63 initialize_server_options(ServerOptions *options)  in initialize_server_options()  argument
65 	memset(options, 0, sizeof(*options));  in initialize_server_options()
68 	options->use_pam = -1;  in initialize_server_options()
71 	options->num_ports = 0;  in initialize_server_options()
72 	options->ports_from_cmdline = 0;  in initialize_server_options()
73 	options->listen_addrs = NULL;  in initialize_server_options()
74 	options->address_family = -1;  in initialize_server_options()
75 	options->num_host_key_files = 0;  in initialize_server_options()
76 	options->num_host_cert_files = 0;  in initialize_server_options()
77 	options->pid_file = NULL;  in initialize_server_options()
78 	options->server_key_bits = -1;  in initialize_server_options()
79 	options->login_grace_time = -1;  in initialize_server_options()
80 	options->key_regeneration_time = -1;  in initialize_server_options()
81 	options->permit_root_login = PERMIT_NOT_SET;  in initialize_server_options()
82 	options->ignore_rhosts = -1;  in initialize_server_options()
83 	options->ignore_user_known_hosts = -1;  in initialize_server_options()
84 	options->print_motd = -1;  in initialize_server_options()
85 	options->print_lastlog = -1;  in initialize_server_options()
86 	options->x11_forwarding = -1;  in initialize_server_options()
87 	options->x11_display_offset = -1;  in initialize_server_options()
88 	options->x11_use_localhost = -1;  in initialize_server_options()
89 	options->xauth_location = NULL;  in initialize_server_options()
90 	options->strict_modes = -1;  in initialize_server_options()
91 	options->tcp_keep_alive = -1;  in initialize_server_options()
92 	options->log_facility = SYSLOG_FACILITY_NOT_SET;  in initialize_server_options()
93 	options->log_level = SYSLOG_LEVEL_NOT_SET;  in initialize_server_options()
94 	options->rhosts_rsa_authentication = -1;  in initialize_server_options()
95 	options->hostbased_authentication = -1;  in initialize_server_options()
96 	options->hostbased_uses_name_from_packet_only = -1;  in initialize_server_options()
97 	options->rsa_authentication = -1;  in initialize_server_options()
98 	options->pubkey_authentication = -1;  in initialize_server_options()
99 	options->kerberos_authentication = -1;  in initialize_server_options()
100 	options->kerberos_or_local_passwd = -1;  in initialize_server_options()
101 	options->kerberos_ticket_cleanup = -1;  in initialize_server_options()
102 	options->kerberos_get_afs_token = -1;  in initialize_server_options()
103 	options->gss_authentication=-1;  in initialize_server_options()
104 	options->gss_cleanup_creds = -1;  in initialize_server_options()
105 	options->password_authentication = -1;  in initialize_server_options()
106 	options->kbd_interactive_authentication = -1;  in initialize_server_options()
107 	options->challenge_response_authentication = -1;  in initialize_server_options()
108 	options->permit_empty_passwd = -1;  in initialize_server_options()
109 	options->permit_user_env = -1;  in initialize_server_options()
110 	options->use_login = -1;  in initialize_server_options()
111 	options->compression = -1;  in initialize_server_options()
112 	options->allow_tcp_forwarding = -1;  in initialize_server_options()
113 	options->allow_agent_forwarding = -1;  in initialize_server_options()
114 	options->num_allow_users = 0;  in initialize_server_options()
115 	options->num_deny_users = 0;  in initialize_server_options()
116 	options->num_allow_groups = 0;  in initialize_server_options()
117 	options->num_deny_groups = 0;  in initialize_server_options()
118 	options->ciphers = NULL;  in initialize_server_options()
119 	options->macs = NULL;  in initialize_server_options()
120 	options->kex_algorithms = NULL;  in initialize_server_options()
121 	options->protocol = SSH_PROTO_UNKNOWN;  in initialize_server_options()
122 	options->gateway_ports = -1;  in initialize_server_options()
123 	options->num_subsystems = 0;  in initialize_server_options()
124 	options->max_startups_begin = -1;  in initialize_server_options()
125 	options->max_startups_rate = -1;  in initialize_server_options()
126 	options->max_startups = -1;  in initialize_server_options()
