1 2 /* $OpenBSD: servconf.c,v 1.386 2022/09/17 10:34:29 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include <sys/types.h> 15 #include <sys/socket.h> 16 #include <sys/queue.h> 17 #include <sys/sysctl.h> 18 #include <sys/stat.h> 19 20 #include <netinet/in.h> 21 #include <netinet/ip.h> 22 #include <net/route.h> 23 24 #include <ctype.h> 25 #include <glob.h> 26 #include <netdb.h> 27 #include <pwd.h> 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <string.h> 31 #include <signal.h> 32 #include <unistd.h> 33 #include <limits.h> 34 #include <stdarg.h> 35 #include <errno.h> 36 #include <util.h> 37 38 #include "xmalloc.h" 39 #include "ssh.h" 40 #include "log.h" 41 #include "sshbuf.h" 42 #include "misc.h" 43 #include "servconf.h" 44 #include "compat.h" 45 #include "pathnames.h" 46 #include "cipher.h" 47 #include "sshkey.h" 48 #include "kex.h" 49 #include "mac.h" 50 #include "match.h" 51 #include "channels.h" 52 #include "groupaccess.h" 53 #include "canohost.h" 54 #include "packet.h" 55 #include "ssherr.h" 56 #include "hostfile.h" 57 #include "auth.h" 58 #include "myproposal.h" 59 #include "digest.h" 60 61 static void add_listen_addr(ServerOptions *, const char *, 62 const char *, int); 63 static void add_one_listen_addr(ServerOptions *, const char *, 64 const char *, int); 65 static void parse_server_config_depth(ServerOptions *options, 66 const char *filename, struct sshbuf *conf, struct include_list *includes, 67 struct connection_info *connectinfo, int flags, int *activep, int depth); 68 69 /* Use of privilege separation or not */ 70 extern int use_privsep; 71 extern struct sshbuf *cfg; 72 73 /* Initializes the server options to their default values. */ 74 75 void 76 initialize_server_options(ServerOptions *options) 77 { 78 memset(options, 0, sizeof(*options)); 79 options->num_ports = 0; 80 options->ports_from_cmdline = 0; 81 options->queued_listen_addrs = NULL; 82 options->num_queued_listens = 0; 83 options->listen_addrs = NULL; 84 options->num_listen_addrs = 0; 85 options->address_family = -1; 86 options->routing_domain = NULL; 87 options->num_host_key_files = 0; 88 options->num_host_cert_files = 0; 89 options->host_key_agent = NULL; 90 options->pid_file = NULL; 91 options->login_grace_time = -1; 92 options->permit_root_login = PERMIT_NOT_SET; 93 options->ignore_rhosts = -1; 94 options->ignore_user_known_hosts = -1; 95 options->print_motd = -1; 96 options->print_lastlog = -1; 97 options->x11_forwarding = -1; 98 options->x11_display_offset = -1; 99 options->x11_use_localhost = -1; 100 options->permit_tty = -1; 101 options->permit_user_rc = -1; 102 options->xauth_location = NULL; 103 options->strict_modes = -1; 104 options->tcp_keep_alive = -1; 105 options->log_facility = SYSLOG_FACILITY_NOT_SET; 106 options->log_level = SYSLOG_LEVEL_NOT_SET; 107 options->num_log_verbose = 0; 108 options->log_verbose = NULL; 109 options->hostbased_authentication = -1; 110 options->hostbased_uses_name_from_packet_only = -1; 111 options->hostbased_accepted_algos = NULL; 112 options->hostkeyalgorithms = NULL; 113 options->pubkey_authentication = -1; 114 options->pubkey_auth_options = -1; 115 options->pubkey_accepted_algos = NULL; 116 options->kerberos_authentication = -1; 117 options->kerberos_or_local_passwd = -1; 118 options->kerberos_ticket_cleanup = -1; 119 options->kerberos_get_afs_token = -1; 120 options->gss_authentication=-1; 121 options->gss_cleanup_creds = -1; 122 options->gss_strict_acceptor = -1; 123 options->password_authentication = -1; 124 options->kbd_interactive_authentication = -1; 125 options->permit_empty_passwd = -1; 126 options->permit_user_env = -1; 127 options->permit_user_env_allowlist = NULL; 128 options->compression = -1; 129 options->rekey_limit = -1; 130 options->rekey_interval = -1; 131 options->allow_tcp_forwarding = -1; 132 options->allow_streamlocal_forwarding = -1; 133 options->allow_agent_forwarding = -1; 134 options->num_allow_users = 0; 135 options->num_deny_users = 0; 136 options->num_allow_groups = 0; 137 options->num_deny_groups = 0; 138 options->ciphers = NULL; 139 options->macs = NULL; 140 options->kex_algorithms = NULL; 141 options->ca_sign_algorithms = NULL; 142 options->fwd_opts.gateway_ports = -1; 143 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 144 options->fwd_opts.streamlocal_bind_unlink = -1; 145 options->num_subsystems = 0; 146 options->max_startups_begin = -1; 147 options->max_startups_rate = -1; 148 options->max_startups = -1; 149 options->per_source_max_startups = -1; 150 options->per_source_masklen_ipv4 = -1; 151 options->per_source_masklen_ipv6 = -1; 152 options->max_authtries = -1; 153 options->max_sessions = -1; 154 options->banner = NULL; 155 options->use_dns = -1; 156 options->client_alive_interval = -1; 157 options->client_alive_count_max = -1; 158 options->num_authkeys_files = 0; 159 options->num_accept_env = 0; 160 options->num_setenv = 0; 161 options->permit_tun = -1; 162 options->permitted_opens = NULL; 163 options->permitted_listens = NULL; 164 options->adm_forced_command = NULL; 165 options->chroot_directory = NULL; 166 options->authorized_keys_command = NULL; 167 options->authorized_keys_command_user = NULL; 168 options->revoked_keys_file = NULL; 169 options->sk_provider = NULL; 170 options->trusted_user_ca_keys = NULL; 171 options->authorized_principals_file = NULL; 172 options->authorized_principals_command = NULL; 173 options->authorized_principals_command_user = NULL; 174 options->ip_qos_interactive = -1; 175 options->ip_qos_bulk = -1; 176 options->version_addendum = NULL; 177 options->fingerprint_hash = -1; 178 options->disable_forwarding = -1; 179 options->expose_userauth_info = -1; 180 options->required_rsa_size = -1; 181 } 182 183 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 184 static int 185 option_clear_or_none(const char *o) 186 { 187 return o == NULL || strcasecmp(o, "none") == 0; 188 } 189 190 static void 191 assemble_algorithms(ServerOptions *o) 192 { 193 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 194 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; 195 int r; 196 197 all_cipher = cipher_alg_list(',', 0); 198 all_mac = mac_alg_list(','); 199 all_kex = kex_alg_list(','); 200 all_key = sshkey_alg_list(0, 0, 1, ','); 201 all_sig = sshkey_alg_list(0, 1, 1, ','); 202 /* remove unsupported algos from default lists */ 203 def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher); 204 def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac); 205 def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex); 206 def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key); 207 def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig); 208 #define ASSEMBLE(what, defaults, all) \ 209 do { \ 210 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ 211 fatal_fr(r, "%s", #what); \ 212 } while (0) 213 ASSEMBLE(ciphers, def_cipher, all_cipher); 214 ASSEMBLE(macs, def_mac, all_mac); 215 ASSEMBLE(kex_algorithms, def_kex, all_kex); 216 ASSEMBLE(hostkeyalgorithms, def_key, all_key); 217 ASSEMBLE(hostbased_accepted_algos, def_key, all_key); 218 ASSEMBLE(pubkey_accepted_algos, def_key, all_key); 219 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); 220 #undef ASSEMBLE 221 free(all_cipher); 222 free(all_mac); 223 free(all_kex); 224 free(all_key); 225 free(all_sig); 226 free(def_cipher); 227 free(def_mac); 228 free(def_kex); 229 free(def_key); 230 free(def_sig); 231 } 232 233 void 234 servconf_add_hostkey(const char *file, const int line, 235 ServerOptions *options, const char *path, int userprovided) 236 { 237 char *apath = derelativise_path(path); 238 239 opt_array_append2(file, line, "HostKey", 240 &options->host_key_files, &options->host_key_file_userprovided, 241 &options->num_host_key_files, apath, userprovided); 242 free(apath); 243 } 244 245 void 246 servconf_add_hostcert(const char *file, const int line, 247 ServerOptions *options, const char *path) 248 { 249 char *apath = derelativise_path(path); 250 251 opt_array_append(file, line, "HostCertificate", 252 &options->host_cert_files, &options->num_host_cert_files, apath); 253 free(apath); 254 } 255 256 void 257 fill_default_server_options(ServerOptions *options) 258 { 259 u_int i; 260 261 if (options->num_host_key_files == 0) { 262 /* fill default hostkeys */ 263 servconf_add_hostkey("[default]", 0, options, 264 _PATH_HOST_RSA_KEY_FILE, 0); 265 servconf_add_hostkey("[default]", 0, options, 266 _PATH_HOST_ECDSA_KEY_FILE, 0); 267 servconf_add_hostkey("[default]", 0, options, 268 _PATH_HOST_ED25519_KEY_FILE, 0); 269 #ifdef WITH_XMSS 270 servconf_add_hostkey("[default]", 0, options, 271 _PATH_HOST_XMSS_KEY_FILE, 0); 272 #endif /* WITH_XMSS */ 273 } 274 /* No certificates by default */ 275 if (options->num_ports == 0) 276 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 277 if (options->address_family == -1) 278 options->address_family = AF_UNSPEC; 279 if (options->listen_addrs == NULL) 280 add_listen_addr(options, NULL, NULL, 0); 281 if (options->pid_file == NULL) 282 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 283 if (options->moduli_file == NULL) 284 options->moduli_file = xstrdup(_PATH_DH_MODULI); 285 if (options->login_grace_time == -1) 286 options->login_grace_time = 120; 287 if (options->permit_root_login == PERMIT_NOT_SET) 288 options->permit_root_login = PERMIT_NO_PASSWD; 289 if (options->ignore_rhosts == -1) 290 options->ignore_rhosts = 1; 291 if (options->ignore_user_known_hosts == -1) 292 options->ignore_user_known_hosts = 0; 293 if (options->print_motd == -1) 294 options->print_motd = 1; 295 if (options->print_lastlog == -1) 296 options->print_lastlog = 1; 297 if (options->x11_forwarding == -1) 298 options->x11_forwarding = 0; 299 if (options->x11_display_offset == -1) 300 options->x11_display_offset = 10; 301 if (options->x11_use_localhost == -1) 302 options->x11_use_localhost = 1; 303 if (options->xauth_location == NULL) 304 options->xauth_location = xstrdup(_PATH_XAUTH); 305 if (options->permit_tty == -1) 306 options->permit_tty = 1; 307 if (options->permit_user_rc == -1) 308 options->permit_user_rc = 1; 309 if (options->strict_modes == -1) 310 options->strict_modes = 1; 311 if (options->tcp_keep_alive == -1) 312 options->tcp_keep_alive = 1; 313 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 314 options->log_facility = SYSLOG_FACILITY_AUTH; 315 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 316 options->log_level = SYSLOG_LEVEL_INFO; 317 if (options->hostbased_authentication == -1) 318 options->hostbased_authentication = 0; 319 if (options->hostbased_uses_name_from_packet_only == -1) 320 options->hostbased_uses_name_from_packet_only = 0; 321 if (options->pubkey_authentication == -1) 322 options->pubkey_authentication = 1; 323 if (options->pubkey_auth_options == -1) 324 options->pubkey_auth_options = 0; 325 if (options->kerberos_authentication == -1) 326 options->kerberos_authentication = 0; 327 if (options->kerberos_or_local_passwd == -1) 328 options->kerberos_or_local_passwd = 1; 329 if (options->kerberos_ticket_cleanup == -1) 330 options->kerberos_ticket_cleanup = 1; 331 if (options->kerberos_get_afs_token == -1) 332 options->kerberos_get_afs_token = 0; 333 if (options->gss_authentication == -1) 334 options->gss_authentication = 0; 335 if (options->gss_cleanup_creds == -1) 336 options->gss_cleanup_creds = 1; 337 if (options->gss_strict_acceptor == -1) 338 options->gss_strict_acceptor = 1; 339 if (options->password_authentication == -1) 340 options->password_authentication = 1; 341 if (options->kbd_interactive_authentication == -1) 342 options->kbd_interactive_authentication = 1; 343 if (options->permit_empty_passwd == -1) 344 options->permit_empty_passwd = 0; 345 if (options->permit_user_env == -1) { 346 options->permit_user_env = 0; 347 options->permit_user_env_allowlist = NULL; 348 } 349 if (options->compression == -1) 350 #ifdef WITH_ZLIB 351 options->compression = COMP_DELAYED; 352 #else 353 options->compression = COMP_NONE; 354 #endif 355 356 if (options->rekey_limit == -1) 357 options->rekey_limit = 0; 358 if (options->rekey_interval == -1) 359 options->rekey_interval = 0; 360 if (options->allow_tcp_forwarding == -1) 361 options->allow_tcp_forwarding = FORWARD_ALLOW; 362 if (options->allow_streamlocal_forwarding == -1) 363 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 364 if (options->allow_agent_forwarding == -1) 365 options->allow_agent_forwarding = 1; 366 if (options->fwd_opts.gateway_ports == -1) 367 options->fwd_opts.gateway_ports = 0; 368 if (options->max_startups == -1) 369 options->max_startups = 100; 370 if (options->max_startups_rate == -1) 371 options->max_startups_rate = 30; /* 30% */ 372 if (options->max_startups_begin == -1) 373 options->max_startups_begin = 10; 374 if (options->per_source_max_startups == -1) 375 options->per_source_max_startups = INT_MAX; 376 if (options->per_source_masklen_ipv4 == -1) 377 options->per_source_masklen_ipv4 = 32; 378 if (options->per_source_masklen_ipv6 == -1) 379 options->per_source_masklen_ipv6 = 128; 380 if (options->max_authtries == -1) 381 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 382 if (options->max_sessions == -1) 383 options->max_sessions = DEFAULT_SESSIONS_MAX; 384 if (options->use_dns == -1) 385 options->use_dns = 0; 386 if (options->client_alive_interval == -1) 387 options->client_alive_interval = 0; 388 if (options->client_alive_count_max == -1) 389 options->client_alive_count_max = 3; 390 if (options->num_authkeys_files == 0) { 391 opt_array_append("[default]", 0, "AuthorizedKeysFiles", 392 &options->authorized_keys_files, 393 &options->num_authkeys_files, 394 _PATH_SSH_USER_PERMITTED_KEYS); 395 opt_array_append("[default]", 0, "AuthorizedKeysFiles", 396 &options->authorized_keys_files, 397 &options->num_authkeys_files, 398 _PATH_SSH_USER_PERMITTED_KEYS2); 399 } 400 if (options->permit_tun == -1) 401 options->permit_tun = SSH_TUNMODE_NO; 402 if (options->ip_qos_interactive == -1) 403 options->ip_qos_interactive = IPTOS_DSCP_AF21; 404 if (options->ip_qos_bulk == -1) 405 options->ip_qos_bulk = IPTOS_DSCP_CS1; 406 if (options->version_addendum == NULL) 407 options->version_addendum = xstrdup(""); 408 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 409 options->fwd_opts.streamlocal_bind_mask = 0177; 410 if (options->fwd_opts.streamlocal_bind_unlink == -1) 411 options->fwd_opts.streamlocal_bind_unlink = 0; 412 if (options->fingerprint_hash == -1) 413 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 414 if (options->disable_forwarding == -1) 415 options->disable_forwarding = 0; 416 if (options->expose_userauth_info == -1) 417 options->expose_userauth_info = 0; 418 if (options->sk_provider == NULL) 419 options->sk_provider = xstrdup("internal"); 420 if (options->required_rsa_size == -1) 421 options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE; 422 423 assemble_algorithms(options); 424 425 /* Turn privilege separation and sandboxing on by default */ 426 if (use_privsep == -1) 427 use_privsep = PRIVSEP_ON; 428 429 #define CLEAR_ON_NONE(v) \ 430 do { \ 431 if (option_clear_or_none(v)) { \ 432 free(v); \ 433 v = NULL; \ 434 } \ 435 } while(0) 436 CLEAR_ON_NONE(options->pid_file); 437 CLEAR_ON_NONE(options->xauth_location); 438 CLEAR_ON_NONE(options->banner); 439 CLEAR_ON_NONE(options->trusted_user_ca_keys); 440 CLEAR_ON_NONE(options->revoked_keys_file); 441 CLEAR_ON_NONE(options->sk_provider); 442 CLEAR_ON_NONE(options->authorized_principals_file); 443 CLEAR_ON_NONE(options->adm_forced_command); 444 CLEAR_ON_NONE(options->chroot_directory); 445 CLEAR_ON_NONE(options->routing_domain); 446 CLEAR_ON_NONE(options->host_key_agent); 447 for (i = 0; i < options->num_host_key_files; i++) 448 CLEAR_ON_NONE(options->host_key_files[i]); 449 for (i = 0; i < options->num_host_cert_files; i++) 450 CLEAR_ON_NONE(options->host_cert_files[i]); 451 #undef CLEAR_ON_NONE 452 453 /* Similar handling for AuthenticationMethods=any */ 454 if (options->num_auth_methods == 1 && 455 strcmp(options->auth_methods[0], "any") == 0) { 456 free(options->auth_methods[0]); 457 options->auth_methods[0] = NULL; 458 options->num_auth_methods = 0; 459 } 460 } 461 462 /* Keyword tokens. */ 463 typedef enum { 464 sBadOption, /* == unknown option */ 465 sPort, sHostKeyFile, sLoginGraceTime, 466 sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose, 467 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 468 sKerberosGetAFSToken, sPasswordAuthentication, 469 sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, 470 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 471 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 472 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 473 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 474 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 475 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, sModuliFile, 476 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms, 477 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 478 sBanner, sUseDNS, sHostbasedAuthentication, 479 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms, 480 sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize, 481 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 482 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 483 sAcceptEnv, sSetEnv, sPermitTunnel, 484 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 485 sUsePrivilegeSeparation, sAllowAgentForwarding, 486 sHostCertificate, sInclude, 487 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 488 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 489 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, 490 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 491 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 492 sStreamLocalBindMask, sStreamLocalBindUnlink, 493 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 494 sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, 495 sRequiredRSASize, 496 sDeprecated, sIgnore, sUnsupported 497 } ServerOpCodes; 498 499 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */ 500 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 501 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 502 #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ 503 #define SSHCFG_MATCH_ONLY 0x08 /* Match only in conditional blocks; internal only */ 504 505 /* Textual representation of the tokens. */ 506 static struct { 507 const char *name; 508 ServerOpCodes opcode; 509 u_int flags; 510 } keywords[] = { 511 { "port", sPort, SSHCFG_GLOBAL }, 512 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 513 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 514 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 515 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 516 { "modulifile", sModuliFile, SSHCFG_GLOBAL }, 517 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 518 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 519 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 520 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 521 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 522 { "loglevel", sLogLevel, SSHCFG_ALL }, 523 { "logverbose", sLogVerbose, SSHCFG_ALL }, 524 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 525 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 526 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 527 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 528 { "hostbasedacceptedalgorithms", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, 529 { "hostbasedacceptedkeytypes", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */ 530 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 531 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 532 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 533 { "pubkeyacceptedalgorithms", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, 534 { "pubkeyacceptedkeytypes", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */ 535 { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL }, 536 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 537 #ifdef KRB5 538 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 539 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 540 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 541 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 542 #else 543 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 544 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 545 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 546 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 547 #endif 548 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 549 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 550 #ifdef GSSAPI 551 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 552 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 553 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 554 #else 555 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 556 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 557 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 558 #endif 559 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 560 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 561 { "challengeresponseauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */ 562 { "skeyauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */ 563 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 564 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 565 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 566 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 567 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 568 { "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL }, 569 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 570 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 571 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 572 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 573 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 574 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 575 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 576 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 577 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 578 { "compression", sCompression, SSHCFG_GLOBAL }, 579 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 580 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 581 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 582 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 583 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 584 { "allowusers", sAllowUsers, SSHCFG_ALL }, 585 { "denyusers", sDenyUsers, SSHCFG_ALL }, 586 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 587 { "denygroups", sDenyGroups, SSHCFG_ALL }, 588 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 589 { "macs", sMacs, SSHCFG_GLOBAL }, 590 { "protocol", sIgnore, SSHCFG_GLOBAL }, 591 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 592 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 593 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 594 { "persourcemaxstartups", sPerSourceMaxStartups, SSHCFG_GLOBAL }, 595 { "persourcenetblocksize", sPerSourceNetBlockSize, SSHCFG_GLOBAL }, 596 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 597 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 598 { "banner", sBanner, SSHCFG_ALL }, 599 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 600 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 601 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 602 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 603 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 604 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 605 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 606 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, 607 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 608 { "setenv", sSetEnv, SSHCFG_ALL }, 609 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 610 { "permittty", sPermitTTY, SSHCFG_ALL }, 611 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 612 { "match", sMatch, SSHCFG_ALL }, 613 { "permitopen", sPermitOpen, SSHCFG_ALL }, 614 { "permitlisten", sPermitListen, SSHCFG_ALL }, 615 { "forcecommand", sForceCommand, SSHCFG_ALL }, 616 