1 2 /* $OpenBSD: servconf.c,v 1.360 2020/01/31 22:42:45 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include <sys/types.h> 15 #include <sys/socket.h> 16 #include <sys/queue.h> 17 #include <sys/sysctl.h> 18 19 #include <netinet/in.h> 20 #include <netinet/ip.h> 21 #include <net/route.h> 22 23 #include <ctype.h> 24 #include <glob.h> 25 #include <netdb.h> 26 #include <pwd.h> 27 #include <stdio.h> 28 #include <stdlib.h> 29 #include <string.h> 30 #include <signal.h> 31 #include <unistd.h> 32 #include <limits.h> 33 #include <stdarg.h> 34 #include <errno.h> 35 #include <util.h> 36 37 #include "xmalloc.h" 38 #include "ssh.h" 39 #include "log.h" 40 #include "sshbuf.h" 41 #include "misc.h" 42 #include "servconf.h" 43 #include "compat.h" 44 #include "pathnames.h" 45 #include "cipher.h" 46 #include "sshkey.h" 47 #include "kex.h" 48 #include "mac.h" 49 #include "match.h" 50 #include "channels.h" 51 #include "groupaccess.h" 52 #include "canohost.h" 53 #include "packet.h" 54 #include "ssherr.h" 55 #include "hostfile.h" 56 #include "auth.h" 57 #include "myproposal.h" 58 #include "digest.h" 59 60 static void add_listen_addr(ServerOptions *, const char *, 61 const char *, int); 62 static void add_one_listen_addr(ServerOptions *, const char *, 63 const char *, int); 64 void parse_server_config_depth(ServerOptions *options, const char *filename, 65 struct sshbuf *conf, struct include_list *includes, 66 struct connection_info *connectinfo, int flags, int *activep, int depth); 67 68 /* Use of privilege separation or not */ 69 extern int use_privsep; 70 extern struct sshbuf *cfg; 71 72 /* Initializes the server options to their default values. */ 73 74 void 75 initialize_server_options(ServerOptions *options) 76 { 77 memset(options, 0, sizeof(*options)); 78 options->num_ports = 0; 79 options->ports_from_cmdline = 0; 80 options->queued_listen_addrs = NULL; 81 options->num_queued_listens = 0; 82 options->listen_addrs = NULL; 83 options->num_listen_addrs = 0; 84 options->address_family = -1; 85 options->routing_domain = NULL; 86 options->num_host_key_files = 0; 87 options->num_host_cert_files = 0; 88 options->host_key_agent = NULL; 89 options->pid_file = NULL; 90 options->login_grace_time = -1; 91 options->permit_root_login = PERMIT_NOT_SET; 92 options->ignore_rhosts = -1; 93 options->ignore_user_known_hosts = -1; 94 options->print_motd = -1; 95 options->print_lastlog = -1; 96 options->x11_forwarding = -1; 97 options->x11_display_offset = -1; 98 options->x11_use_localhost = -1; 99 options->permit_tty = -1; 100 options->permit_user_rc = -1; 101 options->xauth_location = NULL; 102 options->strict_modes = -1; 103 options->tcp_keep_alive = -1; 104 options->log_facility = SYSLOG_FACILITY_NOT_SET; 105 options->log_level = SYSLOG_LEVEL_NOT_SET; 106 options->hostbased_authentication = -1; 107 options->hostbased_uses_name_from_packet_only = -1; 108 options->hostbased_key_types = NULL; 109 options->hostkeyalgorithms = NULL; 110 options->pubkey_authentication = -1; 111 options->pubkey_auth_options = -1; 112 options->pubkey_key_types = NULL; 113 options->kerberos_authentication = -1; 114 options->kerberos_or_local_passwd = -1; 115 options->kerberos_ticket_cleanup = -1; 116 options->kerberos_get_afs_token = -1; 117 options->gss_authentication=-1; 118 options->gss_cleanup_creds = -1; 119 options->gss_strict_acceptor = -1; 120 options->password_authentication = -1; 121 options->kbd_interactive_authentication = -1; 122 options->challenge_response_authentication = -1; 123 options->permit_empty_passwd = -1; 124 options->permit_user_env = -1; 125 options->permit_user_env_whitelist = NULL; 126 options->compression = -1; 127 options->rekey_limit = -1; 128 options->rekey_interval = -1; 129 options->allow_tcp_forwarding = -1; 130 options->allow_streamlocal_forwarding = -1; 131 options->allow_agent_forwarding = -1; 132 options->num_allow_users = 0; 133 options->num_deny_users = 0; 134 options->num_allow_groups = 0; 135 options->num_deny_groups = 0; 136 options->ciphers = NULL; 137 options->macs = NULL; 138 options->kex_algorithms = NULL; 139 options->ca_sign_algorithms = NULL; 140 options->fwd_opts.gateway_ports = -1; 141 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 142 options->fwd_opts.streamlocal_bind_unlink = -1; 143 options->num_subsystems = 0; 144 options->max_startups_begin = -1; 145 options->max_startups_rate = -1; 146 options->max_startups = -1; 147 options->max_authtries = -1; 148 options->max_sessions = -1; 149 options->banner = NULL; 150 options->use_dns = -1; 151 options->client_alive_interval = -1; 152 options->client_alive_count_max = -1; 153 options->num_authkeys_files = 0; 154 options->num_accept_env = 0; 155 options->num_setenv = 0; 156 options->permit_tun = -1; 157 options->permitted_opens = NULL; 158 options->permitted_listens = NULL; 159 options->adm_forced_command = NULL; 160 options->chroot_directory = NULL; 161 options->authorized_keys_command = NULL; 162 options->authorized_keys_command_user = NULL; 163 options->revoked_keys_file = NULL; 164 options->sk_provider = NULL; 165 options->trusted_user_ca_keys = NULL; 166 options->authorized_principals_file = NULL; 167 options->authorized_principals_command = NULL; 168 options->authorized_principals_command_user = NULL; 169 options->ip_qos_interactive = -1; 170 options->ip_qos_bulk = -1; 171 options->version_addendum = NULL; 172 options->fingerprint_hash = -1; 173 options->disable_forwarding = -1; 174 options->expose_userauth_info = -1; 175 } 176 177 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 178 static int 179 option_clear_or_none(const char *o) 180 { 181 return o == NULL || strcasecmp(o, "none") == 0; 182 } 183 184 static void 185 assemble_algorithms(ServerOptions *o) 186 { 187 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 188 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; 189 int r; 190 191 all_cipher = cipher_alg_list(',', 0); 192 all_mac = mac_alg_list(','); 193 all_kex = kex_alg_list(','); 194 all_key = sshkey_alg_list(0, 0, 1, ','); 195 all_sig = sshkey_alg_list(0, 1, 1, ','); 196 /* remove unsupported algos from default lists */ 197 def_cipher = match_filter_whitelist(KEX_SERVER_ENCRYPT, all_cipher); 198 def_mac = match_filter_whitelist(KEX_SERVER_MAC, all_mac); 199 def_kex = match_filter_whitelist(KEX_SERVER_KEX, all_kex); 200 def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key); 201 def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig); 202 #define ASSEMBLE(what, defaults, all) \ 203 do { \ 204 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ 205 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ 206 } while (0) 207 ASSEMBLE(ciphers, def_cipher, all_cipher); 208 ASSEMBLE(macs, def_mac, all_mac); 209 ASSEMBLE(kex_algorithms, def_kex, all_kex); 210 ASSEMBLE(hostkeyalgorithms, def_key, all_key); 211 ASSEMBLE(hostbased_key_types, def_key, all_key); 212 ASSEMBLE(pubkey_key_types, def_key, all_key); 213 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); 214 #undef ASSEMBLE 215 free(all_cipher); 216 free(all_mac); 217 free(all_kex); 218 free(all_key); 219 free(all_sig); 220 free(def_cipher); 221 free(def_mac); 222 free(def_kex); 223 free(def_key); 224 free(def_sig); 225 } 226 227 static void 228 array_append2(const char *file, const int line, const char *directive, 229 char ***array, int **iarray, u_int *lp, const char *s, int i) 230 { 231 232 if (*lp >= INT_MAX) 233 fatal("%s line %d: Too many %s entries", file, line, directive); 234 235 if (iarray != NULL) { 236 *iarray = xrecallocarray(*iarray, *lp, *lp + 1, 237 sizeof(**iarray)); 238 (*iarray)[*lp] = i; 239 } 240 241 *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array)); 242 (*array)[*lp] = xstrdup(s); 243 (*lp)++; 244 } 245 246 static void 247 array_append(const char *file, const int line, const char *directive, 248 char ***array, u_int *lp, const char *s) 249 { 250 array_append2(file, line, directive, array, NULL, lp, s, 0); 251 } 252 253 void 254 servconf_add_hostkey(const char *file, const int line, 255 ServerOptions *options, const char *path, int userprovided) 256 { 257 char *apath = derelativise_path(path); 258 259 array_append2(file, line, "HostKey", 260 &options->host_key_files, &options->host_key_file_userprovided, 261 &options->num_host_key_files, apath, userprovided); 262 free(apath); 263 } 264 265 void 266 servconf_add_hostcert(const char *file, const int line, 267 ServerOptions *options, const char *path) 268 { 269 char *apath = derelativise_path(path); 270 271 array_append(file, line, "HostCertificate", 272 &options->host_cert_files, &options->num_host_cert_files, apath); 273 free(apath); 274 } 275 276 void 277 fill_default_server_options(ServerOptions *options) 278 { 279 u_int i; 280 281 if (options->num_host_key_files == 0) { 282 /* fill default hostkeys */ 283 servconf_add_hostkey("[default]", 0, options, 284 _PATH_HOST_RSA_KEY_FILE, 0); 285 servconf_add_hostkey("[default]", 0, options, 286 _PATH_HOST_ECDSA_KEY_FILE, 0); 287 servconf_add_hostkey("[default]", 0, options, 288 _PATH_HOST_ED25519_KEY_FILE, 0); 289 #ifdef WITH_XMSS 290 servconf_add_hostkey("[default]", 0, options, 291 _PATH_HOST_XMSS_KEY_FILE, 0); 292 #endif /* WITH_XMSS */ 293 } 294 /* No certificates by default */ 295 if (options->num_ports == 0) 296 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 297 if (options->address_family == -1) 298 options->address_family = AF_UNSPEC; 299 if (options->listen_addrs == NULL) 300 add_listen_addr(options, NULL, NULL, 0); 301 if (options->pid_file == NULL) 302 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 303 if (options->login_grace_time == -1) 304 options->login_grace_time = 120; 305 if (options->permit_root_login == PERMIT_NOT_SET) 306 options->permit_root_login = PERMIT_NO_PASSWD; 307 if (options->ignore_rhosts == -1) 308 options->ignore_rhosts = 1; 309 if (options->ignore_user_known_hosts == -1) 310 options->ignore_user_known_hosts = 0; 311 if (options->print_motd == -1) 312 options->print_motd = 1; 313 if (options->print_lastlog == -1) 314 options->print_lastlog = 1; 315 if (options->x11_forwarding == -1) 316 options->x11_forwarding = 0; 317 if (options->x11_display_offset == -1) 318 options->x11_display_offset = 10; 319 if (options->x11_use_localhost == -1) 320 options->x11_use_localhost = 1; 321 if (options->xauth_location == NULL) 322 options->xauth_location = xstrdup(_PATH_XAUTH); 323 if (options->permit_tty == -1) 324 options->permit_tty = 1; 325 if (options->permit_user_rc == -1) 326 options->permit_user_rc = 1; 327 if (options->strict_modes == -1) 328 options->strict_modes = 1; 329 if (options->tcp_keep_alive == -1) 330 options->tcp_keep_alive = 1; 331 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 332 options->log_facility = SYSLOG_FACILITY_AUTH; 333 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 334 options->log_level = SYSLOG_LEVEL_INFO; 335 if (options->hostbased_authentication == -1) 336 options->hostbased_authentication = 0; 337 if (options->hostbased_uses_name_from_packet_only == -1) 338 options->hostbased_uses_name_from_packet_only = 0; 339 if (options->pubkey_authentication == -1) 340 options->pubkey_authentication = 1; 341 if (options->pubkey_auth_options == -1) 342 options->pubkey_auth_options = 0; 343 if (options->kerberos_authentication == -1) 344 options->kerberos_authentication = 0; 345 if (options->kerberos_or_local_passwd == -1) 346 options->kerberos_or_local_passwd = 1; 347 if (options->kerberos_ticket_cleanup == -1) 348 options->kerberos_ticket_cleanup = 1; 349 if (options->kerberos_get_afs_token == -1) 350 options->kerberos_get_afs_token = 0; 351 if (options->gss_authentication == -1) 352 options->gss_authentication = 0; 353 if (options->gss_cleanup_creds == -1) 354 options->gss_cleanup_creds = 1; 355 if (options->gss_strict_acceptor == -1) 356 options->gss_strict_acceptor = 1; 357 if (options->password_authentication == -1) 358 options->password_authentication = 1; 359 if (options->kbd_interactive_authentication == -1) 360 options->kbd_interactive_authentication = 0; 361 if (options->challenge_response_authentication == -1) 362 options->challenge_response_authentication = 1; 363 if (options->permit_empty_passwd == -1) 364 options->permit_empty_passwd = 0; 365 if (options->permit_user_env == -1) { 366 options->permit_user_env = 0; 367 options->permit_user_env_whitelist = NULL; 368 } 369 if (options->compression == -1) 370 #ifdef WITH_ZLIB 371 options->compression = COMP_DELAYED; 372 #else 373 options->compression = COMP_NONE; 374 #endif 375 376 if (options->rekey_limit == -1) 377 options->rekey_limit = 0; 378 if (options->rekey_interval == -1) 379 options->rekey_interval = 0; 380 if (options->allow_tcp_forwarding == -1) 381 options->allow_tcp_forwarding = FORWARD_ALLOW; 382 if (options->allow_streamlocal_forwarding == -1) 383 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 384 if (options->allow_agent_forwarding == -1) 385 options->allow_agent_forwarding = 1; 386 if (options->fwd_opts.gateway_ports == -1) 387 options->fwd_opts.gateway_ports = 0; 388 if (options->max_startups == -1) 389 options->max_startups = 100; 390 if (options->max_startups_rate == -1) 391 options->max_startups_rate = 30; /* 30% */ 392 if (options->max_startups_begin == -1) 393 options->max_startups_begin = 10; 394 if (options->max_authtries == -1) 395 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 396 if (options->max_sessions == -1) 397 options->max_sessions = DEFAULT_SESSIONS_MAX; 398 if (options->use_dns == -1) 399 options->use_dns = 0; 400 if (options->client_alive_interval == -1) 401 options->client_alive_interval = 0; 402 if (options->client_alive_count_max == -1) 403 options->client_alive_count_max = 3; 404 if (options->num_authkeys_files == 0) { 405 array_append("[default]", 0, "AuthorizedKeysFiles", 406 &options->authorized_keys_files, 407 &options->num_authkeys_files, 408 _PATH_SSH_USER_PERMITTED_KEYS); 409 array_append("[default]", 0, "AuthorizedKeysFiles", 410 &options->authorized_keys_files, 411 &options->num_authkeys_files, 412 _PATH_SSH_USER_PERMITTED_KEYS2); 413 } 414 if (options->permit_tun == -1) 415 options->permit_tun = SSH_TUNMODE_NO; 416 if (options->ip_qos_interactive == -1) 417 options->ip_qos_interactive = IPTOS_DSCP_AF21; 418 if (options->ip_qos_bulk == -1) 419 options->ip_qos_bulk = IPTOS_DSCP_CS1; 420 if (options->version_addendum == NULL) 421 options->version_addendum = xstrdup(""); 422 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 423 options->fwd_opts.streamlocal_bind_mask = 0177; 424 if (options->fwd_opts.streamlocal_bind_unlink == -1) 425 options->fwd_opts.streamlocal_bind_unlink = 0; 426 if (options->fingerprint_hash == -1) 427 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 428 if (options->disable_forwarding == -1) 429 options->disable_forwarding = 0; 430 if (options->expose_userauth_info == -1) 431 options->expose_userauth_info = 0; 432 if (options->sk_provider == NULL) 433 options->sk_provider = xstrdup("internal"); 434 435 assemble_algorithms(options); 436 437 /* Turn privilege separation and sandboxing on by default */ 438 if (use_privsep == -1) 439 use_privsep = PRIVSEP_ON; 440 441 #define CLEAR_ON_NONE(v) \ 442 do { \ 443 if (option_clear_or_none(v)) { \ 444 free(v); \ 445 v = NULL; \ 446 } \ 447 } while(0) 448 CLEAR_ON_NONE(options->pid_file); 449 CLEAR_ON_NONE(options->xauth_location); 450 CLEAR_ON_NONE(options->banner); 451 CLEAR_ON_NONE(options->trusted_user_ca_keys); 452 CLEAR_ON_NONE(options->revoked_keys_file); 453 CLEAR_ON_NONE(options->sk_provider); 454 CLEAR_ON_NONE(options->authorized_principals_file); 455 CLEAR_ON_NONE(options->adm_forced_command); 456 CLEAR_ON_NONE(options->chroot_directory); 457 CLEAR_ON_NONE(options->routing_domain); 458 CLEAR_ON_NONE(options->host_key_agent); 459 for (i = 0; i < options->num_host_key_files; i++) 460 CLEAR_ON_NONE(options->host_key_files[i]); 461 for (i = 0; i < options->num_host_cert_files; i++) 462 CLEAR_ON_NONE(options->host_cert_files[i]); 463 #undef CLEAR_ON_NONE 464 465 /* Similar handling for AuthenticationMethods=any */ 466 if (options->num_auth_methods == 1 && 467 strcmp(options->auth_methods[0], "any") == 0) { 468 free(options->auth_methods[0]); 469 options->auth_methods[0] = NULL; 470 options->num_auth_methods = 0; 471 } 472 } 473 474 /* Keyword tokens. */ 475 typedef enum { 476 sBadOption, /* == unknown option */ 477 sPort, sHostKeyFile, sLoginGraceTime, 478 sPermitRootLogin, sLogFacility, sLogLevel, 479 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 480 sKerberosGetAFSToken, sChallengeResponseAuthentication, 481 sPasswordAuthentication, sKbdInteractiveAuthentication, 482 sListenAddress, sAddressFamily, 483 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 484 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 485 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 486 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 487 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 488 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, 489 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 490 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 491 sBanner, sUseDNS, sHostbasedAuthentication, 492 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, 493 sHostKeyAlgorithms, 494 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 495 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 496 sAcceptEnv, sSetEnv, sPermitTunnel, 497 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 498 sUsePrivilegeSeparation, sAllowAgentForwarding, 499 sHostCertificate, sInclude, 500 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 501 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 502 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, 503 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 504 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 505 sStreamLocalBindMask, sStreamLocalBindUnlink, 506 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 507 sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, 508 sDeprecated, sIgnore, sUnsupported 509 } ServerOpCodes; 510 511 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */ 512 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 513 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 514 #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ 515 516 /* Textual representation of the tokens. */ 517 static struct { 518 const char *name; 519 ServerOpCodes opcode; 520 u_int flags; 521 } keywords[] = { 522 { "port", sPort, SSHCFG_GLOBAL }, 523 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 524 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 525 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 526 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 527 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 528 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 529 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 530 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 531 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 532 { "loglevel", sLogLevel, SSHCFG_ALL }, 533 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 534 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 535 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 536 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 537 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 538 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 539 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 540 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 541 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 542 { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL }, 543 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 544 #ifdef KRB5 545 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 546 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 547 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 548 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 549 #else 550 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 551 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 552 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 553 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 554 #endif 555 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 556 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 557 #ifdef GSSAPI 558 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 559 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 560 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 561 #else 562 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 563 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 564 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 565 #endif 566 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 567 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 568 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 569 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 570 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 571 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 572 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 573 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 574 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 575 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 576 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 577 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 578 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 579 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 580 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 581 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 582 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 583 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 584 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 585 { "compression", sCompression, SSHCFG_GLOBAL }, 586 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 587 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 588 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 589 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 590 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 591 { "allowusers", sAllowUsers, SSHCFG_ALL }, 592 { "denyusers", sDenyUsers, SSHCFG_ALL }, 593 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 594 { "denygroups", sDenyGroups, SSHCFG_ALL }, 595 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 596 { "macs", sMacs, SSHCFG_GLOBAL }, 597 { "protocol", sIgnore, SSHCFG_GLOBAL }, 598 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 599 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 600 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 601 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 602 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 603 { "banner", sBanner, SSHCFG_ALL }, 604 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 605 