127 	options->max_authtries = -1;  in initialize_server_options()
128 	options->max_sessions = -1;  in initialize_server_options()
129 	options->banner = NULL;  in initialize_server_options()
130 	options->use_dns = -1;  in initialize_server_options()
131 	options->client_alive_interval = -1;  in initialize_server_options()
132 	options->client_alive_count_max = -1;  in initialize_server_options()
133 	options->num_authkeys_files = 0;  in initialize_server_options()
134 	options->num_accept_env = 0;  in initialize_server_options()
135 	options->permit_tun = -1;  in initialize_server_options()
136 	options->num_permitted_opens = -1;  in initialize_server_options()
137 	options->adm_forced_command = NULL;  in initialize_server_options()
138 	options->chroot_directory = NULL;  in initialize_server_options()
139 	options->zero_knowledge_password_authentication = -1;  in initialize_server_options()
140 	options->revoked_keys_file = NULL;  in initialize_server_options()
141 	options->trusted_user_ca_keys = NULL;  in initialize_server_options()
142 	options->authorized_principals_file = NULL;  in initialize_server_options()
143 	options->ip_qos_interactive = -1;  in initialize_server_options()
144 	options->ip_qos_bulk = -1;  in initialize_server_options()
148 fill_default_server_options(ServerOptions *options)  in fill_default_server_options()  argument
151 	if (options->use_pam == -1)  in fill_default_server_options()
152 		options->use_pam = 0;  in fill_default_server_options()
155 	if (options->protocol == SSH_PROTO_UNKNOWN)  in fill_default_server_options()
156 		options->protocol = SSH_PROTO_2;  in fill_default_server_options()
157 	if (options->num_host_key_files == 0) {  in fill_default_server_options()
159 		if (options->protocol & SSH_PROTO_1)  in fill_default_server_options()
160 			options->host_key_files[options->num_host_key_files++] =  in fill_default_server_options()
162 		if (options->protocol & SSH_PROTO_2) {  in fill_default_server_options()
163 			options->host_key_files[options->num_host_key_files++] =  in fill_default_server_options()
165 			options->host_key_files[options->num_host_key_files++] =  in fill_default_server_options()
168 			options->host_key_files[options->num_host_key_files++] =  in fill_default_server_options()
174 	if (options->num_ports == 0)  in fill_default_server_options()
175 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;  in fill_default_server_options()
176 	if (options->listen_addrs == NULL)  in fill_default_server_options()
177 		add_listen_addr(options, NULL, 0);  in fill_default_server_options()
178 	if (options->pid_file == NULL)  in fill_default_server_options()
179 		options->pid_file = _PATH_SSH_DAEMON_PID_FILE;  in fill_default_server_options()
180 	if (options->server_key_bits == -1)  in fill_default_server_options()
181 		options->server_key_bits = 1024;  in fill_default_server_options()
182 	if (options->login_grace_time == -1)  in fill_default_server_options()
183 		options->login_grace_time = 120;  in fill_default_server_options()
184 	if (options->key_regeneration_time == -1)  in fill_default_server_options()
185 		options->key_regeneration_time = 3600;  in fill_default_server_options()
186 	if (options->permit_root_login == PERMIT_NOT_SET)  in fill_default_server_options()
187 		options->permit_root_login = PERMIT_YES;  in fill_default_server_options()
188 	if (options->ignore_rhosts == -1)  in fill_default_server_options()
189 		options->ignore_rhosts = 1;  in fill_default_server_options()
190 	if (options->ignore_user_known_hosts == -1)  in fill_default_server_options()
191 		options->ignore_user_known_hosts = 0;  in fill_default_server_options()
192 	if (options->print_motd == -1)  in fill_default_server_options()
193 		options->print_motd = 1;  in fill_default_server_options()
194 	if (options->print_lastlog == -1)  in fill_default_server_options()
195 		options->print_lastlog = 1;  in fill_default_server_options()
196 	if (options->x11_forwarding == -1)  in fill_default_server_options()
197 		options->x11_forwarding = 0;  in fill_default_server_options()
198 	if (options->x11_display_offset == -1)  in fill_default_server_options()
