1 /* $OpenBSD: servconf.c,v 1.208 2010/05/07 11:30:29 djm Exp $ */ 2 /* 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be 10 * called by a name other than "ssh" or "Secure Shell". 11 */ 12 13 #include <sys/types.h> 14 #include <sys/socket.h> 15 #include <sys/queue.h> 16 17 #include <netdb.h> 18 #include <pwd.h> 19 #include <stdio.h> 20 #include <stdlib.h> 21 #include <string.h> 22 #include <signal.h> 23 #include <unistd.h> 24 #include <stdarg.h> 25 #include <errno.h> 26 27 #include "xmalloc.h" 28 #include "ssh.h" 29 #include "log.h" 30 #include "buffer.h" 31 #include "servconf.h" 32 #include "compat.h" 33 #include "pathnames.h" 34 #include "misc.h" 35 #include "cipher.h" 36 #include "key.h" 37 #include "kex.h" 38 #include "mac.h" 39 #include "match.h" 40 #include "channels.h" 41 #include "groupaccess.h" 42 43 static void add_listen_addr(ServerOptions *, char *, int); 44 static void add_one_listen_addr(ServerOptions *, char *, int); 45 46 /* Use of privilege separation or not */ 47 extern int use_privsep; 48 extern Buffer cfg; 49 50 /* Initializes the server options to their default values. */ 51 52 void 53 initialize_server_options(ServerOptions *options) 54 { 55 memset(options, 0, sizeof(*options)); 56 options->num_ports = 0; 57 options->ports_from_cmdline = 0; 58 options->listen_addrs = NULL; 59 options->address_family = -1; 60 options->num_host_key_files = 0; 61 options->num_host_cert_files = 0; 62 options->pid_file = NULL; 63 options->server_key_bits = -1; 64 options->login_grace_time = -1; 65 options->key_regeneration_time = -1; 66 options->permit_root_login = PERMIT_NOT_SET; 67 options->ignore_rhosts = -1; 68 options->ignore_user_known_hosts = -1; 69 options->print_motd = -1; 70 options->print_lastlog = -1; 71 options->x11_forwarding = -1; 72 options->x11_display_offset = -1; 73 options->x11_use_localhost = -1; 74 options->xauth_location = NULL; 75 options->strict_modes = -1; 76 options->tcp_keep_alive = -1; 77 options->log_facility = SYSLOG_FACILITY_NOT_SET; 78 options->log_level = SYSLOG_LEVEL_NOT_SET; 79 options->rhosts_rsa_authentication = -1; 80 options->hostbased_authentication = -1; 81 options->hostbased_uses_name_from_packet_only = -1; 82 options->rsa_authentication = -1; 83 options->pubkey_authentication = -1; 84 options->kerberos_authentication = -1; 85 options->kerberos_or_local_passwd = -1; 86 options->kerberos_ticket_cleanup = -1; 87 options->kerberos_get_afs_token = -1; 88 options->gss_authentication=-1; 89 options->gss_cleanup_creds = -1; 90 options->password_authentication = -1; 91 options->kbd_interactive_authentication = -1; 92 options->challenge_response_authentication = -1; 93 options->permit_empty_passwd = -1; 94 options->permit_user_env = -1; 95 options->use_login = -1; 96 options->compression = -1; 97 options->allow_tcp_forwarding = -1; 98 options->allow_agent_forwarding = -1; 99 options->num_allow_users = 0; 100 options->num_deny_users = 0; 101 options->num_allow_groups = 0; 102 options->num_deny_groups = 0; 103 options->ciphers = NULL; 104 options->macs = NULL; 105 options->protocol = SSH_PROTO_UNKNOWN; 106 options->gateway_ports = -1; 107 options->num_subsystems = 0; 108 options->max_startups_begin = -1; 109 options->max_startups_rate = -1; 110 options->max_startups = -1; 111 options->max_authtries = -1; 112 options->max_sessions = -1; 113 options->banner = NULL; 114 options->use_dns = -1; 115 options->client_alive_interval = -1; 116 options->client_alive_count_max = -1; 117 options->authorized_keys_file = NULL; 118 options->authorized_keys_file2 = NULL; 119 options->num_accept_env = 0; 120 options->permit_tun = -1; 121 options->num_permitted_opens = -1; 122 options->adm_forced_command = NULL; 123 options->chroot_directory = NULL; 124 options->zero_knowledge_password_authentication = -1; 125 options->revoked_keys_file = NULL; 126 options->trusted_user_ca_keys = NULL; 127 options->authorized_principals_file = NULL; 128 } 129 130 void 131 fill_default_server_options(ServerOptions *options) 132 { 133 if (options->protocol == SSH_PROTO_UNKNOWN) 134 options->protocol = SSH_PROTO_2; 135 if (options->num_host_key_files == 0) { 136 /* fill default hostkeys for protocols */ 137 if (options->protocol & SSH_PROTO_1) 138 options->host_key_files[options->num_host_key_files++] = 139 _PATH_HOST_KEY_FILE; 140 if (options->protocol & SSH_PROTO_2) { 141 options->host_key_files[options->num_host_key_files++] = 142 _PATH_HOST_RSA_KEY_FILE; 143 options->host_key_files[options->num_host_key_files++] = 144 _PATH_HOST_DSA_KEY_FILE; 145 } 146 } 147 /* No certificates by default */ 148 if (options->num_ports == 0) 149 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 150 if (options->listen_addrs == NULL) 151 add_listen_addr(options, NULL, 0); 152 if (options->pid_file == NULL) 153 options->pid_file = _PATH_SSH_DAEMON_PID_FILE; 154 if (options->server_key_bits == -1) 155 options->server_key_bits = 1024; 156 if (options->login_grace_time == -1) 157 options->login_grace_time = 120; 158 if (options->key_regeneration_time == -1) 159 options->key_regeneration_time = 3600; 160 if (options->permit_root_login == PERMIT_NOT_SET) 161 options->permit_root_login = PERMIT_YES; 162 if (options->ignore_rhosts == -1) 163 options->ignore_rhosts = 1; 164 if (options->ignore_user_known_hosts == -1) 165 options->ignore_user_known_hosts = 0; 166 if (options->print_motd == -1) 167 options->print_motd = 1; 168 if (options->print_lastlog == -1) 169 options->print_lastlog = 1; 170 if (options->x11_forwarding == -1) 171 options->x11_forwarding = 0; 172 if (options->x11_display_offset == -1) 173 options->x11_display_offset = 10; 174 if (options->x11_use_localhost == -1) 175 options->x11_use_localhost = 1; 176 if (options->xauth_location == NULL) 177 options->xauth_location = _PATH_XAUTH; 178 if (options->strict_modes == -1) 179 options->strict_modes = 1; 180 if (options->tcp_keep_alive == -1) 181 options->tcp_keep_alive = 1; 182 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 183 options->log_facility = SYSLOG_FACILITY_AUTH; 184 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 185 options->log_level = SYSLOG_LEVEL_INFO; 186 if (options->rhosts_rsa_authentication == -1) 187 options->rhosts_rsa_authentication = 0; 188 if (options->hostbased_authentication == -1) 189 options->hostbased_authentication = 0; 190 if (options->hostbased_uses_name_from_packet_only == -1) 191 options->hostbased_uses_name_from_packet_only = 0; 192 if (options->rsa_authentication == -1) 193 options->rsa_authentication = 1; 194 if (options->pubkey_authentication == -1) 195 options->pubkey_authentication = 1; 196 if (options->kerberos_authentication == -1) 197 options->kerberos_authentication = 0; 198 if (options->kerberos_or_local_passwd == -1) 199 options->kerberos_or_local_passwd = 1; 200 if (options->kerberos_ticket_cleanup == -1) 201 options->kerberos_ticket_cleanup = 1; 202 if (options->kerberos_get_afs_token == -1) 203 options->kerberos_get_afs_token = 0; 204 if (options->gss_authentication == -1) 205 options->gss_authentication = 0; 206 if (options->gss_cleanup_creds == -1) 207 options->gss_cleanup_creds = 1; 208 if (options->password_authentication == -1) 209 options->password_authentication = 1; 210 if (options->kbd_interactive_authentication == -1) 211 options->kbd_interactive_authentication = 0; 212 if (options->challenge_response_authentication == -1) 213 options->challenge_response_authentication = 1; 214 if (options->permit_empty_passwd == -1) 215 options->permit_empty_passwd = 0; 216 if (options->permit_user_env == -1) 217 options->permit_user_env = 0; 218 if (options->use_login == -1) 219 options->use_login = 0; 220 if (options->compression == -1) 221 options->compression = COMP_DELAYED; 222 if (options->allow_tcp_forwarding == -1) 223 options->allow_tcp_forwarding = 1; 224 if (options->allow_agent_forwarding == -1) 225 options->allow_agent_forwarding = 1; 226 if (options->gateway_ports == -1) 227 options->gateway_ports = 0; 228 if (options->max_startups == -1) 229 options->max_startups = 10; 230 if (options->max_startups_rate == -1) 231 options->max_startups_rate = 100; /* 100% */ 232 if (options->max_startups_begin == -1) 233 options->max_startups_begin = options->max_startups; 234 if (options->max_authtries == -1) 235 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 236 if (options->max_sessions == -1) 237 options->max_sessions = DEFAULT_SESSIONS_MAX; 238 if (options->use_dns == -1) 239 options->use_dns = 1; 240 if (options->client_alive_interval == -1) 241 options->client_alive_interval = 0; 242 if (options->client_alive_count_max == -1) 243 options->client_alive_count_max = 3; 244 if (options->authorized_keys_file2 == NULL) { 245 /* authorized_keys_file2 falls back to authorized_keys_file */ 246 if (options->authorized_keys_file != NULL) 247 options->authorized_keys_file2 = options->authorized_keys_file; 248 else 249 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; 250 } 251 if (options->authorized_keys_file == NULL) 252 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; 253 if (options->permit_tun == -1) 254 options->permit_tun = SSH_TUNMODE_NO; 255 if (options->zero_knowledge_password_authentication == -1) 256 options->zero_knowledge_password_authentication = 0; 257 258 /* Turn privilege separation on by default */ 259 if (use_privsep == -1) 260 use_privsep = 1; 261 } 262 263 /* Keyword tokens. */ 264 typedef enum { 265 sBadOption, /* == unknown option */ 266 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, 267 sPermitRootLogin, sLogFacility, sLogLevel, 268 sRhostsRSAAuthentication, sRSAAuthentication, 269 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 270 sKerberosGetAFSToken, 271 sKerberosTgtPassing, sChallengeResponseAuthentication, 272 sPasswordAuthentication, sKbdInteractiveAuthentication, 273 sListenAddress, sAddressFamily, 274 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 275 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 276 sStrictModes, sEmptyPasswd, sTCPKeepAlive, 277 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 278 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 279 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 280 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, 281 sMaxStartups, sMaxAuthTries, sMaxSessions, 282 sBanner, sUseDNS, sHostbasedAuthentication, 283 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 284 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, 285 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, 286 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 287 sUsePrivilegeSeparation, sAllowAgentForwarding, 288 sZeroKnowledgePasswordAuthentication, sHostCertificate, 289 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 290 sDeprecated, sUnsupported 291 } ServerOpCodes; 292 293 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 294 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 295 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 296 297 /* Textual representation of the tokens. */ 298 static struct { 299 const char *name; 300 ServerOpCodes opcode; 301 u_int flags; 302 } keywords[] = { 303 { "port", sPort, SSHCFG_GLOBAL }, 304 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 305 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 306 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 307 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, 308 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 309 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, 310 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 311 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 312 { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 313 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 314 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, 315 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 316 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, 317 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, 318 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 319 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 320 #ifdef KRB5 321 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 322 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 323 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 324 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 325 #else 326 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 327 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 328 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 329 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 330 #endif 331 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 332 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 333 #ifdef GSSAPI 334 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 335 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 336 #else 337 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 338 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 339 #endif 340 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 341 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 342 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 343 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 344 #ifdef JPAKE 345 { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL }, 346 #else 347 { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL }, 348 #endif 349 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 350 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 351 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 352 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 353 