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 606 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 607 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 608 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 609 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 610 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 611 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, 612 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 613 { "setenv", sSetEnv, SSHCFG_ALL }, 614 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 615 { "permittty", sPermitTTY, SSHCFG_ALL }, 616 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 617 { "match", sMatch, SSHCFG_ALL }, 618 { "permitopen", sPermitOpen, SSHCFG_ALL }, 619 { "permitlisten", sPermitListen, SSHCFG_ALL }, 620 { "forcecommand", sForceCommand, SSHCFG_ALL }, 621 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 622 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 623 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 624 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 625 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 626 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 627 { "include", sInclude, SSHCFG_ALL }, 628 { "ipqos", sIPQoS, SSHCFG_ALL }, 629 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 630 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 631 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 632 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 633 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 634 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 635 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 636 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 637 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 638 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 639 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 640 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, 641 { "rdomain", sRDomain, SSHCFG_ALL }, 642 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, 643 { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, 644 { NULL, sBadOption, 0 } 645 }; 646 647 static struct { 648 int val; 649 char *text; 650 } tunmode_desc[] = { 651 { SSH_TUNMODE_NO, "no" }, 652 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 653 { SSH_TUNMODE_ETHERNET, "ethernet" }, 654 { SSH_TUNMODE_YES, "yes" }, 655 { -1, NULL } 656 }; 657 658 /* Returns an opcode name from its number */ 659 660 static const char * 661 lookup_opcode_name(ServerOpCodes code) 662 { 663 u_int i; 664 665 for (i = 0; keywords[i].name != NULL; i++) 666 if (keywords[i].opcode == code) 667 return(keywords[i].name); 668 return "UNKNOWN"; 669 } 670 671 672 /* 673 * Returns the number of the token pointed to by cp or sBadOption. 674 */ 675 676 static ServerOpCodes 677 parse_token(const char *cp, const char *filename, 678 int linenum, u_int *flags) 679 { 680 u_int i; 681 682 for (i = 0; keywords[i].name; i++) 683 if (strcasecmp(cp, keywords[i].name) == 0) { 684 *flags = keywords[i].flags; 685 return keywords[i].opcode; 686 } 687 688 error("%s: line %d: Bad configuration option: %s", 689 filename, linenum, cp); 690 return sBadOption; 691 } 692 693 char * 694 derelativise_path(const char *path) 695 { 696 char *expanded, *ret, cwd[PATH_MAX]; 697 698 if (strcasecmp(path, "none") == 0) 699 return xstrdup("none"); 700 expanded = tilde_expand_filename(path, getuid()); 701 if (path_absolute(expanded)) 702 return expanded; 703 if (getcwd(cwd, sizeof(cwd)) == NULL) 704 fatal("%s: getcwd: %s", __func__, strerror(errno)); 705 xasprintf(&ret, "%s/%s", cwd, expanded); 706 free(expanded); 707 return ret; 708 } 709 710 static void 711 add_listen_addr(ServerOptions *options, const char *addr, 712 const char *rdomain, int port) 713 { 714 u_int i; 715 716 if (port > 0) 717 add_one_listen_addr(options, addr, rdomain, port); 718 else { 719 for (i = 0; i < options->num_ports; i++) { 720 add_one_listen_addr(options, addr, rdomain, 721 options->ports[i]); 722 } 723 } 724 } 725 726 static void 727 add_one_listen_addr(ServerOptions *options, const char *addr, 728 const char *rdomain, int port) 729 { 730 struct addrinfo hints, *ai, *aitop; 731 char strport[NI_MAXSERV]; 732 int gaierr; 733 u_int i; 734 735 /* Find listen_addrs entry for this rdomain */ 736 for (i = 0; i < options->num_listen_addrs; i++) { 737 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL) 738 break; 739 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL) 740 continue; 741 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0) 742 break; 743 } 744 if (i >= options->num_listen_addrs) { 745 /* No entry for this rdomain; allocate one */ 746 if (i >= INT_MAX) 747 fatal("%s: too many listen addresses", __func__); 748 options->listen_addrs = xrecallocarray(options->listen_addrs, 749 options->num_listen_addrs, options->num_listen_addrs + 1, 750 sizeof(*options->listen_addrs)); 751 i = options->num_listen_addrs++; 752 if (rdomain != NULL) 753 options->listen_addrs[i].rdomain = xstrdup(rdomain); 754 } 755 /* options->listen_addrs[i] points to the addresses for this rdomain */ 756 757 memset(&hints, 0, sizeof(hints)); 758 hints.ai_family = options->address_family; 759 hints.ai_socktype = SOCK_STREAM; 760 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 761 snprintf(strport, sizeof strport, "%d", port); 762 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 763 fatal("bad addr or host: %s (%s)", 764 addr ? addr : "<NULL>", 765 ssh_gai_strerror(gaierr)); 766 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 767 ; 768 ai->ai_next = options->listen_addrs[i].addrs; 769 options->listen_addrs[i].addrs = aitop; 770 } 771 772 /* Returns nonzero if the routing domain name is valid */ 773 static int 774 valid_rdomain(const char *name) 775 { 776 const char *errstr; 777 long long num; 778 struct rt_tableinfo info; 779 int mib[6]; 780 size_t miblen = sizeof(mib); 781 782 if (name == NULL) 783 return 1; 784 785 num = strtonum(name, 0, 255, &errstr); 786 if (errstr != NULL) 787 return 0; 788 789 /* Check whether the table actually exists */ 790 memset(mib, 0, sizeof(mib)); 791 mib[0] = CTL_NET; 792 mib[1] = PF_ROUTE; 793 mib[4] = NET_RT_TABLE; 794 mib[5] = (int)num; 795 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1) 796 return 0; 797 798 return 1; 799 } 800 801 /* 802 * Queue a ListenAddress to be processed once we have all of the Ports 803 * and AddressFamily options. 804 */ 805 static void 806 queue_listen_addr(ServerOptions *options, const char *addr, 807 const char *rdomain, int port) 808 { 809 struct queued_listenaddr *qla; 810 811 options->queued_listen_addrs = xrecallocarray( 812 options->queued_listen_addrs, 813 options->num_queued_listens, options->num_queued_listens + 1, 814 sizeof(*options->queued_listen_addrs)); 815 qla = &options->queued_listen_addrs[options->num_queued_listens++]; 816 qla->addr = xstrdup(addr); 817 qla->port = port; 818 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain); 819 } 820 821 /* 822 * Process queued (text) ListenAddress entries. 823 */ 824 static void 825 process_queued_listen_addrs(ServerOptions *options) 826 { 827 u_int i; 828 struct queued_listenaddr *qla; 829 830 if (options->num_ports == 0) 831 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 832 if (options->address_family == -1) 833 options->address_family = AF_UNSPEC; 834 835 for (i = 0; i < options->num_queued_listens; i++) { 836 qla = &options->queued_listen_addrs[i]; 837 add_listen_addr(options, qla->addr, qla->rdomain, qla->port); 838 free(qla->addr); 839 free(qla->rdomain); 840 } 841 free(options->queued_listen_addrs); 842 options->queued_listen_addrs = NULL; 843 options->num_queued_listens = 0; 844 } 845 846 /* 847 * Inform channels layer of permitopen options for a single forwarding 848 * direction (local/remote). 849 */ 850 static void 851 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, 852 char **opens, u_int num_opens) 853 { 854 u_int i; 855 int port; 856 char *host, *arg, *oarg, ch; 857 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE; 858 const char *what = lookup_opcode_name(opcode); 859 860 channel_clear_permission(ssh, FORWARD_ADM, where); 861 if (num_opens == 0) 862 return; /* permit any */ 863 864 /* handle keywords: "any" / "none" */ 865 if (num_opens == 1 && strcmp(opens[0], "any") == 0) 866 return; 867 if (num_opens == 1 && strcmp(opens[0], "none") == 0) { 868 channel_disable_admin(ssh, where); 869 return; 870 } 871 /* Otherwise treat it as a list of permitted host:port */ 872 for (i = 0; i < num_opens; i++) { 873 oarg = arg = xstrdup(opens[i]); 874 ch = '\0'; 875 host = hpdelim2(&arg, &ch); 876 if (host == NULL || ch == '/') 877 fatal("%s: missing host in %s", __func__, what); 878 host = cleanhostname(host); 879 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 880 fatal("%s: bad port number in %s", __func__, what); 881 /* Send it to channels layer */ 882 channel_add_permission(ssh, FORWARD_ADM, 883 where, host, port); 884 free(oarg); 885 } 886 } 887 888 /* 889 * Inform channels layer of permitopen options from configuration. 890 */ 891 void 892 process_permitopen(struct ssh *ssh, ServerOptions *options) 893 { 894 process_permitopen_list(ssh, sPermitOpen, 895 options->permitted_opens, options->num_permitted_opens); 896 process_permitopen_list(ssh, sPermitListen, 897 options->permitted_listens, 898 options->num_permitted_listens); 899 } 900 901 struct connection_info * 902 get_connection_info(struct ssh *ssh, int populate, int use_dns) 903 { 904 static struct connection_info ci; 905 906 if (ssh == NULL || !populate) 907 return &ci; 908 ci.host = auth_get_canonical_hostname(ssh, use_dns); 909 ci.address = ssh_remote_ipaddr(ssh); 910 ci.laddress = ssh_local_ipaddr(ssh); 911 ci.lport = ssh_local_port(ssh); 912 ci.rdomain = ssh_packet_rdomain_in(ssh); 913 return &ci; 914 } 915 916 /* 917 * The strategy for the Match blocks is that the config file is parsed twice. 918 * 919 * The first time is at startup. activep is initialized to 1 and the 920 * directives in the global context are processed and acted on. Hitting a 921 * Match directive unsets activep and the directives inside the block are 922 * checked for syntax only. 923 * 924 * The second time is after a connection has been established but before 925 * authentication. activep is initialized to 2 and global config directives 926 * are ignored since they have already been processed. If the criteria in a 927 * Match block is met, activep is set and the subsequent directives 928 * processed and actioned until EOF or another Match block unsets it. Any 929 * options set are copied into the main server config. 930 * 931 * Potential additions/improvements: 932 * - Add Match support for pre-kex directives, eg. Ciphers. 933 * 934 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 935 * Match Address 192.168.0.* 936 * Tag trusted 937 * Match Group wheel 938 * Tag trusted 939 * Match Tag trusted 940 * AllowTcpForwarding yes 941 * GatewayPorts clientspecified 942 * [...] 