1 /*
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 */
11 /*
12 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
13 * Copyright 2013 Joyent, Inc. All rights reserved.
14 */
15
16 #include "includes.h"
17 RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
18
19 #ifdef HAVE_DEFOPEN
20 #include <deflt.h>
21 #endif /* HAVE_DEFOPEN */
22
23 #if defined(KRB4)
24 #include <krb.h>
25 #endif
26 #if defined(KRB5)
27 #ifdef HEIMDAL
28 #include <krb.h>
29 #else
30 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
31 * keytab */
32 #define KEYFILE "/etc/krb5.keytab"
33 #endif
34 #endif
35 #ifdef AFS
36 #include <kafs.h>
37 #endif
38
39 #include "ssh.h"
40 #include "log.h"
41 #include "buffer.h"
42 #include "servconf.h"
43 #include "xmalloc.h"
44 #include "compat.h"
45 #include "pathnames.h"
46 #include "tildexpand.h"
47 #include "misc.h"
48 #include "cipher.h"
49 #include "kex.h"
50 #include "mac.h"
51 #include "auth.h"
52 #include "match.h"
53 #include "groupaccess.h"
54
55 static void add_listen_addr(ServerOptions *, char *, u_short);
56 static void add_one_listen_addr(ServerOptions *, char *, u_short);
57
58 extern Buffer cfg;
59
60 /* AF_UNSPEC or AF_INET or AF_INET6 */
61 extern int IPv4or6;
62
63 /*
64 * Initializes the server options to their initial (unset) values. Some of those
65 * that stay unset after the command line options and configuration files are
66 * read are set to their default values in fill_default_server_options().
67 */
68 void
initialize_server_options(ServerOptions * options)69 initialize_server_options(ServerOptions *options)
70 {
71 (void) memset(options, 0, sizeof(*options));
72
73 /* Standard Options */
74 options->num_ports = 0;
75 options->ports_from_cmdline = 0;
76 options->listen_addrs = NULL;
77 options->num_host_key_files = 0;
78 options->pid_file = NULL;
79 options->server_key_bits = -1;
80 options->login_grace_time = -1;
81 options->key_regeneration_time = -1;
82 options->permit_root_login = PERMIT_NOT_SET;
83 options->ignore_rhosts = -1;
84 options->ignore_user_known_hosts = -1;
85 options->print_motd = -1;
86 options->print_lastlog = -1;
87 options->x11_forwarding = -1;
88 options->x11_display_offset = -1;
89 options->x11_use_localhost = -1;
90 options->xauth_location = NULL;
91 options->strict_modes = -1;
92 options->keepalives = -1;
93 options->log_facility = SYSLOG_FACILITY_NOT_SET;
94 options->log_level = SYSLOG_LEVEL_NOT_SET;
95 options->rhosts_authentication = -1;
96 options->rhosts_rsa_authentication = -1;
97 options->hostbased_authentication = -1;
98 options->hostbased_uses_name_from_packet_only = -1;
99 options->rsa_authentication = -1;
100 options->pubkey_authentication = -1;
101 #ifdef GSSAPI
102 options->gss_authentication = -1;
103 options->gss_keyex = -1;
104 options->gss_store_creds = -1;
105 options->gss_use_session_ccache = -1;
106 options->gss_cleanup_creds = -1;
107 #endif
108 #if defined(KRB4) || defined(KRB5)
109 options->kerberos_authentication = -1;
110 options->kerberos_or_local_passwd = -1;
111 options->kerberos_ticket_cleanup = -1;
112 #endif
113 #if defined(AFS) || defined(KRB5)
114 options->kerberos_tgt_passing = -1;
115 #endif
116 #ifdef AFS
117 options->afs_token_passing = -1;
118 #endif
119 options->password_authentication = -1;
120 options->kbd_interactive_authentication = -1;
121 options->challenge_response_authentication = -1;
122 options->pam_authentication_via_kbd_int = -1;
123 options->permit_empty_passwd = -1;
124 options->permit_user_env = -1;
125 options->compression = -1;
126 options->allow_tcp_forwarding = -1;
127 options->num_allow_users = 0;
128 options->num_deny_users = 0;
129 options->num_allow_groups = 0;
130 options->num_deny_groups = 0;
131 options->ciphers = NULL;
132 options->macs = NULL;
133 options->protocol = SSH_PROTO_UNKNOWN;
134 options->gateway_ports = -1;
135 options->num_subsystems = 0;
136 options->max_startups_begin = -1;
137 options->max_startups_rate = -1;
138 options->max_startups = -1;
139 options->banner = NULL;
140 options->verify_reverse_mapping = -1;
141 options->client_alive_interval = -1;
142 options->client_alive_count_max = -1;
143 options->authorized_keys_file = NULL;
144 options->authorized_keys_file2 = NULL;
145
146 options->max_auth_tries = -1;
147 options->max_auth_tries_log = -1;
148
149 options->max_init_auth_tries = -1;
150 options->max_init_auth_tries_log = -1;
151
152 options->lookup_client_hostnames = -1;
153 options->use_openssl_engine = -1;
154 options->chroot_directory = NULL;
155 options->pre_userauth_hook = NULL;
156 options->pam_service_name = NULL;
157 options->pam_service_prefix = NULL;
158 }
159
160 #ifdef HAVE_DEFOPEN
161 /*
162 * Reads /etc/default/login and defaults several ServerOptions:
163 *
164 * PermitRootLogin
165 * PermitEmptyPasswords
166 * LoginGraceTime
167 *
168 * CONSOLE=* -> PermitRootLogin=without-password
169 * #CONSOLE=* -> PermitRootLogin=yes
170 *
171 * PASSREQ=YES -> PermitEmptyPasswords=no
172 * PASSREQ=NO -> PermitEmptyPasswords=yes
