1 2 /* $OpenBSD: servconf.c,v 1.302 2017/01/06 03:45:41 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include <sys/types.h> 15 #include <sys/socket.h> 16 #include <sys/queue.h> 17 18 #include <netinet/in.h> 19 #include <netinet/ip.h> 20 21 #include <ctype.h> 22 #include <netdb.h> 23 #include <pwd.h> 24 #include <stdio.h> 25 #include <stdlib.h> 26 #include <string.h> 27 #include <signal.h> 28 #include <unistd.h> 29 #include <limits.h> 30 #include <stdarg.h> 31 #include <errno.h> 32 #include <util.h> 33 34 #include "xmalloc.h" 35 #include "ssh.h" 36 #include "log.h" 37 #include "buffer.h" 38 #include "misc.h" 39 #include "servconf.h" 40 #include "compat.h" 41 #include "pathnames.h" 42 #include "cipher.h" 43 #include "key.h" 44 #include "kex.h" 45 #include "mac.h" 46 #include "match.h" 47 #include "channels.h" 48 #include "groupaccess.h" 49 #include "canohost.h" 50 #include "packet.h" 51 #include "hostfile.h" 52 #include "auth.h" 53 #include "myproposal.h" 54 #include "digest.h" 55 56 static void add_listen_addr(ServerOptions *, char *, int); 57 static void add_one_listen_addr(ServerOptions *, char *, int); 58 59 /* Use of privilege separation or not */ 60 extern int use_privsep; 61 extern Buffer cfg; 62 63 /* Initializes the server options to their default values. */ 64 65 void 66 initialize_server_options(ServerOptions *options) 67 { 68 memset(options, 0, sizeof(*options)); 69 options->num_ports = 0; 70 options->ports_from_cmdline = 0; 71 options->queued_listen_addrs = NULL; 72 options->num_queued_listens = 0; 73 options->listen_addrs = NULL; 74 options->address_family = -1; 75 options->num_host_key_files = 0; 76 options->num_host_cert_files = 0; 77 options->host_key_agent = NULL; 78 options->pid_file = NULL; 79 options->login_grace_time = -1; 80 options->permit_root_login = PERMIT_NOT_SET; 81 options->ignore_rhosts = -1; 82 options->ignore_user_known_hosts = -1; 83 options->print_motd = -1; 84 options->print_lastlog = -1; 85 options->x11_forwarding = -1; 86 options->x11_display_offset = -1; 87 options->x11_use_localhost = -1; 88 options->permit_tty = -1; 89 options->permit_user_rc = -1; 90 options->xauth_location = NULL; 91 options->strict_modes = -1; 92 options->tcp_keep_alive = -1; 93 options->log_facility = SYSLOG_FACILITY_NOT_SET; 94 options->log_level = SYSLOG_LEVEL_NOT_SET; 95 options->hostbased_authentication = -1; 96 options->hostbased_uses_name_from_packet_only = -1; 97 options->hostbased_key_types = NULL; 98 options->hostkeyalgorithms = NULL; 99 options->pubkey_authentication = -1; 100 options->pubkey_key_types = NULL; 101 options->kerberos_authentication = -1; 102 options->kerberos_or_local_passwd = -1; 103 options->kerberos_ticket_cleanup = -1; 104 options->kerberos_get_afs_token = -1; 105 options->gss_authentication=-1; 106 options->gss_cleanup_creds = -1; 107 options->gss_strict_acceptor = -1; 108 options->password_authentication = -1; 109 options->kbd_interactive_authentication = -1; 110 options->challenge_response_authentication = -1; 111 options->permit_empty_passwd = -1; 112 options->permit_user_env = -1; 113 options->compression = -1; 114 options->rekey_limit = -1; 115 options->rekey_interval = -1; 116 options->allow_tcp_forwarding = -1; 117 options->allow_streamlocal_forwarding = -1; 118 options->allow_agent_forwarding = -1; 119 options->num_allow_users = 0; 120 options->num_deny_users = 0; 121 options->num_allow_groups = 0; 122 options->num_deny_groups = 0; 123 options->ciphers = NULL; 124 options->macs = NULL; 125 options->kex_algorithms = NULL; 126 options->fwd_opts.gateway_ports = -1; 127 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 128 options->fwd_opts.streamlocal_bind_unlink = -1; 129 options->num_subsystems = 0; 130 options->max_startups_begin = -1; 131 options->max_startups_rate = -1; 132 options->max_startups = -1; 133 options->max_authtries = -1; 134 options->max_sessions = -1; 135 options->banner = NULL; 136 options->use_dns = -1; 137 options->client_alive_interval = -1; 138 options->client_alive_count_max = -1; 139 options->num_authkeys_files = 0; 140 options->num_accept_env = 0; 141 options->permit_tun = -1; 142 options->num_permitted_opens = -1; 143 options->adm_forced_command = NULL; 144 options->chroot_directory = NULL; 145 options->authorized_keys_command = NULL; 146 options->authorized_keys_command_user = NULL; 147 options->revoked_keys_file = NULL; 148 options->trusted_user_ca_keys = NULL; 149 options->authorized_principals_file = NULL; 150 options->authorized_principals_command = NULL; 151 options->authorized_principals_command_user = NULL; 152 options->ip_qos_interactive = -1; 153 options->ip_qos_bulk = -1; 154 options->version_addendum = NULL; 155 options->fingerprint_hash = -1; 156 options->disable_forwarding = -1; 157 } 158 159 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 160 static int 161 option_clear_or_none(const char *o) 162 { 163 return o == NULL || strcasecmp(o, "none") == 0; 164 } 165 166 static void 167 assemble_algorithms(ServerOptions *o) 168 { 169 if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || 170 kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || 171 kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || 172 kex_assemble_names(KEX_DEFAULT_PK_ALG, 173 &o->hostkeyalgorithms) != 0 || 174 kex_assemble_names(KEX_DEFAULT_PK_ALG, 175 &o->hostbased_key_types) != 0 || 176 kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) 177 fatal("kex_assemble_names failed"); 178 } 179 180 void 181 fill_default_server_options(ServerOptions *options) 182 { 183 int i; 184 185 if (options->num_host_key_files == 0) { 186 /* fill default hostkeys */ 187 options->host_key_files[options->num_host_key_files++] = 188 _PATH_HOST_RSA_KEY_FILE; 189 options->host_key_files[options->num_host_key_files++] = 190 _PATH_HOST_DSA_KEY_FILE; 191 options->host_key_files[options->num_host_key_files++] = 192 _PATH_HOST_ECDSA_KEY_FILE; 193 options->host_key_files[options->num_host_key_files++] = 194 _PATH_HOST_ED25519_KEY_FILE; 195 } 196 /* No certificates by default */ 197 if (options->num_ports == 0) 198 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 199 if (options->address_family == -1) 200 options->address_family = AF_UNSPEC; 201 if (options->listen_addrs == NULL) 202 add_listen_addr(options, NULL, 0); 203 if (options->pid_file == NULL) 204 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 205 if (options->login_grace_time == -1) 206 options->login_grace_time = 120; 207 if (options->permit_root_login == PERMIT_NOT_SET) 208 options->permit_root_login = PERMIT_NO_PASSWD; 209 if (options->ignore_rhosts == -1) 210 options->ignore_rhosts = 1; 211 if (options->ignore_user_known_hosts == -1) 212 options->ignore_user_known_hosts = 0; 213 if (options->print_motd == -1) 214 options->print_motd = 1; 215 if (options->print_lastlog == -1) 216 options->print_lastlog = 1; 217 if (options->x11_forwarding == -1) 218 options->x11_forwarding = 0; 219 if (options->x11_display_offset == -1) 220 options->x11_display_offset = 10; 221 if (options->x11_use_localhost == -1) 222 options->x11_use_localhost = 1; 223 if (options->xauth_location == NULL) 224 options->xauth_location = xstrdup(_PATH_XAUTH); 225 if (options->permit_tty == -1) 226 options->permit_tty = 1; 227 if (options->permit_user_rc == -1) 228 options->permit_user_rc = 1; 229 if (options->strict_modes == -1) 230 options->strict_modes = 1; 231 if (options->tcp_keep_alive == -1) 232 options->tcp_keep_alive = 1; 233 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 234 options->log_facility = SYSLOG_FACILITY_AUTH; 235 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 236 options->log_level = SYSLOG_LEVEL_INFO; 237 if (options->hostbased_authentication == -1) 238 options->hostbased_authentication = 0; 239 if (options->hostbased_uses_name_from_packet_only == -1) 240 options->hostbased_uses_name_from_packet_only = 0; 241 if (options->pubkey_authentication == -1) 242 options->pubkey_authentication = 1; 243 if (options->kerberos_authentication == -1) 244 options->kerberos_authentication = 0; 245 if (options->kerberos_or_local_passwd == -1) 246 options->kerberos_or_local_passwd = 1; 247 if (options->kerberos_ticket_cleanup == -1) 248 options->kerberos_ticket_cleanup = 1; 249 if (options->kerberos_get_afs_token == -1) 250 options->kerberos_get_afs_token = 0; 251 if (options->gss_authentication == -1) 252 options->gss_authentication = 0; 253 if (options->gss_cleanup_creds == -1) 254 options->gss_cleanup_creds = 1; 255 if (options->gss_strict_acceptor == -1) 256 options->gss_strict_acceptor = 1; 257 if (options->password_authentication == -1) 258 options->password_authentication = 1; 259 if (options->kbd_interactive_authentication == -1) 260 options->kbd_interactive_authentication = 0; 261 if (options->challenge_response_authentication == -1) 262 options->challenge_response_authentication = 1; 263 if (options->permit_empty_passwd == -1) 264 options->permit_empty_passwd = 0; 265 if (options->permit_user_env == -1) 266 options->permit_user_env = 0; 267 if (options->compression == -1) 268 options->compression = COMP_DELAYED; 269 if (options->rekey_limit == -1) 270 options->rekey_limit = 0; 271 if (options->rekey_interval == -1) 272 options->rekey_interval = 0; 273 if (options->allow_tcp_forwarding == -1) 274 options->allow_tcp_forwarding = FORWARD_ALLOW; 275 if (options->allow_streamlocal_forwarding == -1) 276 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 277 if (options->allow_agent_forwarding == -1) 278 options->allow_agent_forwarding = 1; 279 if (options->fwd_opts.gateway_ports == -1) 280 options->fwd_opts.gateway_ports = 0; 281 if (options->max_startups == -1) 282 options->max_startups = 100; 283 if (options->max_startups_rate == -1) 284 options->max_startups_rate = 30; /* 30% */ 285 if (options->max_startups_begin == -1) 286 options->max_startups_begin = 10; 287 if (options->max_authtries == -1) 288 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 289 if (options->max_sessions == -1) 290 options->max_sessions = DEFAULT_SESSIONS_MAX; 291 if (options->use_dns == -1) 292 options->use_dns = 0; 293 if (options->client_alive_interval == -1) 294 options->client_alive_interval = 0; 295 if (options->client_alive_count_max == -1) 296 options->client_alive_count_max = 3; 297 if (options->num_authkeys_files == 0) { 298 options->authorized_keys_files[options->num_authkeys_files++] = 299 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); 300 options->authorized_keys_files[options->num_authkeys_files++] = 301 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); 302 } 303 if (options->permit_tun == -1) 304 options->permit_tun = SSH_TUNMODE_NO; 305 if (options->ip_qos_interactive == -1) 306 options->ip_qos_interactive = IPTOS_LOWDELAY; 307 if (options->ip_qos_bulk == -1) 308 options->ip_qos_bulk = IPTOS_THROUGHPUT; 309 if (options->version_addendum == NULL) 310 options->version_addendum = xstrdup(""); 311 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 312 options->fwd_opts.streamlocal_bind_mask = 0177; 313 if (options->fwd_opts.streamlocal_bind_unlink == -1) 314 options->fwd_opts.streamlocal_bind_unlink = 0; 315 if (options->fingerprint_hash == -1) 316 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 317 if (options->disable_forwarding == -1) 318 options->disable_forwarding = 0; 319 320 assemble_algorithms(options); 321 322 /* Turn privilege separation and sandboxing on by default */ 323 if (use_privsep == -1) 324 use_privsep = PRIVSEP_ON; 325 326 #define CLEAR_ON_NONE(v) \ 327 do { \ 328 if (option_clear_or_none(v)) { \ 329 free(v); \ 330 v = NULL; \ 331 } \ 332 } while(0) 333 CLEAR_ON_NONE(options->pid_file); 334 CLEAR_ON_NONE(options->xauth_location); 335 CLEAR_ON_NONE(options->banner); 336 CLEAR_ON_NONE(options->trusted_user_ca_keys); 337 CLEAR_ON_NONE(options->revoked_keys_file); 338 CLEAR_ON_NONE(options->authorized_principals_file); 339 CLEAR_ON_NONE(options->adm_forced_command); 340 CLEAR_ON_NONE(options->chroot_directory); 341 for (i = 0; i < options->num_host_key_files; i++) 342 CLEAR_ON_NONE(options->host_key_files[i]); 343 for (i = 0; i < options->num_host_cert_files; i++) 344 CLEAR_ON_NONE(options->host_cert_files[i]); 345 #undef CLEAR_ON_NONE 346 347 /* Similar handling for AuthenticationMethods=any */ 348 if (options->num_auth_methods == 1 && 349 strcmp(options->auth_methods[0], "any") == 0) { 350 free(options->auth_methods[0]); 351 options->auth_methods[0] = NULL; 352 options->num_auth_methods = 0; 353 } 354 355 } 356 357 /* Keyword tokens. */ 358 typedef enum { 359 sBadOption, /* == unknown option */ 360 sPort, sHostKeyFile, sLoginGraceTime, 361 sPermitRootLogin, sLogFacility, sLogLevel, 362 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 363 sKerberosGetAFSToken, 364 sKerberosTgtPassing, sChallengeResponseAuthentication, 365 sPasswordAuthentication, sKbdInteractiveAuthentication, 366 sListenAddress, sAddressFamily, 367 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 368 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 369 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 370 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 371 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 372 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, 373 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 374 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 375 sBanner, sUseDNS, sHostbasedAuthentication, 376 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, 377 sHostKeyAlgorithms, 378 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 379 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 380 sAcceptEnv, sPermitTunnel, 381 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 382 sUsePrivilegeSeparation, sAllowAgentForwarding, 383 sHostCertificate, 384 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 385 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 386 sKexAlgorithms, sIPQoS, sVersionAddendum, 387 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 388 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 389 sStreamLocalBindMask, sStreamLocalBindUnlink, 390 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 391 sDeprecated, sIgnore, sUnsupported 392 } ServerOpCodes; 393 394 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 395 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 396 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 397 398 /* Textual representation of the tokens. */ 399 static struct { 400 const char *name; 401 ServerOpCodes opcode; 402 u_int flags; 403 } keywords[] = { 404 { "port", sPort, SSHCFG_GLOBAL }, 405 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 406 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 407 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 408 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 409 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 410 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 411 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 412 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 413 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 414 { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 415 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 416 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 417 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 418 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 419 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 420 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 421 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 422 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 423 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 424 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 425 #ifdef KRB5 426 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 427 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 428 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 429 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 430 #else 431 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 432 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 433 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 434 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 435 #endif 436 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 437 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 438 #ifdef GSSAPI 439 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 440 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 441 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 442 #else 443 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 444 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 445 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 446 #endif 447 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 448 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 449 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 450 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 451 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 452 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 453 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 454 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 455 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 456 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 457 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 458 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 459 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 460 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 461 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 462 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 463 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 464 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 465 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 466 { "compression", sCompression, SSHCFG_GLOBAL }, 467 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 468 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 469 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 470 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 471 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 472 { "allowusers", sAllowUsers, SSHCFG_ALL }, 473 { "denyusers", sDenyUsers, SSHCFG_ALL }, 474 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 475 { "denygroups", sDenyGroups, SSHCFG_ALL }, 476 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 477 { "macs", sMacs, SSHCFG_GLOBAL }, 478 { "protocol", sIgnore, SSHCFG_GLOBAL }, 479 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 480 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 481 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 482 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 