943 * 944 * - Add a PermittedChannelRequests directive 945 * Match Group shell 946 * PermittedChannelRequests session,forwarded-tcpip 947 */ 948 949 static int 950 match_cfg_line_group(const char *grps, int line, const char *user) 951 { 952 int result = 0; 953 struct passwd *pw; 954 955 if (user == NULL) 956 goto out; 957 958 if ((pw = getpwnam(user)) == NULL) { 959 debug("Can't match group at line %d because user %.100s does " 960 "not exist", line, user); 961 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 962 debug("Can't Match group because user %.100s not in any group " 963 "at line %d", user, line); 964 } else if (ga_match_pattern_list(grps) != 1) { 965 debug("user %.100s does not match group list %.100s at line %d", 966 user, grps, line); 967 } else { 968 debug("user %.100s matched group list %.100s at line %d", user, 969 grps, line); 970 result = 1; 971 } 972 out: 973 ga_free(); 974 return result; 975 } 976 977 static void 978 match_test_missing_fatal(const char *criteria, const char *attrib) 979 { 980 fatal("'Match %s' in configuration but '%s' not in connection " 981 "test specification.", criteria, attrib); 982 } 983 984 /* 985 * All of the attributes on a single Match line are ANDed together, so we need 986 * to check every attribute and set the result to zero if any attribute does 987 * not match. 988 */ 989 static int 990 match_cfg_line(char **condition, int line, struct connection_info *ci) 991 { 992 int result = 1, attributes = 0, port; 993 char *arg, *attrib, *cp = *condition; 994 995 if (ci == NULL) 996 debug3("checking syntax for 'Match %s'", cp); 997 else 998 debug3("checking match for '%s' user %s host %s addr %s " 999 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 1000 ci->host ? ci->host : "(null)", 1001 ci->address ? ci->address : "(null)", 1002 ci->laddress ? ci->laddress : "(null)", ci->lport); 1003 1004 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 1005 attributes++; 1006 if (strcasecmp(attrib, "all") == 0) { 1007 if (attributes != 1 || 1008 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 1009 error("'all' cannot be combined with other " 1010 "Match attributes"); 1011 return -1; 1012 } 1013 *condition = cp; 1014 return 1; 1015 } 1016 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 1017 error("Missing Match criteria for %s", attrib); 1018 return -1; 1019 } 1020 if (strcasecmp(attrib, "user") == 0) { 1021 if (ci == NULL || (ci->test && ci->user == NULL)) { 1022 result = 0; 1023 continue; 1024 } 1025 if (ci->user == NULL) 1026 match_test_missing_fatal("User", "user"); 1027 if (match_usergroup_pattern_list(ci->user, arg) != 1) 1028 result = 0; 1029 else 1030 debug("user %.100s matched 'User %.100s' at " 1031 "line %d", ci->user, arg, line); 1032 } else if (strcasecmp(attrib, "group") == 0) { 1033 if (ci == NULL || (ci->test && ci->user == NULL)) { 1034 result = 0; 1035 continue; 1036 } 1037 if (ci->user == NULL) 1038 match_test_missing_fatal("Group", "user"); 1039 switch (match_cfg_line_group(arg, line, ci->user)) { 1040 case -1: 1041 return -1; 1042 case 0: 1043 result = 0; 1044 } 1045 } else if (strcasecmp(attrib, "host") == 0) { 1046 if (ci == NULL || (ci->test && ci->host == NULL)) { 1047 result = 0; 1048 continue; 1049 } 1050 if (ci->host == NULL) 1051 match_test_missing_fatal("Host", "host"); 1052 if (match_hostname(ci->host, arg) != 1) 1053 result = 0; 1054 else 1055 debug("connection from %.100s matched 'Host " 1056 "%.100s' at line %d", ci->host, arg, line); 1057 } else if (strcasecmp(attrib, "address") == 0) { 1058 if (ci == NULL || (ci->test && ci->address == NULL)) { 1059 result = 0; 1060 continue; 1061 } 1062 if (ci->address == NULL) 1063 match_test_missing_fatal("Address", "addr"); 1064 switch (addr_match_list(ci->address, arg)) { 1065 case 1: 1066 debug("connection from %.100s matched 'Address " 1067 "%.100s' at line %d", ci->address, arg, line); 1068 break; 1069 case 0: 1070 case -1: 1071 result = 0; 1072 break; 1073 case -2: 1074 return -1; 1075 } 1076 } else if (strcasecmp(attrib, "localaddress") == 0){ 1077 if (ci == NULL || (ci->test && ci->laddress == NULL)) { 1078 result = 0; 1079 continue; 1080 } 1081 if (ci->laddress == NULL) 1082 match_test_missing_fatal("LocalAddress", 1083 "laddr"); 1084 switch (addr_match_list(ci->laddress, arg)) { 1085 case 1: 1086 debug("connection from %.100s matched " 1087 "'LocalAddress %.100s' at line %d", 1088 ci->laddress, arg, line); 1089 break; 1090 case 0: 1091 case -1: 1092 result = 0; 1093 break; 1094 case -2: 1095 return -1; 1096 } 1097 } else if (strcasecmp(attrib, "localport") == 0) { 1098 if ((port = a2port(arg)) == -1) { 1099 error("Invalid LocalPort '%s' on Match line", 1100 arg); 1101 return -1; 1102 } 1103 if (ci == NULL || (ci->test && ci->lport == -1)) { 1104 result = 0; 1105 continue; 1106 } 1107 if (ci->lport == 0) 1108 match_test_missing_fatal("LocalPort", "lport"); 1109 /* TODO support port lists */ 1110 if (port == ci->lport) 1111 debug("connection from %.100s matched " 1112 "'LocalPort %d' at line %d", 1113 ci->laddress, port, line); 1114 else 1115 result = 0; 1116 } else if (strcasecmp(attrib, "rdomain") == 0) { 1117 if (ci == NULL || (ci->test && ci->rdomain == NULL)) { 1118 result = 0; 1119 continue; 1120 } 1121 if (ci->rdomain == NULL) 1122 match_test_missing_fatal("RDomain", "rdomain"); 1123 if (match_pattern_list(ci->rdomain, arg, 0) != 1) 1124 result = 0; 1125 else 1126 debug("user %.100s matched 'RDomain %.100s' at " 1127 "line %d", ci->rdomain, arg, line); 1128 } else { 1129 error("Unsupported Match attribute %s", attrib); 1130 return -1; 1131 } 1132 } 1133 if (attributes == 0) { 1134 error("One or more attributes required for Match"); 1135 return -1; 1136 } 1137 if (ci != NULL) 1138 debug3("match %sfound", result ? "" : "not "); 1139 *condition = cp; 1140 return result; 1141 } 1142 1143 #define WHITESPACE " \t\r\n" 1144 1145 /* Multistate option parsing */ 1146 struct multistate { 1147 char *key; 1148 int value; 1149 }; 1150 static const struct multistate multistate_flag[] = { 1151 { "yes", 1 }, 1152 { "no", 0 }, 1153 { NULL, -1 } 1154 }; 1155 static const struct multistate multistate_addressfamily[] = { 1156 { "inet", AF_INET }, 1157 { "inet6", AF_INET6 }, 1158 { "any", AF_UNSPEC }, 1159 { NULL, -1 } 1160 }; 1161 static const struct multistate multistate_permitrootlogin[] = { 1162 { "without-password", PERMIT_NO_PASSWD }, 1163 { "prohibit-password", PERMIT_NO_PASSWD }, 1164 { "forced-commands-only", PERMIT_FORCED_ONLY }, 1165 { "yes", PERMIT_YES }, 1166 { "no", PERMIT_NO }, 1167 { NULL, -1 } 1168 }; 1169 static const struct multistate multistate_compression[] = { 1170 #ifdef WITH_ZLIB 1171 { "yes", COMP_DELAYED }, 1172 { "delayed", COMP_DELAYED }, 1173 #endif 1174 { "no", COMP_NONE }, 1175 { NULL, -1 } 1176 }; 1177 static const struct multistate multistate_gatewayports[] = { 1178 { "clientspecified", 2 }, 1179 { "yes", 1 }, 1180 { "no", 0 }, 1181 { NULL, -1 } 1182 }; 1183 static const struct multistate multistate_tcpfwd[] = { 1184 { "yes", FORWARD_ALLOW }, 1185 { "all", FORWARD_ALLOW }, 1186 { "no", FORWARD_DENY }, 1187 { "remote", FORWARD_REMOTE }, 1188 { "local", FORWARD_LOCAL }, 1189 { NULL, -1 } 1190 }; 1191 1192 static int 1193 process_server_config_line_depth(ServerOptions *options, char *line, 1194 const char *filename, int linenum, int *activep, 1195 struct connection_info *connectinfo, int inc_flags, int depth, 1196 struct include_list *includes) 1197 { 1198 char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; 1199 int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; 1200 SyslogFacility *log_facility_ptr; 1201 LogLevel *log_level_ptr; 1202 ServerOpCodes opcode; 1203 u_int i, *uintptr, uvalue, flags = 0; 1204 size_t len; 1205 long long val64; 1206 const struct multistate *multistate_ptr; 1207 const char *errstr; 1208 struct include_item *item; 1209 glob_t gbuf; 1210 1211 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 1212 if ((len = strlen(line)) == 0) 1213 return 0; 1214 for (len--; len > 0; len--) { 1215 if (strchr(WHITESPACE "\f", line[len]) == NULL) 1216 break; 1217 line[len] = '\0'; 1218 } 1219 1220 cp = line; 1221 if ((arg = strdelim(&cp)) == NULL) 1222 return 0; 1223 /* Ignore leading whitespace */ 1224 if (*arg == '\0') 1225 arg = strdelim(&cp); 1226 if (!arg || !*arg || *arg == '#') 1227 return 0; 1228 intptr = NULL; 1229 charptr = NULL; 1230 opcode = parse_token(arg, filename, linenum, &flags); 1231 1232 if (activep == NULL) { /* We are processing a command line directive */ 1233 cmdline = 1; 1234 activep = &cmdline; 1235 } 1236 if (*activep && opcode != sMatch && opcode != sInclude) 1237 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 1238 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1239 if (connectinfo == NULL) { 1240 fatal("%s line %d: Directive '%s' is not allowed " 1241 "within a Match block", filename, linenum, arg); 1242 } else { /* this is a directive we have already processed */ 1243 while (arg) 1244 arg = strdelim(&cp); 1245 return 0; 1246 } 1247 } 1248 1249 switch (opcode) { 1250 case sBadOption: 1251 return -1; 1252 case sPort: 1253 /* ignore ports from configfile if cmdline specifies ports */ 1254 if (options->ports_from_cmdline) 1255 return 0; 1256 if (options->num_ports >= MAX_PORTS) 1257 fatal("%s line %d: too many ports.", 1258 filename, linenum); 1259 arg = strdelim(&cp); 1260 if (!arg || *arg == '\0') 1261 fatal("%s line %d: missing port number.", 1262 filename, linenum); 1263 options->ports[options->num_ports++] = a2port(arg); 1264 if (options->ports[options->num_ports-1] <= 0) 1265 fatal("%s line %d: Badly formatted port number.", 1266 filename, linenum); 1267 break; 1268 1269 case sLoginGraceTime: 1270 intptr = &options->login_grace_time; 1271 parse_time: 1272 arg = strdelim(&cp); 1273 if (!arg || *arg == '\0') 1274 fatal("%s line %d: missing time value.", 1275 filename, linenum); 1276 if ((value = convtime(arg)) == -1) 1277 fatal("%s line %d: invalid time value.", 1278 filename, linenum); 1279 if (*activep && *intptr == -1) 1280 *intptr = value; 1281 break; 1282 1283 case sListenAddress: 1284 arg = strdelim(&cp); 1285 if (arg == NULL || *arg == '\0') 1286 fatal("%s line %d: missing address", 1287 filename, linenum); 1288 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1289 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1290 && strchr(p+1, ':') != NULL) { 1291 port = 0; 1292 p = arg; 1293 } else { 1294 arg2 = NULL; 1295 ch = '\0'; 1296 p = hpdelim2(&arg, &ch); 1297 if (p == NULL || ch == '/') 1298 fatal("%s line %d: bad address:port usage", 1299 filename, linenum); 1300 p = cleanhostname(p); 1301 if (arg == NULL) 1302 port = 0; 1303 else if ((port = a2port(arg)) <= 0) 1304 fatal("%s line %d: bad port number", 1305 filename, linenum); 1306 } 1307 /* Optional routing table */ 1308 arg2 = NULL; 1309 if ((arg = strdelim(&cp)) != NULL) { 1310 if (strcmp(arg, "rdomain") != 0 || 1311 (arg2 = strdelim(&cp)) == NULL) 1312 fatal("%s line %d: bad ListenAddress syntax", 1313 filename, linenum); 1314 if (!valid_rdomain(arg2)) 1315 fatal("%s line %d: bad routing domain", 1316 filename, linenum); 1317 } 1318 1319 queue_listen_addr(options, p, arg2, port); 1320 1321 break; 1322 1323 case sAddressFamily: 1324 intptr = &options->address_family; 1325 multistate_ptr = multistate_addressfamily; 1326 parse_multistate: 1327 arg = strdelim(&cp); 1328 if (!arg || *arg == '\0') 1329 fatal("%s line %d: missing argument.", 1330 filename, linenum); 1331 value = -1; 1332 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1333 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1334 value = multistate_ptr[i].value; 1335 break; 1336 } 1337 } 1338 if (value == -1) 1339 fatal("%s line %d: unsupported option \"%s\".", 1340 filename, linenum, arg); 1341 if (*activep && *intptr == -1) 1342 *intptr = value; 1343 break; 1344 1345 case