Lines Matching refs:options
60 /* Initializes the server options to their default values. */
63 initialize_server_options(ServerOptions *options)
65 memset(options, 0, sizeof(*options));
67 /* Portable-specific options */
68 options->use_pam = -1;
70 /* Standard Options */
71 options->num_ports = 0;
72 options->ports_from_cmdline = 0;
73 options->listen_addrs = NULL;
74 options->address_family = -1;
75 options->num_host_key_files = 0;
76 options->num_host_cert_files = 0;
77 options->pid_file = NULL;
78 options->server_key_bits = -1;
79 options->login_grace_time = -1;
80 options->key_regeneration_time = -1;
81 options->permit_root_login = PERMIT_NOT_SET;
82 options->ignore_rhosts = -1;
83 options->ignore_user_known_hosts = -1;
84 options->print_motd = -1;
85 options->print_lastlog = -1;
86 options->x11_forwarding = -1;
87 options->x11_display_offset = -1;
88 options->x11_use_localhost = -1;
89 options->xauth_location = NULL;
90 options->strict_modes = -1;
91 options->tcp_keep_alive = -1;
92 options->log_facility = SYSLOG_FACILITY_NOT_SET;
93 options->log_level = SYSLOG_LEVEL_NOT_SET;
94 options->rhosts_rsa_authentication = -1;
95 options->hostbased_authentication = -1;
96 options->hostbased_uses_name_from_packet_only = -1;
97 options->rsa_authentication = -1;
98 options->pubkey_authentication = -1;
99 options->kerberos_authentication = -1;
100 options->kerberos_or_local_passwd = -1;
101 options->kerberos_ticket_cleanup = -1;
102 options->kerberos_get_afs_token = -1;
103 options->gss_authentication=-1;
104 options->gss_cleanup_creds = -1;
105 options->password_authentication = -1;
106 options->kbd_interactive_authentication = -1;
107 options->challenge_response_authentication = -1;
108 options->permit_empty_passwd = -1;
109 options->permit_user_env = -1;
110 options->use_login = -1;
111 options->compression = -1;
112 options->allow_tcp_forwarding = -1;
113 options->allow_agent_forwarding = -1;
114 options->num_allow_users = 0;
115 options->num_deny_users = 0;
116 options->num_allow_groups = 0;
117 options->num_deny_groups = 0;
118 options->ciphers = NULL;
119 options->macs = NULL;
120 options->kex_algorithms = NULL;
121 options->protocol = SSH_PROTO_UNKNOWN;
122 options->gateway_ports = -1;
123 options->num_subsystems = 0;
124 options->max_startups_begin = -1;
125 options->max_startups_rate = -1;
126 options->max_startups = -1;
127 options->max_authtries = -1;
128 options->max_sessions = -1;
129 options->banner = NULL;
130 options->use_dns = -1;
131 options->client_alive_interval = -1;
132 options->client_alive_count_max = -1;
133 options->num_authkeys_files = 0;
134 options->num_accept_env = 0;
135 options->permit_tun = -1;
136 options->num_permitted_opens = -1;
137 options->adm_forced_command = NULL;
138 options->chroot_directory = NULL;
139 options->zero_knowledge_password_authentication = -1;
140 options->revoked_keys_file = NULL;
141 options->trusted_user_ca_keys = NULL;
142 options->authorized_principals_file = NULL;
143 options->ip_qos_interactive = -1;
144 options->ip_qos_bulk = -1;
148 fill_default_server_options(ServerOptions *options)
150 /* Portable-specific options */
151 if (options->use_pam == -1)
152 options->use_pam = 0;
154 /* Standard Options */
155 if (options->protocol == SSH_PROTO_UNKNOWN)
156 options->protocol = SSH_PROTO_2;
157 if (options->num_host_key_files == 0) {
159 if (options->protocol & SSH_PROTO_1)
160 options->host_key_files[options->num_host_key_files++] =
162 if (options->protocol & SSH_PROTO_2) {
163 options->host_key_files[options->num_host_key_files++] =
165 options->host_key_files[options->num_host_key_files++] =
168 options->host_key_files[options->num_host_key_files++] =
174 if (options->num_ports == 0)
175 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
176 if (options->listen_addrs == NULL)
177 add_listen_addr(options, NULL, 0);
178 if (options->pid_file == NULL)
179 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
180 if (options->server_key_bits == -1)
181 options->server_key_bits = 1024;
182 if (options->login_grace_time == -1)
183 options->login_grace_time = 120;
184 if (options->key_regeneration_time == -1)
185 options->key_regeneration_time = 3600;
186 if (options->permit_root_login == PERMIT_NOT_SET)
187 options->permit_root_login = PERMIT_YES;
188 if (options->ignore_rhosts == -1)
189 options->ignore_rhosts = 1;
190 if (options->ignore_user_known_hosts == -1)
191 options->ignore_user_known_hosts = 0;
192 if (options->print_motd == -1)
193 options->print_motd = 1;
194 if (options->print_lastlog == -1)
195 options->print_lastlog = 1;