483 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 484 { "banner", sBanner, SSHCFG_ALL }, 485 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 486 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 487 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 488 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 489 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 490 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 491 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 492 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 493 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 494 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 495 { "permittty", sPermitTTY, SSHCFG_ALL }, 496 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 497 { "match", sMatch, SSHCFG_ALL }, 498 { "permitopen", sPermitOpen, SSHCFG_ALL }, 499 { "forcecommand", sForceCommand, SSHCFG_ALL }, 500 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 501 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 502 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 503 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 504 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 505 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 506 { "ipqos", sIPQoS, SSHCFG_ALL }, 507 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 508 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 509 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 510 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 511 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 512 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 513 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 514 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 515 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 516 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 517 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 518 { NULL, sBadOption, 0 } 519 }; 520 521 static struct { 522 int val; 523 char *text; 524 } tunmode_desc[] = { 525 { SSH_TUNMODE_NO, "no" }, 526 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 527 { SSH_TUNMODE_ETHERNET, "ethernet" }, 528 { SSH_TUNMODE_YES, "yes" }, 529 { -1, NULL } 530 }; 531 532 /* 533 * Returns the number of the token pointed to by cp or sBadOption. 534 */ 535 536 static ServerOpCodes 537 parse_token(const char *cp, const char *filename, 538 int linenum, u_int *flags) 539 { 540 u_int i; 541 542 for (i = 0; keywords[i].name; i++) 543 if (strcasecmp(cp, keywords[i].name) == 0) { 544 *flags = keywords[i].flags; 545 return keywords[i].opcode; 546 } 547 548 error("%s: line %d: Bad configuration option: %s", 549 filename, linenum, cp); 550 return sBadOption; 551 } 552 553 char * 554 derelativise_path(const char *path) 555 { 556 char *expanded, *ret, cwd[PATH_MAX]; 557 558 if (strcasecmp(path, "none") == 0) 559 return xstrdup("none"); 560 expanded = tilde_expand_filename(path, getuid()); 561 if (*expanded == '/') 562 return expanded; 563 if (getcwd(cwd, sizeof(cwd)) == NULL) 564 fatal("%s: getcwd: %s", __func__, strerror(errno)); 565 xasprintf(&ret, "%s/%s", cwd, expanded); 566 free(expanded); 567 return ret; 568 } 569 570 static void 571 add_listen_addr(ServerOptions *options, char *addr, int port) 572 { 573 u_int i; 574 575 if (port == 0) 576 for (i = 0; i < options->num_ports; i++) 577 add_one_listen_addr(options, addr, options->ports[i]); 578 else 579 add_one_listen_addr(options, addr, port); 580 } 581 582 static void 583 add_one_listen_addr(ServerOptions *options, char *addr, int port) 584 { 585 struct addrinfo hints, *ai, *aitop; 586 char strport[NI_MAXSERV]; 587 int gaierr; 588 589 memset(&hints, 0, sizeof(hints)); 590 hints.ai_family = options->address_family; 591 hints.ai_socktype = SOCK_STREAM; 592 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 593 snprintf(strport, sizeof strport, "%d", port); 594 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 595 fatal("bad addr or host: %s (%s)", 596 addr ? addr : "<NULL>", 597 ssh_gai_strerror(gaierr)); 598 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 599 ; 600 ai->ai_next = options->listen_addrs; 601 options->listen_addrs = aitop; 602 } 603 604 /* 605 * Queue a ListenAddress to be processed once we have all of the Ports 606 * and AddressFamily options. 607 */ 608 static void 609 queue_listen_addr(ServerOptions *options, char *addr, int port) 610 { 611 options->queued_listen_addrs = xreallocarray( 612 options->queued_listen_addrs, options->num_queued_listens + 1, 613 sizeof(addr)); 614 options->queued_listen_ports = xreallocarray( 615 options->queued_listen_ports, options->num_queued_listens + 1, 616 sizeof(port)); 617 options->queued_listen_addrs[options->num_queued_listens] = 618 xstrdup(addr); 619 options->queued_listen_ports[options->num_queued_listens] = port; 620 options->num_queued_listens++; 621 } 622 623 /* 624 * Process queued (text) ListenAddress entries. 625 */ 626 static void 627 process_queued_listen_addrs(ServerOptions *options) 628 { 629 u_int i; 630 631 if (options->num_ports == 0) 632 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 633 if (options->address_family == -1) 634 options->address_family = AF_UNSPEC; 635 636 for (i = 0; i < options->num_queued_listens; i++) { 637 add_listen_addr(options, options->queued_listen_addrs[i], 638 options->queued_listen_ports[i]); 639 free(options->queued_listen_addrs[i]); 640 options->queued_listen_addrs[i] = NULL; 641 } 642 free(options->queued_listen_addrs); 643 options->queued_listen_addrs = NULL; 644 free(options->queued_listen_ports); 645 options->queued_listen_ports = NULL; 646 options->num_queued_listens = 0; 647 } 648 649 struct connection_info * 650 get_connection_info(int populate, int use_dns) 651 { 652 struct ssh *ssh = active_state; /* XXX */ 653 static struct connection_info ci; 654 655 if (!populate) 656 return &ci; 657 ci.host = auth_get_canonical_hostname(ssh, use_dns); 658 ci.address = ssh_remote_ipaddr(ssh); 659 ci.laddress = ssh_local_ipaddr(ssh); 660 ci.lport = ssh_local_port(ssh); 661 return &ci; 662 } 663 664 /* 665 * The strategy for the Match blocks is that the config file is parsed twice. 666 * 667 * The first time is at startup. activep is initialized to 1 and the 668 * directives in the global context are processed and acted on. Hitting a 669 * Match directive unsets activep and the directives inside the block are 670 * checked for syntax only. 671 * 672 * The second time is after a connection has been established but before 673 * authentication. activep is initialized to 2 and global config directives 674 * are ignored since they have already been processed. If the criteria in a 675 * Match block is met, activep is set and the subsequent directives 676 * processed and actioned until EOF or another Match block unsets it. Any 677 * options set are copied into the main server config. 678 * 679 * Potential additions/improvements: 680 * - Add Match support for pre-kex directives, eg. Ciphers. 681 * 682 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 683 * Match Address 192.168.0.* 684 * Tag trusted 685 * Match Group wheel 686 * Tag trusted 687 * Match Tag trusted 688 * AllowTcpForwarding yes 689 * GatewayPorts clientspecified 690 * [...] 691 * 692 * - Add a PermittedChannelRequests directive 693 * Match Group shell 694 * PermittedChannelRequests session,forwarded-tcpip 695 */ 696 697 static int 698 match_cfg_line_group(const char *grps, int line, const char *user) 699 { 700 int result = 0; 701 struct passwd *pw; 702 703 if (user == NULL) 704 goto out; 705 706 if ((pw = getpwnam(user)) == NULL) { 707 debug("Can't match group at line %d because user %.100s does " 708 "not exist", line, user); 709 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 710 debug("Can't Match group because user %.100s not in any group " 711 "at line %d", user, line); 712 } else if (ga_match_pattern_list(grps) != 1) { 713 debug("user %.100s does not match group list %.100s at line %d", 714 user, grps, line); 715 } else { 716 debug("user %.100s matched group list %.100s at line %d", user, 717 grps, line); 718 result = 1; 719 } 720 out: 721 ga_free(); 722 return result; 723 } 724 725 /* 726 * All of the attributes on a single Match line are ANDed together, so we need 727 * to check every attribute and set the result to zero if any attribute does 728 * not match. 