1 /*
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 */
11 /*
12 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
13 */
14
15 #include "includes.h"
16 RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
17
18 #ifdef HAVE_DEFOPEN
19 #include <deflt.h>
20 #endif /* HAVE_DEFOPEN */
21
22 #if defined(KRB4)
23 #include <krb.h>
24 #endif
25 #if defined(KRB5)
26 #ifdef HEIMDAL
27 #include <krb.h>
28 #else
29 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
30 * keytab */
31 #define KEYFILE "/etc/krb5.keytab"
32 #endif
33 #endif
34 #ifdef AFS
35 #include <kafs.h>
36 #endif
37
38 #include "ssh.h"
39 #include "log.h"
40 #include "buffer.h"
41 #include "servconf.h"
42 #include "xmalloc.h"
43 #include "compat.h"
44 #include "pathnames.h"
45 #include "tildexpand.h"
46 #include "misc.h"
47 #include "cipher.h"
48 #include "kex.h"
49 #include "mac.h"
50 #include "auth.h"
51 #include "match.h"
52 #include "groupaccess.h"
53
54 static void add_listen_addr(ServerOptions *, char *, u_short);
55 static void add_one_listen_addr(ServerOptions *, char *, u_short);
56
57 extern Buffer cfg;
58
59 /* AF_UNSPEC or AF_INET or AF_INET6 */
60 extern int IPv4or6;
61
62 /*
63 * Initializes the server options to their initial (unset) values. Some of those
64 * that stay unset after the command line options and configuration files are
65 * read are set to their default values in fill_default_server_options().
66 */
67 void
initialize_server_options(ServerOptions * options)68 initialize_server_options(ServerOptions *options)
69 {
70 (void) memset(options, 0, sizeof(*options));
71
72 /* Standard Options */
73 options->num_ports = 0;
74 options->ports_from_cmdline = 0;
75 options->listen_addrs = NULL;
76 options->num_host_key_files = 0;
77 options->pid_file = NULL;
78 options->server_key_bits = -1;
79 options->login_grace_time = -1;
80 options->key_regeneration_time = -1;
81 options->permit_root_login = PERMIT_NOT_SET;
82 options->ignore_rhosts = -1;
83 options->ignore_user_known_hosts = -1;
84 options->print_motd = -1;
85 options->print_lastlog = -1;
86 options->x11_forwarding = -1;
87 options->x11_display_offset = -1;
88 options->x11_use_localhost = -1;
89 options->xauth_location = NULL;
90 options->strict_modes = -1;
91 options->keepalives = -1;
92 options->log_facility = SYSLOG_FACILITY_NOT_SET;
93 options->log_level = SYSLOG_LEVEL_NOT_SET;
94 options->rhosts_authentication = -1;
95 options->rhosts_rsa_authentication = -1;
96 options->hostbased_authentication = -1;
97 options->hostbased_uses_name_from_packet_only = -1;
98 options->rsa_authentication = -1;
99 options->pubkey_authentication = -1;
100 #ifdef GSSAPI
101 options->gss_authentication = -1;
102 options->gss_keyex = -1;
103 options->gss_store_creds = -1;
104 options->gss_use_session_ccache = -1;
105 options->gss_cleanup_creds = -1;
106 #endif
107 #if defined(KRB4) || defined(KRB5)
108 options->kerberos_authentication = -1;
109 options->kerberos_or_local_passwd = -1;
110 options->kerberos_ticket_cleanup = -1;
111 #endif
112 #if defined(AFS) || defined(KRB5)
113 options->kerberos_tgt_passing = -1;
114 #endif
115 #ifdef AFS
116 options->afs_token_passing = -1;
117 #endif
118 options->password_authentication = -1;
119 options->kbd_interactive_authentication = -1;
120 options->challenge_response_authentication = -1;
121 options->pam_authentication_via_kbd_int = -1;
122 options->permit_empty_passwd = -1;
123 options->permit_user_env = -1;
124 options->compression = -1;
125 options->allow_tcp_forwarding = -1;
126 options->num_allow_users = 0;
127 options->num_deny_users = 0;
128 options->num_allow_groups = 0;
129 options->num_deny_groups = 0;
130 options->ciphers = NULL;
131 options->macs = NULL;
132 options->protocol = SSH_PROTO_UNKNOWN;
133 options->gateway_ports = -1;
134 options->num_subsystems = 0;
135 options->max_startups_begin = -1;
136 options->max_startups_rate = -1;
137 options->max_startups = -1;
138 options->banner = NULL;
139 options->verify_reverse_mapping = -1;
140 options->client_alive_interval = -1;
141 options->client_alive_count_max = -1;
142 options->authorized_keys_file = NULL;
143 options->authorized_keys_file2 = NULL;
144
145 options->max_auth_tries = -1;
146 options->max_auth_tries_log = -1;
147
148 options->max_init_auth_tries = -1;
149 options->max_init_auth_tries_log = -1;
150
151 options->lookup_client_hostnames = -1;
152 options->use_openssl_engine = -1;
153 options->chroot_directory = NULL;
154 options->pre_userauth_hook = NULL;
155 options->pam_service_name = NULL;
156 options->pam_service_prefix = NULL;
157 }
158
159 #ifdef HAVE_DEFOPEN
160 /*
161 * Reads /etc/default/login and defaults several ServerOptions:
162 *
163 * PermitRootLogin
164 * PermitEmptyPasswords
165 * LoginGraceTime
166 *
167 * CONSOLE=* -> PermitRootLogin=without-password
168 * #CONSOLE=* -> PermitRootLogin=yes
169 *
170 * PASSREQ=YES -> PermitEmptyPasswords=no
171 * PASSREQ=NO -> PermitEmptyPasswords=yes
172 * #PASSREQ=* -> PermitEmptyPasswords=no
173 *
174 * TIMEOUT=<secs> -> LoginGraceTime=<secs>
175 * #TIMEOUT=<secs> -> LoginGraceTime=300
176 */
177 static
178 void
deflt_fill_default_server_options(ServerOptions * options)179 deflt_fill_default_server_options(ServerOptions *options)
180 {
181 int flags;
182 char *ptr;
183
184 if (defopen(_PATH_DEFAULT_LOGIN))
185 return;
186
