1 2 /* $OpenBSD: servconf.c,v 1.304 2017/02/03 23:01:19 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include <sys/types.h> 15 #include <sys/socket.h> 16 #include <sys/queue.h> 17 18 #include <netinet/in.h> 19 #include <netinet/ip.h> 20 21 #include <ctype.h> 22 #include <netdb.h> 23 #include <pwd.h> 24 #include <stdio.h> 25 #include <stdlib.h> 26 #include <string.h> 27 #include <signal.h> 28 #include <unistd.h> 29 #include <limits.h> 30 #include <stdarg.h> 31 #include <errno.h> 32 #include <util.h> 33 34 #include "xmalloc.h" 35 #include "ssh.h" 36 #include "log.h" 37 #include "buffer.h" 38 #include "misc.h" 39 #include "servconf.h" 40 #include "compat.h" 41 #include "pathnames.h" 42 #include "cipher.h" 43 #include "key.h" 44 #include "kex.h" 45 #include "mac.h" 46 #include "match.h" 47 #include "channels.h" 48 #include "groupaccess.h" 49 #include "canohost.h" 50 #include "packet.h" 51 #include "hostfile.h" 52 #include "auth.h" 53 #include "myproposal.h" 54 #include "digest.h" 55 56 static void add_listen_addr(ServerOptions *, char *, int); 57 static void add_one_listen_addr(ServerOptions *, char *, int); 58 59 /* Use of privilege separation or not */ 60 extern int use_privsep; 61 extern Buffer cfg; 62 63 /* Initializes the server options to their default values. */ 64 65 void 66 initialize_server_options(ServerOptions *options) 67 { 68 memset(options, 0, sizeof(*options)); 69 options->num_ports = 0; 70 options->ports_from_cmdline = 0; 71 options->queued_listen_addrs = NULL; 72 options->num_queued_listens = 0; 73 options->listen_addrs = NULL; 74 options->address_family = -1; 75 options->num_host_key_files = 0; 76 options->num_host_cert_files = 0; 77 options->host_key_agent = NULL; 78 options->pid_file = NULL; 79 options->login_grace_time = -1; 80 options->permit_root_login = PERMIT_NOT_SET; 81 options->ignore_rhosts = -1; 82 options->ignore_user_known_hosts = -1; 83 options->print_motd = -1; 84 options->print_lastlog = -1; 85 options->x11_forwarding = -1; 86 options->x11_display_offset = -1; 87 options->x11_use_localhost = -1; 88 options->permit_tty = -1; 89 options->permit_user_rc = -1; 90 options->xauth_location = NULL; 91 options->strict_modes = -1; 92 options->tcp_keep_alive = -1; 93 options->log_facility = SYSLOG_FACILITY_NOT_SET; 94 options->log_level = SYSLOG_LEVEL_NOT_SET; 95 options->hostbased_authentication = -1; 96 options->hostbased_uses_name_from_packet_only = -1; 97 options->hostbased_key_types = NULL; 98 options->hostkeyalgorithms = NULL; 99 options->pubkey_authentication = -1; 100 options->pubkey_key_types = NULL; 101 options->kerberos_authentication = -1; 102 options->kerberos_or_local_passwd = -1; 103 options->kerberos_ticket_cleanup = -1; 104 options->kerberos_get_afs_token = -1; 105 options->gss_authentication=-1; 106 options->gss_cleanup_creds = -1; 107 options->gss_strict_acceptor = -1; 108 options->password_authentication = -1; 109 options->kbd_interactive_authentication = -1; 110 options->challenge_response_authentication = -1; 111 options->permit_empty_passwd = -1; 112 options->permit_user_env = -1; 113 options->compression = -1; 114 options->rekey_limit = -1; 115 options->rekey_interval = -1; 116 options->allow_tcp_forwarding = -1; 117 options->allow_streamlocal_forwarding = -1; 118 options->allow_agent_forwarding = -1; 119 options->num_allow_users = 0; 120 options->num_deny_users = 0; 121 options->num_allow_groups = 0; 122 options->num_deny_groups = 0; 123 options->ciphers = NULL; 124 options->macs = NULL; 125 options->kex_algorithms = NULL; 126 options->fwd_opts.gateway_ports = -1; 127 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 128 options->fwd_opts.streamlocal_bind_unlink = -1; 129 options->num_subsystems = 0; 130 options->max_startups_begin = -1; 131 options->max_startups_rate = -1; 132 options->max_startups = -1; 133 options->max_authtries = -1; 134 options->max_sessions = -1; 135 options->banner = NULL; 136 options->use_dns = -1; 137 options->client_alive_interval = -1; 138 options->client_alive_count_max = -1; 139 options->num_authkeys_files = 0; 140 options->num_accept_env = 0; 141 options->permit_tun = -1; 142 options->num_permitted_opens = -1; 143 options->adm_forced_command = NULL; 144 options->chroot_directory = NULL; 145 options->authorized_keys_command = NULL; 146 options->authorized_keys_command_user = NULL; 147 options->revoked_keys_file = NULL; 148 options->trusted_user_ca_keys = NULL; 149 options->authorized_principals_file = NULL; 150 options->authorized_principals_command = NULL; 151 options->authorized_principals_command_user = NULL; 152 options->ip_qos_interactive = -1; 153 options->ip_qos_bulk = -1; 154 options->version_addendum = NULL; 155 options->fingerprint_hash = -1; 156 options->disable_forwarding = -1; 157 } 158 159 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 160 static int 161 option_clear_or_none(const char *o) 162 { 163 return o == NULL || strcasecmp(o, "none") == 0; 164 } 165 166 static void 167 assemble_algorithms(ServerOptions *o) 168 { 169 if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || 170 kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || 171 kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || 172 kex_assemble_names(KEX_DEFAULT_PK_ALG, 173 &o->hostkeyalgorithms) != 0 || 174 kex_assemble_names(KEX_DEFAULT_PK_ALG, 175 &o->hostbased_key_types) != 0 || 176 kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) 177 fatal("kex_assemble_names failed"); 178 } 179 180 void 181 fill_default_server_options(ServerOptions *options) 182 { 183 int i; 184 185 if (options->num_host_key_files == 0) { 186 /* fill default hostkeys */ 187 options->host_key_files[options->num_host_key_files++] = 188 _PATH_HOST_RSA_KEY_FILE; 189 options->host_key_files[options->num_host_key_files++] = 190 _PATH_HOST_DSA_KEY_FILE; 191 options->host_key_files[options->num_host_key_files++] = 192 _PATH_HOST_ECDSA_KEY_FILE; 193 options->host_key_files[options->num_host_key_files++] = 194 _PATH_HOST_ED25519_KEY_FILE; 195 } 196 /* No certificates by default */ 197 if (options->num_ports == 0) 198 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 199 if (options->address_family == -1) 200 options->address_family = AF_UNSPEC; 201 if (options->listen_addrs == NULL) 202 add_listen_addr(options, NULL, 0); 203 if (options->pid_file == NULL) 204 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 205 if (options->login_grace_time == -1) 206 options->login_grace_time = 120; 207 if (options->permit_root_login == PERMIT_NOT_SET) 208 options->permit_root_login = PERMIT_NO_PASSWD; 209 if (options->ignore_rhosts == -1) 210 options->ignore_rhosts = 1; 211 if (options->ignore_user_known_hosts == -1) 212 options->ignore_user_known_hosts = 0; 213 if (options->print_motd == -1) 214 options->print_motd = 1; 215 if (options->print_lastlog == -1) 216 options->print_lastlog = 1; 217 if (options->x11_forwarding == -1) 218 options->x11_forwarding = 0; 219 if (options->x11_display_offset == -1) 220 options->x11_display_offset = 10; 221 if (options->x11_use_localhost == -1) 222 options->x11_use_localhost = 1; 223 if (options->xauth_location == NULL) 224 options->xauth_location = xstrdup(_PATH_XAUTH); 225 if (options->permit_tty == -1) 226 options->permit_tty = 1; 227 if (options->permit_user_rc == -1) 228 options->permit_user_rc = 1; 229 if (options->strict_modes == -1) 230 options->strict_modes = 1; 231 if (options->tcp_keep_alive == -1) 232 options->tcp_keep_alive = 1; 233 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 234 options->log_facility = SYSLOG_FACILITY_AUTH; 235 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 236 options->log_level = SYSLOG_LEVEL_INFO; 237 if (options->hostbased_authentication == -1) 238 options->hostbased_authentication = 0; 239 if (options->hostbased_uses_name_from_packet_only == -1) 240 options->hostbased_uses_name_from_packet_only = 0; 241 if (options->pubkey_authentication == -1) 242 options->pubkey_authentication = 1; 243 if (options->kerberos_authentication == -1) 244 options->kerberos_authentication = 0; 245 if (options->kerberos_or_local_passwd == -1) 246 options->kerberos_or_local_passwd = 1; 247 if (options->kerberos_ticket_cleanup == -1) 248 options->kerberos_ticket_cleanup = 1; 249 if (options->kerberos_get_afs_token == -1) 250 options->kerberos_get_afs_token = 0; 251 if (options->gss_authentication == -1) 252 options->gss_authentication = 0; 253 if (options->gss_cleanup_creds == -1) 254 options->gss_cleanup_creds = 1; 255 if (options->gss_strict_acceptor == -1) 256 options->gss_strict_acceptor = 1; 257 if (options->password_authentication == -1) 258 options->password_authentication = 1; 259 if (options->kbd_interactive_authentication == -1) 260 options->kbd_interactive_authentication = 0; 261 if (options->challenge_response_authentication == -1) 262 options->challenge_response_authentication = 1; 263 if (options->permit_empty_passwd == -1) 264 options->permit_empty_passwd = 0; 265 if (options->permit_user_env == -1) 266 options->permit_user_env = 0; 267 if (options->compression == -1) 268 options->compression = COMP_DELAYED; 269 if (options->rekey_limit == -1) 270 options->rekey_limit = 0; 271 if (options->rekey_interval == -1) 272 options->rekey_interval = 0; 273 if (options->allow_tcp_forwarding == -1) 274 options->allow_tcp_forwarding = FORWARD_ALLOW; 275 if (options->allow_streamlocal_forwarding == -1) 276 