1*ba1276acSMatthew Dillon /* $OpenBSD: servconf.h,v 1.165 2024/06/12 22:36:00 djm Exp $ */ 218de8d7fSPeter Avalos 318de8d7fSPeter Avalos /* 418de8d7fSPeter Avalos * Author: Tatu Ylonen <ylo@cs.hut.fi> 518de8d7fSPeter Avalos * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 618de8d7fSPeter Avalos * All rights reserved 718de8d7fSPeter Avalos * Definitions for server configuration data and for the functions reading it. 818de8d7fSPeter Avalos * 918de8d7fSPeter Avalos * As far as I am concerned, the code I have written for this software 1018de8d7fSPeter Avalos * can be used freely for any purpose. Any derived versions of this 1118de8d7fSPeter Avalos * software must be clearly marked as such, and if the derived work is 1218de8d7fSPeter Avalos * incompatible with the protocol description in the RFC file, it must be 1318de8d7fSPeter Avalos * called by a name other than "ssh" or "Secure Shell". 1418de8d7fSPeter Avalos */ 1518de8d7fSPeter Avalos 1618de8d7fSPeter Avalos #ifndef SERVCONF_H 1718de8d7fSPeter Avalos #define SERVCONF_H 1818de8d7fSPeter Avalos 190cbfa66cSDaniel Fojt #include <openbsd-compat/sys-queue.h> 200cbfa66cSDaniel Fojt 2118de8d7fSPeter Avalos #define MAX_PORTS 256 /* Max # ports. */ 2218de8d7fSPeter Avalos 2318de8d7fSPeter Avalos /* permit_root_login */ 2418de8d7fSPeter Avalos #define PERMIT_NOT_SET -1 2518de8d7fSPeter Avalos #define PERMIT_NO 0 2618de8d7fSPeter Avalos #define PERMIT_FORCED_ONLY 1 2718de8d7fSPeter Avalos #define PERMIT_NO_PASSWD 2 2818de8d7fSPeter Avalos #define PERMIT_YES 3 2918de8d7fSPeter Avalos 30ce74bacaSMatthew Dillon /* PermitOpen */ 31ce74bacaSMatthew Dillon #define PERMITOPEN_ANY 0 32ce74bacaSMatthew Dillon #define PERMITOPEN_NONE -2 33ce74bacaSMatthew Dillon 340cbfa66cSDaniel Fojt /* IgnoreRhosts */ 350cbfa66cSDaniel Fojt #define IGNORE_RHOSTS_NO 0 360cbfa66cSDaniel Fojt #define IGNORE_RHOSTS_YES 1 370cbfa66cSDaniel Fojt #define IGNORE_RHOSTS_SHOSTS 2 380cbfa66cSDaniel Fojt 3918de8d7fSPeter Avalos #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ 4018de8d7fSPeter Avalos #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ 4118de8d7fSPeter Avalos 4218de8d7fSPeter Avalos /* Magic name for internal sftp-server */ 4318de8d7fSPeter Avalos #define INTERNAL_SFTP_NAME "internal-sftp" 4418de8d7fSPeter Avalos 450cbfa66cSDaniel Fojt /* PubkeyAuthOptions flags */ 4650a69bb5SSascha Wildner #define PUBKEYAUTH_TOUCH_REQUIRED (1) 4750a69bb5SSascha Wildner #define PUBKEYAUTH_VERIFY_REQUIRED (1<<1) 480cbfa66cSDaniel Fojt 49ce74bacaSMatthew Dillon struct ssh; 50ce74bacaSMatthew Dillon 51664f4763Szrj /* 52664f4763Szrj * Used to store addresses from ListenAddr directives. These may be 53664f4763Szrj * incomplete, as they may specify addresses that need to be merged 54664f4763Szrj * with any ports requested by ListenPort. 