sHostKeyFile: 1346 arg = strdelim(&cp); 1347 if (!arg || *arg == '\0') 1348 fatal("%s line %d: missing file name.", 1349 filename, linenum); 1350 if (*activep) { 1351 servconf_add_hostkey(filename, linenum, 1352 options, arg, 1); 1353 } 1354 break; 1355 1356 case sHostKeyAgent: 1357 charptr = &options->host_key_agent; 1358 arg = strdelim(&cp); 1359 if (!arg || *arg == '\0') 1360 fatal("%s line %d: missing socket name.", 1361 filename, linenum); 1362 if (*activep && *charptr == NULL) 1363 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1364 xstrdup(arg) : derelativise_path(arg); 1365 break; 1366 1367 case sHostCertificate: 1368 arg = strdelim(&cp); 1369 if (!arg || *arg == '\0') 1370 fatal("%s line %d: missing file name.", 1371 filename, linenum); 1372 if (*activep) 1373 servconf_add_hostcert(filename, linenum, options, arg); 1374 break; 1375 1376 case sPidFile: 1377 charptr = &options->pid_file; 1378 parse_filename: 1379 arg = strdelim(&cp); 1380 if (!arg || *arg == '\0') 1381 fatal("%s line %d: missing file name.", 1382 filename, linenum); 1383 if (*activep && *charptr == NULL) { 1384 *charptr = derelativise_path(arg); 1385 /* increase optional counter */ 1386 if (intptr != NULL) 1387 *intptr = *intptr + 1; 1388 } 1389 break; 1390 1391 case sPermitRootLogin: 1392 intptr = &options->permit_root_login; 1393 multistate_ptr = multistate_permitrootlogin; 1394 goto parse_multistate; 1395 1396 case sIgnoreRhosts: 1397 intptr = &options->ignore_rhosts; 1398 parse_flag: 1399 multistate_ptr = multistate_flag; 1400 goto parse_multistate; 1401 1402 case sIgnoreUserKnownHosts: 1403 intptr = &options->ignore_user_known_hosts; 1404 goto parse_flag; 1405 1406 case sHostbasedAuthentication: 1407 intptr = &options->hostbased_authentication; 1408 goto parse_flag; 1409 1410 case sHostbasedUsesNameFromPacketOnly: 1411 intptr = &options->hostbased_uses_name_from_packet_only; 1412 goto parse_flag; 1413 1414 case sHostbasedAcceptedKeyTypes: 1415 charptr = &options->hostbased_key_types; 1416 parse_keytypes: 1417 arg = strdelim(&cp); 1418 if (!arg || *arg == '\0') 1419 fatal("%s line %d: Missing argument.", 1420 filename, linenum); 1421 if (*arg != '-' && 1422 !sshkey_names_valid2(*arg == '+' || *arg == '^' ? 1423 arg + 1 : arg, 1)) 1424 fatal("%s line %d: Bad key types '%s'.", 1425 filename, linenum, arg ? arg : "<NONE>"); 1426 if (*activep && *charptr == NULL) 1427 *charptr = xstrdup(arg); 1428 break; 1429 1430 case sHostKeyAlgorithms: 1431 charptr = &options->hostkeyalgorithms; 1432 goto parse_keytypes; 1433 1434 case sCASignatureAlgorithms: 1435 charptr = &options->ca_sign_algorithms; 1436 goto parse_keytypes; 1437 1438 case sPubkeyAuthentication: 1439 intptr = &options->pubkey_authentication; 1440 goto parse_flag; 1441 1442 case sPubkeyAcceptedKeyTypes: 1443 charptr = &options->pubkey_key_types; 1444 goto parse_keytypes; 1445 1446 case sPubkeyAuthOptions: 1447 intptr = &options->pubkey_auth_options; 1448 value = 0; 1449 while ((arg = strdelim(&cp)) && *arg != '\0') { 1450 if (strcasecmp(arg, "none") == 0) 1451 continue; 1452 if (strcasecmp(arg, "touch-required") == 0) 1453 value |= PUBKEYAUTH_TOUCH_REQUIRED; 1454 else { 1455 fatal("%s line %d: unsupported " 1456 "PubkeyAuthOptions option %s", 1457 filename, linenum, arg); 1458 } 1459 } 1460 if (*activep && *intptr == -1) 1461 *intptr = value; 1462 break; 1463 1464 case sKerberosAuthentication: 1465 intptr = &options->kerberos_authentication; 1466 goto parse_flag; 1467 1468 case sKerberosOrLocalPasswd: 1469 intptr = &options->kerberos_or_local_passwd; 1470 goto parse_flag; 1471 1472 case sKerberosTicketCleanup: 1473 intptr = &options->kerberos_ticket_cleanup; 1474 goto parse_flag; 1475 1476 case sKerberosGetAFSToken: 1477 intptr = &options->kerberos_get_afs_token; 1478 goto parse_flag; 1479 1480 case sGssAuthentication: 1481 intptr = &options->gss_authentication; 1482 goto parse_flag; 1483 1484 case sGssCleanupCreds: 1485 intptr = &options->gss_cleanup_creds; 1486 goto parse_flag; 1487 1488 case sGssStrictAcceptor: 1489 intptr = &options->gss_strict_acceptor; 1490 goto parse_flag; 1491 1492 case sPasswordAuthentication: 1493 intptr = &options->password_authentication; 1494 goto parse_flag; 1495 1496 case sKbdInteractiveAuthentication: 1497 intptr = &options->kbd_interactive_authentication; 1498 goto parse_flag; 1499 1500 case sChallengeResponseAuthentication: 1501 intptr = &options->challenge_response_authentication; 1502 goto parse_flag; 1503 1504 case sPrintMotd: 1505 intptr = &options->print_motd; 1506 goto parse_flag; 1507 1508 case sPrintLastLog: 1509 intptr = &options->print_lastlog; 1510 goto parse_flag; 1511 1512 case sX11Forwarding: 1513 intptr = &options->x11_forwarding; 1514 goto parse_flag; 1515 1516 case sX11DisplayOffset: 1517 intptr = &options->x11_display_offset; 1518 parse_int: 1519 arg = strdelim(&cp); 1520 if ((errstr = atoi_err(arg, &value)) != NULL) 1521 fatal("%s line %d: integer value %s.", 1522 filename, linenum, errstr); 1523 if (*activep && *intptr == -1) 1524 *intptr = value; 1525 break; 1526 1527 case sX11UseLocalhost: 1528 intptr = &options->x11_use_localhost; 1529 goto parse_flag; 1530 1531 case sXAuthLocation: 1532 charptr = &options->xauth_location; 1533 goto parse_filename; 1534 1535 case sPermitTTY: 1536 intptr = &options->permit_tty; 1537 goto parse_flag; 1538 1539 case sPermitUserRC: 1540 intptr = &options->permit_user_rc; 1541 goto parse_flag; 1542 1543 case sStrictModes: 1544 intptr = &options->strict_modes; 1545 goto parse_flag; 1546 1547 case sTCPKeepAlive: 1548 intptr = &options->tcp_keep_alive; 1549 goto parse_flag; 1550 1551 case sEmptyPasswd: 1552 intptr = &options->permit_empty_passwd; 1553 goto parse_flag; 1554 1555 case sPermitUserEnvironment: 1556 intptr = &options->permit_user_env; 1557 charptr = &options->permit_user_env_whitelist; 1558 arg = strdelim(&cp); 1559 if (!arg || *arg == '\0') 1560 fatal("%s line %d: missing argument.", 1561 filename, linenum); 1562 value = 0; 1563 p = NULL; 1564 if (strcmp(arg, "yes") == 0) 1565 value = 1; 1566 else if (strcmp(arg, "no") == 0) 1567 value = 0; 1568 else { 1569 /* Pattern-list specified */ 1570 value = 1; 1571 p = xstrdup(arg); 1572 } 1573 if (*activep && *intptr == -1) { 1574 *intptr = value; 1575 *charptr = p; 1576 p = NULL; 1577 } 1578 free(p); 1579 break; 1580 1581 case sCompression: 1582 intptr = &options->compression; 1583 multistate_ptr = multistate_compression; 1584 goto parse_multistate; 1585 1586 case sRekeyLimit: 1587 arg = strdelim(&cp); 1588 if (!arg || *arg == '\0') 1589 fatal("%.200s line %d: Missing argument.", filename, 1590 linenum); 1591 if (strcmp(arg, "default") == 0) { 1592 val64 = 0; 1593 } else { 1594 if (scan_scaled(arg, &val64) == -1) 1595 fatal("%.200s line %d: Bad number '%s': %s", 1596 filename, linenum, arg, strerror(errno)); 1597 if (val64 != 0 && val64 < 16) 1598 fatal("%.200s line %d: RekeyLimit too small", 1599 filename, linenum); 1600 } 1601 if (*activep && options->rekey_limit == -1) 1602 options->rekey_limit = val64; 1603 if (cp != NULL) { /* optional rekey interval present */ 1604 if (strcmp(cp, "none") == 0) { 1605 (void)strdelim(&cp); /* discard */ 1606 break; 1607 } 1608 intptr = &options->rekey_interval; 1609 goto parse_time; 1610 } 1611 break; 1612 1613 case sGatewayPorts: 1614 intptr = &options->fwd_opts.gateway_ports; 1615 multistate_ptr = multistate_gatewayports; 1616 goto parse_multistate; 1617 1618 case sUseDNS: 1619 intptr = &options->use_dns; 1620 goto parse_flag; 1621 1622 case sLogFacility: 1623 log_facility_ptr = &options->log_facility; 1624 arg = strdelim(&cp); 1625 value = log_facility_number(arg); 1626 if (value == SYSLOG_FACILITY_NOT_SET) 1627 fatal("%.200s line %d: unsupported log facility '%s'", 1628 filename, linenum, arg ? arg : "<NONE>"); 1629 if (*log_facility_ptr == -1) 1630 *log_facility_ptr = (SyslogFacility) value; 1631 break; 1632 1633 case sLogLevel: 1634 log_level_ptr = &options->log_level; 1635 arg = strdelim(&cp); 1636 value = log_level_number(arg); 1637 if (value == SYSLOG_LEVEL_NOT_SET) 1638 fatal("%.200s line %d: unsupported log level '%s'", 1639 filename, linenum, arg ? arg : "<NONE>"); 1640 if (*activep && *log_level_ptr == -1) 1641 *log_level_ptr = (LogLevel) value; 1642 break; 1643 1644 case sAllowTcpForwarding: 1645 intptr = &options->allow_tcp_forwarding; 1646 multistate_ptr = multistate_tcpfwd; 1647 goto parse_multistate; 1648 1649 case sAllowStreamLocalForwarding: 1650 intptr = &options->allow_streamlocal_forwarding; 1651 multistate_ptr = multistate_tcpfwd; 1652 goto parse_multistate; 1653 1654 case sAllowAgentForwarding: 1655 intptr = &options->allow_agent_forwarding; 1656 goto parse_flag; 1657 1658 case sDisableForwarding: 1659 intptr = &options->disable_forwarding; 1660 goto parse_flag; 1661 1662 case sAllowUsers: 1663 while ((arg = strdelim(&cp)) && *arg != '\0') { 1664 if (match_user(NULL, NULL, NULL, arg) == -1) 1665 fatal("%s line %d: invalid AllowUsers pattern: " 1666 "\"%.100s\"", filename, linenum, arg); 1667 if (!*activep) 1668 continue; 1669 array_append(filename, linenum, "AllowUsers", 1670 &options->allow_users, &options->num_allow_users, 1671 arg); 1672 } 1673 break; 1674 1675 case sDenyUsers: 1676 while ((arg = strdelim(&cp)) && *arg != '\0') { 1677 if (match_user(NULL, NULL, NULL, arg) == -1) 1678 fatal("%s line %d: invalid DenyUsers pattern: " 1679 "\"%.100s\"", filename, linenum, arg); 1680 if (!*activep) 1681 continue; 1682 array_append(filename, linenum, "DenyUsers", 1683 &options->deny_users, &options->num_deny_users, 1684 arg); 1685 } 1686 break; 1687 1688 case sAllowGroups: 1689 while ((arg = strdelim(&cp)) && *arg != '\0') { 1690 if (!*activep) 1691 continue; 1692 array_append(filename, linenum, "AllowGroups", 1693 &options->allow_groups, &options->num_allow_groups, 1694 arg); 1695 } 1696 break; 1697 1698 case sDenyGroups: 1699 while ((arg = strdelim(&cp)) && *arg != '\0') { 1700 if (!*activep) 1701 continue; 1702 array_append(filename, linenum, "DenyGroups", 1703 &options->deny_groups, &options->num_deny_groups, 1704 arg); 1705 } 1706 break; 1707 1708 case sCiphers: 1709 arg = strdelim(&cp); 1710 if (!arg || *arg == '\0') 1711 fatal("%s line %d: Missing argument.", filename, linenum); 1712 if (*arg != '-' && 1713 !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1714 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1715 filename, linenum, arg ? arg : "<NONE>"); 1716 if (options->ciphers == NULL) 1717 options->ciphers = xstrdup(arg); 1718 break; 1719 1720 case sMacs: 1721 arg = strdelim(&cp); 1722 if (!arg || *arg == '\0') 1723 fatal("%s line %d: Missing argument.", filename, linenum); 1724 if (*arg != '-' && 1725 !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1726 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1727 filename, linenum, arg ? arg : "<NONE>"); 1728 if (options->macs == NULL) 1729 options->macs = xstrdup(arg); 1730 break; 1731 1732 case sKexAlgorithms: 1733 arg = strdelim(&cp); 1734 if (!arg || *arg == '\0') 1735 fatal("%s line %d: Missing argument.", 1736 filename, linenum); 1737 if (*arg != '-' && 1738 !kex_names_valid(*arg == '+' || *arg == '^' ? 1739 arg + 1 : arg)) 1740 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1741 filename, linenum, arg ? arg : "<NONE>"); 1742 if (options->kex_algorithms == NULL) 1743 options->kex_algorithms = xstrdup(arg); 1744 break; 1745 1746 case sSubsystem: 1747 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1748 fatal("%s line %d: too many subsystems defined.", 1749 filename, linenum); 1750 } 1751 arg = strdelim(&cp); 1752 if (!arg || *arg == '\0') 1753 fatal("%s line %d: Missing subsystem name.", 1754 filename, linenum); 1755 if (!