source: trunk/third/ssh/servconf.c @ 12646

Revision 12646, 21.9 KB checked in by danw, 26 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r12645, which included commits to RCS files with non-trunk default branches.
Line 
1/*
2
3servconf.c
4
5Author: Tatu Ylonen <ylo@cs.hut.fi>
6
7Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8                   All rights reserved
9
10Created: Mon Aug 21 15:48:58 1995 ylo
11
12*/
13
14/*
15 * $Id: servconf.c,v 1.1.1.4 1999-03-08 17:43:08 danw Exp $
16 * $Log: not supported by cvs2svn $
17 * Revision 1.14  1998/05/23  20:34:11  kivinen
18 *      Added forced_empty_passwd_change, num_deny_shosts,
19 *      num_allow_shosts, password_expire_warning_days,
20 *      account_expire_warning_days. Fixed typo in
21 *      forcedpasswordchange.
22 *
23 * Revision 1.13  1998/03/27  16:59:58  kivinen
24 *      Added IgnoreRootRhosts option.
25 *
26 * Revision 1.12  1998/01/03 06:41:55  kivinen
27 *      Added allow/deny groups option.
28 *
29 * Revision 1.11  1998/01/02 06:20:33  kivinen
30 *      Added xauthlocation and checkmail options.
31 *
32 * Revision 1.10  1997/04/27 21:51:34  kivinen
33 *      Added F-SECURE stuff. Added {Allow,Deny}Forwarding{To,Port}
34 *      feature. Added {Allow,Deny}Users feature from Steve Kann
35 *      <stevek@SteveK.COM>.
36 *
37 * Revision 1.9  1997/04/21 01:03:59  kivinen
38 *      Fixed allow_tcp_forwarding option default to yes.
39 *
40 * Revision 1.8  1997/04/05 21:50:07  kivinen
41 *      Fixed bug in allow_tcp_forwarding code.
42 *
43 * Revision 1.7  1997/03/27 03:14:16  kivinen
44 *      Changed sAllow_Tcp_Forwarding to sAllowTcpForwarding and
45 *      sKerberos_Or_Local_Passwd to sKerberosOrLocalPasswd.
46 *
47 * Revision 1.6  1997/03/27 03:12:39  kivinen
48 *      Added kerberos patches from Glenn Machin.
49 *      Added USELOGIN patches from Brian Cully.
50 *
51 * Revision 1.5  1997/03/26 05:33:16  kivinen
52 *      Added idle_timeout option.
53 *
54 * Revision 1.4  1997/03/25 05:44:38  kivinen
55 *      Added SilentDeny and Umask options.
56 *      Added = to WHITESPACE to allow options in form foo=bar.
57 *      Changed keywords to be case insensitive.
58 *
59 * Revision 1.3  1997/03/19 17:55:04  kivinen
60 *      Added TIS authentication code from Andre April
61 *      <Andre.April@cediti.be>.
62 *      Added SECURE_RPC, SECURE_NFS and NIS_PLUS support from Andy
63 *      Polyakov <appro@fy.chalmers.se>.
64 *
65 * Revision 1.2  1996/11/27 15:38:27  ttsalo
66 *     Added X11DisplayOffset-option
67 *
68 * Revision 1.1.1.1  1996/02/18 21:38:12  ylo
69 *      Imported ssh-1.2.13.
