1 2 /* $OpenBSD: servconf.c,v 1.384 2022/03/18 04:04:11 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include <sys/types.h> 15 #include <sys/socket.h> 16 #include <sys/queue.h> 17 #include <sys/sysctl.h> 18 #include <sys/stat.h> 19 20 #include <netinet/in.h> 21 #include <netinet/ip.h> 22 #include <net/route.h> 23 24 #include <ctype.h> 25 #include <glob.h> 26 #include <netdb.h> 27 #include <pwd.h> 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <string.h> 31 #include <signal.h> 32 #include <unistd.h> 33 #include <limits.h> 34 #include <stdarg.h> 35 #include <errno.h> 36 #include <util.h> 37 38 #include "xmalloc.h" 39 #include "ssh.h" 40 #include "log.h" 41 #include "sshbuf.h" 42 #include "misc.h" 43 #include "servconf.h" 44 #include "compat.h" 45 #include "pathnames.h" 46 #include "cipher.h" 47 #include "sshkey.h" 48 #include "kex.h" 49 #include "mac.h" 50 #include "match.h" 51 #include "channels.h" 52 #include "groupaccess.h" 53 #include "canohost.h" 54 #include "packet.h" 55 #include "ssherr.h" 56 #include "hostfile.h" 57 #include "auth.h" 58 #include "myproposal.h" 59 #include "digest.h" 60 61 static void add_listen_addr(ServerOptions *, const char *, 62 const char *, int); 63 static void add_one_listen_addr(ServerOptions *, const char *, 64 const char *, int); 65 static void parse_server_config_depth(ServerOptions *options, 66 const char *filename, struct sshbuf *conf, struct include_list *includes, 67 struct connection_info *connectinfo, int flags, int *activep, int depth); 68 69 /* Use of privilege separation or not */ 70 extern int use_privsep; 71 extern struct sshbuf *cfg; 72 73 /* Initializes the server options to their default values. */ 74 75 void 76 initialize_server_options(ServerOptions *options) 77 { 78 memset(options, 0, sizeof(*options)); 79 options->num_ports = 0; 80 options->ports_from_cmdline = 0; 81 options->queued_listen_addrs = NULL; 82 options->num_queued_listens = 0; 83 options->listen_addrs = NULL; 84 options->num_listen_addrs = 0; 85 options->address_family = -1; 86 options->routing_domain = NULL; 87 options->num_host_key_files = 0; 88 options->num_host_cert_files = 0; 89 options->host_key_agent = NULL; 90 options->pid_file = NULL; 91 options->login_grace_time = -1; 92 options->permit_root_login = PERMIT_NOT_SET; 93 options->ignore_rhosts = -1; 94 options->ignore_user_known_hosts = -1; 95 options->print_motd = -1; 96 options->print_lastlog = -1; 97 options->x11_forwarding = -1; 98 options->x11_display_offset = -1; 99 options->x11_use_localhost = -1; 100 options->permit_tty = -1; 101 options->permit_user_rc = -1; 102 options->xauth_location = NULL; 103 options->strict_modes = -1; 104 options->tcp_keep_alive = -1; 105 options->log_facility = SYSLOG_FACILITY_NOT_SET; 106 options->log_level = SYSLOG_LEVEL_NOT_SET; 107 options->num_log_verbose = 0; 108 options->log_verbose = NULL; 109 options->hostbased_authentication = -1; 110 options->hostbased_uses_name_from_packet_only = -1; 111 options->hostbased_accepted_algos = NULL; 112 options->hostkeyalgorithms = NULL; 113 options->pubkey_authentication = -1; 114 options->pubkey_auth_options = -1; 115 options->pubkey_accepted_algos = NULL; 116 options->kerberos_authentication = -1; 117 options->kerberos_or_local_passwd = -1; 118 options->kerberos_ticket_cleanup = -1; 119 options->kerberos_get_afs_token = -1; 120 options->gss_authentication=-1; 121 options->gss_cleanup_creds = -1; 122 options->gss_strict_acceptor = -1; 123 options->password_authentication = -1; 124 options->kbd_interactive_authentication = -1; 125 options->permit_empty_passwd = -1; 126 options->permit_user_env = -1; 127 options->permit_user_env_allowlist = NULL; 128 options->compression = -1; 129 options->rekey_limit = -1; 130 options->rekey_interval = -1; 131 options->allow_tcp_forwarding = -1; 132 options->allow_streamlocal_forwarding = -1; 133 options->allow_agent_forwarding = -1; 134 options->num_allow_users = 0; 135 options->num_deny_users = 0; 136 options->num_allow_groups = 0; 137 options->num_deny_groups = 0; 138 options->ciphers = NULL; 139 options->macs = NULL; 140 options->kex_algorithms = NULL; 141 options->ca_sign_algorithms = NULL; 142 options->fwd_opts.gateway_ports = -1; 143 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 144 options->fwd_opts.streamlocal_bind_unlink = -1; 145 options->num_subsystems = 0; 146 options->max_startups_begin = -1; 147 options->max_startups_rate = -1; 148 options->max_startups = -1; 149 options->per_source_max_startups = -1; 150 options->per_source_masklen_ipv4 = -1; 151 options->per_source_masklen_ipv6 = -1; 152 options->max_authtries = -1; 153 options->max_sessions = -1; 154 options->banner = NULL; 155 options->use_dns = -1; 156 options->client_alive_interval = -1; 157 options->client_alive_count_max = -1; 158 options->num_authkeys_files = 0; 159 options->num_accept_env = 0; 160 options->num_setenv = 0; 161 options->permit_tun = -1; 162 options->permitted_opens = NULL; 163 options->permitted_listens = NULL; 164 options->adm_forced_command = NULL; 165 options->chroot_directory = NULL; 166 options->authorized_keys_command = NULL; 167 options->authorized_keys_command_user = NULL; 168 options->revoked_keys_file = NULL; 169 options->sk_provider = NULL; 170 options->trusted_user_ca_keys = NULL; 171 options->authorized_principals_file = NULL; 172 options->authorized_principals_command = NULL; 173 options->authorized_principals_command_user = NULL; 174 options->ip_qos_interactive = -1; 175 options->ip_qos_bulk = -1; 176 options->version_addendum = NULL; 177 options->fingerprint_hash = -1; 178 options->disable_forwarding = -1; 179 options->expose_userauth_info = -1; 180 } 181 182 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 183 static int 184 option_clear_or_none(const char *o) 185 { 186 return o == NULL || strcasecmp(o, "none") == 0; 187 } 188 189 static void 190 assemble_algorithms(ServerOptions *o) 191 { 192 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 193 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; 194 int r; 195 196 all_cipher = cipher_alg_list(',', 0); 197 all_mac = mac_alg_list(','); 198 all_kex = kex_alg_list(','); 199 all_key = sshkey_alg_list(0, 0, 1, ','); 200 all_sig = sshkey_alg_list(0, 1, 1, ','); 201 /* remove unsupported algos from default lists */ 202 def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher); 203 def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac); 204 def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex); 205 def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key); 206 def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig); 207 #define ASSEMBLE(what, defaults, all) \ 208 do { \ 209 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ 210 fatal_fr(r, "%s", #what); \ 211 } while (0) 212 ASSEMBLE(ciphers, def_cipher, all_cipher); 213 ASSEMBLE(macs, def_mac, all_mac); 214 ASSEMBLE(kex_algorithms, def_kex, all_kex); 215 ASSEMBLE(hostkeyalgorithms, def_key, all_key); 216 ASSEMBLE(hostbased_accepted_algos, def_key, all_key); 217 ASSEMBLE(pubkey_accepted_algos, def_key, all_key); 218 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); 219 #undef ASSEMBLE 220 free(all_cipher); 221 free(all_mac); 222 free(all_kex); 223 free(all_key); 224 free(all_sig); 225 free(def_cipher); 226 free(def_mac); 227 free(def_kex); 228 free(def_key); 229 free(def_sig); 230 } 231 232 void 233 servconf_add_hostkey(const char *file, const int line, 234 ServerOptions *options, const char *path, int userprovided) 235 { 236 char *apath = derelativise_path(path); 237 238 opt_array_append2(file, line, "HostKey", 239 &options->host_key_files, &options->host_key_file_userprovided, 240 &options->num_host_key_files, apath, userprovided); 241 free(apath); 242 } 243 244 void 245 servconf_add_hostcert(const char *file, const int line, 246 ServerOptions *options, const char *path) 247 { 248 char *apath = derelativise_path(path); 249 250 opt_array_append(file, line, "HostCertificate", 251 &options->host_cert_files, &options->num_host_cert_files, apath); 252 free(apath); 253 } 254 255 void 256 fill_default_server_options(ServerOptions *options) 257 { 258 u_int i; 259 260 if (options->num_host_key_files == 0) { 261 /* fill default hostkeys */ 262 servconf_add_hostkey("[default]", 0, options, 263 _PATH_HOST_RSA_KEY_FILE, 0); 264 servconf_add_hostkey("[default]", 0, options, 265 _PATH_HOST_ECDSA_KEY_FILE, 0); 266 servconf_add_hostkey("[default]", 0, options, 267 _PATH_HOST_ED25519_KEY_FILE, 0); 268 #ifdef WITH_XMSS 269 servconf_add_hostkey("[default]", 0, options, 270 _PATH_HOST_XMSS_KEY_FILE, 0); 271 #endif /* WITH_XMSS */ 272 } 273 /* No certificates by default */ 274 if (options->num_ports == 0) 275 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 276 if (options->address_family == -1) 277 options->address_family = AF_UNSPEC; 278 if (options->listen_addrs == NULL) 279 add_listen_addr(options, NULL, NULL, 0); 280 if (options->pid_file == NULL) 281 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 282 if (options->moduli_file == NULL) 283 options->moduli_file = xstrdup(_PATH_DH_MODULI); 284 if (options->login_grace_time == -1) 285 options->login_grace_time = 120; 286 if (options->permit_root_login == PERMIT_NOT_SET) 287 options->permit_root_login = PERMIT_NO_PASSWD; 288 if (options->ignore_rhosts == -1) 289 options->ignore_rhosts = 1; 290 if (options->ignore_user_known_hosts == -1) 291 options->ignore_user_known_hosts = 0; 292 if (options->print_motd == -1) 293 options->print_motd = 1; 294 if (options->print_lastlog == -1) 295 options->print_lastlog = 1; 296 if (options->x11_forwarding == -1) 297 options->x11_forwarding = 0; 298 if (options->x11_display_offset == -1) 299 options->x11_display_offset = 10; 300 if (options->x11_use_localhost == -1) 301 options->x11_use_localhost = 1; 302 if (options->xauth_location == NULL) 303 options->xauth_location = xstrdup(_PATH_XAUTH); 304 if (options->permit_tty == -1) 305 options->permit_tty = 1; 306 if (options->permit_user_rc == -1) 307 options->permit_user_rc = 1; 308 if (options->strict_modes == -1) 309 options->strict_modes = 1; 310 if (options->tcp_keep_alive == -1) 311 options->tcp_keep_alive = 1; 312 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 313 options->log_facility = SYSLOG_FACILITY_AUTH; 314 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 315 options->log_level = SYSLOG_LEVEL_INFO; 316 if (options->hostbased_authentication == -1) 317 options->hostbased_authentication = 0; 318 if (options->hostbased_uses_name_from_packet_only == -1) 319 options->hostbased_uses_name_from_packet_only = 0; 320 if (options->pubkey_authentication == -1) 321 options->pubkey_authentication = 1; 322 if (options->pubkey_auth_options == -1) 323 options->pubkey_auth_options = 0; 324 if (options->kerberos_authentication == -1) 325 options->kerberos_authentication = 0; 326 if (options->kerberos_or_local_passwd == -1) 327 options->kerberos_or_local_passwd = 1; 328 if (options->kerberos_ticket_cleanup == -1) 329 options->kerberos_ticket_cleanup = 1; 330 if (options->kerberos_get_afs_token == -1) 331 options->kerberos_get_afs_token = 0; 332 if (options->gss_authentication == -1) 333 options->gss_authentication = 0; 334 if (options->gss_cleanup_creds == -1) 335 options->gss_cleanup_creds = 1; 336 if (options->gss_strict_acceptor == -1) 337 options->gss_strict_acceptor = 1; 338 if (options->password_authentication == -1) 339 options->password_authentication = 1; 340 if (options->kbd_interactive_authentication == -1) 341 options->kbd_interactive_authentication = 1; 342 if (options->permit_empty_passwd == -1) 343 options->permit_empty_passwd = 0; 344 if (options->permit_user_env == -1) { 345 options->permit_user_env = 0; 346 options->permit_user_env_allowlist = NULL; 347 } 348 if (options->compression == -1) 349 #ifdef WITH_ZLIB 350 options->compression = COMP_DELAYED; 351 #else 352 options->compression = COMP_NONE; 353 #endif 354 355 if (options->rekey_limit == -1) 356 options->rekey_limit = 0; 357 if (options->rekey_interval == -1) 358 options->rekey_interval = 0; 359 if (options->allow_tcp_forwarding == -1) 360 options->allow_tcp_forwarding = FORWARD_ALLOW; 361 if (options->allow_streamlocal_forwarding == -1) 362 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 363 if (options->allow_agent_forwarding == -1) 364 options->allow_agent_forwarding = 1; 365 if (options->fwd_opts.gateway_ports == -1) 366 options->fwd_opts.gateway_ports = 0; 367 if (options->max_startups == -1) 368 options->max_startups = 100; 369 if (options->max_startups_rate == -1) 370 options->max_startups_rate = 30; /* 30% */ 371 if (options->max_startups_begin == -1) 372 options->max_startups_begin = 10; 373 if (options->per_source_max_startups == -1) 374 options->per_source_max_startups = INT_MAX; 375 if (options->per_source_masklen_ipv4 == -1) 376 options->per_source_masklen_ipv4 = 32; 377 if (options->per_source_masklen_ipv6 == -1) 378 options->per_source_masklen_ipv6 = 128; 379 if (options->max_authtries == -1) 380 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 381 if (options->max_sessions == -1) 382 options->max_sessions = DEFAULT_SESSIONS_MAX; 383 if (options->use_dns == -1) 384 options->use_dns = 0; 385 if (options->client_alive_interval == -1) 386 options->client_alive_interval = 0; 387 if (options->client_alive_count_max == -1) 388 options->client_alive_count_max = 3; 389 if (options->num_authkeys_files == 0) { 390 opt_array_append("[default]", 0, "AuthorizedKeysFiles", 391 &options->authorized_keys_files, 392 &options->num_authkeys_files, 393 _PATH_SSH_USER_PERMITTED_KEYS); 394 opt_array_append("[default]", 0, "AuthorizedKeysFiles", 395 &options->authorized_keys_files, 396 &options->num_authkeys_files, 397 _PATH_SSH_USER_PERMITTED_KEYS2); 398 } 399 if (options->permit_tun == -1) 400 options->permit_tun = SSH_TUNMODE_NO; 401 if (options->ip_qos_interactive == -1) 402 options->ip_qos_interactive = IPTOS_DSCP_AF21; 403 if (options->ip_qos_bulk == -1) 404 options->ip_qos_bulk = IPTOS_DSCP_CS1; 405 if (options->version_addendum == NULL) 406 options->version_addendum = xstrdup(""); 407 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 408 options->fwd_opts.streamlocal_bind_mask = 0177; 409 if (options->fwd_opts.streamlocal_bind_unlink == -1) 410 options->fwd_opts.streamlocal_bind_unlink = 0; 411 if (options->fingerprint_hash == -1) 412 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 413 if (options->disable_forwarding == -1) 414 options->disable_forwarding = 0; 415 if (options->expose_userauth_info == -1) 416 options->expose_userauth_info = 0; 417 if (options->sk_provider == NULL) 418 options->sk_provider = xstrdup("internal"); 419 420 assemble_algorithms(options); 421 422 /* Turn privilege separation and sandboxing on by default */ 423 if (use_privsep == -1) 424 use_privsep = PRIVSEP_ON; 425 426 #define CLEAR_ON_NONE(v) \ 427 do { \ 428 if (option_clear_or_none(v)) { \ 429 free(v); \ 430 v = NULL; \ 431 } \ 432 } while(0) 433 CLEAR_ON_NONE(options->pid_file); 434 CLEAR_ON_NONE(options->xauth_location); 435 CLEAR_ON_NONE(options->banner); 436 CLEAR_ON_NONE(options->trusted_user_ca_keys); 437 CLEAR_ON_NONE(options->revoked_keys_file); 438 CLEAR_ON_NONE(options->sk_provider); 439 CLEAR_ON_NONE(options->authorized_principals_file); 440 CLEAR_ON_NONE(options->adm_forced_command); 441 CLEAR_ON_NONE(options->chroot_directory); 442 CLEAR_ON_NONE(options->routing_domain); 443 CLEAR_ON_NONE(options->host_key_agent); 444 for (i = 0; i < options->num_host_key_files; i++) 445 CLEAR_ON_NONE(options->host_key_files[i]); 446 for (i = 0; i < options->num_host_cert_files; i++) 447 CLEAR_ON_NONE(options->host_cert_files[i]); 448 #undef CLEAR_ON_NONE 449 450 /* Similar handling for AuthenticationMethods=any */ 451 if (options->num_auth_methods == 1 && 452 strcmp(options->auth_methods[0], "any") == 0) { 453 free(options->auth_methods[0]); 454 options->auth_methods[0] = NULL; 455 options->num_auth_methods = 0; 456 } 457 } 458 459 /* Keyword tokens. */ 460 typedef enum { 461 sBadOption, /* == unknown option */ 462 sPort, sHostKeyFile, sLoginGraceTime, 463 sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose, 464 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 465 sKerberosGetAFSToken, sPasswordAuthentication, 466 sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, 467 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 468 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 469 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 470 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 471 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 472 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, sModuliFile, 473 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms, 474 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 475 sBanner, sUseDNS, sHostbasedAuthentication, 476 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms, 477 sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize, 478 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 479 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 480 sAcceptEnv, sSetEnv, sPermitTunnel, 481 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 482 sUsePrivilegeSeparation, sAllowAgentForwarding, 483 sHostCertificate, sInclude, 484 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 485 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 486 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, 487 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 488 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 489 sStreamLocalBindMask, sStreamLocalBindUnlink, 490 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 491 sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, 492 sDeprecated, sIgnore, sUnsupported 493 } ServerOpCodes; 494 495 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */ 496 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 497 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 498 #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ 499 #define SSHCFG_MATCH_ONLY 0x08 /* Match only in conditional blocks; internal only */ 500 501 /* Textual representation of the tokens. */ 502 static struct { 503 const char *name; 504 ServerOpCodes opcode; 505 u_int flags; 506 } keywords[] = { 507 { "port", sPort, SSHCFG_GLOBAL }, 508 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 509 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 510 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 511 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 512 { "modulifile", sModuliFile, SSHCFG_GLOBAL }, 513 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 514 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 515 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 516 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 517 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 518 { "loglevel", sLogLevel, SSHCFG_ALL }, 519 { "logverbose", sLogVerbose, SSHCFG_ALL }, 520 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 521 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 522 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 523 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 524 { "hostbasedacceptedalgorithms", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, 525 { "hostbasedacceptedkeytypes", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */ 526 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 527 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 528 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 529 { "pubkeyacceptedalgorithms", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, 530 { "pubkeyacceptedkeytypes", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */ 531 { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL }, 532 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 533 #ifdef KRB5 534 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 535 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 536 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 537 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 538 #else 539 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 540 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 541 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 542 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 543 #endif 544 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 545 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 546 #ifdef GSSAPI 547 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 548 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 549 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 550 #else 551 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 552 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 553 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 554 #endif 555 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 556 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 557 { "challengeresponseauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */ 558 { "skeyauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */ 559 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 560 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 561 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 562 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 563 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 564 { "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL }, 565 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 566 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 567 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 568 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 569 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 570 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 571 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 572 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 573 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 574 { "compression", sCompression, SSHCFG_GLOBAL }, 575 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 576 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 577 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 578 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 579 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 580 { "allowusers", sAllowUsers, SSHCFG_ALL }, 581 { "denyusers", sDenyUsers, SSHCFG_ALL }, 582 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 583 { "denygroups", sDenyGroups, SSHCFG_ALL }, 584 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 585 { "macs", sMacs, SSHCFG_GLOBAL }, 586 { "protocol", sIgnore, SSHCFG_GLOBAL }, 587 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 588 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 589 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 590 { "persourcemaxstartups", sPerSourceMaxStartups, SSHCFG_GLOBAL }, 591 { "persourcenetblocksize", sPerSourceNetBlockSize, SSHCFG_GLOBAL }, 592 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 593 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 594 { "banner", sBanner, SSHCFG_ALL }, 595 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 596 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 597 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 598 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 599 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 600 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 601 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 602 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, 603 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 604 { "setenv", sSetEnv, SSHCFG_ALL }, 605 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 606 { "permittty", sPermitTTY, SSHCFG_ALL }, 607 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 608 { "match", sMatch, SSHCFG_ALL }, 609 { "permitopen", sPermitOpen, SSHCFG_ALL }, 610 { "permitlisten", sPermitListen, SSHCFG_ALL }, 611 { "forcecommand", sForceCommand, SSHCFG_ALL }, 612 