1 2 /* $OpenBSD: servconf.c,v 1.377 2021/02/24 01:18:08 dtucker Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include <sys/types.h> 15 #include <sys/socket.h> 16 #include <sys/queue.h> 17 #include <sys/sysctl.h> 18 #include <sys/stat.h> 19 20 #include <netinet/in.h> 21 #include <netinet/ip.h> 22 #include <net/route.h> 23 24 #include <ctype.h> 25 #include <glob.h> 26 #include <netdb.h> 27 #include <pwd.h> 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <string.h> 31 #include <signal.h> 32 #include <unistd.h> 33 #include <limits.h> 34 #include <stdarg.h> 35 #include <errno.h> 36 #include <util.h> 37 38 #include "xmalloc.h" 39 #include "ssh.h" 40 #include "log.h" 41 #include "sshbuf.h" 42 #include "misc.h" 43 #include "servconf.h" 44 #include "compat.h" 45 #include "pathnames.h" 46 #include "cipher.h" 47 #include "sshkey.h" 48 #include "kex.h" 49 #include "mac.h" 50 #include "match.h" 51 #include "channels.h" 52 #include "groupaccess.h" 53 #include "canohost.h" 54 #include "packet.h" 55 #include "ssherr.h" 56 #include "hostfile.h" 57 #include "auth.h" 58 #include "myproposal.h" 59 #include "digest.h" 60 61 static void add_listen_addr(ServerOptions *, const char *, 62 const char *, int); 63 static void add_one_listen_addr(ServerOptions *, const char *, 64 const char *, int); 65 static void parse_server_config_depth(ServerOptions *options, 66 const char *filename, struct sshbuf *conf, struct include_list *includes, 67 struct connection_info *connectinfo, int flags, int *activep, int depth); 68 69 /* Use of privilege separation or not */ 70 extern int use_privsep; 71 extern struct sshbuf *cfg; 72 73 /* Initializes the server options to their default values. */ 74 75 void 76 initialize_server_options(ServerOptions *options) 77 { 78 memset(options, 0, sizeof(*options)); 79 options->num_ports = 0; 80 options->ports_from_cmdline = 0; 81 options->queued_listen_addrs = NULL; 82 options->num_queued_listens = 0; 83 options->listen_addrs = NULL; 84 options->num_listen_addrs = 0; 85 options->address_family = -1; 86 options->routing_domain = NULL; 87 options->num_host_key_files = 0; 88 options->num_host_cert_files = 0; 89 options->host_key_agent = NULL; 90 options->pid_file = NULL; 91 options->login_grace_time = -1; 92 options->permit_root_login = PERMIT_NOT_SET; 93 options->ignore_rhosts = -1; 94 options->ignore_user_known_hosts = -1; 95 options->print_motd = -1; 96 options->print_lastlog = -1; 97 options->x11_forwarding = -1; 98 options->x11_display_offset = -1; 99 options->x11_use_localhost = -1; 100 options->permit_tty = -1; 101 options->permit_user_rc = -1; 102 options->xauth_location = NULL; 103 options->strict_modes = -1; 104 options->tcp_keep_alive = -1; 105 options->log_facility = SYSLOG_FACILITY_NOT_SET; 106 options->log_level = SYSLOG_LEVEL_NOT_SET; 107 options->num_log_verbose = 0; 108 options->log_verbose = NULL; 109 options->hostbased_authentication = -1; 110 options->hostbased_uses_name_from_packet_only = -1; 111 options->hostbased_accepted_algos = NULL; 112 options->hostkeyalgorithms = NULL; 113 options->pubkey_authentication = -1; 114 options->pubkey_auth_options = -1; 115 options->pubkey_accepted_algos = NULL; 116 options->kerberos_authentication = -1; 117 options->kerberos_or_local_passwd = -1; 118 options->kerberos_ticket_cleanup = -1; 119 options->kerberos_get_afs_token = -1; 120 options->gss_authentication=-1; 121 options->gss_cleanup_creds = -1; 122 options->gss_strict_acceptor = -1; 123 options->password_authentication = -1; 124 options->kbd_interactive_authentication = -1; 125 options->challenge_response_authentication = -1; 126 options->permit_empty_passwd = -1; 127 options->permit_user_env = -1; 128 options->permit_user_env_allowlist = NULL; 129 options->compression = -1; 130 options->rekey_limit = -1; 131 options->rekey_interval = -1; 132 options->allow_tcp_forwarding = -1; 133 options->allow_streamlocal_forwarding = -1; 134 options->allow_agent_forwarding = -1; 135 options->num_allow_users = 0; 136 options->num_deny_users = 0; 137 options->num_allow_groups = 0; 138 options->num_deny_groups = 0; 139 options->ciphers = NULL; 140 options->macs = NULL; 141 options->kex_algorithms = NULL; 142 options->ca_sign_algorithms = NULL; 143 options->fwd_opts.gateway_ports = -1; 144 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 145 options->fwd_opts.streamlocal_bind_unlink = -1; 146 options->num_subsystems = 0; 147 options->max_startups_begin = -1; 148 options->max_startups_rate = -1; 149 options->max_startups = -1; 150 options->per_source_max_startups = -1; 151 options->per_source_masklen_ipv4 = -1; 152 options->per_source_masklen_ipv6 = -1; 153 options->max_authtries = -1; 154 options->max_sessions = -1; 155 options->banner = NULL; 156 options->use_dns = -1; 157 options->client_alive_interval = -1; 158 options->client_alive_count_max = -1; 159 options->num_authkeys_files = 0; 160 options->num_accept_env = 0; 161 options->num_setenv = 0; 162 options->permit_tun = -1; 163 options->permitted_opens = NULL; 164 options->permitted_listens = NULL; 165 options->adm_forced_command = NULL; 166 options->chroot_directory = NULL; 167 options->authorized_keys_command = NULL; 168 options->authorized_keys_command_user = NULL; 169 options->revoked_keys_file = NULL; 170 options->sk_provider = NULL; 171 options->trusted_user_ca_keys = NULL; 172 options->authorized_principals_file = NULL; 173 options->authorized_principals_command = NULL; 174 options->authorized_principals_command_user = NULL; 175 options->ip_qos_interactive = -1; 176 options->ip_qos_bulk = -1; 177 options->version_addendum = NULL; 178 options->fingerprint_hash = -1; 179 options->disable_forwarding = -1; 180 options->expose_userauth_info = -1; 181 } 182 183 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 184 static int 185 option_clear_or_none(const char *o) 186 { 187 return o == NULL || strcasecmp(o, "none") == 0; 188 } 189 190 static void 191 assemble_algorithms(ServerOptions *o) 192 { 193 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 194 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; 195 int r; 196 197 all_cipher = cipher_alg_list(',', 0); 198 all_mac = mac_alg_list(','); 199 all_kex = kex_alg_list(','); 200 all_key = sshkey_alg_list(0, 0, 1, ','); 201 all_sig = sshkey_alg_list(0, 1, 1, ','); 202 /* remove unsupported algos from default lists */ 203 def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher); 204 def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac); 205 def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex); 206 def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key); 207 def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig); 208 #define ASSEMBLE(what, defaults, all) \ 209 do { \ 210 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ 211 fatal_fr(r, "%s", #what); \ 212 } while (0) 213 ASSEMBLE(ciphers, def_cipher, all_cipher); 214 ASSEMBLE(macs, def_mac, all_mac); 215 ASSEMBLE(kex_algorithms, def_kex, all_kex); 216 ASSEMBLE(hostkeyalgorithms, def_key, all_key); 217 ASSEMBLE(hostbased_accepted_algos, def_key, all_key); 218 ASSEMBLE(pubkey_accepted_algos, def_key, all_key); 219 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); 220 #undef ASSEMBLE 221 free(all_cipher); 222 free(all_mac); 223 free(all_kex); 224 free(all_key); 225 free(all_sig); 226 free(def_cipher); 227 free(def_mac); 228 free(def_kex); 229 free(def_key); 230 free(def_sig); 231 } 232 233 void 234 servconf_add_hostkey(const char *file, const int line, 235 ServerOptions *options, const char *path, int userprovided) 236 { 237 char *apath = derelativise_path(path); 238 239 opt_array_append2(file, line, "HostKey", 240 &options->host_key_files, &options->host_key_file_userprovided, 241 &options->num_host_key_files, apath, userprovided); 242 free(apath); 243 } 244 245 void 246 servconf_add_hostcert(const char *file, const int line, 247 ServerOptions *options, const char *path) 248 { 249 char *apath = derelativise_path(path); 250 251 opt_array_append(file, line, "HostCertificate", 252 &options->host_cert_files, &options->num_host_cert_files, apath); 253 free(apath); 254 } 255 256 void 257 fill_default_server_options(ServerOptions *options) 258 { 259 u_int i; 260 261 if (options->num_host_key_files == 0) { 262 /* fill default hostkeys */ 263 servconf_add_hostkey("[default]", 0, options, 264 _PATH_HOST_RSA_KEY_FILE, 0); 265 servconf_add_hostkey("[default]", 0, options, 266 _PATH_HOST_ECDSA_KEY_FILE, 0); 267 servconf_add_hostkey("[default]", 0, options, 268 _PATH_HOST_ED25519_KEY_FILE, 0); 269 #ifdef WITH_XMSS 270 servconf_add_hostkey("[default]", 0, options, 271 _PATH_HOST_XMSS_KEY_FILE, 0); 272 #endif /* WITH_XMSS */ 273 } 274 /* No certificates by default */ 275 if (options->num_ports == 0) 276 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 277 if (options->address_family == -1) 278 options->address_family = AF_UNSPEC; 279 if (options->listen_addrs == NULL) 280 add_listen_addr(options, NULL, NULL, 0); 281 if (options->pid_file == NULL) 282 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 283 if (options->login_grace_time == -1) 284 options->login_grace_time = 120; 285 if (options->permit_root_login == PERMIT_NOT_SET) 286 options->permit_root_login = PERMIT_NO_PASSWD; 287 if (options->ignore_rhosts == -1) 288 options->ignore_rhosts = 1; 289 if (options->ignore_user_known_hosts == -1) 290 options->ignore_user_known_hosts = 0; 291 if (options->print_motd == -1) 292 options->print_motd = 1; 293 if (options->print_lastlog == -1) 294 options->print_lastlog = 1; 295 if (options->x11_forwarding == -1) 296 options->x11_forwarding = 0; 297 if (options->x11_display_offset == -1) 298 options->x11_display_offset = 10; 299 if (options->x11_use_localhost == -1) 300 options->x11_use_localhost = 1; 301 if (options->xauth_location == NULL) 302 options->xauth_location = xstrdup(_PATH_XAUTH); 303 if (options->permit_tty == -1) 304 options->permit_tty = 1; 305 if (options->permit_user_rc == -1) 306 options->permit_user_rc = 1; 307 if (options->strict_modes == -1) 308 options->strict_modes = 1; 309 if (options->tcp_keep_alive == -1) 310 options->tcp_keep_alive = 1; 311 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 312 options->log_facility = SYSLOG_FACILITY_AUTH; 313 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 314 options->log_level = SYSLOG_LEVEL_INFO; 315 if (options->hostbased_authentication == -1) 316 options->hostbased_authentication = 0; 317 if (options->hostbased_uses_name_from_packet_only == -1) 318 options->hostbased_uses_name_from_packet_only = 0; 319 if (options->pubkey_authentication == -1) 320 options->pubkey_authentication = 1; 321 if (options->pubkey_auth_options == -1) 322 options->pubkey_auth_options = 0; 323 if (options->kerberos_authentication == -1) 324 options->kerberos_authentication = 0; 325 if (options->kerberos_or_local_passwd == -1) 326 options->kerberos_or_local_passwd = 1; 327 if (options->kerberos_ticket_cleanup == -1) 328 options->kerberos_ticket_cleanup = 1; 329 if (options->kerberos_get_afs_token == -1) 330 options->kerberos_get_afs_token = 0; 331 if (options->gss_authentication == -1) 332 options->gss_authentication = 0; 333 if (options->gss_cleanup_creds == -1) 334 options->gss_cleanup_creds = 1; 335 if (options->gss_strict_acceptor == -1) 336 options->gss_strict_acceptor = 1; 337 if (options->password_authentication == -1) 338 options->password_authentication = 1; 339 if (options->kbd_interactive_authentication == -1) 340 options->kbd_interactive_authentication = 0; 341 if (options->challenge_response_authentication == -1) 342 options->challenge_response_authentication = 1; 343 if (options->permit_empty_passwd == -1) 344 options->permit_empty_passwd = 0; 345 if (options->permit_user_env == -1) { 346 options->permit_user_env = 0; 347 options->permit_user_env_allowlist = NULL; 348 } 349 if (options->compression == -1) 350 #ifdef WITH_ZLIB 351 options->compression = COMP_DELAYED; 352 #else 353 options->compression = COMP_NONE; 354 #endif 355 356 if (options->rekey_limit == -1) 357 options->rekey_limit = 0; 358 if (options->rekey_interval == -1) 359 options->rekey_interval = 0; 360 if (options->allow_tcp_forwarding == -1) 361 options->allow_tcp_forwarding = FORWARD_ALLOW; 362 if (options->allow_streamlocal_forwarding == -1) 363 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 364 if (options->allow_agent_forwarding == -1) 365 options->allow_agent_forwarding = 1; 366 if (options->fwd_opts.gateway_ports == -1) 367 options->fwd_opts.gateway_ports = 0; 368 if (options->max_startups == -1) 369 options->max_startups = 100; 370 if (options->max_startups_rate == -1) 371 options->max_startups_rate = 30; /* 30% */ 372 if (options->max_startups_begin == -1) 373 options->max_startups_begin = 10; 374 if (options->per_source_max_startups == -1) 375 options->per_source_max_startups = INT_MAX; 376 if (options->per_source_masklen_ipv4 == -1) 377 options->per_source_masklen_ipv4 = 32; 378 if (options->per_source_masklen_ipv6 == -1) 379 options->per_source_masklen_ipv6 = 128; 380 if (options->max_authtries == -1) 381 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 382 if (options->max_sessions == -1) 383 options->max_sessions = DEFAULT_SESSIONS_MAX; 384 if (options->use_dns == -1) 385 options->use_dns = 0; 386 if (options->client_alive_interval == -1) 387 options->client_alive_interval = 0; 388 if (options->client_alive_count_max == -1) 389 options->client_alive_count_max = 3; 390 if (options->num_authkeys_files == 0) { 391 opt_array_append("[default]", 0, "AuthorizedKeysFiles", 392 &options->authorized_keys_files, 393 &options->num_authkeys_files, 394 _PATH_SSH_USER_PERMITTED_KEYS); 395 opt_array_append("[default]", 0, "AuthorizedKeysFiles", 396 &options->authorized_keys_files, 397 &options->num_authkeys_files, 398 _PATH_SSH_USER_PERMITTED_KEYS2); 399 } 400 if (options->permit_tun == -1) 401 options->permit_tun = SSH_TUNMODE_NO; 402 if (options->ip_qos_interactive == -1) 403 options->ip_qos_interactive = IPTOS_DSCP_AF21; 404 if (options->ip_qos_bulk == -1) 405 options->ip_qos_bulk = IPTOS_DSCP_CS1; 406 if (options->version_addendum == NULL) 407 options->version_addendum = xstrdup(""); 408 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 409 options->fwd_opts.streamlocal_bind_mask = 0177; 410 if (options->fwd_opts.streamlocal_bind_unlink == -1) 411 options->fwd_opts.streamlocal_bind_unlink = 0; 412 if (options->fingerprint_hash == -1) 413 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 414 if (options->disable_forwarding == -1) 415 options->disable_forwarding = 0; 416 if (options->expose_userauth_info == -1) 417 options->expose_userauth_info = 0; 418 if (options->sk_provider == NULL) 419 options->sk_provider = xstrdup("internal"); 420 421 assemble_algorithms(options); 422 423 /* Turn privilege separation and sandboxing on by default */ 424 if (use_privsep == -1) 425 use_privsep = PRIVSEP_ON; 426 427 #define CLEAR_ON_NONE(v) \ 428 do { \ 429 if (option_clear_or_none(v)) { \ 430 free(v); \ 431 v = NULL; \ 432 } \ 433 } while(0) 434 CLEAR_ON_NONE(options->pid_file); 435 CLEAR_ON_NONE(options->xauth_location); 436 CLEAR_ON_NONE(options->banner); 437 CLEAR_ON_NONE(options->trusted_user_ca_keys); 438 CLEAR_ON_NONE(options->revoked_keys_file); 439 CLEAR_ON_NONE(options->sk_provider); 440 CLEAR_ON_NONE(options->authorized_principals_file); 441 CLEAR_ON_NONE(options->adm_forced_command); 442 CLEAR_ON_NONE(options->chroot_directory); 443 CLEAR_ON_NONE(options->routing_domain); 444 CLEAR_ON_NONE(options->host_key_agent); 445 for (i = 0; i < options->num_host_key_files; i++) 446 CLEAR_ON_NONE(options->host_key_files[i]); 447 for (i = 0; i < options->num_host_cert_files; i++) 448 CLEAR_ON_NONE(options->host_cert_files[i]); 449 #undef CLEAR_ON_NONE 450 451 /* Similar handling for AuthenticationMethods=any */ 452 if (options->num_auth_methods == 1 && 453 strcmp(options->auth_methods[0], "any") == 0) { 454 free(options->auth_methods[0]); 455 options->auth_methods[0] = NULL; 456 options->num_auth_methods = 0; 457 } 458 } 459 460 /* Keyword tokens. */ 461 typedef enum { 462 sBadOption, /* == unknown option */ 463 sPort, sHostKeyFile, sLoginGraceTime, 464 sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose, 465 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 466 sKerberosGetAFSToken, sChallengeResponseAuthentication, 467 sPasswordAuthentication, sKbdInteractiveAuthentication, 468 sListenAddress, sAddressFamily, 469 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 470 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 471 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 472 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 473 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 474 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, 475 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms, 476 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 477 sBanner, sUseDNS, sHostbasedAuthentication, 478 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms, 479 sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize, 480 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 481 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 482 sAcceptEnv, sSetEnv, sPermitTunnel, 483 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 484 sUsePrivilegeSeparation, sAllowAgentForwarding, 485 sHostCertificate, sInclude, 486 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 487 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 488 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, 489 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 490 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 491 sStreamLocalBindMask, sStreamLocalBindUnlink, 492 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 493 sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, 494 sDeprecated, sIgnore, sUnsupported 495 } ServerOpCodes; 496 497 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */ 498 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 499 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 500 #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ 501 #define SSHCFG_MATCH_ONLY 0x08 /* Match only in conditional blocks; internal only */ 502 503 /* Textual representation of the tokens. */ 504 static struct { 505 const char *name; 506 ServerOpCodes opcode; 507 u_int flags; 508 } keywords[] = { 509 { "port", sPort, SSHCFG_GLOBAL }, 510 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 511 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 512 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 513 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 514 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 515 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 516 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 517 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 518 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 519 { "loglevel", sLogLevel, SSHCFG_ALL }, 520 { "logverbose", sLogVerbose, SSHCFG_ALL }, 521 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 522 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 523 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 524 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 525 { "hostbasedacceptedalgorithms", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, 526 { "hostbasedacceptedkeytypes", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */ 527 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 528 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 529 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 530 { "pubkeyacceptedalgorithms", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, 531 { "pubkeyacceptedkeytypes", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */ 532 { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL }, 533 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 534 #ifdef KRB5 535 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 536 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 537 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 538 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 539 #else 540 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 541 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 542 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 543 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 544 #endif 545 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 546 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 547 #ifdef GSSAPI 548 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 549 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 550 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 551 #else 552 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 553 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 554 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 555 #endif 556 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 557 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 558 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 559 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 560 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 561 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 562 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 563 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 564 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 565 { "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL }, 566 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 567 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 568 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 569 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 570 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 571 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 572 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 573 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 574 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 575 { "compression", sCompression, SSHCFG_GLOBAL }, 576 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 577 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 578 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 579 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 580 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 581 { "allowusers", sAllowUsers, SSHCFG_ALL }, 582 { "denyusers", sDenyUsers, SSHCFG_ALL }, 583 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 584 { "denygroups", sDenyGroups, SSHCFG_ALL }, 585 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 586 { "macs", sMacs, SSHCFG_GLOBAL }, 587 { "protocol", sIgnore, SSHCFG_GLOBAL }, 588 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 589 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 590 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 591 { "persourcemaxstartups", sPerSourceMaxStartups, SSHCFG_GLOBAL }, 592 { "persourcenetblocksize", sPerSourceNetBlockSize, SSHCFG_GLOBAL }, 593 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 594 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 595 { "banner", sBanner, SSHCFG_ALL }, 596 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 597 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 598 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 599 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 600 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 601 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 602 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 603 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, 604 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 605 { "setenv", sSetEnv, SSHCFG_ALL }, 606 