199 		options->x11_display_offset = 10;  in fill_default_server_options()
200 	if (options->x11_use_localhost == -1)  in fill_default_server_options()
201 		options->x11_use_localhost = 1;  in fill_default_server_options()
202 	if (options->xauth_location == NULL)  in fill_default_server_options()
203 		options->xauth_location = _PATH_XAUTH;  in fill_default_server_options()
204 	if (options->strict_modes == -1)  in fill_default_server_options()
205 		options->strict_modes = 1;  in fill_default_server_options()
206 	if (options->tcp_keep_alive == -1)  in fill_default_server_options()
207 		options->tcp_keep_alive = 1;  in fill_default_server_options()
208 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)  in fill_default_server_options()
209 		options->log_facility = SYSLOG_FACILITY_AUTH;  in fill_default_server_options()
210 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)  in fill_default_server_options()
211 		options->log_level = SYSLOG_LEVEL_INFO;  in fill_default_server_options()
212 	if (options->rhosts_rsa_authentication == -1)  in fill_default_server_options()
213 		options->rhosts_rsa_authentication = 0;  in fill_default_server_options()
214 	if (options->hostbased_authentication == -1)  in fill_default_server_options()
215 		options->hostbased_authentication = 0;  in fill_default_server_options()
216 	if (options->hostbased_uses_name_from_packet_only == -1)  in fill_default_server_options()
217 		options->hostbased_uses_name_from_packet_only = 0;  in fill_default_server_options()
218 	if (options->rsa_authentication == -1)  in fill_default_server_options()
219 		options->rsa_authentication = 1;  in fill_default_server_options()
220 	if (options->pubkey_authentication == -1)  in fill_default_server_options()
221 		options->pubkey_authentication = 1;  in fill_default_server_options()
222 	if (options->kerberos_authentication == -1)  in fill_default_server_options()
223 		options->kerberos_authentication = 0;  in fill_default_server_options()
224 	if (options->kerberos_or_local_passwd == -1)  in fill_default_server_options()
225 		options->kerberos_or_local_passwd = 1;  in fill_default_server_options()
226 	if (options->kerberos_ticket_cleanup == -1)  in fill_default_server_options()
227 		options->kerberos_ticket_cleanup = 1;  in fill_default_server_options()
228 	if (options->kerberos_get_afs_token == -1)  in fill_default_server_options()
229 		options->kerberos_get_afs_token = 0;  in fill_default_server_options()
230 	if (options->gss_authentication == -1)  in fill_default_server_options()
231 		options->gss_authentication = 0;  in fill_default_server_options()
232 	if (options->gss_cleanup_creds == -1)  in fill_default_server_options()
233 		options->gss_cleanup_creds = 1;  in fill_default_server_options()
234 	if (options->password_authentication == -1)  in fill_default_server_options()
235 		options->password_authentication = 1;  in fill_default_server_options()
236 	if (options->kbd_interactive_authentication == -1)  in fill_default_server_options()
237 		options->kbd_interactive_authentication = 0;  in fill_default_server_options()
238 	if (options->challenge_response_authentication == -1)  in fill_default_server_options()
239 		options->challenge_response_authentication = 1;  in fill_default_server_options()
240 	if (options->permit_empty_passwd == -1)  in fill_default_server_options()
241 		options->permit_empty_passwd = 0;  in fill_default_server_options()
242 	if (options->permit_user_env == -1)  in fill_default_server_options()
243 		options->permit_user_env = 0;  in fill_default_server_options()
244 	if (options->use_login == -1)  in fill_default_server_options()
245 		options->use_login = 0;  in fill_default_server_options()
246 	if (options->compression == -1)  in fill_default_server_options()
247 		options->compression = COMP_DELAYED;  in fill_default_server_options()
248 	if (options->allow_tcp_forwarding == -1)  in fill_default_server_options()
249 		options->allow_tcp_forwarding = 1;  in fill_default_server_options()
250 	if (options->allow_agent_forwarding == -1)  in fill_default_server_options()
251 		options->allow_agent_forwarding = 1;  in fill_default_server_options()