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 613 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 614 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 615 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 616 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 617 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 618 { "include", sInclude, SSHCFG_ALL }, 619 { "ipqos", sIPQoS, SSHCFG_ALL }, 620 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 621 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 622 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 623 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 624 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 625 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 626 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 627 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 628 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 629 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 630 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 631 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, 632 { "rdomain", sRDomain, SSHCFG_ALL }, 633 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, 634 { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, 635 { NULL, sBadOption, 0 } 636 }; 637 638 static struct { 639 int val; 640 char *text; 641 } tunmode_desc[] = { 642 { SSH_TUNMODE_NO, "no" }, 643 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 644 { SSH_TUNMODE_ETHERNET, "ethernet" }, 645 { SSH_TUNMODE_YES, "yes" }, 646 { -1, NULL } 647 }; 648 649 /* Returns an opcode name from its number */ 650 651 static const char * 652 lookup_opcode_name(ServerOpCodes code) 653 { 654 u_int i; 655 656 for (i = 0; keywords[i].name != NULL; i++) 657 if (keywords[i].opcode == code) 658 return(keywords[i].name); 659 return "UNKNOWN"; 660 } 661 662 663 /* 664 * Returns the number of the token pointed to by cp or sBadOption. 665 */ 666 667 static ServerOpCodes 668 parse_token(const char *cp, const char *filename, 669 int linenum, u_int *flags) 670 { 671 u_int i; 672 673 for (i = 0; keywords[i].name; i++) 674 if (strcasecmp(cp, keywords[i].name) == 0) { 675 *flags = keywords[i].flags; 676 return keywords[i].opcode; 677 } 678 679 error("%s: line %d: Bad configuration option: %s", 680 filename, linenum, cp); 681 return sBadOption; 682 } 683 684 char * 685 derelativise_path(const char *path) 686 { 687 char *expanded, *ret, cwd[PATH_MAX]; 688 689 if (strcasecmp(path, "none") == 0) 690 return xstrdup("none"); 691 expanded = tilde_expand_filename(path, getuid()); 692 if (path_absolute(expanded)) 693 return expanded; 694 if (getcwd(cwd, sizeof(cwd)) == NULL) 695 fatal_f("getcwd: %s", strerror(errno)); 696 xasprintf(&ret, "%s/%s", cwd, expanded); 697 free(expanded); 698 return ret; 699 } 700 701 static void 702 add_listen_addr(ServerOptions *options, const char *addr, 703 const char *rdomain, int port) 704 { 705 u_int i; 706 707 if (port > 0) 708 add_one_listen_addr(options, addr, rdomain, port); 709 else { 710 for (i = 0; i < options->num_ports; i++) { 711 add_one_listen_addr(options, addr, rdomain, 712 options->ports[i]); 713 } 714 } 715 } 716 717 static void 718 add_one_listen_addr(ServerOptions *options, const char *addr, 719 const char *rdomain, int port) 720 { 721 struct addrinfo hints, *ai, *aitop; 722 char strport[NI_MAXSERV]; 723 int gaierr; 724 u_int i; 725 726 /* Find listen_addrs entry for this rdomain */ 727 for (i = 0; i < options->num_listen_addrs; i++) { 728 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL) 729 break; 730 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL) 731 continue; 732 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0) 733 break; 734 } 735 if (i >= options->num_listen_addrs) { 736 /* No entry for this rdomain; allocate one */ 737 if (i >= INT_MAX) 738 fatal_f("too many listen addresses"); 739 options->listen_addrs = xrecallocarray(options->listen_addrs, 740 options->num_listen_addrs, options->num_listen_addrs + 1, 741 sizeof(*options->listen_addrs)); 742 i = options->num_listen_addrs++; 743 if (rdomain != NULL) 744 options->listen_addrs[i].rdomain = xstrdup(rdomain); 745 } 746 /* options->listen_addrs[i] points to the addresses for this rdomain */ 747 748 memset(&hints, 0, sizeof(hints)); 749 hints.ai_family = options->address_family; 750 hints.ai_socktype = SOCK_STREAM; 751 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 752 snprintf(strport, sizeof strport, "%d", port); 753 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 754 fatal("bad addr or host: %s (%s)", 755 addr ? addr : "<NULL>", 756 ssh_gai_strerror(gaierr)); 757 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 758 ; 759 ai->ai_next = options->listen_addrs[i].addrs; 760 options->listen_addrs[i].addrs = aitop; 761 } 762 763 /* Returns nonzero if the routing domain name is valid */ 764 static int 765 valid_rdomain(const char *name) 766 { 767 const char *errstr; 768 long long num; 769 struct rt_tableinfo info; 770 int mib[6]; 771 size_t miblen = sizeof(mib); 772 773 if (name == NULL) 774 return 1; 775 776 num = strtonum(name, 0, 255, &errstr); 777 if (errstr != NULL) 778 return 0; 779 780 /* Check whether the table actually exists */ 781 memset(mib, 0, sizeof(mib)); 782 mib[0] = CTL_NET; 783 mib[1] = PF_ROUTE; 784 mib[4] = NET_RT_TABLE; 785 mib[5] = (int)num; 786 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1) 787 return 0; 788 789 return 1; 790 } 791 792 /* 793 * Queue a ListenAddress to be processed once we have all of the Ports 794 * and AddressFamily options. 795 */ 796 static void 797 queue_listen_addr(ServerOptions *options, const char *addr, 798 const char *rdomain, int port) 799 { 800 struct queued_listenaddr *qla; 801 802 options->queued_listen_addrs = xrecallocarray( 803 options->queued_listen_addrs, 804 options->num_queued_listens, options->num_queued_listens + 1, 805 sizeof(*options->queued_listen_addrs)); 806 qla = &options->queued_listen_addrs[options->num_queued_listens++]; 807 qla->addr = xstrdup(addr); 808 qla->port = port; 809 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain); 810 } 811 812 /* 813 * Process queued (text) ListenAddress entries. 814 */ 815 static void 816 process_queued_listen_addrs(ServerOptions *options) 817 { 818 u_int i; 819 struct queued_listenaddr *qla; 820 821 if (options->num_ports == 0) 822 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 823 if (options->address_family == -1) 824 options->address_family = AF_UNSPEC; 825 826 for (i = 0; i < options->num_queued_listens; i++) { 827 qla = &options->queued_listen_addrs[i]; 828 add_listen_addr(options, qla->addr, qla->rdomain, qla->port); 829 free(qla->addr); 830 free(qla->rdomain); 831 } 832 free(options->queued_listen_addrs); 833 options->queued_listen_addrs = NULL; 834 options->num_queued_listens = 0; 835 } 836 837 /* 838 * Inform channels layer of permitopen options for a single forwarding 839 * direction (local/remote). 840 */ 841 static void 842 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, 843 char **opens, u_int num_opens) 844 { 845 u_int i; 846 int port; 847 char *host, *arg, *oarg; 848 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE; 849 const char *what = lookup_opcode_name(opcode); 850 851 channel_clear_permission(ssh, FORWARD_ADM, where); 852 if (num_opens == 0) 853 return; /* permit any */ 854 855 /* handle keywords: "any" / "none" */ 856 if (num_opens == 1 && strcmp(opens[0], "any") == 0) 857 return; 858 if (num_opens == 1 && strcmp(opens[0], "none") == 0) { 859 channel_disable_admin(ssh, where); 860 return; 861 } 862 /* Otherwise treat it as a list of permitted host:port */ 863 for (i = 0; i < num_opens; i++) { 864 oarg = arg = xstrdup(opens[i]); 865 host = hpdelim(&arg); 866 if (host == NULL) 867 fatal_f("missing host in %s", what); 868 host = cleanhostname(host); 869 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 870 fatal_f("bad port number in %s", what); 871 /* Send it to channels layer */ 872 channel_add_permission(ssh, FORWARD_ADM, 873 where, host, port); 874 free(oarg); 875 } 876 } 877 878 /* 879 * Inform channels layer of permitopen options from configuration. 880 */ 881 void 882 process_permitopen(struct ssh *ssh, ServerOptions *options) 883 { 884 process_permitopen_list(ssh, sPermitOpen, 885 options->permitted_opens, options->num_permitted_opens); 886 process_permitopen_list(ssh, sPermitListen, 887 options->permitted_listens, 888 options->num_permitted_listens); 889 } 890 891 struct connection_info * 892 get_connection_info(struct ssh *ssh, int populate, int use_dns) 893 { 894 static struct connection_info ci; 895 896 if (ssh == NULL || !populate) 897 return &ci; 898 ci.host = auth_get_canonical_hostname(ssh, use_dns); 899 ci.address = ssh_remote_ipaddr(ssh); 900 ci.laddress = ssh_local_ipaddr(ssh); 901 ci.lport = ssh_local_port(ssh); 902 ci.rdomain = ssh_packet_rdomain_in(ssh); 903 return &ci; 904 } 905 906 /* 907 * The strategy for the Match blocks is that the config file is parsed twice. 908 * 909 * The first time is at startup. activep is initialized to 1 and the 910 * directives in the global context are processed and acted on. Hitting a 911 * Match directive unsets activep and the directives inside the block are 912 * checked for syntax only. 913 * 914 * The second time is after a connection has been established but before 915 * authentication. activep is initialized to 2 and global config directives 916 * are ignored since they have already been processed. If the criteria in a 917 * Match block is met, activep is set and the subsequent directives 918 * processed and actioned until EOF or another Match block unsets it. Any 919 * options set are copied into the main server config. 920 * 921 * Potential additions/improvements: 922 * - Add Match support for pre-kex directives, eg. Ciphers. 923 * 924 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 925 * Match Address 192.168.0.* 926 * Tag trusted 927 * Match Group wheel 928 * Tag trusted 929 * Match Tag trusted 930 * AllowTcpForwarding yes 931 * GatewayPorts clientspecified 932 * [...] 933 * 934 * - Add a PermittedChannelRequests directive 935 * Match Group shell 936 * PermittedChannelRequests session,forwarded-tcpip 937 */ 938 939 static int 940 match_cfg_line_group(const char *grps, int line, const char *user) 941 { 942 int result = 0; 943 struct passwd *pw; 944 945 if (user == NULL) 946 goto out; 947 948 if ((pw = getpwnam(user)) == NULL) { 949 debug("Can't match group at line %d because user %.100s does " 950 "not exist", line, user); 951 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 952 debug("Can't Match group because user %.100s not in any group " 953 "at line %d", user, line); 954 } else if (ga_match_pattern_list(grps) != 1) { 955 debug("user %.100s does not match group list %.100s at line %d", 956 user, grps, line); 957 } else { 958 debug("user %.100s matched group list %.100s at line %d", user, 959 grps, line); 960 result = 1; 961 } 962 out: 963 ga_free(); 964 return result; 965 } 966 967 static void 968 match_test_missing_fatal(const char *criteria, const char *attrib) 969 { 970 fatal("'Match %s' in configuration but '%s' not in connection " 971 "test specification.", criteria, attrib); 972 } 973 974 /* 975 * All of the attributes on a single Match line are ANDed together, so we need 976 * to check every attribute and set the result to zero if any attribute does 977 * not match. 