void initialize_server_options(ServerOptions *options)
24: {
25: memset(options, 0, sizeof(*options));
26: options->port = -1;
1.3 deraadt 27: options->listen_addr.s_addr = htonl(INADDR_ANY);
1.1 deraadt 28: options->host_key_file = NULL;
29: options->random_seed_file = NULL;
30: options->server_key_bits = -1;
31: options->login_grace_time = -1;
32: options->key_regeneration_time = -1;
33: options->permit_root_login = -1;
34: options->ignore_rhosts = -1;
35: options->quiet_mode = -1;
36: options->fascist_logging = -1;
37: options->print_motd = -1;
38: options->x11_forwarding = -1;
1.2 deraadt 39: options->x11_display_offset = -1;
1.1 deraadt 40: options->strict_modes = -1;
41: options->keepalives = -1;
42: options->log_facility = (SyslogFacility)-1;
43: options->rhosts_authentication = -1;
44: options->rhosts_rsa_authentication = -1;
45: options->rsa_authentication = -1;
46: #ifdef KRB4
47: options->kerberos_authentication = -1;
48: options->kerberos_or_local_passwd = -1;
49: options->kerberos_ticket_cleanup = -1;
50: #endif
1.4 ! dugsong 51: #ifdef AFS
1.1 deraadt 52: options->kerberos_tgt_passing = -1;
53: options->afs_token_passing = -1;
54: #endif
55: options->password_authentication = -1;
56: options->permit_empty_passwd = -1;
57: options->num_allow_hosts = 0;
58: options->num_deny_hosts = 0;
59: }
60:
61: void fill_default_server_options(ServerOptions *options)
62: {
63: if (options->port == -1)
64: {
65: struct servent *sp;
66:
67: sp = getservbyname(SSH_SERVICE_NAME, "tcp");
68: if (sp)
69: options->port = ntohs(sp->s_port);
70: else
71: options->port = SSH_DEFAULT_PORT;
72: endservent();
73: }
74: if (options->host_key_file == NULL)
75: options->host_key_file = HOST_KEY_FILE;
76: if (options->random_seed_file == NULL)
77: options->random_seed_file = SSH_DAEMON_SEED_FILE;
78: if (options->server_key_bits == -1)
79: options->server_key_bits = 768;
80: if (options->login_grace_time == -1)
81: options->login_grace_time = 600;
82: if (options->key_regeneration_time == -1)
83: options->key_regeneration_time = 3600;
84: if (options->permit_root_login == -1)
85: options->permit_root_login = 1;
86: if (options->ignore_rhosts == -1)
87: options->ignore_rhosts = 0;
88: if (options->quiet_mode == -1)
89: options->quiet_mode = 0;
90: if (options->fascist_logging == -1)
91: options->fascist_logging = 1;
92: if (options->print_motd == -1)
93: options->print_motd = 1;
94: if (options->x11_forwarding == -1)
95: options->x11_forwarding = 1;
1.2 deraadt 96: if (options->x11_display_offset == -1)
97: options->x11_display_offset = 1;
1.1 deraadt 98: if (options->strict_modes == -1)
99: options->strict_modes = 1;
100: if (options->keepalives == -1)
101: options->keepalives = 1;
102: if (options->log_facility == (SyslogFacility)(-1))
103: options->log_facility = SYSLOG_FACILITY_DAEMON;
104: if (options->rhosts_authentication == -1)
105: options->rhosts_authentication = 0;
106: if (options->rhosts_rsa_authentication == -1)
107: options->rhosts_rsa_authentication = 1;
108: if (options->rsa_authentication == -1)
109: options->rsa_authentication = 1;
110: #ifdef KRB4
111: if (options->kerberos_authentication == -1)
112: options->kerberos_authentication = 1;
113: if (options->kerberos_or_local_passwd == -1)
114: options->kerberos_or_local_passwd = 0;
115: if (options->kerberos_ticket_cleanup == -1)
116: options->kerberos_ticket_cleanup = 1;
1.4 ! dugsong 117: #endif /* KRB4 */
! 118: #ifdef AFS
1.1 deraadt 119: if (options->kerberos_tgt_passing == -1)