173 * #PASSREQ=* -> PermitEmptyPasswords=no
174 *
175 * TIMEOUT=<secs> -> LoginGraceTime=<secs>
176 * #TIMEOUT=<secs> -> LoginGraceTime=300
177 */
178 static
179 void
deflt_fill_default_server_options(ServerOptions * options)180 deflt_fill_default_server_options(ServerOptions *options)
181 {
182 int flags;
183 char *ptr;
184
185 if (defopen(_PATH_DEFAULT_LOGIN))
186 return;
187
188 /* Ignore case */
189 flags = defcntl(DC_GETFLAGS, 0);
190 TURNOFF(flags, DC_CASE);
191 (void) defcntl(DC_SETFLAGS, flags);
192
193 if (options->permit_root_login == PERMIT_NOT_SET &&
194 (ptr = defread("CONSOLE=")) != NULL)
195 options->permit_root_login = PERMIT_NO_PASSWD;
196
197 if (options->permit_empty_passwd == -1 &&
198 (ptr = defread("PASSREQ=")) != NULL) {
199 if (strcasecmp("YES", ptr) == 0)
200 options->permit_empty_passwd = 0;
201 else if (strcasecmp("NO", ptr) == 0)
202 options->permit_empty_passwd = 1;
203 }
204
205 if (options->max_init_auth_tries == -1 &&
206 (ptr = defread("RETRIES=")) != NULL) {
207 options->max_init_auth_tries = atoi(ptr);
208 }
209
210 if (options->max_init_auth_tries_log == -1 &&
211 (ptr = defread("SYSLOG_FAILED_LOGINS=")) != NULL) {
212 options->max_init_auth_tries_log = atoi(ptr);
213 }
214
215 if (options->login_grace_time == -1) {
216 if ((ptr = defread("TIMEOUT=")) != NULL)
217 options->login_grace_time = (unsigned)atoi(ptr);
218 else
219 options->login_grace_time = 300;
220 }
221
222 (void) defopen((char *)NULL);
223 }
224 #endif /* HAVE_DEFOPEN */
225
226 void
fill_default_server_options(ServerOptions * options)227 fill_default_server_options(ServerOptions *options)
228 {
229
230 #ifdef HAVE_DEFOPEN
231 deflt_fill_default_server_options(options);
232 #endif /* HAVE_DEFOPEN */
233
234 /* Standard Options */
235 if (options->protocol == SSH_PROTO_UNKNOWN)
236 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
237 if (options->num_host_key_files == 0) {
238 /* fill default hostkeys for protocols */
239 if (options->protocol & SSH_PROTO_1)
240 options->host_key_files[options->num_host_key_files++] =
241 _PATH_HOST_KEY_FILE;
242 #ifndef GSSAPI
243 /* With GSS keyex we can run v2 w/ no host keys */
244 if (options->protocol & SSH_PROTO_2) {
245 options->host_key_files[options->num_host_key_files++] =
246 _PATH_HOST_RSA_KEY_FILE;
247 options->host_key_files[options->num_host_key_files++] =
248 _PATH_HOST_DSA_KEY_FILE;
249 }
250 #endif /* GSSAPI */
251 }
252 if (options->num_ports == 0)
253 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
254 if (options->listen_addrs == NULL)
255 add_listen_addr(options, NULL, 0);
256 if (options->pid_file == NULL)
257 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
258 if (options->server_key_bits == -1)
259 options->server_key_bits = 768;
260 if (options->login_grace_time == -1)
261 options->login_grace_time = 120;
262 if (options->key_regeneration_time == -1)
263 options->key_regeneration_time = 3600;
264 if (options->permit_root_login == PERMIT_NOT_SET)
265 options->permit_root_login = PERMIT_YES;
266 if (options->ignore_rhosts == -1)
267 options->ignore_rhosts = 1;
268 if (options->ignore_user_known_hosts == -1)
269 options->ignore_user_known_hosts = 0;
270 if (options->print_motd == -1)
271 options->print_motd = 1;
272 if (options->print_lastlog == -1)
273 options->print_lastlog = 1;
274 if (options->x11_forwarding == -1)
275 options->x11_forwarding = 1;
276 if (options->x11_display_offset == -1)
277 options->x11_display_offset = 10;
278 if (options->x11_use_localhost == -1)
279 options->x11_use_localhost = 1;
280 if (options->xauth_location == NULL)
281 options->xauth_location = _PATH_XAUTH;
282 if (options->strict_modes == -1)
283 options->strict_modes = 1;
284 if (options->keepalives == -1)
285 options->keepalives = 1;
286 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
287 options->log_facility = SYSLOG_FACILITY_AUTH;
288 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
289 options->log_level = SYSLOG_LEVEL_INFO;
290 if (options->rhosts_authentication == -1)
291 options->rhosts_authentication = 0;
292 if (options->rhosts_rsa_authentication == -1)
293 options->rhosts_rsa_authentication = 0;
294 if (options->hostbased_authentication == -1)
295 options->hostbased_authentication = 0;
296 if (options->hostbased_uses_name_from_packet_only == -1)
297 options->hostbased_uses_name_from_packet_only = 0;
298 if (options->rsa_authentication == -1)
299 options->rsa_authentication = 1;
300 if (options->pubkey_authentication == -1)
301 options->pubkey_authentication = 1;
302 #ifdef GSSAPI
303 if (options->gss_authentication == -1)
304 options->gss_authentication = 1;
305 if (options->gss_keyex == -1)
306 options->gss_keyex = 1;
307 if (options->gss_store_creds == -1)
308 options->gss_store_creds = 1;
309 if (options->gss_use_session_ccache == -1)
310 options->gss_use_session_ccache = 1;
311 if (options->gss_cleanup_creds == -1)
312 options->gss_cleanup_creds = 1;
313 #endif
314 #if defined(KRB4) || defined(KRB5)
315 if (options->kerberos_authentication == -1)