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 617 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 618 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 619 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 620 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 621 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 622 { "include", sInclude, SSHCFG_ALL }, 623 { "ipqos", sIPQoS, SSHCFG_ALL }, 624 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 625 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 626 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 627 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 628 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 629 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 630 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 631 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 632 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 633 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 634 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 635 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, 636 { "rdomain", sRDomain, SSHCFG_ALL }, 637 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, 638 { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, 639 { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL }, 640 { NULL, sBadOption, 0 } 641 }; 642 643 static struct { 644 int val; 645 char *text; 646 } tunmode_desc[] = { 647 { SSH_TUNMODE_NO, "no" }, 648 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 649 { SSH_TUNMODE_ETHERNET, "ethernet" }, 650 { SSH_TUNMODE_YES, "yes" }, 651 { -1, NULL } 652 }; 653 654 /* Returns an opcode name from its number */ 655 656 static const char * 657 lookup_opcode_name(ServerOpCodes code) 658 { 659 u_int i; 660 661 for (i = 0; keywords[i].name != NULL; i++) 662 if (keywords[i].opcode == code) 663 return(keywords[i].name); 664 return "UNKNOWN"; 665 } 666 667 668 /* 669 * Returns the number of the token pointed to by cp or sBadOption. 670 */ 671 672 static ServerOpCodes 673 parse_token(const char *cp, const char *filename, 674 int linenum, u_int *flags) 675 { 676 u_int i; 677 678 for (i = 0; keywords[i].name; i++) 679 if (strcasecmp(cp, keywords[i].name) == 0) { 680 *flags = keywords[i].flags; 681 return keywords[i].opcode; 682 } 683 684 error("%s: line %d: Bad configuration option: %s", 685 filename, linenum, cp); 686 return sBadOption; 687 } 688 689 char * 690 derelativise_path(const char *path) 691 { 692 char *expanded, *ret, cwd[PATH_MAX]; 693 694 if (strcasecmp(path, "none") == 0) 695 return xstrdup("none"); 696 expanded = tilde_expand_filename(path, getuid()); 697 if (path_absolute(expanded)) 698 return expanded; 699 if (getcwd(cwd, sizeof(cwd)) == NULL) 700 fatal_f("getcwd: %s", strerror(errno)); 701 xasprintf(&ret, "%s/%s", cwd, expanded); 702 free(expanded); 703 return ret; 704 } 705 706 static void 707 add_listen_addr(ServerOptions *options, const char *addr, 708 const char *rdomain, int port) 709 { 710 u_int i; 711 712 if (port > 0) 713 add_one_listen_addr(options, addr, rdomain, port); 714 else { 715 for (i = 0; i < options->num_ports; i++) { 716 add_one_listen_addr(options, addr, rdomain, 717 options->ports[i]); 718 } 719 } 720 } 721 722 static void 723 add_one_listen_addr(ServerOptions *options, const char *addr, 724 const char *rdomain, int port) 725 { 726 struct addrinfo hints, *ai, *aitop; 727 char strport[NI_MAXSERV]; 728 int gaierr; 729 u_int i; 730 731 /* Find listen_addrs entry for this rdomain */ 732 for (i = 0; i < options->num_listen_addrs; i++) { 733 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL) 734 break; 735 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL) 736 continue; 737 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0) 738 break; 739 } 740 if (i >= options->num_listen_addrs) { 741 /* No entry for this rdomain; allocate one */ 742 if (i >= INT_MAX) 743 fatal_f("too many listen addresses"); 744 options->listen_addrs = xrecallocarray(options->listen_addrs, 745 options->num_listen_addrs, options->num_listen_addrs + 1, 746 sizeof(*options->listen_addrs)); 747 i = options->num_listen_addrs++; 748 if (rdomain != NULL) 749 options->listen_addrs[i].rdomain = xstrdup(rdomain); 750 } 751 /* options->listen_addrs[i] points to the addresses for this rdomain */ 752 753 memset(&hints, 0, sizeof(hints)); 754 hints.ai_family = options->address_family; 755 hints.ai_socktype = SOCK_STREAM; 756 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 757 snprintf(strport, sizeof strport, "%d", port); 758 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 759 fatal("bad addr or host: %s (%s)", 760 addr ? addr : "<NULL>", 761 ssh_gai_strerror(gaierr)); 762 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 763 ; 764 ai->ai_next = options->listen_addrs[i].addrs; 765 options->listen_addrs[i].addrs = aitop; 766 } 767 768 /* Returns nonzero if the routing domain name is valid */ 769 static int 770 valid_rdomain(const char *name) 771 { 772 const char *errstr; 773 long long num; 774 struct rt_tableinfo info; 775 int mib[6]; 776 size_t miblen = sizeof(mib); 777 778 if (name == NULL) 779 return 1; 780 781 num = strtonum(name, 0, 255, &errstr); 782 if (errstr != NULL) 783 return 0; 784 785 /* Check whether the table actually exists */ 786 memset(mib, 0, sizeof(mib)); 787 mib[0] = CTL_NET; 788 mib[1] = PF_ROUTE; 789 mib[4] = NET_RT_TABLE; 790 mib[5] = (int)num; 791 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1) 792 return 0; 793 794 return 1; 795 } 796 797 /* 798 * Queue a ListenAddress to be processed once we have all of the Ports 799 * and AddressFamily options. 800 */ 801 static void 802 queue_listen_addr(ServerOptions *options, const char *addr, 803 const char *rdomain, int port) 804 { 805 struct queued_listenaddr *qla; 806 807 options->queued_listen_addrs = xrecallocarray( 808 options->queued_listen_addrs, 809 options->num_queued_listens, options->num_queued_listens + 1, 810 sizeof(*options->queued_listen_addrs)); 811 qla = &options->queued_listen_addrs[options->num_queued_listens++]; 812 qla->addr = xstrdup(addr); 813 qla->port = port; 814 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain); 815 } 816 817 /* 818 * Process queued (text) ListenAddress entries. 819 */ 820 static void 821 process_queued_listen_addrs(ServerOptions *options) 822 { 823 u_int i; 824 struct queued_listenaddr *qla; 825 826 if (options->num_ports == 0) 827 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 828 if (options->address_family == -1) 829 options->address_family = AF_UNSPEC; 830 831 for (i = 0; i < options->num_queued_listens; i++) { 832 qla = &options->queued_listen_addrs[i]; 833 add_listen_addr(options, qla->addr, qla->rdomain, qla->port); 834 free(qla->addr); 835 free(qla->rdomain); 836 } 837 free(options->queued_listen_addrs); 838 options->queued_listen_addrs = NULL; 839 options->num_queued_listens = 0; 840 } 841 842 /* 843 * Inform channels layer of permitopen options for a single forwarding 844 * direction (local/remote). 845 */ 846 static void 847 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, 848 char **opens, u_int num_opens) 849 { 850 u_int i; 851 int port; 852 char *host, *arg, *oarg; 853 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE; 854 const char *what = lookup_opcode_name(opcode); 855 856 channel_clear_permission(ssh, FORWARD_ADM, where); 857 if (num_opens == 0) 858 return; /* permit any */ 859 860 /* handle keywords: "any" / "none" */ 861 if (num_opens == 1 && strcmp(opens[0], "any") == 0) 862 return; 863 if (num_opens == 1 && strcmp(opens[0], "none") == 0) { 864 channel_disable_admin(ssh, where); 865 return; 866 } 867 /* Otherwise treat it as a list of permitted host:port */ 868 for (i = 0; i < num_opens; i++) { 869 oarg = arg = xstrdup(opens[i]); 870 host = hpdelim(&arg); 871 if (host == NULL) 872 fatal_f("missing host in %s", what); 873 host = cleanhostname(host); 874 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 875 fatal_f("bad port number in %s", what); 876 /* Send it to channels layer */ 877 channel_add_permission(ssh, FORWARD_ADM, 878 where, host, port); 879 free(oarg); 880 } 881 } 882 883 /* 884 * Inform channels layer of permitopen options from configuration. 885 */ 886 void 887 process_permitopen(struct ssh *ssh, ServerOptions *options) 888 { 889 process_permitopen_list(ssh, sPermitOpen, 890 options->permitted_opens, options->num_permitted_opens); 891 process_permitopen_list(ssh, sPermitListen, 892 options->permitted_listens, 893 options->num_permitted_listens); 894 } 895 896 struct connection_info * 897 get_connection_info(struct ssh *ssh, int populate, int use_dns) 898 { 899 static struct connection_info ci; 900 901 if (ssh == NULL || !populate) 902 return &ci; 903 ci.host = auth_get_canonical_hostname(ssh, use_dns); 904 ci.address = ssh_remote_ipaddr(ssh); 905 ci.laddress = ssh_local_ipaddr(ssh); 906 ci.lport = ssh_local_port(ssh); 907 ci.rdomain = ssh_packet_rdomain_in(ssh); 908 return &ci; 909 } 910 911 /* 912 * The strategy for the Match blocks is that the config file is parsed twice. 913 * 914 * The first time is at startup. activep is initialized to 1 and the 915 * directives in the global context are processed and acted on. Hitting a 916 * Match directive unsets activep and the directives inside the block are 917 * checked for syntax only. 918 * 919 * The second time is after a connection has been established but before 920 * authentication. activep is initialized to 2 and global config directives 921 * are ignored since they have already been processed. If the criteria in a 922 * Match block is met, activep is set and the subsequent directives 923 * processed and actioned until EOF or another Match block unsets it. Any 924 * options set are copied into the main server config. 925 * 926 * Potential additions/improvements: 927 * - Add Match support for pre-kex directives, eg. Ciphers. 928 * 929 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 930 * Match Address 192.168.0.* 931 * Tag trusted 932 * Match Group wheel 933 * Tag trusted 934 * Match Tag trusted 935 * AllowTcpForwarding yes 936 * GatewayPorts clientspecified 937 * [...] 938 * 939 * - Add a PermittedChannelRequests directive 940 * Match Group shell 941 * PermittedChannelRequests session,forwarded-tcpip 942 */ 943 944 static int 945 match_cfg_line_group(const char *grps, int line, const char *user) 946 { 947 int result = 0; 948 struct passwd *pw; 949 950 if (user == NULL) 951 goto out; 952 953 if ((pw = getpwnam(user)) == NULL) { 954 debug("Can't match group at line %d because user %.100s does " 955 "not exist", line, user); 956 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 957 debug("Can't Match group because user %.100s not in any group " 958 "at line %d", user, line); 959 } else if (ga_match_pattern_list(grps) != 1) { 960 debug("user %.100s does not match group list %.100s at line %d", 961 user, grps, line); 962 } else { 963 debug("user %.100s matched group list %.100s at line %d", user, 964 grps, line); 965 result = 1; 966 } 967 out: 968 ga_free(); 969 return result; 970 } 971 972 static void 973 match_test_missing_fatal(const char *criteria, const char *attrib) 974 { 975 fatal("'Match %s' in configuration but '%s' not in connection " 976 "test specification.", criteria, attrib); 977 } 978 979 /* 980 * All of the attributes on a single Match line are ANDed together, so we need 981 * to check every attribute and set the result to zero if any attribute does 982 * not match. 