120: options->kerberos_tgt_passing = 0;
121: if (options->afs_token_passing == -1)
122: options->afs_token_passing = 1;
1.4 ! dugsong 123: #endif /* AFS */
1.1 deraadt 124: if (options->password_authentication == -1)
125: options->password_authentication = 1;
126: if (options->permit_empty_passwd == -1)
127: options->permit_empty_passwd = 1;
128: }
129:
130: #define WHITESPACE " \t\r\n"
131:
132: /* Keyword tokens. */
133: typedef enum
134: {
135: sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
136: sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
137: sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
138: #ifdef KRB4
1.4 ! dugsong 139: sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
1.1 deraadt 140: #endif
141: #ifdef AFS
1.4 ! dugsong 142: sKerberosTgtPassing, sAFSTokenPassing,
1.1 deraadt 143: #endif
144: sPasswordAuthentication, sAllowHosts, sDenyHosts, sListenAddress,
1.2 deraadt 145: sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
1.1 deraadt 146: sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives
147: } ServerOpCodes;
148:
149: /* Textual representation of the tokens. */
150: static struct
151: {
152: const char *name;
153: ServerOpCodes opcode;
154: } keywords[] =
155: {
156: { "port", sPort },
157: { "hostkey", sHostKeyFile },
158: { "serverkeybits", sServerKeyBits },
159: { "logingracetime", sLoginGraceTime },
160: { "keyregenerationinterval", sKeyRegenerationTime },
161: { "permitrootlogin", sPermitRootLogin },
162: { "quietmode", sQuietMode },
163: { "fascistlogging", sFascistLogging },
164: { "syslogfacility", sLogFacility },
165: { "rhostsauthentication", sRhostsAuthentication },
166: { "rhostsrsaauthentication", sRhostsRSAAuthentication },
167: { "rsaauthentication", sRSAAuthentication },
168: #ifdef KRB4
169: { "kerberosauthentication", sKerberosAuthentication },
170: { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
171: { "kerberosticketcleanup", sKerberosTicketCleanup },
172: #endif
1.4 ! dugsong 173: #ifdef AFS
1.1 deraadt 174: { "kerberostgtpassing", sKerberosTgtPassing },
175: { "afstokenpassing", sAFSTokenPassing },
176: #endif
177: { "passwordauthentication", sPasswordAuthentication },
178: { "allowhosts", sAllowHosts },
179: { "denyhosts", sDenyHosts },
180: { "listenaddress", sListenAddress },
181: { "printmotd", sPrintMotd },
182: { "ignorerhosts", sIgnoreRhosts },
183: { "x11forwarding", sX11Forwarding },
1.2 deraadt 184: { "x11displayoffset", sX11DisplayOffset },
1.1 deraadt 185: { "strictmodes", sStrictModes },
186: { "permitemptypasswords", sEmptyPasswd },
187: { "randomseed", sRandomSeedFile },
188: { "keepalive", sKeepAlives },
189: { NULL, 0 }
190: };
191:
192: static struct
193: {
194: const char *name;
195: SyslogFacility facility;
196: } log_facilities[] =
197: {
198: { "DAEMON", SYSLOG_FACILITY_DAEMON },
199: { "USER", SYSLOG_FACILITY_USER },
200: { "AUTH", SYSLOG_FACILITY_AUTH },
201: { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
202: { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
203: { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
204: { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
205: { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
206: { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
207: { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
208: { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
209: { NULL, 0 }
210: };
211:
212: /* Returns the number of the token pointed to by cp of length len.
