summaryrefslogtreecommitdiff
path: root/other/ssharp/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'other/ssharp/servconf.c')
-rw-r--r--other/ssharp/servconf.c817
1 files changed, 817 insertions, 0 deletions
diff --git a/other/ssharp/servconf.c b/other/ssharp/servconf.c
new file mode 100644
index 0000000..73c07c2
--- /dev/null
+++ b/other/ssharp/servconf.c
@@ -0,0 +1,817 @@
1/*
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 */
11
12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.78 2001/04/15 21:28:35 stevesk Exp $");
14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
21
22#include "ssh.h"
23#include "log.h"
24#include "servconf.h"
25#include "xmalloc.h"
26#include "compat.h"
27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
31#include "kex.h"
32#include "mac.h"
33
34void add_listen_addr(ServerOptions *options, char *addr, u_short port);
35void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
36
37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
40/* Initializes the server options to their default values. */
41
42void
43initialize_server_options(ServerOptions *options)
44{
45 memset(options, 0, sizeof(*options));
46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
49 options->num_host_key_files = 0;
50 options->pid_file = NULL;
51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
54 options->permit_root_login = PERMIT_NOT_SET;
55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
58 options->print_lastlog = -1;
59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
62 options->xauth_location = NULL;
63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
71 options->rsa_authentication = -1;
72 options->pubkey_authentication = -1;
73#ifdef KRB4
74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
77#endif
78#ifdef AFS
79 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
81#endif
82 options->password_authentication = -1;
83 options->kbd_interactive_authentication = -1;
84 options->challenge_reponse_authentication = -1;
85 options->permit_empty_passwd = -1;
86 options->use_login = -1;
87 options->allow_tcp_forwarding = -1;
88 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
92 options->ciphers = NULL;
93 options->macs = NULL;
94 options->protocol = SSH_PROTO_UNKNOWN;
95 options->gateway_ports = -1;
96 options->num_subsystems = 0;
97 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
99 options->max_startups = -1;
100 options->banner = NULL;
101 options->reverse_mapping_check = -1;
102 options->client_alive_interval = -1;
103 options->client_alive_count_max = -1;
104 options->pam_authentication_via_kbd_int = -1;
105}
106
107void
108fill_default_server_options(ServerOptions *options)
109{
110 if (options->protocol == SSH_PROTO_UNKNOWN)
111 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
112 if (options->num_host_key_files == 0) {
113 /* fill default hostkeys for protocols */
114 if (options->protocol & SSH_PROTO_1)
115 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
116 if (options->protocol & SSH_PROTO_2)
117 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
118 }
119 if (options->num_ports == 0)
120 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
121 if (options->listen_addrs == NULL)
122 add_listen_addr(options, NULL, 0);
123 if (options->pid_file == NULL)
124 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
125 if (options->server_key_bits == -1)
126 options->server_key_bits = 768;
127 if (options->login_grace_time == -1)
128 options->login_grace_time = 600;
129 if (options->key_regeneration_time == -1)
130 options->key_regeneration_time = 3600;
131 if (options->permit_root_login == PERMIT_NOT_SET)
132 options->permit_root_login = PERMIT_YES;
133 if (options->ignore_rhosts == -1)
134 options->ignore_rhosts = 1;
135 if (options->ignore_user_known_hosts == -1)
136 options->ignore_user_known_hosts = 0;
137 if (options->check_mail == -1)
138 options->check_mail = 0;
139 if (options->print_motd == -1)
140 options->print_motd = 1;
141 if (options->print_lastlog == -1)
142 options->print_lastlog = 1;
143 if (options->x11_forwarding == -1)
144 options->x11_forwarding = 0;
145 if (options->x11_display_offset == -1)