316 options->kerberos_authentication = 0;
317 if (options->kerberos_or_local_passwd == -1)
318 options->kerberos_or_local_passwd = 1;
319 if (options->kerberos_ticket_cleanup == -1)
320 options->kerberos_ticket_cleanup = 1;
321 #endif
322 #if defined(AFS) || defined(KRB5)
323 if (options->kerberos_tgt_passing == -1)
324 options->kerberos_tgt_passing = 0;
325 #endif
326 #ifdef AFS
327 if (options->afs_token_passing == -1)
328 options->afs_token_passing = 0;
329 #endif
330 if (options->password_authentication == -1)
331 options->password_authentication = 1;
332 /*
333 * options->pam_authentication_via_kbd_int has intentionally no default
334 * value since we do not need it.
335 */
336 if (options->kbd_interactive_authentication == -1)
337 options->kbd_interactive_authentication = 1;
338 if (options->challenge_response_authentication == -1)
339 options->challenge_response_authentication = 1;
340 if (options->permit_empty_passwd == -1)
341 options->permit_empty_passwd = 0;
342 if (options->permit_user_env == -1)
343 options->permit_user_env = 0;
344 if (options->compression == -1)
345 options->compression = 1;
346 if (options->allow_tcp_forwarding == -1)
347 options->allow_tcp_forwarding = 1;
348 if (options->gateway_ports == -1)
349 options->gateway_ports = 0;
350 if (options->max_startups == -1)
351 options->max_startups = 10;
352 if (options->max_startups_rate == -1)
353 options->max_startups_rate = 100; /* 100% */
354 if (options->max_startups_begin == -1)
355 options->max_startups_begin = options->max_startups;
356 if (options->verify_reverse_mapping == -1)
357 options->verify_reverse_mapping = 0;
358 if (options->client_alive_interval == -1)
359 options->client_alive_interval = 0;
360 if (options->client_alive_count_max == -1)
361 options->client_alive_count_max = 3;
362 if (options->authorized_keys_file2 == NULL) {
363 /* authorized_keys_file2 falls back to authorized_keys_file */
364 if (options->authorized_keys_file != NULL)
365 options->authorized_keys_file2 = options->authorized_keys_file;
366 else
367 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
368 }
369 if (options->authorized_keys_file == NULL)
370 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
371
372 if (options->max_auth_tries == -1)
373 options->max_auth_tries = AUTH_FAIL_MAX;
374 if (options->max_auth_tries_log == -1)
375 options->max_auth_tries_log = options->max_auth_tries / 2;
376
377 if (options->max_init_auth_tries == -1)
378 options->max_init_auth_tries = AUTH_FAIL_MAX;
379 if (options->max_init_auth_tries_log == -1)
380 options->max_init_auth_tries_log = options->max_init_auth_tries / 2;
381
382 if (options->lookup_client_hostnames == -1)
383 options->lookup_client_hostnames = 1;
384 if (options->use_openssl_engine == -1)
385 options->use_openssl_engine = 1;
386 if (options->pam_service_prefix == NULL)
387 options->pam_service_prefix = _SSH_PAM_SERVICE_PREFIX;
388 if (options->pam_service_name == NULL)
389 options->pam_service_name = NULL;
390 }
391
392 /* Keyword tokens. */
393 typedef enum {
394 sBadOption, /* == unknown option */
395 /* Portable-specific options */
396 sPAMAuthenticationViaKbdInt,
397 /* Standard Options */
398 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
399 sPermitRootLogin, sLogFacility, sLogLevel,
400 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
401 #ifdef GSSAPI
402 sGssAuthentication, sGssKeyEx, sGssStoreDelegCreds,
403 sGssUseSessionCredCache, sGssCleanupCreds,
404 #endif /* GSSAPI */
405 #if defined(KRB4) || defined(KRB5)
406 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
407 #endif
408 #if defined(AFS) || defined(KRB5)
409 sKerberosTgtPassing,
410 #endif
411 #ifdef AFS
412 sAFSTokenPassing,
413 #endif
414 sChallengeResponseAuthentication,
415 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
416 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
417 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
418 sStrictModes, sEmptyPasswd, sKeepAlives,
419 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
420 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
421 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
422 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
423 sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
424 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
425 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
426 sMaxAuthTries, sMaxAuthTriesLog, sUsePrivilegeSeparation,
427 sLookupClientHostnames, sUseOpenSSLEngine, sChrootDirectory,
428 sPreUserauthHook, sMatch, sPAMServicePrefix, sPAMServiceName,
429 sDeprecated
430 } ServerOpCodes;
431
432 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
433 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
434 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
435
436 /* Textual representation of the tokens. */
437 static struct {
438 const char *name;
439 ServerOpCodes opcode;
440 u_int flags;
441 } keywords[] = {
442 /* Portable-specific options */