187 /* Ignore case */
188 flags = defcntl(DC_GETFLAGS, 0);
189 TURNOFF(flags, DC_CASE);
190 (void) defcntl(DC_SETFLAGS, flags);
191
192 if (options->permit_root_login == PERMIT_NOT_SET &&
193 (ptr = defread("CONSOLE=")) != NULL)
194 options->permit_root_login = PERMIT_NO_PASSWD;
195
196 if (options->permit_empty_passwd == -1 &&
197 (ptr = defread("PASSREQ=")) != NULL) {
198 if (strcasecmp("YES", ptr) == 0)
199 options->permit_empty_passwd = 0;
200 else if (strcasecmp("NO", ptr) == 0)
201 options->permit_empty_passwd = 1;
202 }
203
204 if (options->max_init_auth_tries == -1 &&
205 (ptr = defread("RETRIES=")) != NULL) {
206 options->max_init_auth_tries = atoi(ptr);
207 }
208
209 if (options->max_init_auth_tries_log == -1 &&
210 (ptr = defread("SYSLOG_FAILED_LOGINS=")) != NULL) {
211 options->max_init_auth_tries_log = atoi(ptr);
212 }
213
214 if (options->login_grace_time == -1) {
215 if ((ptr = defread("TIMEOUT=")) != NULL)
216 options->login_grace_time = (unsigned)atoi(ptr);
217 else
218 options->login_grace_time = 300;
219 }
220
221 (void) defopen((char *)NULL);
222 }
223 #endif /* HAVE_DEFOPEN */
224
225 void
fill_default_server_options(ServerOptions * options)226 fill_default_server_options(ServerOptions *options)
227 {
228
229 #ifdef HAVE_DEFOPEN
230 deflt_fill_default_server_options(options);
231 #endif /* HAVE_DEFOPEN */
232
233 /* Standard Options */
234 if (options->protocol == SSH_PROTO_UNKNOWN)
235 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
236 if (options->num_host_key_files == 0) {
237 /* fill default hostkeys for protocols */
238 if (options->protocol & SSH_PROTO_1)
239 options->host_key_files[options->num_host_key_files++] =
240 _PATH_HOST_KEY_FILE;
241 #ifndef GSSAPI
242 /* With GSS keyex we can run v2 w/ no host keys */
243 if (options->protocol & SSH_PROTO_2) {
244 options->host_key_files[options->num_host_key_files++] =
245 _PATH_HOST_RSA_KEY_FILE;
246 options->host_key_files[options->num_host_key_files++] =
247 _PATH_HOST_DSA_KEY_FILE;
248 }
249 #endif /* GSSAPI */
250 }
251 if (options->num_ports == 0)
252 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
253 if (options->listen_addrs == NULL)
254 add_listen_addr(options, NULL, 0);
255 if (options->pid_file == NULL)
256 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
257 if (options->server_key_bits == -1)
258 options->server_key_bits = 768;
259 if (options->login_grace_time == -1)
260 options->login_grace_time = 120;
261 if (options->key_regeneration_time == -1)
262 options->key_regeneration_time = 3600;
263 if (options->permit_root_login == PERMIT_NOT_SET)
264 options->permit_root_login = PERMIT_YES;
265 if (options->ignore_rhosts == -1)
266 options->ignore_rhosts = 1;
267 if (options->ignore_user_known_hosts == -1)
268 options->ignore_user_known_hosts = 0;
269 if (options->print_motd == -1)
270 options->print_motd = 1;
271 if (options->print_lastlog == -1)
272 options->print_lastlog = 1;
273 if (options->x11_forwarding == -1)
274 options->x11_forwarding = 1;
275 if (options->x11_display_offset == -1)
276 options->x11_display_offset = 10;
277 if (options->x11_use_localhost == -1)
278 options->x11_use_localhost = 1;
279 if (options->xauth_location == NULL)
280 options->xauth_location = _PATH_XAUTH;
281 if (options->strict_modes == -1)
282 options->strict_modes = 1;
283 if (options->keepalives == -1)
284 options->keepalives = 1;
285 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
286 options->log_facility = SYSLOG_FACILITY_AUTH;
287 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
288 options->log_level = SYSLOG_LEVEL_INFO;
289 if (options->rhosts_authentication == -1)
290 options->rhosts_authentication = 0;
291 if (options->rhosts_rsa_authentication == -1)
292 options->rhosts_rsa_authentication = 0;
293 if (options->hostbased_authentication == -1)
294 options->hostbased_authentication = 0;
295 if (options->hostbased_uses_name_from_packet_only == -1)
296 options->hostbased_uses_name_from_packet_only = 0;
297 if (options->rsa_authentication == -1)
298 options->rsa_authentication = 1;
299 if (options->pubkey_authentication == -1)
300 options->pubkey_authentication = 1;
301 #ifdef GSSAPI
302 if (options->gss_authentication == -1)
303 options->gss_authentication = 1;
304 if (options->gss_keyex == -1)
305 options->gss_keyex = 1;
306 if (options->gss_store_creds == -1)
307 options->gss_store_creds = 1;
308 if (options->gss_use_session_ccache == -1)
309 options->gss_use_session_ccache = 1;
310 if (options->gss_cleanup_creds == -1)
311 options->gss_cleanup_creds = 1;
312 #endif
313 #if defined(KRB4) || defined(KRB5)
314 if (options->kerberos_authentication == -1)
315 options->kerberos_authentication = 0;
316 if (options->kerberos_or_local_passwd == -1)
317 options->kerberos_or_local_passwd = 1;
318 if (options->kerberos_ticket_cleanup == -1)
319 options->kerberos_ticket_cleanup = 1;
320 #endif
321 #if defined(AFS) || defined(KRB5)
322 if (options->kerberos_tgt_passing == -1)
323 options->kerberos_tgt_passing = 0;
324 #endif
325 #ifdef AFS
326 if (options->afs_token_passing == -1)
327 options->afs_token_passing = 0;
328 #endif
329 if (options->password_authentication == -1)
330 options->password_authentication = 1;
331 /*
332 * options->pam_authentication_via_kbd_int has intentionally no default
333 * value since we do not need it.