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 607 { "permittty", sPermitTTY, SSHCFG_ALL }, 608 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 609 { "match", sMatch, SSHCFG_ALL }, 610 { "permitopen", sPermitOpen, SSHCFG_ALL }, 611 { "permitlisten", sPermitListen, SSHCFG_ALL }, 612 { "forcecommand", sForceCommand, SSHCFG_ALL }, 613 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 614 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 615 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 616 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 617 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 618 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 619 { "include", sInclude, SSHCFG_ALL }, 620 { "ipqos", sIPQoS, SSHCFG_ALL }, 621 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 622 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 623 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 624 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 625 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 626 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 627 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 628 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 629 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 630 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 631 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 632 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, 633 { "rdomain", sRDomain, SSHCFG_ALL }, 634 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, 635 { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, 636 { NULL, sBadOption, 0 } 637 }; 638 639 static struct { 640 int val; 641 char *text; 642 } tunmode_desc[] = { 643 { SSH_TUNMODE_NO, "no" }, 644 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 645 { SSH_TUNMODE_ETHERNET, "ethernet" }, 646 { SSH_TUNMODE_YES, "yes" }, 647 { -1, NULL } 648 }; 649 650 /* Returns an opcode name from its number */ 651 652 static const char * 653 lookup_opcode_name(ServerOpCodes code) 654 { 655 u_int i; 656 657 for (i = 0; keywords[i].name != NULL; i++) 658 if (keywords[i].opcode == code) 659 return(keywords[i].name); 660 return "UNKNOWN"; 661 } 662 663 664 /* 665 * Returns the number of the token pointed to by cp or sBadOption. 666 */ 667 668 static ServerOpCodes 669 parse_token(const char *cp, const char *filename, 670 int linenum, u_int *flags) 671 { 672 u_int i; 673 674 for (i = 0; keywords[i].name; i++) 675 if (strcasecmp(cp, keywords[i].name) == 0) { 676 *flags = keywords[i].flags; 677 return keywords[i].opcode; 678 } 679 680 error("%s: line %d: Bad configuration option: %s", 681 filename, linenum, cp); 682 return sBadOption; 683 } 684 685 char * 686 derelativise_path(const char *path) 687 { 688 char *expanded, *ret, cwd[PATH_MAX]; 689 690 if (strcasecmp(path, "none") == 0) 691 return xstrdup("none"); 692 expanded = tilde_expand_filename(path, getuid()); 693 if (path_absolute(expanded)) 694 return expanded; 695 if (getcwd(cwd, sizeof(cwd)) == NULL) 696 fatal_f("getcwd: %s", strerror(errno)); 697 xasprintf(&ret, "%s/%s", cwd, expanded); 698 free(expanded); 699 return ret; 700 } 701 702 static void 703 add_listen_addr(ServerOptions *options, const char *addr, 704 const char *rdomain, int port) 705 { 706 u_int i; 707 708 if (port > 0) 709 add_one_listen_addr(options, addr, rdomain, port); 710 else { 711 for (i = 0; i < options->num_ports; i++) { 712 add_one_listen_addr(options, addr, rdomain, 713 options->ports[i]); 714 } 715 } 716 } 717 718 static void 719 add_one_listen_addr(ServerOptions *options, const char *addr, 720 const char *rdomain, int port) 721 { 722 struct addrinfo hints, *ai, *aitop; 723 char strport[NI_MAXSERV]; 724 int gaierr; 725 u_int i; 726 727 /* Find listen_addrs entry for this rdomain */ 728 for (i = 0; i < options->num_listen_addrs; i++) { 729 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL) 730 break; 731 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL) 732 continue; 733 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0) 734 break; 735 } 736 if (i >= options->num_listen_addrs) { 737 /* No entry for this rdomain; allocate one */ 738 if (i >= INT_MAX) 739 fatal_f("too many listen addresses"); 740 options->listen_addrs = xrecallocarray(options->listen_addrs, 741 options->num_listen_addrs, options->num_listen_addrs + 1, 742 sizeof(*options->listen_addrs)); 743 i = options->num_listen_addrs++; 744 if (rdomain != NULL) 745 options->listen_addrs[i].rdomain = xstrdup(rdomain); 746 } 747 /* options->listen_addrs[i] points to the addresses for this rdomain */ 748 749 memset(&hints, 0, sizeof(hints)); 750 hints.ai_family = options->address_family; 751 hints.ai_socktype = SOCK_STREAM; 752 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 753 snprintf(strport, sizeof strport, "%d", port); 754 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 755 fatal("bad addr or host: %s (%s)", 756 addr ? addr : "<NULL>", 757 ssh_gai_strerror(gaierr)); 758 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 759 ; 760 ai->ai_next = options->listen_addrs[i].addrs; 761 options->listen_addrs[i].addrs = aitop; 762 } 763 764 /* Returns nonzero if the routing domain name is valid */ 765 static int 766 valid_rdomain(const char *name) 767 { 768 const char *errstr; 769 long long num; 770 struct rt_tableinfo info; 771 int mib[6]; 772 size_t miblen = sizeof(mib); 773 774 if (name == NULL) 775 return 1; 776 777 num = strtonum(name, 0, 255, &errstr); 778 if (errstr != NULL) 779 return 0; 780 781 /* Check whether the table actually exists */ 782 memset(mib, 0, sizeof(mib)); 783 mib[0] = CTL_NET; 784 mib[1] = PF_ROUTE; 785 mib[4] = NET_RT_TABLE; 786 mib[5] = (int)num; 787 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1) 788 return 0; 789 790 return 1; 791 } 792 793 /* 794 * Queue a ListenAddress to be processed once we have all of the Ports 795 * and AddressFamily options. 796 */ 797 static void 798 queue_listen_addr(ServerOptions *options, const char *addr, 799 const char *rdomain, int port) 800 { 801 struct queued_listenaddr *qla; 802 803 options->queued_listen_addrs = xrecallocarray( 804 options->queued_listen_addrs, 805 options->num_queued_listens, options->num_queued_listens + 1, 806 sizeof(*options->queued_listen_addrs)); 807 qla = &options->queued_listen_addrs[options->num_queued_listens++]; 808 qla->addr = xstrdup(addr); 809 qla->port = port; 810 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain); 811 } 812 813 /* 814 * Process queued (text) ListenAddress entries. 815 */ 816 static void 817 process_queued_listen_addrs(ServerOptions *options) 818 { 819 u_int i; 820 struct queued_listenaddr *qla; 821 822 if (options->num_ports == 0) 823 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 824 if (options->address_family == -1) 825 options->address_family = AF_UNSPEC; 826 827 for (i = 0; i < options->num_queued_listens; i++) { 828 qla = &options->queued_listen_addrs[i]; 829 add_listen_addr(options, qla->addr, qla->rdomain, qla->port); 830 free(qla->addr); 831 free(qla->rdomain); 832 } 833 free(options->queued_listen_addrs); 834 options->queued_listen_addrs = NULL; 835 options->num_queued_listens = 0; 836 } 837 838 /* 839 * Inform channels layer of permitopen options for a single forwarding 840 * direction (local/remote). 841 */ 842 static void 843 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, 844 char **opens, u_int num_opens) 845 { 846 u_int i; 847 int port; 848 char *host, *arg, *oarg, ch; 849 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE; 850 const char *what = lookup_opcode_name(opcode); 851 852 channel_clear_permission(ssh, FORWARD_ADM, where); 853 if (num_opens == 0) 854 return; /* permit any */ 855 856 /* handle keywords: "any" / "none" */ 857 if (num_opens == 1 && strcmp(opens[0], "any") == 0) 858 return; 859 if (num_opens == 1 && strcmp(opens[0], "none") == 0) { 860 channel_disable_admin(ssh, where); 861 return; 862 } 863 /* Otherwise treat it as a list of permitted host:port */ 864 for (i = 0; i < num_opens; i++) { 865 oarg = arg = xstrdup(opens[i]); 866 ch = '\0'; 867 host = hpdelim2(&arg, &ch); 868 if (host == NULL || ch == '/') 869 fatal_f("missing host in %s", what); 870 host = cleanhostname(host); 871 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 872 fatal_f("bad port number in %s", what); 873 /* Send it to channels layer */ 874 channel_add_permission(ssh, FORWARD_ADM, 875 where, host, port); 876 free(oarg); 877 } 878 } 879 880 /* 881 * Inform channels layer of permitopen options from configuration. 882 */ 883 void 884 process_permitopen(struct ssh *ssh, ServerOptions *options) 885 { 886 process_permitopen_list(ssh, sPermitOpen, 887 options->permitted_opens, options->num_permitted_opens); 888 process_permitopen_list(ssh, sPermitListen, 889 options->permitted_listens, 890 options->num_permitted_listens); 891 } 892 893 struct connection_info * 894 get_connection_info(struct ssh *ssh, int populate, int use_dns) 895 { 896 static struct connection_info ci; 897 898 if (ssh == NULL || !populate) 899 return &ci; 900 ci.host = auth_get_canonical_hostname(ssh, use_dns); 901 ci.address = ssh_remote_ipaddr(ssh); 902 ci.laddress = ssh_local_ipaddr(ssh); 903 ci.lport = ssh_local_port(ssh); 904 ci.rdomain = ssh_packet_rdomain_in(ssh); 905 return &ci; 906 } 907 908 /* 909 * The strategy for the Match blocks is that the config file is parsed twice. 910 * 911 * The first time is at startup. activep is initialized to 1 and the 912 * directives in the global context are processed and acted on. Hitting a 913 * Match directive unsets activep and the directives inside the block are 914 * checked for syntax only. 915 * 916 * The second time is after a connection has been established but before 917 * authentication. activep is initialized to 2 and global config directives 918 * are ignored since they have already been processed. If the criteria in a 919 * Match block is met, activep is set and the subsequent directives 920 * processed and actioned until EOF or another Match block unsets it. Any 921 * options set are copied into the main server config. 922 * 923 * Potential additions/improvements: 924 * - Add Match support for pre-kex directives, eg. Ciphers. 925 * 926 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 927 * Match Address 192.168.0.* 928 * Tag trusted 929 * Match Group wheel 930 * Tag trusted 931 * Match Tag trusted 932 * AllowTcpForwarding yes 933 * GatewayPorts clientspecified 934 * [...] 935 * 936 * - Add a PermittedChannelRequests directive 937 * Match Group shell 938 * PermittedChannelRequests session,forwarded-tcpip 939 */ 940 941 static int 942 match_cfg_line_group(const char *grps, int line, const char *user) 943 { 944 int result = 0; 945 struct passwd *pw; 946 947 if (user == NULL) 948 goto out; 949 950 if ((pw = getpwnam(user)) == NULL) { 951 debug("Can't match group at line %d because user %.100s does " 952 "not exist", line, user); 953 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 954 debug("Can't Match group because user %.100s not in any group " 955 "at line %d", user, line); 956 } else if (ga_match_pattern_list(grps) != 1) { 957 debug("user %.100s does not match group list %.100s at line %d", 958 user, grps, line); 959 } else { 960 debug("user %.100s matched group list %.100s at line %d", user, 961 grps, line); 962 result = 1; 963 } 964 out: 965 ga_free(); 966 return result; 967 } 968 969 static void 970 match_test_missing_fatal(const char *criteria, const char *attrib) 971 { 972 fatal("'Match %s' in configuration but '%s' not in connection " 973 "test specification.", criteria, attrib); 974 } 975 976 /* 977 * All of the attributes on a single Match line are ANDed together, so we need 978 * to check every attribute and set the result to zero if any attribute does 979 * not match. 