443 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt, SSHCFG_GLOBAL },
444 /* Standard Options */
445 { "port", sPort, SSHCFG_GLOBAL },
446 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
447 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
448 { "pidfile", sPidFile, SSHCFG_GLOBAL },
449 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL },
450 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
451 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL },
452 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
453 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
454 { "loglevel", sLogLevel, SSHCFG_GLOBAL },
455 { "rhostsauthentication", sRhostsAuthentication, SSHCFG_GLOBAL },
456 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
457 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
458 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
459 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
460 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
461 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
462 #ifdef GSSAPI
463 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
464 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
465 { "gssapistoredelegatedcredentials", sGssStoreDelegCreds, SSHCFG_GLOBAL },
466 { "gssauthentication", sGssAuthentication, SSHCFG_GLOBAL }, /* alias */
467 { "gsskeyex", sGssKeyEx, SSHCFG_GLOBAL }, /* alias */
468 { "gssstoredelegcreds", sGssStoreDelegCreds, SSHCFG_GLOBAL }, /* alias */
469 #ifndef SUNW_GSSAPI
470 { "gssusesessionccache", sGssUseSessionCredCache, SSHCFG_GLOBAL },
471 { "gssusesessioncredcache", sGssUseSessionCredCache, SSHCFG_GLOBAL },
472 { "gsscleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
473 #endif /* SUNW_GSSAPI */
474 #endif
475 #if defined(KRB4) || defined(KRB5)
476 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
477 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
478 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
479 #endif
480 #if defined(AFS) || defined(KRB5)
481 { "kerberostgtpassing", sKerberosTgtPassing, SSHCFG_GLOBAL },
482 #endif
483 #ifdef AFS
484 { "afstokenpassing", sAFSTokenPassing, SSHCFG_GLOBAL },
485 #endif
486 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
487 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
488 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
489 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
490 { "checkmail", sDeprecated, SSHCFG_GLOBAL },
491 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
492 { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
493 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
494 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
495 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
496 { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
497 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
498 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
499 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
500 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
501 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
502 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
503 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
504 { "compression", sCompression, SSHCFG_GLOBAL },
505 { "tcpkeepalive", sKeepAlives, SSHCFG_GLOBAL },
506 { "keepalive", sKeepAlives, SSHCFG_GLOBAL }, /* obsolete */
507 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
508 { "allowusers", sAllowUsers, SSHCFG_GLOBAL },
509 { "denyusers", sDenyUsers, SSHCFG_GLOBAL },
510 { "allowgroups", sAllowGroups, SSHCFG_GLOBAL },
511 { "denygroups", sDenyGroups, SSHCFG_GLOBAL },
512 { "ciphers", sCiphers, SSHCFG_GLOBAL },
513 { "macs", sMacs, SSHCFG_GLOBAL},
514 { "protocol", sProtocol,SSHCFG_GLOBAL },
515 { "gatewayports", sGatewayPorts, SSHCFG_ALL },
516 { "subsystem", sSubsystem, SSHCFG_GLOBAL},
517 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
518 { "banner", sBanner, SSHCFG_ALL },
519 { "verifyreversemapping", sVerifyReverseMapping, SSHCFG_GLOBAL },
520 { "reversemappingcheck", sVerifyReverseMapping,SSHCFG_GLOBAL },
521 { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
522 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
523 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
524 { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
525 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
526 { "maxauthtrieslog", sMaxAuthTriesLog, SSHCFG_GLOBAL },
527 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
528 { "lookupclienthostnames", sLookupClientHostnames, SSHCFG_GLOBAL },
529 { "useopensslengine", sUseOpenSSLEngine, SSHCFG_GLOBAL },
530 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
531 { "preuserauthhook", sPreUserauthHook, SSHCFG_ALL},
532 { "match", sMatch, SSHCFG_ALL },
533 { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
534 { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
535
536 { NULL, sBadOption, 0 }
537 };
538
539 /*
540 * Returns the number of the token pointed to by cp or sBadOption.