252 	if (options->gateway_ports == -1)  in fill_default_server_options()
253 		options->gateway_ports = 0;  in fill_default_server_options()
254 	if (options->max_startups == -1)  in fill_default_server_options()
255 		options->max_startups = 10;  in fill_default_server_options()
256 	if (options->max_startups_rate == -1)  in fill_default_server_options()
257 		options->max_startups_rate = 100;		/* 100% */  in fill_default_server_options()
258 	if (options->max_startups_begin == -1)  in fill_default_server_options()
259 		options->max_startups_begin = options->max_startups;  in fill_default_server_options()
260 	if (options->max_authtries == -1)  in fill_default_server_options()
261 		options->max_authtries = DEFAULT_AUTH_FAIL_MAX;  in fill_default_server_options()
262 	if (options->max_sessions == -1)  in fill_default_server_options()
263 		options->max_sessions = DEFAULT_SESSIONS_MAX;  in fill_default_server_options()
264 	if (options->use_dns == -1)  in fill_default_server_options()
265 		options->use_dns = 1;  in fill_default_server_options()
266 	if (options->client_alive_interval == -1)  in fill_default_server_options()
267 		options->client_alive_interval = 0;  in fill_default_server_options()
268 	if (options->client_alive_count_max == -1)  in fill_default_server_options()
269 		options->client_alive_count_max = 3;  in fill_default_server_options()
270 	if (options->num_authkeys_files == 0) {  in fill_default_server_options()
271 		options->authorized_keys_files[options->num_authkeys_files++] =  in fill_default_server_options()
273 		options->authorized_keys_files[options->num_authkeys_files++] =  in fill_default_server_options()
276 	if (options->permit_tun == -1)  in fill_default_server_options()
277 		options->permit_tun = SSH_TUNMODE_NO;  in fill_default_server_options()
278 	if (options->zero_knowledge_password_authentication == -1)  in fill_default_server_options()
279 		options->zero_knowledge_password_authentication = 0;  in fill_default_server_options()
280 	if (options->ip_qos_interactive == -1)  in fill_default_server_options()
281 		options->ip_qos_interactive = IPTOS_LOWDELAY;  in fill_default_server_options()
282 	if (options->ip_qos_bulk == -1)  in fill_default_server_options()
283 		options->ip_qos_bulk = IPTOS_THROUGHPUT;  in fill_default_server_options()
290 	if (use_privsep && options->compression == 1) {  in fill_default_server_options()
294 		options->compression = 0;  in fill_default_server_options()
506 add_listen_addr(ServerOptions *options, char *addr, int port)  in add_listen_addr()  argument
510 	if (options->num_ports == 0)  in add_listen_addr()
511 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;  in add_listen_addr()
512 	if (options->address_family == -1)  in add_listen_addr()
513 		options->address_family = AF_UNSPEC;  in add_listen_addr()
515 		for (i = 0; i < options->num_ports; i++)  in add_listen_addr()
516 			add_one_listen_addr(options, addr, options->ports[i]);  in add_listen_addr()
518 		add_one_listen_addr(options, addr, port);  in add_listen_addr()
522 add_one_listen_addr(ServerOptions *options, char *addr, int port)  in add_one_listen_addr()  argument
529 	hints.ai_family = options->address_family;  in add_one_listen_addr()
539 	ai->ai_next = options->listen_addrs;  in add_one_listen_addr()
540 	options->listen_addrs = aitop;  in add_one_listen_addr()
716 process_server_config_line(ServerOptions *options, char *line,  in process_server_config_line()  argument
762 		intptr = &options->use_pam;  in process_server_config_line()
770 		if (options->ports_from_cmdline)  in process_server_config_line()
772 		if (options->listen_addrs != NULL)  in process_server_config_line()
775 		if (options->num_ports >= MAX_PORTS)  in process_server_config_line()
782 		options->ports[options->num_ports++] = a2port(arg);  in process_server_config_line()
783 		if (options->ports[options->num_ports-1] <= 0)  in process_server_config_line()
789 		intptr = &options->server_key_bits;  in process_server_config_line()
801 		intptr = &options->login_grace_time;  in process_server_config_line()