70 *
71 * $EndLog$
72 */
73
74#include "includes.h"
75#include "ssh.h"
76#include "servconf.h"
77#include "xmalloc.h"
78
79/* Initializes the server options to their default values. */
80
81void initialize_server_options(ServerOptions *options)
82{
83  memset(options, 0, sizeof(*options));
84  options->port = -1;
85  options->listen_addr.s_addr = INADDR_ANY;
86  options->host_key_file = NULL;
87  options->random_seed_file = NULL;
88  options->pid_file = NULL;
89  options->server_key_bits = -1;
90  options->login_grace_time = -1;
91  options->key_regeneration_time = -1;
92  options->permit_root_login = -1;
93  options->ignore_rhosts = -1;
94  options->ignore_root_rhosts = -1;
95  options->quiet_mode = -1;
96  options->fascist_logging = -1;
97  options->print_motd = -1;
98  options->x11_forwarding = -1;
99  options->x11_display_offset = -1;
100  options->strict_modes = -1;
101  options->keepalives = -1;
102  options->log_facility = (SyslogFacility)-1;
103  options->rhosts_authentication = -1;
104  options->rhosts_rsa_authentication = -1;
105  options->rsa_authentication = -1;
106  options->kerberos_authentication = -1;
107  options->kerberos_or_local_passwd = -1;
108  options->kerberos_tgt_passing = -1;
109  options->tis_authentication = -1;
110  options->allow_tcp_forwarding = -1;
111  options->password_authentication = -1;
112  options->permit_empty_passwd = -1;
113  options->use_login = -1;
114  options->silent_deny = -1;
115  options->forced_passwd_change = -1;
116  options->forced_empty_passwd_change = -1;
117  options->num_allow_shosts = 0;
118  options->num_deny_shosts = 0;
119  options->num_allow_hosts = 0;
120  options->num_deny_hosts = 0;
121  options->num_allow_users = 0;
122  options->num_deny_users = 0;
123  options->num_allow_groups = 0;
124  options->num_deny_groups = 0;
125#ifdef F_SECURE_COMMERCIAL
126
127
128
129
130#endif /* F_SECURE_COMMERCIAL */
131  options->umask = -1;
132  options->idle_timeout = -1;
133  options->xauth_path = NULL;
134  options->check_mail = -1;
135  options->password_expire_warning_days = -1;
136  options->account_expire_warning_days = -1;
137}
138
139void fill_default_server_options(ServerOptions *options)
140{
141  if (options->port == -1)
142    {
143      struct servent *sp;
144
145      sp = getservbyname(SSH_SERVICE_NAME, "tcp");
146      if (sp)
147        options->port = ntohs(sp->s_port);
148      else
149        options->port = SSH_DEFAULT_PORT;
150      endservent();
151    }
152  if (options->host_key_file == NULL)
153    options->host_key_file = HOST_KEY_FILE;
154  if (options->random_seed_file == NULL)
155    options->random_seed_file = SSH_DAEMON_SEED_FILE;
156  if (options->pid_file == NULL)
157    options->pid_file = SSH_DAEMON_PID_FILE;
158  if (options->server_key_bits == -1)
159    options->server_key_bits = 768;
160  if (options->login_grace_time == -1)
161    options->login_grace_time = 600;
162  if (options->key_regeneration_time == -1)
163    options->key_regeneration_time = 3600;
164  if (options->permit_root_login == -1)
165    options->permit_root_login = 2;
166  if (options->ignore_rhosts == -1)
167    options->ignore_rhosts = 0;
168  if (options->ignore_root_rhosts == -1)
169    options->ignore_root_rhosts = options->ignore_rhosts;
170  if (options->quiet_mode == -1)
171    options->quiet_mode = 0;
172  if (options->fascist_logging == -1)
173    options->fascist_logging = 1;
174  if (options->print_motd == -1)
175    options->print_motd = 1;
176  if (options->x11_forwarding == -1)
177    options->x11_forwarding = 1;
178  if (options->x11_display_offset == -1)
179    options->x11_display_offset = 1;
180  if (options->strict_modes == -1)
181    options->strict_modes = 1;
182  if (options->keepalives == -1)
183    options->keepalives = 1;
184  if (options->log_facility == (SyslogFacility)(-1))
185    options->log_facility = SYSLOG_FACILITY_DAEMON;
186  if (options->rhosts_authentication == -1)
187    options->rhosts_authentication = 0;
188  if (options->rhosts_rsa_authentication == -1)
189    options->rhosts_rsa_authentication = 1;
190  if (options->rsa_authentication == -1)
191    options->rsa_authentication = 1;
192  if (options->kerberos_authentication == -1)
193#if defined(KERBEROS) && defined(KRB5)
194    options->kerberos_authentication = 1;
