Initial import of OpenSSH v2.1.

1 files changed, 95 insertions, 37 deletions

diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index 15b326f..57f7050 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@@ -1,29 +1,30 @@
 /*
- * 
+ *
  * servconf.c
- * 
+ *
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
- * 
+ *
  * Created: Mon Aug 21 15:48:58 1995 ylo
- * 
+ *
  */
 
 #include "includes.h"
-RCSID("$Id: servconf.c,v 1.31 2000/03/07 20:40:41 markus Exp $");
+RCSID("$Id: servconf.c,v 1.40 2000/05/08 17:12:15 markus Exp $");
 
 #include "ssh.h"
 #include "servconf.h"
 #include "xmalloc.h"
+#include "compat.h"
 
 /* add listen address */
 void add_listen_addr(ServerOptions *options, char *addr);
 
 /* Initializes the server options to their default values. */
 
-void 
+void
 initialize_server_options(ServerOptions *options)
 {
 	memset(options, 0, sizeof(*options));
@@ -31,6 +32,8 @@ initialize_server_options(ServerOptions *options)
 	options->ports_from_cmdline = 0;
 	options->listen_addrs = NULL;
 	options->host_key_file = NULL;
+	options->host_dsa_key_file = NULL;
+	options->pid_file = NULL;
 	options->server_key_bits = -1;
 	options->login_grace_time = -1;
 	options->key_regeneration_time = -1;
@@ -48,6 +51,7 @@ initialize_server_options(ServerOptions *options)
 	options->rhosts_authentication = -1;
 	options->rhosts_rsa_authentication = -1;
 	options->rsa_authentication = -1;
+	options->dsa_authentication = -1;
 #ifdef KRB4
 	options->kerberos_authentication = -1;
 	options->kerberos_or_local_passwd = -1;
@@ -67,9 +71,12 @@ initialize_server_options(ServerOptions *options)
 	options->num_deny_users = 0;
 	options->num_allow_groups = 0;
 	options->num_deny_groups = 0;
+	options->ciphers = NULL;
+	options->protocol = SSH_PROTO_UNKNOWN;
+	options->gateway_ports = -1;
 }
 
-void 
+void
 fill_default_server_options(ServerOptions *options)
 {
 	if (options->num_ports == 0)
@@ -78,6 +85,10 @@ fill_default_server_options(ServerOptions *options)
 		add_listen_addr(options, NULL);
 	if (options->host_key_file == NULL)
 		options->host_key_file = HOST_KEY_FILE;
+	if (options->host_dsa_key_file == NULL)
+		options->host_dsa_key_file = HOST_DSA_KEY_FILE;
+	if (options->pid_file == NULL)
+		options->pid_file = SSH_DAEMON_PID_FILE;
 	if (options->server_key_bits == -1)
 		options->server_key_bits = 768;
 	if (options->login_grace_time == -1)
@@ -112,6 +123,8 @@ fill_default_server_options(ServerOptions *options)
 		options->rhosts_rsa_authentication = 0;
 	if (options->rsa_authentication == -1)
 		options->rsa_authentication = 1;
+	if (options->dsa_authentication == -1)
+		options->dsa_authentication = 1;
 #ifdef KRB4
 	if (options->kerberos_authentication == -1)
 		options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
@@ -136,6 +149,10 @@ fill_default_server_options(ServerOptions *options)
 		options->permit_empty_passwd = 0;
 	if (options->use_login == -1)
 		options->use_login = 0;
+	if (options->protocol == SSH_PROTO_UNKNOWN)
+		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+	if (options->gateway_ports == -1)
+		options->gateway_ports = 0;
 }
 
 #define WHITESPACE " \t\r\n"
@@ -159,7 +176,8 @@ typedef enum {
 	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
 	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
 	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-	sIgnoreUserKnownHosts
+	sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile,
+	sGatewayPorts, sDSAAuthentication
 } ServerOpCodes;
 