334 */
335 if (options->kbd_interactive_authentication == -1)
336 options->kbd_interactive_authentication = 1;
337 if (options->challenge_response_authentication == -1)
338 options->challenge_response_authentication = 1;
339 if (options->permit_empty_passwd == -1)
340 options->permit_empty_passwd = 0;
341 if (options->permit_user_env == -1)
342 options->permit_user_env = 0;
343 if (options->compression == -1)
344 options->compression = 1;
345 if (options->allow_tcp_forwarding == -1)
346 options->allow_tcp_forwarding = 1;
347 if (options->gateway_ports == -1)
348 options->gateway_ports = 0;
349 if (options->max_startups == -1)
350 options->max_startups = 10;
351 if (options->max_startups_rate == -1)
352 options->max_startups_rate = 100; /* 100% */
353 if (options->max_startups_begin == -1)
354 options->max_startups_begin = options->max_startups;
355 if (options->verify_reverse_mapping == -1)
356 options->verify_reverse_mapping = 0;
357 if (options->client_alive_interval == -1)
358 options->client_alive_interval = 0;
359 if (options->client_alive_count_max == -1)
360 options->client_alive_count_max = 3;
361 if (options->authorized_keys_file2 == NULL) {
362 /* authorized_keys_file2 falls back to authorized_keys_file */
363 if (options->authorized_keys_file != NULL)
364 options->authorized_keys_file2 = options->authorized_keys_file;
365 else
366 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
367 }
368 if (options->authorized_keys_file == NULL)
369 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
370
371 if (options->max_auth_tries == -1)
372 options->max_auth_tries = AUTH_FAIL_MAX;
373 if (options->max_auth_tries_log == -1)
374 options->max_auth_tries_log = options->max_auth_tries / 2;
375
376 if (options->max_init_auth_tries == -1)
377 options->max_init_auth_tries = AUTH_FAIL_MAX;
378 if (options->max_init_auth_tries_log == -1)
379 options->max_init_auth_tries_log = options->max_init_auth_tries / 2;
380
381 if (options->lookup_client_hostnames == -1)
382 options->lookup_client_hostnames = 1;
383 if (options->use_openssl_engine == -1)
384 options->use_openssl_engine = 1;
385 if (options->pam_service_prefix == NULL)
386 options->pam_service_prefix = _SSH_PAM_SERVICE_PREFIX;
387 if (options->pam_service_name == NULL)
388 options->pam_service_name = NULL;
389 }
390
391 /* Keyword tokens. */
392 typedef enum {
393 sBadOption, /* == unknown option */
394 /* Portable-specific options */
395 sPAMAuthenticationViaKbdInt,
396 /* Standard Options */
397 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
398 sPermitRootLogin, sLogFacility, sLogLevel,
399 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
400 #ifdef GSSAPI
401 sGssAuthentication, sGssKeyEx, sGssStoreDelegCreds,
402 sGssUseSessionCredCache, sGssCleanupCreds,
403 #endif /* GSSAPI */
404 #if defined(KRB4) || defined(KRB5)
405 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
406 #endif
407 #if defined(AFS) || defined(KRB5)
408 sKerberosTgtPassing,
409 #endif
410 #ifdef AFS
411 sAFSTokenPassing,
412 #endif
413 sChallengeResponseAuthentication,
414 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
415 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
416 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
417 sStrictModes, sEmptyPasswd, sKeepAlives,
418 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
419 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
420 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
421 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
422 sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
423 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
424 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
425 sMaxAuthTries, sMaxAuthTriesLog, sUsePrivilegeSeparation,
426 sLookupClientHostnames, sUseOpenSSLEngine, sChrootDirectory,
427 sPreUserauthHook, sMatch, sPAMServicePrefix, sPAMServiceName,
428 sDeprecated
429 } ServerOpCodes;
430
431 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
432 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
433 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
434
435 /* Textual representation of the tokens. */
436 static struct {
437 const char *name;
438 ServerOpCodes opcode;
439 u_int flags;
440 } keywords[] = {
441 /* Portable-specific options */
442 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt, SSHCFG_GLOBAL },
443 /* Standard Options */
444 { "port", sPort, SSHCFG_GLOBAL },
445 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
446 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
447 { "pidfile", sPidFile, SSHCFG_GLOBAL },
448 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL },
449 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
450 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL },
451 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
452 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
453 { "loglevel", sLogLevel, SSHCFG_GLOBAL },
454 { "rhostsauthentication", sRhostsAuthentication, SSHCFG_GLOBAL },
455 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
456 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
457 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
458 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
459 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
460 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
461 #ifdef GSSAPI
462 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
463 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
464 { "gssapistoredelegatedcredentials", sGssStoreDelegCreds, SSHCFG_GLOBAL },
465 { "gssauthentication", sGssAuthentication, SSHCFG_GLOBAL }, /* alias */
466 { "gsskeyex", sGssKeyEx, SSHCFG_GLOBAL }, /* alias */
467 { "gssstoredelegcreds", sGssStoreDelegCreds, SSHCFG_GLOBAL }, /* alias */
468 #ifndef SUNW_GSSAPI
469 { "gssusesessionccache", sGssUseSessionCredCache, SSHCFG_GLOBAL },
470 { "gssusesessioncredcache", sGssUseSessionCredCache, SSHCFG_GLOBAL },
471 { "gsscleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
472 #endif /* SUNW_GSSAPI */
473 #endif
474 #if defined(KRB4) || defined(KRB5)
475 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
476 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
477 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
478 #endif
479 #if defined(AFS) || defined(KRB5)
480 { "kerberostgtpassing", sKerberosTgtPassing, SSHCFG_GLOBAL },
481 #endif
482 #ifdef AFS
483 { "afstokenpassing", sAFSTokenPassing, SSHCFG_GLOBAL },
484 #endif
485 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
486 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
487 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
488 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
489 { "checkmail", sDeprecated, SSHCFG_GLOBAL },
490 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
491 { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
492 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
493 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
494 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
495 { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
496 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
497 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
498 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
499 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
500 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
501 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
502 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
503 { "compression", sCompression, SSHCFG_GLOBAL },
504 { "keepalive", sKeepAlives, SSHCFG_GLOBAL },
505 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
506 { "allowusers", sAllowUsers, SSHCFG_GLOBAL },
507 { "denyusers", sDenyUsers, SSHCFG_GLOBAL },
508 { "allowgroups", sAllowGroups, SSHCFG_GLOBAL },
509 { "denygroups", sDenyGroups, SSHCFG_GLOBAL },
510 { "ciphers", sCiphers, SSHCFG_GLOBAL },
511 { "macs", sMacs, SSHCFG_GLOBAL},
512 { "protocol", sProtocol,SSHCFG_GLOBAL },
513 { "gatewayports", sGatewayPorts, SSHCFG_ALL },
514 { "subsystem", sSubsystem, SSHCFG_GLOBAL},
515 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
516 { "banner", sBanner, SSHCFG_ALL },
517 { "verifyreversemapping", sVerifyReverseMapping, SSHCFG_GLOBAL },
518 { "reversemappingcheck", sVerifyReverseMapping,SSHCFG_GLOBAL },
519 { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
520 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
521 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
522 { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
523 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
524 { "maxauthtrieslog", sMaxAuthTriesLog, SSHCFG_GLOBAL },
525 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
526 { "lookupclienthostnames", sLookupClientHostnames, SSHCFG_GLOBAL },
527 { "useopensslengine", sUseOpenSSLEngine, SSHCFG_GLOBAL },
528 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
529 { "preuserauthhook", sPreUserauthHook, SSHCFG_ALL},
530 { "match", sMatch, SSHCFG_ALL },
531 { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
532 { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
533
534 { NULL, sBadOption, 0 }
535 };
536
537 /*
538 * Returns the number of the token pointed to by cp or sBadOption.