983 */ 984 static int 985 match_cfg_line(char **condition, int line, struct connection_info *ci) 986 { 987 int result = 1, attributes = 0, port; 988 char *arg, *attrib, *cp = *condition; 989 990 if (ci == NULL) 991 debug3("checking syntax for 'Match %s'", cp); 992 else 993 debug3("checking match for '%s' user %s host %s addr %s " 994 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 995 ci->host ? ci->host : "(null)", 996 ci->address ? ci->address : "(null)", 997 ci->laddress ? ci->laddress : "(null)", ci->lport); 998 999 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 1000 /* Terminate on comment */ 1001 if (*attrib == '#') { 1002 cp = NULL; /* mark all arguments consumed */ 1003 break; 1004 } 1005 arg = NULL; 1006 attributes++; 1007 /* Criterion "all" has no argument and must appear alone */ 1008 if (strcasecmp(attrib, "all") == 0) { 1009 if (attributes > 1 || ((arg = strdelim(&cp)) != NULL && 1010 *arg != '\0' && *arg != '#')) { 1011 error("'all' cannot be combined with other " 1012 "Match attributes"); 1013 return -1; 1014 } 1015 if (arg != NULL && *arg == '#') 1016 cp = NULL; /* mark all arguments consumed */ 1017 *condition = cp; 1018 return 1; 1019 } 1020 /* All other criteria require an argument */ 1021 if ((arg = strdelim(&cp)) == NULL || 1022 *arg == '\0' || *arg == '#') { 1023 error("Missing Match criteria for %s", attrib); 1024 return -1; 1025 } 1026 if (strcasecmp(attrib, "user") == 0) { 1027 if (ci == NULL || (ci->test && ci->user == NULL)) { 1028 result = 0; 1029 continue; 1030 } 1031 if (ci->user == NULL) 1032 match_test_missing_fatal("User", "user"); 1033 if (match_usergroup_pattern_list(ci->user, arg) != 1) 1034 result = 0; 1035 else 1036 debug("user %.100s matched 'User %.100s' at " 1037 "line %d", ci->user, arg, line); 1038 } else if (strcasecmp(attrib, "group") == 0) { 1039 if (ci == NULL || (ci->test && ci->user == NULL)) { 1040 result = 0; 1041 continue; 1042 } 1043 if (ci->user == NULL) 1044 match_test_missing_fatal("Group", "user"); 1045 switch (match_cfg_line_group(arg, line, ci->user)) { 1046 case -1: 1047 return -1; 1048 case 0: 1049 result = 0; 1050 } 1051 } else if (strcasecmp(attrib, "host") == 0) { 1052 if (ci == NULL || (ci->test && ci->host == NULL)) { 1053 result = 0; 1054 continue; 1055 } 1056 if (ci->host == NULL) 1057 match_test_missing_fatal("Host", "host"); 1058 if (match_hostname(ci->host, arg) != 1) 1059 result = 0; 1060 else 1061 debug("connection from %.100s matched 'Host " 1062 "%.100s' at line %d", ci->host, arg, line); 1063 } else if (strcasecmp(attrib, "address") == 0) { 1064 if (ci == NULL || (ci->test && ci->address == NULL)) { 1065 if (addr_match_list(NULL, arg) != 0) 1066 fatal("Invalid Match address argument " 1067 "'%s' at line %d", arg, line); 1068 result = 0; 1069 continue; 1070 } 1071 if (ci->address == NULL) 1072 match_test_missing_fatal("Address", "addr"); 1073 switch (addr_match_list(ci->address, arg)) { 1074 case 1: 1075 debug("connection from %.100s matched 'Address " 1076 "%.100s' at line %d", ci->address, arg, line); 1077 break; 1078 case 0: 1079 case -1: 1080 result = 0; 1081 break; 1082 case -2: 1083 return -1; 1084 } 1085 } else if (strcasecmp(attrib, "localaddress") == 0){ 1086 if (ci == NULL || (ci->test && ci->laddress == NULL)) { 1087 if (addr_match_list(NULL, arg) != 0) 1088 fatal("Invalid Match localaddress " 1089 "argument '%s' at line %d", arg, 1090 line); 1091 result = 0; 1092 continue; 1093 } 1094 if (ci->laddress == NULL) 1095 match_test_missing_fatal("LocalAddress", 1096 "laddr"); 1097 switch (addr_match_list(ci->laddress, arg)) { 1098 case 1: 1099 debug("connection from %.100s matched " 1100 "'LocalAddress %.100s' at line %d", 1101 ci->laddress, arg, line); 1102 break; 1103 case 0: 1104 case -1: 1105 result = 0; 1106 break; 1107 case -2: 1108 return -1; 1109 } 1110 } else if (strcasecmp(attrib, "localport") == 0) { 1111 if ((port = a2port(arg)) == -1) { 1112 error("Invalid LocalPort '%s' on Match line", 1113 arg); 1114 return -1; 1115 } 1116 if (ci == NULL || (ci->test && ci->lport == -1)) { 1117 result = 0; 1118 continue; 1119 } 1120 if (ci->lport == 0) 1121 match_test_missing_fatal("LocalPort", "lport"); 1122 /* TODO support port lists */ 1123 if (port == ci->lport) 1124 debug("connection from %.100s matched " 1125 "'LocalPort %d' at line %d", 1126 ci->laddress, port, line); 1127 else 1128 result = 0; 1129 } else if (strcasecmp(attrib, "rdomain") == 0) { 1130 if (ci == NULL || (ci->test && ci->rdomain == NULL)) { 1131 result = 0; 1132 continue; 1133 } 1134 if (ci->rdomain == NULL) 1135 match_test_missing_fatal("RDomain", "rdomain"); 1136 if (match_pattern_list(ci->rdomain, arg, 0) != 1) 1137 result = 0; 1138 else 1139 debug("user %.100s matched 'RDomain %.100s' at " 1140 "line %d", ci->rdomain, arg, line); 1141 } else { 1142 error("Unsupported Match attribute %s", attrib); 1143 return -1; 1144 } 1145 } 1146 if (attributes == 0) { 1147 error("One or more attributes required for Match"); 1148 return -1; 1149 } 1150 if (ci != NULL) 1151 debug3("match %sfound", result ? "" : "not "); 1152 *condition = cp; 1153 return result; 1154 } 1155 1156 #define WHITESPACE " \t\r\n" 1157 1158 /* Multistate option parsing */ 1159 struct multistate { 1160 char *key; 1161 int value; 1162 }; 1163 static const struct multistate multistate_flag[] = { 1164 { "yes", 1 }, 1165 { "no", 0 }, 1166 { NULL, -1 } 1167 }; 1168 static const struct multistate multistate_ignore_rhosts[] = { 1169 { "yes", IGNORE_RHOSTS_YES }, 1170 { "no", IGNORE_RHOSTS_NO }, 1171 { "shosts-only", IGNORE_RHOSTS_SHOSTS }, 1172 { NULL, -1 } 1173 }; 1174 static const struct multistate multistate_addressfamily[] = { 1175 { "inet", AF_INET }, 1176 { "inet6", AF_INET6 }, 1177 { "any", AF_UNSPEC }, 1178 { NULL, -1 } 1179 }; 1180 static const struct multistate multistate_permitrootlogin[] = { 1181 { "without-password", PERMIT_NO_PASSWD }, 1182 { "prohibit-password", PERMIT_NO_PASSWD }, 1183 { "forced-commands-only", PERMIT_FORCED_ONLY }, 1184 { "yes", PERMIT_YES }, 1185 { "no", PERMIT_NO }, 1186 { NULL, -1 } 1187 }; 1188 static const struct multistate multistate_compression[] = { 1189 #ifdef WITH_ZLIB 1190 { "yes", COMP_DELAYED }, 1191 { "delayed", COMP_DELAYED }, 1192 #endif 1193 { "no", COMP_NONE }, 1194 { NULL, -1 } 1195 }; 1196 static const struct multistate multistate_gatewayports[] = { 1197 { "clientspecified", 2 }, 1198 { "yes", 1 }, 1199 { "no", 0 }, 1200 { NULL, -1 } 1201 }; 1202 static const struct multistate multistate_tcpfwd[] = { 1203 { "yes", FORWARD_ALLOW }, 1204 { "all", FORWARD_ALLOW }, 1205 { "no", FORWARD_DENY }, 1206 { "remote", FORWARD_REMOTE }, 1207 { "local", FORWARD_LOCAL }, 1208 { NULL, -1 } 1209 }; 1210 1211 static int 1212 process_server_config_line_depth(ServerOptions *options, char *line, 1213 const char *filename, int linenum, int *activep, 1214 struct connection_info *connectinfo, int *inc_flags, int depth, 1215 struct include_list *includes) 1216 { 1217 char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword; 1218 int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; 1219 SyslogFacility *log_facility_ptr; 1220 LogLevel *log_level_ptr; 1221 ServerOpCodes opcode; 1222 u_int i, *uintptr, uvalue, flags = 0; 1223 size_t len; 1224 long long val64; 1225 const struct multistate *multistate_ptr; 1226 const char *errstr; 1227 struct include_item *item; 1228 glob_t gbuf; 1229 char **oav = NULL, **av; 1230 int oac = 0, ac; 1231 int ret = -1; 1232 1233 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 1234 if ((len = strlen(line)) == 0) 1235 return 0; 1236 for (len--; len > 0; len--) { 1237 if (strchr(WHITESPACE "\f", line[len]) == NULL) 1238 break; 1239 line[len] = '\0'; 1240 } 1241 1242 str = line; 1243 if ((keyword = strdelim(&str)) == NULL) 1244 return 0; 1245 /* Ignore leading whitespace */ 1246 if (*keyword == '\0') 1247 keyword = strdelim(&str); 1248 if (!keyword || !*keyword || *keyword == '#') 1249 return 0; 1250 if (str == NULL || *str == '\0') { 1251 error("%s line %d: no argument after keyword \"%s\"", 1252 filename, linenum, keyword); 1253 return -1; 1254 } 1255 intptr = NULL; 1256 charptr = NULL; 1257 opcode = parse_token(keyword, filename, linenum, &flags); 1258 1259 if (argv_split(str, &oac, &oav, 1) != 0) { 1260 error("%s line %d: invalid quotes", filename, linenum); 1261 return -1; 1262 } 1263 ac = oac; 1264 av = oav; 1265 1266 if (activep == NULL) { /* We are processing a command line directive */ 1267 cmdline = 1; 1268 activep = &cmdline; 1269 } 1270 if (*activep && opcode != sMatch && opcode != sInclude) 1271 debug3("%s:%d setting %s %s", filename, linenum, keyword, str); 1272 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1273 if (connectinfo == NULL) { 1274 fatal("%s line %d: Directive '%s' is not allowed " 1275 "within a Match block", filename, linenum, keyword); 1276 } else { /* this is a directive we have already processed */ 1277 ret = 0; 1278 goto out; 1279 } 1280 } 1281 1282 switch (opcode) { 1283 case sBadOption: 1284 goto out; 1285 case sPort: 1286 /* ignore ports from configfile if cmdline specifies ports */ 1287 if (options->ports_from_cmdline) { 1288 argv_consume(&ac); 1289 break; 1290 } 1291 if (options->num_ports >= MAX_PORTS) 1292 fatal("%s line %d: too many ports.", 1293 filename, linenum); 1294 arg = argv_next(&ac, &av); 1295 if (!arg || *arg == '\0') 1296 fatal("%s line %d: missing port number.", 1297 filename, linenum); 1298 options->ports[options->num_ports++] = a2port(arg); 1299 if (options->ports[options->num_ports-1] <= 0) 1300 fatal("%s line %d: Badly formatted port number.", 1301 filename, linenum); 1302 break; 1303 1304 case sLoginGraceTime: 1305 intptr = &options->login_grace_time; 1306 parse_time: 1307 arg = argv_next(&ac, &av); 1308 if (!arg || *arg == '\0') 1309 fatal("%s line %d: missing time value.", 1310 filename, linenum); 1311 if ((value = convtime(arg)) == -1) 1312 fatal("%s line %d: invalid time value.", 1313 filename, linenum); 1314 if (*activep && *intptr == -1) 1315 *intptr = value; 1316 break; 1317 1318 case sListenAddress: 1319 arg = argv_next(&ac, &av); 1320 if (arg == NULL || *arg == '\0') 1321 fatal("%s line %d: missing address", 1322 filename, linenum); 1323 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1324 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1325 && strchr(p+1, ':') != NULL) { 1326 port = 0; 1327 p = arg; 1328 } else { 1329 arg2 = NULL; 1330 p = hpdelim(&arg); 1331 if (p == NULL) 1332 fatal("%s line %d: bad address:port usage", 1333 filename, linenum); 1334 p = cleanhostname(p); 1335 if (arg == NULL) 1336 port = 0; 1337 else if ((port = a2port(arg)) <= 0) 1338 fatal("%s line %d: bad port number", 1339 filename, linenum); 1340 } 1341 /* Optional routing table */ 1342 arg2 = NULL; 1343 if ((arg = argv_next(&ac, &av)) != NULL) { 1344 if (strcmp(arg, "rdomain") != 0 || 1345 (arg2 = argv_next(&ac, &av)) == NULL) 1346 fatal("%s line %d: bad ListenAddress syntax", 1347 filename, linenum); 1348 if (!valid_rdomain(arg2)) 1349 fatal("%s line %d: bad routing domain", 1350 filename, linenum); 1351 } 1352 queue_listen_addr(options, p, arg2, port); 1353 1354 break; 1355 1356 case sAddressFamily: 1357 intptr = &options->address_family; 1358 multistate_ptr = multistate_addressfamily; 1359 parse_multistate: 1360 arg = argv_next(&ac, &av); 1361 if (!arg || *arg == '\0') 1362 fatal("%s line %d: missing argument.", 1363 filename, linenum); 1364 value = -1; 1365 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1366 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1367 value = multistate_ptr[i].value; 1368 break; 1369 } 1370 } 1371 if (value == -1) 1372 fatal("%s line %d: unsupported option \"%s\".", 1373 filename, linenum, arg); 1374 if (*activep && *intptr == -1) 1375 *intptr = value; 1376 break; 1377 1378 case sHostKeyFile: 1379 arg = argv_next(&ac, &av); 1380 if (!arg || *arg == '\0') 1381 fatal("%s line %d: missing file name.", 1382 filename, linenum); 1383 if (*activep) { 1384 servconf_add_hostkey(filename, linenum, 1385 options, arg, 1); 1386 } 1387 break; 1388 1389 case sHostKeyAgent: 1390 charptr = &options->host_key_agent; 1391 arg = argv_next(&ac, &av); 1392 if (!arg || *arg == '\0') 1393 fatal("%s line %d: missing socket name.", 1394 filename, linenum); 1395 if (*activep && *charptr == NULL) 1396 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1397 xstrdup(arg) : derelativise_path(arg); 1398 break; 1399 1400 case sHostCertificate: 1401 arg = argv_next(&ac, &av); 1402 if (!arg || *arg == '\0') 1403 fatal("%s line %d: missing file name.", 1404 filename, linenum); 1405 if (*activep) 1406 servconf_add_hostcert(filename, linenum, options, arg); 1407 break; 1408 1409 case sPidFile: 1410 charptr = &options->pid_file; 1411 parse_filename: 1412 arg = argv_next(&ac, &av); 1413 if (!arg || *arg == '\0') 1414 fatal("%s line %d: missing file name.", 1415 filename, linenum); 1416 if (*activep && *charptr == NULL) { 1417 *charptr = derelativise_path(arg); 1418 /* increase optional counter */ 1419 if (intptr != NULL) 1420 *intptr = *intptr + 1; 1421 } 1422 break; 1423 1424 case sModuliFile: 1425 charptr = &options->moduli_file; 1426 goto parse_filename; 1427 1428 case sPermitRootLogin: 1429 intptr = &options->permit_root_login; 1430 multistate_ptr = multistate_permitrootlogin; 1431 goto parse_multistate; 1432 1433 case sIgnoreRhosts: 1434 intptr = &options->ignore_rhosts; 1435 multistate_ptr = multistate_ignore_rhosts; 1436 goto parse_multistate; 1437 1438 case sIgnoreUserKnownHosts: 1439 intptr = &options->ignore_user_known_hosts; 1440 parse_flag: 1441 multistate_ptr = multistate_flag; 1442 goto parse_multistate; 1443 1444 case sHostbasedAuthentication: 1445 intptr = &options->hostbased_authentication; 1446 goto parse_flag; 1447 1448 case sHostbasedUsesNameFromPacketOnly: 1449 intptr = &options->hostbased_uses_name_from_packet_only; 1450 goto parse_flag; 1451 1452 case sHostbasedAcceptedAlgorithms: 1453 charptr = &options->hostbased_accepted_algos; 1454 parse_pubkey_algos: 1455 arg = argv_next(&ac, &av); 1456 if (!arg || *arg == '\0') 1457 fatal("%s line %d: Missing argument.", 1458 filename, linenum); 1459 if (*arg != '-' && 1460 !sshkey_names_valid2(*arg == '+' || *arg == '^' ? 