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 277 if (options->allow_agent_forwarding == -1) 278 options->allow_agent_forwarding = 1; 279 if (options->fwd_opts.gateway_ports == -1) 280 options->fwd_opts.gateway_ports = 0; 281 if (options->max_startups == -1) 282 options->max_startups = 100; 283 if (options->max_startups_rate == -1) 284 options->max_startups_rate = 30; /* 30% */ 285 if (options->max_startups_begin == -1) 286 options->max_startups_begin = 10; 287 if (options->max_authtries == -1) 288 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 289 if (options->max_sessions == -1) 290 options->max_sessions = DEFAULT_SESSIONS_MAX; 291 if (options->use_dns == -1) 292 options->use_dns = 0; 293 if (options->client_alive_interval == -1) 294 options->client_alive_interval = 0; 295 if (options->client_alive_count_max == -1) 296 options->client_alive_count_max = 3; 297 if (options->num_authkeys_files == 0) { 298 options->authorized_keys_files[options->num_authkeys_files++] = 299 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); 300 options->authorized_keys_files[options->num_authkeys_files++] = 301 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); 302 } 303 if (options->permit_tun == -1) 304 options->permit_tun = SSH_TUNMODE_NO; 305 if (options->ip_qos_interactive == -1) 306 options->ip_qos_interactive = IPTOS_LOWDELAY; 307 if (options->ip_qos_bulk == -1) 308 options->ip_qos_bulk = IPTOS_THROUGHPUT; 309 if (options->version_addendum == NULL) 310 options->version_addendum = xstrdup(""); 311 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 312 options->fwd_opts.streamlocal_bind_mask = 0177; 313 if (options->fwd_opts.streamlocal_bind_unlink == -1) 314 options->fwd_opts.streamlocal_bind_unlink = 0; 315 if (options->fingerprint_hash == -1) 316 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 317 if (options->disable_forwarding == -1) 318 options->disable_forwarding = 0; 319 320 assemble_algorithms(options); 321 322 /* Turn privilege separation and sandboxing on by default */ 323 if (use_privsep == -1) 324 use_privsep = PRIVSEP_ON; 325 326 #define CLEAR_ON_NONE(v) \ 327 do { \ 328 if (option_clear_or_none(v)) { \ 329 free(v); \ 330 v = NULL; \ 331 } \ 332 } while(0) 333 CLEAR_ON_NONE(options->pid_file); 334 CLEAR_ON_NONE(options->xauth_location); 335 CLEAR_ON_NONE(options->banner); 336 CLEAR_ON_NONE(options->trusted_user_ca_keys); 337 CLEAR_ON_NONE(options->revoked_keys_file); 338 CLEAR_ON_NONE(options->authorized_principals_file); 339 CLEAR_ON_NONE(options->adm_forced_command); 340 CLEAR_ON_NONE(options->chroot_directory); 341 for (i = 0; i < options->num_host_key_files; i++) 342 CLEAR_ON_NONE(options->host_key_files[i]); 343 for (i = 0; i < options->num_host_cert_files; i++) 344 CLEAR_ON_NONE(options->host_cert_files[i]); 345 #undef CLEAR_ON_NONE 346 347 /* Similar handling for AuthenticationMethods=any */ 348 if (options->num_auth_methods == 1 && 349 strcmp(options->auth_methods[0], "any") == 0) { 350 free(options->auth_methods[0]); 351 options->auth_methods[0] = NULL; 352 options->num_auth_methods = 0; 353 } 354 355 } 356 357 /* Keyword tokens. */ 358 typedef enum { 359 sBadOption, /* == unknown option */ 360 sPort, sHostKeyFile, sLoginGraceTime, 361 sPermitRootLogin, sLogFacility, sLogLevel, 362 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 363 sKerberosGetAFSToken, 364 sKerberosTgtPassing, sChallengeResponseAuthentication, 365 sPasswordAuthentication, sKbdInteractiveAuthentication, 366 sListenAddress, sAddressFamily, 367 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 368 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 369 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 370 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 371 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 372 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, 373 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 374 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 375 sBanner, sUseDNS, sHostbasedAuthentication, 376 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, 377 sHostKeyAlgorithms, 378 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 379 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 380 sAcceptEnv, sPermitTunnel, 381 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 382 sUsePrivilegeSeparation, sAllowAgentForwarding, 383 sHostCertificate, 384 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 385 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 386 sKexAlgorithms, sIPQoS, sVersionAddendum, 387 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 388 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 389 sStreamLocalBindMask, sStreamLocalBindUnlink, 390 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 391 sDeprecated, sIgnore, sUnsupported 392 } ServerOpCodes; 393 394 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 395 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 396 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 397 398 /* Textual representation of the tokens. */ 399 static struct { 400 const char *name; 401 ServerOpCodes opcode; 402 u_int flags; 403 } keywords[] = { 404 { "port", sPort, SSHCFG_GLOBAL }, 405 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 406 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 407 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 408 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 409 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 410 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 411 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 412 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 413 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 414 { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 415 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 416 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 417 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 418 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 419 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 420 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 421 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 422 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 423 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 424 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 425 #ifdef KRB5 426 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 427 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 428 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 429 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 430 #else 431 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 432 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 433 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 434 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 435 #endif 436 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 437 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 438 #ifdef GSSAPI 439 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 440 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 441 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 442 #else 443 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 444 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 445 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 446 #endif 447 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 448 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 449 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 450 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 451 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 452 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 453 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 454 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 455 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 456 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 457 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 458 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 459 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 460 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 461 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 462 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 463 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 464 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 465 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 466 { "compression", sCompression, SSHCFG_GLOBAL }, 467 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 468 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 469 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 470 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 471 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 472 { "allowusers", sAllowUsers, SSHCFG_ALL }, 473 { "denyusers", sDenyUsers, SSHCFG_ALL }, 474 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 475 { "denygroups", sDenyGroups, SSHCFG_ALL }, 476 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 477 { "macs", sMacs, SSHCFG_GLOBAL }, 478 { "protocol", sIgnore, SSHCFG_GLOBAL }, 479 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 480 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 481 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 482 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 483 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 