195#else  /* defined(KERBEROS) && defined(KRB5) */
196    options->kerberos_authentication = 0;
197#endif /* defined(KERBEROS) && defined(KRB5) */
198  if (options->kerberos_or_local_passwd == -1)
199    options->kerberos_or_local_passwd = 0;
200  if (options->kerberos_tgt_passing == -1)
201#if defined(KERBEROS_TGT_PASSING) && defined(KRB5)
202    options->kerberos_tgt_passing = 1;
203#else  /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
204    options->kerberos_tgt_passing = 0;
205#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
206  if (options->allow_tcp_forwarding == -1)
207    options->allow_tcp_forwarding = 1;
208  if (options->tis_authentication == -1)
209    options->tis_authentication = 0;
210  if (options->password_authentication == -1)
211    options->password_authentication = 1;
212  if (options->permit_empty_passwd == -1)
213    options->permit_empty_passwd = 1;
214  if (options->use_login == -1)
215    options->use_login = 0;
216  if (options->silent_deny == -1)
217    options->silent_deny = 0;
218  if (options->forced_passwd_change == -1)
219    options->forced_passwd_change = 1;
220  if (options->forced_empty_passwd_change == -1)
221    options->forced_empty_passwd_change = 0;
222  if (options->idle_timeout == -1)
223    options->idle_timeout = 0;
224  if (options->check_mail == -1)
225    options->check_mail = 1;
226#ifdef XAUTH_PATH
227  if (options->xauth_path == NULL)
228    options->xauth_path = XAUTH_PATH;
229#else   /* !XAUTH_PATH */
230  if (options->xauth_path == NULL)
231    options->xauth_path = "xauth";
232#endif  /* !XAUTH_PATH */
233  if (options->password_expire_warning_days == -1)
234    options->password_expire_warning_days = 14;
235  if (options->account_expire_warning_days == -1)
236    options->account_expire_warning_days = 14;
237}
238
239#define WHITESPACE " \t\r\n="
240
241/* Keyword tokens. */
242typedef enum
243{
244  sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
245  sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
246  sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
247  sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts,
248  sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
249  sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile,
250  sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout,
251  sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd,
252  sKerberosTgtPassing, sAllowTcpForwarding, sAllowUsers, sDenyUsers,
253  sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts,
254  sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays,
255  sAccountExpireWarningDays
256#ifdef F_SECURE_COMMERCIAL
257
258
259#endif /* F_SECURE_COMMERCIAL */
260} ServerOpCodes;
261
262/* Textual representation of the tokens. */
263static struct
264{
265  const char *name;
266  ServerOpCodes opcode;
267} keywords[] =
268{
269  { "port", sPort },
270  { "hostkey", sHostKeyFile },
271  { "serverkeybits", sServerKeyBits },
272  { "logingracetime", sLoginGraceTime },
273  { "keyregenerationinterval", sKeyRegenerationTime },
274  { "permitrootlogin", sPermitRootLogin },
275  { "quietmode", sQuietMode },
276  { "fascistlogging", sFascistLogging },
277  { "syslogfacility", sLogFacility },
278  { "rhostsauthentication", sRhostsAuthentication },
279  { "rhostsrsaauthentication", sRhostsRSAAuthentication },
280  { "rsaauthentication", sRSAAuthentication },
281  { "tisauthentication", sTISAuthentication },
282  { "passwordauthentication", sPasswordAuthentication },
283  { "uselogin", sUseLogin },
284  { "allowshosts", sAllowSHosts },
285  { "denyshosts", sDenySHosts },
286  { "allowhosts", sAllowHosts },
287  { "denyhosts", sDenyHosts },
288  { "allowusers", sAllowUsers },
289  { "denyusers", sDenyUsers },
290  { "allowgroups", sAllowGroups },
291  { "denygroups", sDenyGroups },
292#ifdef F_SECURE_COMMERCIAL
293
294
295
296
297#endif /* F_SECURE_COMMERCIAL */
298  { "listenaddress", sListenAddress },
299  { "printmotd", sPrintMotd },
300  { "ignorerhosts", sIgnoreRhosts },
301  { "ignorerootrhosts", sIgnoreRootRhosts },
302  { "x11forwarding", sX11Forwarding },
303  { "x11displayoffset", sX11DisplayOffset },
304  { "strictmodes", sStrictModes },
305  { "permitemptypasswords", sEmptyPasswd },
306  { "forcedpasswdchange", sForcedPasswd },
307  { "randomseed", sRandomSeedFile },