1461 arg + 1 : arg, 1)) 1462 fatal("%s line %d: Bad key types '%s'.", 1463 filename, linenum, arg ? arg : "<NONE>"); 1464 if (*activep && *charptr == NULL) 1465 *charptr = xstrdup(arg); 1466 break; 1467 1468 case sHostKeyAlgorithms: 1469 charptr = &options->hostkeyalgorithms; 1470 goto parse_pubkey_algos; 1471 1472 case sCASignatureAlgorithms: 1473 charptr = &options->ca_sign_algorithms; 1474 goto parse_pubkey_algos; 1475 1476 case sPubkeyAuthentication: 1477 intptr = &options->pubkey_authentication; 1478 goto parse_flag; 1479 1480 case sPubkeyAcceptedAlgorithms: 1481 charptr = &options->pubkey_accepted_algos; 1482 goto parse_pubkey_algos; 1483 1484 case sPubkeyAuthOptions: 1485 intptr = &options->pubkey_auth_options; 1486 value = 0; 1487 while ((arg = argv_next(&ac, &av)) != NULL) { 1488 if (strcasecmp(arg, "none") == 0) 1489 continue; 1490 if (strcasecmp(arg, "touch-required") == 0) 1491 value |= PUBKEYAUTH_TOUCH_REQUIRED; 1492 else if (strcasecmp(arg, "verify-required") == 0) 1493 value |= PUBKEYAUTH_VERIFY_REQUIRED; 1494 else { 1495 error("%s line %d: unsupported %s option %s", 1496 filename, linenum, keyword, arg); 1497 goto out; 1498 } 1499 } 1500 if (*activep && *intptr == -1) 1501 *intptr = value; 1502 break; 1503 1504 case sKerberosAuthentication: 1505 intptr = &options->kerberos_authentication; 1506 goto parse_flag; 1507 1508 case sKerberosOrLocalPasswd: 1509 intptr = &options->kerberos_or_local_passwd; 1510 goto parse_flag; 1511 1512 case sKerberosTicketCleanup: 1513 intptr = &options->kerberos_ticket_cleanup; 1514 goto parse_flag; 1515 1516 case sKerberosGetAFSToken: 1517 intptr = &options->kerberos_get_afs_token; 1518 goto parse_flag; 1519 1520 case sGssAuthentication: 1521 intptr = &options->gss_authentication; 1522 goto parse_flag; 1523 1524 case sGssCleanupCreds: 1525 intptr = &options->gss_cleanup_creds; 1526 goto parse_flag; 1527 1528 case sGssStrictAcceptor: 1529 intptr = &options->gss_strict_acceptor; 1530 goto parse_flag; 1531 1532 case sPasswordAuthentication: 1533 intptr = &options->password_authentication; 1534 goto parse_flag; 1535 1536 case sKbdInteractiveAuthentication: 1537 intptr = &options->kbd_interactive_authentication; 1538 goto parse_flag; 1539 1540 case sPrintMotd: 1541 intptr = &options->print_motd; 1542 goto parse_flag; 1543 1544 case sPrintLastLog: 1545 intptr = &options->print_lastlog; 1546 goto parse_flag; 1547 1548 case sX11Forwarding: 1549 intptr = &options->x11_forwarding; 1550 goto parse_flag; 1551 1552 case sX11DisplayOffset: 1553 intptr = &options->x11_display_offset; 1554 parse_int: 1555 arg = argv_next(&ac, &av); 1556 if ((errstr = atoi_err(arg, &value)) != NULL) 1557 fatal("%s line %d: %s integer value %s.", 1558 filename, linenum, keyword, errstr); 1559 if (*activep && *intptr == -1) 1560 *intptr = value; 1561 break; 1562 1563 case sX11UseLocalhost: 1564 intptr = &options->x11_use_localhost; 1565 goto parse_flag; 1566 1567 case sXAuthLocation: 1568 charptr = &options->xauth_location; 1569 goto parse_filename; 1570 1571 case sPermitTTY: 1572 intptr = &options->permit_tty; 1573 goto parse_flag; 1574 1575 case sPermitUserRC: 1576 intptr = &options->permit_user_rc; 1577 goto parse_flag; 1578 1579 case sStrictModes: 1580 intptr = &options->strict_modes; 1581 goto parse_flag; 1582 1583 case sTCPKeepAlive: 1584 intptr = &options->tcp_keep_alive; 1585 goto parse_flag; 1586 1587 case sEmptyPasswd: 1588 intptr = &options->permit_empty_passwd; 1589 goto parse_flag; 1590 1591 case sPermitUserEnvironment: 1592 intptr = &options->permit_user_env; 1593 charptr = &options->permit_user_env_allowlist; 1594 arg = argv_next(&ac, &av); 1595 if (!arg || *arg == '\0') 1596 fatal("%s line %d: %s missing argument.", 1597 filename, linenum, keyword); 1598 value = 0; 1599 p = NULL; 1600 if (strcmp(arg, "yes") == 0) 1601 value = 1; 1602 else if (strcmp(arg, "no") == 0) 1603 value = 0; 1604 else { 1605 /* Pattern-list specified */ 1606 value = 1; 1607 p = xstrdup(arg); 1608 } 1609 if (*activep && *intptr == -1) { 1610 *intptr = value; 1611 *charptr = p; 1612 p = NULL; 1613 } 1614 free(p); 1615 break; 1616 1617 case sCompression: 1618 intptr = &options->compression; 1619 multistate_ptr = multistate_compression; 1620 goto parse_multistate; 1621 1622 case sRekeyLimit: 1623 arg = argv_next(&ac, &av); 1624 if (!arg || *arg == '\0') 1625 fatal("%s line %d: %s missing argument.", 1626 filename, linenum, keyword); 1627 if (strcmp(arg, "default") == 0) { 1628 val64 = 0; 1629 } else { 1630 if (scan_scaled(arg, &val64) == -1) 1631 fatal("%.200s line %d: Bad %s number '%s': %s", 1632 filename, linenum, keyword, 1633 arg, strerror(errno)); 1634 if (val64 != 0 && val64 < 16) 1635 fatal("%.200s line %d: %s too small", 1636 filename, linenum, keyword); 1637 } 1638 if (*activep && options->rekey_limit == -1) 1639 options->rekey_limit = val64; 1640 if (ac != 0) { /* optional rekey interval present */ 1641 if (strcmp(av[0], "none") == 0) { 1642 (void)argv_next(&ac, &av); /* discard */ 1643 break; 1644 } 1645 intptr = &options->rekey_interval; 1646 goto parse_time; 1647 } 1648 break; 1649 1650 case sGatewayPorts: 1651 intptr = &options->fwd_opts.gateway_ports; 1652 multistate_ptr = multistate_gatewayports; 1653 goto parse_multistate; 1654 1655 case sUseDNS: 1656 intptr = &options->use_dns; 1657 goto parse_flag; 1658 1659 case sLogFacility: 1660 log_facility_ptr = &options->log_facility; 1661 arg = argv_next(&ac, &av); 1662 value = log_facility_number(arg); 1663 if (value == SYSLOG_FACILITY_NOT_SET) 1664 fatal("%.200s line %d: unsupported log facility '%s'", 1665 filename, linenum, arg ? arg : "<NONE>"); 1666 if (*log_facility_ptr == -1) 1667 *log_facility_ptr = (SyslogFacility) value; 1668 break; 1669 1670 case sLogLevel: 1671 log_level_ptr = &options->log_level; 1672 arg = argv_next(&ac, &av); 1673 value = log_level_number(arg); 1674 if (value == SYSLOG_LEVEL_NOT_SET) 1675 fatal("%.200s line %d: unsupported log level '%s'", 1676 filename, linenum, arg ? arg : "<NONE>"); 1677 if (*activep && *log_level_ptr == -1) 1678 *log_level_ptr = (LogLevel) value; 1679 break; 1680 1681 case sLogVerbose: 1682 found = options->num_log_verbose == 0; 1683 i = 0; 1684 while ((arg = argv_next(&ac, &av)) != NULL) { 1685 if (*arg == '\0') { 1686 error("%s line %d: keyword %s empty argument", 1687 filename, linenum, keyword); 1688 goto out; 1689 } 1690 /* Allow "none" only in first position */ 1691 if (strcasecmp(arg, "none") == 0) { 1692 if (i > 0 || ac > 0) { 1693 error("%s line %d: keyword %s \"none\" " 1694 "argument must appear alone.", 1695 filename, linenum, keyword); 1696 goto out; 1697 } 1698 } 1699 i++; 1700 if (!found || !*activep) 1701 continue; 1702 opt_array_append(filename, linenum, keyword, 1703 &options->log_verbose, &options->num_log_verbose, 1704 arg); 1705 } 1706 break; 1707 1708 case sAllowTcpForwarding: 1709 intptr = &options->allow_tcp_forwarding; 1710 multistate_ptr = multistate_tcpfwd; 1711 goto parse_multistate; 1712 1713 case sAllowStreamLocalForwarding: 1714 intptr = &options->allow_streamlocal_forwarding; 1715 multistate_ptr = multistate_tcpfwd; 1716 goto parse_multistate; 1717 1718 case sAllowAgentForwarding: 1719 intptr = &options->allow_agent_forwarding; 1720 goto parse_flag; 1721 1722 case sDisableForwarding: 1723 intptr = &options->disable_forwarding; 1724 goto parse_flag; 1725 1726 case sAllowUsers: 1727 chararrayptr = &options->allow_users; 1728 uintptr = &options->num_allow_users; 1729 parse_allowdenyusers: 1730 while ((arg = argv_next(&ac, &av)) != NULL) { 1731 if (*arg == '\0' || 1732 match_user(NULL, NULL, NULL, arg) == -1) 1733 fatal("%s line %d: invalid %s pattern: \"%s\"", 1734 filename, linenum, keyword, arg); 1735 if (!*activep) 1736 continue; 1737 opt_array_append(filename, linenum, keyword, 1738 chararrayptr, uintptr, arg); 1739 } 1740 break; 1741 1742 case sDenyUsers: 1743 chararrayptr = &options->deny_users; 1744 uintptr = &options->num_deny_users; 1745 goto parse_allowdenyusers; 1746 1747 case sAllowGroups: 1748 chararrayptr = &options->allow_groups; 1749 uintptr = &options->num_allow_groups; 1750 parse_allowdenygroups: 1751 while ((arg = argv_next(&ac, &av)) != NULL) { 1752 if (*arg == '\0') 1753 fatal("%s line %d: empty %s pattern", 1754 filename, linenum, keyword); 1755 if (!*activep) 1756 continue; 1757 opt_array_append(filename, linenum, keyword, 1758 chararrayptr, uintptr, arg); 1759 } 1760 break; 1761 1762 case sDenyGroups: 1763 chararrayptr = &options->deny_groups; 1764 uintptr = &options->num_deny_groups; 1765 goto parse_allowdenygroups; 1766 1767 case sCiphers: 1768 arg = argv_next(&ac, &av); 1769 if (!arg || *arg == '\0') 1770 fatal("%s line %d: %s missing argument.", 1771 filename, linenum, keyword); 1772 if (*arg != '-' && 1773 !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1774 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1775 filename, linenum, arg ? arg : "<NONE>"); 1776 if (options->ciphers == NULL) 1777 options->ciphers = xstrdup(arg); 1778 break; 1779 1780 case sMacs: 1781 arg = argv_next(&ac, &av); 1782 if (!arg || *arg == '\0') 1783 fatal("%s line %d: %s missing argument.", 1784 filename, linenum, keyword); 1785 if (*arg != '-' && 1786 !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1787 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1788 filename, linenum, arg ? arg : "<NONE>"); 1789 if (options->macs == NULL) 1790 options->macs = xstrdup(arg); 1791 break; 1792 1793 case sKexAlgorithms: 1794 arg = argv_next(&ac, &av); 1795 if (!arg || *arg == '\0') 1796 fatal("%s line %d: %s missing argument.", 1797 filename, linenum, keyword); 1798 if (*arg != '-' && 1799 !kex_names_valid(*arg == '+' || *arg == '^' ? 1800 arg + 1 : arg)) 1801 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1802 filename, linenum, arg ? arg : "<NONE>"); 1803 if (options->kex_algorithms == NULL) 1804 options->kex_algorithms = xstrdup(arg); 1805 break; 1806 1807 case sSubsystem: 1808 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1809 fatal("%s line %d: too many subsystems defined.", 1810 filename, linenum); 1811 } 1812 arg = argv_next(&ac, &av); 1813 if (!arg || *arg == '\0') 1814 fatal("%s line %d: %s missing argument.", 1815 filename, linenum, keyword); 1816 if (!