Annotation of src/usr.bin/ssh/servconf.c, Revision 1.8
1.1 deraadt 1: /*
2:
3: servconf.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Mon Aug 21 15:48:58 1995 ylo
11:
12: */
13:
14: #include "includes.h"
1.8 ! deraadt 15: RCSID("$Id: servconf.c,v 1.7 1999/10/01 02:38:09 provos Exp $");
1.1 deraadt 16:
17: #include "ssh.h"
18: #include "servconf.h"
19: #include "xmalloc.h"
20:
21: /* Initializes the server options to their default values. */
22:
23: void initialize_server_options(ServerOptions *options)
24: {
25: memset(options, 0, sizeof(*options));
26: options->port = -1;
1.3 deraadt 27: options->listen_addr.s_addr = htonl(INADDR_ANY);
1.1 deraadt 28: options->host_key_file = NULL;
29: options->server_key_bits = -1;
30: options->login_grace_time = -1;
31: options->key_regeneration_time = -1;
32: options->permit_root_login = -1;
33: options->ignore_rhosts = -1;
34: options->quiet_mode = -1;
35: options->fascist_logging = -1;
36: options->print_motd = -1;
37: options->x11_forwarding = -1;
1.2 deraadt 38: options->x11_display_offset = -1;
1.1 deraadt 39: options->strict_modes = -1;
40: options->keepalives = -1;
41: options->log_facility = (SyslogFacility)-1;
42: options->rhosts_authentication = -1;
43: options->rhosts_rsa_authentication = -1;
44: options->rsa_authentication = -1;
45: #ifdef KRB4
46: options->kerberos_authentication = -1;
47: options->kerberos_or_local_passwd = -1;
48: options->kerberos_ticket_cleanup = -1;
49: #endif
1.4 dugsong 50: #ifdef AFS
1.1 deraadt 51: options->kerberos_tgt_passing = -1;
52: options->afs_token_passing = -1;
53: #endif
54: options->password_authentication = -1;
55: options->permit_empty_passwd = -1;
56: options->num_allow_hosts = 0;
57: options->num_deny_hosts = 0;
58: }
59:
60: void fill_default_server_options(ServerOptions *options)
61: {
62: if (options->port == -1)
63: {
64: struct servent *sp;
65:
66: sp = getservbyname(SSH_SERVICE_NAME, "tcp");
67: if (sp)
68: options->port = ntohs(sp->s_port);
69: else
70: options->port = SSH_DEFAULT_PORT;
71: endservent();
72: }
73: if (options->host_key_file == NULL)
74: options->host_key_file = HOST_KEY_FILE;
75: if (options->server_key_bits == -1)
76: options->server_key_bits = 768;
77: if (options->login_grace_time == -1)
78: options->login_grace_time = 600;
79: if (options->key_regeneration_time == -1)
80: options->key_regeneration_time = 3600;
81: if (options->permit_root_login == -1)
82: options->permit_root_login = 1;
83: if (options->ignore_rhosts == -1)
84: options->ignore_rhosts = 0;
85: if (options->quiet_mode == -1)
86: options->quiet_mode = 0;
87: if (options->fascist_logging == -1)
88: options->fascist_logging = 1;
89: if (options->print_motd == -1)
90: options->print_motd = 1;
91: if (options->x11_forwarding == -1)
92: options->x11_forwarding = 1;
1.2 deraadt 93: if (options->x11_display_offset == -1)
94: options->x11_display_offset = 1;
1.1 deraadt 95: if (options->strict_modes == -1)
96: options->strict_modes = 1;
97: if (options->keepalives == -1)
98: options->keepalives = 1;
99: if (options->log_facility == (SyslogFacility)(-1))
100: options->log_facility = SYSLOG_FACILITY_DAEMON;
101: if (options->rhosts_authentication == -1)
102: options->rhosts_authentication = 0;
103: if (options->rhosts_rsa_authentication == -1)
104: options->rhosts_rsa_authentication = 1;
105: if (options->rsa_authentication == -1)
106: options->rsa_authentication = 1;
107: #ifdef KRB4
108: if (options->kerberos_authentication == -1)
1.5 dugsong 109: options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
1.1 deraadt 110: if (options->kerberos_or_local_passwd == -1)
111: options->kerberos_or_local_passwd = 0;
112: if (options->kerberos_ticket_cleanup == -1)