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 354 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 355 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 356 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 357 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 358 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 359 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 360 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 361 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 362 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 363 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 364 { "compression", sCompression, SSHCFG_GLOBAL }, 365 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 366 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 367 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 368 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 369 { "allowusers", sAllowUsers, SSHCFG_GLOBAL }, 370 { "denyusers", sDenyUsers, SSHCFG_GLOBAL }, 371 { "allowgroups", sAllowGroups, SSHCFG_GLOBAL }, 372 { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, 373 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 374 { "macs", sMacs, SSHCFG_GLOBAL }, 375 { "protocol", sProtocol, SSHCFG_GLOBAL }, 376 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 377 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 378 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 379 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 380 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 381 { "banner", sBanner, SSHCFG_ALL }, 382 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 383 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 384 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 385 { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, 386 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, 387 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL }, 388 { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL }, 389 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 390 { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, 391 { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, 392 { "match", sMatch, SSHCFG_ALL }, 393 { "permitopen", sPermitOpen, SSHCFG_ALL }, 394 { "forcecommand", sForceCommand, SSHCFG_ALL }, 395 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 396 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 397 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 398 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 399 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_GLOBAL }, 400 { NULL, sBadOption, 0 } 401 }; 402 403 static struct { 404 int val; 405 char *text; 406 } tunmode_desc[] = { 407 { SSH_TUNMODE_NO, "no" }, 408 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 409 { SSH_TUNMODE_ETHERNET, "ethernet" }, 410 { SSH_TUNMODE_YES, "yes" }, 411 { -1, NULL } 412 }; 413 414 /* 415 * Returns the number of the token pointed to by cp or sBadOption. 416 */ 417 418 static ServerOpCodes 419 parse_token(const char *cp, const char *filename, 420 int linenum, u_int *flags) 421 { 422 u_int i; 423 424 for (i = 0; keywords[i].name; i++) 425 if (strcasecmp(cp, keywords[i].name) == 0) { 426 *flags = keywords[i].flags; 427 return keywords[i].opcode; 428 } 429 430 error("%s: line %d: Bad configuration option: %s", 431 filename, linenum, cp); 432 return sBadOption; 433 } 434 435 char * 436 derelativise_path(const char *path) 437 { 438 char *expanded, *ret, cwd[MAXPATHLEN]; 439 440 expanded = tilde_expand_filename(path, getuid()); 441 if (*expanded == '/') 442 return expanded; 443 if (getcwd(cwd, sizeof(cwd)) == NULL) 444 fatal("%s: getcwd: %s", __func__, strerror(errno)); 445 xasprintf(&ret, "%s/%s", cwd, expanded); 446 xfree(expanded); 447 return ret; 448 } 449 450 static void 451 add_listen_addr(ServerOptions *options, char *addr, int port) 452 { 453 u_int i; 454 455 if (options->num_ports == 0) 456 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 457 if (options->address_family == -1) 458 options->address_family = AF_UNSPEC; 459 if (port == 0) 460 for (i = 0; i < options->num_ports; i++) 461 add_one_listen_addr(options, addr, options->ports[i]); 462 else 463 add_one_listen_addr(options, addr, port); 464 } 465 466 static void 467 add_one_listen_addr(ServerOptions *options, char *addr, int port) 468 { 469 struct addrinfo hints, *ai, *aitop; 470 char strport[NI_MAXSERV]; 471 int gaierr; 472 473 memset(&hints, 0, sizeof(hints)); 474 hints.ai_family = options->address_family; 475 hints.ai_socktype = SOCK_STREAM; 476 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 477 snprintf(strport, sizeof strport, "%d", port); 478 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 479 fatal("bad addr or host: %s (%s)", 480 addr ? addr : "<NULL>", 481 ssh_gai_strerror(gaierr)); 482 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 483 ; 484 ai->ai_next = options->listen_addrs; 485 options->listen_addrs = aitop; 486 } 487 488 /* 489 * The strategy for the Match blocks is that the config file is parsed twice. 490 * 491 * The first time is at startup. activep is initialized to 1 and the 492 * directives in the global context are processed and acted on. Hitting a 493 * Match directive unsets activep and the directives inside the block are 494 * checked for syntax only. 495 * 496 * The second time is after a connection has been established but before 497 * authentication. activep is initialized to 2 and global config directives 498 * are ignored since they have already been processed. If the criteria in a 499 * Match block is met, activep is set and the subsequent directives 500 * processed and actioned until EOF or another Match block unsets it. Any 501 * options set are copied into the main server config. 502 * 503 * Potential additions/improvements: 504 * - Add Match support for pre-kex directives, eg Protocol, Ciphers. 505 * 506 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 507 * Match Address 192.168.0.* 508 * Tag trusted 509 * Match Group wheel 510 * Tag trusted 511 * Match Tag trusted 512 * AllowTcpForwarding yes 513 * GatewayPorts clientspecified 514 * [...] 