978 */ 979 static int 980 match_cfg_line(char **condition, int line, struct connection_info *ci) 981 { 982 int result = 1, attributes = 0, port; 983 char *arg, *attrib, *cp = *condition; 984 985 if (ci == NULL) 986 debug3("checking syntax for 'Match %s'", cp); 987 else 988 debug3("checking match for '%s' user %s host %s addr %s " 989 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 990 ci->host ? ci->host : "(null)", 991 ci->address ? ci->address : "(null)", 992 ci->laddress ? ci->laddress : "(null)", ci->lport); 993 994 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 995 /* Terminate on comment */ 996 if (*attrib == '#') { 997 cp = NULL; /* mark all arguments consumed */ 998 break; 999 } 1000 arg = NULL; 1001 attributes++; 1002 /* Criterion "all" has no argument and must appear alone */ 1003 if (strcasecmp(attrib, "all") == 0) { 1004 if (attributes > 1 || ((arg = strdelim(&cp)) != NULL && 1005 *arg != '\0' && *arg != '#')) { 1006 error("'all' cannot be combined with other " 1007 "Match attributes"); 1008 return -1; 1009 } 1010 if (arg != NULL && *arg == '#') 1011 cp = NULL; /* mark all arguments consumed */ 1012 *condition = cp; 1013 return 1; 1014 } 1015 /* All other criteria require an argument */ 1016 if ((arg = strdelim(&cp)) == NULL || 1017 *arg == '\0' || *arg == '#') { 1018 error("Missing Match criteria for %s", attrib); 1019 return -1; 1020 } 1021 if (strcasecmp(attrib, "user") == 0) { 1022 if (ci == NULL || (ci->test && ci->user == NULL)) { 1023 result = 0; 1024 continue; 1025 } 1026 if (ci->user == NULL) 1027 match_test_missing_fatal("User", "user"); 1028 if (match_usergroup_pattern_list(ci->user, arg) != 1) 1029 result = 0; 1030 else 1031 debug("user %.100s matched 'User %.100s' at " 1032 "line %d", ci->user, arg, line); 1033 } else if (strcasecmp(attrib, "group") == 0) { 1034 if (ci == NULL || (ci->test && ci->user == NULL)) { 1035 result = 0; 1036 continue; 1037 } 1038 if (ci->user == NULL) 1039 match_test_missing_fatal("Group", "user"); 1040 switch (match_cfg_line_group(arg, line, ci->user)) { 1041 case -1: 1042 return -1; 1043 case 0: 1044 result = 0; 1045 } 1046 } else if (strcasecmp(attrib, "host") == 0) { 1047 if (ci == NULL || (ci->test && ci->host == NULL)) { 1048 result = 0; 1049 continue; 1050 } 1051 if (ci->host == NULL) 1052 match_test_missing_fatal("Host", "host"); 1053 if (match_hostname(ci->host, arg) != 1) 1054 result = 0; 1055 else 1056 debug("connection from %.100s matched 'Host " 1057 "%.100s' at line %d", ci->host, arg, line); 1058 } else if (strcasecmp(attrib, "address") == 0) { 1059 if (ci == NULL || (ci->test && ci->address == NULL)) { 1060 if (addr_match_list(NULL, arg) != 0) 1061 fatal("Invalid Match address argument " 1062 "'%s' at line %d", arg, line); 1063 result = 0; 1064 continue; 1065 } 1066 if (ci->address == NULL) 1067 match_test_missing_fatal("Address", "addr"); 1068 switch (addr_match_list(ci->address, arg)) { 1069 case 1: 1070 debug("connection from %.100s matched 'Address " 1071 "%.100s' at line %d", ci->address, arg, line); 1072 break; 1073 case 0: 1074 case -1: 1075 result = 0; 1076 break; 1077 case -2: 1078 return -1; 1079 } 1080 } else if (strcasecmp(attrib, "localaddress") == 0){ 1081 if (ci == NULL || (ci->test && ci->laddress == NULL)) { 1082 if (addr_match_list(NULL, arg) != 0) 1083 fatal("Invalid Match localaddress " 1084 "argument '%s' at line %d", arg, 1085 line); 1086 result = 0; 1087 continue; 1088 } 1089 if (ci->laddress == NULL) 1090 match_test_missing_fatal("LocalAddress", 1091 "laddr"); 1092 switch (addr_match_list(ci->laddress, arg)) { 1093 case 1: 1094 debug("connection from %.100s matched " 1095 "'LocalAddress %.100s' at line %d", 1096 ci->laddress, arg, line); 1097 break; 1098 case 0: 1099 case -1: 1100 result = 0; 1101 break; 1102 case -2: 1103 return -1; 1104 } 1105 } else if (strcasecmp(attrib, "localport") == 0) { 1106 if ((port = a2port(arg)) == -1) { 1107 error("Invalid LocalPort '%s' on Match line", 1108 arg); 1109 return -1; 1110 } 1111 if (ci == NULL || (ci->test && ci->lport == -1)) { 1112 result = 0; 1113 continue; 1114 } 1115 if (ci->lport == 0) 1116 match_test_missing_fatal("LocalPort", "lport"); 1117 /* TODO support port lists */ 1118 if (port == ci->lport) 1119 debug("connection from %.100s matched " 1120 "'LocalPort %d' at line %d", 1121 ci->laddress, port, line); 1122 else 1123 result = 0; 1124 } else if (strcasecmp(attrib, "rdomain") == 0) { 1125 if (ci == NULL || (ci->test && ci->rdomain == NULL)) { 1126 result = 0; 1127 continue; 1128 } 1129 if (ci->rdomain == NULL) 1130 match_test_missing_fatal("RDomain", "rdomain"); 1131 if (match_pattern_list(ci->rdomain, arg, 0) != 1) 1132 result = 0; 1133 else 1134 debug("user %.100s matched 'RDomain %.100s' at " 1135 "line %d", ci->rdomain, arg, line); 1136 } else { 1137 error("Unsupported Match attribute %s", attrib); 1138 return -1; 1139 } 1140 } 1141 if (attributes == 0) { 1142 error("One or more attributes required for Match"); 1143 return -1; 1144 } 1145 if (ci != NULL) 1146 debug3("match %sfound", result ? "" : "not "); 1147 *condition = cp; 1148 return result; 1149 } 1150 1151 #define WHITESPACE " \t\r\n" 1152 1153 /* Multistate option parsing */ 1154 struct multistate { 1155 char *key; 1156 int value; 1157 }; 1158 static const struct multistate multistate_flag[] = { 1159 { "yes", 1 }, 1160 { "no", 0 }, 1161 { NULL, -1 } 1162 }; 1163 static const struct multistate multistate_ignore_rhosts[] = { 1164 { "yes", IGNORE_RHOSTS_YES }, 1165 { "no", IGNORE_RHOSTS_NO }, 1166 { "shosts-only", IGNORE_RHOSTS_SHOSTS }, 1167 { NULL, -1 } 1168 }; 1169 static const struct multistate multistate_addressfamily[] = { 1170 { "inet", AF_INET }, 1171 { "inet6", AF_INET6 }, 1172 { "any", AF_UNSPEC }, 1173 { NULL, -1 } 1174 }; 1175 static const struct multistate multistate_permitrootlogin[] = { 1176 { "without-password", PERMIT_NO_PASSWD }, 1177 { "prohibit-password", PERMIT_NO_PASSWD }, 1178 { "forced-commands-only", PERMIT_FORCED_ONLY }, 1179 { "yes", PERMIT_YES }, 1180 { "no", PERMIT_NO }, 1181 { NULL, -1 } 1182 }; 1183 static const struct multistate multistate_compression[] = { 1184 #ifdef WITH_ZLIB 1185 { "yes", COMP_DELAYED }, 1186 { "delayed", COMP_DELAYED }, 1187 #endif 1188 { "no", COMP_NONE }, 1189 { NULL, -1 } 1190 }; 1191 static const struct multistate multistate_gatewayports[] = { 1192 { "clientspecified", 2 }, 1193 { "yes", 1 }, 1194 { "no", 0 }, 1195 { NULL, -1 } 1196 }; 1197 static const struct multistate multistate_tcpfwd[] = { 1198 { "yes", FORWARD_ALLOW }, 1199 { "all", FORWARD_ALLOW }, 1200 { "no", FORWARD_DENY }, 1201 { "remote", FORWARD_REMOTE }, 1202 { "local", FORWARD_LOCAL }, 1203 { NULL, -1 } 1204 }; 1205 1206 static int 1207 process_server_config_line_depth(ServerOptions *options, char *line, 1208 const char *filename, int linenum, int *activep, 1209 struct connection_info *connectinfo, int *inc_flags, int depth, 1210 struct include_list *includes) 1211 { 1212 char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword; 1213 int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; 1214 SyslogFacility *log_facility_ptr; 1215 LogLevel *log_level_ptr; 1216 ServerOpCodes opcode; 1217 u_int i, *uintptr, uvalue, flags = 0; 1218 size_t len; 1219 long long val64; 1220 const struct multistate *multistate_ptr; 1221 const char *errstr; 1222 struct include_item *item; 1223 glob_t gbuf; 1224 char **oav = NULL, **av; 1225 int oac = 0, ac; 1226 int ret = -1; 1227 1228 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 1229 if ((len = strlen(line)) == 0) 1230 return 0; 1231 for (len--; len > 0; len--) { 1232 if (strchr(WHITESPACE "\f", line[len]) == NULL) 1233 break; 1234 line[len] = '\0'; 1235 } 1236 1237 str = line; 1238 if ((keyword = strdelim(&str)) == NULL) 1239 return 0; 1240 /* Ignore leading whitespace */ 1241 if (*keyword == '\0') 1242 keyword = strdelim(&str); 1243 if (!keyword || !*keyword || *keyword == '#') 1244 return 0; 1245 if (str == NULL || *str == '\0') { 1246 error("%s line %d: no argument after keyword \"%s\"", 1247 filename, linenum, keyword); 1248 return -1; 1249 } 1250 intptr = NULL; 1251 charptr = NULL; 1252 opcode = parse_token(keyword, filename, linenum, &flags); 1253 1254 if (argv_split(str, &oac, &oav, 1) != 0) { 1255 error("%s line %d: invalid quotes", filename, linenum); 1256 return -1; 1257 } 1258 ac = oac; 1259 av = oav; 1260 1261 if (activep == NULL) { /* We are processing a command line directive */ 1262 cmdline = 1; 1263 activep = &cmdline; 1264 } 1265 if (*activep && opcode != sMatch && opcode != sInclude) 1266 debug3("%s:%d setting %s %s", filename, linenum, keyword, str); 1267 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1268 if (connectinfo == NULL) { 1269 fatal("%s line %d: Directive '%s' is not allowed " 1270 "within a Match block", filename, linenum, keyword); 1271 } else { /* this is a directive we have already processed */ 1272 ret = 0; 1273 goto out; 1274 } 1275 } 1276 1277 switch (opcode) { 1278 case sBadOption: 1279 goto out; 1280 case sPort: 1281 /* ignore ports from configfile if cmdline specifies ports */ 1282 if (options->ports_from_cmdline) { 1283 argv_consume(&ac); 1284 break; 1285 } 1286 if (options->num_ports >= MAX_PORTS) 1287 fatal("%s line %d: too many ports.", 1288 filename, linenum); 1289 arg = argv_next(&ac, &av); 1290 if (!arg || *arg == '\0') 1291 fatal("%s line %d: missing port number.", 1292 filename, linenum); 1293 options->ports[options->num_ports++] = a2port(arg); 1294 if (options->ports[options->num_ports-1] <= 0) 1295 fatal("%s line %d: Badly formatted port number.", 1296 filename, linenum); 1297 break; 1298 1299 case sLoginGraceTime: 1300 intptr = &options->login_grace_time; 1301 parse_time: 1302 arg = argv_next(&ac, &av); 1303 if (!arg || *arg == '\0') 1304 fatal("%s line %d: missing time value.", 1305 filename, linenum); 1306 if ((value = convtime(arg)) == -1) 1307 fatal("%s line %d: invalid time value.", 1308 filename, linenum); 1309 if (*activep && *intptr == -1) 1310 *intptr = value; 1311 break; 1312 1313 case sListenAddress: 1314 arg = argv_next(&ac, &av); 1315 if (arg == NULL || *arg == '\0') 1316 fatal("%s line %d: missing address", 1317 filename, linenum); 1318 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1319 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1320 && strchr(p+1, ':') != NULL) { 1321 port = 0; 1322 p = arg; 1323 } else { 1324 arg2 = NULL; 1325 p = hpdelim(&arg); 1326 if (p == NULL) 1327 fatal("%s line %d: bad address:port usage", 1328 filename, linenum); 1329 p = cleanhostname(p); 1330 if (arg == NULL) 1331 port = 0; 1332 else if ((port = a2port(arg)) <= 0) 1333 fatal("%s line %d: bad port number", 1334 filename, linenum); 1335 } 1336 /* Optional routing table */ 1337 arg2 = NULL; 1338 if ((arg = argv_next(&ac, &av)) != NULL) { 1339 if (strcmp(arg, "rdomain") != 0 || 1340 (arg2 = argv_next(&ac, &av)) == NULL) 1341 fatal("%s line %d: bad ListenAddress syntax", 1342 filename, linenum); 1343 if (!valid_rdomain(arg2)) 1344 fatal("%s line %d: bad routing domain", 1345 filename, linenum); 1346 } 1347 queue_listen_addr(options, p, arg2, port); 1348 1349 break; 1350 1351 case sAddressFamily: 1352 intptr = &options->address_family; 1353 multistate_ptr = multistate_addressfamily; 1354 parse_multistate: 1355 arg = argv_next(&ac, &av); 1356 if (!arg || *arg == '\0') 1357 fatal("%s line %d: missing argument.", 1358 filename, linenum); 1359 value = -1; 1360 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1361 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1362 value = multistate_ptr[i].value; 1363 break; 1364 } 1365 } 1366 if (value == -1) 1367 fatal("%s line %d: unsupported option \"%s\".", 1368 filename, linenum, arg); 1369 if (*activep && *intptr == -1) 1370 *intptr = value; 1371 break; 1372 1373 case sHostKeyFile: 1374 arg = argv_next(&ac, &av); 1375 if (!arg || *arg == '\0') 1376 fatal("%s line %d: missing file name.", 1377 filename, linenum); 1378 if (*activep) { 1379 servconf_add_hostkey(filename, linenum, 1380 options, arg, 1); 1381 } 1382 break; 1383 1384 case sHostKeyAgent: 1385 charptr = &options->host_key_agent; 1386 arg = argv_next(&ac, &av); 1387 if (!arg || *arg == '\0') 1388 fatal("%s line %d: missing socket name.", 1389 filename, linenum); 1390 if (*activep && *charptr == NULL) 1391 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1392 xstrdup(arg) : derelativise_path(arg); 1393 break; 1394 1395 case sHostCertificate: 1396 arg = argv_next(&ac, &av); 1397 if (!arg || *arg == '\0') 1398 fatal("%s line %d: missing file name.", 1399 filename, linenum); 1400 if (*activep) 1401 servconf_add_hostcert(filename, linenum, options, arg); 1402 break; 1403 1404 case sPidFile: 1405 charptr = &options->pid_file; 1406 parse_filename: 1407 arg = argv_next(&ac, &av); 1408 if (!arg || *arg == '\0') 1409 fatal("%s line %d: missing file name.", 1410 filename, linenum); 1411 if (*activep && *charptr == NULL) { 1412 *charptr = derelativise_path(arg); 1413 /* increase optional counter */ 1414 if (intptr != NULL) 1415 *intptr = *intptr + 1; 1416 } 1417 break; 1418 1419 case sModuliFile: 1420 charptr = &options->moduli_file; 1421 goto parse_filename; 1422 1423 case sPermitRootLogin: 1424 intptr = &options->permit_root_login; 1425 multistate_ptr = multistate_permitrootlogin; 1426 goto parse_multistate; 1427 1428 case sIgnoreRhosts: 1429 intptr = &options->ignore_rhosts; 1430 multistate_ptr = multistate_ignore_rhosts; 1431 goto parse_multistate; 1432 1433 case sIgnoreUserKnownHosts: 1434 intptr = &options->ignore_user_known_hosts; 1435 parse_flag: 1436 multistate_ptr = multistate_flag; 1437 goto parse_multistate; 1438 1439 case sHostbasedAuthentication: 1440 intptr = &options->hostbased_authentication; 1441 goto parse_flag; 1442 1443 case sHostbasedUsesNameFromPacketOnly: 1444 intptr = &options->hostbased_uses_name_from_packet_only; 1445 goto parse_flag; 1446 1447 case sHostbasedAcceptedAlgorithms: 1448 charptr = &options->hostbased_accepted_algos; 1449 parse_pubkey_algos: 1450 arg = argv_next(&ac, &av); 1451 if (!arg || *arg == '\0') 1452 fatal("%s line %d: Missing argument.", 1453 filename, linenum); 1454 if (*arg != '-' && 1455 !sshkey_names_valid2(*arg == '+' || *arg == '^' ? 