980 */ 981 static int 982 match_cfg_line(char **condition, int line, struct connection_info *ci) 983 { 984 int result = 1, attributes = 0, port; 985 char *arg, *attrib, *cp = *condition; 986 987 if (ci == NULL) 988 debug3("checking syntax for 'Match %s'", cp); 989 else 990 debug3("checking match for '%s' user %s host %s addr %s " 991 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 992 ci->host ? ci->host : "(null)", 993 ci->address ? ci->address : "(null)", 994 ci->laddress ? ci->laddress : "(null)", ci->lport); 995 996 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 997 attributes++; 998 if (strcasecmp(attrib, "all") == 0) { 999 if (attributes != 1 || 1000 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 1001 error("'all' cannot be combined with other " 1002 "Match attributes"); 1003 return -1; 1004 } 1005 *condition = cp; 1006 return 1; 1007 } 1008 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 1009 error("Missing Match criteria for %s", attrib); 1010 return -1; 1011 } 1012 if (strcasecmp(attrib, "user") == 0) { 1013 if (ci == NULL || (ci->test && ci->user == NULL)) { 1014 result = 0; 1015 continue; 1016 } 1017 if (ci->user == NULL) 1018 match_test_missing_fatal("User", "user"); 1019 if (match_usergroup_pattern_list(ci->user, arg) != 1) 1020 result = 0; 1021 else 1022 debug("user %.100s matched 'User %.100s' at " 1023 "line %d", ci->user, arg, line); 1024 } else if (strcasecmp(attrib, "group") == 0) { 1025 if (ci == NULL || (ci->test && ci->user == NULL)) { 1026 result = 0; 1027 continue; 1028 } 1029 if (ci->user == NULL) 1030 match_test_missing_fatal("Group", "user"); 1031 switch (match_cfg_line_group(arg, line, ci->user)) { 1032 case -1: 1033 return -1; 1034 case 0: 1035 result = 0; 1036 } 1037 } else if (strcasecmp(attrib, "host") == 0) { 1038 if (ci == NULL || (ci->test && ci->host == NULL)) { 1039 result = 0; 1040 continue; 1041 } 1042 if (ci->host == NULL) 1043 match_test_missing_fatal("Host", "host"); 1044 if (match_hostname(ci->host, arg) != 1) 1045 result = 0; 1046 else 1047 debug("connection from %.100s matched 'Host " 1048 "%.100s' at line %d", ci->host, arg, line); 1049 } else if (strcasecmp(attrib, "address") == 0) { 1050 if (ci == NULL || (ci->test && ci->address == NULL)) { 1051 if (addr_match_list(NULL, arg) != 0) 1052 fatal("Invalid Match address argument " 1053 "'%s' at line %d", arg, line); 1054 result = 0; 1055 continue; 1056 } 1057 if (ci->address == NULL) 1058 match_test_missing_fatal("Address", "addr"); 1059 switch (addr_match_list(ci->address, arg)) { 1060 case 1: 1061 debug("connection from %.100s matched 'Address " 1062 "%.100s' at line %d", ci->address, arg, line); 1063 break; 1064 case 0: 1065 case -1: 1066 result = 0; 1067 break; 1068 case -2: 1069 return -1; 1070 } 1071 } else if (strcasecmp(attrib, "localaddress") == 0){ 1072 if (ci == NULL || (ci->test && ci->laddress == NULL)) { 1073 if (addr_match_list(NULL, arg) != 0) 1074 fatal("Invalid Match localaddress " 1075 "argument '%s' at line %d", arg, 1076 line); 1077 result = 0; 1078 continue; 1079 } 1080 if (ci->laddress == NULL) 1081 match_test_missing_fatal("LocalAddress", 1082 "laddr"); 1083 switch (addr_match_list(ci->laddress, arg)) { 1084 case 1: 1085 debug("connection from %.100s matched " 1086 "'LocalAddress %.100s' at line %d", 1087 ci->laddress, arg, line); 1088 break; 1089 case 0: 1090 case -1: 1091 result = 0; 1092 break; 1093 case -2: 1094 return -1; 1095 } 1096 } else if (strcasecmp(attrib, "localport") == 0) { 1097 if ((port = a2port(arg)) == -1) { 1098 error("Invalid LocalPort '%s' on Match line", 1099 arg); 1100 return -1; 1101 } 1102 if (ci == NULL || (ci->test && ci->lport == -1)) { 1103 result = 0; 1104 continue; 1105 } 1106 if (ci->lport == 0) 1107 match_test_missing_fatal("LocalPort", "lport"); 1108 /* TODO support port lists */ 1109 if (port == ci->lport) 1110 debug("connection from %.100s matched " 1111 "'LocalPort %d' at line %d", 1112 ci->laddress, port, line); 1113 else 1114 result = 0; 1115 } else if (strcasecmp(attrib, "rdomain") == 0) { 1116 if (ci == NULL || (ci->test && ci->rdomain == NULL)) { 1117 result = 0; 1118 continue; 1119 } 1120 if (ci->rdomain == NULL) 1121 match_test_missing_fatal("RDomain", "rdomain"); 1122 if (match_pattern_list(ci->rdomain, arg, 0) != 1) 1123 result = 0; 1124 else 1125 debug("user %.100s matched 'RDomain %.100s' at " 1126 "line %d", ci->rdomain, arg, line); 1127 } else { 1128 error("Unsupported Match attribute %s", attrib); 1129 return -1; 1130 } 1131 } 1132 if (attributes == 0) { 1133 error("One or more attributes required for Match"); 1134 return -1; 1135 } 1136 if (ci != NULL) 1137 debug3("match %sfound", result ? "" : "not "); 1138 *condition = cp; 1139 return result; 1140 } 1141 1142 #define WHITESPACE " \t\r\n" 1143 1144 /* Multistate option parsing */ 1145 struct multistate { 1146 char *key; 1147 int value; 1148 }; 1149 static const struct multistate multistate_flag[] = { 1150 { "yes", 1 }, 1151 { "no", 0 }, 1152 { NULL, -1 } 1153 }; 1154 static const struct multistate multistate_ignore_rhosts[] = { 1155 { "yes", IGNORE_RHOSTS_YES }, 1156 { "no", IGNORE_RHOSTS_NO }, 1157 { "shosts-only", IGNORE_RHOSTS_SHOSTS }, 1158 { NULL, -1 } 1159 }; 1160 static const struct multistate multistate_addressfamily[] = { 1161 { "inet", AF_INET }, 1162 { "inet6", AF_INET6 }, 1163 { "any", AF_UNSPEC }, 1164 { NULL, -1 } 1165 }; 1166 static const struct multistate multistate_permitrootlogin[] = { 1167 { "without-password", PERMIT_NO_PASSWD }, 1168 { "prohibit-password", PERMIT_NO_PASSWD }, 1169 { "forced-commands-only", PERMIT_FORCED_ONLY }, 1170 { "yes", PERMIT_YES }, 1171 { "no", PERMIT_NO }, 1172 { NULL, -1 } 1173 }; 1174 static const struct multistate multistate_compression[] = { 1175 #ifdef WITH_ZLIB 1176 { "yes", COMP_DELAYED }, 1177 { "delayed", COMP_DELAYED }, 1178 #endif 1179 { "no", COMP_NONE }, 1180 { NULL, -1 } 1181 }; 1182 static const struct multistate multistate_gatewayports[] = { 1183 { "clientspecified", 2 }, 1184 { "yes", 1 }, 1185 { "no", 0 }, 1186 { NULL, -1 } 1187 }; 1188 static const struct multistate multistate_tcpfwd[] = { 1189 { "yes", FORWARD_ALLOW }, 1190 { "all", FORWARD_ALLOW }, 1191 { "no", FORWARD_DENY }, 1192 { "remote", FORWARD_REMOTE }, 1193 { "local", FORWARD_LOCAL }, 1194 { NULL, -1 } 1195 }; 1196 1197 static int 1198 process_server_config_line_depth(ServerOptions *options, char *line, 1199 const char *filename, int linenum, int *activep, 1200 struct connection_info *connectinfo, int *inc_flags, int depth, 1201 struct include_list *includes) 1202 { 1203 char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; 1204 int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; 1205 SyslogFacility *log_facility_ptr; 1206 LogLevel *log_level_ptr; 1207 ServerOpCodes opcode; 1208 u_int i, *uintptr, uvalue, flags = 0; 1209 size_t len; 1210 long long val64; 1211 const struct multistate *multistate_ptr; 1212 const char *errstr; 1213 struct include_item *item; 1214 glob_t gbuf; 1215 1216 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 1217 if ((len = strlen(line)) == 0) 1218 return 0; 1219 for (len--; len > 0; len--) { 1220 if (strchr(WHITESPACE "\f", line[len]) == NULL) 1221 break; 1222 line[len] = '\0'; 1223 } 1224 1225 cp = line; 1226 if ((arg = strdelim(&cp)) == NULL) 1227 return 0; 1228 /* Ignore leading whitespace */ 1229 if (*arg == '\0') 1230 arg = strdelim(&cp); 1231 if (!arg || !*arg || *arg == '#') 1232 return 0; 1233 intptr = NULL; 1234 charptr = NULL; 1235 opcode = parse_token(arg, filename, linenum, &flags); 1236 1237 if (activep == NULL) { /* We are processing a command line directive */ 1238 cmdline = 1; 1239 activep = &cmdline; 1240 } 1241 if (*activep && opcode != sMatch && opcode != sInclude) 1242 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 1243 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1244 if (connectinfo == NULL) { 1245 fatal("%s line %d: Directive '%s' is not allowed " 1246 "within a Match block", filename, linenum, arg); 1247 } else { /* this is a directive we have already processed */ 1248 while (arg) 1249 arg = strdelim(&cp); 1250 return 0; 1251 } 1252 } 1253 1254 switch (opcode) { 1255 case sBadOption: 1256 return -1; 1257 case sPort: 1258 /* ignore ports from configfile if cmdline specifies ports */ 1259 if (options->ports_from_cmdline) 1260 return 0; 1261 if (options->num_ports >= MAX_PORTS) 1262 fatal("%s line %d: too many ports.", 1263 filename, linenum); 1264 arg = strdelim(&cp); 1265 if (!arg || *arg == '\0') 1266 fatal("%s line %d: missing port number.", 1267 filename, linenum); 1268 options->ports[options->num_ports++] = a2port(arg); 1269 if (options->ports[options->num_ports-1] <= 0) 1270 fatal("%s line %d: Badly formatted port number.", 1271 filename, linenum); 1272 break; 1273 1274 case sLoginGraceTime: 1275 intptr = &options->login_grace_time; 1276 parse_time: 1277 arg = strdelim(&cp); 1278 if (!arg || *arg == '\0') 1279 fatal("%s line %d: missing time value.", 1280 filename, linenum); 1281 if ((value = convtime(arg)) == -1) 1282 fatal("%s line %d: invalid time value.", 1283 filename, linenum); 1284 if (*activep && *intptr == -1) 1285 *intptr = value; 1286 break; 1287 1288 case sListenAddress: 1289 arg = strdelim(&cp); 1290 if (arg == NULL || *arg == '\0') 1291 fatal("%s line %d: missing address", 1292 filename, linenum); 1293 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1294 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1295 && strchr(p+1, ':') != NULL) { 1296 port = 0; 1297 p = arg; 1298 } else { 1299 arg2 = NULL; 1300 ch = '\0'; 1301 p = hpdelim2(&arg, &ch); 1302 if (p == NULL || ch == '/') 1303 fatal("%s line %d: bad address:port usage", 1304 filename, linenum); 1305 p = cleanhostname(p); 1306 if (arg == NULL) 1307 port = 0; 1308 else if ((port = a2port(arg)) <= 0) 1309 fatal("%s line %d: bad port number", 1310 filename, linenum); 1311 } 1312 /* Optional routing table */ 1313 arg2 = NULL; 1314 if ((arg = strdelim(&cp)) != NULL) { 1315 if (strcmp(arg, "rdomain") != 0 || 1316 (arg2 = strdelim(&cp)) == NULL) 1317 fatal("%s line %d: bad ListenAddress syntax", 1318 filename, linenum); 1319 if (!valid_rdomain(arg2)) 1320 fatal("%s line %d: bad routing domain", 1321 filename, linenum); 1322 } 1323 1324 queue_listen_addr(options, p, arg2, port); 1325 1326 break; 1327 1328 case sAddressFamily: 1329 intptr = &options->address_family; 1330 multistate_ptr = multistate_addressfamily; 1331 parse_multistate: 1332 arg = strdelim(&cp); 1333 if (!arg || *arg == '\0') 1334 fatal("%s line %d: missing argument.", 1335 filename, linenum); 1336 value = -1; 1337 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1338 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1339 value = multistate_ptr[i].value; 1340 break; 1341 } 1342 } 1343 if (value == -1) 1344 fatal("%s line %d: unsupported option \"%s\".", 1345 filename, linenum, arg); 1346 if (*activep && *intptr == -1) 1347 *intptr = value; 1348 break; 1349 1350 case sHostKeyFile: 1351 arg = strdelim(&cp); 1352 if (!arg || *arg == '\0') 1353 fatal("%s line %d: missing file name.", 1354 filename, linenum); 1355 if (*activep) { 1356 servconf_add_hostkey(filename, linenum, 1357 options, arg, 1); 1358 } 1359 break; 1360 1361 case sHostKeyAgent: 1362 charptr = &options->host_key_agent; 1363 arg = strdelim(&cp); 1364 if (!arg || *arg == '\0') 1365 fatal("%s line %d: missing socket name.", 1366 filename, linenum); 1367 if (*activep && *charptr == NULL) 1368 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1369 xstrdup(arg) : derelativise_path(arg); 1370 break; 1371 1372 case sHostCertificate: 1373 arg = strdelim(&cp); 1374 if (!arg || *arg == '\0') 1375 fatal("%s line %d: missing file name.", 1376 filename, linenum); 1377 if (*activep) 1378 servconf_add_hostcert(filename, linenum, options, arg); 1379 break; 1380 1381 case sPidFile: 1382 charptr = &options->pid_file; 1383 parse_filename: 1384 arg = strdelim(&cp); 1385 if (!arg || *arg == '\0') 1386 fatal("%s line %d: missing file name.", 1387 filename, linenum); 1388 if (*activep && *charptr == NULL) { 1389 *charptr = derelativise_path(arg); 1390 /* increase optional counter */ 1391 if (intptr != NULL) 1392 *intptr = *intptr + 1; 1393 } 1394 break; 1395 1396 case sPermitRootLogin: 1397 intptr = &options->permit_root_login; 1398 multistate_ptr = multistate_permitrootlogin; 1399 goto parse_multistate; 1400 1401 case sIgnoreRhosts: 1402 intptr = &options->ignore_rhosts; 1403 multistate_ptr = multistate_ignore_rhosts; 1404 goto parse_multistate; 1405 1406 case sIgnoreUserKnownHosts: 1407 intptr = &options->ignore_user_known_hosts; 1408 parse_flag: 1409 multistate_ptr = multistate_flag; 1410 goto parse_multistate; 1411 1412 case sHostbasedAuthentication: 1413 intptr = &options->hostbased_authentication; 1414 goto parse_flag; 1415 1416 case sHostbasedUsesNameFromPacketOnly: 1417 intptr = &options->hostbased_uses_name_from_packet_only; 1418 goto parse_flag; 1419 1420 case sHostbasedAcceptedAlgorithms: 1421 charptr = &options->hostbased_accepted_algos; 1422 parse_pubkey_algos: 1423 arg = strdelim(&cp); 1424 if (!arg || *arg == '\0') 1425 fatal("%s line %d: Missing argument.", 1426 filename, linenum); 1427 if (*arg != '-' && 1428 !sshkey_names_valid2(*arg == '+' || *arg == '^' ? 