515 * 516 * - Add a PermittedChannelRequests directive 517 * Match Group shell 518 * PermittedChannelRequests session,forwarded-tcpip 519 */ 520 521 static int 522 match_cfg_line_group(const char *grps, int line, const char *user) 523 { 524 int result = 0; 525 struct passwd *pw; 526 527 if (user == NULL) 528 goto out; 529 530 if ((pw = getpwnam(user)) == NULL) { 531 debug("Can't match group at line %d because user %.100s does " 532 "not exist", line, user); 533 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 534 debug("Can't Match group because user %.100s not in any group " 535 "at line %d", user, line); 536 } else if (ga_match_pattern_list(grps) != 1) { 537 debug("user %.100s does not match group list %.100s at line %d", 538 user, grps, line); 539 } else { 540 debug("user %.100s matched group list %.100s at line %d", user, 541 grps, line); 542 result = 1; 543 } 544 out: 545 ga_free(); 546 return result; 547 } 548 549 static int 550 match_cfg_line(char **condition, int line, const char *user, const char *host, 551 const char *address) 552 { 553 int result = 1; 554 char *arg, *attrib, *cp = *condition; 555 size_t len; 556 557 if (user == NULL) 558 debug3("checking syntax for 'Match %s'", cp); 559 else 560 debug3("checking match for '%s' user %s host %s addr %s", cp, 561 user ? user : "(null)", host ? host : "(null)", 562 address ? address : "(null)"); 563 564 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 565 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 566 error("Missing Match criteria for %s", attrib); 567 return -1; 568 } 569 len = strlen(arg); 570 if (strcasecmp(attrib, "user") == 0) { 571 if (!user) { 572 result = 0; 573 continue; 574 } 575 if (match_pattern_list(user, arg, len, 0) != 1) 576 result = 0; 577 else 578 debug("user %.100s matched 'User %.100s' at " 579 "line %d", user, arg, line); 580 } else if (strcasecmp(attrib, "group") == 0) { 581 switch (match_cfg_line_group(arg, line, user)) { 582 case -1: 583 return -1; 584 case 0: 585 result = 0; 586 } 587 } else if (strcasecmp(attrib, "host") == 0) { 588 if (!host) { 589 result = 0; 590 continue; 591 } 592 if (match_hostname(host, arg, len) != 1) 593 result = 0; 594 else 595 debug("connection from %.100s matched 'Host " 596 "%.100s' at line %d", host, arg, line); 597 } else if (strcasecmp(attrib, "address") == 0) { 598 switch (addr_match_list(address, arg)) { 599 case 1: 600 debug("connection from %.100s matched 'Address " 601 "%.100s' at line %d", address, arg, line); 602 break; 603 case 0: 604 case -1: 605 result = 0; 606 break; 607 case -2: 608 return -1; 609 } 610 } else { 611 error("Unsupported Match attribute %s", attrib); 612 return -1; 613 } 614 } 615 if (user != NULL) 616 debug3("match %sfound", result ? "" : "not "); 617 *condition = cp; 618 return result; 619 } 620 621 #define WHITESPACE " \t\r\n" 622 623 int 624 process_server_config_line(ServerOptions *options, char *line, 625 const char *filename, int linenum, int *activep, const char *user, 626 const char *host, const char *address) 627 { 628 char *cp, **charptr, *arg, *p; 629 int cmdline = 0, *intptr, value, n; 630 SyslogFacility *log_facility_ptr; 631 LogLevel *log_level_ptr; 632 ServerOpCodes opcode; 633 int port; 634 u_int i, flags = 0; 635 size_t len; 636 637 cp = line; 638 if ((arg = strdelim(&cp)) == NULL) 639 return 0; 640 /* Ignore leading whitespace */ 641 if (*arg == '\0') 642 arg = strdelim(&cp); 643 if (!arg || !*arg || *arg == '#') 644 return 0; 645 intptr = NULL; 646 charptr = NULL; 647 opcode = parse_token(arg, filename, linenum, &flags); 648 649 if (activep == NULL) { /* We are processing a command line directive */ 650 cmdline = 1; 651 activep = &cmdline; 652 } 653 if (*activep && opcode != sMatch) 654 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 655 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 656 if (user == NULL) { 657 fatal("%s line %d: Directive '%s' is not allowed " 658 "within a Match block", filename, linenum, arg); 659 } else { /* this is a directive we have already processed */ 660 while (arg) 661 arg = strdelim(&cp); 662 return 0; 663 } 664 } 665 666 switch (opcode) { 667 case sBadOption: 668 return -1; 669 case sPort: 670 /* ignore ports from configfile if cmdline specifies ports */ 671 if (options->ports_from_cmdline) 672 return 0; 673 if (options->listen_addrs != NULL) 674 fatal("%s line %d: ports must be specified before " 675 "ListenAddress.", filename, linenum); 676 if (options->num_ports >= MAX_PORTS) 677 fatal("%s line %d: too many ports.", 678 filename, linenum); 679 arg = strdelim(&cp); 680 if (!arg || *arg == '\0') 681 fatal("%s line %d: missing port number.", 682 filename, linenum); 683 options->ports[options->num_ports++] = a2port(arg); 684 if (options->ports[options->num_ports-1] <= 0) 685 fatal("%s line %d: Badly formatted port number.", 686 filename, linenum); 687 break; 688 689 case sServerKeyBits: 690 intptr = &options->server_key_bits; 691 parse_int: 692 arg = strdelim(&cp); 693 if (!arg || *arg == '\0') 694 fatal("%s line %d: missing integer value.", 695 filename, linenum); 696 value = atoi(arg); 697 if (*activep && *intptr == -1) 698 *intptr = value; 699 break; 700 701 case sLoginGraceTime: 702 intptr = &options->login_grace_time; 703 parse_time: 704 arg = strdelim(&cp); 705 if (!arg || *arg == '\0') 706 fatal("%s line %d: missing time value.", 707 filename, linenum); 708 if ((value = convtime(arg)) == -1) 709 fatal("%s line %d: invalid time value.", 710 filename, linenum); 711 if (*intptr == -1) 712 *intptr = value; 713 break; 714 715 case sKeyRegenerationTime: 716 intptr = &options->key_regeneration_time; 717 goto parse_time; 718 719 case sListenAddress: 720 arg = strdelim(&cp); 721 if (arg == NULL || *arg == '\0') 722 fatal("%s line %d: missing address", 723 filename, linenum); 724 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 725 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 726 && strchr(p+1, ':') != NULL) { 727 add_listen_addr(options, arg, 0); 728 break; 729 } 730 p = hpdelim(&arg); 731 if (p == NULL) 732 fatal("%s line %d: bad address:port usage", 733 filename, linenum); 734 p = cleanhostname(p); 735 if (arg == NULL) 736 port = 0; 737 else if ((port = a2port(arg)) <= 0) 738 fatal("%s line %d: bad port number", filename, linenum); 739 740 add_listen_addr(options, p, port); 741 742 break; 743 744 case sAddressFamily: 745 arg = strdelim(&cp); 746 if (!arg || *arg == '\0') 747 fatal("%s line %d: missing address family.", 748 filename, linenum); 749 intptr = &options->address_family; 750 if (options->listen_addrs != NULL) 751 fatal("%s line %d: address family must be specified before " 752 "ListenAddress.", filename, linenum); 753 if (strcasecmp(arg, "inet") == 0) 754 value = AF_INET; 755 else if (strcasecmp(arg, "inet6") == 0) 756 value = AF_INET6; 757 else if (strcasecmp(arg, "any") == 0) 758 value = AF_UNSPEC; 759 else 760 fatal("%s line %d: unsupported address family \"%s\".", 761 filename, linenum, arg); 762 if (*intptr == -1) 763 *intptr = value; 764 break; 765 766 case sHostKeyFile: 767 intptr = &options->num_host_key_files; 768 if (*intptr >= MAX_HOSTKEYS) 769 fatal("%s line %d: too many host keys specified (max %d).", 770 filename, linenum, MAX_HOSTKEYS); 771 charptr = &options->host_key_files[*intptr]; 772 parse_filename: 773 arg = strdelim(&cp); 774 if (!arg || *arg == '\0') 775 fatal("%s line %d: missing file name.", 776 filename, linenum); 777 