484 { "banner", sBanner, SSHCFG_ALL }, 485 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 486 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 487 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 488 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 489 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 490 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 491 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 492 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 493 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 494 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 495 { "permittty", sPermitTTY, SSHCFG_ALL }, 496 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 497 { "match", sMatch, SSHCFG_ALL }, 498 { "permitopen", sPermitOpen, SSHCFG_ALL }, 499 { "forcecommand", sForceCommand, SSHCFG_ALL }, 500 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 501 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 502 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 503 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 504 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 505 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 506 { "ipqos", sIPQoS, SSHCFG_ALL }, 507 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 508 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 509 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 510 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 511 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 512 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 513 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 514 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 515 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 516 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 517 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 518 { NULL, sBadOption, 0 } 519 }; 520 521 static struct { 522 int val; 523 char *text; 524 } tunmode_desc[] = { 525 { SSH_TUNMODE_NO, "no" }, 526 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 527 { SSH_TUNMODE_ETHERNET, "ethernet" }, 528 { SSH_TUNMODE_YES, "yes" }, 529 { -1, NULL } 530 }; 531 532 /* 533 * Returns the number of the token pointed to by cp or sBadOption. 534 */ 535 536 static ServerOpCodes 537 parse_token(const char *cp, const char *filename, 538 int linenum, u_int *flags) 539 { 540 u_int i; 541 542 for (i = 0; keywords[i].name; i++) 543 if (strcasecmp(cp, keywords[i].name) == 0) { 544 *flags = keywords[i].flags; 545 return keywords[i].opcode; 546 } 547 548 error("%s: line %d: Bad configuration option: %s", 549 filename, linenum, cp); 550 return sBadOption; 551 } 552 553 char * 554 derelativise_path(const char *path) 555 { 556 char *expanded, *ret, cwd[PATH_MAX]; 557 558 if (strcasecmp(path, "none") == 0) 559 return xstrdup("none"); 560 expanded = tilde_expand_filename(path, getuid()); 561 if (*expanded == '/') 562 return expanded; 563 if (getcwd(cwd, sizeof(cwd)) == NULL) 564 fatal("%s: getcwd: %s", __func__, strerror(errno)); 565 xasprintf(&ret, "%s/%s", cwd, expanded); 566 free(expanded); 567 return ret; 568 } 569 570 static void 571 add_listen_addr(ServerOptions *options, char *addr, int port) 572 { 573 u_int i; 574 575 if (port == 0) 576 for (i = 0; i < options->num_ports; i++) 577 add_one_listen_addr(options, addr, options->ports[i]); 578 else 579 add_one_listen_addr(options, addr, port); 580 } 581 582 static void 583 add_one_listen_addr(ServerOptions *options, char *addr, int port) 584 { 585 struct addrinfo hints, *ai, *aitop; 586 char strport[NI_MAXSERV]; 587 int gaierr; 588 589 memset(&hints, 0, sizeof(hints)); 590 hints.ai_family = options->address_family; 591 hints.ai_socktype = SOCK_STREAM; 592 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 593 snprintf(strport, sizeof strport, "%d", port); 594 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 595 fatal("bad addr or host: %s (%s)", 596 addr ? addr : "<NULL>", 597 ssh_gai_strerror(gaierr)); 598 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 599 ; 600 ai->ai_next = options->listen_addrs; 601 options->listen_addrs = aitop; 602 } 603 604 /* 605 * Queue a ListenAddress to be processed once we have all of the Ports 606 * and AddressFamily options. 607 */ 608 static void 609 queue_listen_addr(ServerOptions *options, char *addr, int port) 610 { 611 options->queued_listen_addrs = xreallocarray( 612 options->queued_listen_addrs, options->num_queued_listens + 1, 613 sizeof(addr)); 614 options->queued_listen_ports = xreallocarray( 615 options->queued_listen_ports, options->num_queued_listens + 1, 616 sizeof(port)); 617 options->queued_listen_addrs[options->num_queued_listens] = 618 xstrdup(addr); 619 options->queued_listen_ports[options->num_queued_listens] = port; 620 options->num_queued_listens++; 621 } 622 623 /* 624 * Process queued (text) ListenAddress entries. 625 */ 626 static void 627 process_queued_listen_addrs(ServerOptions *options) 628 { 629 u_int i; 630 631 if (options->num_ports == 0) 632 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 633 if (options->address_family == -1) 634 options->address_family = AF_UNSPEC; 635 636 for (i = 0; i < options->num_queued_listens; i++) { 637 add_listen_addr(options, options->queued_listen_addrs[i], 638 options->queued_listen_ports[i]); 639 free(options->queued_listen_addrs[i]); 640 options->queued_listen_addrs[i] = NULL; 641 } 642 free(options->queued_listen_addrs); 643 options->queued_listen_addrs = NULL; 644 free(options->queued_listen_ports); 645 options->queued_listen_ports = NULL; 646 options->num_queued_listens = 0; 647 } 648 649 struct connection_info * 650 get_connection_info(int populate, int use_dns) 651 { 652 struct ssh *ssh = active_state; /* XXX */ 653 static struct connection_info ci; 654 655 if (!populate) 656 return &ci; 657 ci.host = auth_get_canonical_hostname(ssh, use_dns); 658 ci.address = ssh_remote_ipaddr(ssh); 659 ci.laddress = ssh_local_ipaddr(ssh); 660 ci.lport = ssh_local_port(ssh); 661 return &ci; 662 } 663 664 /* 665 * The strategy for the Match blocks is that the config file is parsed twice. 666 * 667 * The first time is at startup. activep is initialized to 1 and the 668 * directives in the global context are processed and acted on. Hitting a 669 * Match directive unsets activep and the directives inside the block are 670 * checked for syntax only. 671 * 672 * The second time is after a connection has been established but before 673 * authentication. activep is initialized to 2 and global config directives 674 * are ignored since they have already been processed. If the criteria in a 675 * Match block is met, activep is set and the subsequent directives 676 * processed and actioned until EOF or another Match block unsets it. Any 677 * options set are copied into the main server config. 678 * 679 * Potential additions/improvements: 680 * - Add Match support for pre-kex directives, eg. Ciphers. 681 * 682 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 683 * Match Address 192.168.0.* 684 * Tag trusted 685 * Match Group wheel 686 * Tag trusted 687 * Match Tag trusted 688 * AllowTcpForwarding yes 689 * GatewayPorts clientspecified 690 * [...] 691 * 692 * - Add a PermittedChannelRequests directive 693 * Match Group shell 694 * PermittedChannelRequests session,forwarded-tcpip 695 */ 696 697 static int 698 match_cfg_line_group(const char *grps, int line, const char *user) 699 { 700 int result = 0; 701 struct passwd *pw; 702 703 if (user == NULL) 704 goto out; 705 706 if ((pw = getpwnam(user)) == NULL) { 707 debug("Can't match group at line %d because user %.100s does " 708 "not exist", line, user); 709 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 710 debug("Can't Match group because user %.100s not in any group " 711 "at line %d", user, line); 712 } else if (ga_match_pattern_list(grps) != 1) { 713 debug("user %.100s does not match group list %.100s at line %d", 714 user, grps, line); 715 } else { 716 debug("user %.100s matched group list %.100s at line %d", user, 717 grps, line); 718 result = 1; 719 } 720 out: 721 ga_free(); 722 return result; 723 } 724 725 /* 726 * All of the attributes on a single Match line are ANDed together, so we need 727 * to check every attribute and set the result to zero if any attribute does 728 * not match. 