815 		intptr = &options->key_regeneration_time;  in process_server_config_line()
826 			add_listen_addr(options, arg, 0);  in process_server_config_line()
839 		add_listen_addr(options, p, port);  in process_server_config_line()
844 		intptr = &options->address_family;  in process_server_config_line()
846 		if (options->listen_addrs != NULL)  in process_server_config_line()
869 		intptr = &options->num_host_key_files;  in process_server_config_line()
873 		charptr = &options->host_key_files[*intptr];  in process_server_config_line()
888 		intptr = &options->num_host_cert_files;  in process_server_config_line()
893 		charptr = &options->host_cert_files[*intptr];  in process_server_config_line()
898 		charptr = &options->pid_file;  in process_server_config_line()
902 		intptr = &options->permit_root_login;  in process_server_config_line()
907 		intptr = &options->ignore_rhosts;  in process_server_config_line()
926 		intptr = &options->ignore_user_known_hosts;  in process_server_config_line()
930 		intptr = &options->rhosts_rsa_authentication;  in process_server_config_line()
934 		intptr = &options->hostbased_authentication;  in process_server_config_line()
938 		intptr = &options->hostbased_uses_name_from_packet_only;  in process_server_config_line()
942 		intptr = &options->rsa_authentication;  in process_server_config_line()
946 		intptr = &options->pubkey_authentication;  in process_server_config_line()
950 		intptr = &options->kerberos_authentication;  in process_server_config_line()
954 		intptr = &options->kerberos_or_local_passwd;  in process_server_config_line()
958 		intptr = &options->kerberos_ticket_cleanup;  in process_server_config_line()
962 		intptr = &options->kerberos_get_afs_token;  in process_server_config_line()
966 		intptr = &options->gss_authentication;  in process_server_config_line()
970 		intptr = &options->gss_cleanup_creds;  in process_server_config_line()
974 		intptr = &options->password_authentication;  in process_server_config_line()
978 		intptr = &options->zero_knowledge_password_authentication;  in process_server_config_line()
982 		intptr = &options->kbd_interactive_authentication;  in process_server_config_line()
986 		intptr = &options->challenge_response_authentication;  in process_server_config_line()
990 		intptr = &options->print_motd;  in process_server_config_line()
994 		intptr = &options->print_lastlog;  in process_server_config_line()
998 		intptr = &options->x11_forwarding;  in process_server_config_line()
1002 		intptr = &options->x11_display_offset;  in process_server_config_line()
1006 		intptr = &options->x11_use_localhost;  in process_server_config_line()
1010 		charptr = &options->xauth_location;  in process_server_config_line()
1014 		intptr = &options->strict_modes;  in process_server_config_line()
1018 		intptr = &options->tcp_keep_alive;  in process_server_config_line()
1022 		intptr = &options->permit_empty_passwd;  in process_server_config_line()
1026 		intptr = &options->permit_user_env;  in process_server_config_line()
1030 		intptr = &options->use_login;  in process_server_config_line()
1034 		intptr = &options->compression;  in process_server_config_line()
1039 		intptr = &options->gateway_ports;  in process_server_config_line()
1044 		intptr = &options->use_dns;  in process_server_config_line()
1048 		log_facility_ptr = &options->log_facility;  in process_server_config_line()
1059 		log_level_ptr = &options->log_level;  in process_server_config_line()
1070 		intptr = &options->allow_tcp_forwarding;  in process_server_config_line()
1074 		intptr = &options->allow_agent_forwarding;  in process_server_config_line()
1084 			if (options->num_allow_users >= MAX_ALLOW_USERS)  in process_server_config_line()
1087 			options->allow_users[options->num_allow_users++] =  in process_server_config_line()
1094 			if (options->num_deny_users >= MAX_DENY_USERS)  in process_server_config_line()
1097 			options->deny_users[options->num_deny_users++] =  in process_server_config_line()
1104 			if (options->num_allow_groups >= MAX_ALLOW_GROUPS)  in process_server_config_line()
1107 			options->allow_groups[options->num_allow_groups++] =  in process_server_config_line()