541 */
542
543 static ServerOpCodes
parse_token(const char * cp,const char * filename,int linenum,u_int * flags)544 parse_token(const char *cp, const char *filename,
545 int linenum, u_int *flags)
546 {
547 u_int i;
548
549 for (i = 0; keywords[i].name; i++)
550 if (strcasecmp(cp, keywords[i].name) == 0) {
551 *flags = keywords[i].flags;
552 return keywords[i].opcode;
553 }
554
555 error("%s: line %d: Bad configuration option: %s",
556 filename, linenum, cp);
557 return sBadOption;
558 }
559
560 static void
add_listen_addr(ServerOptions * options,char * addr,u_short port)561 add_listen_addr(ServerOptions *options, char *addr, u_short port)
562 {
563 int i;
564
565 if (options->num_ports == 0)
566 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
567 if (port == 0)
568 for (i = 0; i < options->num_ports; i++)
569 add_one_listen_addr(options, addr, options->ports[i]);
570 else
571 add_one_listen_addr(options, addr, port);
572 }
573
574 static void
add_one_listen_addr(ServerOptions * options,char * addr,u_short port)575 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
576 {
577 struct addrinfo hints, *ai, *aitop;
578 char strport[NI_MAXSERV];
579 int gaierr;
580
581 (void) memset(&hints, 0, sizeof(hints));
582 hints.ai_family = IPv4or6;
583 hints.ai_socktype = SOCK_STREAM;
584 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
585 (void) snprintf(strport, sizeof strport, "%u", port);
586 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
587 fatal("bad addr or host: %s (%s)",
588 addr ? addr : "<NULL>",
589 gai_strerror(gaierr));
590 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
591 ;
592 ai->ai_next = options->listen_addrs;
593 options->listen_addrs = aitop;
594 }
595
596 /*
597 * The strategy for the Match blocks is that the config file is parsed twice.
598 *
599 * The first time is at startup. activep is initialized to 1 and the
600 * directives in the global context are processed and acted on. Hitting a
601 * Match directive unsets activep and the directives inside the block are
602 * checked for syntax only.
603 *
604 * The second time is after a connection has been established but before
605 * authentication. activep is initialized to 2 and global config directives
606 * are ignored since they have already been processed. If the criteria in a
607 * Match block is met, activep is set and the subsequent directives
608 * processed and actioned until EOF or another Match block unsets it. Any
609 * options set are copied into the main server config.
610 *
611 * Potential additions/improvements:
612 * - Add Match support for pre-kex directives, eg Protocol, Ciphers.
613 *
614 * - Add a Tag directive (idea from David Leonard) ala pf, eg:
615 * Match Address 192.168.0.*
616 * Tag trusted
617 * Match Group wheel
618 * Tag trusted
619 * Match Tag trusted
620 * AllowTcpForwarding yes
621 * GatewayPorts clientspecified
622 * [...]
623 *
624 * - Add a PermittedChannelRequests directive
625 * Match Group shell
626 * PermittedChannelRequests session,forwarded-tcpip
627 */
628
629 static int
match_cfg_line_group(const char * grps,int line,const char * user)630 match_cfg_line_group(const char *grps, int line, const char *user)
631 {
632 int result = 0;
633 struct passwd *pw;
634
635 if (user == NULL)
636 goto out;
637
638 if ((pw = getpwnam(user)) == NULL) {
639 debug("Can't match group at line %d because user %.100s does "
640 "not exist", line, user);
641 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
642 debug("Can't Match group because user %.100s not in any group "
643 "at line %d", user, line);
644 } else if (ga_match_pattern_list(grps) != 1) {
645 debug("user %.100s does not match group list %.100s at line %d",
646 user, grps, line);
647 } else {
648 debug("user %.100s matched group list %.100s at line %d", user,
649 grps, line);
650 result = 1;
651 }
652 out:
653 ga_free();
654 return result;
655 }
656
657 static int
match_cfg_line(char ** condition,int line,const char * user,const char * host,const char * address)658 match_cfg_line(char **condition, int line, const char *user, const char *host,
659 const char *address)
660 {
661 int result = 1;
662 char *arg, *attrib, *cp = *condition;
663 size_t len;
664
665 if (user == NULL)
666 debug3("checking syntax for 'Match %s'", cp);
667 else
668 debug3("checking match for '%s' user %s host %s addr %s", cp,