*activep) { 1756 arg = strdelim(&cp); 1757 break; 1758 } 1759 for (i = 0; i < options->num_subsystems; i++) 1760 if (strcmp(arg, options->subsystem_name[i]) == 0) 1761 fatal("%s line %d: Subsystem '%s' already defined.", 1762 filename, linenum, arg); 1763 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1764 arg = strdelim(&cp); 1765 if (!arg || *arg == '\0') 1766 fatal("%s line %d: Missing subsystem command.", 1767 filename, linenum); 1768 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1769 1770 /* Collect arguments (separate to executable) */ 1771 p = xstrdup(arg); 1772 len = strlen(p) + 1; 1773 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1774 len += 1 + strlen(arg); 1775 p = xreallocarray(p, 1, len); 1776 strlcat(p, " ", len); 1777 strlcat(p, arg, len); 1778 } 1779 options->subsystem_args[options->num_subsystems] = p; 1780 options->num_subsystems++; 1781 break; 1782 1783 case sMaxStartups: 1784 arg = strdelim(&cp); 1785 if (!arg || *arg == '\0') 1786 fatal("%s line %d: Missing MaxStartups spec.", 1787 filename, linenum); 1788 if ((n = sscanf(arg, "%d:%d:%d", 1789 &options->max_startups_begin, 1790 &options->max_startups_rate, 1791 &options->max_startups)) == 3) { 1792 if (options->max_startups_begin > 1793 options->max_startups || 1794 options->max_startups_rate > 100 || 1795 options->max_startups_rate < 1) 1796 fatal("%s line %d: Illegal MaxStartups spec.", 1797 filename, linenum); 1798 } else if (n != 1) 1799 fatal("%s line %d: Illegal MaxStartups spec.", 1800 filename, linenum); 1801 else 1802 options->max_startups = options->max_startups_begin; 1803 break; 1804 1805 case sMaxAuthTries: 1806 intptr = &options->max_authtries; 1807 goto parse_int; 1808 1809 case sMaxSessions: 1810 intptr = &options->max_sessions; 1811 goto parse_int; 1812 1813 case sBanner: 1814 charptr = &options->banner; 1815 goto parse_filename; 1816 1817 /* 1818 * These options can contain %X options expanded at 1819 * connect time, so that you can specify paths like: 1820 * 1821 * AuthorizedKeysFile /etc/ssh_keys/%u 1822 */ 1823 case sAuthorizedKeysFile: 1824 if (*activep && options->num_authkeys_files == 0) { 1825 while ((arg = strdelim(&cp)) && *arg != '\0') { 1826 arg = tilde_expand_filename(arg, getuid()); 1827 array_append(filename, linenum, 1828 "AuthorizedKeysFile", 1829 &options->authorized_keys_files, 1830 &options->num_authkeys_files, arg); 1831 free(arg); 1832 } 1833 } 1834 return 0; 1835 1836 case sAuthorizedPrincipalsFile: 1837 charptr = &options->authorized_principals_file; 1838 arg = strdelim(&cp); 1839 if (!arg || *arg == '\0') 1840 fatal("%s line %d: missing file name.", 1841 filename, linenum); 1842 if (*activep && *charptr == NULL) { 1843 *charptr = tilde_expand_filename(arg, getuid()); 1844 /* increase optional counter */ 1845 if (intptr != NULL) 1846 *intptr = *intptr + 1; 1847 } 1848 break; 1849 1850 case sClientAliveInterval: 1851 intptr = &options->client_alive_interval; 1852 goto parse_time; 1853 1854 case sClientAliveCountMax: 1855 intptr = &options->client_alive_count_max; 1856 goto parse_int; 1857 1858 case sAcceptEnv: 1859 while ((arg = strdelim(&cp)) && *arg != '\0') { 1860 if (strchr(arg, '=') != NULL) 1861 fatal("%s line %d: Invalid environment name.", 1862 filename, linenum); 1863 if (!*activep) 1864 continue; 1865 array_append(filename, linenum, "AcceptEnv", 1866 &options->accept_env, &options->num_accept_env, 1867 arg); 1868 } 1869 break; 1870 1871 case sSetEnv: 1872 uvalue = options->num_setenv; 1873 while ((arg = strdelimw(&cp)) && *arg != '\0') { 1874 if (strchr(arg, '=') == NULL) 1875 fatal("%s line %d: Invalid environment.", 1876 filename, linenum); 1877 if (!*activep || uvalue != 0) 1878 continue; 1879 array_append(filename, linenum, "SetEnv", 1880 &options->setenv, &options->num_setenv, arg); 1881 } 1882 break; 1883 1884 case sPermitTunnel: 1885 intptr = &options->permit_tun; 1886 arg = strdelim(&cp); 1887 if (!arg || *arg == '\0') 1888 fatal("%s line %d: Missing yes/point-to-point/" 1889 "ethernet/no argument.", filename, linenum); 1890 value = -1; 1891 for (i = 0; tunmode_desc[i].val != -1; i++) 1892 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1893 value = tunmode_desc[i].val; 1894 break; 1895 } 1896 if (value == -1) 1897 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1898 "no argument: %s", filename, linenum, arg); 1899 if (*activep && *intptr == -1) 1900 *intptr = value; 1901 break; 1902 1903 case sInclude: 1904 if (cmdline) { 1905 fatal("Include directive not supported as a " 1906 "command-line option"); 1907 } 1908 value = 0; 1909 while ((arg2 = strdelim(&cp)) != NULL && *arg2 != '\0') { 1910 value++; 1911 found = 0; 1912 if (*arg2 != '/' && *arg2 != '~') { 1913 xasprintf(&arg, "%s/%s", SSHDIR, arg); 1914 } else 1915 arg = xstrdup(arg2); 1916 1917 /* 1918 * Don't let included files clobber the containing 1919 * file's Match state. 1920 */ 1921 oactive = *activep; 1922 1923 /* consult cache of include files */ 1924 TAILQ_FOREACH(item, includes, entry) { 1925 if (strcmp(item->selector, arg) != 0) 1926 continue; 1927 if (item->filename != NULL) { 1928 parse_server_config_depth(options, 1929 item->filename, item->contents, 1930 includes, connectinfo, 1931 (oactive ? 0 : SSHCFG_NEVERMATCH), 1932 activep, depth + 1); 1933 } 1934 found = 1; 1935 *activep = oactive; 1936 } 1937 if (found != 0) { 1938 free(arg); 1939 continue; 1940 } 1941 1942 /* requested glob was not in cache */ 1943 debug2("%s line %d: new include %s", 1944 filename, linenum, arg); 1945 if ((r = glob(arg, 0, NULL, &gbuf)) != 0) { 1946 if (r != GLOB_NOMATCH) { 1947 fatal("%s line %d: include \"%s\" " 1948 "glob failed", filename, 1949 linenum, arg); 1950 } 1951 /* 1952 * If no entry matched then record a 1953 * placeholder to skip later glob calls. 1954 */ 1955 debug2("%s line %d: no match for %s", 1956 filename, linenum, arg); 1957 item = xcalloc(1, sizeof(*item)); 1958 item->selector = strdup(arg); 1959 TAILQ_INSERT_TAIL(includes, 1960 item, entry); 1961 } 1962 if (gbuf.gl_pathc > INT_MAX) 1963 fatal("%s: too many glob results", __func__); 1964 for (n = 0; n < (int)gbuf.gl_pathc; n++) { 1965 debug2("%s line %d: including %s", 1966 filename, linenum, gbuf.gl_pathv[n]); 1967 item = xcalloc(1, sizeof(*item)); 1968 item->selector = strdup(arg); 1969 item->filename = strdup(gbuf.gl_pathv[n]); 1970 if ((item->contents = sshbuf_new()) == NULL) { 1971 fatal("%s: sshbuf_new failed", 1972 __func__); 1973 } 1974 load_server_config(item->filename, 1975 item->contents); 1976 parse_server_config_depth(options, 1977 item->filename, item->contents, 1978 includes, connectinfo, 1979 (oactive ? 0 : SSHCFG_NEVERMATCH), 1980 activep, depth + 1); 1981 *activep = oactive; 1982 TAILQ_INSERT_TAIL(includes, item, entry); 1983 } 1984 globfree(&gbuf); 1985 free(arg); 1986 } 1987 if (value == 0) { 1988 fatal("%s line %d: Include missing filename argument", 1989 filename, linenum); 1990 } 1991 break; 1992 1993 case sMatch: 1994 if (cmdline) 1995 fatal("Match directive not supported as a command-line " 1996 "option"); 1997 value = match_cfg_line(&cp, linenum, connectinfo); 1998 if (value < 0) 1999 fatal("%s line %d: Bad Match condition", filename, 2000 linenum); 2001 *activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; 2002 break; 2003 2004 case sPermitListen: 2005 case sPermitOpen: 2006 if (opcode == sPermitListen) { 2007 uintptr = &options->num_permitted_listens; 2008 chararrayptr = &options->permitted_listens; 2009 } else { 2010 uintptr = &options->num_permitted_opens; 2011 chararrayptr = &options->permitted_opens; 2012 } 2013 arg = strdelim(&cp); 2014 if (!arg || *arg == '\0') 2015 fatal("%s line %d: missing %s specification", 2016 filename, linenum, lookup_opcode_name(opcode)); 2017 uvalue = *uintptr; /* modified later */ 2018 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { 2019 if (*activep && uvalue == 0) { 2020 *uintptr = 1; 2021 *chararrayptr = xcalloc(1, 2022 sizeof(**chararrayptr)); 2023 (*chararrayptr)[0] = xstrdup(arg); 2024 } 2025 break; 2026 } 2027 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 2028 if (opcode == sPermitListen && 2029 strchr(arg, ':') == NULL) { 2030 /* 2031 * Allow bare port number for PermitListen 2032 * to indicate a wildcard listen host. 2033 */ 2034 xasprintf(&arg2, "*:%s", arg); 2035 } else { 2036 arg2 = xstrdup(arg); 2037 ch = '\0'; 2038 p = hpdelim2(&arg, &ch); 2039 if (p == NULL || ch == '/') { 2040 fatal("%s line %d: missing host in %s", 2041 filename, linenum, 2042 lookup_opcode_name(opcode)); 2043 } 2044 p = cleanhostname(p); 2045 } 2046 if (arg == NULL || 2047 ((port = permitopen_port(arg)) < 0)) { 2048 fatal("%s line %d: bad port number in %s", 2049 filename, linenum, 2050 lookup_opcode_name(opcode)); 2051 } 2052 if (*activep && uvalue == 0) { 2053 array_append(filename, linenum, 2054 lookup_opcode_name(opcode), 2055 chararrayptr, uintptr, arg2); 2056 } 2057 free(arg2); 2058 } 2059 break; 2060 2061 case sForceCommand: 2062 if (cp == NULL || *cp == '\0') 2063 fatal("%.200s line %d: Missing argument.", filename, 2064 linenum); 2065 len = strspn(cp, WHITESPACE); 2066 if (*activep && options->adm_forced_command == NULL) 2067 options->adm_forced_command = xstrdup(cp + len); 2068 return 0; 2069 2070 case sChrootDirectory: 2071 charptr = &options->chroot_directory; 2072 2073 arg = strdelim(&cp); 2074 if (!arg || *arg == '\0') 2075 fatal("%s line %d: missing file name.", 2076 filename, linenum); 2077 if (*activep && *charptr == NULL) 2078 *charptr = xstrdup(arg); 2079 break; 2080 2081 case sTrustedUserCAKeys: 2082 charptr = &options->trusted_user_ca_keys; 2083 goto parse_filename; 2084 2085 case sRevokedKeys: 2086 charptr = &options->revoked_keys_file; 2087 goto parse_filename; 2088 2089 case sSecurityKeyProvider: 2090 charptr = &options->sk_provider; 2091 arg = strdelim(&cp); 2092 if (!arg || *arg == '\0') 2093 fatal("%s line %d: missing file name.", 2094 filename, linenum); 2095 if (*activep && *charptr == NULL) { 2096 *charptr = strcasecmp(arg, "internal") == 0 ? 