729 */ 730 static int 731 match_cfg_line(char **condition, int line, struct connection_info *ci) 732 { 733 int result = 1, attributes = 0, port; 734 char *arg, *attrib, *cp = *condition; 735 736 if (ci == NULL) 737 debug3("checking syntax for 'Match %s'", cp); 738 else 739 debug3("checking match for '%s' user %s host %s addr %s " 740 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 741 ci->host ? ci->host : "(null)", 742 ci->address ? ci->address : "(null)", 743 ci->laddress ? ci->laddress : "(null)", ci->lport); 744 745 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 746 attributes++; 747 if (strcasecmp(attrib, "all") == 0) { 748 if (attributes != 1 || 749 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 750 error("'all' cannot be combined with other " 751 "Match attributes"); 752 return -1; 753 } 754 *condition = cp; 755 return 1; 756 } 757 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 758 error("Missing Match criteria for %s", attrib); 759 return -1; 760 } 761 if (strcasecmp(attrib, "user") == 0) { 762 if (ci == NULL || ci->user == NULL) { 763 result = 0; 764 continue; 765 } 766 if (match_pattern_list(ci->user, arg, 0) != 1) 767 result = 0; 768 else 769 debug("user %.100s matched 'User %.100s' at " 770 "line %d", ci->user, arg, line); 771 } else if (strcasecmp(attrib, "group") == 0) { 772 if (ci == NULL || ci->user == NULL) { 773 result = 0; 774 continue; 775 } 776 switch (match_cfg_line_group(arg, line, ci->user)) { 777 case -1: 778 return -1; 779 case 0: 780 result = 0; 781 } 782 } else if (strcasecmp(attrib, "host") == 0) { 783 if (ci == NULL || ci->host == NULL) { 784 result = 0; 785 continue; 786 } 787 if (match_hostname(ci->host, arg) != 1) 788 result = 0; 789 else 790 debug("connection from %.100s matched 'Host " 791 "%.100s' at line %d", ci->host, arg, line); 792 } else if (strcasecmp(attrib, "address") == 0) { 793 if (ci == NULL || ci->address == NULL) { 794 result = 0; 795 continue; 796 } 797 switch (addr_match_list(ci->address, arg)) { 798 case 1: 799 debug("connection from %.100s matched 'Address " 800 "%.100s' at line %d", ci->address, arg, line); 801 break; 802 case 0: 803 case -1: 804 result = 0; 805 break; 806 case -2: 807 return -1; 808 } 809 } else if (strcasecmp(attrib, "localaddress") == 0){ 810 if (ci == NULL || ci->laddress == NULL) { 811 result = 0; 812 continue; 813 } 814 switch (addr_match_list(ci->laddress, arg)) { 815 case 1: 816 debug("connection from %.100s matched " 817 "'LocalAddress %.100s' at line %d", 818 ci->laddress, arg, line); 819 break; 820 case 0: 821 case -1: 822 result = 0; 823 break; 824 case -2: 825 return -1; 826 } 827 } else if (strcasecmp(attrib, "localport") == 0) { 828 if ((port = a2port(arg)) == -1) { 829 error("Invalid LocalPort '%s' on Match line", 830 arg); 831 return -1; 832 } 833 if (ci == NULL || ci->lport == 0) { 834 result = 0; 835 continue; 836 } 837 /* TODO support port lists */ 838 if (port == ci->lport) 839 debug("connection from %.100s matched " 840 "'LocalPort %d' at line %d", 841 ci->laddress, port, line); 842 else 843 result = 0; 844 } else { 845 error("Unsupported Match attribute %s", attrib); 846 return -1; 847 } 848 } 849 if (attributes == 0) { 850 error("One or more attributes required for Match"); 851 return -1; 852 } 853 if (ci != NULL) 854 debug3("match %sfound", result ? "" : "not "); 855 *condition = cp; 856 return result; 857 } 858 859 #define WHITESPACE " \t\r\n" 860 861 /* Multistate option parsing */ 862 struct multistate { 863 char *key; 864 int value; 865 }; 866 static const struct multistate multistate_addressfamily[] = { 867 { "inet", AF_INET }, 868 { "inet6", AF_INET6 }, 869 { "any", AF_UNSPEC }, 870 { NULL, -1 } 871 }; 872 static const struct multistate multistate_permitrootlogin[] = { 873 { "without-password", PERMIT_NO_PASSWD }, 874 { "prohibit-password", PERMIT_NO_PASSWD }, 875 { "forced-commands-only", PERMIT_FORCED_ONLY }, 876 { "yes", PERMIT_YES }, 877 { "no", PERMIT_NO }, 878 { NULL, -1 } 879 }; 880 static const struct multistate multistate_compression[] = { 881 { "yes", COMP_DELAYED }, 882 { "delayed", COMP_DELAYED }, 883 { "no", COMP_NONE }, 884 { NULL, -1 } 885 }; 886 static const struct multistate multistate_gatewayports[] = { 887 { "clientspecified", 2 }, 888 { "yes", 1 }, 889 { "no", 0 }, 890 { NULL, -1 } 891 }; 892 static const struct multistate multistate_privsep[] = { 893 { "yes", PRIVSEP_NOSANDBOX }, 894 { "sandbox", PRIVSEP_ON }, 895 { "nosandbox", PRIVSEP_NOSANDBOX }, 896 { "no", PRIVSEP_OFF }, 897 { NULL, -1 } 898 }; 899 static const struct multistate multistate_tcpfwd[] = { 900 { "yes", FORWARD_ALLOW }, 901 { "all", FORWARD_ALLOW }, 902 { "no", FORWARD_DENY }, 903 { "remote", FORWARD_REMOTE }, 904 { "local", FORWARD_LOCAL }, 905 { NULL, -1 } 906 }; 907 908 int 909 process_server_config_line(ServerOptions *options, char *line, 910 const char *filename, int linenum, int *activep, 911 struct connection_info *connectinfo) 912 { 913 char *cp, **charptr, *arg, *p; 914 int cmdline = 0, *intptr, value, value2, n, port; 915 SyslogFacility *log_facility_ptr; 916 LogLevel *log_level_ptr; 917 ServerOpCodes opcode; 918 u_int i, flags = 0; 919 size_t len; 920 long long val64; 921 const struct multistate *multistate_ptr; 922 923 cp = line; 924 if ((arg = strdelim(&cp)) == NULL) 925 return 0; 926 /* Ignore leading whitespace */ 927 if (*arg == '\0') 928 arg = strdelim(&cp); 929 if (!arg || !*arg || *arg == '#') 930 return 0; 931 intptr = NULL; 932 charptr = NULL; 933 opcode = parse_token(arg, filename, linenum, &flags); 934 935 if (activep == NULL) { /* We are processing a command line directive */ 936 cmdline = 1; 937 activep = &cmdline; 938 } 939 if (*activep && opcode != sMatch) 940 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 941 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 942 if (connectinfo == NULL) { 943 fatal("%s line %d: Directive '%s' is not allowed " 944 "within a Match block", filename, linenum, arg); 945 } else { /* this is a directive we have already processed */ 946 while (arg) 947 arg = strdelim(&cp); 948 return 0; 949 } 950 } 951 952 switch (opcode) { 953 case sBadOption: 954 return -1; 955 case sPort: 956 /* ignore ports from configfile if cmdline specifies ports */ 957 if (options->ports_from_cmdline) 958 return 0; 959 if (options->num_ports >= MAX_PORTS) 960 fatal("%s line %d: too many ports.", 961 filename, linenum); 962 arg = strdelim(&cp); 963 if (!arg || *arg == '\0') 964 fatal("%s line %d: missing port number.", 965 filename, linenum); 966 options->ports[options->num_ports++] = a2port(arg); 967 if (options->ports[options->num_ports-1] <= 0) 968 fatal("%s line %d: Badly formatted port number.", 969 filename, linenum); 970 break; 971 972 case sLoginGraceTime: 973 intptr = &options->login_grace_time; 974 parse_time: 975 arg = strdelim(&cp); 976 if (!arg || *arg == '\0') 977 fatal("%s line %d: missing time value.", 978 filename, linenum); 979 if ((value = convtime(arg)) == -1) 980 fatal("%s line %d: invalid time value.", 981 filename, linenum); 982 if (*activep && *intptr == -1) 983 *intptr = value; 984 break; 985 986 case sListenAddress: 987 arg = strdelim(&cp); 988 if (arg == NULL || *arg == '\0') 989 fatal("%s line %d: missing address", 990 filename, linenum); 991 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 992 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 993 && strchr(p+1, ':') != NULL) { 994 queue_listen_addr(options, arg, 0); 995 break; 996 } 997 p = hpdelim(&arg); 998 if (p == NULL) 999 fatal("%s line %d: bad address:port usage", 1000 filename, linenum); 1001 p = cleanhostname(p); 1002 if (arg == NULL) 1003 port = 0; 1004 else if ((port = a2port(arg)) <= 0) 1005 fatal("%s line %d: bad port number", filename, linenum); 1006 1007 queue_listen_addr(options, p, port); 1008 1009 break; 1010 1011 case sAddressFamily: 1012 intptr = &options->address_family; 1013 multistate_ptr = multistate_addressfamily; 1014 parse_multistate: 1015 arg = strdelim(&cp); 1016 if (!arg || *arg == '\0') 1017 fatal("%s line %d: missing argument.", 1018 filename, linenum); 1019 value = -1; 1020 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1021 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1022 value = multistate_ptr[i].value; 1023 break; 1024 } 1025 } 1026 if (value == -1) 1027 fatal("%s line %d: unsupported option \"%s\".", 1028 filename, linenum, arg); 1029 if (*activep && *intptr == -1) 1030 *intptr = value; 1031 break; 1032 1033 case sHostKeyFile: 1034 intptr = &options->num_host_key_files; 1035 if (*intptr >= MAX_HOSTKEYS) 1036 fatal("%s line %d: too many host keys specified (max %d).", 1037 filename, linenum, MAX_HOSTKEYS); 1038 charptr = &options->host_key_files[*intptr]; 1039 parse_filename: 1040 arg = strdelim(&cp); 1041 if (!arg || *arg == '\0') 1042 fatal("%s line %d: missing file name.", 1043 filename, linenum); 1044 if (*activep && *charptr == NULL) { 1045 *charptr = derelativise_path(arg); 1046 /* increase optional counter */ 1047 if (intptr != NULL) 1048 *intptr = *intptr + 1; 1049 } 1050 break; 1051 1052 case sHostKeyAgent: 1053 charptr = &options->host_key_agent; 1054 arg = strdelim(&cp); 1055 if (!arg || *arg == '\0') 1056 fatal("%s line %d: missing socket name.", 1057 filename, linenum); 1058 if (*activep && *charptr == NULL) 1059 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1060 xstrdup(arg) : derelativise_path(arg); 1061 break; 1062 1063 case sHostCertificate: 1064 intptr = &options->num_host_cert_files; 1065 if (*intptr >= MAX_HOSTKEYS) 1066 fatal("%s line %d: too many host certificates " 1067 "specified (max %d).", filename, linenum, 1068 MAX_HOSTCERTS); 1069 charptr = &options->host_cert_files[*intptr]; 1070 goto parse_filename; 1071 1072 case sPidFile: 1073 charptr = &options->pid_file; 1074 goto parse_filename; 1075 1076 case sPermitRootLogin: 1077 intptr = &options->permit_root_login; 1078 multistate_ptr = multistate_permitrootlogin; 1079 goto parse_multistate; 1080 1081 case sIgnoreRhosts: 1082 intptr = &options->ignore_rhosts; 1083 parse_flag: 1084 arg = strdelim(&cp); 1085 if (!arg || *arg == '\0') 1086 fatal("%s line %d: missing yes/no argument.", 1087 filename, linenum); 1088 value = 0; /* silence compiler */ 1089 if (strcmp(arg, "yes") == 0) 1090 value = 1; 1091 else if (strcmp(arg, "no") == 0) 1092 value = 0; 1093 else 1094 fatal("%s line %d: Bad yes/no