196 if (options->x11_forwarding == -1)
197 options->x11_forwarding = 0;
198 if (options->x11_display_offset == -1)
199 options->x11_display_offset = 10;
200 if (options->x11_use_localhost == -1)
201 options->x11_use_localhost = 1;
202 if (options->xauth_location == NULL)
203 options->xauth_location = _PATH_XAUTH;
204 if (options->strict_modes == -1)
205 options->strict_modes = 1;
206 if (options->tcp_keep_alive == -1)
207 options->tcp_keep_alive = 1;
208 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
209 options->log_facility = SYSLOG_FACILITY_AUTH;
210 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
211 options->log_level = SYSLOG_LEVEL_INFO;
212 if (options->rhosts_rsa_authentication == -1)
213 options->rhosts_rsa_authentication = 0;
214 if (options->hostbased_authentication == -1)
215 options->hostbased_authentication = 0;
216 if (options->hostbased_uses_name_from_packet_only == -1)
217 options->hostbased_uses_name_from_packet_only = 0;
218 if (options->rsa_authentication == -1)
219 options->rsa_authentication = 1;
220 if (options->pubkey_authentication == -1)
221 options->pubkey_authentication = 1;
222 if (options->kerberos_authentication == -1)
223 options->kerberos_authentication = 0;
224 if (options->kerberos_or_local_passwd == -1)
225 options->kerberos_or_local_passwd = 1;
226 if (options->kerberos_ticket_cleanup == -1)
227 options->kerberos_ticket_cleanup = 1;
228 if (options->kerberos_get_afs_token == -1)
229 options->kerberos_get_afs_token = 0;
230 if (options->gss_authentication == -1)
231 options->gss_authentication = 0;
232 if (options->gss_cleanup_creds == -1)
233 options->gss_cleanup_creds = 1;
234 if (options->password_authentication == -1)
235 options->password_authentication = 1;
236 if (options->kbd_interactive_authentication == -1)
237 options->kbd_interactive_authentication = 0;
238 if (options->challenge_response_authentication == -1)
239 options->challenge_response_authentication = 1;
240 if (options->permit_empty_passwd == -1)
241 options->permit_empty_passwd = 0;
242 if (options->permit_user_env == -1)
243 options->permit_user_env = 0;
244 if (options->use_login == -1)
245 options->use_login = 0;
246 if (options->compression == -1)
247 options->compression = COMP_DELAYED;
248 if (options->allow_tcp_forwarding == -1)
249 options->allow_tcp_forwarding = 1;
250 if (options->allow_agent_forwarding == -1)
251 options->allow_agent_forwarding = 1;
252 if (options->gateway_ports == -1)
253 options->gateway_ports = 0;
254 if (options->max_startups == -1)
255 options->max_startups = 10;
256 if (options->max_startups_rate == -1)
257 options->max_startups_rate = 100; /* 100% */
258 if (options->max_startups_begin == -1)
259 options->max_startups_begin = options->max_startups;
260 if (options->max_authtries == -1)
261 options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
262 if (options->max_sessions == -1)
263 options->max_sessions = DEFAULT_SESSIONS_MAX;
264 if (options->use_dns == -1)
265 options->use_dns = 1;
266 if (options->client_alive_interval == -1)
267 options->client_alive_interval = 0;
268 if (options->client_alive_count_max == -1)
269 options->client_alive_count_max = 3;
270 if (options->num_authkeys_files == 0) {
271 options->authorized_keys_files[options->num_authkeys_files++] =
273 options->authorized_keys_files[options->num_authkeys_files++] =
276 if (options->permit_tun == -1)
277 options->permit_tun = SSH_TUNMODE_NO;
278 if (options->zero_knowledge_password_authentication == -1)
279 options->zero_knowledge_password_authentication = 0;
280 if (options->ip_qos_interactive == -1)
281 options->ip_qos_interactive = IPTOS_LOWDELAY;
282 if (options->ip_qos_bulk == -1)
283 options->ip_qos_bulk = IPTOS_THROUGHPUT;
290 if (use_privsep && options->compression == 1) {
294 options->compression = 0;
303 /* Portable-specific options */
305 /* Standard Options */
344 /* Portable-specific options */
351 /* Standard Options */
506 add_listen_addr(ServerOptions *options, char *addr, int port)
510 if (options->num_ports == 0)
511 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
512 if (options->address_family == -1)
513 options->address_family = AF_UNSPEC;
515 for (i = 0; i < options->num_ports; i++)
516 add_one_listen_addr(options, addr, options->ports[i]);
518 add_one_listen_addr(options, addr, port);
522 add_one_listen_addr(ServerOptions *options, char *addr, int port)
529 hints.ai_family = options->address_family;
539 ai->ai_next = options->listen_addrs;
540 options->listen_addrs = aitop;
556 * options set are copied into the main server config.