if (*activep && *charptr == NULL) { 778 *charptr = derelativise_path(arg); 779 /* increase optional counter */ 780 if (intptr != NULL) 781 *intptr = *intptr + 1; 782 } 783 break; 784 785 case sHostCertificate: 786 intptr = &options->num_host_cert_files; 787 if (*intptr >= MAX_HOSTKEYS) 788 fatal("%s line %d: too many host certificates " 789 "specified (max %d).", filename, linenum, 790 MAX_HOSTCERTS); 791 charptr = &options->host_cert_files[*intptr]; 792 goto parse_filename; 793 break; 794 795 case sPidFile: 796 charptr = &options->pid_file; 797 goto parse_filename; 798 799 case sPermitRootLogin: 800 intptr = &options->permit_root_login; 801 arg = strdelim(&cp); 802 if (!arg || *arg == '\0') 803 fatal("%s line %d: missing yes/" 804 "without-password/forced-commands-only/no " 805 "argument.", filename, linenum); 806 value = 0; /* silence compiler */ 807 if (strcmp(arg, "without-password") == 0) 808 value = PERMIT_NO_PASSWD; 809 else if (strcmp(arg, "forced-commands-only") == 0) 810 value = PERMIT_FORCED_ONLY; 811 else if (strcmp(arg, "yes") == 0) 812 value = PERMIT_YES; 813 else if (strcmp(arg, "no") == 0) 814 value = PERMIT_NO; 815 else 816 fatal("%s line %d: Bad yes/" 817 "without-password/forced-commands-only/no " 818 "argument: %s", filename, linenum, arg); 819 if (*activep && *intptr == -1) 820 *intptr = value; 821 break; 822 823 case sIgnoreRhosts: 824 intptr = &options->ignore_rhosts; 825 parse_flag: 826 arg = strdelim(&cp); 827 if (!arg || *arg == '\0') 828 fatal("%s line %d: missing yes/no argument.", 829 filename, linenum); 830 value = 0; /* silence compiler */ 831 if (strcmp(arg, "yes") == 0) 832 value = 1; 833 else if (strcmp(arg, "no") == 0) 834 value = 0; 835 else 836 fatal("%s line %d: Bad yes/no argument: %s", 837 filename, linenum, arg); 838 if (*activep && *intptr == -1) 839 *intptr = value; 840 break; 841 842 case sIgnoreUserKnownHosts: 843 intptr = &options->ignore_user_known_hosts; 844 goto parse_flag; 845 846 case sRhostsRSAAuthentication: 847 intptr = &options->rhosts_rsa_authentication; 848 goto parse_flag; 849 850 case sHostbasedAuthentication: 851 intptr = &options->hostbased_authentication; 852 goto parse_flag; 853 854 case sHostbasedUsesNameFromPacketOnly: 855 intptr = &options->hostbased_uses_name_from_packet_only; 856 goto parse_flag; 857 858 case sRSAAuthentication: 859 intptr = &options->rsa_authentication; 860 goto parse_flag; 861 862 case sPubkeyAuthentication: 863 intptr = &options->pubkey_authentication; 864 goto parse_flag; 865 866 case sKerberosAuthentication: 867 intptr = &options->kerberos_authentication; 868 goto parse_flag; 869 870 case sKerberosOrLocalPasswd: 871 intptr = &options->kerberos_or_local_passwd; 872 goto parse_flag; 873 874 case sKerberosTicketCleanup: 875 intptr = &options->kerberos_ticket_cleanup; 876 goto parse_flag; 877 878 case sKerberosGetAFSToken: 879 intptr = &options->kerberos_get_afs_token; 880 goto parse_flag; 881 882 case sGssAuthentication: 883 intptr = &options->gss_authentication; 884 goto parse_flag; 885 886 case sGssCleanupCreds: 887 intptr = &options->gss_cleanup_creds; 888 goto parse_flag; 889 890 case sPasswordAuthentication: 891 intptr = &options->password_authentication; 892 goto parse_flag; 893 894 case sZeroKnowledgePasswordAuthentication: 895 intptr = &options->zero_knowledge_password_authentication; 896 goto parse_flag; 897 898 case sKbdInteractiveAuthentication: 899 intptr = &options->kbd_interactive_authentication; 900 goto parse_flag; 901 902 case sChallengeResponseAuthentication: 903 intptr = &options->challenge_response_authentication; 904 goto parse_flag; 905 906 case sPrintMotd: 907 intptr = &options->print_motd; 908 goto parse_flag; 909 910 case sPrintLastLog: 911 intptr = &options->print_lastlog; 912 goto parse_flag; 913 914 case sX11Forwarding: 915 intptr = &options->x11_forwarding; 916 goto parse_flag; 917 918 case sX11DisplayOffset: 919 intptr = &options->x11_display_offset; 920 goto parse_int; 921 922 case sX11UseLocalhost: 923 intptr = &options->x11_use_localhost; 924 goto parse_flag; 925 926 case sXAuthLocation: 927 charptr = &options->xauth_location; 928 goto parse_filename; 929 930 case sStrictModes: 931 intptr = &options->strict_modes; 932 goto parse_flag; 933 934 case sTCPKeepAlive: 935 intptr = &options->tcp_keep_alive; 936 goto parse_flag; 937 938 case sEmptyPasswd: 939 intptr = &options->permit_empty_passwd; 940 goto parse_flag; 941 942 case sPermitUserEnvironment: 943 intptr = &options->permit_user_env; 944 goto parse_flag; 945 946 case sUseLogin: 947 intptr = &options->use_login; 948 goto parse_flag; 949 950 case sCompression: 951 intptr = &options->compression; 952 arg = strdelim(&cp); 953 if (!arg || *arg == '\0') 954 fatal("%s line %d: missing yes/no/delayed " 955 "argument.", filename, linenum); 956 value = 0; /* silence compiler */ 957 if (strcmp(arg, "delayed") == 0) 958 value = COMP_DELAYED; 959 else if (strcmp(arg, "yes") == 0) 960 value = COMP_ZLIB; 961 else if (strcmp(arg, "no") == 0) 962 value = COMP_NONE; 963 else 964 fatal("%s line %d: Bad yes/no/delayed " 965 "argument: %s", filename, linenum, arg); 966 if (*intptr == -1) 967 *intptr = value; 968 break; 969 970 case sGatewayPorts: 971 intptr = &options->gateway_ports; 972 arg = strdelim(&cp); 973 if (!arg || *arg == '\0') 974 fatal("%s line %d: missing yes/no/clientspecified " 975 "argument.", filename, linenum); 976 value = 0; /* silence compiler */ 977 if (strcmp(arg, "clientspecified") == 0) 978 value = 2; 979 else if (strcmp(arg, "yes") == 0) 980 value = 1; 981 else if (strcmp(arg, "no") == 0) 982 value = 0; 983 else 984 fatal("%s line %d: Bad yes/no/clientspecified " 985 "argument: %s", filename, linenum, arg); 986 if (*activep && *intptr == -1) 987 *intptr = value; 988 break; 989 990 case sUseDNS: 991 intptr = &options->use_dns; 992 goto parse_flag; 993 994 case sLogFacility: 995 log_facility_ptr = &options->log_facility; 996 arg = strdelim(&cp); 997 value = log_facility_number(arg); 998 if (value == SYSLOG_FACILITY_NOT_SET) 999 fatal("%.200s line %d: unsupported log facility '%s'", 1000 filename, linenum, arg ? arg : "<NONE>"); 1001 if (*log_facility_ptr == -1) 1002 *log_facility_ptr = (SyslogFacility) value; 1003 break; 1004 1005 case sLogLevel: 1006 log_level_ptr = &options->log_level; 1007 arg = strdelim(&cp); 1008 value = log_level_number(arg); 1009 if (value == SYSLOG_LEVEL_NOT_SET) 1010 fatal("%.200s line %d: unsupported log level '%s'", 1011 filename, linenum, arg ? arg : "<NONE>"); 1012 if (*log_level_ptr == -1) 1013 *log_level_ptr = (LogLevel) value; 1014 break; 1015 1016 case sAllowTcpForwarding: 1017 intptr = &options->allow_tcp_forwarding; 1018 goto parse_flag; 1019 1020 case sAllowAgentForwarding: 1021 intptr = &options->allow_agent_forwarding; 1022 goto parse_flag; 1023 1024 case