argument: %s", 1095 filename, linenum, arg); 1096 if (*activep && *intptr == -1) 1097 *intptr = value; 1098 break; 1099 1100 case sIgnoreUserKnownHosts: 1101 intptr = &options->ignore_user_known_hosts; 1102 goto parse_flag; 1103 1104 case sHostbasedAuthentication: 1105 intptr = &options->hostbased_authentication; 1106 goto parse_flag; 1107 1108 case sHostbasedUsesNameFromPacketOnly: 1109 intptr = &options->hostbased_uses_name_from_packet_only; 1110 goto parse_flag; 1111 1112 case sHostbasedAcceptedKeyTypes: 1113 charptr = &options->hostbased_key_types; 1114 parse_keytypes: 1115 arg = strdelim(&cp); 1116 if (!arg || *arg == '\0') 1117 fatal("%s line %d: Missing argument.", 1118 filename, linenum); 1119 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) 1120 fatal("%s line %d: Bad key types '%s'.", 1121 filename, linenum, arg ? arg : "<NONE>"); 1122 if (*activep && *charptr == NULL) 1123 *charptr = xstrdup(arg); 1124 break; 1125 1126 case sHostKeyAlgorithms: 1127 charptr = &options->hostkeyalgorithms; 1128 goto parse_keytypes; 1129 1130 case sPubkeyAuthentication: 1131 intptr = &options->pubkey_authentication; 1132 goto parse_flag; 1133 1134 case sPubkeyAcceptedKeyTypes: 1135 charptr = &options->pubkey_key_types; 1136 goto parse_keytypes; 1137 1138 case sKerberosAuthentication: 1139 intptr = &options->kerberos_authentication; 1140 goto parse_flag; 1141 1142 case sKerberosOrLocalPasswd: 1143 intptr = &options->kerberos_or_local_passwd; 1144 goto parse_flag; 1145 1146 case sKerberosTicketCleanup: 1147 intptr = &options->kerberos_ticket_cleanup; 1148 goto parse_flag; 1149 1150 case sKerberosGetAFSToken: 1151 intptr = &options->kerberos_get_afs_token; 1152 goto parse_flag; 1153 1154 case sGssAuthentication: 1155 intptr = &options->gss_authentication; 1156 goto parse_flag; 1157 1158 case sGssCleanupCreds: 1159 intptr = &options->gss_cleanup_creds; 1160 goto parse_flag; 1161 1162 case sGssStrictAcceptor: 1163 intptr = &options->gss_strict_acceptor; 1164 goto parse_flag; 1165 1166 case sPasswordAuthentication: 1167 intptr = &options->password_authentication; 1168 goto parse_flag; 1169 1170 case sKbdInteractiveAuthentication: 1171 intptr = &options->kbd_interactive_authentication; 1172 goto parse_flag; 1173 1174 case sChallengeResponseAuthentication: 1175 intptr = &options->challenge_response_authentication; 1176 goto parse_flag; 1177 1178 case sPrintMotd: 1179 intptr = &options->print_motd; 1180 goto parse_flag; 1181 1182 case sPrintLastLog: 1183 intptr = &options->print_lastlog; 1184 goto parse_flag; 1185 1186 case sX11Forwarding: 1187 intptr = &options->x11_forwarding; 1188 goto parse_flag; 1189 1190 case sX11DisplayOffset: 1191 intptr = &options->x11_display_offset; 1192 parse_int: 1193 arg = strdelim(&cp); 1194 if (!arg || *arg == '\0') 1195 fatal("%s line %d: missing integer value.", 1196 filename, linenum); 1197 value = atoi(arg); 1198 if (*activep && *intptr == -1) 1199 *intptr = value; 1200 break; 1201 1202 case sX11UseLocalhost: 1203 intptr = &options->x11_use_localhost; 1204 goto parse_flag; 1205 1206 case sXAuthLocation: 1207 charptr = &options->xauth_location; 1208 goto parse_filename; 1209 1210 case sPermitTTY: 1211 intptr = &options->permit_tty; 1212 goto parse_flag; 1213 1214 case sPermitUserRC: 1215 intptr = &options->permit_user_rc; 1216 goto parse_flag; 1217 1218 case sStrictModes: 1219 intptr = &options->strict_modes; 1220 goto parse_flag; 1221 1222 case sTCPKeepAlive: 1223 intptr = &options->tcp_keep_alive; 1224 goto parse_flag; 1225 1226 case sEmptyPasswd: 1227 intptr = &options->permit_empty_passwd; 1228 goto parse_flag; 1229 1230 case sPermitUserEnvironment: 1231 intptr = &options->permit_user_env; 1232 goto parse_flag; 1233 1234 case sCompression: 1235 intptr = &options->compression; 1236 multistate_ptr = multistate_compression; 1237 goto parse_multistate; 1238 1239 case sRekeyLimit: 1240 arg = strdelim(&cp); 1241 if (!arg || *arg == '\0') 1242 fatal("%.200s line %d: Missing argument.", filename, 1243 linenum); 1244 if (strcmp(arg, "default") == 0) { 1245 val64 = 0; 1246 } else { 1247 if (scan_scaled(arg, &val64) == -1) 1248 fatal("%.200s line %d: Bad number '%s': %s", 1249 filename, linenum, arg, strerror(errno)); 1250 if (val64 != 0 && val64 < 16) 1251 fatal("%.200s line %d: RekeyLimit too small", 1252 filename, linenum); 1253 } 1254 if (*activep && options->rekey_limit == -1) 1255 options->rekey_limit = val64; 1256 if (cp != NULL) { /* optional rekey interval present */ 1257 if (strcmp(cp, "none") == 0) { 1258 (void)strdelim(&cp); /* discard */ 1259 break; 1260 } 1261 intptr = &options->rekey_interval; 1262 goto parse_time; 1263 } 1264 break; 1265 1266 case sGatewayPorts: 1267 intptr = &options->fwd_opts.gateway_ports; 1268 multistate_ptr = multistate_gatewayports; 1269 goto parse_multistate; 1270 1271 case sUseDNS: 1272 intptr = &options->use_dns; 1273 goto parse_flag; 1274 1275 case sLogFacility: 1276 log_facility_ptr = &options->log_facility; 1277 arg = strdelim(&cp); 1278 value = log_facility_number(arg); 1279 if (value == SYSLOG_FACILITY_NOT_SET) 1280 fatal("%.200s line %d: unsupported log facility '%s'", 1281 filename, linenum, arg ? arg : "<NONE>"); 1282 if (*log_facility_ptr == -1) 1283 *log_facility_ptr = (SyslogFacility) value; 1284 break; 1285 1286 case sLogLevel: 1287 log_level_ptr = &options->log_level; 1288 arg = strdelim(&cp); 1289 value = log_level_number(arg); 1290 if (value == SYSLOG_LEVEL_NOT_SET) 1291 fatal("%.200s line %d: unsupported log level '%s'", 1292 filename, linenum, arg ? arg : "<NONE>"); 1293 if (*log_level_ptr == -1) 1294 *log_level_ptr = (LogLevel) value; 1295 break; 1296 1297 case sAllowTcpForwarding: 1298 intptr = &options->allow_tcp_forwarding; 1299 multistate_ptr = multistate_tcpfwd; 1300 goto parse_multistate; 1301 1302 case sAllowStreamLocalForwarding: 1303 intptr = &options->allow_streamlocal_forwarding; 1304 multistate_ptr = multistate_tcpfwd; 1305 goto parse_multistate; 1306 1307 case sAllowAgentForwarding: 1308 intptr = &options->allow_agent_forwarding; 1309 goto parse_flag; 1310 1311 case sDisableForwarding: 1312 intptr = &options->disable_forwarding; 1313 goto parse_flag; 1314 1315 case sUsePrivilegeSeparation: 1316 intptr = &use_privsep; 1317 multistate_ptr = multistate_privsep; 1318 goto parse_multistate; 1319 1320 case sAllowUsers: 1321 while ((arg = strdelim(&cp)) && *arg != '\0') { 1322 if (options->num_allow_users >= MAX_ALLOW_USERS) 1323 fatal("%s line %d: too many allow users.", 1324 filename, linenum); 1325 if (match_user(NULL, NULL, NULL, arg) == -1) 1326 fatal("%s line %d: invalid AllowUsers pattern: " 1327 "\"%.100s\"", filename, linenum, arg); 1328 if (!*activep) 1329 continue; 1330 options->allow_users[options->num_allow_users++] = 1331 xstrdup(arg); 1332 } 1333 break; 1334 1335 case sDenyUsers: 1336 while ((arg = strdelim(&cp)) && *arg != '\0') { 1337 if (options->num_deny_users >= MAX_DENY_USERS) 1338 fatal("%s line %d: too many deny users.", 1339 filename, linenum); 1340 if (match_user(NULL, NULL, NULL, arg) == -1) 1341 fatal("%s line %d: invalid DenyUsers pattern: " 1342 "\"%.100s\"", filename, linenum, arg); 1343 if (!*activep) 1344 continue; 1345 options->deny_users[options->num_deny_users++] = 1346 xstrdup(arg); 1347 } 1348 break; 1349 1350 case sAllowGroups: 1351 while ((arg = strdelim(&cp)) && *arg != '\0') { 1352 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 1353 fatal("%s line %d: too many allow groups.", 1354 filename, linenum); 1355 if (!*activep) 1356 continue; 1357 options->allow_groups[options->num_allow_groups++] = 1358 xstrdup(arg); 1359 } 1360 break; 1361 1362 case sDenyGroups: 1363 while ((arg = strdelim(&cp)) && *arg != '\0') { 1364 if (options->num_deny_groups >= MAX_DENY_GROUPS) 1365 fatal("%s line %d: too many deny groups.", 1366 filename, linenum); 1367 if (!*activep) 1368 continue; 1369 options->deny_groups[options->num_deny_groups++] = 1370 xstrdup(arg); 1371 } 1372 break; 1373 1374 case sCiphers: 1375 arg = strdelim(&cp); 1376 if (!arg || *arg == '\0') 1377 fatal("%s line %d: Missing argument.", filename, linenum); 1378 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) 1379 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1380 filename, linenum, arg ? arg : "<NONE>"); 1381 if (options->ciphers == NULL) 1382 options->ciphers = xstrdup(arg); 1383 break; 1384 1385 case sMacs: 1386 arg = strdelim(&cp); 1387 if (!arg || *arg == '\0') 1388 fatal("%s line %d: Missing argument.", filename, linenum); 1389 if (!mac_valid(*arg == '+' ? arg + 1 : arg)) 1390 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1391 filename, linenum, arg ? arg : "<NONE>"); 1392 if (options->macs == NULL) 1393 options->macs = xstrdup(arg); 1394 break; 1395 1396 case sKexAlgorithms: 1397 arg = strdelim(&cp); 1398 if (!arg || *arg == '\0') 1399 fatal("%s line %d: Missing argument.", 1400 filename, linenum); 1401 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) 1402 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1403 filename, linenum, arg ? arg : "<NONE>"); 1404 if (options->kex_algorithms == NULL) 1405 options->kex_algorithms = xstrdup(arg); 1406 break; 1407 1408 case sSubsystem: 1409 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1410 fatal("%s line %d: too many subsystems defined.", 1411 filename, linenum); 1412 } 1413 arg = strdelim(&cp); 1414 if (!arg || *arg == '\0') 1415 fatal("%s line %d: Missing subsystem name.", 1416 filename, linenum); 1417 if (!