1429 arg + 1 : arg, 1)) 1430 fatal("%s line %d: Bad key types '%s'.", 1431 filename, linenum, arg ? arg : "<NONE>"); 1432 if (*activep && *charptr == NULL) 1433 *charptr = xstrdup(arg); 1434 break; 1435 1436 case sHostKeyAlgorithms: 1437 charptr = &options->hostkeyalgorithms; 1438 goto parse_pubkey_algos; 1439 1440 case sCASignatureAlgorithms: 1441 charptr = &options->ca_sign_algorithms; 1442 goto parse_pubkey_algos; 1443 1444 case sPubkeyAuthentication: 1445 intptr = &options->pubkey_authentication; 1446 goto parse_flag; 1447 1448 case sPubkeyAcceptedAlgorithms: 1449 charptr = &options->pubkey_accepted_algos; 1450 goto parse_pubkey_algos; 1451 1452 case sPubkeyAuthOptions: 1453 intptr = &options->pubkey_auth_options; 1454 value = 0; 1455 while ((arg = strdelim(&cp)) && *arg != '\0') { 1456 if (strcasecmp(arg, "none") == 0) 1457 continue; 1458 if (strcasecmp(arg, "touch-required") == 0) 1459 value |= PUBKEYAUTH_TOUCH_REQUIRED; 1460 else if (strcasecmp(arg, "verify-required") == 0) 1461 value |= PUBKEYAUTH_VERIFY_REQUIRED; 1462 else { 1463 fatal("%s line %d: unsupported " 1464 "PubkeyAuthOptions option %s", 1465 filename, linenum, arg); 1466 } 1467 } 1468 if (*activep && *intptr == -1) 1469 *intptr = value; 1470 break; 1471 1472 case sKerberosAuthentication: 1473 intptr = &options->kerberos_authentication; 1474 goto parse_flag; 1475 1476 case sKerberosOrLocalPasswd: 1477 intptr = &options->kerberos_or_local_passwd; 1478 goto parse_flag; 1479 1480 case sKerberosTicketCleanup: 1481 intptr = &options->kerberos_ticket_cleanup; 1482 goto parse_flag; 1483 1484 case sKerberosGetAFSToken: 1485 intptr = &options->kerberos_get_afs_token; 1486 goto parse_flag; 1487 1488 case sGssAuthentication: 1489 intptr = &options->gss_authentication; 1490 goto parse_flag; 1491 1492 case sGssCleanupCreds: 1493 intptr = &options->gss_cleanup_creds; 1494 goto parse_flag; 1495 1496 case sGssStrictAcceptor: 1497 intptr = &options->gss_strict_acceptor; 1498 goto parse_flag; 1499 1500 case sPasswordAuthentication: 1501 intptr = &options->password_authentication; 1502 goto parse_flag; 1503 1504 case sKbdInteractiveAuthentication: 1505 intptr = &options->kbd_interactive_authentication; 1506 goto parse_flag; 1507 1508 case sChallengeResponseAuthentication: 1509 intptr = &options->challenge_response_authentication; 1510 goto parse_flag; 1511 1512 case sPrintMotd: 1513 intptr = &options->print_motd; 1514 goto parse_flag; 1515 1516 case sPrintLastLog: 1517 intptr = &options->print_lastlog; 1518 goto parse_flag; 1519 1520 case sX11Forwarding: 1521 intptr = &options->x11_forwarding; 1522 goto parse_flag; 1523 1524 case sX11DisplayOffset: 1525 intptr = &options->x11_display_offset; 1526 parse_int: 1527 arg = strdelim(&cp); 1528 if ((errstr = atoi_err(arg, &value)) != NULL) 1529 fatal("%s line %d: integer value %s.", 1530 filename, linenum, errstr); 1531 if (*activep && *intptr == -1) 1532 *intptr = value; 1533 break; 1534 1535 case sX11UseLocalhost: 1536 intptr = &options->x11_use_localhost; 1537 goto parse_flag; 1538 1539 case sXAuthLocation: 1540 charptr = &options->xauth_location; 1541 goto parse_filename; 1542 1543 case sPermitTTY: 1544 intptr = &options->permit_tty; 1545 goto parse_flag; 1546 1547 case sPermitUserRC: 1548 intptr = &options->permit_user_rc; 1549 goto parse_flag; 1550 1551 case sStrictModes: 1552 intptr = &options->strict_modes; 1553 goto parse_flag; 1554 1555 case sTCPKeepAlive: 1556 intptr = &options->tcp_keep_alive; 1557 goto parse_flag; 1558 1559 case sEmptyPasswd: 1560 intptr = &options->permit_empty_passwd; 1561 goto parse_flag; 1562 1563 case sPermitUserEnvironment: 1564 intptr = &options->permit_user_env; 1565 charptr = &options->permit_user_env_allowlist; 1566 arg = strdelim(&cp); 1567 if (!arg || *arg == '\0') 1568 fatal("%s line %d: missing argument.", 1569 filename, linenum); 1570 value = 0; 1571 p = NULL; 1572 if (strcmp(arg, "yes") == 0) 1573 value = 1; 1574 else if (strcmp(arg, "no") == 0) 1575 value = 0; 1576 else { 1577 /* Pattern-list specified */ 1578 value = 1; 1579 p = xstrdup(arg); 1580 } 1581 if (*activep && *intptr == -1) { 1582 *intptr = value; 1583 *charptr = p; 1584 p = NULL; 1585 } 1586 free(p); 1587 break; 1588 1589 case sCompression: 1590 intptr = &options->compression; 1591 multistate_ptr = multistate_compression; 1592 goto parse_multistate; 1593 1594 case sRekeyLimit: 1595 arg = strdelim(&cp); 1596 if (!arg || *arg == '\0') 1597 fatal("%.200s line %d: Missing argument.", filename, 1598 linenum); 1599 if (strcmp(arg, "default") == 0) { 1600 val64 = 0; 1601 } else { 1602 if (scan_scaled(arg, &val64) == -1) 1603 fatal("%.200s line %d: Bad number '%s': %s", 1604 filename, linenum, arg, strerror(errno)); 1605 if (val64 != 0 && val64 < 16) 1606 fatal("%.200s line %d: RekeyLimit too small", 1607 filename, linenum); 1608 } 1609 if (*activep && options->rekey_limit == -1) 1610 options->rekey_limit = val64; 1611 if (cp != NULL) { /* optional rekey interval present */ 1612 if (strcmp(cp, "none") == 0) { 1613 (void)strdelim(&cp); /* discard */ 1614 break; 1615 } 1616 intptr = &options->rekey_interval; 1617 goto parse_time; 1618 } 1619 break; 1620 1621 case sGatewayPorts: 1622 intptr = &options->fwd_opts.gateway_ports; 1623 multistate_ptr = multistate_gatewayports; 1624 goto parse_multistate; 1625 1626 case sUseDNS: 1627 intptr = &options->use_dns; 1628 goto parse_flag; 1629 1630 case sLogFacility: 1631 log_facility_ptr = &options->log_facility; 1632 arg = strdelim(&cp); 1633 value = log_facility_number(arg); 1634 if (value == SYSLOG_FACILITY_NOT_SET) 1635 fatal("%.200s line %d: unsupported log facility '%s'", 1636 filename, linenum, arg ? arg : "<NONE>"); 1637 if (*log_facility_ptr == -1) 1638 *log_facility_ptr = (SyslogFacility) value; 1639 break; 1640 1641 case sLogLevel: 1642 log_level_ptr = &options->log_level; 1643 arg = strdelim(&cp); 1644 value = log_level_number(arg); 1645 if (value == SYSLOG_LEVEL_NOT_SET) 1646 fatal("%.200s line %d: unsupported log level '%s'", 1647 filename, linenum, arg ? arg : "<NONE>"); 1648 if (*activep && *log_level_ptr == -1) 1649 *log_level_ptr = (LogLevel) value; 1650 break; 1651 1652 case sLogVerbose: 1653 while ((arg = strdelim(&cp)) && *arg != '\0') { 1654 if (!*activep) 1655 continue; 1656 opt_array_append(filename, linenum, "oLogVerbose", 1657 &options->log_verbose, &options->num_log_verbose, 1658 arg); 1659 } 1660 break; 1661 1662 case sAllowTcpForwarding: 1663 intptr = &options->allow_tcp_forwarding; 1664 multistate_ptr = multistate_tcpfwd; 1665 goto parse_multistate; 1666 1667 case sAllowStreamLocalForwarding: 1668 intptr = &options->allow_streamlocal_forwarding; 1669 multistate_ptr = multistate_tcpfwd; 1670 goto parse_multistate; 1671 1672 case sAllowAgentForwarding: 1673 intptr = &options->allow_agent_forwarding; 1674 goto parse_flag; 1675 1676 case sDisableForwarding: 1677 intptr = &options->disable_forwarding; 1678 goto parse_flag; 1679 1680 case sAllowUsers: 1681 while ((arg = strdelim(&cp)) && *arg != '\0') { 1682 if (match_user(NULL, NULL, NULL, arg) == -1) 1683 fatal("%s line %d: invalid AllowUsers pattern: " 1684 "\"%.100s\"", filename, linenum, arg); 1685 if (!*activep) 1686 continue; 1687 opt_array_append(filename, linenum, "AllowUsers", 1688 &options->allow_users, &options->num_allow_users, 1689 arg); 1690 } 1691 break; 1692 1693 case sDenyUsers: 1694 while ((arg = strdelim(&cp)) && *arg != '\0') { 1695 if (match_user(NULL, NULL, NULL, arg) == -1) 1696 fatal("%s line %d: invalid DenyUsers pattern: " 1697 "\"%.100s\"", filename, linenum, arg); 1698 if (!*activep) 1699 continue; 1700 opt_array_append(filename, linenum, "DenyUsers", 1701 &options->deny_users, &options->num_deny_users, 1702 arg); 1703 } 1704 break; 1705 1706 case sAllowGroups: 1707 while ((arg = strdelim(&cp)) && *arg != '\0') { 1708 if (!*activep) 1709 continue; 1710 opt_array_append(filename, linenum, "AllowGroups", 1711 &options->allow_groups, &options->num_allow_groups, 1712 arg); 1713 } 1714 break; 1715 1716 case sDenyGroups: 1717 while ((arg = strdelim(&cp)) && *arg != '\0') { 1718 if (!*activep) 1719 continue; 1720 opt_array_append(filename, linenum, "DenyGroups", 1721 &options->deny_groups, &options->num_deny_groups, 1722 arg); 1723 } 1724 break; 1725 1726 case sCiphers: 1727 arg = strdelim(&cp); 1728 if (!arg || *arg == '\0') 1729 fatal("%s line %d: Missing argument.", filename, linenum); 1730 if (*arg != '-' && 1731 !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1732 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1733 filename, linenum, arg ? arg : "<NONE>"); 1734 if (options->ciphers == NULL) 1735 options->ciphers = xstrdup(arg); 1736 break; 1737 1738 case sMacs: 1739 arg = strdelim(&cp); 1740 if (!arg || *arg == '\0') 1741 fatal("%s line %d: Missing argument.", filename, linenum); 1742 if (*arg != '-' && 1743 !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1744 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1745 filename, linenum, arg ? arg : "<NONE>"); 1746 if (options->macs == NULL) 1747 options->macs = xstrdup(arg); 1748 break; 1749 1750 case sKexAlgorithms: 1751 arg = strdelim(&cp); 1752 if (!arg || *arg == '\0') 1753 fatal("%s line %d: Missing argument.", 1754 filename, linenum); 1755 if (*arg != '-' && 1756 !kex_names_valid(*arg == '+' || *arg == '^' ? 1757 arg + 1 : arg)) 1758 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1759 filename, linenum, arg ? arg : "<NONE>"); 1760 if (options->kex_algorithms == NULL) 1761 options->kex_algorithms = xstrdup(arg); 1762 break; 1763 1764 case sSubsystem: 1765 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1766 fatal("%s line %d: too many subsystems defined.", 1767 filename, linenum); 1768 } 1769 arg = strdelim(&cp); 1770 if (!arg || *arg == '\0') 1771 fatal("%s line %d: Missing subsystem name.", 1772 filename, linenum); 1773 if (!