1456 arg + 1 : arg, 1)) 1457 fatal("%s line %d: Bad key types '%s'.", 1458 filename, linenum, arg ? arg : "<NONE>"); 1459 if (*activep && *charptr == NULL) 1460 *charptr = xstrdup(arg); 1461 break; 1462 1463 case sHostKeyAlgorithms: 1464 charptr = &options->hostkeyalgorithms; 1465 goto parse_pubkey_algos; 1466 1467 case sCASignatureAlgorithms: 1468 charptr = &options->ca_sign_algorithms; 1469 goto parse_pubkey_algos; 1470 1471 case sPubkeyAuthentication: 1472 intptr = &options->pubkey_authentication; 1473 goto parse_flag; 1474 1475 case sPubkeyAcceptedAlgorithms: 1476 charptr = &options->pubkey_accepted_algos; 1477 goto parse_pubkey_algos; 1478 1479 case sPubkeyAuthOptions: 1480 intptr = &options->pubkey_auth_options; 1481 value = 0; 1482 while ((arg = argv_next(&ac, &av)) != NULL) { 1483 if (strcasecmp(arg, "none") == 0) 1484 continue; 1485 if (strcasecmp(arg, "touch-required") == 0) 1486 value |= PUBKEYAUTH_TOUCH_REQUIRED; 1487 else if (strcasecmp(arg, "verify-required") == 0) 1488 value |= PUBKEYAUTH_VERIFY_REQUIRED; 1489 else { 1490 error("%s line %d: unsupported %s option %s", 1491 filename, linenum, keyword, arg); 1492 goto out; 1493 } 1494 } 1495 if (*activep && *intptr == -1) 1496 *intptr = value; 1497 break; 1498 1499 case sKerberosAuthentication: 1500 intptr = &options->kerberos_authentication; 1501 goto parse_flag; 1502 1503 case sKerberosOrLocalPasswd: 1504 intptr = &options->kerberos_or_local_passwd; 1505 goto parse_flag; 1506 1507 case sKerberosTicketCleanup: 1508 intptr = &options->kerberos_ticket_cleanup; 1509 goto parse_flag; 1510 1511 case sKerberosGetAFSToken: 1512 intptr = &options->kerberos_get_afs_token; 1513 goto parse_flag; 1514 1515 case sGssAuthentication: 1516 intptr = &options->gss_authentication; 1517 goto parse_flag; 1518 1519 case sGssCleanupCreds: 1520 intptr = &options->gss_cleanup_creds; 1521 goto parse_flag; 1522 1523 case sGssStrictAcceptor: 1524 intptr = &options->gss_strict_acceptor; 1525 goto parse_flag; 1526 1527 case sPasswordAuthentication: 1528 intptr = &options->password_authentication; 1529 goto parse_flag; 1530 1531 case sKbdInteractiveAuthentication: 1532 intptr = &options->kbd_interactive_authentication; 1533 goto parse_flag; 1534 1535 case sPrintMotd: 1536 intptr = &options->print_motd; 1537 goto parse_flag; 1538 1539 case sPrintLastLog: 1540 intptr = &options->print_lastlog; 1541 goto parse_flag; 1542 1543 case sX11Forwarding: 1544 intptr = &options->x11_forwarding; 1545 goto parse_flag; 1546 1547 case sX11DisplayOffset: 1548 intptr = &options->x11_display_offset; 1549 parse_int: 1550 arg = argv_next(&ac, &av); 1551 if ((errstr = atoi_err(arg, &value)) != NULL) 1552 fatal("%s line %d: %s integer value %s.", 1553 filename, linenum, keyword, errstr); 1554 if (*activep && *intptr == -1) 1555 *intptr = value; 1556 break; 1557 1558 case sX11UseLocalhost: 1559 intptr = &options->x11_use_localhost; 1560 goto parse_flag; 1561 1562 case sXAuthLocation: 1563 charptr = &options->xauth_location; 1564 goto parse_filename; 1565 1566 case sPermitTTY: 1567 intptr = &options->permit_tty; 1568 goto parse_flag; 1569 1570 case sPermitUserRC: 1571 intptr = &options->permit_user_rc; 1572 goto parse_flag; 1573 1574 case sStrictModes: 1575 intptr = &options->strict_modes; 1576 goto parse_flag; 1577 1578 case sTCPKeepAlive: 1579 intptr = &options->tcp_keep_alive; 1580 goto parse_flag; 1581 1582 case sEmptyPasswd: 1583 intptr = &options->permit_empty_passwd; 1584 goto parse_flag; 1585 1586 case sPermitUserEnvironment: 1587 intptr = &options->permit_user_env; 1588 charptr = &options->permit_user_env_allowlist; 1589 arg = argv_next(&ac, &av); 1590 if (!arg || *arg == '\0') 1591 fatal("%s line %d: %s missing argument.", 1592 filename, linenum, keyword); 1593 value = 0; 1594 p = NULL; 1595 if (strcmp(arg, "yes") == 0) 1596 value = 1; 1597 else if (strcmp(arg, "no") == 0) 1598 value = 0; 1599 else { 1600 /* Pattern-list specified */ 1601 value = 1; 1602 p = xstrdup(arg); 1603 } 1604 if (*activep && *intptr == -1) { 1605 *intptr = value; 1606 *charptr = p; 1607 p = NULL; 1608 } 1609 free(p); 1610 break; 1611 1612 case sCompression: 1613 intptr = &options->compression; 1614 multistate_ptr = multistate_compression; 1615 goto parse_multistate; 1616 1617 case sRekeyLimit: 1618 arg = argv_next(&ac, &av); 1619 if (!arg || *arg == '\0') 1620 fatal("%s line %d: %s missing argument.", 1621 filename, linenum, keyword); 1622 if (strcmp(arg, "default") == 0) { 1623 val64 = 0; 1624 } else { 1625 if (scan_scaled(arg, &val64) == -1) 1626 fatal("%.200s line %d: Bad %s number '%s': %s", 1627 filename, linenum, keyword, 1628 arg, strerror(errno)); 1629 if (val64 != 0 && val64 < 16) 1630 fatal("%.200s line %d: %s too small", 1631 filename, linenum, keyword); 1632 } 1633 if (*activep && options->rekey_limit == -1) 1634 options->rekey_limit = val64; 1635 if (ac != 0) { /* optional rekey interval present */ 1636 if (strcmp(av[0], "none") == 0) { 1637 (void)argv_next(&ac, &av); /* discard */ 1638 break; 1639 } 1640 intptr = &options->rekey_interval; 1641 goto parse_time; 1642 } 1643 break; 1644 1645 case sGatewayPorts: 1646 intptr = &options->fwd_opts.gateway_ports; 1647 multistate_ptr = multistate_gatewayports; 1648 goto parse_multistate; 1649 1650 case sUseDNS: 1651 intptr = &options->use_dns; 1652 goto parse_flag; 1653 1654 case sLogFacility: 1655 log_facility_ptr = &options->log_facility; 1656 arg = argv_next(&ac, &av); 1657 value = log_facility_number(arg); 1658 if (value == SYSLOG_FACILITY_NOT_SET) 1659 fatal("%.200s line %d: unsupported log facility '%s'", 1660 filename, linenum, arg ? arg : "<NONE>"); 1661 if (*log_facility_ptr == -1) 1662 *log_facility_ptr = (SyslogFacility) value; 1663 break; 1664 1665 case sLogLevel: 1666 log_level_ptr = &options->log_level; 1667 arg = argv_next(&ac, &av); 1668 value = log_level_number(arg); 1669 if (value == SYSLOG_LEVEL_NOT_SET) 1670 fatal("%.200s line %d: unsupported log level '%s'", 1671 filename, linenum, arg ? arg : "<NONE>"); 1672 if (*activep && *log_level_ptr == -1) 1673 *log_level_ptr = (LogLevel) value; 1674 break; 1675 1676 case sLogVerbose: 1677 found = options->num_log_verbose == 0; 1678 i = 0; 1679 while ((arg = argv_next(&ac, &av)) != NULL) { 1680 if (*arg == '\0') { 1681 error("%s line %d: keyword %s empty argument", 1682 filename, linenum, keyword); 1683 goto out; 1684 } 1685 /* Allow "none" only in first position */ 1686 if (strcasecmp(arg, "none") == 0) { 1687 if (i > 0 || ac > 0) { 1688 error("%s line %d: keyword %s \"none\" " 1689 "argument must appear alone.", 1690 filename, linenum, keyword); 1691 goto out; 1692 } 1693 } 1694 i++; 1695 if (!found || !*activep) 1696 continue; 1697 opt_array_append(filename, linenum, keyword, 1698 &options->log_verbose, &options->num_log_verbose, 1699 arg); 1700 } 1701 break; 1702 1703 case sAllowTcpForwarding: 1704 intptr = &options->allow_tcp_forwarding; 1705 multistate_ptr = multistate_tcpfwd; 1706 goto parse_multistate; 1707 1708 case sAllowStreamLocalForwarding: 1709 intptr = &options->allow_streamlocal_forwarding; 1710 multistate_ptr = multistate_tcpfwd; 1711 goto parse_multistate; 1712 1713 case sAllowAgentForwarding: 1714 intptr = &options->allow_agent_forwarding; 1715 goto parse_flag; 1716 1717 case sDisableForwarding: 1718 intptr = &options->disable_forwarding; 1719 goto parse_flag; 1720 1721 case sAllowUsers: 1722 chararrayptr = &options->allow_users; 1723 uintptr = &options->num_allow_users; 1724 parse_allowdenyusers: 1725 while ((arg = argv_next(&ac, &av)) != NULL) { 1726 if (*arg == '\0' || 1727 match_user(NULL, NULL, NULL, arg) == -1) 1728 fatal("%s line %d: invalid %s pattern: \"%s\"", 1729 filename, linenum, keyword, arg); 1730 if (!*activep) 1731 continue; 1732 opt_array_append(filename, linenum, keyword, 1733 chararrayptr, uintptr, arg); 1734 } 1735 break; 1736 1737 case sDenyUsers: 1738 chararrayptr = &options->deny_users; 1739 uintptr = &options->num_deny_users; 1740 goto parse_allowdenyusers; 1741 1742 case sAllowGroups: 1743 chararrayptr = &options->allow_groups; 1744 uintptr = &options->num_allow_groups; 1745 parse_allowdenygroups: 1746 while ((arg = argv_next(&ac, &av)) != NULL) { 1747 if (*arg == '\0') 1748 fatal("%s line %d: empty %s pattern", 1749 filename, linenum, keyword); 1750 if (!*activep) 1751 continue; 1752 opt_array_append(filename, linenum, keyword, 1753 chararrayptr, uintptr, arg); 1754 } 1755 break; 1756 1757 case sDenyGroups: 1758 chararrayptr = &options->deny_groups; 1759 uintptr = &options->num_deny_groups; 1760 goto parse_allowdenygroups; 1761 1762 case sCiphers: 1763 arg = argv_next(&ac, &av); 1764 if (!arg || *arg == '\0') 1765 fatal("%s line %d: %s missing argument.", 1766 filename, linenum, keyword); 1767 if (*arg != '-' && 1768 !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1769 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1770 filename, linenum, arg ? arg : "<NONE>"); 1771 if (options->ciphers == NULL) 1772 options->ciphers = xstrdup(arg); 1773 break; 1774 1775 case sMacs: 1776 arg = argv_next(&ac, &av); 1777 if (!arg || *arg == '\0') 1778 fatal("%s line %d: %s missing argument.", 1779 filename, linenum, keyword); 1780 if (*arg != '-' && 1781 !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1782 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1783 filename, linenum, arg ? arg : "<NONE>"); 1784 if (options->macs == NULL) 1785 options->macs = xstrdup(arg); 1786 break; 1787 1788 case sKexAlgorithms: 1789 arg = argv_next(&ac, &av); 1790 if (!arg || *arg == '\0') 1791 fatal("%s line %d: %s missing argument.", 1792 filename, linenum, keyword); 1793 if (*arg != '-' && 1794 !kex_names_valid(*arg == '+' || *arg == '^' ? 1795 arg + 1 : arg)) 1796 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1797 filename, linenum, arg ? arg : "<NONE>"); 1798 if (options->kex_algorithms == NULL) 1799 options->kex_algorithms = xstrdup(arg); 1800 break; 1801 1802 case sSubsystem: 1803 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1804 fatal("%s line %d: too many subsystems defined.", 1805 filename, linenum); 1806 } 1807 arg = argv_next(&ac, &av); 1808 if (!arg || *arg == '\0') 1809 fatal("%s line %d: %s missing argument.", 1810 filename, linenum, keyword); 1811 if (!