*activep) { 1418 arg = strdelim(&cp); 1419 break; 1420 } 1421 for (i = 0; i < options->num_subsystems; i++) 1422 if (strcmp(arg, options->subsystem_name[i]) == 0) 1423 fatal("%s line %d: Subsystem '%s' already defined.", 1424 filename, linenum, arg); 1425 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1426 arg = strdelim(&cp); 1427 if (!arg || *arg == '\0') 1428 fatal("%s line %d: Missing subsystem command.", 1429 filename, linenum); 1430 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1431 1432 /* Collect arguments (separate to executable) */ 1433 p = xstrdup(arg); 1434 len = strlen(p) + 1; 1435 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1436 len += 1 + strlen(arg); 1437 p = xreallocarray(p, 1, len); 1438 strlcat(p, " ", len); 1439 strlcat(p, arg, len); 1440 } 1441 options->subsystem_args[options->num_subsystems] = p; 1442 options->num_subsystems++; 1443 break; 1444 1445 case sMaxStartups: 1446 arg = strdelim(&cp); 1447 if (!arg || *arg == '\0') 1448 fatal("%s line %d: Missing MaxStartups spec.", 1449 filename, linenum); 1450 if ((n = sscanf(arg, "%d:%d:%d", 1451 &options->max_startups_begin, 1452 &options->max_startups_rate, 1453 &options->max_startups)) == 3) { 1454 if (options->max_startups_begin > 1455 options->max_startups || 1456 options->max_startups_rate > 100 || 1457 options->max_startups_rate < 1) 1458 fatal("%s line %d: Illegal MaxStartups spec.", 1459 filename, linenum); 1460 } else if (n != 1) 1461 fatal("%s line %d: Illegal MaxStartups spec.", 1462 filename, linenum); 1463 else 1464 options->max_startups = options->max_startups_begin; 1465 break; 1466 1467 case sMaxAuthTries: 1468 intptr = &options->max_authtries; 1469 goto parse_int; 1470 1471 case sMaxSessions: 1472 intptr = &options->max_sessions; 1473 goto parse_int; 1474 1475 case sBanner: 1476 charptr = &options->banner; 1477 goto parse_filename; 1478 1479 /* 1480 * These options can contain %X options expanded at 1481 * connect time, so that you can specify paths like: 1482 * 1483 * AuthorizedKeysFile /etc/ssh_keys/%u 1484 */ 1485 case sAuthorizedKeysFile: 1486 if (*activep && options->num_authkeys_files == 0) { 1487 while ((arg = strdelim(&cp)) && *arg != '\0') { 1488 if (options->num_authkeys_files >= 1489 MAX_AUTHKEYS_FILES) 1490 fatal("%s line %d: " 1491 "too many authorized keys files.", 1492 filename, linenum); 1493 options->authorized_keys_files[ 1494 options->num_authkeys_files++] = 1495 tilde_expand_filename(arg, getuid()); 1496 } 1497 } 1498 return 0; 1499 1500 case sAuthorizedPrincipalsFile: 1501 charptr = &options->authorized_principals_file; 1502 arg = strdelim(&cp); 1503 if (!arg || *arg == '\0') 1504 fatal("%s line %d: missing file name.", 1505 filename, linenum); 1506 if (*activep && *charptr == NULL) { 1507 *charptr = tilde_expand_filename(arg, getuid()); 1508 /* increase optional counter */ 1509 if (intptr != NULL) 1510 *intptr = *intptr + 1; 1511 } 1512 break; 1513 1514 case sClientAliveInterval: 1515 intptr = &options->client_alive_interval; 1516 goto parse_time; 1517 1518 case sClientAliveCountMax: 1519 intptr = &options->client_alive_count_max; 1520 goto parse_int; 1521 1522 case sAcceptEnv: 1523 while ((arg = strdelim(&cp)) && *arg != '\0') { 1524 if (strchr(arg, '=') != NULL) 1525 fatal("%s line %d: Invalid environment name.", 1526 filename, linenum); 1527 if (options->num_accept_env >= MAX_ACCEPT_ENV) 1528 fatal("%s line %d: too many allow env.", 1529 filename, linenum); 1530 if (!*activep) 1531 continue; 1532 options->accept_env[options->num_accept_env++] = 1533 xstrdup(arg); 1534 } 1535 break; 1536 1537 case sPermitTunnel: 1538 intptr = &options->permit_tun; 1539 arg = strdelim(&cp); 1540 if (!arg || *arg == '\0') 1541 fatal("%s line %d: Missing yes/point-to-point/" 1542 "ethernet/no argument.", filename, linenum); 1543 value = -1; 1544 for (i = 0; tunmode_desc[i].val != -1; i++) 1545 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1546 value = tunmode_desc[i].val; 1547 break; 1548 } 1549 if (value == -1) 1550 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1551 "no argument: %s", filename, linenum, arg); 1552 if (*activep && *intptr == -1) 1553 *intptr = value; 1554 break; 1555 1556 case sMatch: 1557 if (cmdline) 1558 fatal("Match directive not supported as a command-line " 1559 "option"); 1560 value = match_cfg_line(&cp, linenum, connectinfo); 1561 if (value < 0) 1562 fatal("%s line %d: Bad Match condition", filename, 1563 linenum); 1564 *activep = value; 1565 break; 1566 1567 case sPermitOpen: 1568 arg = strdelim(&cp); 1569 if (!arg || *arg == '\0') 1570 fatal("%s line %d: missing PermitOpen specification", 1571 filename, linenum); 1572 n = options->num_permitted_opens; /* modified later */ 1573 if (strcmp(arg, "any") == 0) { 1574 if (*activep && n == -1) { 1575 channel_clear_adm_permitted_opens(); 1576 options->num_permitted_opens = 0; 1577 } 1578 break; 1579 } 1580 if (strcmp(arg, "none") == 0) { 1581 if (*activep && n == -1) { 1582 options->num_permitted_opens = 1; 1583 channel_disable_adm_local_opens(); 1584 } 1585 break; 1586 } 1587 if (*activep && n == -1) 1588 channel_clear_adm_permitted_opens(); 1589 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 1590 p = hpdelim(&arg); 1591 if (p == NULL) 1592 fatal("%s line %d: missing host in PermitOpen", 1593 filename, linenum); 1594 p = cleanhostname(p); 1595 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 1596 fatal("%s line %d: bad port number in " 1597 "PermitOpen", filename, linenum); 1598 if (*activep && n == -1) 1599 options->num_permitted_opens = 1600 channel_add_adm_permitted_opens(p, port); 1601 } 1602 break; 1603 1604 case sForceCommand: 1605 if (cp == NULL || *cp == '\0') 1606 fatal("%.200s line %d: Missing argument.", filename, 1607 linenum); 1608 len = strspn(cp, WHITESPACE); 1609 if (*activep && options->adm_forced_command == NULL) 1610 options->adm_forced_command = xstrdup(cp + len); 1611 return 0; 1612 1613 case sChrootDirectory: 1614 charptr = &options->chroot_directory; 1615 1616 arg = strdelim(&cp); 1617 if (!arg || *arg == '\0') 1618 fatal("%s line %d: missing file name.", 1619 filename, linenum); 1620 if (*activep && *charptr == NULL) 1621 *charptr = xstrdup(arg); 1622 break; 1623 1624 case sTrustedUserCAKeys: 1625 charptr = &options->trusted_user_ca_keys; 1626 goto parse_filename; 1627 1628 case sRevokedKeys: 1629 charptr = &options->revoked_keys_file; 1630 goto parse_filename; 1631 1632 case sIPQoS: 1633 arg = strdelim(&cp); 1634 if ((value = parse_ipqos(arg)) == -1) 1635 fatal("%s line %d: Bad IPQoS value: %s", 1636 filename, linenum, arg); 1637 arg = strdelim(&cp); 1638 if (arg == NULL) 1639 value2 = value; 1640 else if ((value2 = parse_ipqos(arg)) == -1) 1641 fatal("%s line %d: Bad IPQoS value: %s", 1642 filename, linenum, arg); 1643 if (*activep) { 1644 options->ip_qos_interactive = value; 1645 options->ip_qos_bulk = value2; 1646 } 1647 break; 1648 1649 case sVersionAddendum: 1650 if (cp == NULL || *cp == '\0') 1651 fatal("%.200s line %d: Missing argument.", filename, 1652 linenum); 1653 len = strspn(cp, WHITESPACE); 1654 if (*activep && options->version_addendum == NULL) { 1655 if (strcasecmp(cp + len, "none") == 0) 1656 options->version_addendum = xstrdup(""); 1657 else if (strchr(cp + len, '\r') != NULL) 1658 fatal("%.200s line %d: Invalid argument", 1659 filename, linenum); 1660 else 1661 options->version_addendum = xstrdup(cp + len); 1662 } 1663 return 0; 1664 1665 case sAuthorizedKeysCommand: 1666 if (cp == NULL) 1667 fatal("%.200s line %d: Missing argument.", filename, 1668 linenum); 1669 len = strspn(cp, WHITESPACE); 1670 if (*activep && options->authorized_keys_command == NULL) { 1671 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 1672 fatal("%.200s line %d: AuthorizedKeysCommand " 1673 "must be an absolute path", 1674 filename, linenum); 1675 options->authorized_keys_command = xstrdup(cp + len); 1676 } 1677 return 0; 1678 1679 case sAuthorizedKeysCommandUser: 1680 charptr = &options->authorized_keys_command_user; 1681 1682 arg = strdelim(&cp); 1683 if (!arg || *arg == '\0') 1684 fatal("%s line %d: missing AuthorizedKeysCommandUser " 1685 "argument.", filename, linenum); 1686 if (*activep && *charptr == NULL) 1687 *charptr = xstrdup(arg); 1688 break; 1689 1690 case sAuthorizedPrincipalsCommand: 1691 if (cp == NULL) 1692 fatal("%.200s line %d: Missing argument.", filename, 1693 linenum); 1694 len = strspn(cp, WHITESPACE); 1695 if (*activep && 1696 options->authorized_principals_command == NULL) { 1697 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 1698 fatal("%.200s line %d: " 1699 "AuthorizedPrincipalsCommand must be " 1700 "an absolute path", filename, linenum); 1701 options->authorized_principals_command = 1702 xstrdup(cp + len); 1703 } 1704 return 0; 1705 1706 case sAuthorizedPrincipalsCommandUser: 1707 charptr = &options->authorized_principals_command_user; 1708 1709 arg = strdelim(&cp); 1710 if (!arg || *arg == '\0') 1711 fatal("%s line %d: missing " 1712 "AuthorizedPrincipalsCommandUser argument.", 1713 filename, linenum); 1714 if (*activep && *charptr == NULL) 1715 *charptr = xstrdup(arg); 1716 break; 1717 1718 case sAuthenticationMethods: 1719 if (options->num_auth_methods == 0) { 1720 value = 0; /* seen "any" pseudo-method */ 1721 value2 = 0; /* sucessfully parsed any method */ 1722 while ((arg = strdelim(&cp)) && *arg != '\0') { 1723 if (options->num_auth_methods >= 1724 MAX_AUTH_METHODS) 1725 fatal("%s line %d: " 1726 "too many authentication methods.", 1727 filename, linenum); 1728 if (strcmp(arg, "any") == 0) { 1729 if (options->num_auth_methods > 0) { 1730 fatal("%s line %d: \"any\" " 1731 "must appear alone in " 1732 "AuthenticationMethods", 1733 filename, linenum); 1734 } 1735 value = 1; 1736 } else if (value) { 1737 fatal("%s line %d: \"any\" must appear " 1738 "alone in AuthenticationMethods", 1739 filename, linenum); 1740 } else if (auth2_methods_valid(arg, 0) != 0) { 1741 fatal("%s line %d: invalid " 1742 "authentication method list.", 1743 filename, linenum); 1744 } 1745 value2 = 1; 1746 if (!