716 process_server_config_line(ServerOptions *options, char *line,
760 /* Portable-specific options */
762 intptr = &options->use_pam;
765 /* Standard Options */
770 if (options->ports_from_cmdline)
772 if (options->listen_addrs != NULL)
775 if (options->num_ports >= MAX_PORTS)
782 options->ports[options->num_ports++] = a2port(arg);
783 if (options->ports[options->num_ports-1] <= 0)
789 intptr = &options->server_key_bits;
801 intptr = &options->login_grace_time;
815 intptr = &options->key_regeneration_time;
826 add_listen_addr(options, arg, 0);
839 add_listen_addr(options, p, port);
844 intptr = &options->address_family;
846 if (options->listen_addrs != NULL)
869 intptr = &options->num_host_key_files;
873 charptr = &options->host_key_files[*intptr];
888 intptr = &options->num_host_cert_files;
893 charptr = &options->host_cert_files[*intptr];
898 charptr = &options->pid_file;
902 intptr = &options->permit_root_login;
907 intptr = &options->ignore_rhosts;
926 intptr = &options->ignore_user_known_hosts;
930 intptr = &options->rhosts_rsa_authentication;
934 intptr = &options->hostbased_authentication;
938 intptr = &options->hostbased_uses_name_from_packet_only;
942 intptr = &options->rsa_authentication;
946 intptr = &options->pubkey_authentication;
950 intptr = &options->kerberos_authentication;
954 intptr = &options->kerberos_or_local_passwd;
958 intptr = &options->kerberos_ticket_cleanup;
962 intptr = &options->kerberos_get_afs_token;
966 intptr = &options->gss_authentication;
970 intptr = &options->gss_cleanup_creds;
974 intptr = &options->password_authentication;
978 intptr = &options->zero_knowledge_password_authentication;
982 intptr = &options->kbd_interactive_authentication;
986 intptr = &options->challenge_response_authentication;
990 intptr = &options->print_motd;
994 intptr = &options->print_lastlog;
998 intptr = &options->x11_forwarding;
1002 intptr = &options->x11_display_offset;
1006 intptr = &options->x11_use_localhost;
1010 charptr = &options->xauth_location;
1014 intptr = &options->strict_modes;
1018 intptr = &options->tcp_keep_alive;
1022 intptr = &options->permit_empty_passwd;
1026 intptr = &options->permit_user_env;
1030 intptr = &options->use_login;
1034 intptr = &options->compression;
1039 intptr = &options->gateway_ports;
1044 intptr = &options->use_dns;
1048 log_facility_ptr = &options->log_facility;
1059 log_level_ptr = &options->log_level;
1070 intptr = &options->allow_tcp_forwarding;
1074 intptr = &options->allow_agent_forwarding;
1084 if (options->num_allow_users >= MAX_ALLOW_USERS)
1087 options->allow_users[options->num_allow_users++] =
1094 if (options->num_deny_users >= MAX_DENY_USERS)
1097 options->deny_users[options->num_deny_users++] =
1104 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
1107 options->allow_groups[options->num_allow_groups++] =
1114 if (options->num_deny_groups >= MAX_DENY_GROUPS)
1117 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
1128 if (options->ciphers == NULL)
1129 options->ciphers = xstrdup(arg);
1139 if (options->macs == NULL)
1140 options->macs = xstrdup(arg);
1151 if (options->kex_algorithms == NULL)
1152 options->kex_algorithms = xstrdup(arg);
1156 intptr = &options->protocol;
1169 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1181 for (i = 0; i < options->num_subsystems; i++)
1182 if (strcmp(arg, options->subsystem_name[i]) == 0)
1185 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1190 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1201 options->subsystem_args[options->num_subsystems] = p;
1202 options->num_subsystems++;
1211 &options->max_startups_begin,
1212 &options->max_startups_rate,
1213 &options->max_startups)) == 3) {
1214 if (options->max_startups_begin >
1215 options->max_startups ||
1216 options->max_startups_rate > 100 ||
1217 options->max_startups_rate < 1)
1224 options->max_startups = options->max_startups_begin;
1228 intptr = &options->max_authtries;
1232 intptr = &options->max_sessions;
1236 charptr = &options->banner;
1240 * These options can contain %X options expanded at
1246 if (*activep && options->num_authkeys_files == 0) {
1248 if (options->num_authkeys_files >=
1253 options->authorized_keys_files[
1254 options->num_authkeys_files++] =
1261 charptr = &options->authorized_principals_file;
1275 intptr = &options->client_alive_interval;
1279 intptr = &options->client_alive_count_max;
1287 if (options->num_accept_env >= MAX_ACCEPT_ENV)
1292 options->accept_env[options->num_accept_env++] =
1298 intptr = &options->permit_tun;
1332 n = options->num_permitted_opens; /* modified later */
1336 options->num_permitted_opens = 0;
1352 options->num_permitted_opens =
1362 if (*activep && options->adm_forced_command == NULL)
1363 options->adm_forced_command = xstrdup(cp + len);
1367 charptr = &options->chroot_directory;
1378 charptr = &options->trusted_user_ca_keys;
1382 charptr = &options->revoked_keys_file;
1397 options->ip_qos_interactive = value;
1398 options->ip_qos_bulk = value2;
1458 parse_server_match_config(ServerOptions *options, const char *user,
1474 copy_set_server_options(options, &mo, 0);
1534 * The only things that should be below this point are string options
1549 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
1561 if (process_server_config_line(options, cp, filename,
1567 fatal("%s: terminating, %d bad configuration options",