113: options->kerberos_ticket_cleanup = 1;
1.4 dugsong 114: #endif /* KRB4 */
115: #ifdef AFS
1.1 deraadt 116: if (options->kerberos_tgt_passing == -1)
117: options->kerberos_tgt_passing = 0;
118: if (options->afs_token_passing == -1)
1.5 dugsong 119: options->afs_token_passing = k_hasafs();
1.4 dugsong 120: #endif /* AFS */
1.1 deraadt 121: if (options->password_authentication == -1)
122: options->password_authentication = 1;
123: if (options->permit_empty_passwd == -1)
124: options->permit_empty_passwd = 1;
125: }
126:
127: #define WHITESPACE " \t\r\n"
128:
129: /* Keyword tokens. */
130: typedef enum
131: {
132: sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
133: sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
134: sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
135: #ifdef KRB4
1.4 dugsong 136: sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
1.1 deraadt 137: #endif
138: #ifdef AFS
1.4 dugsong 139: sKerberosTgtPassing, sAFSTokenPassing,
1.1 deraadt 140: #endif
141: sPasswordAuthentication, sAllowHosts, sDenyHosts, sListenAddress,
1.2 deraadt 142: sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
1.1 deraadt 143: sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives
144: } ServerOpCodes;
145:
146: /* Textual representation of the tokens. */
147: static struct
148: {
149: const char *name;
150: ServerOpCodes opcode;
151: } keywords[] =
152: {
153: { "port", sPort },
154: { "hostkey", sHostKeyFile },
155: { "serverkeybits", sServerKeyBits },
156: { "logingracetime", sLoginGraceTime },
157: { "keyregenerationinterval", sKeyRegenerationTime },
158: { "permitrootlogin", sPermitRootLogin },
159: { "quietmode", sQuietMode },
160: { "fascistlogging", sFascistLogging },
161: { "syslogfacility", sLogFacility },
162: { "rhostsauthentication", sRhostsAuthentication },
163: { "rhostsrsaauthentication", sRhostsRSAAuthentication },
164: { "rsaauthentication", sRSAAuthentication },
165: #ifdef KRB4
166: { "kerberosauthentication", sKerberosAuthentication },
167: { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
168: { "kerberosticketcleanup", sKerberosTicketCleanup },
169: #endif
1.4 dugsong 170: #ifdef AFS
1.1 deraadt 171: { "kerberostgtpassing", sKerberosTgtPassing },
172: { "afstokenpassing", sAFSTokenPassing },
173: #endif
174: { "passwordauthentication", sPasswordAuthentication },
175: { "allowhosts", sAllowHosts },
176: { "denyhosts", sDenyHosts },
177: { "listenaddress", sListenAddress },
178: { "printmotd", sPrintMotd },
179: { "ignorerhosts", sIgnoreRhosts },
180: { "x11forwarding", sX11Forwarding },
1.2 deraadt 181: { "x11displayoffset", sX11DisplayOffset },
1.1 deraadt 182: { "strictmodes", sStrictModes },
183: { "permitemptypasswords", sEmptyPasswd },
184: { "randomseed", sRandomSeedFile },
185: { "keepalive", sKeepAlives },
186: { NULL, 0 }
187: };
188:
189: static struct
190: {
191: const char *name;
192: SyslogFacility facility;
193: } log_facilities[] =
194: {
195: { "DAEMON", SYSLOG_FACILITY_DAEMON },
196: { "USER", SYSLOG_FACILITY_USER },
197: { "AUTH", SYSLOG_FACILITY_AUTH },
198: { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
199: { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
200: { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
201: { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
202: { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
203: { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
204: { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
205: { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
206: { NULL, 0 }
207: };
208:
209: /* Returns the number of the token pointed to by cp of length len.