*activep) 1747 continue; 1748 options->auth_methods[ 1749 options->num_auth_methods++] = xstrdup(arg); 1750 } 1751 if (value2 == 0) { 1752 fatal("%s line %d: no AuthenticationMethods " 1753 "specified", filename, linenum); 1754 } 1755 } 1756 return 0; 1757 1758 case sStreamLocalBindMask: 1759 arg = strdelim(&cp); 1760 if (!arg || *arg == '\0') 1761 fatal("%s line %d: missing StreamLocalBindMask " 1762 "argument.", filename, linenum); 1763 /* Parse mode in octal format */ 1764 value = strtol(arg, &p, 8); 1765 if (arg == p || value < 0 || value > 0777) 1766 fatal("%s line %d: Bad mask.", filename, linenum); 1767 if (*activep) 1768 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 1769 break; 1770 1771 case sStreamLocalBindUnlink: 1772 intptr = &options->fwd_opts.streamlocal_bind_unlink; 1773 goto parse_flag; 1774 1775 case sFingerprintHash: 1776 arg = strdelim(&cp); 1777 if (!arg || *arg == '\0') 1778 fatal("%.200s line %d: Missing argument.", 1779 filename, linenum); 1780 if ((value = ssh_digest_alg_by_name(arg)) == -1) 1781 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 1782 filename, linenum, arg); 1783 if (*activep) 1784 options->fingerprint_hash = value; 1785 break; 1786 1787 case sDeprecated: 1788 case sIgnore: 1789 case sUnsupported: 1790 do_log2(opcode == sIgnore ? 1791 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 1792 "%s line %d: %s option %s", filename, linenum, 1793 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); 1794 while (arg) 1795 arg = strdelim(&cp); 1796 break; 1797 1798 default: 1799 fatal("%s line %d: Missing handler for opcode %s (%d)", 1800 filename, linenum, arg, opcode); 1801 } 1802 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 1803 fatal("%s line %d: garbage at end of line; \"%.200s\".", 1804 filename, linenum, arg); 1805 return 0; 1806 } 1807 1808 /* Reads the server configuration file. */ 1809 1810 void 1811 load_server_config(const char *filename, Buffer *conf) 1812 { 1813 char line[4096], *cp; 1814 FILE *f; 1815 int lineno = 0; 1816 1817 debug2("%s: filename %s", __func__, filename); 1818 if ((f = fopen(filename, "r")) == NULL) { 1819 perror(filename); 1820 exit(1); 1821 } 1822 buffer_clear(conf); 1823 while (fgets(line, sizeof(line), f)) { 1824 lineno++; 1825 if (strlen(line) == sizeof(line) - 1) 1826 fatal("%s line %d too long", filename, lineno); 1827 /* 1828 * Trim out comments and strip whitespace 1829 * NB - preserve newlines, they are needed to reproduce 1830 * line numbers later for error messages 1831 */ 1832 if ((cp = strchr(line, '#')) != NULL) 1833 memcpy(cp, "\n", 2); 1834 cp = line + strspn(line, " \t\r"); 1835 1836 buffer_append(conf, cp, strlen(cp)); 1837 } 1838 buffer_append(conf, "\0", 1); 1839 fclose(f); 1840 debug2("%s: done config len = %d", __func__, buffer_len(conf)); 1841 } 1842 1843 void 1844 parse_server_match_config(ServerOptions *options, 1845 struct connection_info *connectinfo) 1846 { 1847 ServerOptions mo; 1848 1849 initialize_server_options(&mo); 1850 parse_server_config(&mo, "reprocess config", &cfg, connectinfo); 1851 copy_set_server_options(options, &mo, 0); 1852 } 1853 1854 int parse_server_match_testspec(struct connection_info *ci, char *spec) 1855 { 1856 char *p; 1857 1858 while ((p = strsep(&spec, ",")) && *p != '\0') { 1859 if (strncmp(p, "addr=", 5) == 0) { 1860 ci->address = xstrdup(p + 5); 1861 } else if (strncmp(p, "host=", 5) == 0) { 1862 ci->host = xstrdup(p + 5); 1863 } else if (strncmp(p, "user=", 5) == 0) { 1864 ci->user = xstrdup(p + 5); 1865 } else if (strncmp(p, "laddr=", 6) == 0) { 1866 ci->laddress = xstrdup(p + 6); 1867 } else if (strncmp(p, "lport=", 6) == 0) { 1868 ci->lport = a2port(p + 6); 1869 if (ci->lport == -1) { 1870 fprintf(stderr, "Invalid port '%s' in test mode" 1871 " specification %s\n", p+6, p); 1872 return -1; 1873 } 1874 } else { 1875 fprintf(stderr, "Invalid test mode specification %s\n", 1876 p); 1877 return -1; 1878 } 1879 } 1880 return 0; 1881 } 1882 1883 /* 1884 * returns 1 for a complete spec, 0 for partial spec and -1 for an 1885 * empty spec. 1886 */ 1887 int server_match_spec_complete(struct connection_info *ci) 1888 { 1889 if (ci->user && ci->host && ci->address) 1890 return 1; /* complete */ 1891 if (!ci->user && !ci->host && !ci->address) 1892 return -1; /* empty */ 1893 return 0; /* partial */ 1894 } 1895 1896 /* 1897 * Copy any supported values that are set. 1898 * 1899 * If the preauth flag is set, we do not bother copying the string or 1900 * array values that are not used pre-authentication, because any that we 1901 * do use must be explictly sent in mm_getpwnamallow(). 1902 */ 1903 void 1904 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 1905 { 1906 #define M_CP_INTOPT(n) do {\ 1907 if (src->n != -1) \ 1908 dst->n = src->n; \ 1909 } while (0) 1910 1911 M_CP_INTOPT(password_authentication); 1912 M_CP_INTOPT(gss_authentication); 1913 M_CP_INTOPT(pubkey_authentication); 1914 M_CP_INTOPT(kerberos_authentication); 1915 M_CP_INTOPT(hostbased_authentication); 1916 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 1917 M_CP_INTOPT(kbd_interactive_authentication); 1918 M_CP_INTOPT(permit_root_login); 1919 M_CP_INTOPT(permit_empty_passwd); 1920 1921 M_CP_INTOPT(allow_tcp_forwarding); 1922 M_CP_INTOPT(allow_streamlocal_forwarding); 1923 M_CP_INTOPT(allow_agent_forwarding); 1924 M_CP_INTOPT(disable_forwarding); 1925 M_CP_INTOPT(permit_tun); 1926 M_CP_INTOPT(fwd_opts.gateway_ports); 1927 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 1928 M_CP_INTOPT(x11_display_offset); 1929 M_CP_INTOPT(x11_forwarding); 1930 M_CP_INTOPT(x11_use_localhost); 1931 M_CP_INTOPT(permit_tty); 1932 M_CP_INTOPT(permit_user_rc); 1933 M_CP_INTOPT(max_sessions); 1934 M_CP_INTOPT(max_authtries); 1935 M_CP_INTOPT(client_alive_count_max); 1936 M_CP_INTOPT(client_alive_interval); 1937 M_CP_INTOPT(ip_qos_interactive); 1938 M_CP_INTOPT(ip_qos_bulk); 1939 M_CP_INTOPT(rekey_limit); 1940 M_CP_INTOPT(rekey_interval); 1941 1942 /* 1943 * The bind_mask is a mode_t that may be unsigned, so we can't use 1944 * M_CP_INTOPT - it does a signed comparison that causes compiler 1945 * warnings. 1946 */ 1947 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 1948 dst->fwd_opts.streamlocal_bind_mask = 1949 src->fwd_opts.streamlocal_bind_mask; 1950 } 1951 1952 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 1953 #define M_CP_STROPT(n) do {\ 1954 if (src->n != NULL && dst->n != src->n) { \ 1955 free(dst->n); \ 1956 dst->n = src->n; \ 1957 } \ 1958 } while(0) 1959 #define M_CP_STRARRAYOPT(n, num_n) do {\ 1960 if (src->num_n != 0) { \ 1961 for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ 1962 dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ 1963 } \ 1964 } while(0) 1965 1966 /* See comment in servconf.h */ 1967 COPY_MATCH_STRING_OPTS(); 1968 1969 /* Arguments that accept '+...' need to be expanded */ 1970 assemble_algorithms(dst); 1971 1972 /* 1973 * The only things that should be below this point are string options 1974 * which are only used after authentication. 1975 */ 1976 if (preauth) 1977 return; 1978 1979 /* These options may be "none" to clear a global setting */ 1980 M_CP_STROPT(adm_forced_command); 1981 if (option_clear_or_none(dst->adm_forced_command)) { 1982 free(dst->adm_forced_command); 1983 dst->adm_forced_command = NULL; 1984 } 1985 M_CP_STROPT(chroot_directory); 1986 if (option_clear_or_none(dst->chroot_directory)) { 1987 free(dst->chroot_directory); 1988 dst->chroot_directory = NULL; 1989 } 1990 } 1991 1992 #undef M_CP_INTOPT 1993 #undef M_CP_STROPT 1994 #undef M_CP_STRARRAYOPT 1995 1996 void 1997 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 1998 struct connection_info *connectinfo) 1999 { 2000 int active, linenum, bad_options = 0; 2001 char *cp, *obuf, *cbuf; 2002 2003 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 2004 2005 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2006 fatal("%s: sshbuf_dup_string failed", __func__); 2007 active = connectinfo ? 