146 options->x11_display_offset = 10;
147#ifdef XAUTH_PATH
148 if (options->xauth_location == NULL)
149 options->xauth_location = XAUTH_PATH;
150#endif /* XAUTH_PATH */
151 if (options->strict_modes == -1)
152 options->strict_modes = 1;
153 if (options->keepalives == -1)
154 options->keepalives = 1;
155 if (options->log_facility == (SyslogFacility) (-1))
156 options->log_facility = SYSLOG_FACILITY_AUTH;
157 if (options->log_level == (LogLevel) (-1))
158 options->log_level = SYSLOG_LEVEL_INFO;
159 if (options->rhosts_authentication == -1)
160 options->rhosts_authentication = 0;
161 if (options->rhosts_rsa_authentication == -1)
162 options->rhosts_rsa_authentication = 0;
163 if (options->hostbased_authentication == -1)
164 options->hostbased_authentication = 0;
165 if (options->hostbased_uses_name_from_packet_only == -1)
166 options->hostbased_uses_name_from_packet_only = 0;
167 if (options->rsa_authentication == -1)
168 options->rsa_authentication = 1;
169 if (options->pubkey_authentication == -1)
170 options->pubkey_authentication = 1;
171#ifdef KRB4
172 if (options->kerberos_authentication == -1)
173 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
174 if (options->kerberos_or_local_passwd == -1)
175 options->kerberos_or_local_passwd = 1;
176 if (options->kerberos_ticket_cleanup == -1)
177 options->kerberos_ticket_cleanup = 1;
178#endif /* KRB4 */
179#ifdef AFS
180 if (options->kerberos_tgt_passing == -1)
181 options->kerberos_tgt_passing = 0;
182 if (options->afs_token_passing == -1)
183 options->afs_token_passing = k_hasafs();
184#endif /* AFS */
185 if (options->password_authentication == -1)
186 options->password_authentication = 1;
187 if (options->kbd_interactive_authentication == -1)
188 options->kbd_interactive_authentication = 0;
189 if (options->challenge_reponse_authentication == -1)
190 options->challenge_reponse_authentication = 1;
191 if (options->permit_empty_passwd == -1)
192 options->permit_empty_passwd = 0;
193 if (options->use_login == -1)
194 options->use_login = 0;
195 if (options->allow_tcp_forwarding == -1)
196 options->allow_tcp_forwarding = 1;
197 if (options->gateway_ports == -1)
198 options->gateway_ports = 0;
199 if (options->max_startups == -1)
200 options->max_startups = 10;
201 if (options->max_startups_rate == -1)
202 options->max_startups_rate = 100; /* 100% */
203 if (options->max_startups_begin == -1)
204 options->max_startups_begin = options->max_startups;
205 if (options->reverse_mapping_check == -1)
206 options->reverse_mapping_check = 0;
207 if (options->client_alive_interval == -1)
208 options->client_alive_interval = 0;
209 if (options->client_alive_count_max == -1)
210 options->client_alive_count_max = 3;
211 if (options->pam_authentication_via_kbd_int == -1)
212 options->pam_authentication_via_kbd_int = 0;
213}
214
215/* Keyword tokens. */
216typedef enum {
217 sBadOption, /* == unknown option */
218 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
219 sPermitRootLogin, sLogFacility, sLogLevel,
220 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
221#ifdef KRB4
222 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
223#endif
224#ifdef AFS
225 sKerberosTgtPassing, sAFSTokenPassing,
226#endif
227 sChallengeResponseAuthentication,
228 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
229 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
230 sX11Forwarding, sX11DisplayOffset,
231 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
232 sUseLogin, sAllowTcpForwarding,
233 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
234 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
235 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
236 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
237 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
238 sClientAliveCountMax, sPAMAuthenticationViaKbdInt
239} ServerOpCodes;
240
241/* Textual representation of the tokens. */
242static struct {
243 const char *name;
244 ServerOpCodes opcode;
245} keywords[] = {
246 { "port", sPort },
247 { "hostkey", sHostKeyFile },
248 { "hostdsakey", sHostKeyFile }, /* alias */
249 { "pidfile", sPidFile },