55664f4763Szrj */ 56664f4763Szrj struct queued_listenaddr { 57664f4763Szrj char *addr; 58664f4763Szrj int port; /* <=0 if unspecified */ 59664f4763Szrj char *rdomain; 60664f4763Szrj }; 61664f4763Szrj 62664f4763Szrj /* Resolved listen addresses, grouped by optional routing domain */ 63664f4763Szrj struct listenaddr { 64664f4763Szrj char *rdomain; 65664f4763Szrj struct addrinfo *addrs; 66664f4763Szrj }; 67664f4763Szrj 68*ba1276acSMatthew Dillon #define PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL 1 69*ba1276acSMatthew Dillon #define PER_SOURCE_PENALTY_OVERFLOW_PERMISSIVE 2 70*ba1276acSMatthew Dillon struct per_source_penalty { 71*ba1276acSMatthew Dillon int enabled; 72*ba1276acSMatthew Dillon int max_sources4; 73*ba1276acSMatthew Dillon int max_sources6; 74*ba1276acSMatthew Dillon int overflow_mode; 75*ba1276acSMatthew Dillon int overflow_mode6; 76*ba1276acSMatthew Dillon int penalty_crash; 77*ba1276acSMatthew Dillon int penalty_grace; 78*ba1276acSMatthew Dillon int penalty_authfail; 79*ba1276acSMatthew Dillon int penalty_noauth; 80*ba1276acSMatthew Dillon int penalty_max; 81*ba1276acSMatthew Dillon int penalty_min; 82*ba1276acSMatthew Dillon }; 83*ba1276acSMatthew Dillon 8418de8d7fSPeter Avalos typedef struct { 8518de8d7fSPeter Avalos u_int num_ports; 8618de8d7fSPeter Avalos u_int ports_from_cmdline; 87cb5eb4f1SPeter Avalos int ports[MAX_PORTS]; /* Port number to listen on. */ 88664f4763Szrj struct queued_listenaddr *queued_listen_addrs; 89e9778795SPeter Avalos u_int num_queued_listens; 90664f4763Szrj struct listenaddr *listen_addrs; 91664f4763Szrj u_int num_listen_addrs; 9218de8d7fSPeter Avalos int address_family; /* Address family used by the server. */ 93664f4763Szrj 94664f4763Szrj char *routing_domain; /* Bind session to routing domain */ 95664f4763Szrj 96664f4763Szrj char **host_key_files; /* Files containing host keys. */ 97664f4763Szrj int *host_key_file_userprovided; /* Key was specified by user. */ 98664f4763Szrj u_int num_host_key_files; /* Number of files for host keys. */ 99664f4763Szrj char **host_cert_files; /* Files containing host certs. */ 100664f4763Szrj u_int num_host_cert_files; /* Number of files for host certs. */ 101664f4763Szrj 10236e94dc5SPeter Avalos char *host_key_agent; /* ssh-agent socket for host keys. */ 10318de8d7fSPeter Avalos char *pid_file; /* Where to put our pid */ 10450a69bb5SSascha Wildner char *moduli_file; /* moduli file for DH-GEX */ 10518de8d7fSPeter Avalos int login_grace_time; /* Disconnect if no auth in this time 10618de8d7fSPeter Avalos * (sec). */ 10718de8d7fSPeter Avalos int permit_root_login; /* PERMIT_*, see above */ 10818de8d7fSPeter Avalos int ignore_rhosts; /* Ignore .rhosts and .shosts. */ 10918de8d7fSPeter Avalos int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts 11018de8d7fSPeter Avalos * for RhostsRsaAuth */ 11118de8d7fSPeter Avalos int print_motd; /* If true, print /etc/motd. */ 11218de8d7fSPeter Avalos int print_lastlog; /* If true, print lastlog */ 11318de8d7fSPeter Avalos int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ 11418de8d7fSPeter Avalos int x11_display_offset; /* What DISPLAY number to start 11518de8d7fSPeter Avalos * searching at */ 11618de8d7fSPeter Avalos int x11_use_localhost; /* If true, use localhost for fake X11 server. */ 11718de8d7fSPeter Avalos char *xauth_location; /* Location of xauth program */ 11836e94dc5SPeter Avalos int permit_tty; /* If false, deny pty allocation */ 11936e94dc5SPeter Avalos int permit_user_rc; /* If false, deny ~/.ssh/rc execution */ 12018de8d7fSPeter Avalos int strict_modes; /* If true, require string home dir modes. */ 