210: Never returns if the token is not known. */
211:
212: static ServerOpCodes parse_token(const char *cp, const char *filename,
213: int linenum)
214: {
215: unsigned int i;
216:
217: for (i = 0; keywords[i].name; i++)
218: if (strcmp(cp, keywords[i].name) == 0)
219: return keywords[i].opcode;
220:
221: fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
222: filename, linenum, cp);
223: exit(1);
224: }
225:
226: /* Reads the server configuration file. */
227:
228: void read_server_config(ServerOptions *options, const char *filename)
229: {
230: FILE *f;
231: char line[1024];
232: char *cp, **charptr;
233: int linenum, *intptr, i, value;
234: ServerOpCodes opcode;
235:
236: f = fopen(filename, "r");
237: if (!f)
238: {
239: perror(filename);
240: return;
241: }
242:
243: linenum = 0;
244: while (fgets(line, sizeof(line), f))
245: {
246: linenum++;
247: cp = line + strspn(line, WHITESPACE);
248: if (!*cp || *cp == '#')
249: continue;
250: cp = strtok(cp, WHITESPACE);
251: {
252: char *t = cp;
253: for (; *t != 0; t++)
254: if ('A' <= *t && *t <= 'Z')
255: *t = *t - 'A' + 'a'; /* tolower */
256:
257: }
258: opcode = parse_token(cp, filename, linenum);
259: switch (opcode)
260: {
261: case sPort:
262: intptr = &options->port;
263: parse_int:
264: cp = strtok(NULL, WHITESPACE);
265: if (!cp)
266: {
267: fprintf(stderr, "%s line %d: missing integer value.\n",
268: filename, linenum);
269: exit(1);
270: }
271: value = atoi(cp);
272: if (*intptr == -1)
273: *intptr = value;
274: break;
275:
276: case sServerKeyBits:
277: intptr = &options->server_key_bits;
278: goto parse_int;
279:
280: case sLoginGraceTime:
281: intptr = &options->login_grace_time;
282: goto parse_int;
283:
284: case sKeyRegenerationTime:
285: intptr = &options->key_regeneration_time;
286: goto parse_int;
287:
288: case sListenAddress:
289: cp = strtok(NULL, WHITESPACE);
290: if (!cp)
291: {
292: fprintf(stderr, "%s line %d: missing inet addr.\n",
293: filename, linenum);
294: exit(1);
295: }
296: options->listen_addr.s_addr = inet_addr(cp);
297: break;
298:
299: case sHostKeyFile:
300: charptr = &options->host_key_file;
301: parse_pathname:
302: cp = strtok(NULL, WHITESPACE);
303: if (!cp)
304: {
305: fprintf(stderr, "%s line %d: missing file name.\n",
306: filename, linenum);
307: exit(1);
308: }
309: if (*charptr == NULL)
310: *charptr = tilde_expand_filename(cp, getuid());
311: break;
312:
313: case sRandomSeedFile:
1.8 ! deraadt 314: fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
1.7 provos 315: filename, linenum);
316: cp = strtok(NULL, WHITESPACE);
317: break;
1.1 deraadt 318:
319: case sPermitRootLogin:
320: intptr = &options->permit_root_login;
321: parse_flag:
322: cp = strtok(NULL, WHITESPACE);
323: if (!cp)
324: {
325: fprintf(stderr, "%s line %d: missing yes/no argument.\n",
326: filename, linenum);
327: exit(1);
328: }
329: if (strcmp(cp, "yes") == 0)
330: value = 1;
331: else
332: if (strcmp(cp, "no") == 0)
333: value = 0;
334: else
335: {
336: fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
337: filename, linenum, cp);
338: exit(1);
339: }
340: if (*intptr == -1)
341: *intptr = value;
342: break;
343:
344: case sIgnoreRhosts:
345: intptr = &options->ignore_rhosts;
346: goto parse_flag;
347:
348: case sQuietMode:
349: intptr = &options->quiet_mode;