539 */
540
541 static ServerOpCodes
parse_token(const char * cp,const char * filename,int linenum,u_int * flags)542 parse_token(const char *cp, const char *filename,
543 int linenum, u_int *flags)
544 {
545 u_int i;
546
547 for (i = 0; keywords[i].name; i++)
548 if (strcasecmp(cp, keywords[i].name) == 0) {
549 *flags = keywords[i].flags;
550 return keywords[i].opcode;
551 }
552
553 error("%s: line %d: Bad configuration option: %s",
554 filename, linenum, cp);
555 return sBadOption;
556 }
557
558 static void
add_listen_addr(ServerOptions * options,char * addr,u_short port)559 add_listen_addr(ServerOptions *options, char *addr, u_short port)
560 {
561 int i;
562
563 if (options->num_ports == 0)
564 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
565 if (port == 0)
566 for (i = 0; i < options->num_ports; i++)
567 add_one_listen_addr(options, addr, options->ports[i]);
568 else
569 add_one_listen_addr(options, addr, port);
570 }
571
572 static void
add_one_listen_addr(ServerOptions * options,char * addr,u_short port)573 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
574 {
575 struct addrinfo hints, *ai, *aitop;
576 char strport[NI_MAXSERV];
577 int gaierr;
578
579 (void) memset(&hints, 0, sizeof(hints));
580 hints.ai_family = IPv4or6;
581 hints.ai_socktype = SOCK_STREAM;
582 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
583 (void) snprintf(strport, sizeof strport, "%u", port);
584 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
585 fatal("bad addr or host: %s (%s)",
586 addr ? addr : "<NULL>",
587 gai_strerror(gaierr));
588 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
589 ;
590 ai->ai_next = options->listen_addrs;
591 options->listen_addrs = aitop;
592 }
593
594 /*
595 * The strategy for the Match blocks is that the config file is parsed twice.
596 *
597 * The first time is at startup. activep is initialized to 1 and the
598 * directives in the global context are processed and acted on. Hitting a
599 * Match directive unsets activep and the directives inside the block are
600 * checked for syntax only.
601 *
602 * The second time is after a connection has been established but before
603 * authentication. activep is initialized to 2 and global config directives
604 * are ignored since they have already been processed. If the criteria in a
605 * Match block is met, activep is set and the subsequent directives
606 * processed and actioned until EOF or another Match block unsets it. Any
607 * options set are copied into the main server config.
608 *
609 * Potential additions/improvements:
610 * - Add Match support for pre-kex directives, eg Protocol, Ciphers.
611 *
612 * - Add a Tag directive (idea from David Leonard) ala pf, eg:
613 * Match Address 192.168.0.*
614 * Tag trusted
615 * Match Group wheel
616 * Tag trusted
617 * Match Tag trusted
618 * AllowTcpForwarding yes
619 * GatewayPorts clientspecified
620 * [...]
621 *
622 * - Add a PermittedChannelRequests directive
623 * Match Group shell
624 * PermittedChannelRequests session,forwarded-tcpip
625 */
626
627 static int
match_cfg_line_group(const char * grps,int line,const char * user)628 match_cfg_line_group(const char *grps, int line, const char *user)
629 {
630 int result = 0;
631 struct passwd *pw;
632
633 if (user == NULL)
634 goto out;
635
636 if ((pw = getpwnam(user)) == NULL) {
637 debug("Can't match group at line %d because user %.100s does "
638 "not exist", line, user);
639 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
640 debug("Can't Match group because user %.100s not in any group "
641 "at line %d", user, line);
642 } else if (ga_match_pattern_list(grps) != 1) {
643 debug("user %.100s does not match group list %.100s at line %d",
644 user, grps, line);
645 } else {
646 debug("user %.100s matched group list %.100s at line %d", user,
647 grps, line);
648 result = 1;
649 }
650 out:
651 ga_free();
652 return result;
653 }
654
655 static int
match_cfg_line(char ** condition,int line,const char * user,const char * host,const char * address)656 match_cfg_line(char **condition, int line, const char *user, const char *host,
657 const char *address)
658 {
659 int result = 1;
660 char *arg, *attrib, *cp = *condition;
661 size_t len;
662
663 if (user == NULL)
664 debug3("checking syntax for 'Match %s'", cp);
665 else
666 debug3("checking match for '%s' user %s host %s addr %s", cp,
667 user ? user : "(null)", host ? host : "(null)",
668 address ? address : "(null)");
669
670 while ((attrib = strdelim(&cp)) != NULL && *attrib != '\0') {
671 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
672 error("Missing Match criteria for %s", attrib);
673 return -1;
674 }
675 len = strlen(arg);
676 if (strcasecmp(attrib, "user") == 0) {
677 if (!user) {
678 result = 0;
679 continue;
680 }
681 if (match_pattern_list(user, arg, len, 0) != 1)
682 result = 0;
683 else
684 debug("user %.100s matched 'User %.100s' at "
685 "line %d", user, arg, line);
686 } else if (strcasecmp(attrib, "group") == 0) {
687 switch (match_cfg_line_group(arg, line, user)) {
688 case -1:
689 return -1;
690 case 0:
691 result = 0;
692 }
693 } else if (strcasecmp(attrib, "host") == 0) {
694 if (!host) {
695 result = 0;
696 continue;
697 }
698 if (match_hostname(host, arg, len) != 1)
699 result = 0;
700 else
701 debug("connection from %.100s matched 'Host "
702 "%.100s' at line %d", host, arg, line);
703 } else if (strcasecmp(attrib, "address") == 0) {
704 switch (addr_match_list(address, arg)) {
705 case 1:
706 debug("connection from %.100s matched 'Address "
707 "%.100s' at line %d", address, arg, line);
708 break;
709 case 0:
710 case -1:
711 result = 0;
712 break;
713 case -2:
714 return -1;
715 }
716 } else {
717 error("Unsupported Match attribute %s", attrib);
718 return -1;