250 { "serverkeybits", sServerKeyBits },
251 { "logingracetime", sLoginGraceTime },
252 { "keyregenerationinterval", sKeyRegenerationTime },
253 { "permitrootlogin", sPermitRootLogin },
254 { "syslogfacility", sLogFacility },
255 { "loglevel", sLogLevel },
256 { "rhostsauthentication", sRhostsAuthentication },
257 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
258 { "hostbasedauthentication", sHostbasedAuthentication },
259 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
260 { "rsaauthentication", sRSAAuthentication },
261 { "pubkeyauthentication", sPubkeyAuthentication },
262 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
263#ifdef KRB4
264 { "kerberosauthentication", sKerberosAuthentication },
265 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
266 { "kerberosticketcleanup", sKerberosTicketCleanup },
267#endif
268#ifdef AFS
269 { "kerberostgtpassing", sKerberosTgtPassing },
270 { "afstokenpassing", sAFSTokenPassing },
271#endif
272 { "passwordauthentication", sPasswordAuthentication },
273 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
274 { "challengeresponseauthentication", sChallengeResponseAuthentication },
275 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
276 { "checkmail", sCheckMail },
277 { "listenaddress", sListenAddress },
278 { "printmotd", sPrintMotd },
279 { "printlastlog", sPrintLastLog },
280 { "ignorerhosts", sIgnoreRhosts },
281 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
282 { "x11forwarding", sX11Forwarding },
283 { "x11displayoffset", sX11DisplayOffset },
284 { "xauthlocation", sXAuthLocation },
285 { "strictmodes", sStrictModes },
286 { "permitemptypasswords", sEmptyPasswd },
287 { "uselogin", sUseLogin },
288 { "keepalive", sKeepAlives },
289 { "allowtcpforwarding", sAllowTcpForwarding },
290 { "allowusers", sAllowUsers },
291 { "denyusers", sDenyUsers },
292 { "allowgroups", sAllowGroups },
293 { "denygroups", sDenyGroups },
294 { "ciphers", sCiphers },
295 { "macs", sMacs },
296 { "protocol", sProtocol },
297 { "gatewayports", sGatewayPorts },
298 { "subsystem", sSubsystem },
299 { "maxstartups", sMaxStartups },
300 { "banner", sBanner },
301 { "reversemappingcheck", sReverseMappingCheck },
302 { "clientaliveinterval", sClientAliveInterval },
303 { "clientalivecountmax", sClientAliveCountMax },
304 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
305 { NULL, 0 }
306};
307
308/*
309 * Returns the number of the token pointed to by cp or sBadOption.
310 */
311
312static ServerOpCodes
313parse_token(const char *cp, const char *filename,
314 int linenum)
315{
316 u_int i;
317
318 for (i = 0; keywords[i].name; i++)
319 if (strcasecmp(cp, keywords[i].name) == 0)
320 return keywords[i].opcode;
321
322 error("%s: line %d: Bad configuration option: %s",
323 filename, linenum, cp);
324 return sBadOption;
325}
326
327void
328add_listen_addr(ServerOptions *options, char *addr, u_short port)
329{
330 int i;
331
332 if (options->num_ports == 0)
333 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
334 if (port == 0)
335 for (i = 0; i < options->num_ports; i++)
336 add_one_listen_addr(options, addr, options->ports[i]);
337 else
338 add_one_listen_addr(options, addr, port);
339}
340
341void
342add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
343{
344 struct addrinfo hints, *ai, *aitop;
345 char strport[NI_MAXSERV];
346 int gaierr;
347
348 memset(&hints, 0, sizeof(hints));
349 hints.ai_family = IPv4or6;
350 hints.ai_socktype = SOCK_STREAM;
351 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
352 snprintf(strport, sizeof strport, "%d", port);
353 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
354 fatal("bad addr or host: %s (%s)",
355 addr ? addr : "<NULL>",
356 gai_strerror(gaierr));
357 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
358 ;
359 ai->ai_next = options->listen_addrs;
360 options->listen_addrs = aitop;
361}
362
363/* Reads the server configuration file. */
364
365void
366read_server_config(ServerOptions *options, const char *filename)
367{
368 FILE *f;
369 char line[1024];
370 char *cp, **charptr, *arg, *p;
371 int linenum, *intptr, value;
372 int bad_options = 0;
373 ServerOpCodes opcode;