sUsePrivilegeSeparation: 1025 intptr = &use_privsep; 1026 goto parse_flag; 1027 1028 case sAllowUsers: 1029 while ((arg = strdelim(&cp)) && *arg != '\0') { 1030 if (options->num_allow_users >= MAX_ALLOW_USERS) 1031 fatal("%s line %d: too many allow users.", 1032 filename, linenum); 1033 options->allow_users[options->num_allow_users++] = 1034 xstrdup(arg); 1035 } 1036 break; 1037 1038 case sDenyUsers: 1039 while ((arg = strdelim(&cp)) && *arg != '\0') { 1040 if (options->num_deny_users >= MAX_DENY_USERS) 1041 fatal("%s line %d: too many deny users.", 1042 filename, linenum); 1043 options->deny_users[options->num_deny_users++] = 1044 xstrdup(arg); 1045 } 1046 break; 1047 1048 case sAllowGroups: 1049 while ((arg = strdelim(&cp)) && *arg != '\0') { 1050 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 1051 fatal("%s line %d: too many allow groups.", 1052 filename, linenum); 1053 options->allow_groups[options->num_allow_groups++] = 1054 xstrdup(arg); 1055 } 1056 break; 1057 1058 case sDenyGroups: 1059 while ((arg = strdelim(&cp)) && *arg != '\0') { 1060 if (options->num_deny_groups >= MAX_DENY_GROUPS) 1061 fatal("%s line %d: too many deny groups.", 1062 filename, linenum); 1063 options->deny_groups[options->num_deny_groups++] = xstrdup(arg); 1064 } 1065 break; 1066 1067 case sCiphers: 1068 arg = strdelim(&cp); 1069 if (!arg || *arg == '\0') 1070 fatal("%s line %d: Missing argument.", filename, linenum); 1071 if (!ciphers_valid(arg)) 1072 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1073 filename, linenum, arg ? arg : "<NONE>"); 1074 if (options->ciphers == NULL) 1075 options->ciphers = xstrdup(arg); 1076 break; 1077 1078 case sMacs: 1079 arg = strdelim(&cp); 1080 if (!arg || *arg == '\0') 1081 fatal("%s line %d: Missing argument.", filename, linenum); 1082 if (!mac_valid(arg)) 1083 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1084 filename, linenum, arg ? arg : "<NONE>"); 1085 if (options->macs == NULL) 1086 options->macs = xstrdup(arg); 1087 break; 1088 1089 case sProtocol: 1090 intptr = &options->protocol; 1091 arg = strdelim(&cp); 1092 if (!arg || *arg == '\0') 1093 fatal("%s line %d: Missing argument.", filename, linenum); 1094 value = proto_spec(arg); 1095 if (value == SSH_PROTO_UNKNOWN) 1096 fatal("%s line %d: Bad protocol spec '%s'.", 1097 filename, linenum, arg ? arg : "<NONE>"); 1098 if (*intptr == SSH_PROTO_UNKNOWN) 1099 *intptr = value; 1100 break; 1101 1102 case sSubsystem: 1103 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1104 fatal("%s line %d: too many subsystems defined.", 1105 filename, linenum); 1106 } 1107 arg = strdelim(&cp); 1108 if (!arg || *arg == '\0') 1109 fatal("%s line %d: Missing subsystem name.", 1110 filename, linenum); 1111 if (!*activep) { 1112 arg = strdelim(&cp); 1113 break; 1114 } 1115 for (i = 0; i < options->num_subsystems; i++) 1116 if (strcmp(arg, options->subsystem_name[i]) == 0) 1117 fatal("%s line %d: Subsystem '%s' already defined.", 1118 filename, linenum, arg); 1119 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1120 arg = strdelim(&cp); 1121 if (!arg || *arg == '\0') 1122 fatal("%s line %d: Missing subsystem command.", 1123 filename, linenum); 1124 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1125 1126 /* Collect arguments (separate to executable) */ 1127 p = xstrdup(arg); 1128 len = strlen(p) + 1; 1129 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1130 len += 1 + strlen(arg); 1131 p = xrealloc(p, 1, len); 1132 strlcat(p, " ", len); 1133 strlcat(p, arg, len); 1134 } 1135 options->subsystem_args[options->num_subsystems] = p; 1136 options->num_subsystems++; 1137 break; 1138 1139 case sMaxStartups: 1140 arg = strdelim(&cp); 1141 if (!arg || *arg == '\0') 1142 fatal("%s line %d: Missing MaxStartups spec.", 1143 filename, linenum); 1144 if ((n = sscanf(arg, "%d:%d:%d", 1145 &options->max_startups_begin, 1146 &options->max_startups_rate, 1147 &options->max_startups)) == 3) { 1148 if (options->max_startups_begin > 1149 options->max_startups || 1150 options->max_startups_rate > 100 || 1151 options->max_startups_rate < 1) 1152 fatal("%s line %d: Illegal MaxStartups spec.", 1153 filename, linenum); 1154 } else if (n != 1) 1155 fatal("%s line %d: Illegal MaxStartups spec.", 1156 filename, linenum); 1157 else 1158 options->max_startups = options->max_startups_begin; 1159 break; 1160 1161 case sMaxAuthTries: 1162 intptr = &options->max_authtries; 1163 goto parse_int; 1164 1165 case sMaxSessions: 1166 intptr = &options->max_sessions; 1167 goto parse_int; 1168 1169 case sBanner: 1170 charptr = &options->banner; 1171 goto parse_filename; 1172 1173 /* 1174 * These options can contain %X options expanded at 1175 * connect time, so that you can specify paths like: 1176 * 1177 * AuthorizedKeysFile /etc/ssh_keys/%u 1178 */ 1179 case sAuthorizedKeysFile: 1180 charptr = &options->authorized_keys_file; 1181 goto parse_tilde_filename; 1182 case sAuthorizedKeysFile2: 1183 charptr = &options->authorized_keys_file2; 1184 goto parse_tilde_filename; 1185 case sAuthorizedPrincipalsFile: 1186 charptr = &options->authorized_principals_file; 1187 parse_tilde_filename: 1188 arg = strdelim(&cp); 1189 if (!arg || *arg == '\0') 1190 fatal("%s line %d: missing file name.", 1191 filename, linenum); 1192 if (*activep && *charptr == NULL) { 1193 *charptr = tilde_expand_filename(arg, getuid()); 1194 /* increase optional counter */ 1195 if (intptr != NULL) 1196 *intptr = *intptr + 1; 1197 } 1198 break; 1199 1200 case sClientAliveInterval: 1201 intptr = &options->client_alive_interval; 1202 goto parse_time; 1203 1204 case sClientAliveCountMax: 1205 intptr = &options->client_alive_count_max; 1206 goto parse_int; 1207 1208 case sAcceptEnv: 1209 while ((arg = strdelim(&cp)) && *arg != '\0') { 1210 if (strchr(arg, '=') != NULL) 1211 fatal("%s line %d: Invalid environment name.", 1212 filename, linenum); 1213 if (options->num_accept_env >= MAX_ACCEPT_ENV) 1214 fatal("%s line %d: too many allow env.", 1215 filename, linenum); 1216 if (!