12118de8d7fSPeter Avalos int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ 1229f304aafSPeter Avalos int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ 1239f304aafSPeter Avalos int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ 12418de8d7fSPeter Avalos char *ciphers; /* Supported SSH2 ciphers. */ 12518de8d7fSPeter Avalos char *macs; /* Supported SSH2 macs. */ 1269f304aafSPeter Avalos char *kex_algorithms; /* SSH2 kex methods in order of preference. */ 12736e94dc5SPeter Avalos struct ForwardOptions fwd_opts; /* forwarding options */ 12818de8d7fSPeter Avalos SyslogFacility log_facility; /* Facility for system logging. */ 12918de8d7fSPeter Avalos LogLevel log_level; /* Level for system logging. */ 13050a69bb5SSascha Wildner u_int num_log_verbose; /* Verbose log overrides */ 13150a69bb5SSascha Wildner char **log_verbose; 13218de8d7fSPeter Avalos int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ 13318de8d7fSPeter Avalos int hostbased_uses_name_from_packet_only; /* experimental */ 13450a69bb5SSascha Wildner char *hostbased_accepted_algos; /* Algos allowed for hostbased */ 135e9778795SPeter Avalos char *hostkeyalgorithms; /* SSH2 server key types */ 136664f4763Szrj char *ca_sign_algorithms; /* Allowed CA signature algorithms */ 13718de8d7fSPeter Avalos int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ 13850a69bb5SSascha Wildner char *pubkey_accepted_algos; /* Signature algos allowed for pubkey */ 1390cbfa66cSDaniel Fojt int pubkey_auth_options; /* -1 or mask of PUBKEYAUTH_* flags */ 14018de8d7fSPeter Avalos int kerberos_authentication; /* If true, permit Kerberos 14118de8d7fSPeter Avalos * authentication. */ 14218de8d7fSPeter Avalos int kerberos_or_local_passwd; /* If true, permit kerberos 14318de8d7fSPeter Avalos * and any other password 14418de8d7fSPeter Avalos * authentication mechanism, 14518de8d7fSPeter Avalos * such as SecurID or 14618de8d7fSPeter Avalos * /etc/passwd */ 14718de8d7fSPeter Avalos int kerberos_ticket_cleanup; /* If true, destroy ticket 14818de8d7fSPeter Avalos * file on logout. */ 14918de8d7fSPeter Avalos int kerberos_get_afs_token; /* If true, try to get AFS token if 15018de8d7fSPeter Avalos * authenticated with Kerberos. */ 15118de8d7fSPeter Avalos int gss_authentication; /* If true, permit GSSAPI authentication */ 15218de8d7fSPeter Avalos int gss_cleanup_creds; /* If true, destroy cred cache on logout */ 153e9778795SPeter Avalos int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ 15418de8d7fSPeter Avalos int password_authentication; /* If true, permit password 15518de8d7fSPeter Avalos * authentication. */ 15618de8d7fSPeter Avalos int kbd_interactive_authentication; /* If true, permit */ 15718de8d7fSPeter Avalos int permit_empty_passwd; /* If false, do not permit empty 15818de8d7fSPeter Avalos * passwords. */ 15918de8d7fSPeter Avalos int permit_user_env; /* If true, read ~/.ssh/environment */ 16050a69bb5SSascha Wildner char *permit_user_env_allowlist; /* pattern-list of allowed env names */ 16118de8d7fSPeter Avalos int compression; /* If true, compression is allowed */ 16236e94dc5SPeter Avalos int allow_tcp_forwarding; /* One of FORWARD_* */ 16336e94dc5SPeter Avalos int allow_streamlocal_forwarding; /* One