0 : 1; 2008 linenum = 1; 2009 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2010 if (process_server_config_line(options, cp, filename, 2011 linenum++, &active, connectinfo) != 0) 2012 bad_options++; 2013 } 2014 free(obuf); 2015 if (bad_options > 0) 2016 fatal("%s: terminating, %d bad configuration options", 2017 filename, bad_options); 2018 process_queued_listen_addrs(options); 2019 } 2020 2021 static const char * 2022 fmt_multistate_int(int val, const struct multistate *m) 2023 { 2024 u_int i; 2025 2026 for (i = 0; m[i].key != NULL; i++) { 2027 if (m[i].value == val) 2028 return m[i].key; 2029 } 2030 return "UNKNOWN"; 2031 } 2032 2033 static const char * 2034 fmt_intarg(ServerOpCodes code, int val) 2035 { 2036 if (val == -1) 2037 return "unset"; 2038 switch (code) { 2039 case sAddressFamily: 2040 return fmt_multistate_int(val, multistate_addressfamily); 2041 case sPermitRootLogin: 2042 return fmt_multistate_int(val, multistate_permitrootlogin); 2043 case sGatewayPorts: 2044 return fmt_multistate_int(val, multistate_gatewayports); 2045 case sCompression: 2046 return fmt_multistate_int(val, multistate_compression); 2047 case sUsePrivilegeSeparation: 2048 return fmt_multistate_int(val, multistate_privsep); 2049 case sAllowTcpForwarding: 2050 return fmt_multistate_int(val, multistate_tcpfwd); 2051 case sAllowStreamLocalForwarding: 2052 return fmt_multistate_int(val, multistate_tcpfwd); 2053 case sFingerprintHash: 2054 return ssh_digest_alg_name(val); 2055 default: 2056 switch (val) { 2057 case 0: 2058 return "no"; 2059 case 1: 2060 return "yes"; 2061 default: 2062 return "UNKNOWN"; 2063 } 2064 } 2065 } 2066 2067 static const char * 2068 lookup_opcode_name(ServerOpCodes code) 2069 { 2070 u_int i; 2071 2072 for (i = 0; keywords[i].name != NULL; i++) 2073 if (keywords[i].opcode == code) 2074 return(keywords[i].name); 2075 return "UNKNOWN"; 2076 } 2077 2078 static void 2079 dump_cfg_int(ServerOpCodes code, int val) 2080 { 2081 printf("%s %d\n", lookup_opcode_name(code), val); 2082 } 2083 2084 static void 2085 dump_cfg_oct(ServerOpCodes code, int val) 2086 { 2087 printf("%s 0%o\n", lookup_opcode_name(code), val); 2088 } 2089 2090 static void 2091 dump_cfg_fmtint(ServerOpCodes code, int val) 2092 { 2093 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2094 } 2095 2096 static void 2097 dump_cfg_string(ServerOpCodes code, const char *val) 2098 { 2099 if (val == NULL) 2100 return; 2101 printf("%s %s\n", lookup_opcode_name(code), 2102 val == NULL ? "none" : val); 2103 } 2104 2105 static void 2106 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2107 { 2108 u_int i; 2109 2110 for (i = 0; i < count; i++) 2111 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2112 } 2113 2114 static void 2115 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2116 { 2117 u_int i; 2118 2119 if (count <= 0 && code != sAuthenticationMethods) 2120 return; 2121 printf("%s", lookup_opcode_name(code)); 2122 for (i = 0; i < count; i++) 2123 printf(" %s", vals[i]); 2124 if (code == sAuthenticationMethods && count == 0) 2125 printf(" any"); 2126 printf("\n"); 2127 } 2128 2129 void 2130 dump_config(ServerOptions *o) 2131 { 2132 u_int i; 2133 int ret; 2134 struct addrinfo *ai; 2135 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 2136 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2137 2138 /* these are usually at the top of the config */ 2139 for (i = 0; i < o->num_ports; i++) 2140 printf("port %d\n", o->ports[i]); 2141 dump_cfg_fmtint(sAddressFamily, o->address_family); 2142 2143 /* 2144 * ListenAddress must be after Port. add_one_listen_addr pushes 2145 * addresses onto a stack, so to maintain ordering we need to 2146 * print these in reverse order. 2147 */ 2148 for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 2149 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2150 sizeof(addr), port, sizeof(port), 2151 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2152 error("getnameinfo failed: %.100s", 2153 (ret != EAI_SYSTEM) ? gai_strerror(ret) : 2154 strerror(errno)); 2155 } else { 2156 laddr2 = laddr1; 2157 if (ai->ai_family == AF_INET6) 2158 xasprintf(&laddr1, "listenaddress [%s]:%s\n%s", 2159 addr, port, laddr2); 2160 else 2161 xasprintf(&laddr1, "listenaddress %s:%s\n%s", 2162 addr, port, laddr2); 2163 free(laddr2); 2164 } 2165 } 2166 printf("%s", laddr1); 2167 free(laddr1); 2168 2169 /* integer arguments */ 2170 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2171 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2172 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2173 dump_cfg_int(sMaxSessions, o->max_sessions); 2174 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2175 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2176 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2177 2178 /* formatted integer arguments */ 2179 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2180 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2181 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2182 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2183 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2184 o->hostbased_uses_name_from_packet_only); 2185 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2186 #ifdef KRB5 2187 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2188 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2189 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2190 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2191 #endif 2192 #ifdef GSSAPI 2193 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2194 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2195 #endif 2196 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2197 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2198 o->kbd_interactive_authentication); 2199 dump_cfg_fmtint(sChallengeResponseAuthentication, 2200 o->challenge_response_authentication); 2201 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2202 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2203 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2204 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2205 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2206 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2207 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2208 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2209 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2210 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2211 dump_cfg_fmtint(sCompression, o->compression); 2212 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2213 dump_cfg_fmtint(sUseDNS, o->use_dns); 2214 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2215 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2216 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2217 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2218 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2219 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 2220 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2221 2222 /* string arguments */ 2223 dump_cfg_string(sPidFile, o->pid_file); 2224 dump_cfg_string(sXAuthLocation, o->xauth_location); 2225 dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); 2226 dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); 2227 dump_cfg_string(sBanner, o->banner); 2228 dump_cfg_string(sForceCommand, o->adm_forced_command); 2229 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2230 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2231 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2232 dump_cfg_string(sAuthorizedPrincipalsFile, 2233 o->authorized_principals_file); 2234 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2235 ? "none" : o->version_addendum); 2236 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2237 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2238 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2239 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2240 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2241 dump_cfg_string(sKexAlgorithms, 2242 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); 2243 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? 2244 o->hostbased_key_types : KEX_DEFAULT_PK_ALG); 2245 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? 2246 o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); 2247 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? 2248 o->pubkey_key_types : KEX_DEFAULT_PK_ALG); 2249 2250 /* string arguments requiring a lookup */ 2251 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2252 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2253 2254 /* string array arguments */ 2255 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2256 o->authorized_keys_files); 2257 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2258 o->host_key_files); 2259 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2260 o->host_cert_files); 2261 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2262 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2263 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2264 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2265 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2266 dump_cfg_strarray_oneline(sAuthenticationMethods, 2267 o->num_auth_methods, o->auth_methods); 2268 2269 /* other arguments */ 2270 for (i = 0; i < o->num_subsystems; i++) 2271 printf("subsystem %s %s\n", o->subsystem_name[i], 2272 o->subsystem_args[i]); 2273 2274 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2275 o->max_startups_rate, o->max_startups); 2276 2277 for (i = 0; tunmode_desc[i].val != -1; i++) 2278 if (tunmode_desc[i].val == o->permit_tun) { 2279 s = tunmode_desc[i].text; 2280 break; 2281 } 2282 dump_cfg_string(sPermitTunnel, s); 2283 2284 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2285 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2286 2287 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2288 o->rekey_interval); 2289 2290 channel_print_adm_permitted_opens(); 2291 } 2292