350: goto parse_flag;
351:
352: case sFascistLogging:
353: intptr = &options->fascist_logging;
354: goto parse_flag;
355:
356: case sRhostsAuthentication:
357: intptr = &options->rhosts_authentication;
358: goto parse_flag;
359:
360: case sRhostsRSAAuthentication:
361: intptr = &options->rhosts_rsa_authentication;
362: goto parse_flag;
363:
364: case sRSAAuthentication:
365: intptr = &options->rsa_authentication;
366: goto parse_flag;
367:
368: #ifdef KRB4
369: case sKerberosAuthentication:
370: intptr = &options->kerberos_authentication;
371: goto parse_flag;
372:
373: case sKerberosOrLocalPasswd:
374: intptr = &options->kerberos_or_local_passwd;
375: goto parse_flag;
376:
377: case sKerberosTicketCleanup:
378: intptr = &options->kerberos_ticket_cleanup;
379: goto parse_flag;
380: #endif
381:
1.4 dugsong 382: #ifdef AFS
1.1 deraadt 383: case sKerberosTgtPassing:
384: intptr = &options->kerberos_tgt_passing;
385: goto parse_flag;
386:
387: case sAFSTokenPassing:
388: intptr = &options->afs_token_passing;
389: goto parse_flag;
390: #endif
391:
392: case sPasswordAuthentication:
393: intptr = &options->password_authentication;
394: goto parse_flag;
395:
396: case sPrintMotd:
397: intptr = &options->print_motd;
398: goto parse_flag;
399:
400: case sX11Forwarding:
401: intptr = &options->x11_forwarding;
402: goto parse_flag;
1.2 deraadt 403:
404: case sX11DisplayOffset:
405: intptr = &options->x11_display_offset;
406: goto parse_int;
1.1 deraadt 407:
408: case sStrictModes:
409: intptr = &options->strict_modes;
410: goto parse_flag;
411:
412: case sKeepAlives:
413: intptr = &options->keepalives;
414: goto parse_flag;
415:
416: case sEmptyPasswd:
417: intptr = &options->permit_empty_passwd;
418: goto parse_flag;
419:
420: case sLogFacility:
421: cp = strtok(NULL, WHITESPACE);
422: if (!cp)
423: {
424: fprintf(stderr, "%s line %d: missing facility name.\n",
425: filename, linenum);
426: exit(1);
427: }
428: for (i = 0; log_facilities[i].name; i++)
429: if (strcmp(log_facilities[i].name, cp) == 0)
430: break;
431: if (!log_facilities[i].name)
432: {
433: fprintf(stderr, "%s line %d: unsupported log facility %s\n",
434: filename, linenum, cp);
435: exit(1);
436: }
437: if (options->log_facility == (SyslogFacility)(-1))
438: options->log_facility = log_facilities[i].facility;
439: break;
440:
441: case sAllowHosts:
442: while ((cp = strtok(NULL, WHITESPACE)))
443: {
444: if (options->num_allow_hosts >= MAX_ALLOW_HOSTS)
445: {
446: fprintf(stderr, "%s line %d: too many allow hosts.\n",
447: filename, linenum);
448: exit(1);
449: }
450: options->allow_hosts[options->num_allow_hosts++] = xstrdup(cp);
451: }
452: break;
453:
454: case sDenyHosts:
455: while ((cp = strtok(NULL, WHITESPACE)))
456: {
457: if (options->num_deny_hosts >= MAX_DENY_HOSTS)
458: {
459: fprintf(stderr, "%s line %d: too many deny hosts.\n",
460: filename, linenum);
461: exit(1);
462: }
463: options->deny_hosts[options->num_deny_hosts++] = xstrdup(cp);
464: }
465: break;
466:
467: default:
468: fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
469: filename, linenum, cp, opcode);
470: exit(1);
471: }
472: if (strtok(NULL, WHITESPACE) != NULL)
473: {
474: fprintf(stderr, "%s line %d: garbage at end of line.\n",
475: filename, linenum);
476: exit(1);
477: }
478: }
479: fclose(f);
480: }