1114 			if (options->num_deny_groups >= MAX_DENY_GROUPS)  in process_server_config_line()
1117 			options->deny_groups[options->num_deny_groups++] = xstrdup(arg);  in process_server_config_line()
1128 		if (options->ciphers == NULL)  in process_server_config_line()
1129 			options->ciphers = xstrdup(arg);  in process_server_config_line()
1139 		if (options->macs == NULL)  in process_server_config_line()
1140 			options->macs = xstrdup(arg);  in process_server_config_line()
1151 		if (options->kex_algorithms == NULL)  in process_server_config_line()
1152 			options->kex_algorithms = xstrdup(arg);  in process_server_config_line()
1156 		intptr = &options->protocol;  in process_server_config_line()
1169 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {  in process_server_config_line()
1181 		for (i = 0; i < options->num_subsystems; i++)  in process_server_config_line()
1182 			if (strcmp(arg, options->subsystem_name[i]) == 0)  in process_server_config_line()
1185 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);  in process_server_config_line()
1190 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);  in process_server_config_line()
1201 		options->subsystem_args[options->num_subsystems] = p;  in process_server_config_line()
1202 		options->num_subsystems++;  in process_server_config_line()
1211 		    &options->max_startups_begin,  in process_server_config_line()
1212 		    &options->max_startups_rate,  in process_server_config_line()
1213 		    &options->max_startups)) == 3) {  in process_server_config_line()
1214 			if (options->max_startups_begin >  in process_server_config_line()
1215 			    options->max_startups ||  in process_server_config_line()
1216 			    options->max_startups_rate > 100 ||  in process_server_config_line()
1217 			    options->max_startups_rate < 1)  in process_server_config_line()
1224 			options->max_startups = options->max_startups_begin;  in process_server_config_line()
1228 		intptr = &options->max_authtries;  in process_server_config_line()
1232 		intptr = &options->max_sessions;  in process_server_config_line()
1236 		charptr = &options->banner;  in process_server_config_line()
1246 		if (*activep && options->num_authkeys_files == 0) {  in process_server_config_line()
1248 				if (options->num_authkeys_files >=  in process_server_config_line()
1253 				options->authorized_keys_files[  in process_server_config_line()
1254 				    options->num_authkeys_files++] =  in process_server_config_line()
1261 		charptr = &options->authorized_principals_file;  in process_server_config_line()
1275 		intptr = &options->client_alive_interval;  in process_server_config_line()
1279 		intptr = &options->client_alive_count_max;  in process_server_config_line()
1287 			if (options->num_accept_env >= MAX_ACCEPT_ENV)  in process_server_config_line()
1292 			options->accept_env[options->num_accept_env++] =  in process_server_config_line()
1298 		intptr = &options->permit_tun;  in process_server_config_line()
1332 		n = options->num_permitted_opens;	/* modified later */  in process_server_config_line()
1336 				options->num_permitted_opens = 0;  in process_server_config_line()
1352 				options->num_permitted_opens =  in process_server_config_line()
1362 		if (*activep && options->adm_forced_command == NULL)  in process_server_config_line()
1363 			options->adm_forced_command = xstrdup(cp + len);  in process_server_config_line()
1367 		charptr = &options->chroot_directory;  in process_server_config_line()
1378 		charptr = &options->trusted_user_ca_keys;  in process_server_config_line()
1382 		charptr = &options->revoked_keys_file;  in process_server_config_line()
1397 			options->ip_qos_interactive = value;  in process_server_config_line()
1398 			options->ip_qos_bulk = value2;  in process_server_config_line()
1458 parse_server_match_config(ServerOptions *options, const char *user,  in parse_server_match_config()  argument
1474 	copy_set_server_options(options, &mo, 0);  in parse_server_match_config()
1549 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,  in parse_server_config()  argument
1561 		if (process_server_config_line(options, cp, filename,  in parse_server_config()