374 int i;
375
376 f = fopen(filename, "r");
377 if (!f) {
378 perror(filename);
379 exit(1);
380 }
381 linenum = 0;
382 while (fgets(line, sizeof(line), f)) {
383 linenum++;
384 cp = line;
385 arg = strdelim(&cp);
386 /* Ignore leading whitespace */
387 if (*arg == '\0')
388 arg = strdelim(&cp);
389 if (!arg || !*arg || *arg == '#')
390 continue;
391 intptr = NULL;
392 charptr = NULL;
393 opcode = parse_token(arg, filename, linenum);
394 switch (opcode) {
395 case sBadOption:
396 bad_options++;
397 continue;
398 case sPort:
399 /* ignore ports from configfile if cmdline specifies ports */
400 if (options->ports_from_cmdline)
401 continue;
402 if (options->listen_addrs != NULL)
403 fatal("%s line %d: ports must be specified before "
404 "ListenAdress.\n", filename, linenum);
405 if (options->num_ports >= MAX_PORTS)
406 fatal("%s line %d: too many ports.",
407 filename, linenum);
408 arg = strdelim(&cp);
409 if (!arg || *arg == '\0')
410 fatal("%s line %d: missing port number.",
411 filename, linenum);
412 options->ports[options->num_ports++] = a2port(arg);
413 if (options->ports[options->num_ports-1] == 0)
414 fatal("%s line %d: Badly formatted port number.",
415 filename, linenum);
416 break;
417
418 case sServerKeyBits:
419 intptr = &options->server_key_bits;
420parse_int:
421 arg = strdelim(&cp);
422 if (!arg || *arg == '\0')
423 fatal("%s line %d: missing integer value.",
424 filename, linenum);
425 value = atoi(arg);
426 if (*intptr == -1)
427 *intptr = value;
428 break;
429
430 case sLoginGraceTime:
431 intptr = &options->login_grace_time;
432 goto parse_int;
433
434 case sKeyRegenerationTime:
435 intptr = &options->key_regeneration_time;
436 goto parse_int;
437
438 case sListenAddress:
439 arg = strdelim(&cp);
440 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
441 fatal("%s line %d: missing inet addr.",
442 filename, linenum);
443 if (*arg == '[') {
444 if ((p = strchr(arg, ']')) == NULL)
445 fatal("%s line %d: bad ipv6 inet addr usage.",
446 filename, linenum);
447 arg++;
448 memmove(p, p+1, strlen(p+1)+1);
449 } else if (((p = strchr(arg, ':')) == NULL) ||
450 (strchr(p+1, ':') != NULL)) {
451 add_listen_addr(options, arg, 0);
452 break;
453 }
454 if (*p == ':') {
455 u_short port;
456
457 p++;
458 if (*p == '\0')
459 fatal("%s line %d: bad inet addr:port usage.",
460 filename, linenum);
461 else {
462 *(p-1) = '\0';
463 if ((port = a2port(p)) == 0)
464 fatal("%s line %d: bad port number.",
465 filename, linenum);
466 add_listen_addr(options, arg, port);
467 }
468 } else if (*p == '\0')
469 add_listen_addr(options, arg, 0);
470 else
471 fatal("%s line %d: bad inet addr usage.",
472 filename, linenum);
473 break;
474
475 case sHostKeyFile:
476 intptr = &options->num_host_key_files;
477 if (*intptr >= MAX_HOSTKEYS)
478 fatal("%s line %d: too many host keys specified (max %d).",
479 filename, linenum, MAX_HOSTKEYS);
480 charptr = &options->host_key_files[*intptr];
481parse_filename:
482 arg = strdelim(&cp);
483 if (!arg || *arg == '\0')
484 fatal("%s line %d: missing file name.",
485 filename, linenum);
486 if (*charptr == NULL) {
487 *charptr = tilde_expand_filename(arg, getuid());
488 /* increase optional counter */
489 if (intptr != NULL)
490 *intptr = *intptr + 1;
491 }
492 break;
493
494 case sPidFile:
495 charptr = &options->pid_file;
496 goto parse_filename;
497
498 case sPermitRootLogin:
499 intptr = &options->permit_root_login;
500 arg = strdelim(&cp);
501 if (!arg || *arg == '\0')
502 fatal("%s line %d: missing yes/"
503 "without-password/forced-commands-only/no "
504 "argument.", filename, linenum);
505 value = 0; /* silence compiler */
506 if (strcmp(arg, "without-password") == 0)
507 value = PERMIT_NO_PASSWD;
508 else if (strcmp(arg, "forced-commands-only") == 0)
509 value = PERMIT_FORCED_ONLY;
510 else if (strcmp(arg, "yes") == 0)
511 value = PERMIT_YES;
512 else if (strcmp(arg, "no") == 0)
513 value = PERMIT_NO;
514 else
515 fatal("%s line %d: Bad yes/"
516 "without-password/forced-commands-only/no "
517 "argument: %s", filename, linenum, arg);
518 if (*intptr == -1)
519 *intptr = value;
520 break;
521
522 case sIgnoreRhosts:
523 intptr = &options->ignore_rhosts;