of FORWARD_* */ 16418de8d7fSPeter Avalos int allow_agent_forwarding; 165ce74bacaSMatthew Dillon int disable_forwarding; 16618de8d7fSPeter Avalos u_int num_allow_users; 167664f4763Szrj char **allow_users; 16818de8d7fSPeter Avalos u_int num_deny_users; 169664f4763Szrj char **deny_users; 17018de8d7fSPeter Avalos u_int num_allow_groups; 171664f4763Szrj char **allow_groups; 17218de8d7fSPeter Avalos u_int num_deny_groups; 173664f4763Szrj char **deny_groups; 17418de8d7fSPeter Avalos 17518de8d7fSPeter Avalos u_int num_subsystems; 176*ba1276acSMatthew Dillon char **subsystem_name; 177*ba1276acSMatthew Dillon char **subsystem_command; 178*ba1276acSMatthew Dillon char **subsystem_args; 17918de8d7fSPeter Avalos 18018de8d7fSPeter Avalos u_int num_accept_env; 181664f4763Szrj char **accept_env; 182664f4763Szrj u_int num_setenv; 183664f4763Szrj char **setenv; 18418de8d7fSPeter Avalos 18518de8d7fSPeter Avalos int max_startups_begin; 18618de8d7fSPeter Avalos int max_startups_rate; 18718de8d7fSPeter Avalos int max_startups; 18850a69bb5SSascha Wildner int per_source_max_startups; 18950a69bb5SSascha Wildner int per_source_masklen_ipv4; 19050a69bb5SSascha Wildner int per_source_masklen_ipv6; 191*ba1276acSMatthew Dillon char *per_source_penalty_exempt; 192*ba1276acSMatthew Dillon struct per_source_penalty per_source_penalty; 19318de8d7fSPeter Avalos int max_authtries; 19418de8d7fSPeter Avalos int max_sessions; 19518de8d7fSPeter Avalos char *banner; /* SSH-2 banner message */ 19618de8d7fSPeter Avalos int use_dns; 19718de8d7fSPeter Avalos int client_alive_interval; /* 19818de8d7fSPeter Avalos * poke the client this often to 19918de8d7fSPeter Avalos * see if it's still there 20018de8d7fSPeter Avalos */ 20118de8d7fSPeter Avalos int client_alive_count_max; /* 20218de8d7fSPeter Avalos * If the client is unresponsive 20318de8d7fSPeter Avalos * for this many intervals above, 20418de8d7fSPeter Avalos * disconnect the session 20518de8d7fSPeter Avalos */ 20618de8d7fSPeter Avalos 2071c188a7fSPeter Avalos u_int num_authkeys_files; /* Files containing public keys */ 208664f4763Szrj char **authorized_keys_files; 20918de8d7fSPeter Avalos 21018de8d7fSPeter Avalos char *adm_forced_command; 21118de8d7fSPeter Avalos 21218de8d7fSPeter Avalos int use_pam; /* Enable auth via PAM */ 213*ba1276acSMatthew Dillon char *pam_service_name; 21418de8d7fSPeter Avalos 21518de8d7fSPeter Avalos int permit_tun; 21618de8d7fSPeter Avalos 217664f4763Szrj char **permitted_opens; /* May also be one of PERMITOPEN_* */ 218664f4763Szrj u_int num_permitted_opens; 219664f4763Szrj char **permitted_listens; /* May also be one of PERMITOPEN_* */ 220664f4763Szrj u_int num_permitted_listens; 22118de8d7fSPeter Avalos 22218de8d7fSPeter Avalos char *chroot_directory; 223856ea928SPeter Avalos char *revoked_keys_file; 224856ea928SPeter Avalos char *trusted_user_ca_keys; 22536e94dc5SPeter Avalos char *authorized_keys_command; 22636e94dc5SPeter Avalos char *authorized_keys_command_user; 227e9778795SPeter Avalos char *authorized_principals_file; 228e9778795SPeter Avalos char *authorized_principals_command; 229e9778795SPeter Avalos char *authorized_principals_command_user; 23036e94dc5SPeter Avalos 23136e94dc5SPeter Avalos