1 | /* |
---|
2 | |
---|
3 | servconf.h |
---|
4 | |
---|
5 | Author: Tatu Ylonen <ylo@cs.hut.fi> |
---|
6 | |
---|
7 | Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
---|
8 | All rights reserved |
---|
9 | |
---|
10 | Created: Mon Aug 21 15:35:03 1995 ylo |
---|
11 | |
---|
12 | Definitions for server configuration data and for the functions reading it. |
---|
13 | |
---|
14 | */ |
---|
15 | |
---|
16 | /* |
---|
17 | * $Id: servconf.h,v 1.1.1.4 1999-03-08 17:43:41 danw Exp $ |
---|
18 | * $Log: not supported by cvs2svn $ |
---|
19 | * Revision 1.11 1998/05/23 20:37:02 kivinen |
---|
20 | * Added forced_empty_passwd_change, num_deny_shosts, |
---|
21 | * num_allow_shosts, password_expire_warning_days, |
---|
22 | * account_expire_warning_days. Fixed typo in |
---|
23 | * forcedpasswordchange. |
---|
24 | * |
---|
25 | * Revision 1.10 1998/03/27 17:00:09 kivinen |
---|
26 | * Added IgnoreRootRhosts option. |
---|
27 | * |
---|
28 | * Revision 1.9 1998/01/03 06:42:11 kivinen |
---|
29 | * Added allow/deny groups option. |
---|
30 | * |
---|
31 | * Revision 1.8 1998/01/02 06:20:45 kivinen |
---|
32 | * Added xauthlocation and checkmail options. |
---|
33 | * |
---|
34 | * Revision 1.7 1997/04/27 21:51:44 kivinen |
---|
35 | * Added F-SECURE stuff. Added {Allow,Deny}Forwarding{To,Port} |
---|
36 | * feature. Added {Allow,Deny}Users feature from Steve Kann |
---|
37 | * <stevek@SteveK.COM>. |
---|
38 | * |
---|
39 | * Revision 1.6 1997/03/27 03:14:31 kivinen |
---|
40 | * Added kerberos patches from Glenn Machin. |
---|
41 | * Added USELOGIN patches from Brian Cully. |
---|
42 | * |
---|
43 | * Revision 1.5 1997/03/26 05:33:54 kivinen |
---|
44 | * Added idle_timeout option. |
---|
45 | * |
---|
46 | * Revision 1.4 1997/03/25 05:44:48 kivinen |
---|
47 | * Added silent_deny and umask. |
---|
48 | * |
---|
49 | * Revision 1.3 1997/03/19 17:55:14 kivinen |
---|
50 | * Added TIS authentication code from Andre April |
---|
51 | * <Andre.April@cediti.be>. |
---|
52 | * Added SECURE_RPC, SECURE_NFS and NIS_PLUS support from Andy |
---|
53 | * Polyakov <appro@fy.chalmers.se>. |
---|
54 | * |
---|
55 | * Revision 1.2 1996/11/27 15:38:28 ttsalo |
---|
56 | * Added X11DisplayOffset-option |
---|
57 | * |
---|
58 | * Revision 1.1.1.1 1996/02/18 21:38:10 ylo |
---|
59 | * Imported ssh-1.2.13. |
---|
60 | * |
---|
61 | * $EndLog$ |
---|
62 | */ |
---|
63 | |
---|
64 | #ifndef SERVCONF_H |
---|
65 | #define SERVCONF_H |
---|
66 | |
---|
67 | #define MAX_ALLOW_SHOSTS 256 /* Max # hosts on allow shosts list. */ |
---|
68 | #define MAX_DENY_SHOSTS 256 /* Max # hosts on deny shosts list. */ |
---|
69 | #define MAX_ALLOW_HOSTS 256 /* Max # hosts on allow list. */ |
---|
70 | #define MAX_DENY_HOSTS 256 /* Max # hosts on deny list. */ |
---|
71 | #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ |
---|
72 | #define MAX_DENY_USERS 256 /* Max # users on deny list. */ |
---|
73 | #define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ |
---|
74 | #define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ |
---|
75 | |
---|
76 | #ifdef F_SECURE_COMMERCIAL |
---|
77 | #define MAX_ALLOW_FORWD_TO 256 /* Max # forwardingto on allow list. */ |
---|
78 | #define MAX_DENY_FORWD_TO 256 /* Max # forwardingto on deny list. */ |
---|
79 | #define MAX_ALLOW_FORWD_PORT 256 /* Max # forwardingport on allow list. */ |
---|
80 | #define MAX_DENY_FORWD_PORT 256 /* Max # forwardingport on deny list. */ |
---|
81 | #endif /* F_SECURE_COMMERCIAL */ |
---|
82 | |
---|
83 | typedef struct |
---|
84 | { |
---|
85 | int port; /* Port number to listen on. */ |
---|
86 | struct in_addr listen_addr; /* Address on which the server listens. */ |
---|
87 | char *host_key_file; /* File containing host key. */ |
---|
88 | char *random_seed_file; /* File containing random seed. */ |
---|
89 | char *pid_file; /* File containing process ID number. */ |
---|
90 | int server_key_bits; /* Size of the server key. */ |
---|
91 | int login_grace_time; /* Disconnect if no auth in this time (sec). */ |
---|
92 | int key_regeneration_time; /* Server key lifetime (seconds). */ |