719 }
720 }
721 if (user != NULL)
722 debug3("match %sfound", result ? "" : "not ");
723 *condition = cp;
724 return result;
725 }
726
727 #define WHITESPACE " \t\r\n"
728
729 int
process_server_config_line(ServerOptions * options,char * line,const char * filename,int linenum,int * activep,const char * user,const char * host,const char * address)730 process_server_config_line(ServerOptions *options, char *line,
731 const char *filename, int linenum, int *activep, const char *user,
732 const char *host, const char *address)
733 {
734 char *cp, **charptr, *arg, *p;
735 int cmdline = 0, *intptr, value, n;
736 ServerOpCodes opcode;
737 u_int i, flags = 0;
738 size_t len;
739
740 cp = line;
741 arg = strdelim(&cp);
742 /* Ignore leading whitespace */
743 if (*arg == '\0')
744 arg = strdelim(&cp);
745 if (!arg || !*arg || *arg == '#')
746 return 0;
747 intptr = NULL;
748 charptr = NULL;
749 opcode = parse_token(arg, filename, linenum, &flags);
750
751 if (activep == NULL) { /* We are processing a command line directive */
752 cmdline = 1;
753 activep = &cmdline;
754 }
755 if (*activep && opcode != sMatch)
756 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
757 if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
758 if (user == NULL) {
759 fatal("%s line %d: Directive '%s' is not allowed "
760 "within a Match block", filename, linenum, arg);
761 } else { /* this is a directive we have already processed */
762 while (arg)
763 arg = strdelim(&cp);
764 return 0;
765 }
766 }
767
768 switch (opcode) {
769 /* Portable-specific options */
770 case sPAMAuthenticationViaKbdInt:
771 log("%s line %d: PAMAuthenticationViaKbdInt has been "
772 "deprecated. You should use KbdInteractiveAuthentication "
773 "instead (which defaults to \"yes\").", filename, linenum);
774 intptr = &options->pam_authentication_via_kbd_int;
775 goto parse_flag;
776
777 /* Standard Options */
778 case sBadOption:
779 return -1;
780 case sPort:
781 /* ignore ports from configfile if cmdline specifies ports */
782 if (options->ports_from_cmdline)
783 return 0;
784 if (options->listen_addrs != NULL)
785 fatal("%s line %d: ports must be specified before "
786 "ListenAddress.", filename, linenum);
787 if (options->num_ports >= MAX_PORTS)
788 fatal("%s line %d: too many ports.",
789 filename, linenum);
790 arg = strdelim(&cp);
791 if (!arg || *arg == '\0')
792 fatal("%s line %d: missing port number.",
793 filename, linenum);
794 options->ports[options->num_ports++] = a2port(arg);
795 if (options->ports[options->num_ports-1] == 0)
796 fatal("%s line %d: Badly formatted port number.",
797 filename, linenum);
798 break;
799
800 case sServerKeyBits:
801 intptr = &options->server_key_bits;
802 parse_int:
803 arg = strdelim(&cp);
804 if (!arg || *arg == '\0')
805 fatal("%s line %d: missing integer value.",
806 filename, linenum);
807 value = atoi(arg);
808 if (*activep && *intptr == -1)
809 *intptr = value;
810 break;
811
812 case sLoginGraceTime:
813 intptr = &options->login_grace_time;
814 parse_time:
815 arg = strdelim(&cp);
816 if (!arg || *arg == '\0')
817 fatal("%s line %d: missing time value.",
818 filename, linenum);
819 if ((value = convtime(arg)) == -1)
820 fatal("%s line %d: invalid time value.",
821 filename, linenum);
822 if (*intptr == -1)
823 *intptr = value;
824 break;
825
826 case sKeyRegenerationTime:
827 intptr = &options->key_regeneration_time;
828 goto parse_time;
829
830 case sListenAddress:
831 arg = strdelim(&cp);
832 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
833 fatal("%s line %d: missing inet addr.",
834 filename, linenum);
835 if (*arg == '[') {
836 if ((p = strchr(arg, ']')) == NULL)
837 fatal("%s line %d: bad ipv6 inet addr usage.",
838 filename, linenum);
839 arg++;
840 (void) memmove(p, p+1, strlen(p+1)+1);
841 } else if (((p = strchr(arg, ':')) == NULL) ||
842 (strchr(p+1, ':') != NULL)) {
843 add_listen_addr(options, arg, 0);
844 break;
845 }
846 if (*p == ':') {
847 u_short port;
848
849 p++;
850 if (*p == '\0')
851 fatal("%s line %d: bad inet addr:port usage.",
852 filename, linenum);
853 else {
854 *(p-1) = '\0';
855 if ((port = a2port(p)) == 0)
856 fatal("%s line %d: bad port number.",
857 filename, linenum);
858 add_listen_addr(options, arg, port);
859 }
860 } else if (*p == '\0')
861 add_listen_addr(options, arg, 0);
862 else
863 fatal("%s line %d: bad inet addr usage.",
864 filename, linenum);
865 break;
866
867 case sHostKeyFile:
868 intptr = &options->num_host_key_files;
869 if (*intptr >= MAX_HOSTKEYS)
870 fatal("%s line %d: too many host keys specified (max %d).",
871 filename, linenum, MAX_HOSTKEYS);
872 charptr = &options->host_key_files[*intptr];
873 parse_filename:
874 arg = strdelim(&cp);
875 if (!arg || *arg == '\0')
876 fatal("%s line %d: missing file name.",
877 filename, linenum);
878 if (*activep && *charptr == NULL) {
879 *charptr = tilde_expand_filename(arg, getuid());
880 /* increase optional counter */
881 if (intptr != NULL)
882 *intptr = *intptr + 1;
883 }
884 break;
885
886 case sPidFile:
887 charptr = &options->pid_file;
888 goto parse_filename;
889
890 case sPermitRootLogin:
891 intptr = &options->permit_root_login;
892 arg = strdelim(&cp);
893 if (!arg || *arg == '\0')
894 fatal("%s line %d: missing yes/"
895 "without-password/forced-commands-only/no "
896 "argument.", filename, linenum);
897 value = 0; /* silence compiler */
898 if (strcmp(arg, "without-password") == 0)
899 value = PERMIT_NO_PASSWD;
900 else if (strcmp(arg, "forced-commands-only") == 0)
901 value = PERMIT_FORCED_ONLY;
902 else if (strcmp(arg, "yes") == 0)
903 value = PERMIT_YES;
904 else if (strcmp(arg, "no") == 0)
905 value = PERMIT_NO;
906 else
907 fatal("%s line %d: Bad yes/"
908 "without-password/forced-commands-only/no "