*activep) { 1774 arg = strdelim(&cp); 1775 break; 1776 } 1777 for (i = 0; i < options->num_subsystems; i++) 1778 if (strcmp(arg, options->subsystem_name[i]) == 0) 1779 fatal("%s line %d: Subsystem '%s' already defined.", 1780 filename, linenum, arg); 1781 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1782 arg = strdelim(&cp); 1783 if (!arg || *arg == '\0') 1784 fatal("%s line %d: Missing subsystem command.", 1785 filename, linenum); 1786 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1787 1788 /* Collect arguments (separate to executable) */ 1789 p = xstrdup(arg); 1790 len = strlen(p) + 1; 1791 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1792 len += 1 + strlen(arg); 1793 p = xreallocarray(p, 1, len); 1794 strlcat(p, " ", len); 1795 strlcat(p, arg, len); 1796 } 1797 options->subsystem_args[options->num_subsystems] = p; 1798 options->num_subsystems++; 1799 break; 1800 1801 case sMaxStartups: 1802 arg = strdelim(&cp); 1803 if (!arg || *arg == '\0') 1804 fatal("%s line %d: Missing MaxStartups spec.", 1805 filename, linenum); 1806 if ((n = sscanf(arg, "%d:%d:%d", 1807 &options->max_startups_begin, 1808 &options->max_startups_rate, 1809 &options->max_startups)) == 3) { 1810 if (options->max_startups_begin > 1811 options->max_startups || 1812 options->max_startups_rate > 100 || 1813 options->max_startups_rate < 1) 1814 fatal("%s line %d: Illegal MaxStartups spec.", 1815 filename, linenum); 1816 } else if (n != 1) 1817 fatal("%s line %d: Illegal MaxStartups spec.", 1818 filename, linenum); 1819 else 1820 options->max_startups = options->max_startups_begin; 1821 break; 1822 1823 case sPerSourceNetBlockSize: 1824 arg = strdelim(&cp); 1825 if (!arg || *arg == '\0') 1826 fatal("%s line %d: Missing PerSourceNetBlockSize spec.", 1827 filename, linenum); 1828 switch (n = sscanf(arg, "%d:%d", &value, &value2)) { 1829 case 2: 1830 if (value2 < 0 || value2 > 128) 1831 n = -1; 1832 /* FALLTHROUGH */ 1833 case 1: 1834 if (value < 0 || value > 32) 1835 n = -1; 1836 } 1837 if (n != 1 && n != 2) 1838 fatal("%s line %d: Invalid PerSourceNetBlockSize" 1839 " spec.", filename, linenum); 1840 if (*activep) { 1841 options->per_source_masklen_ipv4 = value; 1842 options->per_source_masklen_ipv6 = value2; 1843 } 1844 break; 1845 1846 case sPerSourceMaxStartups: 1847 arg = strdelim(&cp); 1848 if (!arg || *arg == '\0') 1849 fatal("%s line %d: Missing PerSourceMaxStartups spec.", 1850 filename, linenum); 1851 if (strcmp(arg, "none") == 0) { /* no limit */ 1852 value = INT_MAX; 1853 } else { 1854 if ((errstr = atoi_err(arg, &value)) != NULL) 1855 fatal("%s line %d: integer value %s.", 1856 filename, linenum, errstr); 1857 } 1858 if (*activep) 1859 options->per_source_max_startups = value; 1860 break; 1861 1862 case sMaxAuthTries: 1863 intptr = &options->max_authtries; 1864 goto parse_int; 1865 1866 case sMaxSessions: 1867 intptr = &options->max_sessions; 1868 goto parse_int; 1869 1870 case sBanner: 1871 charptr = &options->banner; 1872 goto parse_filename; 1873 1874 /* 1875 * These options can contain %X options expanded at 1876 * connect time, so that you can specify paths like: 1877 * 1878 * AuthorizedKeysFile /etc/ssh_keys/%u 1879 */ 1880 case sAuthorizedKeysFile: 1881 if (*activep && options->num_authkeys_files == 0) { 1882 while ((arg = strdelim(&cp)) && *arg != '\0') { 1883 arg = tilde_expand_filename(arg, getuid()); 1884 opt_array_append(filename, linenum, 1885 "AuthorizedKeysFile", 1886 &options->authorized_keys_files, 1887 &options->num_authkeys_files, arg); 1888 free(arg); 1889 } 1890 } 1891 return 0; 1892 1893 case sAuthorizedPrincipalsFile: 1894 charptr = &options->authorized_principals_file; 1895 arg = strdelim(&cp); 1896 if (!arg || *arg == '\0') 1897 fatal("%s line %d: missing file name.", 1898 filename, linenum); 1899 if (*activep && *charptr == NULL) { 1900 *charptr = tilde_expand_filename(arg, getuid()); 1901 /* increase optional counter */ 1902 if (intptr != NULL) 1903 *intptr = *intptr + 1; 1904 } 1905 break; 1906 1907 case sClientAliveInterval: 1908 intptr = &options->client_alive_interval; 1909 goto parse_time; 1910 1911 case sClientAliveCountMax: 1912 intptr = &options->client_alive_count_max; 1913 goto parse_int; 1914 1915 case sAcceptEnv: 1916 while ((arg = strdelim(&cp)) && *arg != '\0') { 1917 if (strchr(arg, '=') != NULL) 1918 fatal("%s line %d: Invalid environment name.", 1919 filename, linenum); 1920 if (!*activep) 1921 continue; 1922 opt_array_append(filename, linenum, "AcceptEnv", 1923 &options->accept_env, &options->num_accept_env, 1924 arg); 1925 } 1926 break; 1927 1928 case sSetEnv: 1929 uvalue = options->num_setenv; 1930 while ((arg = strdelimw(&cp)) && *arg != '\0') { 1931 if (strchr(arg, '=') == NULL) 1932 fatal("%s line %d: Invalid environment.", 1933 filename, linenum); 1934 if (!*activep || uvalue != 0) 1935 continue; 1936 opt_array_append(filename, linenum, "SetEnv", 1937 &options->setenv, &options->num_setenv, arg); 1938 } 1939 break; 1940 1941 case sPermitTunnel: 1942 intptr = &options->permit_tun; 1943 arg = strdelim(&cp); 1944 if (!arg || *arg == '\0') 1945 fatal("%s line %d: Missing yes/point-to-point/" 1946 "ethernet/no argument.", filename, linenum); 1947 value = -1; 1948 for (i = 0; tunmode_desc[i].val != -1; i++) 1949 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1950 value = tunmode_desc[i].val; 1951 break; 1952 } 1953 if (value == -1) 1954 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1955 "no argument: %s", filename, linenum, arg); 1956 if (*activep && *intptr == -1) 1957 *intptr = value; 1958 break; 1959 1960 case sInclude: 1961 if (cmdline) { 1962 fatal("Include directive not supported as a " 1963 "command-line option"); 1964 } 1965 value = 0; 1966 while ((arg2 = strdelim(&cp)) != NULL && *arg2 != '\0') { 1967 value++; 1968 found = 0; 1969 if (*arg2 != '/' && *arg2 != '~') { 1970 xasprintf(&arg, "%s/%s", SSHDIR, arg2); 1971 } else 1972 arg = xstrdup(arg2); 1973 1974 /* 1975 * Don't let included files clobber the containing 1976 * file's Match state. 1977 */ 1978 oactive = *activep; 1979 1980 /* consult cache of include files */ 1981 TAILQ_FOREACH(item, includes, entry) { 1982 if (strcmp(item->selector, arg) != 0) 1983 continue; 1984 if (item->filename != NULL) { 1985 parse_server_config_depth(options, 1986 item->filename, item->contents, 1987 includes, connectinfo, 1988 (*inc_flags & SSHCFG_MATCH_ONLY 1989 ? SSHCFG_MATCH_ONLY : (oactive 1990 ? 0 : SSHCFG_NEVERMATCH)), 1991 activep, depth + 1); 1992 } 1993 found = 1; 1994 *activep = oactive; 1995 } 1996 if (found != 0) { 1997 free(arg); 1998 continue; 1999 } 2000 2001 /* requested glob was not in cache */ 2002 debug2("%s line %d: new include %s", 2003 filename, linenum, arg); 2004 if ((r = glob(arg, 0, NULL, &gbuf)) != 0) { 2005 if (r != GLOB_NOMATCH) { 2006 fatal("%s line %d: include \"%s\" " 2007 "glob failed", filename, 2008 linenum, arg); 2009 } 2010 /* 2011 * If no entry matched then record a 2012 * placeholder to skip later glob calls. 2013 */ 2014 debug2("%s line %d: no match for %s", 2015 filename, linenum, arg); 2016 item = xcalloc(1, sizeof(*item)); 2017 item->selector = strdup(arg); 2018 TAILQ_INSERT_TAIL(includes, 2019 item, entry); 2020 } 2021 if (gbuf.gl_pathc > INT_MAX) 2022 fatal_f("too many glob results"); 2023 for (n = 0; n < (int)gbuf.gl_pathc; n++) { 2024 debug2("%s line %d: including %s", 2025 filename, linenum, gbuf.gl_pathv[n]); 2026 item = xcalloc(1, sizeof(*item)); 2027 item->selector = strdup(arg); 2028 item->filename = strdup(gbuf.gl_pathv[n]); 2029 if ((item->contents = sshbuf_new()) == NULL) 2030 fatal_f("sshbuf_new failed"); 2031 load_server_config(item->filename, 2032 item->contents); 2033 parse_server_config_depth(options, 2034 item->filename, item->contents, 2035 includes, connectinfo, 2036 (*inc_flags & SSHCFG_MATCH_ONLY 2037 ? SSHCFG_MATCH_ONLY : (oactive 2038 ? 0 : SSHCFG_NEVERMATCH)), 2039 activep, depth + 1); 2040 *activep = oactive; 2041 TAILQ_INSERT_TAIL(includes, item, entry); 2042 } 2043 globfree(&gbuf); 2044 free(arg); 2045 } 2046 if (value == 0) { 2047 fatal("%s line %d: Include missing filename argument", 2048 filename, linenum); 2049 } 2050 break; 2051 2052 case sMatch: 2053 if (cmdline) 2054 fatal("Match directive not supported as a command-line " 2055 "option"); 2056 value = match_cfg_line(&cp, linenum, 2057 (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo)); 2058 if (value < 0) 2059 fatal("%s line %d: Bad Match condition", filename, 2060 linenum); 2061 *activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; 2062 /* The MATCH_ONLY is applicable only until the first match block */ 2063 *inc_flags &= ~SSHCFG_MATCH_ONLY; 2064 break; 2065 2066 case sPermitListen: 2067 case sPermitOpen: 2068 if (opcode == sPermitListen) { 2069 uintptr = &options->num_permitted_listens; 2070 chararrayptr = &options->permitted_listens; 2071 } else { 2072 uintptr = &options->num_permitted_opens; 2073 chararrayptr = &options->permitted_opens; 2074 } 2075 arg = strdelim(&cp); 2076 if (!arg || *arg == '\0') 2077 fatal("%s line %d: missing %s specification", 2078 filename, linenum, lookup_opcode_name(opcode)); 2079 uvalue = *uintptr; /* modified later */ 2080 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { 2081 if (*activep && uvalue == 0) { 2082 *uintptr = 1; 2083 *chararrayptr = xcalloc(1, 2084 sizeof(**chararrayptr)); 2085 (*chararrayptr)[0] = xstrdup(arg); 2086 } 2087 break; 2088 } 2089 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 2090 if (opcode == sPermitListen && 2091 strchr(arg, ':') == NULL) { 2092 /* 2093 * Allow bare port number for PermitListen 2094 * to indicate a wildcard listen host. 2095 */ 2096 xasprintf(&arg2, "*:%s", arg); 2097 } else { 2098 arg2 = xstrdup(arg); 2099 ch = '\0'; 2100 p = hpdelim2(&arg, &ch); 2101 if (p == NULL || ch == '/') { 2102 fatal("%s line %d: missing host in %s", 2103 filename, linenum, 2104 lookup_opcode_name(opcode)); 2105 } 2106 p = cleanhostname(p); 2107 } 2108 if (arg == NULL || 2109 ((port = permitopen_port(arg)) < 0)) { 2110 fatal("%s line %d: bad port number in %s", 2111 filename, linenum, 2112 lookup_opcode_name(opcode)); 2113 } 2114 if (*activep && uvalue == 0) { 2115 opt_array_append(filename, linenum, 2116 lookup_opcode_name(opcode), 2117 chararrayptr, uintptr, arg2); 2118 } 2119 free(arg2); 2120 } 2121 break; 2122 2123 case sForceCommand: 2124 if (cp == NULL || *cp == '\0') 2125 fatal("%.200s line %d: Missing argument.", filename, 2126 linenum); 2127 len = strspn(cp, WHITESPACE); 2128 if (*activep && options->adm_forced_command == NULL) 2129 options->adm_forced_command = xstrdup(cp + len); 2130 return 0; 2131 2132 case sChrootDirectory: 2133 charptr = &options->chroot_directory; 2134 2135 arg = strdelim(&cp); 2136 if (!arg || *arg == '\0') 2137 fatal("%s line %d: missing file name.", 2138 filename, linenum); 2139 if (*activep && *charptr == NULL) 2140 *charptr = xstrdup(arg); 2141 break; 2142 2143 case sTrustedUserCAKeys: 2144 charptr = &options->trusted_user_ca_keys; 2145 goto parse_filename; 2146 2147 case sRevokedKeys: 2148 charptr = &options->revoked_keys_file; 2149 goto parse_filename; 2150 2151 case sSecurityKeyProvider: 2152 charptr = &options->sk_provider; 2153 arg = strdelim(&cp); 2154 if (!arg || *arg == '\0') 2155 fatal("%s line %d: missing file name.", 2156 filename, linenum); 2157 if (*activep && *charptr == NULL) { 2158 *charptr = strcasecmp(arg, "internal") == 0 ? 