2097 xstrdup(arg) : derelativise_path(arg); 2098 /* increase optional counter */ 2099 if (intptr != NULL) 2100 *intptr = *intptr + 1; 2101 } 2102 break; 2103 2104 case sIPQoS: 2105 arg = strdelim(&cp); 2106 if ((value = parse_ipqos(arg)) == -1) 2107 fatal("%s line %d: Bad IPQoS value: %s", 2108 filename, linenum, arg); 2109 arg = strdelim(&cp); 2110 if (arg == NULL) 2111 value2 = value; 2112 else if ((value2 = parse_ipqos(arg)) == -1) 2113 fatal("%s line %d: Bad IPQoS value: %s", 2114 filename, linenum, arg); 2115 if (*activep) { 2116 options->ip_qos_interactive = value; 2117 options->ip_qos_bulk = value2; 2118 } 2119 break; 2120 2121 case sVersionAddendum: 2122 if (cp == NULL || *cp == '\0') 2123 fatal("%.200s line %d: Missing argument.", filename, 2124 linenum); 2125 len = strspn(cp, WHITESPACE); 2126 if (*activep && options->version_addendum == NULL) { 2127 if (strcasecmp(cp + len, "none") == 0) 2128 options->version_addendum = xstrdup(""); 2129 else if (strchr(cp + len, '\r') != NULL) 2130 fatal("%.200s line %d: Invalid argument", 2131 filename, linenum); 2132 else 2133 options->version_addendum = xstrdup(cp + len); 2134 } 2135 return 0; 2136 2137 case sAuthorizedKeysCommand: 2138 if (cp == NULL) 2139 fatal("%.200s line %d: Missing argument.", filename, 2140 linenum); 2141 len = strspn(cp, WHITESPACE); 2142 if (*activep && options->authorized_keys_command == NULL) { 2143 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2144 fatal("%.200s line %d: AuthorizedKeysCommand " 2145 "must be an absolute path", 2146 filename, linenum); 2147 options->authorized_keys_command = xstrdup(cp + len); 2148 } 2149 return 0; 2150 2151 case sAuthorizedKeysCommandUser: 2152 charptr = &options->authorized_keys_command_user; 2153 2154 arg = strdelim(&cp); 2155 if (!arg || *arg == '\0') 2156 fatal("%s line %d: missing AuthorizedKeysCommandUser " 2157 "argument.", filename, linenum); 2158 if (*activep && *charptr == NULL) 2159 *charptr = xstrdup(arg); 2160 break; 2161 2162 case sAuthorizedPrincipalsCommand: 2163 if (cp == NULL) 2164 fatal("%.200s line %d: Missing argument.", filename, 2165 linenum); 2166 len = strspn(cp, WHITESPACE); 2167 if (*activep && 2168 options->authorized_principals_command == NULL) { 2169 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2170 fatal("%.200s line %d: " 2171 "AuthorizedPrincipalsCommand must be " 2172 "an absolute path", filename, linenum); 2173 options->authorized_principals_command = 2174 xstrdup(cp + len); 2175 } 2176 return 0; 2177 2178 case sAuthorizedPrincipalsCommandUser: 2179 charptr = &options->authorized_principals_command_user; 2180 2181 arg = strdelim(&cp); 2182 if (!arg || *arg == '\0') 2183 fatal("%s line %d: missing " 2184 "AuthorizedPrincipalsCommandUser argument.", 2185 filename, linenum); 2186 if (*activep && *charptr == NULL) 2187 *charptr = xstrdup(arg); 2188 break; 2189 2190 case sAuthenticationMethods: 2191 if (options->num_auth_methods == 0) { 2192 value = 0; /* seen "any" pseudo-method */ 2193 value2 = 0; /* successfully parsed any method */ 2194 while ((arg = strdelim(&cp)) && *arg != '\0') { 2195 if (strcmp(arg, "any") == 0) { 2196 if (options->num_auth_methods > 0) { 2197 fatal("%s line %d: \"any\" " 2198 "must appear alone in " 2199 "AuthenticationMethods", 2200 filename, linenum); 2201 } 2202 value = 1; 2203 } else if (value) { 2204 fatal("%s line %d: \"any\" must appear " 2205 "alone in AuthenticationMethods", 2206 filename, linenum); 2207 } else if (auth2_methods_valid(arg, 0) != 0) { 2208 fatal("%s line %d: invalid " 2209 "authentication method list.", 2210 filename, linenum); 2211 } 2212 value2 = 1; 2213 if (!*activep) 2214 continue; 2215 array_append(filename, linenum, 2216 "AuthenticationMethods", 2217 &options->auth_methods, 2218 &options->num_auth_methods, arg); 2219 } 2220 if (value2 == 0) { 2221 fatal("%s line %d: no AuthenticationMethods " 2222 "specified", filename, linenum); 2223 } 2224 } 2225 return 0; 2226 2227 case sStreamLocalBindMask: 2228 arg = strdelim(&cp); 2229 if (!arg || *arg == '\0') 2230 fatal("%s line %d: missing StreamLocalBindMask " 2231 "argument.", filename, linenum); 2232 /* Parse mode in octal format */ 2233 value = strtol(arg, &p, 8); 2234 if (arg == p || value < 0 || value > 0777) 2235 fatal("%s line %d: Bad mask.", filename, linenum); 2236 if (*activep) 2237 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 2238 break; 2239 2240 case sStreamLocalBindUnlink: 2241 intptr = &options->fwd_opts.streamlocal_bind_unlink; 2242 goto parse_flag; 2243 2244 case sFingerprintHash: 2245 arg = strdelim(&cp); 2246 if (!arg || *arg == '\0') 2247 fatal("%.200s line %d: Missing argument.", 2248 filename, linenum); 2249 if ((value = ssh_digest_alg_by_name(arg)) == -1) 2250 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 2251 filename, linenum, arg); 2252 if (*activep) 2253 options->fingerprint_hash = value; 2254 break; 2255 2256 case sExposeAuthInfo: 2257 intptr = &options->expose_userauth_info; 2258 goto parse_flag; 2259 2260 case sRDomain: 2261 charptr = &options->routing_domain; 2262 arg = strdelim(&cp); 2263 if (!arg || *arg == '\0') 2264 fatal("%.200s line %d: Missing argument.", 2265 filename, linenum); 2266 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && 2267 !valid_rdomain(arg)) 2268 fatal("%s line %d: bad routing domain", 2269 filename, linenum); 2270 if (*activep && *charptr == NULL) 2271 *charptr = xstrdup(arg); 2272 break; 2273 2274 case sDeprecated: 2275 case sIgnore: 2276 case sUnsupported: 2277 do_log2(opcode == sIgnore ? 2278 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 2279 "%s line %d: %s option %s", filename, linenum, 2280 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); 2281 while (arg) 2282 arg = strdelim(&cp); 2283 break; 2284 2285 default: 2286 fatal("%s line %d: Missing handler for opcode %s (%d)", 2287 filename, linenum, arg, opcode); 2288 } 2289 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 2290 fatal("%s line %d: garbage at end of line; \"%.200s\".", 2291 filename, linenum, arg); 2292 return 0; 2293 } 2294 2295 int 2296 process_server_config_line(ServerOptions *options, char *line, 2297 const char *filename, int linenum, int *activep, 2298 struct connection_info *connectinfo, struct include_list *includes) 2299 { 2300 return process_server_config_line_depth(options, line, filename, 2301 linenum, activep, connectinfo, 0, 0, includes); 2302 } 2303 2304 2305 /* Reads the server configuration file. */ 2306 2307 void 2308 load_server_config(const char *filename, struct sshbuf *conf) 2309 { 2310 char *line = NULL, *cp; 2311 size_t linesize = 0; 2312 FILE *f; 2313 int r, lineno = 0; 2314 2315 debug2("%s: filename %s", __func__, filename); 2316 if ((f = fopen(filename, "r")) == NULL) { 2317 perror(filename); 2318 exit(1); 2319 } 2320 sshbuf_reset(conf); 2321 while (getline(&line, &linesize, f) != -1) { 2322 lineno++; 2323 /* 2324 * Trim out comments and strip whitespace 2325 * NB - preserve newlines, they are needed to reproduce 2326 * line numbers later for error messages 2327 */ 2328 if ((cp = strchr(line, '#')) != NULL) 2329 memcpy(cp, "\n", 2); 2330 cp = line + strspn(line, " \t\r"); 2331 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) 2332 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2333 } 2334 free(line); 2335 if ((r = sshbuf_put_u8(conf, 0)) != 0) 2336 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2337 fclose(f); 2338 debug2("%s: done config len = %zu", __func__, sshbuf_len(conf)); 2339 } 2340 2341 void 2342 parse_server_match_config(ServerOptions *options, 2343 struct include_list *includes, struct connection_info *connectinfo) 2344 { 2345 ServerOptions mo; 2346 2347 initialize_server_options(&mo); 2348 parse_server_config(&mo, "reprocess config", cfg, includes, 2349 connectinfo); 2350 copy_set_server_options(options, &mo, 0); 2351 } 2352 2353 int parse_server_match_testspec(struct connection_info *ci, char *spec) 2354 { 2355 char *p; 2356 2357 while ((p = strsep(&spec, ",")) && *p != '\0') { 2358 if (strncmp(p, "addr=", 5) == 0) { 2359 ci->address = xstrdup(p + 5); 2360 } else if (strncmp(p, "host=", 5) == 0) { 2361 ci->host = xstrdup(p + 5); 2362 } else if (strncmp(p, "user=", 5) == 0) { 2363 ci->user = xstrdup(p + 5); 2364 } else if (strncmp(p, "laddr=", 6) == 0) { 2365 ci->laddress = xstrdup(p + 6); 2366 } else if (strncmp(p, "rdomain=", 8) == 0) { 2367 ci->rdomain = xstrdup(p + 8); 2368 } else if (strncmp(p, "lport=", 6) == 0) { 2369 ci->lport = a2port(p + 6); 2370 if (ci->lport == -1) { 2371 fprintf(stderr, "Invalid port '%s' in test mode" 2372 " specification %s\n", p+6, p); 2373 return -1; 2374 } 2375 } else { 2376 fprintf(stderr, "Invalid test mode specification %s\n", 2377 p); 2378 return -1; 2379 } 2380 } 2381 return 0; 2382 } 2383 2384 /* 2385 * Copy any supported values that are set. 2386 * 2387 * If the preauth flag is set, we do not bother copying the string or 2388 * array values that are not used pre-authentication, because any that we 2389 * do use must be explicitly sent in mm_getpwnamallow(). 2390 */ 2391 void 2392 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 2393 { 2394 #define M_CP_INTOPT(n) do {\ 2395 if (src->n != -1) \ 2396 dst->n = src->n; \ 2397 } while (0) 2398 2399 M_CP_INTOPT(password_authentication); 2400 M_CP_INTOPT(gss_authentication); 2401 M_CP_INTOPT(pubkey_authentication); 2402 M_CP_INTOPT(pubkey_auth_options); 2403 M_CP_INTOPT(kerberos_authentication); 2404 M_CP_INTOPT(hostbased_authentication); 2405 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 2406 M_CP_INTOPT(kbd_interactive_authentication); 2407 M_CP_INTOPT(permit_root_login); 2408 M_CP_INTOPT(permit_empty_passwd); 2409 2410 M_CP_INTOPT(allow_tcp_forwarding); 2411 M_CP_INTOPT(allow_streamlocal_forwarding); 2412 M_CP_INTOPT(allow_agent_forwarding); 2413 M_CP_INTOPT(disable_forwarding); 2414 M_CP_INTOPT(expose_userauth_info); 2415 M_CP_INTOPT(permit_tun); 2416 M_CP_INTOPT(fwd_opts.gateway_ports); 2417 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2418 M_CP_INTOPT(x11_display_offset); 2419 M_CP_INTOPT(x11_forwarding); 2420 M_CP_INTOPT(x11_use_localhost); 2421 M_CP_INTOPT(permit_tty); 2422 M_CP_INTOPT(permit_user_rc); 2423 M_CP_INTOPT(max_sessions); 2424 M_CP_INTOPT(max_authtries); 2425 M_CP_INTOPT(client_alive_count_max); 2426 M_CP_INTOPT(client_alive_interval); 2427 M_CP_INTOPT(ip_qos_interactive); 2428 M_CP_INTOPT(ip_qos_bulk); 2429 M_CP_INTOPT(rekey_limit); 2430 M_CP_INTOPT(rekey_interval); 2431 M_CP_INTOPT(log_level); 2432 2433 /* 2434 * The bind_mask is a mode_t that may be unsigned, so we can't use 2435 * M_CP_INTOPT - it does a signed comparison that causes compiler 2436 * warnings. 2437 */ 2438 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 2439 dst->fwd_opts.streamlocal_bind_mask = 2440 src->fwd_opts.streamlocal_bind_mask; 2441 } 2442 2443 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2444 #define M_CP_STROPT(n) do {\ 2445 if (src->n != NULL && dst->n != src->n) { \ 2446 free(dst->n); \ 2447 dst->n = src->n; \ 2448 } \ 2449 } while(0) 2450 #define M_CP_STRARRAYOPT(s, num_s) do {\ 2451 u_int i; \ 2452 if (src->num_s != 0) { \ 2453 for (i = 0; i < dst->num_s; i++) \ 2454 free(dst->s[i]); \ 2455 free(dst->s); \ 2456 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \ 2457 for (i = 0; i < src->num_s; i++) \ 2458 dst->s[i] = xstrdup(src->s[i]); \ 2459 dst->num_s = src->num_s; \ 2460 } \ 2461 } while(0) 2462 2463 /* See comment in servconf.h */ 2464 COPY_MATCH_STRING_OPTS(); 2465 2466 /* Arguments that accept '+...' need to be expanded */ 2467 assemble_algorithms(dst); 2468 2469 /* 2470 * The only things that should be below this point are string options 2471 * which are only used after authentication. 2472 */ 2473 if (preauth) 2474 return; 2475 2476 /* These options may be "none" to clear a global setting */ 2477 M_CP_STROPT(adm_forced_command); 2478 if (option_clear_or_none(dst->adm_forced_command)) { 2479 free(dst->adm_forced_command); 2480 dst->adm_forced_command = NULL; 2481 } 2482 M_CP_STROPT(chroot_directory); 2483 if (option_clear_or_none(dst->chroot_directory)) { 2484 free(dst->chroot_directory); 2485 dst->chroot_directory = NULL; 2486 } 2487 } 2488 2489 #undef M_CP_INTOPT 2490 #undef M_CP_STROPT 2491 #undef M_CP_STRARRAYOPT 2492 2493 #define SERVCONF_MAX_DEPTH 16 2494 void 2495 parse_server_config_depth(ServerOptions *options, const char *filename, 2496 struct sshbuf *conf, struct include_list *includes, 2497 struct connection_info *connectinfo, int flags, int *activep, int depth) 2498 { 2499 int linenum, bad_options = 0; 2500 char *cp, *obuf, *cbuf; 2501 2502 if (depth < 0 || depth > SERVCONF_MAX_DEPTH) 2503 fatal("Too many recursive configuration includes"); 2504 2505 debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf)); 2506 2507 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2508 fatal("%s: sshbuf_dup_string failed", __func__); 2509 linenum = 1; 2510 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2511 if (process_server_config_line_depth(options, cp, 2512 filename, linenum++, activep, connectinfo, flags, 2513 depth, includes) != 0) 2514 bad_options++; 2515 } 2516 free(obuf); 2517 if (bad_options > 0) 2518 fatal("%s: terminating, %d bad configuration options", 2519 filename, bad_options); 2520 process_queued_listen_addrs(options); 2521 } 2522 2523 void 2524 parse_server_config(ServerOptions *options, const char *filename, 2525 struct sshbuf *conf, struct include_list *includes, 2526 struct connection_info *connectinfo) 2527 { 2528 int active = connectinfo ? 