213: Never returns if the token is not known. */
214:
215: static ServerOpCodes parse_token(const char *cp, const char *filename,
216: int linenum)
217: {
218: unsigned int i;
219:
220: for (i = 0; keywords[i].name; i++)
221: if (strcmp(cp, keywords[i].name) == 0)
222: return keywords[i].opcode;
223:
224: fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
225: filename, linenum, cp);
226: exit(1);
227: }
228:
229: /* Reads the server configuration file. */
230:
231: void read_server_config(ServerOptions *options, const char *filename)
232: {
233: FILE *f;
234: char line[1024];
235: char *cp, **charptr;
236: int linenum, *intptr, i, value;
237: ServerOpCodes opcode;
238:
239: f = fopen(filename, "r");
240: if (!f)
241: {
242: perror(filename);
243: return;
244: }
245:
246: linenum = 0;
247: while (fgets(line, sizeof(line), f))
248: {
249: linenum++;
250: cp = line + strspn(line, WHITESPACE);
251: if (!*cp || *cp == '#')
252: continue;
253: cp = strtok(cp, WHITESPACE);
254: {
255: char *t = cp;
256: for (; *t != 0; t++)
257: if ('A' <= *t && *t <= 'Z')
258: *t = *t - 'A' + 'a'; /* tolower */
259:
260: }
261: opcode = parse_token(cp, filename, linenum);
262: switch (opcode)
263: {
264: case sPort:
265: intptr = &options->port;
266: parse_int:
267: cp = strtok(NULL, WHITESPACE);
268: if (!cp)
269: {
270: fprintf(stderr, "%s line %d: missing integer value.\n",
271: filename, linenum);
272: exit(1);
273: }
274: value = atoi(cp);
275: if (*intptr == -1)
276: *intptr = value;
277: break;
278:
279: case sServerKeyBits:
280: intptr = &options->server_key_bits;
281: goto parse_int;
282:
283: case sLoginGraceTime:
284: intptr = &options->login_grace_time;
285: goto parse_int;
286:
287: case sKeyRegenerationTime:
288: intptr = &options->key_regeneration_time;
289: goto parse_int;
290:
291: case sListenAddress:
292: cp = strtok(NULL, WHITESPACE);
293: if (!cp)
294: {
295: fprintf(stderr, "%s line %d: missing inet addr.\n",
296: filename, linenum);
297: exit(1);
298: }
299: #ifdef BROKEN_INET_ADDR
300: options->listen_addr.s_addr = inet_network(cp);
301: #else /* BROKEN_INET_ADDR */
302: options->listen_addr.s_addr = inet_addr(cp);
303: #endif /* BROKEN_INET_ADDR */
304: break;
305:
306: case sHostKeyFile:
307: charptr = &options->host_key_file;
308: parse_pathname:
309: cp = strtok(NULL, WHITESPACE);
310: if (!cp)
311: {
312: fprintf(stderr, "%s line %d: missing file name.\n",
313: filename, linenum);
314: exit(1);
315: }
316: if (*charptr == NULL)
317: *charptr = tilde_expand_filename(cp, getuid());
318: break;
319:
320: case sRandomSeedFile:
321: charptr = &options->random_seed_file;
322: goto parse_pathname;
323:
324: case sPermitRootLogin:
325: intptr = &options->permit_root_login;
326: parse_flag:
327: cp = strtok(NULL, WHITESPACE);
328: if (!cp)
329: {
330: fprintf(stderr, "%s line %d: missing yes/no argument.\n",
331: filename, linenum);
332: exit(1);
333: }
334: if (strcmp(cp, "yes") == 0)
335: value = 1;
336: else
337: if (strcmp(cp, "no") == 0)
338: value = 0;
339: else
340: {
341: fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
342: filename, linenum, cp);
343: exit(1);
344: }
345: if (*intptr == -1)
346: *intptr = value;
347: break;
348:
349: case sIgnoreRhosts:
350: intptr = &options->ignore_rhosts;
351: goto parse_flag;
352:
353: case sQuietMode:
354: intptr = &options->quiet_mode;
355: goto parse_flag;
356:
357: case sFascistLogging:
358: intptr = &options->fascist_logging;
359: goto parse_flag;
360:
361: case sRhostsAuthentication:
362: intptr = &options->rhosts_authentication;
363: goto parse_flag;
364:
365: case sRhostsRSAAuthentication:
366: intptr = &options->rhosts_rsa_authentication;
367: goto parse_flag;
368:
369: case sRSAAuthentication:
370: intptr = &options->rsa_authentication;
371: goto parse_flag;
372:
373: #ifdef KRB4
374: case sKerberosAuthentication:
375: intptr = &options->kerberos_authentication;
376: goto parse_flag;
377:
378: case sKerberosOrLocalPasswd:
379: intptr = &options->kerberos_or_local_passwd;
380: goto parse_flag;
381:
382: case sKerberosTicketCleanup:
383: intptr = &options->kerberos_ticket_cleanup;
384: goto parse_flag;
385: #endif
386:
1.4 ! dugsong 387: #ifdef AFS
1.1 deraadt 388: case sKerberosTgtPassing:
389: intptr = &options->kerberos_tgt_passing;
390: goto parse_flag;
391:
392: case sAFSTokenPassing:
393: intptr = &options->afs_token_passing;
394: goto parse_flag;
395: #endif
396:
397: case sPasswordAuthentication:
398: intptr = &options->password_authentication;
399: goto parse_flag;
400:
401: case sPrintMotd:
402: intptr = &options->print_motd;
403: goto parse_flag;
404:
405: case sX11Forwarding:
406: intptr = &options->x11_forwarding;
407: goto parse_flag;
1.2 deraadt 408:
409: case sX11DisplayOffset:
410: intptr = &options->x11_display_offset;
411: goto parse_int;
1.1 deraadt 412:
413: case sStrictModes:
414: intptr = &options->strict_modes;
415: goto parse_flag;
416:
417: case sKeepAlives:
418: intptr = &options->keepalives;
419: goto parse_flag;
420:
421: case sEmptyPasswd:
422: intptr = &options->permit_empty_passwd;
423: goto parse_flag;
424:
425: case sLogFacility:
426: cp = strtok(NULL, WHITESPACE);
427: if (!cp)
428: {
429: fprintf(stderr, "%s line %d: missing facility name.\n",
430: filename, linenum);
431: exit(1);
432: }
433: for (i = 0; log_facilities[i].name; i++)
434: if (strcmp(log_facilities[i].name, cp) == 0)
435: break;
436: if (!log_facilities[i].name)
437: {
438: fprintf(stderr, "%s line %d: unsupported log facility %s\n",
439: filename, linenum, cp);
440: exit(1);
441: }
442: if (options->log_facility == (SyslogFacility)(-1))
443: options->log_facility = log_facilities[i].facility;
444: break;
445:
446: case sAllowHosts:
447: while ((cp = strtok(NULL, WHITESPACE)))
448: {
449: if (options->num_allow_hosts >= MAX_ALLOW_HOSTS)
450: {
451: fprintf(stderr, "%s line %d: too many allow hosts.\n",
452: filename, linenum);
453: exit(1);
454: }
455: options->allow_hosts[options->num_allow_hosts++] = xstrdup(cp);
456: }
457: break;
458:
459: case sDenyHosts:
460: while ((cp = strtok(NULL, WHITESPACE)))
461: {
462: if (options->num_deny_hosts >= MAX_DENY_HOSTS)
463: {
464: fprintf(stderr, "%s line %d: too many deny hosts.\n",
465: filename, linenum);
466: exit(1);
467: }
468: options->deny_hosts[options->num_deny_hosts++] = xstrdup(cp);
469: }
470: break;
471:
472: default:
473: fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
474: filename, linenum, cp, opcode);
475: exit(1);
476: }
477: if (strtok(NULL, WHITESPACE) != NULL)
478: {
479: fprintf(stderr, "%s line %d: garbage at end of line.\n",
480: filename, linenum);
481: exit(1);
482: }
483: }
484: fclose(f);
485: }