729 */ 730 static int 731 match_cfg_line(char **condition, int line, struct connection_info *ci) 732 { 733 int result = 1, attributes = 0, port; 734 char *arg, *attrib, *cp = *condition; 735 736 if (ci == NULL) 737 debug3("checking syntax for 'Match %s'", cp); 738 else 739 debug3("checking match for '%s' user %s host %s addr %s " 740 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 741 ci->host ? ci->host : "(null)", 742 ci->address ? ci->address : "(null)", 743 ci->laddress ? ci->laddress : "(null)", ci->lport); 744 745 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 746 attributes++; 747 if (strcasecmp(attrib, "all") == 0) { 748 if (attributes != 1 || 749 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 750 error("'all' cannot be combined with other " 751 "Match attributes"); 752 return -1; 753 } 754 *condition = cp; 755 return 1; 756 } 757 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 758 error("Missing Match criteria for %s", attrib); 759 return -1; 760 } 761 if (strcasecmp(attrib, "user") == 0) { 762 if (ci == NULL || ci->user == NULL) { 763 result = 0; 764 continue; 765 } 766 if (match_pattern_list(ci->user, arg, 0) != 1) 767 result = 0; 768 else 769 debug("user %.100s matched 'User %.100s' at " 770 "line %d", ci->user, arg, line); 771 } else if (strcasecmp(attrib, "group") == 0) { 772 if (ci == NULL || ci->user == NULL) { 773 result = 0; 774 continue; 775 } 776 switch (match_cfg_line_group(arg, line, ci->user)) { 777 case -1: 778 return -1; 779 case 0: 780 result = 0; 781 } 782 } else if (strcasecmp(attrib, "host") == 0) { 783 if (ci == NULL || ci->host == NULL) { 784 result = 0; 785 continue; 786 } 787 if (match_hostname(ci->host, arg) != 1) 788 result = 0; 789 else 790 debug("connection from %.100s matched 'Host " 791 "%.100s' at line %d", ci->host, arg, line); 792 } else if (strcasecmp(attrib, "address") == 0) { 793 if (ci == NULL || ci->address == NULL) { 794 result = 0; 795 continue; 796 } 797 switch (addr_match_list(ci->address, arg)) { 798 case 1: 799 debug("connection from %.100s matched 'Address " 800 "%.100s' at line %d", ci->address, arg, line); 801 break; 802 case 0: 803 case -1: 804 result = 0; 805 break; 806 case -2: 807 return -1; 808 } 809 } else if (strcasecmp(attrib, "localaddress") == 0){ 810 if (ci == NULL || ci->laddress == NULL) { 811 result = 0; 812 continue; 813 } 814 switch (addr_match_list(ci->laddress, arg)) { 815 case 1: 816 debug("connection from %.100s matched " 817 "'LocalAddress %.100s' at line %d", 818 ci->laddress, arg, line); 819 break; 820 case 0: 821 case -1: 822 result = 0; 823 break; 824 case -2: 825 return -1; 826 } 827 } else if (strcasecmp(attrib, "localport") == 0) { 828 if ((port = a2port(arg)) == -1) { 829 error("Invalid LocalPort '%s' on Match line", 830 arg); 831 return -1; 832 } 833 if (ci == NULL || ci->lport == 0) { 834 result = 0; 835 continue; 836 } 837 /* TODO support port lists */ 838 if (port == ci->lport) 839 debug("connection from %.100s matched " 840 "'LocalPort %d' at line %d", 841 ci->laddress, port, line); 842 else 843 result = 0; 844 } else { 845 error("Unsupported Match attribute %s", attrib); 846 return -1; 847 } 848 } 849 if (attributes == 0) { 850 error("One or more attributes required for Match"); 851 return -1; 852 } 853 if (ci != NULL) 854 debug3("match %sfound", result ? "" : "not "); 855 *condition = cp; 856 return result; 857 } 858 859 #define WHITESPACE " \t\r\n" 860 861 /* Multistate option parsing */ 862 struct multistate { 863 char *key; 864 int value; 865 }; 866 static const struct multistate multistate_addressfamily[] = { 867 { "inet", AF_INET }, 868 { "inet6", AF_INET6 }, 869 { "any", AF_UNSPEC }, 870 { NULL, -1 } 871 }; 872 static const struct multistate multistate_permitrootlogin[] = { 873 { "without-password", PERMIT_NO_PASSWD }, 874 { "prohibit-password", PERMIT_NO_PASSWD }, 875 { "forced-commands-only", PERMIT_FORCED_ONLY }, 876 { "yes", PERMIT_YES }, 877 { "no", PERMIT_NO }, 878 { NULL, -1 } 879 }; 880 static const struct multistate multistate_compression[] = { 881 { "yes", COMP_DELAYED }, 882 { "delayed", COMP_DELAYED }, 883 { "no", COMP_NONE }, 884 { NULL, -1 } 885 }; 886 static const struct multistate multistate_gatewayports[] = { 887 { "clientspecified", 2 }, 888 { "yes", 1 }, 889 { "no", 0 }, 890 { NULL, -1 } 891 }; 892 static const struct multistate multistate_privsep[] = { 893 { "yes", PRIVSEP_NOSANDBOX }, 894 { "sandbox", PRIVSEP_ON }, 895 { "nosandbox", PRIVSEP_NOSANDBOX }, 896 { "no", PRIVSEP_OFF }, 897 { NULL, -1 } 898 }; 899 static const struct multistate multistate_tcpfwd[] = { 900 { "yes", FORWARD_ALLOW }, 901 { "all", FORWARD_ALLOW }, 902 { "no", FORWARD_DENY }, 903 { "remote", FORWARD_REMOTE }, 904 { "local", FORWARD_LOCAL }, 905 { NULL, -1 } 906 }; 907 908 int 909 process_server_config_line(ServerOptions *options, char *line, 910 const char *filename, int linenum, int *activep, 911 struct connection_info *connectinfo) 912 { 913 char *cp, **charptr, *arg, *p; 914 int cmdline = 0, *intptr, value, value2, n, port; 915 SyslogFacility *log_facility_ptr; 916 LogLevel *log_level_ptr; 917 ServerOpCodes opcode; 918 u_int i, flags = 0; 919 size_t len; 920 long long val64; 921 const struct multistate *multistate_ptr; 922 923 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 924 if ((len = strlen(line)) == 0) 925 return 0; 926 for (len--; len > 0; len--) { 927 if (strchr(WHITESPACE "\f", line[len]) == NULL) 928 break; 929 line[len] = '\0'; 930 } 931 932 cp = line; 933 if ((arg = strdelim(&cp)) == NULL) 934 return 0; 935 /* Ignore leading whitespace */ 936 if (*arg == '\0') 937 arg = strdelim(&cp); 938 if (!arg || !*arg || *arg == '#') 939 return 0; 940 intptr = NULL; 941 charptr = NULL; 942 opcode = parse_token(arg, filename, linenum, &flags); 943 944 if (activep == NULL) { /* We are processing a command line directive */ 945 cmdline = 1; 946 activep = &cmdline; 947 } 948 if (*activep && opcode != sMatch) 949 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 950 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 951 if (connectinfo == NULL) { 952 fatal("%s line %d: Directive '%s' is not allowed " 953 "within a Match block", filename, linenum, arg); 954 } else { /* this is a directive we have already processed */ 955 while (arg) 956 arg = strdelim(&cp); 957 return 0; 958 } 959 } 960 961 switch (opcode) { 962 case sBadOption: 963 return -1; 964 case sPort: 965 /* ignore ports from configfile if cmdline specifies ports */ 966 if (options->ports_from_cmdline) 967 return 0; 968 if (options->num_ports >= MAX_PORTS) 969 fatal("%s line %d: too many ports.", 970 filename, linenum); 971 arg = strdelim(&cp); 972 if (!arg || *arg == '\0') 973 fatal("%s line %d: missing port number.", 974 filename, linenum); 975 options->ports[options->num_ports++] = a2port(arg); 976 if (options->ports[options->num_ports-1] <= 0) 977 fatal("%s line %d: Badly formatted port number.", 978 filename, linenum); 979 break; 980 981 case sLoginGraceTime: 982 intptr = &options->login_grace_time; 983 parse_time: 984 arg = strdelim(&cp); 985 if (!arg || *arg == '\0') 986 fatal("%s line %d: missing time value.", 987 filename, linenum); 988 if ((value = convtime(arg)) == -1) 989 fatal("%s line %d: invalid time value.", 990 filename, linenum); 991 if (*activep && *intptr == -1) 992 *intptr = value; 993 break; 994 995 case sListenAddress: 996 arg = strdelim(&cp); 997 if (arg == NULL || *arg == '\0') 998 fatal("%s line %d: missing address", 999 filename, linenum); 1000 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1001 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1002 && strchr(p+1, ':') != NULL) { 1003 queue_listen_addr(options, arg, 0); 1004 break; 1005 } 1006 p = hpdelim(&arg); 1007 if (p == NULL) 1008 fatal("%s line %d: bad address:port usage", 1009 filename, linenum); 1010 p = cleanhostname(p); 1011 if (arg == NULL) 1012 port = 0; 1013 else if ((port = a2port(arg)) <= 0) 1014 fatal("%s line %d: bad port number", filename, linenum); 1015 1016 queue_listen_addr(options, p, port); 1017 1018 break; 1019 1020 case sAddressFamily: 1021 intptr = &options->address_family; 1022 multistate_ptr = multistate_addressfamily; 1023 parse_multistate: 1024 arg = strdelim(&cp); 1025 if (!arg || *arg == '\0') 1026 fatal("%s line %d: missing argument.", 1027 filename, linenum); 1028 value = -1; 1029 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1030 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1031 value = multistate_ptr[i].value; 1032 break; 1033 } 1034 } 1035 if (value == -1) 1036 fatal("%s line %d: unsupported option \"%s\".", 1037 filename, linenum, arg); 1038 if (*activep && *intptr == -1) 1039 *intptr = value; 1040 break; 1041 1042 case sHostKeyFile: 1043 intptr = &options->num_host_key_files; 1044 if (*intptr >= MAX_HOSTKEYS) 1045 fatal("%s line %d: too many host keys specified (max %d).", 1046 filename, linenum, MAX_HOSTKEYS); 1047 charptr = &options->host_key_files[*intptr]; 1048 parse_filename: 1049 arg = strdelim(&cp); 1050 if (!arg || *arg == '\0') 1051 fatal("%s line %d: missing file name.", 1052 filename, linenum); 1053 if (*activep && *charptr == NULL) { 1054 *charptr = derelativise_path(arg); 1055 /* increase optional counter */ 1056 if (intptr != NULL) 1057 *intptr = *intptr + 1; 1058 } 1059 break; 1060 1061 case sHostKeyAgent: 1062 charptr = &options->host_key_agent; 1063 arg = strdelim(&cp); 1064 if (!arg || *arg == '\0') 1065 fatal("%s line %d: missing socket name.", 1066 filename, linenum); 1067 if (*activep && *charptr == NULL) 1068 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1069 xstrdup(arg) : derelativise_path(arg); 1070 break; 1071 1072 case sHostCertificate: 1073 intptr = &options->num_host_cert_files; 1074 if (*intptr >= MAX_HOSTKEYS) 1075 fatal("%s line %d: too many host certificates " 1076 "specified (max %d).", filename, linenum, 1077 MAX_HOSTCERTS); 1078 charptr = &options->host_cert_files[*intptr]; 1079 goto parse_filename; 1080 1081 case sPidFile: 1082 charptr = &options->pid_file; 1083 goto parse_filename; 1084 1085 case sPermitRootLogin: 1086 intptr = &options->permit_root_login; 1087 multistate_ptr = multistate_permitrootlogin; 1088 goto parse_multistate; 1089 1090 case sIgnoreRhosts: 1091 intptr = &options->ignore_rhosts; 1092 parse_flag: 1093 arg = strdelim(&cp); 1094 if (!arg || *arg == '\0') 1095 fatal("%s line %d: missing yes/no argument.", 1096 filename, linenum); 1097 value = 0; /* silence compiler */ 1098 if (strcmp(arg, "yes") == 0) 1099 value = 1; 1100 