0 : 1; 2529 parse_server_config_depth(options, filename, conf, includes, 2530 connectinfo, 0, &active, 0); 2531 } 2532 2533 static const char * 2534 fmt_multistate_int(int val, const struct multistate *m) 2535 { 2536 u_int i; 2537 2538 for (i = 0; m[i].key != NULL; i++) { 2539 if (m[i].value == val) 2540 return m[i].key; 2541 } 2542 return "UNKNOWN"; 2543 } 2544 2545 static const char * 2546 fmt_intarg(ServerOpCodes code, int val) 2547 { 2548 if (val == -1) 2549 return "unset"; 2550 switch (code) { 2551 case sAddressFamily: 2552 return fmt_multistate_int(val, multistate_addressfamily); 2553 case sPermitRootLogin: 2554 return fmt_multistate_int(val, multistate_permitrootlogin); 2555 case sGatewayPorts: 2556 return fmt_multistate_int(val, multistate_gatewayports); 2557 case sCompression: 2558 return fmt_multistate_int(val, multistate_compression); 2559 case sAllowTcpForwarding: 2560 return fmt_multistate_int(val, multistate_tcpfwd); 2561 case sAllowStreamLocalForwarding: 2562 return fmt_multistate_int(val, multistate_tcpfwd); 2563 case sFingerprintHash: 2564 return ssh_digest_alg_name(val); 2565 default: 2566 switch (val) { 2567 case 0: 2568 return "no"; 2569 case 1: 2570 return "yes"; 2571 default: 2572 return "UNKNOWN"; 2573 } 2574 } 2575 } 2576 2577 static void 2578 dump_cfg_int(ServerOpCodes code, int val) 2579 { 2580 printf("%s %d\n", lookup_opcode_name(code), val); 2581 } 2582 2583 static void 2584 dump_cfg_oct(ServerOpCodes code, int val) 2585 { 2586 printf("%s 0%o\n", lookup_opcode_name(code), val); 2587 } 2588 2589 static void 2590 dump_cfg_fmtint(ServerOpCodes code, int val) 2591 { 2592 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2593 } 2594 2595 static void 2596 dump_cfg_string(ServerOpCodes code, const char *val) 2597 { 2598 printf("%s %s\n", lookup_opcode_name(code), 2599 val == NULL ? "none" : val); 2600 } 2601 2602 static void 2603 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2604 { 2605 u_int i; 2606 2607 for (i = 0; i < count; i++) 2608 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2609 } 2610 2611 static void 2612 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2613 { 2614 u_int i; 2615 2616 if (count <= 0 && code != sAuthenticationMethods) 2617 return; 2618 printf("%s", lookup_opcode_name(code)); 2619 for (i = 0; i < count; i++) 2620 printf(" %s", vals[i]); 2621 if (code == sAuthenticationMethods && count == 0) 2622 printf(" any"); 2623 printf("\n"); 2624 } 2625 2626 static char * 2627 format_listen_addrs(struct listenaddr *la) 2628 { 2629 int r; 2630 struct addrinfo *ai; 2631 char addr[NI_MAXHOST], port[NI_MAXSERV]; 2632 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2633 2634 /* 2635 * ListenAddress must be after Port. add_one_listen_addr pushes 2636 * addresses onto a stack, so to maintain ordering we need to 2637 * print these in reverse order. 2638 */ 2639 for (ai = la->addrs; ai; ai = ai->ai_next) { 2640 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2641 sizeof(addr), port, sizeof(port), 2642 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2643 error("getnameinfo: %.100s", ssh_gai_strerror(r)); 2644 continue; 2645 } 2646 laddr2 = laddr1; 2647 if (ai->ai_family == AF_INET6) { 2648 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s", 2649 addr, port, 2650 la->rdomain == NULL ? "" : " rdomain ", 2651 la->rdomain == NULL ? "" : la->rdomain, 2652 laddr2); 2653 } else { 2654 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s", 2655 addr, port, 2656 la->rdomain == NULL ? "" : " rdomain ", 2657 la->rdomain == NULL ? "" : la->rdomain, 2658 laddr2); 2659 } 2660 free(laddr2); 2661 } 2662 return laddr1; 2663 } 2664 2665 void 2666 dump_config(ServerOptions *o) 2667 { 2668 char *s; 2669 u_int i; 2670 2671 /* these are usually at the top of the config */ 2672 for (i = 0; i < o->num_ports; i++) 2673 printf("port %d\n", o->ports[i]); 2674 dump_cfg_fmtint(sAddressFamily, o->address_family); 2675 2676 for (i = 0; i < o->num_listen_addrs; i++) { 2677 s = format_listen_addrs(&o->listen_addrs[i]); 2678 printf("%s", s); 2679 free(s); 2680 } 2681 2682 /* integer arguments */ 2683 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2684 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2685 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2686 dump_cfg_int(sMaxSessions, o->max_sessions); 2687 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2688 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2689 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2690 2691 /* formatted integer arguments */ 2692 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2693 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2694 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2695 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2696 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2697 o->hostbased_uses_name_from_packet_only); 2698 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2699 #ifdef KRB5 2700 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2701 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2702 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2703 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2704 #endif 2705 #ifdef GSSAPI 2706 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2707 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2708 #endif 2709 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2710 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2711 o->kbd_interactive_authentication); 2712 dump_cfg_fmtint(sChallengeResponseAuthentication, 2713 o->challenge_response_authentication); 2714 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2715 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2716 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2717 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2718 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2719 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2720 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2721 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2722 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2723 dump_cfg_fmtint(sCompression, o->compression); 2724 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2725 dump_cfg_fmtint(sUseDNS, o->use_dns); 2726 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2727 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2728 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2729 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2730 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2731 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2732 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); 2733 2734 /* string arguments */ 2735 dump_cfg_string(sPidFile, o->pid_file); 2736 dump_cfg_string(sXAuthLocation, o->xauth_location); 2737 dump_cfg_string(sCiphers, o->ciphers); 2738 dump_cfg_string(sMacs, o->macs); 2739 dump_cfg_string(sBanner, o->banner); 2740 dump_cfg_string(sForceCommand, o->adm_forced_command); 2741 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2742 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2743 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2744 dump_cfg_string(sSecurityKeyProvider, o->sk_provider); 2745 dump_cfg_string(sAuthorizedPrincipalsFile, 2746 o->authorized_principals_file); 2747 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2748 ? "none" : o->version_addendum); 2749 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2750 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2751 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2752 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2753 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2754 dump_cfg_string(sKexAlgorithms, o->kex_algorithms); 2755 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms); 2756 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types); 2757 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms); 2758 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types); 2759 dump_cfg_string(sRDomain, o->routing_domain); 2760 2761 /* string arguments requiring a lookup */ 2762 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2763 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2764 2765 /* string array arguments */ 2766 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2767 o->authorized_keys_files); 2768 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2769 o->host_key_files); 2770 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2771 o->host_cert_files); 2772 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2773 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2774 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2775 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2776 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2777 dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv); 2778 dump_cfg_strarray_oneline(sAuthenticationMethods, 2779 o->num_auth_methods, o->auth_methods); 2780 2781 /* other arguments */ 2782 for (i = 0; i < o->num_subsystems; i++) 2783 printf("subsystem %s %s\n", o->subsystem_name[i], 2784 o->subsystem_args[i]); 2785 2786 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2787 o->max_startups_rate, o->max_startups); 2788 2789 s = NULL; 2790 for (i = 0; tunmode_desc[i].val != -1; i++) { 2791 if (tunmode_desc[i].val == o->permit_tun) { 2792 s = tunmode_desc[i].text; 2793 break; 2794 } 2795 } 2796 dump_cfg_string(sPermitTunnel, s); 2797 2798 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2799 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2800 2801 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2802 o->rekey_interval); 2803 2804 printf("permitopen"); 2805 if (o->num_permitted_opens == 0) 2806 printf(" any"); 2807 else { 2808 for (i = 0; i < o->num_permitted_opens; i++) 2809 printf(" %s", o->permitted_opens[i]); 2810 } 2811 printf("\n"); 2812 printf("permitlisten"); 2813 if (o->num_permitted_listens == 0) 2814 printf(" any"); 2815 else { 2816 for (i = 0; i < o->num_permitted_listens; i++) 2817 printf(" %s", o->permitted_listens[i]); 2818 } 2819 printf("\n"); 2820 2821 if (o->permit_user_env_whitelist == NULL) { 2822 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2823 } else { 2824 printf("permituserenvironment %s\n", 2825 o->permit_user_env_whitelist); 2826 } 2827 2828 printf("pubkeyauthoptions"); 2829 if (o->pubkey_auth_options == 0) 2830 printf(" none"); 2831 if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED) 2832 printf(" touch-required"); 2833 printf("\n"); 2834 } 2835