909 "argument: %s", filename, linenum, arg);
910 if (*activep && *intptr == -1)
911 *intptr = value;
912 break;
913
914 case sIgnoreRhosts:
915 intptr = &options->ignore_rhosts;
916 parse_flag:
917 arg = strdelim(&cp);
918 if (!arg || *arg == '\0')
919 fatal("%s line %d: missing yes/no argument.",
920 filename, linenum);
921 value = 0; /* silence compiler */
922 if (strcmp(arg, "yes") == 0)
923 value = 1;
924 else if (strcmp(arg, "no") == 0)
925 value = 0;
926 else
927 fatal("%s line %d: Bad yes/no argument: %s",
928 filename, linenum, arg);
929 if (*activep && *intptr == -1)
930 *intptr = value;
931 break;
932
933 case sIgnoreUserKnownHosts:
934 intptr = &options->ignore_user_known_hosts;
935 goto parse_flag;
936
937 case sRhostsAuthentication:
938 intptr = &options->rhosts_authentication;
939 goto parse_flag;
940
941 case sRhostsRSAAuthentication:
942 intptr = &options->rhosts_rsa_authentication;
943 goto parse_flag;
944
945 case sHostbasedAuthentication:
946 intptr = &options->hostbased_authentication;
947 goto parse_flag;
948
949 case sHostbasedUsesNameFromPacketOnly:
950 intptr = &options->hostbased_uses_name_from_packet_only;
951 goto parse_flag;
952
953 case sRSAAuthentication:
954 intptr = &options->rsa_authentication;
955 goto parse_flag;
956
957 case sPubkeyAuthentication:
958 intptr = &options->pubkey_authentication;
959 goto parse_flag;
960 #ifdef GSSAPI
961 case sGssAuthentication:
962 intptr = &options->gss_authentication;
963 goto parse_flag;
964 case sGssKeyEx:
965 intptr = &options->gss_keyex;
966 goto parse_flag;
967 case sGssStoreDelegCreds:
968 intptr = &options->gss_keyex;
969 goto parse_flag;
970 #ifndef SUNW_GSSAPI
971 case sGssUseSessionCredCache:
972 intptr = &options->gss_use_session_ccache;
973 goto parse_flag;
974 case sGssCleanupCreds:
975 intptr = &options->gss_cleanup_creds;
976 goto parse_flag;
977 #endif /* SUNW_GSSAPI */
978 #endif /* GSSAPI */
979 #if defined(KRB4) || defined(KRB5)
980 case sKerberosAuthentication:
981 intptr = &options->kerberos_authentication;
982 goto parse_flag;
983
984 case sKerberosOrLocalPasswd:
985 intptr = &options->kerberos_or_local_passwd;
986 goto parse_flag;
987
988 case sKerberosTicketCleanup:
989 intptr = &options->kerberos_ticket_cleanup;
990 goto parse_flag;
991 #endif
992 #if defined(AFS) || defined(KRB5)
993 case sKerberosTgtPassing:
994 intptr = &options->kerberos_tgt_passing;
995 goto parse_flag;
996 #endif
997 #ifdef AFS
998 case sAFSTokenPassing:
999 intptr = &options->afs_token_passing;
1000 goto parse_flag;
1001 #endif
1002
1003 case sPasswordAuthentication:
1004 intptr = &options->password_authentication;
1005 goto parse_flag;
1006
1007 case sKbdInteractiveAuthentication:
1008 intptr = &options->kbd_interactive_authentication;
1009 goto parse_flag;
1010
1011 case sChallengeResponseAuthentication:
1012 intptr = &options->challenge_response_authentication;
1013 goto parse_flag;
1014
1015 case sPrintMotd:
1016 intptr = &options->print_motd;
1017 goto parse_flag;
1018
1019 case sPrintLastLog:
1020 intptr = &options->print_lastlog;
1021 goto parse_flag;
1022
1023 case sX11Forwarding:
1024 intptr = &options->x11_forwarding;
1025 goto parse_flag;
1026
1027 case sX11DisplayOffset:
1028 intptr = &options->x11_display_offset;
1029 goto parse_int;
1030
1031 case sX11UseLocalhost:
1032 intptr = &options->x11_use_localhost;
1033 goto parse_flag;
1034
1035 case sXAuthLocation:
1036 charptr = &options->xauth_location;
1037 goto parse_filename;
1038
1039 case sStrictModes:
1040 intptr = &options->strict_modes;
1041 goto parse_flag;
1042
1043 case sKeepAlives:
1044 intptr = &options->keepalives;
1045 goto parse_flag;
1046
1047 case sEmptyPasswd:
1048 intptr = &options->permit_empty_passwd;
1049 goto parse_flag;
1050
1051 case sPermitUserEnvironment:
1052 intptr = &options->permit_user_env;
1053 goto parse_flag;
1054
1055 case sUseLogin:
1056 log("%s line %d: ignoring UseLogin option value."
1057 " This option is always off.", filename, linenum);
1058 while (arg)
1059 arg = strdelim(&cp);
1060 break;
1061
1062 case sCompression:
1063 intptr = &options->compression;
1064 goto parse_flag;
1065
1066 case sGatewayPorts:
1067 intptr = &options->gateway_ports;
1068 arg = strdelim(&cp);
1069 if (!arg || *arg == '\0')
1070 fatal("%s line %d: missing yes/no/clientspecified "
1071 "argument.", filename, linenum);
1072 value = 0; /* silence compiler */
1073 if (strcmp(arg, "clientspecified") == 0)
1074 value = 2;
1075 else if (strcmp(arg, "yes") == 0)
1076 value = 1;
1077 else if (strcmp(arg, "no") == 0)
1078 value = 0;
1079 else
1080 fatal("%s line %d: Bad yes/no/clientspecified "
1081 "argument: %s", filename, linenum, arg);
1082 if (*activep && *intptr == -1)
1083 *intptr = value;
1084 break;
1085
1086 case sVerifyReverseMapping:
1087 intptr = &options->verify_reverse_mapping;
1088 goto parse_flag;
1089
1090 case sLogFacility:
1091 intptr = (int *) &options->log_facility;
1092 arg = strdelim(&cp);
1093 value = log_facility_number(arg);
1094 if (value == SYSLOG_FACILITY_NOT_SET)
1095 fatal("%.200s line %d: unsupported log facility '%s'",
1096 filename, linenum, arg ? arg : "<NONE>");
1097 if (*intptr == -1)
1098 *intptr = (SyslogFacility) value;
1099 break;
1100
1101 case sLogLevel:
1102 intptr = (int *) &options->log_level;
1103 arg = strdelim(&cp);
1104 value = log_level_number(arg);
1105 if (value == SYSLOG_LEVEL_NOT_SET)
1106 fatal("%.200s line %d: unsupported log level '%s'",
1107 filename, linenum, arg ? arg : "<NONE>");
1108 if (*intptr == -1)
1109 *intptr = (LogLevel) value;
1110 break;
1111
1112 case sAllowTcpForwarding:
1113 intptr = &options->allow_tcp_forwarding;
1114 goto parse_flag;
1115
1116 case sUsePrivilegeSeparation:
1117 log("%s line %d: ignoring UsePrivilegeSeparation option value."