*activep) { 1812 arg = argv_next(&ac, &av); 1813 break; 1814 } 1815 for (i = 0; i < options->num_subsystems; i++) 1816 if (strcmp(arg, options->subsystem_name[i]) == 0) 1817 fatal("%s line %d: Subsystem '%s' " 1818 "already defined.", filename, linenum, arg); 1819 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1820 arg = argv_next(&ac, &av); 1821 if (!arg || *arg == '\0') 1822 fatal("%s line %d: Missing subsystem command.", 1823 filename, linenum); 1824 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1825 1826 /* Collect arguments (separate to executable) */ 1827 p = xstrdup(arg); 1828 len = strlen(p) + 1; 1829 while ((arg = argv_next(&ac, &av)) != NULL) { 1830 len += 1 + strlen(arg); 1831 p = xreallocarray(p, 1, len); 1832 strlcat(p, " ", len); 1833 strlcat(p, arg, len); 1834 } 1835 options->subsystem_args[options->num_subsystems] = p; 1836 options->num_subsystems++; 1837 break; 1838 1839 case sMaxStartups: 1840 arg = argv_next(&ac, &av); 1841 if (!arg || *arg == '\0') 1842 fatal("%s line %d: %s missing argument.", 1843 filename, linenum, keyword); 1844 if ((n = sscanf(arg, "%d:%d:%d", 1845 &options->max_startups_begin, 1846 &options->max_startups_rate, 1847 &options->max_startups)) == 3) { 1848 if (options->max_startups_begin > 1849 options->max_startups || 1850 options->max_startups_rate > 100 || 1851 options->max_startups_rate < 1) 1852 fatal("%s line %d: Invalid %s spec.", 1853 filename, linenum, keyword); 1854 } else if (n != 1) 1855 fatal("%s line %d: Invalid %s spec.", 1856 filename, linenum, keyword); 1857 else 1858 options->max_startups = options->max_startups_begin; 1859 break; 1860 1861 case sPerSourceNetBlockSize: 1862 arg = argv_next(&ac, &av); 1863 if (!arg || *arg == '\0') 1864 fatal("%s line %d: %s missing argument.", 1865 filename, linenum, keyword); 1866 switch (n = sscanf(arg, "%d:%d", &value, &value2)) { 1867 case 2: 1868 if (value2 < 0 || value2 > 128) 1869 n = -1; 1870 /* FALLTHROUGH */ 1871 case 1: 1872 if (value < 0 || value > 32) 1873 n = -1; 1874 } 1875 if (n != 1 && n != 2) 1876 fatal("%s line %d: Invalid %s spec.", 1877 filename, linenum, keyword); 1878 if (*activep) { 1879 options->per_source_masklen_ipv4 = value; 1880 options->per_source_masklen_ipv6 = value2; 1881 } 1882 break; 1883 1884 case sPerSourceMaxStartups: 1885 arg = argv_next(&ac, &av); 1886 if (!arg || *arg == '\0') 1887 fatal("%s line %d: %s missing argument.", 1888 filename, linenum, keyword); 1889 if (strcmp(arg, "none") == 0) { /* no limit */ 1890 value = INT_MAX; 1891 } else { 1892 if ((errstr = atoi_err(arg, &value)) != NULL) 1893 fatal("%s line %d: %s integer value %s.", 1894 filename, linenum, keyword, errstr); 1895 } 1896 if (*activep) 1897 options->per_source_max_startups = value; 1898 break; 1899 1900 case sMaxAuthTries: 1901 intptr = &options->max_authtries; 1902 goto parse_int; 1903 1904 case sMaxSessions: 1905 intptr = &options->max_sessions; 1906 goto parse_int; 1907 1908 case sBanner: 1909 charptr = &options->banner; 1910 goto parse_filename; 1911 1912 /* 1913 * These options can contain %X options expanded at 1914 * connect time, so that you can specify paths like: 1915 * 1916 * AuthorizedKeysFile /etc/ssh_keys/%u 1917 */ 1918 case sAuthorizedKeysFile: 1919 uvalue = options->num_authkeys_files; 1920 while ((arg = argv_next(&ac, &av)) != NULL) { 1921 if (*arg == '\0') { 1922 error("%s line %d: keyword %s empty argument", 1923 filename, linenum, keyword); 1924 goto out; 1925 } 1926 arg2 = tilde_expand_filename(arg, getuid()); 1927 if (*activep && uvalue == 0) { 1928 opt_array_append(filename, linenum, keyword, 1929 &options->authorized_keys_files, 1930 &options->num_authkeys_files, arg2); 1931 } 1932 free(arg2); 1933 } 1934 break; 1935 1936 case sAuthorizedPrincipalsFile: 1937 charptr = &options->authorized_principals_file; 1938 arg = argv_next(&ac, &av); 1939 if (!arg || *arg == '\0') 1940 fatal("%s line %d: %s missing argument.", 1941 filename, linenum, keyword); 1942 if (*activep && *charptr == NULL) { 1943 *charptr = tilde_expand_filename(arg, getuid()); 1944 /* increase optional counter */ 1945 if (intptr != NULL) 1946 *intptr = *intptr + 1; 1947 } 1948 break; 1949 1950 case sClientAliveInterval: 1951 intptr = &options->client_alive_interval; 1952 goto parse_time; 1953 1954 case sClientAliveCountMax: 1955 intptr = &options->client_alive_count_max; 1956 goto parse_int; 1957 1958 case sAcceptEnv: 1959 while ((arg = argv_next(&ac, &av)) != NULL) { 1960 if (*arg == '\0' || strchr(arg, '=') != NULL) 1961 fatal("%s line %d: Invalid environment name.", 1962 filename, linenum); 1963 if (!*activep) 1964 continue; 1965 opt_array_append(filename, linenum, keyword, 1966 &options->accept_env, &options->num_accept_env, 1967 arg); 1968 } 1969 break; 1970 1971 case sSetEnv: 1972 uvalue = options->num_setenv; 1973 while ((arg = argv_next(&ac, &av)) != NULL) { 1974 if (*arg == '\0' || strchr(arg, '=') == NULL) 1975 fatal("%s line %d: Invalid environment.", 1976 filename, linenum); 1977 if (!*activep || uvalue != 0) 1978 continue; 1979 opt_array_append(filename, linenum, keyword, 1980 &options->setenv, &options->num_setenv, arg); 1981 } 1982 break; 1983 1984 case sPermitTunnel: 1985 intptr = &options->permit_tun; 1986 arg = argv_next(&ac, &av); 1987 if (!arg || *arg == '\0') 1988 fatal("%s line %d: %s missing argument.", 1989 filename, linenum, keyword); 1990 value = -1; 1991 for (i = 0; tunmode_desc[i].val != -1; i++) 1992 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1993 value = tunmode_desc[i].val; 1994 break; 1995 } 1996 if (value == -1) 1997 fatal("%s line %d: bad %s argument %s", 1998 filename, linenum, keyword, arg); 1999 if (*activep && *intptr == -1) 2000 *intptr = value; 2001 break; 2002 2003 case sInclude: 2004 if (cmdline) { 2005 fatal("Include directive not supported as a " 2006 "command-line option"); 2007 } 2008 value = 0; 2009 while ((arg2 = argv_next(&ac, &av)) != NULL) { 2010 if (*arg2 == '\0') { 2011 error("%s line %d: keyword %s empty argument", 2012 filename, linenum, keyword); 2013 goto out; 2014 } 2015 value++; 2016 found = 0; 2017 if (*arg2 != '/' && *arg2 != '~') { 2018 xasprintf(&arg, "%s/%s", SSHDIR, arg2); 2019 } else 2020 arg = xstrdup(arg2); 2021 2022 /* 2023 * Don't let included files clobber the containing 2024 * file's Match state. 2025 */ 2026 oactive = *activep; 2027 2028 /* consult cache of include files */ 2029 TAILQ_FOREACH(item, includes, entry) { 2030 if (strcmp(item->selector, arg) != 0) 2031 continue; 2032 if (item->filename != NULL) { 2033 parse_server_config_depth(options, 2034 item->filename, item->contents, 2035 includes, connectinfo, 2036 (*inc_flags & SSHCFG_MATCH_ONLY 2037 ? SSHCFG_MATCH_ONLY : (oactive 2038 ? 0 : SSHCFG_NEVERMATCH)), 2039 activep, depth + 1); 2040 } 2041 found = 1; 2042 *activep = oactive; 2043 } 2044 if (found != 0) { 2045 free(arg); 2046 continue; 2047 } 2048 2049 /* requested glob was not in cache */ 2050 debug2("%s line %d: new include %s", 2051 filename, linenum, arg); 2052 if ((r = glob(arg, 0, NULL, &gbuf)) != 0) { 2053 if (r != GLOB_NOMATCH) { 2054 fatal("%s line %d: include \"%s\" glob " 2055 "failed", filename, linenum, arg); 2056 } 2057 /* 2058 * If no entry matched then record a 2059 * placeholder to skip later glob calls. 2060 */ 2061 debug2("%s line %d: no match for %s", 2062 filename, linenum, arg); 2063 item = xcalloc(1, sizeof(*item)); 2064 item->selector = strdup(arg); 2065 TAILQ_INSERT_TAIL(includes, 2066 item, entry); 2067 } 2068 if (gbuf.gl_pathc > INT_MAX) 2069 fatal_f("too many glob results"); 2070 for (n = 0; n < (int)gbuf.gl_pathc; n++) { 2071 debug2("%s line %d: including %s", 2072 filename, linenum, gbuf.gl_pathv[n]); 2073 item = xcalloc(1, sizeof(*item)); 2074 item->selector = strdup(arg); 2075 item->filename = strdup(gbuf.gl_pathv[n]); 2076 if ((item->contents = sshbuf_new()) == NULL) 2077 fatal_f("sshbuf_new failed"); 2078 load_server_config(item->filename, 2079 item->contents); 2080 parse_server_config_depth(options, 2081 item->filename, item->contents, 2082 includes, connectinfo, 2083 (*inc_flags & SSHCFG_MATCH_ONLY 2084 ? SSHCFG_MATCH_ONLY : (oactive 2085 ? 0 : SSHCFG_NEVERMATCH)), 2086 activep, depth + 1); 2087 *activep = oactive; 2088 TAILQ_INSERT_TAIL(includes, item, entry); 2089 } 2090 globfree(&gbuf); 2091 free(arg); 2092 } 2093 if (value == 0) { 2094 fatal("%s line %d: %s missing filename argument", 2095 filename, linenum, keyword); 2096 } 2097 break; 2098 2099 case sMatch: 2100 if (cmdline) 2101 fatal("Match directive not supported as a command-line " 2102 "option"); 2103 value = match_cfg_line(&str, linenum, 2104 (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo)); 2105 if (value < 0) 2106 fatal("%s line %d: Bad Match condition", filename, 2107 linenum); 2108 *activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; 2109 /* 2110 * The MATCH_ONLY flag is applicable only until the first 2111 * match block. 2112 */ 2113 *inc_flags &= ~SSHCFG_MATCH_ONLY; 2114 /* 2115 * If match_cfg_line() didn't consume all its arguments then 2116 * arrange for the extra arguments check below to fail. 2117 */ 2118 if (str == NULL || *str == '\0') 2119 argv_consume(&ac); 2120 break; 2121 2122 case sPermitListen: 2123 case sPermitOpen: 2124 if (opcode == sPermitListen) { 2125 uintptr = &options->num_permitted_listens; 2126 chararrayptr = &options->permitted_listens; 2127 } else { 2128 uintptr = &options->num_permitted_opens; 2129 chararrayptr = &options->permitted_opens; 2130 } 2131 arg = argv_next(&ac, &av); 2132 if (!arg || *arg == '\0') 2133 fatal("%s line %d: %s missing argument.", 2134 filename, linenum, keyword); 2135 uvalue = *uintptr; /* modified later */ 2136 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { 2137 if (*activep && uvalue == 0) { 2138 *uintptr = 1; 2139 *chararrayptr = xcalloc(1, 2140 sizeof(**chararrayptr)); 2141 (*chararrayptr)[0] = xstrdup(arg); 2142 } 2143 break; 2144 } 2145 for (; arg != NULL && *arg != '\0'; arg = argv_next(&ac, &av)) { 2146 if (opcode == sPermitListen && 2147 strchr(arg, ':') == NULL) { 2148 /* 2149 * Allow bare port number for PermitListen 2150 * to indicate a wildcard listen host. 2151 */ 2152 xasprintf(&arg2, "*:%s", arg); 2153 } else { 2154 arg2 = xstrdup(arg); 2155 p = hpdelim(&arg); 2156 if (p == NULL) { 2157 fatal("%s line %d: %s missing host", 2158 filename, linenum, keyword); 2159 } 2160 p = cleanhostname(p); 2161 } 2162 if (arg == NULL || 2163 ((port = permitopen_port(arg)) < 0)) { 2164 fatal("%s line %d: %s bad port number", 2165 filename, linenum, keyword); 2166 } 2167 if (*activep && uvalue == 0) { 2168 opt_array_append(filename, linenum, keyword, 2169 chararrayptr, uintptr, arg2); 2170 } 2171 free(arg2); 2172 } 2173 break; 2174 2175 case sForceCommand: 2176 if (str == NULL || *str == '\0') 2177 fatal("%s line %d: %s missing argument.", 2178 filename, linenum, keyword); 2179 len = strspn(str, WHITESPACE); 2180 if (*activep && options->adm_forced_command == NULL) 2181 options->adm_forced_command = xstrdup(str + len); 2182 argv_consume(&ac); 2183 break; 2184 2185 case sChrootDirectory: 2186 charptr = &options->chroot_directory; 2187 2188 arg = argv_next(&ac, &av); 2189 if (!arg || *arg == '\0') 2190 fatal("%s line %d: %s missing argument.", 2191 filename, linenum, keyword); 2192 if (*activep && *charptr == NULL) 2193 *charptr = xstrdup(arg); 2194 break; 2195 2196 case sTrustedUserCAKeys: 2197 charptr = &options->trusted_user_ca_keys; 2198 goto parse_filename; 2199 2200 case sRevokedKeys: 2201 charptr = &options->revoked_keys_file; 2202 goto parse_filename; 2203 2204 case sSecurityKeyProvider: 2205 charptr = &options->sk_provider; 2206 arg = argv_next(&ac, &av); 2207 if (!arg || *arg == '\0') 2208 fatal("%s line %d: %s missing argument.", 2209 filename, linenum, keyword); 2210 if (*activep && *charptr == NULL) { 2211 *charptr = strcasecmp(arg, "internal") == 0 ? 