*activep) { 1817 arg = argv_next(&ac, &av); 1818 break; 1819 } 1820 for (i = 0; i < options->num_subsystems; i++) 1821 if (strcmp(arg, options->subsystem_name[i]) == 0) 1822 fatal("%s line %d: Subsystem '%s' " 1823 "already defined.", filename, linenum, arg); 1824 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1825 arg = argv_next(&ac, &av); 1826 if (!arg || *arg == '\0') 1827 fatal("%s line %d: Missing subsystem command.", 1828 filename, linenum); 1829 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1830 1831 /* Collect arguments (separate to executable) */ 1832 p = xstrdup(arg); 1833 len = strlen(p) + 1; 1834 while ((arg = argv_next(&ac, &av)) != NULL) { 1835 len += 1 + strlen(arg); 1836 p = xreallocarray(p, 1, len); 1837 strlcat(p, " ", len); 1838 strlcat(p, arg, len); 1839 } 1840 options->subsystem_args[options->num_subsystems] = p; 1841 options->num_subsystems++; 1842 break; 1843 1844 case sMaxStartups: 1845 arg = argv_next(&ac, &av); 1846 if (!arg || *arg == '\0') 1847 fatal("%s line %d: %s missing argument.", 1848 filename, linenum, keyword); 1849 if ((n = sscanf(arg, "%d:%d:%d", 1850 &options->max_startups_begin, 1851 &options->max_startups_rate, 1852 &options->max_startups)) == 3) { 1853 if (options->max_startups_begin > 1854 options->max_startups || 1855 options->max_startups_rate > 100 || 1856 options->max_startups_rate < 1) 1857 fatal("%s line %d: Invalid %s spec.", 1858 filename, linenum, keyword); 1859 } else if (n != 1) 1860 fatal("%s line %d: Invalid %s spec.", 1861 filename, linenum, keyword); 1862 else 1863 options->max_startups = options->max_startups_begin; 1864 break; 1865 1866 case sPerSourceNetBlockSize: 1867 arg = argv_next(&ac, &av); 1868 if (!arg || *arg == '\0') 1869 fatal("%s line %d: %s missing argument.", 1870 filename, linenum, keyword); 1871 switch (n = sscanf(arg, "%d:%d", &value, &value2)) { 1872 case 2: 1873 if (value2 < 0 || value2 > 128) 1874 n = -1; 1875 /* FALLTHROUGH */ 1876 case 1: 1877 if (value < 0 || value > 32) 1878 n = -1; 1879 } 1880 if (n != 1 && n != 2) 1881 fatal("%s line %d: Invalid %s spec.", 1882 filename, linenum, keyword); 1883 if (*activep) { 1884 options->per_source_masklen_ipv4 = value; 1885 options->per_source_masklen_ipv6 = value2; 1886 } 1887 break; 1888 1889 case sPerSourceMaxStartups: 1890 arg = argv_next(&ac, &av); 1891 if (!arg || *arg == '\0') 1892 fatal("%s line %d: %s missing argument.", 1893 filename, linenum, keyword); 1894 if (strcmp(arg, "none") == 0) { /* no limit */ 1895 value = INT_MAX; 1896 } else { 1897 if ((errstr = atoi_err(arg, &value)) != NULL) 1898 fatal("%s line %d: %s integer value %s.", 1899 filename, linenum, keyword, errstr); 1900 } 1901 if (*activep) 1902 options->per_source_max_startups = value; 1903 break; 1904 1905 case sMaxAuthTries: 1906 intptr = &options->max_authtries; 1907 goto parse_int; 1908 1909 case sMaxSessions: 1910 intptr = &options->max_sessions; 1911 goto parse_int; 1912 1913 case sBanner: 1914 charptr = &options->banner; 1915 goto parse_filename; 1916 1917 /* 1918 * These options can contain %X options expanded at 1919 * connect time, so that you can specify paths like: 1920 * 1921 * AuthorizedKeysFile /etc/ssh_keys/%u 1922 */ 1923 case sAuthorizedKeysFile: 1924 uvalue = options->num_authkeys_files; 1925 while ((arg = argv_next(&ac, &av)) != NULL) { 1926 if (*arg == '\0') { 1927 error("%s line %d: keyword %s empty argument", 1928 filename, linenum, keyword); 1929 goto out; 1930 } 1931 arg2 = tilde_expand_filename(arg, getuid()); 1932 if (*activep && uvalue == 0) { 1933 opt_array_append(filename, linenum, keyword, 1934 &options->authorized_keys_files, 1935 &options->num_authkeys_files, arg2); 1936 } 1937 free(arg2); 1938 } 1939 break; 1940 1941 case sAuthorizedPrincipalsFile: 1942 charptr = &options->authorized_principals_file; 1943 arg = argv_next(&ac, &av); 1944 if (!arg || *arg == '\0') 1945 fatal("%s line %d: %s missing argument.", 1946 filename, linenum, keyword); 1947 if (*activep && *charptr == NULL) { 1948 *charptr = tilde_expand_filename(arg, getuid()); 1949 /* increase optional counter */ 1950 if (intptr != NULL) 1951 *intptr = *intptr + 1; 1952 } 1953 break; 1954 1955 case sClientAliveInterval: 1956 intptr = &options->client_alive_interval; 1957 goto parse_time; 1958 1959 case sClientAliveCountMax: 1960 intptr = &options->client_alive_count_max; 1961 goto parse_int; 1962 1963 case sAcceptEnv: 1964 while ((arg = argv_next(&ac, &av)) != NULL) { 1965 if (*arg == '\0' || strchr(arg, '=') != NULL) 1966 fatal("%s line %d: Invalid environment name.", 1967 filename, linenum); 1968 if (!*activep) 1969 continue; 1970 opt_array_append(filename, linenum, keyword, 1971 &options->accept_env, &options->num_accept_env, 1972 arg); 1973 } 1974 break; 1975 1976 case sSetEnv: 1977 uvalue = options->num_setenv; 1978 while ((arg = argv_next(&ac, &av)) != NULL) { 1979 if (*arg == '\0' || strchr(arg, '=') == NULL) 1980 fatal("%s line %d: Invalid environment.", 1981 filename, linenum); 1982 if (!*activep || uvalue != 0) 1983 continue; 1984 if (lookup_setenv_in_list(arg, options->setenv, 1985 options->num_setenv) != NULL) { 1986 debug2("%s line %d: ignoring duplicate env " 1987 "name \"%.64s\"", filename, linenum, arg); 1988 continue; 1989 } 1990 opt_array_append(filename, linenum, keyword, 1991 &options->setenv, &options->num_setenv, arg); 1992 } 1993 break; 1994 1995 case sPermitTunnel: 1996 intptr = &options->permit_tun; 1997 arg = argv_next(&ac, &av); 1998 if (!arg || *arg == '\0') 1999 fatal("%s line %d: %s missing argument.", 2000 filename, linenum, keyword); 2001 value = -1; 2002 for (i = 0; tunmode_desc[i].val != -1; i++) 2003 if (strcmp(tunmode_desc[i].text, arg) == 0) { 2004 value = tunmode_desc[i].val; 2005 break; 2006 } 2007 if (value == -1) 2008 fatal("%s line %d: bad %s argument %s", 2009 filename, linenum, keyword, arg); 2010 if (*activep && *intptr == -1) 2011 *intptr = value; 2012 break; 2013 2014 case sInclude: 2015 if (cmdline) { 2016 fatal("Include directive not supported as a " 2017 "command-line option"); 2018 } 2019 value = 0; 2020 while ((arg2 = argv_next(&ac, &av)) != NULL) { 2021 if (*arg2 == '\0') { 2022 error("%s line %d: keyword %s empty argument", 2023 filename, linenum, keyword); 2024 goto out; 2025 } 2026 value++; 2027 found = 0; 2028 if (*arg2 != '/' && *arg2 != '~') { 2029 xasprintf(&arg, "%s/%s", SSHDIR, arg2); 2030 } else 2031 arg = xstrdup(arg2); 2032 2033 /* 2034 * Don't let included files clobber the containing 2035 * file's Match state. 2036 */ 2037 oactive = *activep; 2038 2039 /* consult cache of include files */ 2040 TAILQ_FOREACH(item, includes, entry) { 2041 if (strcmp(item->selector, arg) != 0) 2042 continue; 2043 if (item->filename != NULL) { 2044 parse_server_config_depth(options, 2045 item->filename, item->contents, 2046 includes, connectinfo, 2047 (*inc_flags & SSHCFG_MATCH_ONLY 2048 ? SSHCFG_MATCH_ONLY : (oactive 2049 ? 0 : SSHCFG_NEVERMATCH)), 2050 activep, depth + 1); 2051 } 2052 found = 1; 2053 *activep = oactive; 2054 } 2055 if (found != 0) { 2056 free(arg); 2057 continue; 2058 } 2059 2060 /* requested glob was not in cache */ 2061 debug2("%s line %d: new include %s", 2062 filename, linenum, arg); 2063 if ((r = glob(arg, 0, NULL, &gbuf)) != 0) { 2064 if (r != GLOB_NOMATCH) { 2065 fatal("%s line %d: include \"%s\" glob " 2066 "failed", filename, linenum, arg); 2067 } 2068 /* 2069 * If no entry matched then record a 2070 * placeholder to skip later glob calls. 2071 */ 2072 debug2("%s line %d: no match for %s", 2073 filename, linenum, arg); 2074 item = xcalloc(1, sizeof(*item)); 2075 item->selector = strdup(arg); 2076 TAILQ_INSERT_TAIL(includes, 2077 item, entry); 2078 } 2079 if (gbuf.gl_pathc > INT_MAX) 2080 fatal_f("too many glob results"); 2081 for (n = 0; n < (int)gbuf.gl_pathc; n++) { 2082 debug2("%s line %d: including %s", 2083 filename, linenum, gbuf.gl_pathv[n]); 2084 item = xcalloc(1, sizeof(*item)); 2085 item->selector = strdup(arg); 2086 item->filename = strdup(gbuf.gl_pathv[n]); 2087 if ((item->contents = sshbuf_new()) == NULL) 2088 fatal_f("sshbuf_new failed"); 2089 load_server_config(item->filename, 2090 item->contents); 2091 parse_server_config_depth(options, 2092 item->filename, item->contents, 2093 includes, connectinfo, 2094 (*inc_flags & SSHCFG_MATCH_ONLY 2095 ? SSHCFG_MATCH_ONLY : (oactive 2096 ? 0 : SSHCFG_NEVERMATCH)), 2097 activep, depth + 1); 2098 *activep = oactive; 2099 TAILQ_INSERT_TAIL(includes, item, entry); 2100 } 2101 globfree(&gbuf); 2102 free(arg); 2103 } 2104 if (value == 0) { 2105 fatal("%s line %d: %s missing filename argument", 2106 filename, linenum, keyword); 2107 } 2108 break; 2109 2110 case sMatch: 2111 if (cmdline) 2112 fatal("Match directive not supported as a command-line " 2113 "option"); 2114 value = match_cfg_line(&str, linenum, 2115 (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo)); 2116 if (value < 0) 2117 fatal("%s line %d: Bad Match condition", filename, 2118 linenum); 2119 *activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; 2120 /* 2121 * The MATCH_ONLY flag is applicable only until the first 2122 * match block. 2123 */ 2124 *inc_flags &= ~SSHCFG_MATCH_ONLY; 2125 /* 2126 * If match_cfg_line() didn't consume all its arguments then 2127 * arrange for the extra arguments check below to fail. 2128 */ 2129 if (str == NULL || *str == '\0') 2130 argv_consume(&ac); 2131 break; 2132 2133 case sPermitListen: 2134 case sPermitOpen: 2135 if (opcode == sPermitListen) { 2136 uintptr = &options->num_permitted_listens; 2137 chararrayptr = &options->permitted_listens; 2138 } else { 2139 uintptr = &options->num_permitted_opens; 2140 chararrayptr = &options->permitted_opens; 2141 } 2142 arg = argv_next(&ac, &av); 2143 if (!arg || *arg == '\0') 2144 fatal("%s line %d: %s missing argument.", 2145 filename, linenum, keyword); 2146 uvalue = *uintptr; /* modified later */ 2147 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { 2148 if (*activep && uvalue == 0) { 2149 *uintptr = 1; 2150 *chararrayptr = xcalloc(1, 2151 sizeof(**chararrayptr)); 2152 (*chararrayptr)[0] = xstrdup(arg); 2153 } 2154 break; 2155 } 2156 for (; arg != NULL && *arg != '\0'; arg = argv_next(&ac, &av)) { 2157 if (opcode == sPermitListen && 2158 strchr(arg, ':') == NULL) { 2159 /* 2160 * Allow bare port number for PermitListen 2161 * to indicate a wildcard listen host. 2162 */ 2163 xasprintf(&arg2, "*:%s", arg); 2164 } else { 2165 arg2 = xstrdup(arg); 2166 p = hpdelim(&arg); 2167 if (p == NULL) { 2168 fatal("%s line %d: %s missing host", 2169 filename, linenum, keyword); 2170 } 2171 p = cleanhostname(p); 2172 } 2173 if (arg == NULL || 2174 ((port = permitopen_port(arg)) < 0)) { 2175 fatal("%s line %d: %s bad port number", 2176 filename, linenum, keyword); 2177 } 2178 if (*activep && uvalue == 0) { 2179 opt_array_append(filename, linenum, keyword, 2180 chararrayptr, uintptr, arg2); 2181 } 2182 free(arg2); 2183 } 2184 break; 2185 2186 case sForceCommand: 2187 if (str == NULL || *str == '\0') 2188 fatal("%s line %d: %s missing argument.", 2189 filename, linenum, keyword); 2190 len = strspn(str, WHITESPACE); 2191 if (*activep && options->adm_forced_command == NULL) 2192 options->adm_forced_command = xstrdup(str + len); 2193 argv_consume(&ac); 2194 break; 2195 2196 case sChrootDirectory: 2197 charptr = &options->chroot_directory; 2198 2199 arg = argv_next(&ac, &av); 2200 if (!arg || *arg == '\0') 2201 fatal("%s line %d: %s missing argument.", 2202 filename, linenum, keyword); 2203 if (*activep && *charptr == NULL) 2204 *charptr = xstrdup(arg); 2205 break; 2206 2207 case sTrustedUserCAKeys: 2208 charptr = &options->trusted_user_ca_keys; 2209 goto parse_filename; 2210 2211 case sRevokedKeys: 2212 charptr = &options->revoked_keys_file; 2213 goto parse_filename; 2214 2215 case sSecurityKeyProvider: 2216 charptr = &options->sk_provider; 2217 arg = argv_next(&ac, &av); 2218 if (!arg || *arg == '\0') 2219 fatal("%s line %d: %s missing argument.", 2220 filename, linenum, keyword); 2221 if (*activep && *charptr == NULL) { 2222 *charptr = strcasecmp(arg, "internal") == 0 ? 