2159 xstrdup(arg) : derelativise_path(arg); 2160 /* increase optional counter */ 2161 if (intptr != NULL) 2162 *intptr = *intptr + 1; 2163 } 2164 break; 2165 2166 case sIPQoS: 2167 arg = strdelim(&cp); 2168 if ((value = parse_ipqos(arg)) == -1) 2169 fatal("%s line %d: Bad IPQoS value: %s", 2170 filename, linenum, arg); 2171 arg = strdelim(&cp); 2172 if (arg == NULL) 2173 value2 = value; 2174 else if ((value2 = parse_ipqos(arg)) == -1) 2175 fatal("%s line %d: Bad IPQoS value: %s", 2176 filename, linenum, arg); 2177 if (*activep) { 2178 options->ip_qos_interactive = value; 2179 options->ip_qos_bulk = value2; 2180 } 2181 break; 2182 2183 case sVersionAddendum: 2184 if (cp == NULL || *cp == '\0') 2185 fatal("%.200s line %d: Missing argument.", filename, 2186 linenum); 2187 len = strspn(cp, WHITESPACE); 2188 if (*activep && options->version_addendum == NULL) { 2189 if (strcasecmp(cp + len, "none") == 0) 2190 options->version_addendum = xstrdup(""); 2191 else if (strchr(cp + len, '\r') != NULL) 2192 fatal("%.200s line %d: Invalid argument", 2193 filename, linenum); 2194 else 2195 options->version_addendum = xstrdup(cp + len); 2196 } 2197 return 0; 2198 2199 case sAuthorizedKeysCommand: 2200 if (cp == NULL) 2201 fatal("%.200s line %d: Missing argument.", filename, 2202 linenum); 2203 len = strspn(cp, WHITESPACE); 2204 if (*activep && options->authorized_keys_command == NULL) { 2205 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2206 fatal("%.200s line %d: AuthorizedKeysCommand " 2207 "must be an absolute path", 2208 filename, linenum); 2209 options->authorized_keys_command = xstrdup(cp + len); 2210 } 2211 return 0; 2212 2213 case sAuthorizedKeysCommandUser: 2214 charptr = &options->authorized_keys_command_user; 2215 2216 arg = strdelim(&cp); 2217 if (!arg || *arg == '\0') 2218 fatal("%s line %d: missing AuthorizedKeysCommandUser " 2219 "argument.", filename, linenum); 2220 if (*activep && *charptr == NULL) 2221 *charptr = xstrdup(arg); 2222 break; 2223 2224 case sAuthorizedPrincipalsCommand: 2225 if (cp == NULL) 2226 fatal("%.200s line %d: Missing argument.", filename, 2227 linenum); 2228 len = strspn(cp, WHITESPACE); 2229 if (*activep && 2230 options->authorized_principals_command == NULL) { 2231 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2232 fatal("%.200s line %d: " 2233 "AuthorizedPrincipalsCommand must be " 2234 "an absolute path", filename, linenum); 2235 options->authorized_principals_command = 2236 xstrdup(cp + len); 2237 } 2238 return 0; 2239 2240 case sAuthorizedPrincipalsCommandUser: 2241 charptr = &options->authorized_principals_command_user; 2242 2243 arg = strdelim(&cp); 2244 if (!arg || *arg == '\0') 2245 fatal("%s line %d: missing " 2246 "AuthorizedPrincipalsCommandUser argument.", 2247 filename, linenum); 2248 if (*activep && *charptr == NULL) 2249 *charptr = xstrdup(arg); 2250 break; 2251 2252 case sAuthenticationMethods: 2253 if (options->num_auth_methods == 0) { 2254 value = 0; /* seen "any" pseudo-method */ 2255 value2 = 0; /* successfully parsed any method */ 2256 while ((arg = strdelim(&cp)) && *arg != '\0') { 2257 if (strcmp(arg, "any") == 0) { 2258 if (options->num_auth_methods > 0) { 2259 fatal("%s line %d: \"any\" " 2260 "must appear alone in " 2261 "AuthenticationMethods", 2262 filename, linenum); 2263 } 2264 value = 1; 2265 } else if (value) { 2266 fatal("%s line %d: \"any\" must appear " 2267 "alone in AuthenticationMethods", 2268 filename, linenum); 2269 } else if (auth2_methods_valid(arg, 0) != 0) { 2270 fatal("%s line %d: invalid " 2271 "authentication method list.", 2272 filename, linenum); 2273 } 2274 value2 = 1; 2275 if (!*activep) 2276 continue; 2277 opt_array_append(filename, linenum, 2278 "AuthenticationMethods", 2279 &options->auth_methods, 2280 &options->num_auth_methods, arg); 2281 } 2282 if (value2 == 0) { 2283 fatal("%s line %d: no AuthenticationMethods " 2284 "specified", filename, linenum); 2285 } 2286 } 2287 return 0; 2288 2289 case sStreamLocalBindMask: 2290 arg = strdelim(&cp); 2291 if (!arg || *arg == '\0') 2292 fatal("%s line %d: missing StreamLocalBindMask " 2293 "argument.", filename, linenum); 2294 /* Parse mode in octal format */ 2295 value = strtol(arg, &p, 8); 2296 if (arg == p || value < 0 || value > 0777) 2297 fatal("%s line %d: Bad mask.", filename, linenum); 2298 if (*activep) 2299 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 2300 break; 2301 2302 case sStreamLocalBindUnlink: 2303 intptr = &options->fwd_opts.streamlocal_bind_unlink; 2304 goto parse_flag; 2305 2306 case sFingerprintHash: 2307 arg = strdelim(&cp); 2308 if (!arg || *arg == '\0') 2309 fatal("%.200s line %d: Missing argument.", 2310 filename, linenum); 2311 if ((value = ssh_digest_alg_by_name(arg)) == -1) 2312 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 2313 filename, linenum, arg); 2314 if (*activep) 2315 options->fingerprint_hash = value; 2316 break; 2317 2318 case sExposeAuthInfo: 2319 intptr = &options->expose_userauth_info; 2320 goto parse_flag; 2321 2322 case sRDomain: 2323 charptr = &options->routing_domain; 2324 arg = strdelim(&cp); 2325 if (!arg || *arg == '\0') 2326 fatal("%.200s line %d: Missing argument.", 2327 filename, linenum); 2328 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && 2329 !valid_rdomain(arg)) 2330 fatal("%s line %d: bad routing domain", 2331 filename, linenum); 2332 if (*activep && *charptr == NULL) 2333 *charptr = xstrdup(arg); 2334 break; 2335 2336 case sDeprecated: 2337 case sIgnore: 2338 case sUnsupported: 2339 do_log2(opcode == sIgnore ? 2340 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 2341 "%s line %d: %s option %s", filename, linenum, 2342 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); 2343 while (arg) 2344 arg = strdelim(&cp); 2345 break; 2346 2347 default: 2348 fatal("%s line %d: Missing handler for opcode %s (%d)", 2349 filename, linenum, arg, opcode); 2350 } 2351 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 2352 fatal("%s line %d: garbage at end of line; \"%.200s\".", 2353 filename, linenum, arg); 2354 return 0; 2355 } 2356 2357 int 2358 process_server_config_line(ServerOptions *options, char *line, 2359 const char *filename, int linenum, int *activep, 2360 struct connection_info *connectinfo, struct include_list *includes) 2361 { 2362 int inc_flags = 0; 2363 2364 return process_server_config_line_depth(options, line, filename, 2365 linenum, activep, connectinfo, &inc_flags, 0, includes); 2366 } 2367 2368 2369 /* Reads the server configuration file. */ 2370 2371 void 2372 load_server_config(const char *filename, struct sshbuf *conf) 2373 { 2374 struct stat st; 2375 char *line = NULL, *cp; 2376 size_t linesize = 0; 2377 FILE *f; 2378 int r, lineno = 0; 2379 2380 debug2_f("filename %s", filename); 2381 if ((f = fopen(filename, "r")) == NULL) { 2382 perror(filename); 2383 exit(1); 2384 } 2385 sshbuf_reset(conf); 2386 /* grow buffer, so realloc is avoided for large config files */ 2387 if (fstat(fileno(f), &st) == 0 && st.st_size > 0 && 2388 (r = sshbuf_allocate(conf, st.st_size)) != 0) 2389 fatal_fr(r, "allocate"); 2390 while (getline(&line, &linesize, f) != -1) { 2391 lineno++; 2392 /* 2393 * Trim out comments and strip whitespace 2394 * NB - preserve newlines, they are needed to reproduce 2395 * line numbers later for error messages 2396 */ 2397 if ((cp = strchr(line, '#')) != NULL) 2398 memcpy(cp, "\n", 2); 2399 cp = line + strspn(line, " \t\r"); 2400 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) 2401 fatal_fr(r, "sshbuf_put"); 2402 } 2403 free(line); 2404 if ((r = sshbuf_put_u8(conf, 0)) != 0) 2405 fatal_fr(r, "sshbuf_put_u8"); 2406 fclose(f); 2407 debug2_f("done config len = %zu", sshbuf_len(conf)); 2408 } 2409 2410 void 2411 parse_server_match_config(ServerOptions *options, 2412 struct include_list *includes, struct connection_info *connectinfo) 2413 { 2414 ServerOptions mo; 2415 2416 initialize_server_options(&mo); 2417 parse_server_config(&mo, "reprocess config", cfg, includes, 2418 connectinfo); 2419 copy_set_server_options(options, &mo, 0); 2420 } 2421 2422 int parse_server_match_testspec(struct connection_info *ci, char *spec) 2423 { 2424 char *p; 2425 2426 while ((p = strsep(&spec, ",")) && *p != '\0') { 2427 if (strncmp(p, "addr=", 5) == 0) { 2428 ci->address = xstrdup(p + 5); 2429 } else if (strncmp(p, "host=", 5) == 0) { 2430 ci->host = xstrdup(p + 5); 2431 } else if (strncmp(p, "user=", 5) == 0) { 2432 ci->user = xstrdup(p + 5); 2433 } else if (strncmp(p, "laddr=", 6) == 0) { 2434 ci->laddress = xstrdup(p + 6); 2435 } else if (strncmp(p, "rdomain=", 8) == 0) { 2436 ci->rdomain = xstrdup(p + 8); 2437 } else if (strncmp(p, "lport=", 6) == 0) { 2438 ci->lport = a2port(p + 6); 2439 if (ci->lport == -1) { 2440 fprintf(stderr, "Invalid port '%s' in test mode" 2441 " specification %s\n", p+6, p); 2442 return -1; 2443 } 2444 } else { 2445 fprintf(stderr, "Invalid test mode specification %s\n", 2446 p); 2447 return -1; 2448 } 2449 } 2450 return 0; 2451 } 2452 2453 /* 2454 * Copy any supported values that are set. 2455 * 2456 * If the preauth flag is set, we do not bother copying the string or 2457 * array values that are not used pre-authentication, because any that we 2458 * do use must be explicitly sent in mm_getpwnamallow(). 2459 */ 2460 void 2461 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 2462 { 2463 #define M_CP_INTOPT(n) do {\ 2464 if (src->n != -1) \ 2465 dst->n = src->n; \ 2466 } while (0) 2467 2468 M_CP_INTOPT(password_authentication); 2469 M_CP_INTOPT(gss_authentication); 2470 M_CP_INTOPT(pubkey_authentication); 2471 M_CP_INTOPT(pubkey_auth_options); 2472 M_CP_INTOPT(kerberos_authentication); 2473 M_CP_INTOPT(hostbased_authentication); 2474 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 2475 M_CP_INTOPT(kbd_interactive_authentication); 2476 M_CP_INTOPT(permit_root_login); 2477 M_CP_INTOPT(permit_empty_passwd); 2478 M_CP_INTOPT(ignore_rhosts); 2479 2480 M_CP_INTOPT(allow_tcp_forwarding); 2481 M_CP_INTOPT(allow_streamlocal_forwarding); 2482 M_CP_INTOPT(allow_agent_forwarding); 2483 M_CP_INTOPT(disable_forwarding); 2484 M_CP_INTOPT(expose_userauth_info); 2485 M_CP_INTOPT(permit_tun); 2486 M_CP_INTOPT(fwd_opts.gateway_ports); 2487 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2488 M_CP_INTOPT(x11_display_offset); 2489 M_CP_INTOPT(x11_forwarding); 2490 M_CP_INTOPT(x11_use_localhost); 2491 M_CP_INTOPT(permit_tty); 2492 M_CP_INTOPT(permit_user_rc); 2493 M_CP_INTOPT(max_sessions); 2494 M_CP_INTOPT(max_authtries); 2495 M_CP_INTOPT(client_alive_count_max); 2496 M_CP_INTOPT(client_alive_interval); 2497 M_CP_INTOPT(ip_qos_interactive); 2498 M_CP_INTOPT(ip_qos_bulk); 2499 M_CP_INTOPT(rekey_limit); 2500 M_CP_INTOPT(rekey_interval); 2501 M_CP_INTOPT(log_level); 2502 2503 /* 2504 * The bind_mask is a mode_t that may be unsigned, so we can't use 2505 * M_CP_INTOPT - it does a signed comparison that causes compiler 2506 * warnings. 2507 */ 2508 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 2509 dst->fwd_opts.streamlocal_bind_mask = 2510 src->fwd_opts.streamlocal_bind_mask; 2511 } 2512 2513 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2514 #define M_CP_STROPT(n) do {\ 2515 if (src->n != NULL && dst->n != src->n) { \ 2516 free(dst->n); \ 2517 dst->n = src->n; \ 2518 } \ 2519 } while(0) 2520 #define M_CP_STRARRAYOPT(s, num_s) do {\ 2521 u_int i; \ 2522 if (src->num_s != 0) { \ 2523 for (i = 0; i < dst->num_s; i++) \ 2524 free(dst->s[i]); \ 2525 free(dst->s); \ 2526 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \ 2527 for (i = 0; i < src->num_s; i++) \ 2528 dst->s[i] = xstrdup(src->s[i]); \ 2529 dst->num_s = src->num_s; \ 2530 } \ 2531 } while(0) 2532 2533 /* See comment in servconf.h */ 2534 COPY_MATCH_STRING_OPTS(); 2535 2536 /* Arguments that accept '+...' need to be expanded */ 2537 assemble_algorithms(dst); 2538 2539 /* 2540 * The only things that should be below this point are string options 2541 * which are only used after authentication. 2542 */ 2543 if (preauth) 2544 return; 2545 2546 /* These options may be "none" to clear a global setting */ 2547 M_CP_STROPT(adm_forced_command); 2548 if (option_clear_or_none(dst->adm_forced_command)) { 2549 free(dst->adm_forced_command); 2550 dst->adm_forced_command = NULL; 2551 } 2552 M_CP_STROPT(chroot_directory); 2553 if (option_clear_or_none(dst->chroot_directory)) { 2554 free(dst->chroot_directory); 2555 dst->chroot_directory = NULL; 2556 } 2557 } 2558 2559 #undef M_CP_INTOPT 2560 #undef M_CP_STROPT 2561 #undef M_CP_STRARRAYOPT 2562 2563 #define SERVCONF_MAX_DEPTH 16 2564 static void 2565 parse_server_config_depth(ServerOptions *options, const char *filename, 2566 struct sshbuf *conf, struct include_list *includes, 2567 struct connection_info *connectinfo, int flags, int *activep, int depth) 2568 { 2569 int linenum, bad_options = 0; 2570 char *cp, *obuf, *cbuf; 2571 2572 if (depth < 0 || depth > SERVCONF_MAX_DEPTH) 2573 fatal("Too many recursive configuration includes"); 2574 2575 debug2_f("config %s len %zu%s", filename, sshbuf_len(conf), 2576 (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : "")); 2577 2578 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2579 fatal_f("sshbuf_dup_string failed"); 2580 linenum = 1; 2581 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2582 if (process_server_config_line_depth(options, cp, 2583 filename, linenum++, activep, connectinfo, &flags, 2584 depth, includes) != 0) 2585 bad_options++; 2586 } 2587 free(obuf); 2588 if (bad_options > 0) 2589 fatal("%s: terminating, %d bad configuration options", 2590 filename, bad_options); 2591 } 2592 2593 void 2594 parse_server_config(ServerOptions *options, const char *filename, 2595 struct sshbuf *conf, struct include_list *includes, 2596 struct connection_info *connectinfo) 2597 { 2598 int active = connectinfo ? 