 /* Textual representation of the tokens. */
@@ -169,6 +187,8 @@ static struct {
 } keywords[] = {
 	{ "port", sPort },
 	{ "hostkey", sHostKeyFile },
+	{ "hostdsakey", sHostDSAKeyFile },
+ 	{ "pidfile", sPidFile },
 	{ "serverkeybits", sServerKeyBits },
 	{ "logingracetime", sLoginGraceTime },
 	{ "keyregenerationinterval", sKeyRegenerationTime },
@@ -178,6 +198,7 @@ static struct {
 	{ "rhostsauthentication", sRhostsAuthentication },
 	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
 	{ "rsaauthentication", sRSAAuthentication },
+	{ "dsaauthentication", sDSAAuthentication },
 #ifdef KRB4
 	{ "kerberosauthentication", sKerberosAuthentication },
 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
@@ -207,6 +228,9 @@ static struct {
 	{ "denyusers", sDenyUsers },
 	{ "allowgroups", sAllowGroups },
 	{ "denygroups", sDenyGroups },
+	{ "ciphers", sCiphers },
+	{ "protocol", sProtocol },
+	{ "gatewayports", sGatewayPorts },
 	{ NULL, 0 }
 };
 
@@ -215,7 +239,7 @@ static struct {
  * returns if the token is not known.
  */
 
-static ServerOpCodes 
+static ServerOpCodes
 parse_token(const char *cp, const char *filename,
 	    int linenum)
 {
@@ -233,7 +257,7 @@ parse_token(const char *cp, const char *filename,
 /*
  * add listen address
  */
-void 
+void
 add_listen_addr(ServerOptions *options, char *addr)
 {
 	extern int IPv4or6;
@@ -263,7 +287,7 @@ add_listen_addr(ServerOptions *options, char *addr)
 
 /* Reads the server configuration file. */
 
-void 
+void
 read_server_config(ServerOptions *options, const char *filename)
 {
 	FILE *f;
@@ -299,7 +323,7 @@ read_server_config(ServerOptions *options, const char *filename)
 				    "ListenAdress.\n", filename, linenum);
 			if (options->num_ports >= MAX_PORTS)
 				fatal("%s line %d: too many ports.\n",
-			            filename, linenum);
+				    filename, linenum);
 			cp = strtok(NULL, WHITESPACE);
 			if (!cp)
 				fatal("%s line %d: missing port number.\n",
@@ -338,11 +362,25 @@ parse_int:
 			break;
 
 		case sHostKeyFile:
-			charptr = &options->host_key_file;
+		case sHostDSAKeyFile:
+			charptr = (opcode == sHostKeyFile ) ?
+			    &options->host_key_file : &options->host_dsa_key_file;
 			cp = strtok(NULL, WHITESPACE);
 			if (!cp) {
 				fprintf(stderr, "%s line %d: missing file name.\n",
-					filename, linenum);
+				    filename, linenum);
+				exit(1);
+			}
+			if (*charptr == NULL)
+				*charptr = tilde_expand_filename(cp, getuid());
+			break;
+
+		case sPidFile:
+			charptr = &options->pid_file;
+			cp = strtok(NULL, WHITESPACE);
+			if (!cp) {
+				fprintf(stderr, "%s line %d: missing file name.\n",
+				    filename, linenum);
 				exit(1);
 			}
 			if (*charptr == NULL)
@@ -416,6 +454,10 @@ parse_flag:
 			intptr = &options->rsa_authentication;
 			goto parse_flag;
 
+		case sDSAAuthentication:
+			intptr = &options->dsa_authentication;
+			goto parse_flag;
+
 #ifdef KRB4
 		case sKerberosAuthentication:
 			intptr = &options->kerberos_authentication;
@@ -482,13 +524,17 @@ parse_flag:
 			intptr = &options->use_login;
 			goto parse_flag;
 