524parse_flag:
525 arg = strdelim(&cp);
526 if (!arg || *arg == '\0')
527 fatal("%s line %d: missing yes/no argument.",
528 filename, linenum);
529 value = 0; /* silence compiler */
530 if (strcmp(arg, "yes") == 0)
531 value = 1;
532 else if (strcmp(arg, "no") == 0)
533 value = 0;
534 else
535 fatal("%s line %d: Bad yes/no argument: %s",
536 filename, linenum, arg);
537 if (*intptr == -1)
538 *intptr = value;
539 break;
540
541 case sIgnoreUserKnownHosts:
542 intptr = &options->ignore_user_known_hosts;
543 goto parse_flag;
544
545 case sRhostsAuthentication:
546 intptr = &options->rhosts_authentication;
547 goto parse_flag;
548
549 case sRhostsRSAAuthentication:
550 intptr = &options->rhosts_rsa_authentication;
551 goto parse_flag;
552
553 case sHostbasedAuthentication:
554 intptr = &options->hostbased_authentication;
555 goto parse_flag;
556
557 case sHostbasedUsesNameFromPacketOnly:
558 intptr = &options->hostbased_uses_name_from_packet_only;
559 goto parse_flag;
560
561 case sRSAAuthentication:
562 intptr = &options->rsa_authentication;
563 goto parse_flag;
564
565 case sPubkeyAuthentication:
566 intptr = &options->pubkey_authentication;
567 goto parse_flag;
568
569#ifdef KRB4
570 case sKerberosAuthentication:
571 intptr = &options->kerberos_authentication;
572 goto parse_flag;
573
574 case sKerberosOrLocalPasswd:
575 intptr = &options->kerberos_or_local_passwd;
576 goto parse_flag;
577
578 case sKerberosTicketCleanup:
579 intptr = &options->kerberos_ticket_cleanup;
580 goto parse_flag;
581#endif
582
583#ifdef AFS
584 case sKerberosTgtPassing:
585 intptr = &options->kerberos_tgt_passing;
586 goto parse_flag;
587
588 case sAFSTokenPassing:
589 intptr = &options->afs_token_passing;
590 goto parse_flag;
591#endif
592
593 case sPasswordAuthentication:
594 intptr = &options->password_authentication;
595 goto parse_flag;
596
597 case sKbdInteractiveAuthentication:
598 intptr = &options->kbd_interactive_authentication;
599 goto parse_flag;
600
601 case sCheckMail:
602 intptr = &options->check_mail;
603 goto parse_flag;
604
605 case sChallengeResponseAuthentication:
606 intptr = &options->challenge_reponse_authentication;
607 goto parse_flag;
608
609 case sPrintMotd:
610 intptr = &options->print_motd;
611 goto parse_flag;
612
613 case sPrintLastLog:
614 intptr = &options->print_lastlog;
615 goto parse_flag;
616
617 case sX11Forwarding:
618 intptr = &options->x11_forwarding;
619 goto parse_flag;
620
621 case sX11DisplayOffset:
622 intptr = &options->x11_display_offset;
623 goto parse_int;
624
625 case sXAuthLocation:
626 charptr = &options->xauth_location;
627 goto parse_filename;
628
629 case sStrictModes:
630 intptr = &options->strict_modes;
631 goto parse_flag;
632
633 case sKeepAlives:
634 intptr = &options->keepalives;
635 goto parse_flag;
636
637 case sEmptyPasswd:
638 intptr = &options->permit_empty_passwd;
639 goto parse_flag;
640
641 case sUseLogin:
642 intptr = &options->use_login;
643 goto parse_flag;
644
645 case sGatewayPorts:
646 intptr = &options->gateway_ports;
647 goto parse_flag;
648
649 case sReverseMappingCheck:
650 intptr = &options->reverse_mapping_check;
651 goto parse_flag;
652
653 case sLogFacility:
654 intptr = (int *) &options->log_facility;
655 arg = strdelim(&cp);
656 value = log_facility_number(arg);
657 if (value == (SyslogFacility) - 1)
658 fatal("%.200s line %d: unsupported log facility '%s'",
659 filename, linenum, arg ? arg : "<NONE>");
660 if (*intptr == -1)
661 *intptr = (SyslogFacility) value;
662 break;
663
664 case sLogLevel:
665 intptr = (int *) &options->log_level;
666 arg = strdelim(&cp);
667 value = log_level_number(arg);
668 if (value == (LogLevel) - 1)
669 fatal("%.200s line %d: unsupported log level '%s'",
670 filename, linenum, arg ? arg : "<NONE>");
671 if (*intptr == -1)
672 *intptr = (LogLevel) value;
673 break;
674
675 case sAllowTcpForwarding:
676 intptr = &options->allow_tcp_forwarding;
677 goto parse_flag;
678
679 case sAllowUsers:
680 while ((arg = strdelim(&cp)) && *arg != '\0') {
681 if (options->num_allow_users >= MAX_ALLOW_USERS)
682 fatal("%s line %d: too many allow users.",
683 filename, linenum);