0 : 1; 2599 parse_server_config_depth(options, filename, conf, includes, 2600 connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0); 2601 process_queued_listen_addrs(options); 2602 } 2603 2604 static const char * 2605 fmt_multistate_int(int val, const struct multistate *m) 2606 { 2607 u_int i; 2608 2609 for (i = 0; m[i].key != NULL; i++) { 2610 if (m[i].value == val) 2611 return m[i].key; 2612 } 2613 return "UNKNOWN"; 2614 } 2615 2616 static const char * 2617 fmt_intarg(ServerOpCodes code, int val) 2618 { 2619 if (val == -1) 2620 return "unset"; 2621 switch (code) { 2622 case sAddressFamily: 2623 return fmt_multistate_int(val, multistate_addressfamily); 2624 case sPermitRootLogin: 2625 return fmt_multistate_int(val, multistate_permitrootlogin); 2626 case sGatewayPorts: 2627 return fmt_multistate_int(val, multistate_gatewayports); 2628 case sCompression: 2629 return fmt_multistate_int(val, multistate_compression); 2630 case sAllowTcpForwarding: 2631 return fmt_multistate_int(val, multistate_tcpfwd); 2632 case sAllowStreamLocalForwarding: 2633 return fmt_multistate_int(val, multistate_tcpfwd); 2634 case sIgnoreRhosts: 2635 return fmt_multistate_int(val, multistate_ignore_rhosts); 2636 case sFingerprintHash: 2637 return ssh_digest_alg_name(val); 2638 default: 2639 switch (val) { 2640 case 0: 2641 return "no"; 2642 case 1: 2643 return "yes"; 2644 default: 2645 return "UNKNOWN"; 2646 } 2647 } 2648 } 2649 2650 static void 2651 dump_cfg_int(ServerOpCodes code, int val) 2652 { 2653 printf("%s %d\n", lookup_opcode_name(code), val); 2654 } 2655 2656 static void 2657 dump_cfg_oct(ServerOpCodes code, int val) 2658 { 2659 printf("%s 0%o\n", lookup_opcode_name(code), val); 2660 } 2661 2662 static void 2663 dump_cfg_fmtint(ServerOpCodes code, int val) 2664 { 2665 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2666 } 2667 2668 static void 2669 dump_cfg_string(ServerOpCodes code, const char *val) 2670 { 2671 printf("%s %s\n", lookup_opcode_name(code), 2672 val == NULL ? "none" : val); 2673 } 2674 2675 static void 2676 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2677 { 2678 u_int i; 2679 2680 for (i = 0; i < count; i++) 2681 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2682 } 2683 2684 static void 2685 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2686 { 2687 u_int i; 2688 2689 if (count <= 0 && code != sAuthenticationMethods) 2690 return; 2691 printf("%s", lookup_opcode_name(code)); 2692 for (i = 0; i < count; i++) 2693 printf(" %s", vals[i]); 2694 if (code == sAuthenticationMethods && count == 0) 2695 printf(" any"); 2696 printf("\n"); 2697 } 2698 2699 static char * 2700 format_listen_addrs(struct listenaddr *la) 2701 { 2702 int r; 2703 struct addrinfo *ai; 2704 char addr[NI_MAXHOST], port[NI_MAXSERV]; 2705 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2706 2707 /* 2708 * ListenAddress must be after Port. add_one_listen_addr pushes 2709 * addresses onto a stack, so to maintain ordering we need to 2710 * print these in reverse order. 2711 */ 2712 for (ai = la->addrs; ai; ai = ai->ai_next) { 2713 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2714 sizeof(addr), port, sizeof(port), 2715 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2716 error("getnameinfo: %.100s", ssh_gai_strerror(r)); 2717 continue; 2718 } 2719 laddr2 = laddr1; 2720 if (ai->ai_family == AF_INET6) { 2721 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s", 2722 addr, port, 2723 la->rdomain == NULL ? "" : " rdomain ", 2724 la->rdomain == NULL ? "" : la->rdomain, 2725 laddr2); 2726 } else { 2727 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s", 2728 addr, port, 2729 la->rdomain == NULL ? "" : " rdomain ", 2730 la->rdomain == NULL ? "" : la->rdomain, 2731 laddr2); 2732 } 2733 free(laddr2); 2734 } 2735 return laddr1; 2736 } 2737 2738 void 2739 dump_config(ServerOptions *o) 2740 { 2741 char *s; 2742 u_int i; 2743 2744 /* these are usually at the top of the config */ 2745 for (i = 0; i < o->num_ports; i++) 2746 printf("port %d\n", o->ports[i]); 2747 dump_cfg_fmtint(sAddressFamily, o->address_family); 2748 2749 for (i = 0; i < o->num_listen_addrs; i++) { 2750 s = format_listen_addrs(&o->listen_addrs[i]); 2751 printf("%s", s); 2752 free(s); 2753 } 2754 2755 /* integer arguments */ 2756 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2757 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2758 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2759 dump_cfg_int(sMaxSessions, o->max_sessions); 2760 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2761 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2762 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2763 2764 /* formatted integer arguments */ 2765 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2766 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2767 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2768 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2769 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2770 o->hostbased_uses_name_from_packet_only); 2771 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2772 #ifdef KRB5 2773 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2774 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2775 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2776 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2777 #endif 2778 #ifdef GSSAPI 2779 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2780 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2781 #endif 2782 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2783 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2784 o->kbd_interactive_authentication); 2785 dump_cfg_fmtint(sChallengeResponseAuthentication, 2786 o->challenge_response_authentication); 2787 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2788 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2789 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2790 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2791 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2792 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2793 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2794 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2795 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2796 dump_cfg_fmtint(sCompression, o->compression); 2797 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2798 dump_cfg_fmtint(sUseDNS, o->use_dns); 2799 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2800 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2801 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2802 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2803 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2804 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2805 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); 2806 2807 /* string arguments */ 2808 dump_cfg_string(sPidFile, o->pid_file); 2809 dump_cfg_string(sXAuthLocation, o->xauth_location); 2810 dump_cfg_string(sCiphers, o->ciphers); 2811 dump_cfg_string(sMacs, o->macs); 2812 dump_cfg_string(sBanner, o->banner); 2813 dump_cfg_string(sForceCommand, o->adm_forced_command); 2814 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2815 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2816 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2817 dump_cfg_string(sSecurityKeyProvider, o->sk_provider); 2818 dump_cfg_string(sAuthorizedPrincipalsFile, 2819 o->authorized_principals_file); 2820 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2821 ? "none" : o->version_addendum); 2822 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2823 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2824 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2825 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2826 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2827 dump_cfg_string(sKexAlgorithms, o->kex_algorithms); 2828 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms); 2829 dump_cfg_string(sHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos); 2830 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms); 2831 dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos); 2832 dump_cfg_string(sRDomain, o->routing_domain); 2833 2834 /* string arguments requiring a lookup */ 2835 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2836 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2837 2838 /* string array arguments */ 2839 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2840 o->authorized_keys_files); 2841 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2842 o->host_key_files); 2843 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2844 o->host_cert_files); 2845 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2846 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2847 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2848 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2849 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2850 dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv); 2851 dump_cfg_strarray_oneline(sAuthenticationMethods, 2852 o->num_auth_methods, o->auth_methods); 2853 dump_cfg_strarray_oneline(sLogVerbose, 2854 o->num_log_verbose, o->log_verbose); 2855 2856 /* other arguments */ 2857 for (i = 0; i < o->num_subsystems; i++) 2858 printf("subsystem %s %s\n", o->subsystem_name[i], 2859 o->subsystem_args[i]); 2860 2861 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2862 o->max_startups_rate, o->max_startups); 2863 printf("persourcemaxstartups "); 2864 if (o->per_source_max_startups == INT_MAX) 2865 printf("none\n"); 2866 else 2867 printf("%d\n", o->per_source_max_startups); 2868 printf("persourcenetblocksize %d:%d\n", o->per_source_masklen_ipv4, 2869 o->per_source_masklen_ipv6); 2870 2871 s = NULL; 2872 for (i = 0; tunmode_desc[i].val != -1; i++) { 2873 if (tunmode_desc[i].val == o->permit_tun) { 2874 s = tunmode_desc[i].text; 2875 break; 2876 } 2877 } 2878 dump_cfg_string(sPermitTunnel, s); 2879 2880 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2881 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2882 2883 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2884 o->rekey_interval); 2885 2886 printf("permitopen"); 2887 if (o->num_permitted_opens == 0) 2888 printf(" any"); 2889 else { 2890 for (i = 0; i < o->num_permitted_opens; i++) 2891 printf(" %s", o->permitted_opens[i]); 2892 } 2893 printf("\n"); 2894 printf("permitlisten"); 2895 if (o->num_permitted_listens == 0) 2896 printf(" any"); 2897 else { 2898 for (i = 0; i < o->num_permitted_listens; i++) 2899 printf(" %s", o->permitted_listens[i]); 2900 } 2901 printf("\n"); 2902 2903 if (o->permit_user_env_allowlist == NULL) { 2904 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2905 } else { 2906 printf("permituserenvironment %s\n", 2907 o->permit_user_env_allowlist); 2908 } 2909 2910 printf("pubkeyauthoptions"); 2911 if (o->pubkey_auth_options == 0) 2912 printf(" none"); 2913 if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED) 2914 printf(" touch-required"); 2915 if (o->pubkey_auth_options & PUBKEYAUTH_VERIFY_REQUIRED) 2916 printf(" verify-required"); 2917 printf("\n"); 2918 } 2919