---|
93 | int permit_root_login; /* 0 = forced cmd only, 1 = no pwd, 2 = yes. */ |
---|
94 | int ignore_rhosts; /* Ignore .rhosts and .shosts. */ |
---|
95 | int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root, |
---|
96 | defaults to ignore_rhosts if not given. */ |
---|
97 | int quiet_mode; /* If true, don't log anything but fatals. */ |
---|
98 | int fascist_logging; /* Perform very verbose logging. */ |
---|
99 | int print_motd; /* If true, print /etc/motd. */ |
---|
100 | int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ |
---|
101 | int x11_display_offset; /* How much to offset the DISPLAY number */ |
---|
102 | int strict_modes; /* If true, require string home dir modes. */ |
---|
103 | int keepalives; /* If true, set SO_KEEPALIVE. */ |
---|
104 | time_t idle_timeout; /* If non zero, sets idle-timeout */ |
---|
105 | SyslogFacility log_facility; /* Facility for system logging. */ |
---|
106 | int rhosts_authentication; /* If true, permit rhosts authentication. */ |
---|
107 | int rhosts_rsa_authentication;/* If true, permit rhosts RSA authentication.*/ |
---|
108 | int rsa_authentication; /* If true, permit RSA authentication. */ |
---|
109 | int kerberos_authentication; /* If true, permit Kerberos authentication. */ |
---|
110 | int kerberos_or_local_passwd; /* If true, permit kerberos and any other |
---|
111 | password authentication mechanism, such |
---|
112 | as SecurID or /etc/passwd */ |
---|
113 | int kerberos_tgt_passing; /* If true, permit Kerberos tgt passing. */ |
---|
114 | int allow_tcp_forwarding; |
---|
115 | int tis_authentication; /* If true, permit TIS authsrv auth. */ |
---|
116 | int password_authentication; /* If true, permit password authentication. */ |
---|
117 | int permit_empty_passwd; /* If false, do not permit empty passwords. */ |
---|
118 | int use_login; /* Use /bin/login if possible */ |
---|
119 | int silent_deny; /* 1 = deny by closing sockets. */ |
---|
120 | int forced_empty_passwd_change; /* If true, force password change if empty |
---|
121 | password (first login). */ |
---|
122 | int forced_passwd_change; /* If true, force password change if password |
---|
123 | too old. */ |
---|
124 | int umask; /* Umask */ |
---|
125 | int check_mail; /* If true, check mail spool at login */ |
---|
126 | unsigned int num_allow_shosts; |
---|
127 | char *allow_shosts[MAX_ALLOW_SHOSTS]; |
---|
128 | unsigned int num_deny_shosts; |
---|
129 | char *deny_shosts[MAX_DENY_SHOSTS]; |
---|
130 | unsigned int num_allow_hosts; |
---|
131 | char *allow_hosts[MAX_ALLOW_HOSTS]; |
---|
132 | unsigned int num_deny_hosts; |
---|
133 | char *deny_hosts[MAX_DENY_HOSTS]; |
---|
134 | unsigned int num_allow_users; |
---|
135 | char *allow_users[MAX_ALLOW_USERS]; |
---|
136 | unsigned int num_deny_users; |
---|
137 | char *deny_users[MAX_DENY_USERS]; |
---|
138 | unsigned int num_allow_groups; |
---|
139 | char *allow_groups[MAX_ALLOW_GROUPS]; |
---|
140 | unsigned int num_deny_groups; |
---|
141 | char *deny_groups[MAX_DENY_GROUPS]; |
---|
142 | |
---|
143 | char *xauth_path; |
---|
144 | |
---|
145 | #ifdef F_SECURE_COMMERCIAL |
---|
146 | |
---|
147 | |
---|
148 | |
---|
149 | |
---|
150 | |
---|
151 | |
---|
152 | |
---|
153 | |
---|
154 | #endif /* F_SECURE_COMMERCIAL */ |
---|
155 | int password_expire_warning_days; |
---|
156 | int account_expire_warning_days; |
---|
157 | } ServerOptions; |
---|
158 | |
---|
159 | /* Initializes the server options to special values that indicate that they |
---|
160 | have not yet been set. */ |
---|
161 | void initialize_server_options(ServerOptions *options); |
---|
162 | |
---|
163 | /* Reads the server configuration file. This only sets the values for those |
---|
164 | options that have the special value indicating they have not been set. */ |
---|
165 | void read_server_config(ServerOptions *options, const char *filename); |
---|
166 | |
---|
167 | /* Sets values for those values that have not yet been set. */ |
---|
168 | void fill_default_server_options(ServerOptions *options); |
---|
169 | |
---|
170 | #endif /* SERVCONF_H */ |
---|