int64_t rekey_limit; 23236e94dc5SPeter Avalos int rekey_interval; 23399e85e0dSPeter Avalos 23499e85e0dSPeter Avalos char *version_addendum; /* Appended to SSH banner */ 23536e94dc5SPeter Avalos 23636e94dc5SPeter Avalos u_int num_auth_methods; 237664f4763Szrj char **auth_methods; 238e9778795SPeter Avalos 239e9778795SPeter Avalos int fingerprint_hash; 240ce74bacaSMatthew Dillon int expose_userauth_info; 241664f4763Szrj u_int64_t timing_secret; 2420cbfa66cSDaniel Fojt char *sk_provider; 243ee116499SAntonio Huete Jimenez int required_rsa_size; /* minimum size of RSA keys */ 244*ba1276acSMatthew Dillon 245*ba1276acSMatthew Dillon char **channel_timeouts; /* inactivity timeout by channel type */ 246*ba1276acSMatthew Dillon u_int num_channel_timeouts; 247*ba1276acSMatthew Dillon 248*ba1276acSMatthew Dillon int unused_connection_timeout; 249*ba1276acSMatthew Dillon 250*ba1276acSMatthew Dillon char *sshd_session_path; 25118de8d7fSPeter Avalos } ServerOptions; 25218de8d7fSPeter Avalos 25399e85e0dSPeter Avalos /* Information about the incoming connection as used by Match */ 25499e85e0dSPeter Avalos struct connection_info { 25599e85e0dSPeter Avalos const char *user; 25699e85e0dSPeter Avalos const char *host; /* possibly resolved hostname */ 25799e85e0dSPeter Avalos const char *address; /* remote address */ 25899e85e0dSPeter Avalos const char *laddress; /* local address */ 25999e85e0dSPeter Avalos int lport; /* local port */ 260664f4763Szrj const char *rdomain; /* routing domain if available */ 2610cbfa66cSDaniel Fojt int test; /* test mode, allow some attributes to be 2620cbfa66cSDaniel Fojt * unspecified */ 26399e85e0dSPeter Avalos }; 26499e85e0dSPeter Avalos 2650cbfa66cSDaniel Fojt /* List of included files for re-exec from the parsed configuration */ 2660cbfa66cSDaniel Fojt struct include_item { 2670cbfa66cSDaniel Fojt char *selector; 2680cbfa66cSDaniel Fojt char *filename; 2690cbfa66cSDaniel Fojt struct sshbuf *contents; 2700cbfa66cSDaniel Fojt TAILQ_ENTRY(include_item) entry; 2710cbfa66cSDaniel Fojt }; 2720cbfa66cSDaniel Fojt TAILQ_HEAD(include_list, include_item); 2730cbfa66cSDaniel Fojt 27499e85e0dSPeter Avalos 2751c188a7fSPeter Avalos /* 2761c188a7fSPeter Avalos * These are string config options that must be copied between the 2771c188a7fSPeter Avalos * Match sub-config and the main config, and must be sent from the 27850a69bb5SSascha Wildner * privsep child to the privsep master. We use a macro to ensure all 2791c188a7fSPeter Avalos * the options are copied and the copies are done in the correct order. 28036e94dc5SPeter Avalos * 28136e94dc5SPeter Avalos * NB. an option must appear in servconf.c:copy_set_server_options() or 28236e94dc5SPeter Avalos * COPY_MATCH_STRING_OPTS here but never both. 2831c188a7fSPeter Avalos */ 2841c188a7fSPeter Avalos #define COPY_MATCH_STRING_OPTS() do { \ 2851c188a7fSPeter Avalos M_CP_STROPT(banner); \ 2861c188a7fSPeter Avalos M_CP_STROPT(trusted_user_ca_keys); \ 2871c188a7fSPeter Avalos M_CP_STROPT(revoked_keys_file); \ 28836e94dc5SPeter Avalos M_CP_STROPT(authorized_keys_command); \ 28936e94dc5SPeter Avalos M_CP_STROPT(authorized_keys_command_user); \ 290e9778795SPeter Avalos M_CP_STROPT(authorized_principals_file); \ 