2212 xstrdup(arg) : derelativise_path(arg); 2213 /* increase optional counter */ 2214 if (intptr != NULL) 2215 *intptr = *intptr + 1; 2216 } 2217 break; 2218 2219 case sIPQoS: 2220 arg = argv_next(&ac, &av); 2221 if (!arg || *arg == '\0') 2222 fatal("%s line %d: %s missing argument.", 2223 filename, linenum, keyword); 2224 if ((value = parse_ipqos(arg)) == -1) 2225 fatal("%s line %d: Bad %s value: %s", 2226 filename, linenum, keyword, arg); 2227 arg = argv_next(&ac, &av); 2228 if (arg == NULL) 2229 value2 = value; 2230 else if ((value2 = parse_ipqos(arg)) == -1) 2231 fatal("%s line %d: Bad %s value: %s", 2232 filename, linenum, keyword, arg); 2233 if (*activep) { 2234 options->ip_qos_interactive = value; 2235 options->ip_qos_bulk = value2; 2236 } 2237 break; 2238 2239 case sVersionAddendum: 2240 if (str == NULL || *str == '\0') 2241 fatal("%s line %d: %s missing argument.", 2242 filename, linenum, keyword); 2243 len = strspn(str, WHITESPACE); 2244 if (strchr(str + len, '\r') != NULL) { 2245 fatal("%.200s line %d: Invalid %s argument", 2246 filename, linenum, keyword); 2247 } 2248 if ((arg = strchr(line, '#')) != NULL) { 2249 *arg = '\0'; 2250 rtrim(line); 2251 } 2252 if (*activep && options->version_addendum == NULL) { 2253 if (strcasecmp(str + len, "none") == 0) 2254 options->version_addendum = xstrdup(""); 2255 else 2256 options->version_addendum = xstrdup(str + len); 2257 } 2258 argv_consume(&ac); 2259 break; 2260 2261 case sAuthorizedKeysCommand: 2262 charptr = &options->authorized_keys_command; 2263 parse_command: 2264 len = strspn(str, WHITESPACE); 2265 if (str[len] != '/' && strcasecmp(str + len, "none") != 0) { 2266 fatal("%.200s line %d: %s must be an absolute path", 2267 filename, linenum, keyword); 2268 } 2269 if (*activep && options->authorized_keys_command == NULL) 2270 *charptr = xstrdup(str + len); 2271 argv_consume(&ac); 2272 break; 2273 2274 case sAuthorizedKeysCommandUser: 2275 charptr = &options->authorized_keys_command_user; 2276 parse_localuser: 2277 arg = argv_next(&ac, &av); 2278 if (!arg || *arg == '\0') { 2279 fatal("%s line %d: missing %s argument.", 2280 filename, linenum, keyword); 2281 } 2282 if (*activep && *charptr == NULL) 2283 *charptr = xstrdup(arg); 2284 break; 2285 2286 case sAuthorizedPrincipalsCommand: 2287 charptr = &options->authorized_principals_command; 2288 goto parse_command; 2289 2290 case sAuthorizedPrincipalsCommandUser: 2291 charptr = &options->authorized_principals_command_user; 2292 goto parse_localuser; 2293 2294 case sAuthenticationMethods: 2295 found = options->num_auth_methods == 0; 2296 value = 0; /* seen "any" pseudo-method */ 2297 value2 = 0; /* successfully parsed any method */ 2298 while ((arg = argv_next(&ac, &av)) != NULL) { 2299 if (strcmp(arg, "any") == 0) { 2300 if (options->num_auth_methods > 0) { 2301 fatal("%s line %d: \"any\" must " 2302 "appear alone in %s", 2303 filename, linenum, keyword); 2304 } 2305 value = 1; 2306 } else if (value) { 2307 fatal("%s line %d: \"any\" must appear " 2308 "alone in %s", filename, linenum, keyword); 2309 } else if (auth2_methods_valid(arg, 0) != 0) { 2310 fatal("%s line %d: invalid %s method list.", 2311 filename, linenum, keyword); 2312 } 2313 value2 = 1; 2314 if (!found || !*activep) 2315 continue; 2316 opt_array_append(filename, linenum, keyword, 2317 &options->auth_methods, 2318 &options->num_auth_methods, arg); 2319 } 2320 if (value2 == 0) { 2321 fatal("%s line %d: no %s specified", 2322 filename, linenum, keyword); 2323 } 2324 break; 2325 2326 case sStreamLocalBindMask: 2327 arg = argv_next(&ac, &av); 2328 if (!arg || *arg == '\0') 2329 fatal("%s line %d: %s missing argument.", 2330 filename, linenum, keyword); 2331 /* Parse mode in octal format */ 2332 value = strtol(arg, &p, 8); 2333 if (arg == p || value < 0 || value > 0777) 2334 fatal("%s line %d: Invalid %s.", 2335 filename, linenum, keyword); 2336 if (*activep) 2337 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 2338 break; 2339 2340 case sStreamLocalBindUnlink: 2341 intptr = &options->fwd_opts.streamlocal_bind_unlink; 2342 goto parse_flag; 2343 2344 case sFingerprintHash: 2345 arg = argv_next(&ac, &av); 2346 if (!arg || *arg == '\0') 2347 fatal("%s line %d: %s missing argument.", 2348 filename, linenum, keyword); 2349 if ((value = ssh_digest_alg_by_name(arg)) == -1) 2350 fatal("%.200s line %d: Invalid %s algorithm \"%s\".", 2351 filename, linenum, keyword, arg); 2352 if (*activep) 2353 options->fingerprint_hash = value; 2354 break; 2355 2356 case sExposeAuthInfo: 2357 intptr = &options->expose_userauth_info; 2358 goto parse_flag; 2359 2360 case sRDomain: 2361 charptr = &options->routing_domain; 2362 arg = argv_next(&ac, &av); 2363 if (!arg || *arg == '\0') 2364 fatal("%s line %d: %s missing argument.", 2365 filename, linenum, keyword); 2366 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && 2367 !valid_rdomain(arg)) 2368 fatal("%s line %d: invalid routing domain", 2369 filename, linenum); 2370 if (*activep && *charptr == NULL) 2371 *charptr = xstrdup(arg); 2372 break; 2373 2374 case sDeprecated: 2375 case sIgnore: 2376 case sUnsupported: 2377 do_log2(opcode == sIgnore ? 2378 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 2379 "%s line %d: %s option %s", filename, linenum, 2380 opcode == sUnsupported ? "Unsupported" : "Deprecated", 2381 keyword); 2382 argv_consume(&ac); 2383 break; 2384 2385 default: 2386 fatal("%s line %d: Missing handler for opcode %s (%d)", 2387 filename, linenum, keyword, opcode); 2388 } 2389 /* Check that there is no garbage at end of line. */ 2390 if (ac > 0) { 2391 error("%.200s line %d: keyword %s extra arguments " 2392 "at end of line", filename, linenum, keyword); 2393 goto out; 2394 } 2395 2396 /* success */ 2397 ret = 0; 2398 out: 2399 argv_free(oav, oac); 2400 return ret; 2401 } 2402 2403 int 2404 process_server_config_line(ServerOptions *options, char *line, 2405 const char *filename, int linenum, int *activep, 2406 struct connection_info *connectinfo, struct include_list *includes) 2407 { 2408 int inc_flags = 0; 2409 2410 return process_server_config_line_depth(options, line, filename, 2411 linenum, activep, connectinfo, &inc_flags, 0, includes); 2412 } 2413 2414 2415 /* Reads the server configuration file. */ 2416 2417 void 2418 load_server_config(const char *filename, struct sshbuf *conf) 2419 { 2420 struct stat st; 2421 char *line = NULL, *cp; 2422 size_t linesize = 0; 2423 FILE *f; 2424 int r, lineno = 0; 2425 2426 debug2_f("filename %s", filename); 2427 if ((f = fopen(filename, "r")) == NULL) { 2428 perror(filename); 2429 exit(1); 2430 } 2431 sshbuf_reset(conf); 2432 /* grow buffer, so realloc is avoided for large config files */ 2433 if (fstat(fileno(f), &st) == 0 && st.st_size > 0 && 2434 (r = sshbuf_allocate(conf, st.st_size)) != 0) 2435 fatal_fr(r, "allocate"); 2436 while (getline(&line, &linesize, f) != -1) { 2437 lineno++; 2438 /* 2439 * Strip whitespace 2440 * NB - preserve newlines, they are needed to reproduce 2441 * line numbers later for error messages 2442 */ 2443 cp = line + strspn(line, " \t\r"); 2444 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) 2445 fatal_fr(r, "sshbuf_put"); 2446 } 2447 free(line); 2448 if ((r = sshbuf_put_u8(conf, 0)) != 0) 2449 fatal_fr(r, "sshbuf_put_u8"); 2450 fclose(f); 2451 debug2_f("done config len = %zu", sshbuf_len(conf)); 2452 } 2453 2454 void 2455 parse_server_match_config(ServerOptions *options, 2456 struct include_list *includes, struct connection_info *connectinfo) 2457 { 2458 ServerOptions mo; 2459 2460 initialize_server_options(&mo); 2461 parse_server_config(&mo, "reprocess config", cfg, includes, 2462 connectinfo, 0); 2463 copy_set_server_options(options, &mo, 0); 2464 } 2465 2466 int parse_server_match_testspec(struct connection_info *ci, char *spec) 2467 { 2468 char *p; 2469 2470 while ((p = strsep(&spec, ",")) && *p != '\0') { 2471 if (strncmp(p, "addr=", 5) == 0) { 2472 ci->address = xstrdup(p + 5); 2473 } else if (strncmp(p, "host=", 5) == 0) { 2474 ci->host = xstrdup(p + 5); 2475 } else if (strncmp(p, "user=", 5) == 0) { 2476 ci->user = xstrdup(p + 5); 2477 } else if (strncmp(p, "laddr=", 6) == 0) { 2478 ci->laddress = xstrdup(p + 6); 2479 } else if (strncmp(p, "rdomain=", 8) == 0) { 2480 ci->rdomain = xstrdup(p + 8); 2481 } else if (strncmp(p, "lport=", 6) == 0) { 2482 ci->lport = a2port(p + 6); 2483 if (ci->lport == -1) { 2484 fprintf(stderr, "Invalid port '%s' in test mode" 2485 " specification %s\n", p+6, p); 2486 return -1; 2487 } 2488 } else { 2489 fprintf(stderr, "Invalid test mode specification %s\n", 2490 p); 2491 return -1; 2492 } 2493 } 2494 return 0; 2495 } 2496 2497 /* 2498 * Copy any supported values that are set. 2499 * 2500 * If the preauth flag is set, we do not bother copying the string or 2501 * array values that are not used pre-authentication, because any that we 2502 * do use must be explicitly sent in mm_getpwnamallow(). 2503 */ 2504 void 2505 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 2506 { 2507 #define M_CP_INTOPT(n) do {\ 2508 if (src->n != -1) \ 2509 dst->n = src->n; \ 2510 } while (0) 2511 2512 M_CP_INTOPT(password_authentication); 2513 M_CP_INTOPT(gss_authentication); 2514 M_CP_INTOPT(pubkey_authentication); 2515 M_CP_INTOPT(pubkey_auth_options); 2516 M_CP_INTOPT(kerberos_authentication); 2517 M_CP_INTOPT(hostbased_authentication); 2518 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 2519 M_CP_INTOPT(kbd_interactive_authentication); 2520 M_CP_INTOPT(permit_root_login); 2521 M_CP_INTOPT(permit_empty_passwd); 2522 M_CP_INTOPT(ignore_rhosts); 2523 2524 M_CP_INTOPT(allow_tcp_forwarding); 2525 M_CP_INTOPT(allow_streamlocal_forwarding); 2526 M_CP_INTOPT(allow_agent_forwarding); 2527 M_CP_INTOPT(disable_forwarding); 2528 M_CP_INTOPT(expose_userauth_info); 2529 M_CP_INTOPT(permit_tun); 2530 M_CP_INTOPT(fwd_opts.gateway_ports); 2531 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2532 M_CP_INTOPT(x11_display_offset); 2533 M_CP_INTOPT(x11_forwarding); 2534 M_CP_INTOPT(x11_use_localhost); 2535 M_CP_INTOPT(permit_tty); 2536 M_CP_INTOPT(permit_user_rc); 2537 M_CP_INTOPT(max_sessions); 2538 M_CP_INTOPT(max_authtries); 2539 M_CP_INTOPT(client_alive_count_max); 2540 M_CP_INTOPT(client_alive_interval); 2541 M_CP_INTOPT(ip_qos_interactive); 2542 M_CP_INTOPT(ip_qos_bulk); 2543 M_CP_INTOPT(rekey_limit); 2544 M_CP_INTOPT(rekey_interval); 2545 M_CP_INTOPT(log_level); 2546 2547 /* 2548 * The bind_mask is a mode_t that may be unsigned, so we can't use 2549 * M_CP_INTOPT - it does a signed comparison that causes compiler 2550 * warnings. 2551 */ 2552 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 2553 dst->fwd_opts.streamlocal_bind_mask = 2554 src->fwd_opts.streamlocal_bind_mask; 2555 } 2556 2557 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2558 #define M_CP_STROPT(n) do {\ 2559 if (src->n != NULL && dst->n != src->n) { \ 2560 free(dst->n); \ 2561 dst->n = src->n; \ 2562 } \ 2563 } while(0) 2564 #define M_CP_STRARRAYOPT(s, num_s) do {\ 2565 u_int i; \ 2566 if (src->num_s != 0) { \ 2567 for (i = 0; i < dst->num_s; i++) \ 2568 free(dst->s[i]); \ 2569 free(dst->s); \ 2570 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \ 2571 for (i = 0; i < src->num_s; i++) \ 2572 dst->s[i] = xstrdup(src->s[i]); \ 2573 dst->num_s = src->num_s; \ 2574 } \ 2575 } while(0) 2576 2577 /* See comment in servconf.h */ 2578 COPY_MATCH_STRING_OPTS(); 2579 2580 /* Arguments that accept '+...' need to be expanded */ 2581 assemble_algorithms(dst); 2582 2583 /* 2584 * The only things that should be below this point are string options 2585 * which are only used after authentication. 2586 */ 2587 if (preauth) 2588 return; 2589 2590 /* These options may be "none" to clear a global setting */ 2591 M_CP_STROPT(adm_forced_command); 2592 if (option_clear_or_none(dst->adm_forced_command)) { 2593 free(dst->adm_forced_command); 2594 dst->adm_forced_command = NULL; 2595 } 2596 M_CP_STROPT(chroot_directory); 2597 if (option_clear_or_none(dst->chroot_directory)) { 2598 free(dst->chroot_directory); 2599 dst->chroot_directory = NULL; 2600 } 2601 } 2602 2603 #undef M_CP_INTOPT 2604 #undef M_CP_STROPT 2605 #undef M_CP_STRARRAYOPT 2606 2607 #define SERVCONF_MAX_DEPTH 16 2608 static void 2609 parse_server_config_depth(ServerOptions *options, const char *filename, 2610 struct sshbuf *conf, struct include_list *includes, 2611 struct connection_info *connectinfo, int flags, int *activep, int depth) 2612 { 2613 int linenum, bad_options = 0; 2614 char *cp, *obuf, *cbuf; 2615 2616 if (depth < 0 || depth > SERVCONF_MAX_DEPTH) 2617 fatal("Too many recursive configuration includes"); 2618 2619 debug2_f("config %s len %zu%s", filename, sshbuf_len(conf), 2620 (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : "")); 2621 2622 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2623 fatal_f("sshbuf_dup_string failed"); 2624 linenum = 1; 2625 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2626 if (process_server_config_line_depth(options, cp, 2627 filename, linenum++, activep, connectinfo, &flags, 2628 depth, includes) != 0) 2629 bad_options++; 2630 } 2631 free(obuf); 2632 if (bad_options > 0) 2633 fatal("%s: terminating, %d bad configuration options", 2634 filename, bad_options); 2635 } 2636 2637 void 2638 parse_server_config(ServerOptions *options, const char *filename, 2639 struct sshbuf *conf, struct include_list *includes, 2640 struct connection_info *connectinfo, int reexec) 2641 { 2642 int active = connectinfo ? 