308  { "keepalive", sKeepAlives },
309  { "pidfile", sPidFile },
310  { "umask", sUmask },
311  { "silentdeny", sSilentDeny },
312  { "idletimeout", sIdleTimeout },
313  { "kerberosauthentication", sKerberosAuthentication },
314  { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
315  { "kerberostgtpassing", sKerberosTgtPassing },
316  { "allowtcpforwarding", sAllowTcpForwarding },
317  { "xauthlocation", sXauthPath },
318  { "checkmail", sCheckMail },
319  { "passwordexpirewarningdays", sPasswordExpireWarningDays },
320  { "accountexpirewarningdays", sAccountExpireWarningDays },
321  { NULL, 0 }
322};
323
324static struct
325{
326  const char *name;
327  SyslogFacility facility;
328} log_facilities[] =
329{
330  { "daemon", SYSLOG_FACILITY_DAEMON },
331  { "user", SYSLOG_FACILITY_USER },
332  { "auth", SYSLOG_FACILITY_AUTH },
333  { "local0", SYSLOG_FACILITY_LOCAL0 },
334  { "local1", SYSLOG_FACILITY_LOCAL1 },
335  { "local2", SYSLOG_FACILITY_LOCAL2 },
336  { "local3", SYSLOG_FACILITY_LOCAL3 },
337  { "local4", SYSLOG_FACILITY_LOCAL4 },
338  { "local5", SYSLOG_FACILITY_LOCAL5 },
339  { "local6", SYSLOG_FACILITY_LOCAL6 },
340  { "local7", SYSLOG_FACILITY_LOCAL7 },
341  { NULL, 0 }
342};
343
344/* Returns the number of the token pointed to by cp of length len.
345   Never returns if the token is not known. */
346
347static ServerOpCodes parse_token(const char *cp, const char *filename,
348                                 int linenum)
349{
350  unsigned int i;
351
352  for (i = 0; keywords[i].name; i++)
353    if (strcmp(cp, keywords[i].name) == 0)
354      return keywords[i].opcode;
355
356  fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
357          filename, linenum, cp);
358  exit(1);
359}
360
361/* Reads the server configuration file. */
362
363void read_server_config(ServerOptions *options, const char *filename)
364{
365  FILE *f;
366  char line[1024];
367  char *cp, **charptr;
368  int linenum, *intptr, i, value;
369  ServerOpCodes opcode;
370
371  f = fopen(filename, "r");
372  if (!f)
373    {
374      perror(filename);
375      return;
376    }
377
378  linenum = 0;
379  while (fgets(line, sizeof(line), f))
380    {
381      linenum++;
382      cp = line + strspn(line, WHITESPACE);
383      if (!*cp || *cp == '#')
384        continue;
385      cp = strtok(cp, WHITESPACE);
386      for(i = 0; cp[i]; i++)
387        cp[i] = tolower(cp[i]);
388      opcode = parse_token(cp, filename, linenum);
389      switch (opcode)
390        {
391        case sPort:
392          intptr = &options->port;
393        parse_int:
394          cp = strtok(NULL, WHITESPACE);
395          if (!cp)
396            {
397              fprintf(stderr, "%s line %d: missing integer value.\n",
398                      filename, linenum);
399              exit(1);
400            }
401          if (*cp == '0')       /* Octal or hex */
402            {
403              int base;
404             
405              cp++;
406              if (*cp == 'x')   /* Hex */
407                {
408                  cp++;
409                  base = 16;
410                }
411              else
412                base = 8;
413              value = 0;
414              while ((base == 16 && isxdigit(*cp)) ||
415                     (base == 8 && isdigit(*cp) && *cp < '8'))
416                {
417                  value *= base;
418                  if (*cp >= 'a' && *cp <= 'f')
419                    value += *cp - 'a' + 10;
420                  else if (*cp >= 'A' && *cp <= 'F')
421                    value += *cp - 'A' + 10;
422                  else
423                    value += *cp - '0';
424                  cp++;
425                }
426            }
427          else
428            {
429              value = atoi(cp);
430            }
431          if (*intptr == -1)
432            *intptr = value;
433          break;
434
435        case sServerKeyBits:
436          intptr = &options->server_key_bits;
437          goto parse_int;
438
439        case sLoginGraceTime:
440          intptr = &options->login_grace_time;
441          goto parse_int;
442         
443        case sKeyRegenerationTime:
444          intptr = &options->key_regeneration_time;
445          goto parse_int;
446
447        case sListenAddress:
448          cp = strtok(NULL, WHITESPACE);