*activep) 1217 break; 1218 options->accept_env[options->num_accept_env++] = 1219 xstrdup(arg); 1220 } 1221 break; 1222 1223 case sPermitTunnel: 1224 intptr = &options->permit_tun; 1225 arg = strdelim(&cp); 1226 if (!arg || *arg == '\0') 1227 fatal("%s line %d: Missing yes/point-to-point/" 1228 "ethernet/no argument.", filename, linenum); 1229 value = -1; 1230 for (i = 0; tunmode_desc[i].val != -1; i++) 1231 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1232 value = tunmode_desc[i].val; 1233 break; 1234 } 1235 if (value == -1) 1236 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1237 "no argument: %s", filename, linenum, arg); 1238 if (*intptr == -1) 1239 *intptr = value; 1240 break; 1241 1242 case sMatch: 1243 if (cmdline) 1244 fatal("Match directive not supported as a command-line " 1245 "option"); 1246 value = match_cfg_line(&cp, linenum, user, host, address); 1247 if (value < 0) 1248 fatal("%s line %d: Bad Match condition", filename, 1249 linenum); 1250 *activep = value; 1251 break; 1252 1253 case sPermitOpen: 1254 arg = strdelim(&cp); 1255 if (!arg || *arg == '\0') 1256 fatal("%s line %d: missing PermitOpen specification", 1257 filename, linenum); 1258 n = options->num_permitted_opens; /* modified later */ 1259 if (strcmp(arg, "any") == 0) { 1260 if (*activep && n == -1) { 1261 channel_clear_adm_permitted_opens(); 1262 options->num_permitted_opens = 0; 1263 } 1264 break; 1265 } 1266 if (*activep && n == -1) 1267 channel_clear_adm_permitted_opens(); 1268 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 1269 p = hpdelim(&arg); 1270 if (p == NULL) 1271 fatal("%s line %d: missing host in PermitOpen", 1272 filename, linenum); 1273 p = cleanhostname(p); 1274 if (arg == NULL || (port = a2port(arg)) <= 0) 1275 fatal("%s line %d: bad port number in " 1276 "PermitOpen", filename, linenum); 1277 if (*activep && n == -1) 1278 options->num_permitted_opens = 1279 channel_add_adm_permitted_opens(p, port); 1280 } 1281 break; 1282 1283 case sForceCommand: 1284 if (cp == NULL) 1285 fatal("%.200s line %d: Missing argument.", filename, 1286 linenum); 1287 len = strspn(cp, WHITESPACE); 1288 if (*activep && options->adm_forced_command == NULL) 1289 options->adm_forced_command = xstrdup(cp + len); 1290 return 0; 1291 1292 case sChrootDirectory: 1293 charptr = &options->chroot_directory; 1294 1295 arg = strdelim(&cp); 1296 if (!arg || *arg == '\0') 1297 fatal("%s line %d: missing file name.", 1298 filename, linenum); 1299 if (*activep && *charptr == NULL) 1300 *charptr = xstrdup(arg); 1301 break; 1302 1303 case sTrustedUserCAKeys: 1304 charptr = &options->trusted_user_ca_keys; 1305 goto parse_filename; 1306 1307 case sRevokedKeys: 1308 charptr = &options->revoked_keys_file; 1309 goto parse_filename; 1310 1311 case sDeprecated: 1312 logit("%s line %d: Deprecated option %s", 1313 filename, linenum, arg); 1314 while (arg) 1315 arg = strdelim(&cp); 1316 break; 1317 1318 case sUnsupported: 1319 logit("%s line %d: Unsupported option %s", 1320 filename, linenum, arg); 1321 while (arg) 1322 arg = strdelim(&cp); 1323 break; 1324 1325 default: 1326 fatal("%s line %d: Missing handler for opcode %s (%d)", 1327 filename, linenum, arg, opcode); 1328 } 1329 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 1330 fatal("%s line %d: garbage at end of line; \"%.200s\".", 1331 filename, linenum, arg); 1332 return 0; 1333 } 1334 1335 /* Reads the server configuration file. */ 1336 1337 void 1338 load_server_config(const char *filename, Buffer *conf) 1339 { 1340 char line[1024], *cp; 1341 FILE *f; 1342 1343 debug2("%s: filename %s", __func__, filename); 1344 if ((f = fopen(filename, "r")) == NULL) { 1345 perror(filename); 1346 exit(1); 1347 } 1348 buffer_clear(conf); 1349 while (fgets(line, sizeof(line), f)) { 1350 /* 1351 * Trim out comments and strip whitespace 1352 * NB - preserve newlines, they are needed to reproduce 1353 * line numbers later for error messages 1354 */ 1355 if ((cp = strchr(line, '#')) != NULL) 1356 memcpy(cp, "\n", 2); 1357 cp = line + strspn(line, " \t\r"); 1358 1359 buffer_append(conf, cp, strlen(cp)); 1360 } 1361 buffer_append(conf, "\0", 1); 1362 fclose(f); 1363 debug2("%s: done config len = %d", __func__, buffer_len(conf)); 1364 } 1365 1366 void 1367 parse_server_match_config(ServerOptions *options, const char *user, 1368 const char *host, const char *address) 1369 { 1370 ServerOptions mo; 1371 1372 initialize_server_options(&mo); 1373 parse_server_config(&mo, "reprocess config", &cfg, user, host, address); 1374 copy_set_server_options(options, &mo, 0); 1375 } 1376 1377 /* Helper macros */ 1378 #define M_CP_INTOPT(n) do {\ 1379 if (src->n != -1) \ 1380 dst->n = src->n; \ 1381 } while (0) 1382 #define M_CP_STROPT(n) do {\ 1383 if (src->n != NULL) { \ 1384 if (dst->n != NULL) \ 1385 xfree(dst->n); \ 1386 dst->n = src->n; \ 1387 } \ 1388 } while(0) 1389 1390 /* 1391 * Copy any supported values that are set. 1392 * 1393 * If the preauth flag is set, we do not bother copying the string or 1394 * array values that are not used pre-authentication, because any that we 1395 * do use must be explictly sent in mm_getpwnamallow(). 1396 */ 1397 void 1398 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 1399 { 1400 M_CP_INTOPT(password_authentication); 1401 M_CP_INTOPT(gss_authentication); 1402 M_CP_INTOPT(rsa_authentication); 1403 M_CP_INTOPT(pubkey_authentication); 1404 M_CP_INTOPT(kerberos_authentication); 1405 M_CP_INTOPT(hostbased_authentication); 1406 M_CP_INTOPT(kbd_interactive_authentication); 1407 M_CP_INTOPT(zero_knowledge_password_authentication); 1408 M_CP_INTOPT(permit_root_login); 1409 M_CP_INTOPT(permit_empty_passwd); 1410 1411 M_CP_INTOPT(allow_tcp_forwarding); 1412 M_CP_INTOPT(allow_agent_forwarding); 1413 M_CP_INTOPT(gateway_ports); 1414 M_CP_INTOPT(x11_display_offset); 1415 M_CP_INTOPT(x11_forwarding); 1416 M_CP_INTOPT(x11_use_localhost); 1417 M_CP_INTOPT(max_sessions); 1418 M_CP_INTOPT(max_authtries); 1419 1420 M_CP_STROPT(banner); 1421 if (preauth) 1422 return; 1423 M_CP_STROPT(adm_forced_command); 1424 M_CP_STROPT(chroot_directory); 1425 M_CP_STROPT(trusted_user_ca_keys); 1426 M_CP_STROPT(revoked_keys_file); 1427 } 1428 1429 #undef M_CP_INTOPT 1430 #undef M_CP_STROPT 1431 1432 void 1433 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 1434 const char *user, const char *host, const char *address) 1435 { 1436 int active, linenum, bad_options = 0; 1437 char *cp, *obuf, *cbuf; 1438 1439 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 1440 1441 obuf = cbuf = xstrdup(buffer_ptr(conf)); 1442 active = user ? 0 : 1; 1443 linenum = 1; 1444 while ((cp = strsep(&cbuf, "\n")) != NULL) { 1445 if (process_server_config_line(options, cp, filename, 1446 linenum++, &active, user, host, address) != 0) 1447 bad_options++; 1448 } 1449 xfree(obuf); 1450 if (bad_options > 0) 1451 fatal("%s: terminating, %d bad configuration options", 1452 filename, bad_options); 1453 } 1454 1455 static const char * 1456 fmt_intarg(ServerOpCodes code, int val) 1457 { 1458 if (code == sAddressFamily) { 1459 switch (val) { 1460 case AF_INET: 1461 return "inet"; 1462 case AF_INET6: 1463 return "inet6"; 1464 case AF_UNSPEC: 1465 return "any"; 1466 default: 1467 return "UNKNOWN"; 1468 } 1469 } 1470 if (code == sPermitRootLogin) { 1471 switch (val) { 1472 case PERMIT_NO_PASSWD: 1473 return "without-password"; 1474 case PERMIT_FORCED_ONLY: 1475 return "forced-commands-only"; 1476 case PERMIT_YES: 1477 return "yes"; 1478 } 1479 } 1480 if (code == sProtocol) { 1481 switch (val) { 1482 case SSH_PROTO_1: 1483 return "1"; 1484 case SSH_PROTO_2: 1485 return "2"; 1486 case (SSH_PROTO_1|SSH_PROTO_2): 1487 return "2,1"; 1488 default: 1489 return "UNKNOWN"; 1490 } 1491 } 1492 if (code == sGatewayPorts && val == 2) 1493 return "clientspecified"; 1494 if (code == sCompression && val == COMP_DELAYED) 1495 return "delayed"; 1496 switch (val) { 1497 case -1: 1498 return "unset"; 1499 case 0: 1500 return "no"; 1501 case 1: 1502 return "yes"; 1503 } 1504 return "UNKNOWN"; 1505 } 1506 1507 static const char * 1508 lookup_opcode_name(ServerOpCodes code) 1509 { 1510 u_int i; 1511 1512 for (i = 0; keywords[i].name != NULL; i++) 1513 if (keywords[i].opcode == code) 1514 return(keywords[i].name); 1515 return "UNKNOWN"; 1516 } 1517 1518 static void 1519 dump_cfg_int(ServerOpCodes code, int val) 1520 { 1521 printf("%s %d\n", lookup_opcode_name(code), val); 1522 } 1523 1524 static void 1525 dump_cfg_fmtint(ServerOpCodes code, int val) 1526 { 1527 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 1528 } 1529 1530 static void 1531 dump_cfg_string(ServerOpCodes code, const char *val) 1532 { 1533 if (val == NULL) 1534 return; 1535 printf("%s %s\n", lookup_opcode_name(code), val); 1536 } 1537 1538 static void 1539 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 1540 { 1541 u_int i; 1542 1543 for (i = 0; i < count; i++) 1544 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 1545 } 1546 1547 void 1548 dump_config(ServerOptions *o) 1549 { 1550 u_int i; 1551 int ret; 1552 struct addrinfo *ai; 1553 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 1554 1555 /* these are usually at the top of the config */ 1556 for (i = 0; i < o->num_ports; i++) 1557 printf("port %d\n", o->ports[i]); 1558 dump_cfg_fmtint(sProtocol, o->protocol); 1559 dump_cfg_fmtint(sAddressFamily, o->address_family); 1560 1561 /* ListenAddress must be after Port */ 1562 for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 1563 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 1564 sizeof(addr), port, sizeof(port), 1565 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 1566 error("getnameinfo failed: %.100s", 1567 (ret != EAI_SYSTEM) ? gai_strerror(ret) : 1568 strerror(errno)); 1569 } else { 1570 if (ai->ai_family == AF_INET6) 1571 printf("listenaddress [%s]:%s\n", addr, port); 1572 else 1573 printf("listenaddress %s:%s\n", addr, port); 1574 } 1575 } 1576 1577 /* integer arguments */ 1578 dump_cfg_int(sServerKeyBits, o->server_key_bits); 1579 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 1580 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); 1581 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 1582 dump_cfg_int(sMaxAuthTries, o->max_authtries); 1583 dump_cfg_int(sMaxSessions, o->max_sessions); 1584 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 1585 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 1586 1587 /* formatted integer arguments */ 1588 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 1589 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 1590 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 1591 dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication); 1592 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 1593 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 1594 o->hostbased_uses_name_from_packet_only); 1595 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication); 1596 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 1597 #ifdef KRB5 1598 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 1599 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 1600 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 1601 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 1602 #endif 1603 #ifdef GSSAPI 1604 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 1605 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 1606 #endif 1607 #ifdef JPAKE 1608 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, 1609 o->zero_knowledge_password_authentication); 1610 #endif 1611 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 1612 dump_cfg_fmtint(sKbdInteractiveAuthentication, 1613 o->kbd_interactive_authentication); 1614 dump_cfg_fmtint(sChallengeResponseAuthentication, 1615 o->challenge_response_authentication); 1616 dump_cfg_fmtint(sPrintMotd, o->print_motd); 1617 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 1618 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 1619 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 1620 dump_cfg_fmtint(sStrictModes, o->strict_modes); 1621 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 1622 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 1623 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 1624 dump_cfg_fmtint(sUseLogin, o->use_login); 1625 dump_cfg_fmtint(sCompression, o->compression); 1626 dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); 1627 dump_cfg_fmtint(sUseDNS, o->use_dns); 1628 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 1629 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 1630 1631 /* string arguments */ 1632 dump_cfg_string(sPidFile, o->pid_file); 1633 dump_cfg_string(sXAuthLocation, o->xauth_location); 1634 dump_cfg_string(sCiphers, o->ciphers); 1635 dump_cfg_string(sMacs, o->macs); 1636 dump_cfg_string(sBanner, o->banner); 1637 dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file); 1638 dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2); 1639 dump_cfg_string(sForceCommand, o->adm_forced_command); 1640 dump_cfg_string(sChrootDirectory, o->chroot_directory); 1641 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 1642 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 1643 dump_cfg_string(sAuthorizedPrincipalsFile, 1644 o->authorized_principals_file); 1645 1646 /* string arguments requiring a lookup */ 1647 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 1648 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 1649 1650 /* string array arguments */ 1651 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 1652 o->host_key_files); 1653 dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, 1654 o->host_cert_files); 1655 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 1656 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 1657 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 1658 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 1659 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 1660 1661 /* other arguments */ 1662 for (i = 0; i < o->num_subsystems; i++) 1663 printf("subsystem %s %s\n", o->subsystem_name[i], 1664 o->subsystem_args[i]); 1665 1666 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 1667 o->max_startups_rate, o->max_startups); 1668 1669 for (i = 0; tunmode_desc[i].val != -1; i++) 1670 if (tunmode_desc[i].val == o->permit_tun) { 1671 s = tunmode_desc[i].text; 1672 break; 1673 } 1674 dump_cfg_string(sPermitTunnel, s); 1675 1676 channel_print_adm_permitted_opens(); 1677 } 1678