else if (strcmp(arg, "no") == 0) 1101 value = 0; 1102 else 1103 fatal("%s line %d: Bad yes/no argument: %s", 1104 filename, linenum, arg); 1105 if (*activep && *intptr == -1) 1106 *intptr = value; 1107 break; 1108 1109 case sIgnoreUserKnownHosts: 1110 intptr = &options->ignore_user_known_hosts; 1111 goto parse_flag; 1112 1113 case sHostbasedAuthentication: 1114 intptr = &options->hostbased_authentication; 1115 goto parse_flag; 1116 1117 case sHostbasedUsesNameFromPacketOnly: 1118 intptr = &options->hostbased_uses_name_from_packet_only; 1119 goto parse_flag; 1120 1121 case sHostbasedAcceptedKeyTypes: 1122 charptr = &options->hostbased_key_types; 1123 parse_keytypes: 1124 arg = strdelim(&cp); 1125 if (!arg || *arg == '\0') 1126 fatal("%s line %d: Missing argument.", 1127 filename, linenum); 1128 if (*arg != '-' && 1129 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) 1130 fatal("%s line %d: Bad key types '%s'.", 1131 filename, linenum, arg ? arg : "<NONE>"); 1132 if (*activep && *charptr == NULL) 1133 *charptr = xstrdup(arg); 1134 break; 1135 1136 case sHostKeyAlgorithms: 1137 charptr = &options->hostkeyalgorithms; 1138 goto parse_keytypes; 1139 1140 case sPubkeyAuthentication: 1141 intptr = &options->pubkey_authentication; 1142 goto parse_flag; 1143 1144 case sPubkeyAcceptedKeyTypes: 1145 charptr = &options->pubkey_key_types; 1146 goto parse_keytypes; 1147 1148 case sKerberosAuthentication: 1149 intptr = &options->kerberos_authentication; 1150 goto parse_flag; 1151 1152 case sKerberosOrLocalPasswd: 1153 intptr = &options->kerberos_or_local_passwd; 1154 goto parse_flag; 1155 1156 case sKerberosTicketCleanup: 1157 intptr = &options->kerberos_ticket_cleanup; 1158 goto parse_flag; 1159 1160 case sKerberosGetAFSToken: 1161 intptr = &options->kerberos_get_afs_token; 1162 goto parse_flag; 1163 1164 case sGssAuthentication: 1165 intptr = &options->gss_authentication; 1166 goto parse_flag; 1167 1168 case sGssCleanupCreds: 1169 intptr = &options->gss_cleanup_creds; 1170 goto parse_flag; 1171 1172 case sGssStrictAcceptor: 1173 intptr = &options->gss_strict_acceptor; 1174 goto parse_flag; 1175 1176 case sPasswordAuthentication: 1177 intptr = &options->password_authentication; 1178 goto parse_flag; 1179 1180 case sKbdInteractiveAuthentication: 1181 intptr = &options->kbd_interactive_authentication; 1182 goto parse_flag; 1183 1184 case sChallengeResponseAuthentication: 1185 intptr = &options->challenge_response_authentication; 1186 goto parse_flag; 1187 1188 case sPrintMotd: 1189 intptr = &options->print_motd; 1190 goto parse_flag; 1191 1192 case sPrintLastLog: 1193 intptr = &options->print_lastlog; 1194 goto parse_flag; 1195 1196 case sX11Forwarding: 1197 intptr = &options->x11_forwarding; 1198 goto parse_flag; 1199 1200 case sX11DisplayOffset: 1201 intptr = &options->x11_display_offset; 1202 parse_int: 1203 arg = strdelim(&cp); 1204 if (!arg || *arg == '\0') 1205 fatal("%s line %d: missing integer value.", 1206 filename, linenum); 1207 value = atoi(arg); 1208 if (*activep && *intptr == -1) 1209 *intptr = value; 1210 break; 1211 1212 case sX11UseLocalhost: 1213 intptr = &options->x11_use_localhost; 1214 goto parse_flag; 1215 1216 case sXAuthLocation: 1217 charptr = &options->xauth_location; 1218 goto parse_filename; 1219 1220 case sPermitTTY: 1221 intptr = &options->permit_tty; 1222 goto parse_flag; 1223 1224 case sPermitUserRC: 1225 intptr = &options->permit_user_rc; 1226 goto parse_flag; 1227 1228 case sStrictModes: 1229 intptr = &options->strict_modes; 1230 goto parse_flag; 1231 1232 case sTCPKeepAlive: 1233 intptr = &options->tcp_keep_alive; 1234 goto parse_flag; 1235 1236 case sEmptyPasswd: 1237 intptr = &options->permit_empty_passwd; 1238 goto parse_flag; 1239 1240 case sPermitUserEnvironment: 1241 intptr = &options->permit_user_env; 1242 goto parse_flag; 1243 1244 case sCompression: 1245 intptr = &options->compression; 1246 multistate_ptr = multistate_compression; 1247 goto parse_multistate; 1248 1249 case sRekeyLimit: 1250 arg = strdelim(&cp); 1251 if (!arg || *arg == '\0') 1252 fatal("%.200s line %d: Missing argument.", filename, 1253 linenum); 1254 if (strcmp(arg, "default") == 0) { 1255 val64 = 0; 1256 } else { 1257 if (scan_scaled(arg, &val64) == -1) 1258 fatal("%.200s line %d: Bad number '%s': %s", 1259 filename, linenum, arg, strerror(errno)); 1260 if (val64 != 0 && val64 < 16) 1261 fatal("%.200s line %d: RekeyLimit too small", 1262 filename, linenum); 1263 } 1264 if (*activep && options->rekey_limit == -1) 1265 options->rekey_limit = val64; 1266 if (cp != NULL) { /* optional rekey interval present */ 1267 if (strcmp(cp, "none") == 0) { 1268 (void)strdelim(&cp); /* discard */ 1269 break; 1270 } 1271 intptr = &options->rekey_interval; 1272 goto parse_time; 1273 } 1274 break; 1275 1276 case sGatewayPorts: 1277 intptr = &options->fwd_opts.gateway_ports; 1278 multistate_ptr = multistate_gatewayports; 1279 goto parse_multistate; 1280 1281 case sUseDNS: 1282 intptr = &options->use_dns; 1283 goto parse_flag; 1284 1285 case sLogFacility: 1286 log_facility_ptr = &options->log_facility; 1287 arg = strdelim(&cp); 1288 value = log_facility_number(arg); 1289 if (value == SYSLOG_FACILITY_NOT_SET) 1290 fatal("%.200s line %d: unsupported log facility '%s'", 1291 filename, linenum, arg ? arg : "<NONE>"); 1292 if (*log_facility_ptr == -1) 1293 *log_facility_ptr = (SyslogFacility) value; 1294 break; 1295 1296 case sLogLevel: 1297 log_level_ptr = &options->log_level; 1298 arg = strdelim(&cp); 1299 value = log_level_number(arg); 1300 if (value == SYSLOG_LEVEL_NOT_SET) 1301 fatal("%.200s line %d: unsupported log level '%s'", 1302 filename, linenum, arg ? arg : "<NONE>"); 1303 if (*log_level_ptr == -1) 1304 *log_level_ptr = (LogLevel) value; 1305 break; 1306 1307 case sAllowTcpForwarding: 1308 intptr = &options->allow_tcp_forwarding; 1309 multistate_ptr = multistate_tcpfwd; 1310 goto parse_multistate; 1311 1312 case sAllowStreamLocalForwarding: 1313 intptr = &options->allow_streamlocal_forwarding; 1314 multistate_ptr = multistate_tcpfwd; 1315 goto parse_multistate; 1316 1317 case sAllowAgentForwarding: 1318 intptr = &options->allow_agent_forwarding; 1319 goto parse_flag; 1320 1321 case sDisableForwarding: 1322 intptr = &options->disable_forwarding; 1323 goto parse_flag; 1324 1325 case sUsePrivilegeSeparation: 1326 intptr = &use_privsep; 1327 multistate_ptr = multistate_privsep; 1328 goto parse_multistate; 1329 1330 case sAllowUsers: 1331 while ((arg = strdelim(&cp)) && *arg != '\0') { 1332 if (options->num_allow_users >= MAX_ALLOW_USERS) 1333 fatal("%s line %d: too many allow users.", 1334 filename, linenum); 1335 if (match_user(NULL, NULL, NULL, arg) == -1) 1336 fatal("%s line %d: invalid AllowUsers pattern: " 1337 "\"%.100s\"", filename, linenum, arg); 1338 if (!*activep) 1339 continue; 1340 options->allow_users[options->num_allow_users++] = 1341 xstrdup(arg); 1342 } 1343 break; 1344 1345 case sDenyUsers: 1346 while ((arg = strdelim(&cp)) && *arg != '\0') { 1347 if (options->num_deny_users >= MAX_DENY_USERS) 1348 fatal("%s line %d: too many deny users.", 1349 filename, linenum); 1350 if (match_user(NULL, NULL, NULL, arg) == -1) 1351 fatal("%s line %d: invalid DenyUsers pattern: " 1352 "\"%.100s\"", filename, linenum, arg); 1353 if (!*activep) 1354 continue; 1355 options->deny_users[options->num_deny_users++] = 1356 xstrdup(arg); 1357 } 1358 break; 1359 1360 case sAllowGroups: 1361 while ((arg = strdelim(&cp)) && *arg != '\0') { 1362 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 1363 fatal("%s line %d: too many allow groups.", 1364 filename, linenum); 1365 if (!*activep) 1366 continue; 1367 options->allow_groups[options->num_allow_groups++] = 1368 xstrdup(arg); 1369 } 1370 break; 1371 1372 case sDenyGroups: 1373 while ((arg = strdelim(&cp)) && *arg != '\0') { 1374 if (options->num_deny_groups >= MAX_DENY_GROUPS) 1375 fatal("%s line %d: too many deny groups.", 1376 filename, linenum); 1377 if (!*activep) 1378 continue; 1379 options->deny_groups[options->num_deny_groups++] = 1380 xstrdup(arg); 1381 } 1382 break; 1383 1384 case sCiphers: 1385 arg = strdelim(&cp); 1386 if (!arg || *arg == '\0') 1387 fatal("%s line %d: Missing argument.", filename, linenum); 1388 if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) 1389 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1390 filename, linenum, arg ? arg : "<NONE>"); 1391 if (options->ciphers == NULL) 1392 options->ciphers = xstrdup(arg); 1393 break; 1394 1395 case sMacs: 1396 arg = strdelim(&cp); 1397 if (!arg || *arg == '\0') 1398 fatal("%s line %d: Missing argument.", filename, linenum); 1399 if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) 1400 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1401 filename, linenum, arg ? arg : "<NONE>"); 1402 if (options->macs == NULL) 1403 options->macs = xstrdup(arg); 1404 break; 1405 1406 case sKexAlgorithms: 1407 arg = strdelim(&cp); 1408 if (!arg || *arg == '\0') 1409 fatal("%s line %d: Missing argument.", 1410 filename, linenum); 1411 if (*arg != '-' && 1412 !kex_names_valid(*arg == '+' ? arg + 1 : arg)) 1413 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1414 filename, linenum, arg ? arg : "<NONE>"); 1415 if (options->kex_algorithms == NULL) 1416 options->kex_algorithms = xstrdup(arg); 1417 break; 1418 1419 case sSubsystem: 1420 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1421 fatal("%s line %d: too many subsystems defined.", 1422 filename, linenum); 1423 } 1424 arg = strdelim(&cp); 1425 if (!arg || *arg == '\0') 1426 fatal("%s line %d: Missing subsystem name.", 1427 filename, linenum); 1428 if (!