449          if (!cp)
450            {
451              fprintf(stderr, "%s line %d: missing inet addr.\n",
452                      filename, linenum);
453              exit(1);
454            }
455#ifdef BROKEN_INET_ADDR
456          options->listen_addr.s_addr = inet_network(cp);
457#else /* BROKEN_INET_ADDR */
458          options->listen_addr.s_addr = inet_addr(cp);
459#endif /* BROKEN_INET_ADDR */
460          break;
461
462        case sHostKeyFile:
463          charptr = &options->host_key_file;
464        parse_pathname:
465          cp = strtok(NULL, WHITESPACE);
466          if (!cp)
467            {
468              fprintf(stderr, "%s line %d: missing file name.\n",
469                      filename, linenum);
470              exit(1);
471            }
472          if (*charptr == NULL)
473            *charptr = tilde_expand_filename(cp, getuid());
474          break;
475
476        case sRandomSeedFile:
477          charptr = &options->random_seed_file;
478          goto parse_pathname;
479
480        case sPidFile:
481          charptr = &options->pid_file;
482          goto parse_pathname;
483
484        case sPermitRootLogin:
485          cp = strtok (NULL, WHITESPACE);
486          if (!cp)
487            {
488              fprintf(stderr, "%s line %d: missing yes/nopwd/no argument.\n",
489                      filename, linenum);
490              exit(1);
491            }
492          for(i = 0; cp[i]; i++)
493            cp[i] = tolower(cp[i]);
494          if (strcmp(cp, "yes") == 0)
495            value = 2;
496          else if (strcmp(cp, "nopwd") == 0)
497              value = 1;
498          else if (strcmp(cp, "no") == 0)
499            value = 0;
500          else
501            {
502              fprintf(stderr, "%s line %d: Bad yes/nopwd/no argument: %s\n",
503                      filename, linenum, cp);
504              exit(1);
505            }
506          if (options->permit_root_login == -1)
507            options->permit_root_login = value;
508          break;
509
510        parse_flag:
511          cp = strtok(NULL, WHITESPACE);
512          if (!cp)
513            {
514              fprintf(stderr, "%s line %d: missing yes/no argument.\n",
515                      filename, linenum);
516              exit(1);
517            }
518          for(i = 0; cp[i]; i++)
519            cp[i] = tolower(cp[i]);
520          if (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0)
521            value = 1;
522          else
523            if (strcmp(cp, "no") == 0 || strcmp(cp, "false") == 0)
524              value = 0;
525            else
526              {
527                fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
528                        filename, linenum, cp);
529                exit(1);
530              }
531          if (*intptr == -1)
532            *intptr = value;
533          break;
534
535        case sIgnoreRhosts:
536          intptr = &options->ignore_rhosts;
537          goto parse_flag;
538         
539        case sIgnoreRootRhosts:
540          intptr = &options->ignore_root_rhosts;
541          goto parse_flag;
542         
543        case sQuietMode:
544          intptr = &options->quiet_mode;
545          goto parse_flag;
546
547        case sFascistLogging:
548          intptr = &options->fascist_logging;
549          goto parse_flag;
550
551        case sRhostsAuthentication:
552          intptr = &options->rhosts_authentication;
553          goto parse_flag;
554
555        case sRhostsRSAAuthentication:
556          intptr = &options->rhosts_rsa_authentication;
557          goto parse_flag;
558         
559        case sRSAAuthentication:
560          intptr = &options->rsa_authentication;
561          goto parse_flag;
562         
563        case sKerberosAuthentication:
564          intptr = &options->kerberos_authentication;
565          goto parse_flag;
566         
567        case sKerberosOrLocalPasswd:
568          intptr = &options->kerberos_or_local_passwd;
569          goto parse_flag;
570         
571        case sKerberosTgtPassing:
572          intptr = &options->kerberos_tgt_passing;
573          goto parse_flag;
574         
575        case sAllowTcpForwarding:
576          intptr = &options->allow_tcp_forwarding;
577          goto parse_flag;
578         