669 user ? user : "(null)", host ? host : "(null)",
670 address ? address : "(null)");
671
672 while ((attrib = strdelim(&cp)) != NULL && *attrib != '\0') {
673 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
674 error("Missing Match criteria for %s", attrib);
675 return -1;
676 }
677 len = strlen(arg);
678 if (strcasecmp(attrib, "user") == 0) {
679 if (!user) {
680 result = 0;
681 continue;
682 }
683 if (match_pattern_list(user, arg, len, 0) != 1)
684 result = 0;
685 else
686 debug("user %.100s matched 'User %.100s' at "
687 "line %d", user, arg, line);
688 } else if (strcasecmp(attrib, "group") == 0) {
689 switch (match_cfg_line_group(arg, line, user)) {
690 case -1:
691 return -1;
692 case 0:
693 result = 0;
694 }
695 } else if (strcasecmp(attrib, "host") == 0) {
696 if (!host) {
697 result = 0;
698 continue;
699 }
700 if (match_hostname(host, arg, len) != 1)
701 result = 0;
702 else
703 debug("connection from %.100s matched 'Host "
704 "%.100s' at line %d", host, arg, line);
705 } else if (strcasecmp(attrib, "address") == 0) {
706 switch (addr_match_list(address, arg)) {
707 case 1:
708 debug("connection from %.100s matched 'Address "
709 "%.100s' at line %d", address, arg, line);
710 break;
711 case 0:
712 case -1:
713 result = 0;
714 break;
715 case -2:
716 return -1;
717 }
718 } else {
719 error("Unsupported Match attribute %s", attrib);
720 return -1;
721 }
722 }
723 if (user != NULL)
724 debug3("match %sfound", result ? "" : "not ");
725 *condition = cp;
726 return result;
727 }
728
729 #define WHITESPACE " \t\r\n"
730
731 int
process_server_config_line(ServerOptions * options,char * line,const char * filename,int linenum,int * activep,const char * user,const char * host,const char * address)732 process_server_config_line(ServerOptions *options, char *line,
733 const char *filename, int linenum, int *activep, const char *user,
734 const char *host, const char *address)
735 {
736 char *cp, **charptr, *arg, *p;
737 int cmdline = 0, *intptr, value, n;
738 ServerOpCodes opcode;
739 u_int i, flags = 0;
740 size_t len;
741
742 cp = line;
743 arg = strdelim(&cp);
744 /* Ignore leading whitespace */
745 if (*arg == '\0')
746 arg = strdelim(&cp);
747 if (!arg || !*arg || *arg == '#')
748 return 0;
749 intptr = NULL;
750 charptr = NULL;
751 opcode = parse_token(arg, filename, linenum, &flags);
752
753 if (activep == NULL) { /* We are processing a command line directive */
754 cmdline = 1;
755 activep = &cmdline;
756 }
757 if (*activep && opcode != sMatch)
758 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
759 if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
760 if (user == NULL) {
761 fatal("%s line %d: Directive '%s' is not allowed "
762 "within a Match block", filename, linenum, arg);
763 } else { /* this is a directive we have already processed */
764 while (arg)
765 arg = strdelim(&cp);
766 return 0;
767 }
768 }
769
770 switch (opcode) {
771 /* Portable-specific options */
772 case sPAMAuthenticationViaKbdInt:
773 log("%s line %d: PAMAuthenticationViaKbdInt has been "
774 "deprecated. You should use KbdInteractiveAuthentication "
775 "instead (which defaults to \"yes\").", filename, linenum);
776 intptr = &options->pam_authentication_via_kbd_int;
777 goto parse_flag;
778
779 /* Standard Options */
780 case sBadOption:
781 return -1;
782 case sPort:
783 /* ignore ports from configfile if cmdline specifies ports */
784 if (options->ports_from_cmdline)
785 return 0;
786 if (options->listen_addrs != NULL)
787 fatal("%s line %d: ports must be specified before "
788 "ListenAddress.", filename, linenum);
789 if (options->num_ports >= MAX_PORTS)
790 fatal("%s line %d: too many ports.",
791 filename, linenum);
792 arg = strdelim(&cp);
793 if (!arg || *arg == '\0')
794 fatal("%s line %d: missing port number.",
795 filename, linenum);
796 options->ports[options->num_ports++] = a2port(arg);
797 if (options->ports[options->num_ports-1] == 0)
798 fatal("%s line %d: Badly formatted port number.",
799 filename, linenum);
800 break;
801
802 case sServerKeyBits:
803 intptr = &options->server_key_bits;
804 parse_int:
805 arg = strdelim(&cp);
806 if (!arg || *arg == '\0')
807 fatal("%s line %d: missing integer value.",
808 filename, linenum);
809 value = atoi(arg);
810 if (*activep && *intptr == -1)
811 *intptr = value;
812 break;
813