+		case sGatewayPorts:
+			intptr = &options->gateway_ports;
+			goto parse_flag;
+
 		case sLogFacility:
 			intptr = (int *) &options->log_facility;
 			cp = strtok(NULL, WHITESPACE);
 			value = log_facility_number(cp);
 			if (value == (SyslogFacility) - 1)
 				fatal("%.200s line %d: unsupported log facility '%s'\n",
-				  filename, linenum, cp ? cp : "<NONE>");
+				    filename, linenum, cp ? cp : "<NONE>");
 			if (*intptr == -1)
 				*intptr = (SyslogFacility) value;
 			break;
@@ -499,55 +545,67 @@ parse_flag:
 			value = log_level_number(cp);
 			if (value == (LogLevel) - 1)
 				fatal("%.200s line %d: unsupported log level '%s'\n",
-				  filename, linenum, cp ? cp : "<NONE>");
+				    filename, linenum, cp ? cp : "<NONE>");
 			if (*intptr == -1)
 				*intptr = (LogLevel) value;
 			break;
 
 		case sAllowUsers:
 			while ((cp = strtok(NULL, WHITESPACE))) {
-				if (options->num_allow_users >= MAX_ALLOW_USERS) {
-					fprintf(stderr, "%s line %d: too many allow users.\n",
-						filename, linenum);
-					exit(1);
-				}
+				if (options->num_allow_users >= MAX_ALLOW_USERS)
+					fatal("%s line %d: too many allow users.\n",
+					    filename, linenum);
 				options->allow_users[options->num_allow_users++] = xstrdup(cp);
 			}
 			break;
 
 		case sDenyUsers:
 			while ((cp = strtok(NULL, WHITESPACE))) {
-				if (options->num_deny_users >= MAX_DENY_USERS) {
-					fprintf(stderr, "%s line %d: too many deny users.\n",
-						filename, linenum);
-					exit(1);
-				}
+				if (options->num_deny_users >= MAX_DENY_USERS)
+					fatal( "%s line %d: too many deny users.\n",
+					    filename, linenum);
 				options->deny_users[options->num_deny_users++] = xstrdup(cp);
 			}
 			break;
 
 		case sAllowGroups:
 			while ((cp = strtok(NULL, WHITESPACE))) {
-				if (options->num_allow_groups >= MAX_ALLOW_GROUPS) {
-					fprintf(stderr, "%s line %d: too many allow groups.\n",
-						filename, linenum);
-					exit(1);
-				}
+				if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
+					fatal("%s line %d: too many allow groups.\n",
+					    filename, linenum);
 				options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
 			}
 			break;
 
 		case sDenyGroups:
 			while ((cp = strtok(NULL, WHITESPACE))) {
-				if (options->num_deny_groups >= MAX_DENY_GROUPS) {
-					fprintf(stderr, "%s line %d: too many deny groups.\n",
-						filename, linenum);
-					exit(1);
-				}
+				if (options->num_deny_groups >= MAX_DENY_GROUPS)
+					fatal("%s line %d: too many deny groups.\n",
+					    filename, linenum);
 				options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
 			}
 			break;
 
+		case sCiphers:
+			cp = strtok(NULL, WHITESPACE);
+			if (!ciphers_valid(cp))
+				fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
+				    filename, linenum, cp ? cp : "<NONE>");
+			if (options->ciphers == NULL)
+				options->ciphers = xstrdup(cp);
+			break;
+
+		case sProtocol:
+			intptr = &options->protocol;
+			cp = strtok(NULL, WHITESPACE);
+			value = proto_spec(cp);
+			if (value == SSH_PROTO_UNKNOWN)
+				fatal("%s line %d: Bad protocol spec '%s'.",
+				      filename, linenum, cp ? cp : "<NONE>");
+			if (*intptr == SSH_PROTO_UNKNOWN)
+				*intptr = value;
+			break;
+
 		default:
 			fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
 				filename, linenum, cp, opcode);