579        case sTISAuthentication:
580          intptr = &options->tis_authentication;
581          goto parse_flag;
582         
583        case sPasswordAuthentication:
584          intptr = &options->password_authentication;
585          goto parse_flag;
586
587        case sUseLogin:
588          intptr = &options->use_login;
589          goto parse_flag;
590         
591        case sPrintMotd:
592          intptr = &options->print_motd;
593          goto parse_flag;
594
595        case sX11Forwarding:
596          intptr = &options->x11_forwarding;
597          goto parse_flag;
598
599        case sX11DisplayOffset:
600            intptr = &options->x11_display_offset;
601            goto parse_int;
602
603        case sStrictModes:
604          intptr = &options->strict_modes;
605          goto parse_flag;
606
607        case sKeepAlives:
608          intptr = &options->keepalives;
609          goto parse_flag;
610         
611        case sEmptyPasswd:
612          intptr = &options->permit_empty_passwd;
613          goto parse_flag;
614         
615        case sSilentDeny:
616          intptr = &options->silent_deny;
617          goto parse_flag;
618
619        case sForcedPasswd:
620          intptr = &options->forced_passwd_change;
621          goto parse_flag;
622
623        case sForcedEmptyPasswd:
624          intptr = &options->forced_empty_passwd_change;
625          goto parse_flag;
626
627        case sUmask:
628          intptr = &options->umask;
629          goto parse_int;
630
631        case sIdleTimeout:
632          cp = strtok(NULL, WHITESPACE);
633          if (!cp)
634            {
635              fprintf(stderr, "%s line %d: missing integer value.\n",
636                      filename, linenum);
637              exit(1);
638            }
639          value = 0;
640          while(isdigit(*cp))
641            {
642              value *= 10;
643              value += *cp - '0';
644              cp++;
645            }
646          *cp = tolower(*cp);
647          if (*cp == 'w') /* Weeks */
648            {
649              value *= 7 * 24 * 60 * 60;
650              cp++;
651            }
652          else if (*cp == 'd') /* Days */
653            {
654              value *= 24 * 60 * 60;
655              cp++;
656            }
657          else if (*cp == 'h') /* Hours */
658            {
659              value *= 60 * 60;
660              cp++;
661            }
662          else if (*cp == 'm') /* Minutes */
663            {
664              value *= 60;
665              cp++;
666            }
667          else if (*cp == 's')
668            {
669              cp++;
670            }
671          options->idle_timeout = value;
672          break;
673
674        case sLogFacility:
675          cp = strtok(NULL, WHITESPACE);
676          if (!cp)
677            {
678              fprintf(stderr, "%s line %d: missing facility name.\n",
679                      filename, linenum);
680              exit(1);
681            }
682          for(i = 0; cp[i]; i++)
683            cp[i] = tolower(cp[i]);
684          for (i = 0; log_facilities[i].name; i++)
685            if (strcmp(log_facilities[i].name, cp) == 0)
686              break;
687          if (!log_facilities[i].name)
688            {
689              fprintf(stderr, "%s line %d: unsupported log facility %s\n",
690                      filename, linenum, cp);
691              exit(1);
692            }
693          if (options->log_facility == (SyslogFacility)(-1))
694            options->log_facility = log_facilities[i].facility;
695          break;
696         
697        case sAllowSHosts:
698          while ((cp = strtok(NULL, WHITESPACE)))
699            {
700              if (options->num_allow_shosts >= MAX_ALLOW_SHOSTS)
701                {
702                  fprintf(stderr, "%s line %d: too many allow shosts.\n",
703                          filename, linenum);
704                  exit(1);
705                }
706              options->allow_shosts[options->num_allow_shosts++] = xstrdup(cp);
707            }
708          break;
709
710        case sDenySHosts:
711          while ((cp = strtok(NULL, WHITESPACE)))
712            {
713              if (options->num_deny_shosts >= MAX_DENY_SHOSTS)
714                {