814 case sLoginGraceTime:
815 intptr = &options->login_grace_time;
816 parse_time:
817 arg = strdelim(&cp);
818 if (!arg || *arg == '\0')
819 fatal("%s line %d: missing time value.",
820 filename, linenum);
821 if ((value = convtime(arg)) == -1)
822 fatal("%s line %d: invalid time value.",
823 filename, linenum);
824 if (*intptr == -1)
825 *intptr = value;
826 break;
827
828 case sKeyRegenerationTime:
829 intptr = &options->key_regeneration_time;
830 goto parse_time;
831
832 case sListenAddress:
833 arg = strdelim(&cp);
834 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
835 fatal("%s line %d: missing inet addr.",
836 filename, linenum);
837 if (*arg == '[') {
838 if ((p = strchr(arg, ']')) == NULL)
839 fatal("%s line %d: bad ipv6 inet addr usage.",
840 filename, linenum);
841 arg++;
842 (void) memmove(p, p+1, strlen(p+1)+1);
843 } else if (((p = strchr(arg, ':')) == NULL) ||
844 (strchr(p+1, ':') != NULL)) {
845 add_listen_addr(options, arg, 0);
846 break;
847 }
848 if (*p == ':') {
849 u_short port;
850
851 p++;
852 if (*p == '\0')
853 fatal("%s line %d: bad inet addr:port usage.",
854 filename, linenum);
855 else {
856 *(p-1) = '\0';
857 if ((port = a2port(p)) == 0)
858 fatal("%s line %d: bad port number.",
859 filename, linenum);
860 add_listen_addr(options, arg, port);
861 }
862 } else if (*p == '\0')
863 add_listen_addr(options, arg, 0);
864 else
865 fatal("%s line %d: bad inet addr usage.",
866 filename, linenum);
867 break;
868
869 case sHostKeyFile:
870 intptr = &options->num_host_key_files;
871 if (*intptr >= MAX_HOSTKEYS)
872 fatal("%s line %d: too many host keys specified (max %d).",
873 filename, linenum, MAX_HOSTKEYS);
874 charptr = &options->host_key_files[*intptr];
875 parse_filename:
876 arg = strdelim(&cp);
877 if (!arg || *arg == '\0')
878 fatal("%s line %d: missing file name.",
879 filename, linenum);
880 if (*activep && *charptr == NULL) {
881 *charptr = tilde_expand_filename(arg, getuid());
882 /* increase optional counter */
883 if (intptr != NULL)
884 *intptr = *intptr + 1;
885 }
886 break;
887
888 case sPidFile:
889 charptr = &options->pid_file;
890 goto parse_filename;
891
892 case sPermitRootLogin:
893 intptr = &options->permit_root_login;
894 arg = strdelim(&cp);
895 if (!arg || *arg == '\0')
896 fatal("%s line %d: missing yes/"
897 "without-password/forced-commands-only/no "
898 "argument.", filename, linenum);
899 value = 0; /* silence compiler */
900 if (strcmp(arg, "without-password") == 0)
901 value = PERMIT_NO_PASSWD;
902 else if (strcmp(arg, "forced-commands-only") == 0)
903 value = PERMIT_FORCED_ONLY;
904 else if (strcmp(arg, "yes") == 0)
905 value = PERMIT_YES;
906 else if (strcmp(arg, "no") == 0)
907 value = PERMIT_NO;
908 else
909 fatal("%s line %d: Bad yes/"
910 "without-password/forced-commands-only/no "
911 "argument: %s", filename, linenum, arg);
912 if (*activep && *intptr == -1)
913 *intptr = value;
914 break;
915
916 case sIgnoreRhosts:
917 intptr = &options->ignore_rhosts;
918 parse_flag:
919 arg = strdelim(&cp);
920 if (!arg || *arg == '\0')
921 fatal("%s line %d: missing yes/no argument.",
922 filename, linenum);
923 value = 0; /* silence compiler */
924 if (strcmp(arg, "yes") == 0)
925 value = 1;
926 else if (strcmp(arg, "no") == 0)
927 value = 0;
928 else
929 fatal("%s line %d: Bad yes/no argument: %s",
930 filename, linenum, arg);
931 if (*activep && *intptr == -1)
932 *intptr = value;
933 break;
934
935 case sIgnoreUserKnownHosts:
936 intptr = &options->ignore_user_known_hosts;
937 goto parse_flag;
938
939 case sRhostsAuthentication:
940 intptr = &options->rhosts_authentication;
941 goto parse_flag;
942
943 case sRhostsRSAAuthentication:
944 intptr = &options->rhosts_rsa_authentication;
945 goto parse_flag;
946
947 case sHostbasedAuthentication:
948 intptr = &options->hostbased_authentication;
949 goto parse_flag;
950
951 case sHostbasedUsesNameFromPacketOnly:
952 intptr = &options->hostbased_uses_name_from_packet_only;
953 goto parse_flag;
954
955 case sRSAAuthentication:
956 intptr = &options->rsa_authentication;
957 goto parse_flag;
958
959 case sPubkeyAuthentication:
960 intptr = &options->pubkey_authentication;
961 goto parse_flag;
962 #ifdef GSSAPI
963 case sGssAuthentication:
964 intptr = &options->gss_authentication;
965 goto parse_flag;
966 case sGssKeyEx:
967 intptr = &options->gss_keyex;