1118 " This option is always on.", filename, linenum);
1119 while (arg)
1120 arg = strdelim(&cp);
1121 break;
1122
1123 case sAllowUsers:
1124 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1125 if (options->num_allow_users >= MAX_ALLOW_USERS)
1126 fatal("%s line %d: too many allow users.",
1127 filename, linenum);
1128 options->allow_users[options->num_allow_users++] =
1129 xstrdup(arg);
1130 }
1131 break;
1132
1133 case sDenyUsers:
1134 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1135 if (options->num_deny_users >= MAX_DENY_USERS)
1136 fatal( "%s line %d: too many deny users.",
1137 filename, linenum);
1138 options->deny_users[options->num_deny_users++] =
1139 xstrdup(arg);
1140 }
1141 break;
1142
1143 case sAllowGroups:
1144 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1145 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
1146 fatal("%s line %d: too many allow groups.",
1147 filename, linenum);
1148 options->allow_groups[options->num_allow_groups++] =
1149 xstrdup(arg);
1150 }
1151 break;
1152
1153 case sDenyGroups:
1154 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1155 if (options->num_deny_groups >= MAX_DENY_GROUPS)
1156 fatal("%s line %d: too many deny groups.",
1157 filename, linenum);
1158 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
1159 }
1160 break;
1161
1162 case sCiphers:
1163 arg = strdelim(&cp);
1164 if (!arg || *arg == '\0')
1165 fatal("%s line %d: Missing argument.", filename, linenum);
1166 if (!ciphers_valid(arg))
1167 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1168 filename, linenum, arg ? arg : "<NONE>");
1169 if (options->ciphers == NULL)
1170 options->ciphers = xstrdup(arg);
1171 break;
1172
1173 case sMacs:
1174 arg = strdelim(&cp);
1175 if (!arg || *arg == '\0')
1176 fatal("%s line %d: Missing argument.", filename, linenum);
1177 if (!mac_valid(arg))
1178 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1179 filename, linenum, arg ? arg : "<NONE>");
1180 if (options->macs == NULL)
1181 options->macs = xstrdup(arg);
1182 break;
1183
1184 case sProtocol:
1185 intptr = &options->protocol;
1186 arg = strdelim(&cp);
1187 if (!arg || *arg == '\0')
1188 fatal("%s line %d: Missing argument.", filename, linenum);
1189 value = proto_spec(arg);
1190 if (value == SSH_PROTO_UNKNOWN)
1191 fatal("%s line %d: Bad protocol spec '%s'.",
1192 filename, linenum, arg ? arg : "<NONE>");
1193 if (*intptr == SSH_PROTO_UNKNOWN)
1194 *intptr = value;
1195 break;
1196
1197 case sSubsystem:
1198 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1199 fatal("%s line %d: too many subsystems defined.",
1200 filename, linenum);
1201 }
1202 arg = strdelim(&cp);
1203 if (!arg || *arg == '\0')
1204 fatal("%s line %d: Missing subsystem name.",
1205 filename, linenum);
1206 if (!*activep) {
1207 arg = strdelim(&cp);
1208 break;
1209 }
1210 for (i = 0; i < options->num_subsystems; i++)
1211 if (strcmp(arg, options->subsystem_name[i]) == 0)
1212 fatal("%s line %d: Subsystem '%s' already defined.",
1213 filename, linenum, arg);
1214 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1215 arg = strdelim(&cp);
1216 if (!arg || *arg == '\0')
1217 fatal("%s line %d: Missing subsystem command.",
1218 filename, linenum);
1219 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1220
1221 /*
1222 * Collect arguments (separate to executable), including the
1223 * name of the executable, in a way that is easier to parse
1224 * later.
1225 */
1226 p = xstrdup(arg);
1227 len = strlen(p) + 1;
1228 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1229 len += 1 + strlen(arg);
1230 p = xrealloc(p, len);
1231 strlcat(p, " ", len);
1232 strlcat(p, arg, len);
1233 }
1234 options->subsystem_args[options->num_subsystems] = p;
1235 options->num_subsystems++;
1236 break;
1237
1238 case sMaxStartups:
1239 arg = strdelim(&cp);
1240 if (!arg || *arg == '\0')
1241 fatal("%s line %d: Missing MaxStartups spec.",
1242 filename, linenum);
1243 if ((n = sscanf(arg, "%d:%d:%d",
1244 &options->max_startups_begin,
1245 &options->max_startups_rate,
1246 &options->max_startups)) == 3) {
1247 if (options->max_startups_begin >
1248 options->max_startups ||
1249 options->max_startups_rate > 100 ||
1250 options->max_startups_rate < 1)
1251 fatal("%s line %d: Illegal MaxStartups spec.",
1252 filename, linenum);
1253 } else if (n != 1)
1254 fatal("%s line %d: Illegal MaxStartups spec.",
1255 filename, linenum);
1256 else
1257 options->max_startups = options->max_startups_begin;
1258 break;
1259
1260 case sBanner:
1261 charptr = &options->banner;
1262 goto parse_filename;
1263 /*
1264 * These options can contain %X options expanded at
1265 * connect time, so that you can specify paths like:
1266 *
1267 * AuthorizedKeysFile /etc/ssh_keys/%u
1268 */
1269 case sAuthorizedKeysFile:
1270 case sAuthorizedKeysFile2:
1271 charptr = (opcode == sAuthorizedKeysFile) ?