2223 xstrdup(arg) : derelativise_path(arg); 2224 /* increase optional counter */ 2225 if (intptr != NULL) 2226 *intptr = *intptr + 1; 2227 } 2228 break; 2229 2230 case sIPQoS: 2231 arg = argv_next(&ac, &av); 2232 if (!arg || *arg == '\0') 2233 fatal("%s line %d: %s missing argument.", 2234 filename, linenum, keyword); 2235 if ((value = parse_ipqos(arg)) == -1) 2236 fatal("%s line %d: Bad %s value: %s", 2237 filename, linenum, keyword, arg); 2238 arg = argv_next(&ac, &av); 2239 if (arg == NULL) 2240 value2 = value; 2241 else if ((value2 = parse_ipqos(arg)) == -1) 2242 fatal("%s line %d: Bad %s value: %s", 2243 filename, linenum, keyword, arg); 2244 if (*activep) { 2245 options->ip_qos_interactive = value; 2246 options->ip_qos_bulk = value2; 2247 } 2248 break; 2249 2250 case sVersionAddendum: 2251 if (str == NULL || *str == '\0') 2252 fatal("%s line %d: %s missing argument.", 2253 filename, linenum, keyword); 2254 len = strspn(str, WHITESPACE); 2255 if (strchr(str + len, '\r') != NULL) { 2256 fatal("%.200s line %d: Invalid %s argument", 2257 filename, linenum, keyword); 2258 } 2259 if ((arg = strchr(line, '#')) != NULL) { 2260 *arg = '\0'; 2261 rtrim(line); 2262 } 2263 if (*activep && options->version_addendum == NULL) { 2264 if (strcasecmp(str + len, "none") == 0) 2265 options->version_addendum = xstrdup(""); 2266 else 2267 options->version_addendum = xstrdup(str + len); 2268 } 2269 argv_consume(&ac); 2270 break; 2271 2272 case sAuthorizedKeysCommand: 2273 charptr = &options->authorized_keys_command; 2274 parse_command: 2275 len = strspn(str, WHITESPACE); 2276 if (str[len] != '/' && strcasecmp(str + len, "none") != 0) { 2277 fatal("%.200s line %d: %s must be an absolute path", 2278 filename, linenum, keyword); 2279 } 2280 if (*activep && options->authorized_keys_command == NULL) 2281 *charptr = xstrdup(str + len); 2282 argv_consume(&ac); 2283 break; 2284 2285 case sAuthorizedKeysCommandUser: 2286 charptr = &options->authorized_keys_command_user; 2287 parse_localuser: 2288 arg = argv_next(&ac, &av); 2289 if (!arg || *arg == '\0') { 2290 fatal("%s line %d: missing %s argument.", 2291 filename, linenum, keyword); 2292 } 2293 if (*activep && *charptr == NULL) 2294 *charptr = xstrdup(arg); 2295 break; 2296 2297 case sAuthorizedPrincipalsCommand: 2298 charptr = &options->authorized_principals_command; 2299 goto parse_command; 2300 2301 case sAuthorizedPrincipalsCommandUser: 2302 charptr = &options->authorized_principals_command_user; 2303 goto parse_localuser; 2304 2305 case sAuthenticationMethods: 2306 found = options->num_auth_methods == 0; 2307 value = 0; /* seen "any" pseudo-method */ 2308 value2 = 0; /* successfully parsed any method */ 2309 while ((arg = argv_next(&ac, &av)) != NULL) { 2310 if (strcmp(arg, "any") == 0) { 2311 if (options->num_auth_methods > 0) { 2312 fatal("%s line %d: \"any\" must " 2313 "appear alone in %s", 2314 filename, linenum, keyword); 2315 } 2316 value = 1; 2317 } else if (value) { 2318 fatal("%s line %d: \"any\" must appear " 2319 "alone in %s", filename, linenum, keyword); 2320 } else if (auth2_methods_valid(arg, 0) != 0) { 2321 fatal("%s line %d: invalid %s method list.", 2322 filename, linenum, keyword); 2323 } 2324 value2 = 1; 2325 if (!found || !*activep) 2326 continue; 2327 opt_array_append(filename, linenum, keyword, 2328 &options->auth_methods, 2329 &options->num_auth_methods, arg); 2330 } 2331 if (value2 == 0) { 2332 fatal("%s line %d: no %s specified", 2333 filename, linenum, keyword); 2334 } 2335 break; 2336 2337 case sStreamLocalBindMask: 2338 arg = argv_next(&ac, &av); 2339 if (!arg || *arg == '\0') 2340 fatal("%s line %d: %s missing argument.", 2341 filename, linenum, keyword); 2342 /* Parse mode in octal format */ 2343 value = strtol(arg, &p, 8); 2344 if (arg == p || value < 0 || value > 0777) 2345 fatal("%s line %d: Invalid %s.", 2346 filename, linenum, keyword); 2347 if (*activep) 2348 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 2349 break; 2350 2351 case sStreamLocalBindUnlink: 2352 intptr = &options->fwd_opts.streamlocal_bind_unlink; 2353 goto parse_flag; 2354 2355 case sFingerprintHash: 2356 arg = argv_next(&ac, &av); 2357 if (!arg || *arg == '\0') 2358 fatal("%s line %d: %s missing argument.", 2359 filename, linenum, keyword); 2360 if ((value = ssh_digest_alg_by_name(arg)) == -1) 2361 fatal("%.200s line %d: Invalid %s algorithm \"%s\".", 2362 filename, linenum, keyword, arg); 2363 if (*activep) 2364 options->fingerprint_hash = value; 2365 break; 2366 2367 case sExposeAuthInfo: 2368 intptr = &options->expose_userauth_info; 2369 goto parse_flag; 2370 2371 case sRDomain: 2372 charptr = &options->routing_domain; 2373 arg = argv_next(&ac, &av); 2374 if (!arg || *arg == '\0') 2375 fatal("%s line %d: %s missing argument.", 2376 filename, linenum, keyword); 2377 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && 2378 !valid_rdomain(arg)) 2379 fatal("%s line %d: invalid routing domain", 2380 filename, linenum); 2381 if (*activep && *charptr == NULL) 2382 *charptr = xstrdup(arg); 2383 break; 2384 2385 case sRequiredRSASize: 2386 intptr = &options->required_rsa_size; 2387 goto parse_int; 2388 2389 case sDeprecated: 2390 case sIgnore: 2391 case sUnsupported: 2392 do_log2(opcode == sIgnore ? 2393 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 2394 "%s line %d: %s option %s", filename, linenum, 2395 opcode == sUnsupported ? "Unsupported" : "Deprecated", 2396 keyword); 2397 argv_consume(&ac); 2398 break; 2399 2400 default: 2401 fatal("%s line %d: Missing handler for opcode %s (%d)", 2402 filename, linenum, keyword, opcode); 2403 } 2404 /* Check that there is no garbage at end of line. */ 2405 if (ac > 0) { 2406 error("%.200s line %d: keyword %s extra arguments " 2407 "at end of line", filename, linenum, keyword); 2408 goto out; 2409 } 2410 2411 /* success */ 2412 ret = 0; 2413 out: 2414 argv_free(oav, oac); 2415 return ret; 2416 } 2417 2418 int 2419 process_server_config_line(ServerOptions *options, char *line, 2420 const char *filename, int linenum, int *activep, 2421 struct connection_info *connectinfo, struct include_list *includes) 2422 { 2423 int inc_flags = 0; 2424 2425 return process_server_config_line_depth(options, line, filename, 2426 linenum, activep, connectinfo, &inc_flags, 0, includes); 2427 } 2428 2429 2430 /* Reads the server configuration file. */ 2431 2432 void 2433 load_server_config(const char *filename, struct sshbuf *conf) 2434 { 2435 struct stat st; 2436 char *line = NULL, *cp; 2437 size_t linesize = 0; 2438 FILE *f; 2439 int r, lineno = 0; 2440 2441 debug2_f("filename %s", filename); 2442 if ((f = fopen(filename, "r")) == NULL) { 2443 perror(filename); 2444 exit(1); 2445 } 2446 sshbuf_reset(conf); 2447 /* grow buffer, so realloc is avoided for large config files */ 2448 if (fstat(fileno(f), &st) == 0 && st.st_size > 0 && 2449 (r = sshbuf_allocate(conf, st.st_size)) != 0) 2450 fatal_fr(r, "allocate"); 2451 while (getline(&line, &linesize, f) != -1) { 2452 lineno++; 2453 /* 2454 * Strip whitespace 2455 * NB - preserve newlines, they are needed to reproduce 2456 * line numbers later for error messages 2457 */ 2458 cp = line + strspn(line, " \t\r"); 2459 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) 2460 fatal_fr(r, "sshbuf_put"); 2461 } 2462 free(line); 2463 if ((r = sshbuf_put_u8(conf, 0)) != 0) 2464 fatal_fr(r, "sshbuf_put_u8"); 2465 fclose(f); 2466 debug2_f("done config len = %zu", sshbuf_len(conf)); 2467 } 2468 2469 void 2470 parse_server_match_config(ServerOptions *options, 2471 struct include_list *includes, struct connection_info *connectinfo) 2472 { 2473 ServerOptions mo; 2474 2475 initialize_server_options(&mo); 2476 parse_server_config(&mo, "reprocess config", cfg, includes, 2477 connectinfo, 0); 2478 copy_set_server_options(options, &mo, 0); 2479 } 2480 2481 int parse_server_match_testspec(struct connection_info *ci, char *spec) 2482 { 2483 char *p; 2484 2485 while ((p = strsep(&spec, ",")) && *p != '\0') { 2486 if (strncmp(p, "addr=", 5) == 0) { 2487 ci->address = xstrdup(p + 5); 2488 } else if (strncmp(p, "host=", 5) == 0) { 2489 ci->host = xstrdup(p + 5); 2490 } else if (strncmp(p, "user=", 5) == 0) { 2491 ci->user = xstrdup(p + 5); 2492 } else if (strncmp(p, "laddr=", 6) == 0) { 2493 ci->laddress = xstrdup(p + 6); 2494 } else if (strncmp(p, "rdomain=", 8) == 0) { 2495 ci->rdomain = xstrdup(p + 8); 2496 } else if (strncmp(p, "lport=", 6) == 0) { 2497 ci->lport = a2port(p + 6); 2498 if (ci->lport == -1) { 2499 fprintf(stderr, "Invalid port '%s' in test mode" 2500 " specification %s\n", p+6, p); 2501 return -1; 2502 } 2503 } else { 2504 fprintf(stderr, "Invalid test mode specification %s\n", 2505 p); 2506 return -1; 2507 } 2508 } 2509 return 0; 2510 } 2511 2512 /* 2513 * Copy any supported values that are set. 2514 * 2515 * If the preauth flag is set, we do not bother copying the string or 2516 * array values that are not used pre-authentication, because any that we 2517 * do use must be explicitly sent in mm_getpwnamallow(). 2518 */ 2519 void 2520 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 2521 { 2522 #define M_CP_INTOPT(n) do {\ 2523 if (src->n != -1) \ 2524 dst->n = src->n; \ 2525 } while (0) 2526 2527 M_CP_INTOPT(password_authentication); 2528 M_CP_INTOPT(gss_authentication); 2529 M_CP_INTOPT(pubkey_authentication); 2530 M_CP_INTOPT(pubkey_auth_options); 2531 M_CP_INTOPT(kerberos_authentication); 2532 M_CP_INTOPT(hostbased_authentication); 2533 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 2534 M_CP_INTOPT(kbd_interactive_authentication); 2535 M_CP_INTOPT(permit_root_login); 2536 M_CP_INTOPT(permit_empty_passwd); 2537 M_CP_INTOPT(ignore_rhosts); 2538 2539 M_CP_INTOPT(allow_tcp_forwarding); 2540 M_CP_INTOPT(allow_streamlocal_forwarding); 2541 M_CP_INTOPT(allow_agent_forwarding); 2542 M_CP_INTOPT(disable_forwarding); 2543 M_CP_INTOPT(expose_userauth_info); 2544 M_CP_INTOPT(permit_tun); 2545 M_CP_INTOPT(fwd_opts.gateway_ports); 2546 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2547 M_CP_INTOPT(x11_display_offset); 2548 M_CP_INTOPT(x11_forwarding); 2549 M_CP_INTOPT(x11_use_localhost); 2550 M_CP_INTOPT(permit_tty); 2551 M_CP_INTOPT(permit_user_rc); 2552 M_CP_INTOPT(max_sessions); 2553 M_CP_INTOPT(max_authtries); 2554 M_CP_INTOPT(client_alive_count_max); 2555 M_CP_INTOPT(client_alive_interval); 2556 M_CP_INTOPT(ip_qos_interactive); 2557 M_CP_INTOPT(ip_qos_bulk); 2558 M_CP_INTOPT(rekey_limit); 2559 M_CP_INTOPT(rekey_interval); 2560 M_CP_INTOPT(log_level); 2561 M_CP_INTOPT(required_rsa_size); 2562 2563 /* 2564 * The bind_mask is a mode_t that may be unsigned, so we can't use 2565 * M_CP_INTOPT - it does a signed comparison that causes compiler 2566 * warnings. 2567 */ 2568 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 2569 dst->fwd_opts.streamlocal_bind_mask = 2570 src->fwd_opts.streamlocal_bind_mask; 2571 } 2572 2573 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2574 #define M_CP_STROPT(n) do {\ 2575 if (src->n != NULL && dst->n != src->n) { \ 2576 free(dst->n); \ 2577 dst->n = src->n; \ 2578 } \ 2579 } while(0) 2580 #define M_CP_STRARRAYOPT(s, num_s) do {\ 2581 u_int i; \ 2582 if (src->num_s != 0) { \ 2583 for (i = 0; i < dst->num_s; i++) \ 2584 free(dst->s[i]); \ 2585 free(dst->s); \ 2586 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \ 2587 for (i = 0; i < src->num_s; i++) \ 2588 dst->s[i] = xstrdup(src->s[i]); \ 2589 dst->num_s = src->num_s; \ 2590 } \ 2591 } while(0) 2592 2593 /* See comment in servconf.h */ 2594 COPY_MATCH_STRING_OPTS(); 2595 2596 /* Arguments that accept '+...' need to be expanded */ 2597 assemble_algorithms(dst); 2598 2599 /* 2600 * The only things that should be below this point are string options 2601 * which are only used after authentication. 2602 */ 2603 if (preauth) 2604 return; 2605 2606 /* These options may be "none" to clear a global setting */ 2607 M_CP_STROPT(adm_forced_command); 2608 if (option_clear_or_none(dst->adm_forced_command)) { 2609 free(dst->adm_forced_command); 2610 dst->adm_forced_command = NULL; 2611 } 2612 M_CP_STROPT(chroot_directory); 2613 if (option_clear_or_none(dst->chroot_directory)) { 2614 free(dst->chroot_directory); 2615 dst->chroot_directory = NULL; 2616 } 2617 } 2618 2619 #undef M_CP_INTOPT 2620 #undef M_CP_STROPT 2621 #undef M_CP_STRARRAYOPT 2622 2623 #define SERVCONF_MAX_DEPTH 16 2624 static void 2625 parse_server_config_depth(ServerOptions *options, const char *filename, 2626 struct sshbuf *conf, struct include_list *includes, 2627 struct connection_info *connectinfo, int flags, int *activep, int depth) 2628 { 2629 int linenum, bad_options = 0; 2630 char *cp, *obuf, *cbuf; 2631 2632 if (depth < 0 || depth > SERVCONF_MAX_DEPTH) 2633 fatal("Too many recursive configuration includes"); 2634 2635 debug2_f("config %s len %zu%s", filename, sshbuf_len(conf), 2636 (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : "")); 2637 2638 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2639 fatal_f("sshbuf_dup_string failed"); 2640 linenum = 1; 2641 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2642 if (process_server_config_line_depth(options, cp, 2643 filename, linenum++, activep, connectinfo, &flags, 2644 depth, includes) != 0) 2645 bad_options++; 2646 } 2647 free(obuf); 2648 if (bad_options > 0) 2649 fatal("%s: terminating, %d bad configuration options", 2650 filename, bad_options); 2651 } 2652 2653 void 2654 parse_server_config(ServerOptions *options, const char *filename, 2655 struct sshbuf *conf, struct include_list *includes, 2656 struct connection_info *connectinfo, int reexec) 2657 { 2658 int active = connectinfo ? 