715                  fprintf(stderr, "%s line %d: too many deny shosts.\n",
716                          filename, linenum);
717                  exit(1);
718                }
719              options->deny_shosts[options->num_deny_shosts++] = xstrdup(cp);
720            }
721          break;
722
723        case sAllowHosts:
724          while ((cp = strtok(NULL, WHITESPACE)))
725            {
726              if (options->num_allow_hosts >= MAX_ALLOW_HOSTS)
727                {
728                  fprintf(stderr, "%s line %d: too many allow hosts.\n",
729                          filename, linenum);
730                  exit(1);
731                }
732              options->allow_hosts[options->num_allow_hosts++] = xstrdup(cp);
733            }
734          break;
735
736        case sDenyHosts:
737          while ((cp = strtok(NULL, WHITESPACE)))
738            {
739              if (options->num_deny_hosts >= MAX_DENY_HOSTS)
740                {
741                  fprintf(stderr, "%s line %d: too many deny hosts.\n",
742                          filename, linenum);
743                  exit(1);
744                }
745              options->deny_hosts[options->num_deny_hosts++] = xstrdup(cp);
746            }
747          break;
748
749        case sAllowUsers:
750          while ((cp = strtok(NULL, WHITESPACE)))
751            {
752              if (options->num_allow_users >= MAX_ALLOW_USERS)
753                {
754                  fprintf(stderr, "%s line %d: too many allow users.\n",
755                          filename, linenum);
756                  exit(1);
757                }
758              options->allow_users[options->num_allow_users++] = xstrdup(cp);
759            }
760          break;
761         
762        case sDenyUsers:
763          while ((cp = strtok(NULL, WHITESPACE)))
764            {
765              if (options->num_deny_users >= MAX_DENY_USERS)
766                {
767                  fprintf(stderr, "%s line %d: too many deny users.\n",
768                          filename, linenum);
769                  exit(1);
770                }
771              options->deny_users[options->num_deny_users++] = xstrdup(cp);
772            }
773          break;
774         
775        case sAllowGroups:
776          while ((cp = strtok(NULL, WHITESPACE)))
777            {
778              if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
779                {
780                  fprintf(stderr, "%s line %d: too many allow groups.\n",
781                          filename, linenum);
782                  exit(1);
783                }
784              options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
785            }
786          break;
787         
788        case sDenyGroups:
789          while ((cp = strtok(NULL, WHITESPACE)))
790            {
791              if (options->num_deny_groups >= MAX_DENY_GROUPS)
792                {
793                  fprintf(stderr, "%s line %d: too many deny groups.\n",
794                          filename, linenum);
795                  exit(1);
796                }
797              options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
798            }
799          break;
800         
801        case sXauthPath:
802          charptr = &options->xauth_path;
803          goto parse_pathname;
804
805        case sCheckMail:
806          intptr = &options->check_mail;
807          goto parse_flag;
808         
809        case sPasswordExpireWarningDays:
810          intptr = &options->password_expire_warning_days;
811          goto parse_int;
812
813        case sAccountExpireWarningDays:
814          intptr = &options->account_expire_warning_days;
815          goto parse_int;
816
817#ifdef F_SECURE_COMMERCIAL
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873#endif /* F_SECURE_COMMERCIAL */
874         
875        default:
876          fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
877                  filename, linenum, cp, opcode);
878          exit(1);
879        }
880      if (strtok(NULL, WHITESPACE) != NULL)
881        {
882          fprintf(stderr, "%s line %d: garbage at end of line.\n",
883                  filename, linenum);
884          exit(1);
885        }
886    }
887  fclose(f);
888}
Note: See TracBrowser for help on using the repository browser.