1272 &options->authorized_keys_file :
1273 &options->authorized_keys_file2;
1274 goto parse_filename;
1275
1276 case sClientAliveInterval:
1277 intptr = &options->client_alive_interval;
1278 goto parse_time;
1279
1280 case sClientAliveCountMax:
1281 intptr = &options->client_alive_count_max;
1282 goto parse_int;
1283
1284 case sMaxAuthTries:
1285 intptr = &options->max_auth_tries;
1286 goto parse_int;
1287
1288 case sMaxAuthTriesLog:
1289 intptr = &options->max_auth_tries_log;
1290 goto parse_int;
1291
1292 case sLookupClientHostnames:
1293 intptr = &options->lookup_client_hostnames;
1294 goto parse_flag;
1295
1296 case sUseOpenSSLEngine:
1297 intptr = &options->use_openssl_engine;
1298 goto parse_flag;
1299
1300 case sChrootDirectory:
1301 charptr = &options->chroot_directory;
1302
1303 arg = strdelim(&cp);
1304 if (arg == NULL || *arg == '\0')
1305 fatal("%s line %d: missing directory name for "
1306 "ChrootDirectory.", filename, linenum);
1307 if (*activep && *charptr == NULL)
1308 *charptr = xstrdup(arg);
1309 break;
1310
1311 case sPreUserauthHook:
1312 charptr = &options->pre_userauth_hook;
1313 goto parse_filename;
1314
1315 case sMatch:
1316 if (cmdline)
1317 fatal("Match directive not supported as a command-line "
1318 "option");
1319 value = match_cfg_line(&cp, linenum, user, host, address);
1320 if (value < 0)
1321 fatal("%s line %d: Bad Match condition", filename,
1322 linenum);
1323 *activep = value;
1324 break;
1325
1326 case sDeprecated:
1327 log("%s line %d: Deprecated option %s",
1328 filename, linenum, arg);
1329 while (arg)
1330 arg = strdelim(&cp);
1331 break;
1332
1333 case sPAMServicePrefix:
1334 arg = strdelim(&cp);
1335 if (!arg || *arg == '\0')
1336 fatal("%s line %d: Missing argument.",
1337 filename, linenum);
1338 if (options->pam_service_name != NULL)
1339 fatal("%s line %d: PAMServiceName and PAMServicePrefix "
1340 "are mutually exclusive.", filename, linenum);
1341 if (options->pam_service_prefix == NULL)
1342 options->pam_service_prefix = xstrdup(arg);
1343 break;
1344
1345 case sPAMServiceName:
1346 arg = strdelim(&cp);
1347 if (!arg || *arg == '\0')
1348 fatal("%s line %d: Missing argument.",
1349 filename, linenum);
1350 if (options->pam_service_prefix != NULL)
1351 fatal("%s line %d: PAMServiceName and PAMServicePrefix "
1352 "are mutually exclusive.", filename, linenum);
1353 if (options->pam_service_name == NULL)
1354 options->pam_service_name = xstrdup(arg);
1355 break;
1356
1357 default:
1358 fatal("%s line %d: Missing handler for opcode %s (%d)",
1359 filename, linenum, arg, opcode);
1360 }
1361 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1362 fatal("%s line %d: garbage at end of line; \"%.200s\".",
1363 filename, linenum, arg);
1364 return 0;
1365 }
1366
1367
1368 /* Reads the server configuration file. */
1369
1370 void
load_server_config(const char * filename,Buffer * conf)1371 load_server_config(const char *filename, Buffer *conf)
1372 {
1373 char line[1024], *cp;
1374 FILE *f;
1375
1376 debug2("%s: filename %s", __func__, filename);
1377 if ((f = fopen(filename, "r")) == NULL) {
1378 perror(filename);
1379 exit(1);
1380 }
1381 buffer_clear(conf);
1382 while (fgets(line, sizeof(line), f)) {
1383 /*
1384 * Trim out comments and strip whitespace
1385 * NB - preserve newlines, they are needed to reproduce
1386 * line numbers later for error messages
1387 */
1388 if ((cp = strchr(line, '#')) != NULL)
1389 memcpy(cp, "\n", 2);
1390 cp = line + strspn(line, " \t\r");
1391
1392 buffer_append(conf, cp, strlen(cp));
1393 }
1394 buffer_append(conf, "\0", 1);
1395 fclose(f);
1396 debug2("%s: done config len = %d", __func__, buffer_len(conf));
1397 }
1398
1399 void
parse_server_match_config(ServerOptions * options,const char * user,const char * host,const char * address)1400 parse_server_match_config(ServerOptions *options, const char *user,
1401 const char *host, const char *address)
1402 {
1403 ServerOptions mo;
1404
1405 initialize_server_options(&mo);
1406 parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
1407 copy_set_server_options(options, &mo, 0);
1408 }
1409
1410
1411
1412 /* Helper macros */
1413 #define M_CP_INTOPT(n) do {\
1414 if (src->n != -1) \
1415 dst->n = src->n; \
1416 } while (0)
1417 #define M_CP_STROPT(n) do {\
1418 if (src->n != NULL) { \
1419 if (dst->n != NULL) \
1420 xfree(dst->n); \
1421 dst->n = src->n; \
1422 } \
1423 } while(0)
1424
1425 /*
1426 * Copy any supported values that are set.
1427 *
1428 * If the preauth flag is set, we do not bother copying the the string or
1429 * array values that are not used pre-authentication, because any that we
1430 * do use must be explictly sent in mm_getpwnamallow().
1431 */
1432 void
copy_set_server_options(ServerOptions * dst,ServerOptions * src,int preauth)1433 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1434 {
1435 M_CP_INTOPT(password_authentication);
1436 M_CP_INTOPT(gss_authentication);
1437 M_CP_INTOPT(rsa_authentication);
1438 M_CP_INTOPT(pubkey_authentication);
1439 M_CP_INTOPT(hostbased_authentication);
1440 M_CP_INTOPT(kbd_interactive_authentication);
1441 M_CP_INTOPT(permit_root_login);
1442 M_CP_INTOPT(permit_empty_passwd);
1443 M_CP_INTOPT(allow_tcp_forwarding);
1444 M_CP_INTOPT(gateway_ports);
1445 M_CP_INTOPT(x11_display_offset);
1446 M_CP_INTOPT(x11_forwarding);
1447 M_CP_INTOPT(x11_use_localhost);
1448 M_CP_INTOPT(max_auth_tries);
1449 M_CP_STROPT(banner);
1450
1451 if (preauth)
1452 return;
1453 M_CP_STROPT(chroot_directory);
1454 }
1455
1456 #undef M_CP_INTOPT
1457 #undef M_CP_STROPT
1458
1459 void
parse_server_config(ServerOptions * options,const char * filename,Buffer * conf,const char * user,const char * host,const char * address)1460 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
1461 const char *user, const char *host, const char *address)
1462 {
1463 int active, linenum, bad_options = 0;
1464 char *cp, *obuf, *cbuf;
1465
1466 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf));
1467
1468 obuf = cbuf = xstrdup(buffer_ptr(conf));
1469 active = user ? 0 : 1;
1470 linenum = 1;
1471 while ((cp = strsep(&cbuf, "\n")) != NULL) {
1472 if (process_server_config_line(options, cp, filename,
1473 linenum++, &active, user, host, address) != 0)
1474 bad_options++;
1475 }
1476 xfree(obuf);
1477 if (bad_options > 0)
1478 fatal("%s: terminating, %d bad configuration options",
1479 filename, bad_options);
1480 }
1481
1482
1483 /*
1484 * Note that "none" is a special path having the same affect on sshd
1485 * configuration as not specifying ChrootDirectory at all.
1486 */
1487 int
chroot_requested(char * chroot_directory)1488 chroot_requested(char *chroot_directory)
1489 {
1490 return (chroot_directory != NULL &&
1491 strcasecmp(chroot_directory, "none") != 0);
1492 }
1493