291e9778795SPeter Avalos M_CP_STROPT(authorized_principals_command); \ 292e9778795SPeter Avalos M_CP_STROPT(authorized_principals_command_user); \ 29350a69bb5SSascha Wildner M_CP_STROPT(hostbased_accepted_algos); \ 29450a69bb5SSascha Wildner M_CP_STROPT(pubkey_accepted_algos); \ 295664f4763Szrj M_CP_STROPT(ca_sign_algorithms); \ 296664f4763Szrj M_CP_STROPT(routing_domain); \ 29750a69bb5SSascha Wildner M_CP_STROPT(permit_user_env_allowlist); \ 298*ba1276acSMatthew Dillon M_CP_STROPT(pam_service_name); \ 2991c188a7fSPeter Avalos M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ 30099e85e0dSPeter Avalos M_CP_STRARRAYOPT(allow_users, num_allow_users); \ 30199e85e0dSPeter Avalos M_CP_STRARRAYOPT(deny_users, num_deny_users); \ 30299e85e0dSPeter Avalos M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \ 30399e85e0dSPeter Avalos M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \ 30499e85e0dSPeter Avalos M_CP_STRARRAYOPT(accept_env, num_accept_env); \ 30550a69bb5SSascha Wildner M_CP_STRARRAYOPT(setenv, num_setenv); \ 30636e94dc5SPeter Avalos M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ 307664f4763Szrj M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ 308664f4763Szrj M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \ 309*ba1276acSMatthew Dillon M_CP_STRARRAYOPT(channel_timeouts, num_channel_timeouts); \ 31050a69bb5SSascha Wildner M_CP_STRARRAYOPT(log_verbose, num_log_verbose); \ 311*ba1276acSMatthew Dillon M_CP_STRARRAYOPT(subsystem_name, num_subsystems); \ 312*ba1276acSMatthew Dillon M_CP_STRARRAYOPT(subsystem_command, num_subsystems); \ 313*ba1276acSMatthew Dillon M_CP_STRARRAYOPT(subsystem_args, num_subsystems); \ 3141c188a7fSPeter Avalos } while (0) 3151c188a7fSPeter Avalos 31618de8d7fSPeter Avalos void initialize_server_options(ServerOptions *); 31718de8d7fSPeter Avalos void fill_default_server_options(ServerOptions *); 31818de8d7fSPeter Avalos int process_server_config_line(ServerOptions *, char *, const char *, int, 3190cbfa66cSDaniel Fojt int *, struct connection_info *, struct include_list *includes); 320664f4763Szrj void load_server_config(const char *, struct sshbuf *); 321664f4763Szrj void parse_server_config(ServerOptions *, const char *, struct sshbuf *, 322ee116499SAntonio Huete Jimenez struct include_list *includes, struct connection_info *, int); 3230cbfa66cSDaniel Fojt void parse_server_match_config(ServerOptions *, 3240cbfa66cSDaniel Fojt struct include_list *includes, struct connection_info *); 32599e85e0dSPeter Avalos int parse_server_match_testspec(struct connection_info *, char *); 326*ba1276acSMatthew Dillon void servconf_merge_subsystems(ServerOptions *, ServerOptions *); 32718de8d7fSPeter Avalos void copy_set_server_options(ServerOptions *, ServerOptions *, int); 32818de8d7fSPeter Avalos void dump_config(ServerOptions *); 329856ea928SPeter Avalos char *derelativise_path(const char *); 330664f4763Szrj void servconf_add_hostkey(const char *, const int, 331664f4763Szrj ServerOptions *, const char *path, int); 332664f4763Szrj void servconf_add_hostcert(const char *, const int, 333664f4763Szrj ServerOptions *, const char *path); 33418de8d7fSPeter Avalos 33518de8d7fSPeter Avalos #endif /* SERVCONF_H */ 336