*activep) { 1429 arg = strdelim(&cp); 1430 break; 1431 } 1432 for (i = 0; i < options->num_subsystems; i++) 1433 if (strcmp(arg, options->subsystem_name[i]) == 0) 1434 fatal("%s line %d: Subsystem '%s' already defined.", 1435 filename, linenum, arg); 1436 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1437 arg = strdelim(&cp); 1438 if (!arg || *arg == '\0') 1439 fatal("%s line %d: Missing subsystem command.", 1440 filename, linenum); 1441 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1442 1443 /* Collect arguments (separate to executable) */ 1444 p = xstrdup(arg); 1445 len = strlen(p) + 1; 1446 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1447 len += 1 + strlen(arg); 1448 p = xreallocarray(p, 1, len); 1449 strlcat(p, " ", len); 1450 strlcat(p, arg, len); 1451 } 1452 options->subsystem_args[options->num_subsystems] = p; 1453 options->num_subsystems++; 1454 break; 1455 1456 case sMaxStartups: 1457 arg = strdelim(&cp); 1458 if (!arg || *arg == '\0') 1459 fatal("%s line %d: Missing MaxStartups spec.", 1460 filename, linenum); 1461 if ((n = sscanf(arg, "%d:%d:%d", 1462 &options->max_startups_begin, 1463 &options->max_startups_rate, 1464 &options->max_startups)) == 3) { 1465 if (options->max_startups_begin > 1466 options->max_startups || 1467 options->max_startups_rate > 100 || 1468 options->max_startups_rate < 1) 1469 fatal("%s line %d: Illegal MaxStartups spec.", 1470 filename, linenum); 1471 } else if (n != 1) 1472 fatal("%s line %d: Illegal MaxStartups spec.", 1473 filename, linenum); 1474 else 1475 options->max_startups = options->max_startups_begin; 1476 break; 1477 1478 case sMaxAuthTries: 1479 intptr = &options->max_authtries; 1480 goto parse_int; 1481 1482 case sMaxSessions: 1483 intptr = &options->max_sessions; 1484 goto parse_int; 1485 1486 case sBanner: 1487 charptr = &options->banner; 1488 goto parse_filename; 1489 1490 /* 1491 * These options can contain %X options expanded at 1492 * connect time, so that you can specify paths like: 1493 * 1494 * AuthorizedKeysFile /etc/ssh_keys/%u 1495 */ 1496 case sAuthorizedKeysFile: 1497 if (*activep && options->num_authkeys_files == 0) { 1498 while ((arg = strdelim(&cp)) && *arg != '\0') { 1499 if (options->num_authkeys_files >= 1500 MAX_AUTHKEYS_FILES) 1501 fatal("%s line %d: " 1502 "too many authorized keys files.", 1503 filename, linenum); 1504 options->authorized_keys_files[ 1505 options->num_authkeys_files++] = 1506 tilde_expand_filename(arg, getuid()); 1507 } 1508 } 1509 return 0; 1510 1511 case sAuthorizedPrincipalsFile: 1512 charptr = &options->authorized_principals_file; 1513 arg = strdelim(&cp); 1514 if (!arg || *arg == '\0') 1515 fatal("%s line %d: missing file name.", 1516 filename, linenum); 1517 if (*activep && *charptr == NULL) { 1518 *charptr = tilde_expand_filename(arg, getuid()); 1519 /* increase optional counter */ 1520 if (intptr != NULL) 1521 *intptr = *intptr + 1; 1522 } 1523 break; 1524 1525 case sClientAliveInterval: 1526 intptr = &options->client_alive_interval; 1527 goto parse_time; 1528 1529 case sClientAliveCountMax: 1530 intptr = &options->client_alive_count_max; 1531 goto parse_int; 1532 1533 case sAcceptEnv: 1534 while ((arg = strdelim(&cp)) && *arg != '\0') { 1535 if (strchr(arg, '=') != NULL) 1536 fatal("%s line %d: Invalid environment name.", 1537 filename, linenum); 1538 if (options->num_accept_env >= MAX_ACCEPT_ENV) 1539 fatal("%s line %d: too many allow env.", 1540 filename, linenum); 1541 if (!*activep) 1542 continue; 1543 options->accept_env[options->num_accept_env++] = 1544 xstrdup(arg); 1545 } 1546 break; 1547 1548 case sPermitTunnel: 1549 intptr = &options->permit_tun; 1550 arg = strdelim(&cp); 1551 if (!arg || *arg == '\0') 1552 fatal("%s line %d: Missing yes/point-to-point/" 1553 "ethernet/no argument.", filename, linenum); 1554 value = -1; 1555 for (i = 0; tunmode_desc[i].val != -1; i++) 1556 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1557 value = tunmode_desc[i].val; 1558 break; 1559 } 1560 if (value == -1) 1561 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1562 "no argument: %s", filename, linenum, arg); 1563 if (*activep && *intptr == -1) 1564 *intptr = value; 1565 break; 1566 1567 case sMatch: 1568 if (cmdline) 1569 fatal("Match directive not supported as a command-line " 1570 "option"); 1571 value = match_cfg_line(&cp, linenum, connectinfo); 1572 if (value < 0) 1573 fatal("%s line %d: Bad Match condition", filename, 1574 linenum); 1575 *activep = value; 1576 break; 1577 1578 case sPermitOpen: 1579 arg = strdelim(&cp); 1580 if (!arg || *arg == '\0') 1581 fatal("%s line %d: missing PermitOpen specification", 1582 filename, linenum); 1583 n = options->num_permitted_opens; /* modified later */ 1584 if (strcmp(arg, "any") == 0) { 1585 if (*activep && n == -1) { 1586 channel_clear_adm_permitted_opens(); 1587 options->num_permitted_opens = 0; 1588 } 1589 break; 1590 } 1591 if (strcmp(arg, "none") == 0) { 1592 if (*activep && n == -1) { 1593 options->num_permitted_opens = 1; 1594 channel_disable_adm_local_opens(); 1595 } 1596 break; 1597 } 1598 if (*activep && n == -1) 1599 channel_clear_adm_permitted_opens(); 1600 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 1601 p = hpdelim(&arg); 1602 if (p == NULL) 1603 fatal("%s line %d: missing host in PermitOpen", 1604 filename, linenum); 1605 p = cleanhostname(p); 1606 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 1607 fatal("%s line %d: bad port number in " 1608 "PermitOpen", filename, linenum); 1609 if (*activep && n == -1) 1610 options->num_permitted_opens = 1611 channel_add_adm_permitted_opens(p, port); 1612 } 1613 break; 1614 1615 case sForceCommand: 1616 if (cp == NULL || *cp == '\0') 1617 fatal("%.200s line %d: Missing argument.", filename, 1618 linenum); 1619 len = strspn(cp, WHITESPACE); 1620 if (*activep && options->adm_forced_command == NULL) 1621 options->adm_forced_command = xstrdup(cp + len); 1622 return 0; 1623 1624 case sChrootDirectory: 1625 charptr = &options->chroot_directory; 1626 1627 arg = strdelim(&cp); 1628 if (!arg || *arg == '\0') 1629 fatal("%s line %d: missing file name.", 1630 filename, linenum); 1631 if (*activep && *charptr == NULL) 1632 *charptr = xstrdup(arg); 1633 break; 1634 1635 case sTrustedUserCAKeys: 1636 charptr = &options->trusted_user_ca_keys; 1637 goto parse_filename; 1638 1639 case sRevokedKeys: 1640 charptr = &options->revoked_keys_file; 1641 goto parse_filename; 1642 1643 case sIPQoS: 1644 arg = strdelim(&cp); 1645 if ((value = parse_ipqos(arg)) == -1) 1646 fatal("%s line %d: Bad IPQoS value: %s", 1647 filename, linenum, arg); 1648 arg = strdelim(&cp); 1649 if (arg == NULL) 1650 value2 = value; 1651 else if ((value2 = parse_ipqos(arg)) == -1) 1652 fatal("%s line %d: Bad IPQoS value: %s", 1653 filename, linenum, arg); 1654 if (*activep) { 1655 options->ip_qos_interactive = value; 1656 options->ip_qos_bulk = value2; 1657 } 1658 break; 1659 1660 case sVersionAddendum: 1661 if (cp == NULL || *cp == '\0') 1662 fatal("%.200s line %d: Missing argument.", filename, 1663 linenum); 1664 len = strspn(cp, WHITESPACE); 1665 if (*activep && options->version_addendum == NULL) { 1666 if (strcasecmp(cp + len, "none") == 0) 1667 options->version_addendum = xstrdup(""); 1668 else if (strchr(cp + len, '\r') != NULL) 1669 fatal("%.200s line %d: Invalid argument", 1670 filename, linenum); 1671 else 1672 options->version_addendum = xstrdup(cp + len); 1673 } 1674 return 0; 1675 1676 case sAuthorizedKeysCommand: 1677 if (cp == NULL) 1678 fatal("%.200s line %d: Missing argument.", filename, 1679 linenum); 1680 len = strspn(cp, WHITESPACE); 1681 if (*activep && options->authorized_keys_command == NULL) { 1682 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 1683 fatal("%.200s line %d: AuthorizedKeysCommand " 1684 "must be an absolute path", 1685 filename, linenum); 1686 options->authorized_keys_command = xstrdup(cp + len); 1687 } 1688 return 0; 1689 1690 case sAuthorizedKeysCommandUser: 1691 charptr = &options->authorized_keys_command_user; 1692 1693 arg = strdelim(&cp); 1694 if (!arg || *arg == '\0') 1695 fatal("%s line %d: missing AuthorizedKeysCommandUser " 1696 "argument.", filename, linenum); 1697 if (*activep && *charptr == NULL) 1698 *charptr = xstrdup(arg); 1699 break; 1700 1701 case sAuthorizedPrincipalsCommand: 1702 if (cp == NULL) 1703 fatal("%.200s line %d: Missing argument.", filename, 1704 linenum); 1705 len = strspn(cp, WHITESPACE); 1706 if (*activep && 1707 options->authorized_principals_command == NULL) { 1708 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 1709 fatal("%.200s line %d: " 1710 "AuthorizedPrincipalsCommand must be " 1711 "an absolute path", filename, linenum); 1712 options->authorized_principals_command = 1713 xstrdup(cp + len); 1714 } 1715 return 0; 1716 1717 case sAuthorizedPrincipalsCommandUser: 1718 charptr = &options->authorized_principals_command_user; 1719 1720 arg = strdelim(&cp); 1721 if (!arg || *arg == '\0') 1722 fatal("%s line %d: missing " 1723 "AuthorizedPrincipalsCommandUser argument.", 1724 filename, linenum); 1725 if (*activep && *charptr == NULL) 1726 *charptr = xstrdup(arg); 1727 break; 1728 1729 case sAuthenticationMethods: 1730 if (options->num_auth_methods == 0) { 1731 value = 0; /* seen "any" pseudo-method */ 1732 value2 = 0; /* sucessfully parsed any method */ 1733 while ((arg = strdelim(&cp)) && *arg != '\0') { 1734 if (options->num_auth_methods >= 1735 MAX_AUTH_METHODS) 1736 fatal("%s line %d: " 1737 "too many authentication methods.", 1738 filename, linenum); 1739 if (strcmp(arg, "any") == 0) { 1740 if (options->num_auth_methods > 0) { 1741 fatal("%s line %d: \"any\" " 1742 "must appear alone in " 1743 "AuthenticationMethods", 1744 filename, linenum); 1745 } 1746 value = 1; 1747 } else if (value) { 1748 fatal("%s line %d: \"any\" must appear " 1749 "alone in AuthenticationMethods", 1750 filename, linenum); 1751 } else if (auth2_methods_valid(arg, 0) != 0) { 1752 fatal("%s line %d: invalid " 1753 "authentication method list.", 1754 filename, linenum); 1755 } 1756 value2 = 1; 1757 if (!