684 options->allow_users[options->num_allow_users++] = xstrdup(arg);
685 }
686 break;
687
688 case sDenyUsers:
689 while ((arg = strdelim(&cp)) && *arg != '\0') {
690 if (options->num_deny_users >= MAX_DENY_USERS)
691 fatal( "%s line %d: too many deny users.",
692 filename, linenum);
693 options->deny_users[options->num_deny_users++] = xstrdup(arg);
694 }
695 break;
696
697 case sAllowGroups:
698 while ((arg = strdelim(&cp)) && *arg != '\0') {
699 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
700 fatal("%s line %d: too many allow groups.",
701 filename, linenum);
702 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
703 }
704 break;
705
706 case sDenyGroups:
707 while ((arg = strdelim(&cp)) && *arg != '\0') {
708 if (options->num_deny_groups >= MAX_DENY_GROUPS)
709 fatal("%s line %d: too many deny groups.",
710 filename, linenum);
711 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
712 }
713 break;
714
715 case sCiphers:
716 arg = strdelim(&cp);
717 if (!arg || *arg == '\0')
718 fatal("%s line %d: Missing argument.", filename, linenum);
719 if (!ciphers_valid(arg))
720 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
721 filename, linenum, arg ? arg : "<NONE>");
722 if (options->ciphers == NULL)
723 options->ciphers = xstrdup(arg);
724 break;
725
726 case sMacs:
727 arg = strdelim(&cp);
728 if (!arg || *arg == '\0')
729 fatal("%s line %d: Missing argument.", filename, linenum);
730 if (!mac_valid(arg))
731 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
732 filename, linenum, arg ? arg : "<NONE>");
733 if (options->macs == NULL)
734 options->macs = xstrdup(arg);
735 break;
736
737 case sProtocol:
738 intptr = &options->protocol;
739 arg = strdelim(&cp);
740 if (!arg || *arg == '\0')
741 fatal("%s line %d: Missing argument.", filename, linenum);
742 value = proto_spec(arg);
743 if (value == SSH_PROTO_UNKNOWN)
744 fatal("%s line %d: Bad protocol spec '%s'.",
745 filename, linenum, arg ? arg : "<NONE>");
746 if (*intptr == SSH_PROTO_UNKNOWN)
747 *intptr = value;
748 break;
749
750 case sSubsystem:
751 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
752 fatal("%s line %d: too many subsystems defined.",
753 filename, linenum);
754 }
755 arg = strdelim(&cp);
756 if (!arg || *arg == '\0')
757 fatal("%s line %d: Missing subsystem name.",
758 filename, linenum);
759 for (i = 0; i < options->num_subsystems; i++)
760 if(strcmp(arg, options->subsystem_name[i]) == 0)
761 fatal("%s line %d: Subsystem '%s' already defined.",
762 filename, linenum, arg);
763 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
764 arg = strdelim(&cp);
765 if (!arg || *arg == '\0')
766 fatal("%s line %d: Missing subsystem command.",
767 filename, linenum);
768 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
769 options->num_subsystems++;
770 break;
771
772 case sMaxStartups:
773 arg = strdelim(&cp);
774 if (!arg || *arg == '\0')
775 fatal("%s line %d: Missing MaxStartups spec.",
776 filename, linenum);
777 if (sscanf(arg, "%d:%d:%d",
778 &options->max_startups_begin,
779 &options->max_startups_rate,
780 &options->max_startups) == 3) {
781 if (options->max_startups_begin >
782 options->max_startups ||
783 options->max_startups_rate > 100 ||
784 options->max_startups_rate < 1)
785 fatal("%s line %d: Illegal MaxStartups spec.",
786 filename, linenum);
787 break;
788 }
789 intptr = &options->max_startups;
790 goto parse_int;
791
792 case sBanner:
793 charptr = &options->banner;
794 goto parse_filename;
795 case sClientAliveInterval:
796 intptr = &options->client_alive_interval;
797 goto parse_int;
798 case sClientAliveCountMax:
799 intptr = &options->client_alive_count_max;
800 goto parse_int;
801 case sPAMAuthenticationViaKbdInt:
802 intptr = &options->pam_authentication_via_kbd_int;
803 goto parse_flag;
804
805 default:
806 fatal("%s line %d: Missing handler for opcode %s (%d)",
807 filename, linenum, arg, opcode);
808 }
809 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
810 fatal("%s line %d: garbage at end of line; \"%.200s\".",
811 filename, linenum, arg);
812 }
813 fclose(f);
814 if (bad_options > 0)
815 fatal("%s: terminating, %d bad configuration options",
816 filename, bad_options);
817}