0 : 1; 2659 parse_server_config_depth(options, filename, conf, includes, 2660 connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0); 2661 if (!reexec) 2662 process_queued_listen_addrs(options); 2663 } 2664 2665 static const char * 2666 fmt_multistate_int(int val, const struct multistate *m) 2667 { 2668 u_int i; 2669 2670 for (i = 0; m[i].key != NULL; i++) { 2671 if (m[i].value == val) 2672 return m[i].key; 2673 } 2674 return "UNKNOWN"; 2675 } 2676 2677 static const char * 2678 fmt_intarg(ServerOpCodes code, int val) 2679 { 2680 if (val == -1) 2681 return "unset"; 2682 switch (code) { 2683 case sAddressFamily: 2684 return fmt_multistate_int(val, multistate_addressfamily); 2685 case sPermitRootLogin: 2686 return fmt_multistate_int(val, multistate_permitrootlogin); 2687 case sGatewayPorts: 2688 return fmt_multistate_int(val, multistate_gatewayports); 2689 case sCompression: 2690 return fmt_multistate_int(val, multistate_compression); 2691 case sAllowTcpForwarding: 2692 return fmt_multistate_int(val, multistate_tcpfwd); 2693 case sAllowStreamLocalForwarding: 2694 return fmt_multistate_int(val, multistate_tcpfwd); 2695 case sIgnoreRhosts: 2696 return fmt_multistate_int(val, multistate_ignore_rhosts); 2697 case sFingerprintHash: 2698 return ssh_digest_alg_name(val); 2699 default: 2700 switch (val) { 2701 case 0: 2702 return "no"; 2703 case 1: 2704 return "yes"; 2705 default: 2706 return "UNKNOWN"; 2707 } 2708 } 2709 } 2710 2711 static void 2712 dump_cfg_int(ServerOpCodes code, int val) 2713 { 2714 printf("%s %d\n", lookup_opcode_name(code), val); 2715 } 2716 2717 static void 2718 dump_cfg_oct(ServerOpCodes code, int val) 2719 { 2720 printf("%s 0%o\n", lookup_opcode_name(code), val); 2721 } 2722 2723 static void 2724 dump_cfg_fmtint(ServerOpCodes code, int val) 2725 { 2726 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2727 } 2728 2729 static void 2730 dump_cfg_string(ServerOpCodes code, const char *val) 2731 { 2732 printf("%s %s\n", lookup_opcode_name(code), 2733 val == NULL ? "none" : val); 2734 } 2735 2736 static void 2737 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2738 { 2739 u_int i; 2740 2741 for (i = 0; i < count; i++) 2742 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2743 } 2744 2745 static void 2746 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2747 { 2748 u_int i; 2749 2750 if (count <= 0 && code != sAuthenticationMethods) 2751 return; 2752 printf("%s", lookup_opcode_name(code)); 2753 for (i = 0; i < count; i++) 2754 printf(" %s", vals[i]); 2755 if (code == sAuthenticationMethods && count == 0) 2756 printf(" any"); 2757 printf("\n"); 2758 } 2759 2760 static char * 2761 format_listen_addrs(struct listenaddr *la) 2762 { 2763 int r; 2764 struct addrinfo *ai; 2765 char addr[NI_MAXHOST], port[NI_MAXSERV]; 2766 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2767 2768 /* 2769 * ListenAddress must be after Port. add_one_listen_addr pushes 2770 * addresses onto a stack, so to maintain ordering we need to 2771 * print these in reverse order. 2772 */ 2773 for (ai = la->addrs; ai; ai = ai->ai_next) { 2774 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2775 sizeof(addr), port, sizeof(port), 2776 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2777 error("getnameinfo: %.100s", ssh_gai_strerror(r)); 2778 continue; 2779 } 2780 laddr2 = laddr1; 2781 if (ai->ai_family == AF_INET6) { 2782 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s", 2783 addr, port, 2784 la->rdomain == NULL ? "" : " rdomain ", 2785 la->rdomain == NULL ? "" : la->rdomain, 2786 laddr2); 2787 } else { 2788 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s", 2789 addr, port, 2790 la->rdomain == NULL ? "" : " rdomain ", 2791 la->rdomain == NULL ? "" : la->rdomain, 2792 laddr2); 2793 } 2794 free(laddr2); 2795 } 2796 return laddr1; 2797 } 2798 2799 void 2800 dump_config(ServerOptions *o) 2801 { 2802 char *s; 2803 u_int i; 2804 2805 /* these are usually at the top of the config */ 2806 for (i = 0; i < o->num_ports; i++) 2807 printf("port %d\n", o->ports[i]); 2808 dump_cfg_fmtint(sAddressFamily, o->address_family); 2809 2810 for (i = 0; i < o->num_listen_addrs; i++) { 2811 s = format_listen_addrs(&o->listen_addrs[i]); 2812 printf("%s", s); 2813 free(s); 2814 } 2815 2816 /* integer arguments */ 2817 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2818 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2819 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2820 dump_cfg_int(sMaxSessions, o->max_sessions); 2821 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2822 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2823 dump_cfg_int(sRequiredRSASize, o->required_rsa_size); 2824 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2825 2826 /* formatted integer arguments */ 2827 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2828 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2829 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2830 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2831 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2832 o->hostbased_uses_name_from_packet_only); 2833 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2834 #ifdef KRB5 2835 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2836 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2837 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2838 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2839 #endif 2840 #ifdef GSSAPI 2841 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2842 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2843 #endif 2844 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2845 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2846 o->kbd_interactive_authentication); 2847 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2848 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2849 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2850 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2851 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2852 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2853 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2854 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2855 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2856 dump_cfg_fmtint(sCompression, o->compression); 2857 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2858 dump_cfg_fmtint(sUseDNS, o->use_dns); 2859 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2860 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2861 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2862 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2863 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2864 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2865 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); 2866 2867 /* string arguments */ 2868 dump_cfg_string(sPidFile, o->pid_file); 2869 dump_cfg_string(sModuliFile, o->moduli_file); 2870 dump_cfg_string(sXAuthLocation, o->xauth_location); 2871 dump_cfg_string(sCiphers, o->ciphers); 2872 dump_cfg_string(sMacs, o->macs); 2873 dump_cfg_string(sBanner, o->banner); 2874 dump_cfg_string(sForceCommand, o->adm_forced_command); 2875 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2876 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2877 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2878 dump_cfg_string(sSecurityKeyProvider, o->sk_provider); 2879 dump_cfg_string(sAuthorizedPrincipalsFile, 2880 o->authorized_principals_file); 2881 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2882 ? "none" : o->version_addendum); 2883 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2884 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2885 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2886 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2887 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2888 dump_cfg_string(sKexAlgorithms, o->kex_algorithms); 2889 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms); 2890 dump_cfg_string(sHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos); 2891 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms); 2892 dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos); 2893 dump_cfg_string(sRDomain, o->routing_domain); 2894 2895 /* string arguments requiring a lookup */ 2896 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2897 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2898 2899 /* string array arguments */ 2900 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2901 o->authorized_keys_files); 2902 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2903 o->host_key_files); 2904 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2905 o->host_cert_files); 2906 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2907 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2908 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2909 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2910 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2911 dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv); 2912 dump_cfg_strarray_oneline(sAuthenticationMethods, 2913 o->num_auth_methods, o->auth_methods); 2914 dump_cfg_strarray_oneline(sLogVerbose, 2915 o->num_log_verbose, o->log_verbose); 2916 2917 /* other arguments */ 2918 for (i = 0; i < o->num_subsystems; i++) 2919 printf("subsystem %s %s\n", o->subsystem_name[i], 2920 o->subsystem_args[i]); 2921 2922 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2923 o->max_startups_rate, o->max_startups); 2924 printf("persourcemaxstartups "); 2925 if (o->per_source_max_startups == INT_MAX) 2926 printf("none\n"); 2927 else 2928 printf("%d\n", o->per_source_max_startups); 2929 printf("persourcenetblocksize %d:%d\n", o->per_source_masklen_ipv4, 2930 o->per_source_masklen_ipv6); 2931 2932 s = NULL; 2933 for (i = 0; tunmode_desc[i].val != -1; i++) { 2934 if (tunmode_desc[i].val == o->permit_tun) { 2935 s = tunmode_desc[i].text; 2936 break; 2937 } 2938 } 2939 dump_cfg_string(sPermitTunnel, s); 2940 2941 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2942 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2943 2944 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2945 o->rekey_interval); 2946 2947 printf("permitopen"); 2948 if (o->num_permitted_opens == 0) 2949 printf(" any"); 2950 else { 2951 for (i = 0; i < o->num_permitted_opens; i++) 2952 printf(" %s", o->permitted_opens[i]); 2953 } 2954 printf("\n"); 2955 printf("permitlisten"); 2956 if (o->num_permitted_listens == 0) 2957 printf(" any"); 2958 else { 2959 for (i = 0; i < o->num_permitted_listens; i++) 2960 printf(" %s", o->permitted_listens[i]); 2961 } 2962 printf("\n"); 2963 2964 if (o->permit_user_env_allowlist == NULL) { 2965 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2966 } else { 2967 printf("permituserenvironment %s\n", 2968 o->permit_user_env_allowlist); 2969 } 2970 2971 printf("pubkeyauthoptions"); 2972 if (o->pubkey_auth_options == 0) 2973 printf(" none"); 2974 if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED) 2975 printf(" touch-required"); 2976 if (o->pubkey_auth_options & PUBKEYAUTH_VERIFY_REQUIRED) 2977 printf(" verify-required"); 2978 printf("\n"); 2979 } 2980