*activep) 1758 continue; 1759 options->auth_methods[ 1760 options->num_auth_methods++] = xstrdup(arg); 1761 } 1762 if (value2 == 0) { 1763 fatal("%s line %d: no AuthenticationMethods " 1764 "specified", filename, linenum); 1765 } 1766 } 1767 return 0; 1768 1769 case sStreamLocalBindMask: 1770 arg = strdelim(&cp); 1771 if (!arg || *arg == '\0') 1772 fatal("%s line %d: missing StreamLocalBindMask " 1773 "argument.", filename, linenum); 1774 /* Parse mode in octal format */ 1775 value = strtol(arg, &p, 8); 1776 if (arg == p || value < 0 || value > 0777) 1777 fatal("%s line %d: Bad mask.", filename, linenum); 1778 if (*activep) 1779 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 1780 break; 1781 1782 case sStreamLocalBindUnlink: 1783 intptr = &options->fwd_opts.streamlocal_bind_unlink; 1784 goto parse_flag; 1785 1786 case sFingerprintHash: 1787 arg = strdelim(&cp); 1788 if (!arg || *arg == '\0') 1789 fatal("%.200s line %d: Missing argument.", 1790 filename, linenum); 1791 if ((value = ssh_digest_alg_by_name(arg)) == -1) 1792 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 1793 filename, linenum, arg); 1794 if (*activep) 1795 options->fingerprint_hash = value; 1796 break; 1797 1798 case sDeprecated: 1799 case sIgnore: 1800 case sUnsupported: 1801 do_log2(opcode == sIgnore ? 1802 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 1803 "%s line %d: %s option %s", filename, linenum, 1804 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); 1805 while (arg) 1806 arg = strdelim(&cp); 1807 break; 1808 1809 default: 1810 fatal("%s line %d: Missing handler for opcode %s (%d)", 1811 filename, linenum, arg, opcode); 1812 } 1813 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 1814 fatal("%s line %d: garbage at end of line; \"%.200s\".", 1815 filename, linenum, arg); 1816 return 0; 1817 } 1818 1819 /* Reads the server configuration file. */ 1820 1821 void 1822 load_server_config(const char *filename, Buffer *conf) 1823 { 1824 char line[4096], *cp; 1825 FILE *f; 1826 int lineno = 0; 1827 1828 debug2("%s: filename %s", __func__, filename); 1829 if ((f = fopen(filename, "r")) == NULL) { 1830 perror(filename); 1831 exit(1); 1832 } 1833 buffer_clear(conf); 1834 while (fgets(line, sizeof(line), f)) { 1835 lineno++; 1836 if (strlen(line) == sizeof(line) - 1) 1837 fatal("%s line %d too long", filename, lineno); 1838 /* 1839 * Trim out comments and strip whitespace 1840 * NB - preserve newlines, they are needed to reproduce 1841 * line numbers later for error messages 1842 */ 1843 if ((cp = strchr(line, '#')) != NULL) 1844 memcpy(cp, "\n", 2); 1845 cp = line + strspn(line, " \t\r"); 1846 1847 buffer_append(conf, cp, strlen(cp)); 1848 } 1849 buffer_append(conf, "\0", 1); 1850 fclose(f); 1851 debug2("%s: done config len = %d", __func__, buffer_len(conf)); 1852 } 1853 1854 void 1855 parse_server_match_config(ServerOptions *options, 1856 struct connection_info *connectinfo) 1857 { 1858 ServerOptions mo; 1859 1860 initialize_server_options(&mo); 1861 parse_server_config(&mo, "reprocess config", &cfg, connectinfo); 1862 copy_set_server_options(options, &mo, 0); 1863 } 1864 1865 int parse_server_match_testspec(struct connection_info *ci, char *spec) 1866 { 1867 char *p; 1868 1869 while ((p = strsep(&spec, ",")) && *p != '\0') { 1870 if (strncmp(p, "addr=", 5) == 0) { 1871 ci->address = xstrdup(p + 5); 1872 } else if (strncmp(p, "host=", 5) == 0) { 1873 ci->host = xstrdup(p + 5); 1874 } else if (strncmp(p, "user=", 5) == 0) { 1875 ci->user = xstrdup(p + 5); 1876 } else if (strncmp(p, "laddr=", 6) == 0) { 1877 ci->laddress = xstrdup(p + 6); 1878 } else if (strncmp(p, "lport=", 6) == 0) { 1879 ci->lport = a2port(p + 6); 1880 if (ci->lport == -1) { 1881 fprintf(stderr, "Invalid port '%s' in test mode" 1882 " specification %s\n", p+6, p); 1883 return -1; 1884 } 1885 } else { 1886 fprintf(stderr, "Invalid test mode specification %s\n", 1887 p); 1888 return -1; 1889 } 1890 } 1891 return 0; 1892 } 1893 1894 /* 1895 * returns 1 for a complete spec, 0 for partial spec and -1 for an 1896 * empty spec. 1897 */ 1898 int server_match_spec_complete(struct connection_info *ci) 1899 { 1900 if (ci->user && ci->host && ci->address) 1901 return 1; /* complete */ 1902 if (!ci->user && !ci->host && !ci->address) 1903 return -1; /* empty */ 1904 return 0; /* partial */ 1905 } 1906 1907 /* 1908 * Copy any supported values that are set. 1909 * 1910 * If the preauth flag is set, we do not bother copying the string or 1911 * array values that are not used pre-authentication, because any that we 1912 * do use must be explictly sent in mm_getpwnamallow(). 1913 */ 1914 void 1915 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 1916 { 1917 #define M_CP_INTOPT(n) do {\ 1918 if (src->n != -1) \ 1919 dst->n = src->n; \ 1920 } while (0) 1921 1922 M_CP_INTOPT(password_authentication); 1923 M_CP_INTOPT(gss_authentication); 1924 M_CP_INTOPT(pubkey_authentication); 1925 M_CP_INTOPT(kerberos_authentication); 1926 M_CP_INTOPT(hostbased_authentication); 1927 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 1928 M_CP_INTOPT(kbd_interactive_authentication); 1929 M_CP_INTOPT(permit_root_login); 1930 M_CP_INTOPT(permit_empty_passwd); 1931 1932 M_CP_INTOPT(allow_tcp_forwarding); 1933 M_CP_INTOPT(allow_streamlocal_forwarding); 1934 M_CP_INTOPT(allow_agent_forwarding); 1935 M_CP_INTOPT(disable_forwarding); 1936 M_CP_INTOPT(permit_tun); 1937 M_CP_INTOPT(fwd_opts.gateway_ports); 1938 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 1939 M_CP_INTOPT(x11_display_offset); 1940 M_CP_INTOPT(x11_forwarding); 1941 M_CP_INTOPT(x11_use_localhost); 1942 M_CP_INTOPT(permit_tty); 1943 M_CP_INTOPT(permit_user_rc); 1944 M_CP_INTOPT(max_sessions); 1945 M_CP_INTOPT(max_authtries); 1946 M_CP_INTOPT(client_alive_count_max); 1947 M_CP_INTOPT(client_alive_interval); 1948 M_CP_INTOPT(ip_qos_interactive); 1949 M_CP_INTOPT(ip_qos_bulk); 1950 M_CP_INTOPT(rekey_limit); 1951 M_CP_INTOPT(rekey_interval); 1952 1953 /* 1954 * The bind_mask is a mode_t that may be unsigned, so we can't use 1955 * M_CP_INTOPT - it does a signed comparison that causes compiler 1956 * warnings. 1957 */ 1958 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 1959 dst->fwd_opts.streamlocal_bind_mask = 1960 src->fwd_opts.streamlocal_bind_mask; 1961 } 1962 1963 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 1964 #define M_CP_STROPT(n) do {\ 1965 if (src->n != NULL && dst->n != src->n) { \ 1966 free(dst->n); \ 1967 dst->n = src->n; \ 1968 } \ 1969 } while(0) 1970 #define M_CP_STRARRAYOPT(n, num_n) do {\ 1971 if (src->num_n != 0) { \ 1972 for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ 1973 dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ 1974 } \ 1975 } while(0) 1976 1977 /* See comment in servconf.h */ 1978 COPY_MATCH_STRING_OPTS(); 1979 1980 /* Arguments that accept '+...' need to be expanded */ 1981 assemble_algorithms(dst); 1982 1983 /* 1984 * The only things that should be below this point are string options 1985 * which are only used after authentication. 1986 */ 1987 if (preauth) 1988 return; 1989 1990 /* These options may be "none" to clear a global setting */ 1991 M_CP_STROPT(adm_forced_command); 1992 if (option_clear_or_none(dst->adm_forced_command)) { 1993 free(dst->adm_forced_command); 1994 dst->adm_forced_command = NULL; 1995 } 1996 M_CP_STROPT(chroot_directory); 1997 if (option_clear_or_none(dst->chroot_directory)) { 1998 free(dst->chroot_directory); 1999 dst->chroot_directory = NULL; 2000 } 2001 } 2002 2003 #undef M_CP_INTOPT 2004 #undef M_CP_STROPT 2005 #undef M_CP_STRARRAYOPT 2006 2007 void 2008 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 2009 struct connection_info *connectinfo) 2010 { 2011 int active, linenum, bad_options = 0; 2012 char *cp, *obuf, *cbuf; 2013 2014 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 2015 2016 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2017 fatal("%s: sshbuf_dup_string failed", __func__); 2018 active = connectinfo ? 