0 : 1; 2643 parse_server_config_depth(options, filename, conf, includes, 2644 connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0); 2645 if (!reexec) 2646 process_queued_listen_addrs(options); 2647 } 2648 2649 static const char * 2650 fmt_multistate_int(int val, const struct multistate *m) 2651 { 2652 u_int i; 2653 2654 for (i = 0; m[i].key != NULL; i++) { 2655 if (m[i].value == val) 2656 return m[i].key; 2657 } 2658 return "UNKNOWN"; 2659 } 2660 2661 static const char * 2662 fmt_intarg(ServerOpCodes code, int val) 2663 { 2664 if (val == -1) 2665 return "unset"; 2666 switch (code) { 2667 case sAddressFamily: 2668 return fmt_multistate_int(val, multistate_addressfamily); 2669 case sPermitRootLogin: 2670 return fmt_multistate_int(val, multistate_permitrootlogin); 2671 case sGatewayPorts: 2672 return fmt_multistate_int(val, multistate_gatewayports); 2673 case sCompression: 2674 return fmt_multistate_int(val, multistate_compression); 2675 case sAllowTcpForwarding: 2676 return fmt_multistate_int(val, multistate_tcpfwd); 2677 case sAllowStreamLocalForwarding: 2678 return fmt_multistate_int(val, multistate_tcpfwd); 2679 case sIgnoreRhosts: 2680 return fmt_multistate_int(val, multistate_ignore_rhosts); 2681 case sFingerprintHash: 2682 return ssh_digest_alg_name(val); 2683 default: 2684 switch (val) { 2685 case 0: 2686 return "no"; 2687 case 1: 2688 return "yes"; 2689 default: 2690 return "UNKNOWN"; 2691 } 2692 } 2693 } 2694 2695 static void 2696 dump_cfg_int(ServerOpCodes code, int val) 2697 { 2698 printf("%s %d\n", lookup_opcode_name(code), val); 2699 } 2700 2701 static void 2702 dump_cfg_oct(ServerOpCodes code, int val) 2703 { 2704 printf("%s 0%o\n", lookup_opcode_name(code), val); 2705 } 2706 2707 static void 2708 dump_cfg_fmtint(ServerOpCodes code, int val) 2709 { 2710 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2711 } 2712 2713 static void 2714 dump_cfg_string(ServerOpCodes code, const char *val) 2715 { 2716 printf("%s %s\n", lookup_opcode_name(code), 2717 val == NULL ? "none" : val); 2718 } 2719 2720 static void 2721 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2722 { 2723 u_int i; 2724 2725 for (i = 0; i < count; i++) 2726 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2727 } 2728 2729 static void 2730 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2731 { 2732 u_int i; 2733 2734 if (count <= 0 && code != sAuthenticationMethods) 2735 return; 2736 printf("%s", lookup_opcode_name(code)); 2737 for (i = 0; i < count; i++) 2738 printf(" %s", vals[i]); 2739 if (code == sAuthenticationMethods && count == 0) 2740 printf(" any"); 2741 printf("\n"); 2742 } 2743 2744 static char * 2745 format_listen_addrs(struct listenaddr *la) 2746 { 2747 int r; 2748 struct addrinfo *ai; 2749 char addr[NI_MAXHOST], port[NI_MAXSERV]; 2750 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2751 2752 /* 2753 * ListenAddress must be after Port. add_one_listen_addr pushes 2754 * addresses onto a stack, so to maintain ordering we need to 2755 * print these in reverse order. 2756 */ 2757 for (ai = la->addrs; ai; ai = ai->ai_next) { 2758 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2759 sizeof(addr), port, sizeof(port), 2760 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2761 error("getnameinfo: %.100s", ssh_gai_strerror(r)); 2762 continue; 2763 } 2764 laddr2 = laddr1; 2765 if (ai->ai_family == AF_INET6) { 2766 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s", 2767 addr, port, 2768 la->rdomain == NULL ? "" : " rdomain ", 2769 la->rdomain == NULL ? "" : la->rdomain, 2770 laddr2); 2771 } else { 2772 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s", 2773 addr, port, 2774 la->rdomain == NULL ? "" : " rdomain ", 2775 la->rdomain == NULL ? "" : la->rdomain, 2776 laddr2); 2777 } 2778 free(laddr2); 2779 } 2780 return laddr1; 2781 } 2782 2783 void 2784 dump_config(ServerOptions *o) 2785 { 2786 char *s; 2787 u_int i; 2788 2789 /* these are usually at the top of the config */ 2790 for (i = 0; i < o->num_ports; i++) 2791 printf("port %d\n", o->ports[i]); 2792 dump_cfg_fmtint(sAddressFamily, o->address_family); 2793 2794 for (i = 0; i < o->num_listen_addrs; i++) { 2795 s = format_listen_addrs(&o->listen_addrs[i]); 2796 printf("%s", s); 2797 free(s); 2798 } 2799 2800 /* integer arguments */ 2801 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2802 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2803 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2804 dump_cfg_int(sMaxSessions, o->max_sessions); 2805 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2806 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2807 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2808 2809 /* formatted integer arguments */ 2810 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2811 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2812 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2813 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2814 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2815 o->hostbased_uses_name_from_packet_only); 2816 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2817 #ifdef KRB5 2818 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2819 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2820 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2821 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2822 #endif 2823 #ifdef GSSAPI 2824 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2825 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2826 #endif 2827 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2828 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2829 o->kbd_interactive_authentication); 2830 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2831 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2832 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2833 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2834 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2835 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2836 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2837 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2838 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2839 dump_cfg_fmtint(sCompression, o->compression); 2840 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2841 dump_cfg_fmtint(sUseDNS, o->use_dns); 2842 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2843 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2844 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2845 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2846 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2847 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2848 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); 2849 2850 /* string arguments */ 2851 dump_cfg_string(sPidFile, o->pid_file); 2852 dump_cfg_string(sModuliFile, o->moduli_file); 2853 dump_cfg_string(sXAuthLocation, o->xauth_location); 2854 dump_cfg_string(sCiphers, o->ciphers); 2855 dump_cfg_string(sMacs, o->macs); 2856 dump_cfg_string(sBanner, o->banner); 2857 dump_cfg_string(sForceCommand, o->adm_forced_command); 2858 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2859 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2860 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2861 dump_cfg_string(sSecurityKeyProvider, o->sk_provider); 2862 dump_cfg_string(sAuthorizedPrincipalsFile, 2863 o->authorized_principals_file); 2864 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2865 ? "none" : o->version_addendum); 2866 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2867 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2868 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2869 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2870 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2871 dump_cfg_string(sKexAlgorithms, o->kex_algorithms); 2872 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms); 2873 dump_cfg_string(sHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos); 2874 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms); 2875 dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos); 2876 dump_cfg_string(sRDomain, o->routing_domain); 2877 2878 /* string arguments requiring a lookup */ 2879 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2880 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2881 2882 /* string array arguments */ 2883 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2884 o->authorized_keys_files); 2885 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2886 o->host_key_files); 2887 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2888 o->host_cert_files); 2889 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2890 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2891 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2892 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2893 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2894 dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv); 2895 dump_cfg_strarray_oneline(sAuthenticationMethods, 2896 o->num_auth_methods, o->auth_methods); 2897 dump_cfg_strarray_oneline(sLogVerbose, 2898 o->num_log_verbose, o->log_verbose); 2899 2900 /* other arguments */ 2901 for (i = 0; i < o->num_subsystems; i++) 2902 printf("subsystem %s %s\n", o->subsystem_name[i], 2903 o->subsystem_args[i]); 2904 2905 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2906 o->max_startups_rate, o->max_startups); 2907 printf("persourcemaxstartups "); 2908 if (o->per_source_max_startups == INT_MAX) 2909 printf("none\n"); 2910 else 2911 printf("%d\n", o->per_source_max_startups); 2912 printf("persourcenetblocksize %d:%d\n", o->per_source_masklen_ipv4, 2913 o->per_source_masklen_ipv6); 2914 2915 s = NULL; 2916 for (i = 0; tunmode_desc[i].val != -1; i++) { 2917 if (tunmode_desc[i].val == o->permit_tun) { 2918 s = tunmode_desc[i].text; 2919 break; 2920 } 2921 } 2922 dump_cfg_string(sPermitTunnel, s); 2923 2924 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2925 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2926 2927 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2928 o->rekey_interval); 2929 2930 printf("permitopen"); 2931 if (o->num_permitted_opens == 0) 2932 printf(" any"); 2933 else { 2934 for (i = 0; i < o->num_permitted_opens; i++) 2935 printf(" %s", o->permitted_opens[i]); 2936 } 2937 printf("\n"); 2938 printf("permitlisten"); 2939 if (o->num_permitted_listens == 0) 2940 printf(" any"); 2941 else { 2942 for (i = 0; i < o->num_permitted_listens; i++) 2943 printf(" %s", o->permitted_listens[i]); 2944 } 2945 printf("\n"); 2946 2947 if (o->permit_user_env_allowlist == NULL) { 2948 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2949 } else { 2950 printf("permituserenvironment %s\n", 2951 o->permit_user_env_allowlist); 2952 } 2953 2954 printf("pubkeyauthoptions"); 2955 if (o->pubkey_auth_options == 0) 2956 printf(" none"); 2957 if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED) 2958 printf(" touch-required"); 2959 if (o->pubkey_auth_options & PUBKEYAUTH_VERIFY_REQUIRED) 2960 printf(" verify-required"); 2961 printf("\n"); 2962 } 2963