0 : 1; 2019 linenum = 1; 2020 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2021 if (process_server_config_line(options, cp, filename, 2022 linenum++, &active, connectinfo) != 0) 2023 bad_options++; 2024 } 2025 free(obuf); 2026 if (bad_options > 0) 2027 fatal("%s: terminating, %d bad configuration options", 2028 filename, bad_options); 2029 process_queued_listen_addrs(options); 2030 } 2031 2032 static const char * 2033 fmt_multistate_int(int val, const struct multistate *m) 2034 { 2035 u_int i; 2036 2037 for (i = 0; m[i].key != NULL; i++) { 2038 if (m[i].value == val) 2039 return m[i].key; 2040 } 2041 return "UNKNOWN"; 2042 } 2043 2044 static const char * 2045 fmt_intarg(ServerOpCodes code, int val) 2046 { 2047 if (val == -1) 2048 return "unset"; 2049 switch (code) { 2050 case sAddressFamily: 2051 return fmt_multistate_int(val, multistate_addressfamily); 2052 case sPermitRootLogin: 2053 return fmt_multistate_int(val, multistate_permitrootlogin); 2054 case sGatewayPorts: 2055 return fmt_multistate_int(val, multistate_gatewayports); 2056 case sCompression: 2057 return fmt_multistate_int(val, multistate_compression); 2058 case sUsePrivilegeSeparation: 2059 return fmt_multistate_int(val, multistate_privsep); 2060 case sAllowTcpForwarding: 2061 return fmt_multistate_int(val, multistate_tcpfwd); 2062 case sAllowStreamLocalForwarding: 2063 return fmt_multistate_int(val, multistate_tcpfwd); 2064 case sFingerprintHash: 2065 return ssh_digest_alg_name(val); 2066 default: 2067 switch (val) { 2068 case 0: 2069 return "no"; 2070 case 1: 2071 return "yes"; 2072 default: 2073 return "UNKNOWN"; 2074 } 2075 } 2076 } 2077 2078 static const char * 2079 lookup_opcode_name(ServerOpCodes code) 2080 { 2081 u_int i; 2082 2083 for (i = 0; keywords[i].name != NULL; i++) 2084 if (keywords[i].opcode == code) 2085 return(keywords[i].name); 2086 return "UNKNOWN"; 2087 } 2088 2089 static void 2090 dump_cfg_int(ServerOpCodes code, int val) 2091 { 2092 printf("%s %d\n", lookup_opcode_name(code), val); 2093 } 2094 2095 static void 2096 dump_cfg_oct(ServerOpCodes code, int val) 2097 { 2098 printf("%s 0%o\n", lookup_opcode_name(code), val); 2099 } 2100 2101 static void 2102 dump_cfg_fmtint(ServerOpCodes code, int val) 2103 { 2104 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2105 } 2106 2107 static void 2108 dump_cfg_string(ServerOpCodes code, const char *val) 2109 { 2110 if (val == NULL) 2111 return; 2112 printf("%s %s\n", lookup_opcode_name(code), 2113 val == NULL ? "none" : val); 2114 } 2115 2116 static void 2117 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2118 { 2119 u_int i; 2120 2121 for (i = 0; i < count; i++) 2122 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2123 } 2124 2125 static void 2126 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2127 { 2128 u_int i; 2129 2130 if (count <= 0 && code != sAuthenticationMethods) 2131 return; 2132 printf("%s", lookup_opcode_name(code)); 2133 for (i = 0; i < count; i++) 2134 printf(" %s", vals[i]); 2135 if (code == sAuthenticationMethods && count == 0) 2136 printf(" any"); 2137 printf("\n"); 2138 } 2139 2140 void 2141 dump_config(ServerOptions *o) 2142 { 2143 u_int i; 2144 int ret; 2145 struct addrinfo *ai; 2146 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 2147 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2148 2149 /* these are usually at the top of the config */ 2150 for (i = 0; i < o->num_ports; i++) 2151 printf("port %d\n", o->ports[i]); 2152 dump_cfg_fmtint(sAddressFamily, o->address_family); 2153 2154 /* 2155 * ListenAddress must be after Port. add_one_listen_addr pushes 2156 * addresses onto a stack, so to maintain ordering we need to 2157 * print these in reverse order. 2158 */ 2159 for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 2160 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2161 sizeof(addr), port, sizeof(port), 2162 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2163 error("getnameinfo failed: %.100s", 2164 (ret != EAI_SYSTEM) ? gai_strerror(ret) : 2165 strerror(errno)); 2166 } else { 2167 laddr2 = laddr1; 2168 if (ai->ai_family == AF_INET6) 2169 xasprintf(&laddr1, "listenaddress [%s]:%s\n%s", 2170 addr, port, laddr2); 2171 else 2172 xasprintf(&laddr1, "listenaddress %s:%s\n%s", 2173 addr, port, laddr2); 2174 free(laddr2); 2175 } 2176 } 2177 printf("%s", laddr1); 2178 free(laddr1); 2179 2180 /* integer arguments */ 2181 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2182 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2183 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2184 dump_cfg_int(sMaxSessions, o->max_sessions); 2185 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2186 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2187 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2188 2189 /* formatted integer arguments */ 2190 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2191 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2192 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2193 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2194 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2195 o->hostbased_uses_name_from_packet_only); 2196 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2197 #ifdef KRB5 2198 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2199 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2200 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2201 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2202 #endif 2203 #ifdef GSSAPI 2204 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2205 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2206 #endif 2207 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2208 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2209 o->kbd_interactive_authentication); 2210 dump_cfg_fmtint(sChallengeResponseAuthentication, 2211 o->challenge_response_authentication); 2212 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2213 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2214 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2215 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2216 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2217 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2218 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2219 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2220 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2221 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2222 dump_cfg_fmtint(sCompression, o->compression); 2223 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2224 dump_cfg_fmtint(sUseDNS, o->use_dns); 2225 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2226 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2227 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2228 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2229 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2230 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 2231 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2232 2233 /* string arguments */ 2234 dump_cfg_string(sPidFile, o->pid_file); 2235 dump_cfg_string(sXAuthLocation, o->xauth_location); 2236 dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); 2237 dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); 2238 dump_cfg_string(sBanner, o->banner); 2239 dump_cfg_string(sForceCommand, o->adm_forced_command); 2240 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2241 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2242 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2243 dump_cfg_string(sAuthorizedPrincipalsFile, 2244 o->authorized_principals_file); 2245 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2246 ? "none" : o->version_addendum); 2247 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2248 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2249 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2250 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2251 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2252 dump_cfg_string(sKexAlgorithms, 2253 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); 2254 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? 2255 o->hostbased_key_types : KEX_DEFAULT_PK_ALG); 2256 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? 2257 o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); 2258 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? 2259 o->pubkey_key_types : KEX_DEFAULT_PK_ALG); 2260 2261 /* string arguments requiring a lookup */ 2262 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2263 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2264 2265 /* string array arguments */ 2266 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2267 o->authorized_keys_files); 2268 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2269 o->host_key_files); 2270 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2271 o->host_cert_files); 2272 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2273 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2274 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2275 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2276 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2277 dump_cfg_strarray_oneline(sAuthenticationMethods, 2278 o->num_auth_methods, o->auth_methods); 2279 2280 /* other arguments */ 2281 for (i = 0; i < o->num_subsystems; i++) 2282 printf("subsystem %s %s\n", o->subsystem_name[i], 2283 o->subsystem_args[i]); 2284 2285 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2286 o->max_startups_rate, o->max_startups); 2287 2288 for (i = 0; tunmode_desc[i].val != -1; i++) 2289 if (tunmode_desc[i].val == o->permit_tun) { 2290 s = tunmode_desc[i].text; 2291 break; 2292 } 2293 dump_cfg_string(sPermitTunnel, s); 2294 2295 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2296 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2297 2298 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2299 o->rekey_interval); 2300 2301 channel_print_adm_permitted_opens(); 2302 } 2303