968 goto parse_flag;
969 case sGssStoreDelegCreds:
970 intptr = &options->gss_keyex;
971 goto parse_flag;
972 #ifndef SUNW_GSSAPI
973 case sGssUseSessionCredCache:
974 intptr = &options->gss_use_session_ccache;
975 goto parse_flag;
976 case sGssCleanupCreds:
977 intptr = &options->gss_cleanup_creds;
978 goto parse_flag;
979 #endif /* SUNW_GSSAPI */
980 #endif /* GSSAPI */
981 #if defined(KRB4) || defined(KRB5)
982 case sKerberosAuthentication:
983 intptr = &options->kerberos_authentication;
984 goto parse_flag;
985
986 case sKerberosOrLocalPasswd:
987 intptr = &options->kerberos_or_local_passwd;
988 goto parse_flag;
989
990 case sKerberosTicketCleanup:
991 intptr = &options->kerberos_ticket_cleanup;
992 goto parse_flag;
993 #endif
994 #if defined(AFS) || defined(KRB5)
995 case sKerberosTgtPassing:
996 intptr = &options->kerberos_tgt_passing;
997 goto parse_flag;
998 #endif
999 #ifdef AFS
1000 case sAFSTokenPassing:
1001 intptr = &options->afs_token_passing;
1002 goto parse_flag;
1003 #endif
1004
1005 case sPasswordAuthentication:
1006 intptr = &options->password_authentication;
1007 goto parse_flag;
1008
1009 case sKbdInteractiveAuthentication:
1010 intptr = &options->kbd_interactive_authentication;
1011 goto parse_flag;
1012
1013 case sChallengeResponseAuthentication:
1014 intptr = &options->challenge_response_authentication;
1015 goto parse_flag;
1016
1017 case sPrintMotd:
1018 intptr = &options->print_motd;
1019 goto parse_flag;
1020
1021 case sPrintLastLog:
1022 intptr = &options->print_lastlog;
1023 goto parse_flag;
1024
1025 case sX11Forwarding:
1026 intptr = &options->x11_forwarding;
1027 goto parse_flag;
1028
1029 case sX11DisplayOffset:
1030 intptr = &options->x11_display_offset;
1031 goto parse_int;
1032
1033 case sX11UseLocalhost:
1034 intptr = &options->x11_use_localhost;
1035 goto parse_flag;
1036
1037 case sXAuthLocation:
1038 charptr = &options->xauth_location;
1039 goto parse_filename;
1040
1041 case sStrictModes:
1042 intptr = &options->strict_modes;
1043 goto parse_flag;
1044
1045 case sKeepAlives:
1046 intptr = &options->keepalives;
1047 goto parse_flag;
1048
1049 case sEmptyPasswd:
1050 intptr = &options->permit_empty_passwd;
1051 goto parse_flag;
1052
1053 case sPermitUserEnvironment:
1054 intptr = &options->permit_user_env;
1055 goto parse_flag;
1056
1057 case sUseLogin:
1058 log("%s line %d: ignoring UseLogin option value."
1059 " This option is always off.", filename, linenum);
1060 while (arg)
1061 arg = strdelim(&cp);
1062 break;
1063
1064 case sCompression:
1065 intptr = &options->compression;
1066 goto parse_flag;
1067
1068 case sGatewayPorts:
1069 intptr = &options->gateway_ports;
1070 arg = strdelim(&cp);
1071 if (!arg || *arg == '\0')
1072 fatal("%s line %d: missing yes/no/clientspecified "
1073 "argument.", filename, linenum);
1074 value = 0; /* silence compiler */
1075 if (strcmp(arg, "clientspecified") == 0)
1076 value = 2;
1077 else if (strcmp(arg, "yes") == 0)
1078 value = 1;
1079 else if (strcmp(arg, "no") == 0)
1080 value = 0;
1081 else
1082 fatal("%s line %d: Bad yes/no/clientspecified "
1083 "argument: %s", filename, linenum, arg);
1084 if (*activep && *intptr == -1)
1085 *intptr = value;
1086 break;
1087
1088 case sVerifyReverseMapping:
1089 intptr = &options->verify_reverse_mapping;
1090 goto parse_flag;
1091
1092 case sLogFacility:
1093 intptr = (int *) &options->log_facility;
1094 arg = strdelim(&cp);
1095 value = log_facility_number(arg);
1096 if (value == SYSLOG_FACILITY_NOT_SET)
1097 fatal("%.200s line %d: unsupported log facility '%s'",
1098 filename, linenum, arg ? arg : "<NONE>");
1099 if (*intptr == -1)
1100 *intptr = (SyslogFacility) value;
1101 break;
1102
1103 case sLogLevel:
1104 intptr = (int *) &options->log_level;
1105 arg = strdelim(&cp);
1106 value = log_level_number(arg);
1107 if (value == SYSLOG_LEVEL_NOT_SET)
1108 fatal("%.200s line %d: unsupported log level '%s'",
1109 filename, linenum, arg ? arg : "<NONE>");
1110 if (*intptr == -1)
1111 *intptr = (LogLevel) value;
1112 break;
1113
1114 case sAllowTcpForwarding:
1115 intptr = &options->allow_tcp_forwarding;
1116 goto parse_flag;
1117
1118 case sUsePrivilegeSeparation:
1119 log("%s line %d: ignoring UsePrivilegeSeparation option value."
1120 " This option is always on.", filename, linenum);
1121 while (arg)
1122 arg = strdelim(&cp);
1123 break;
1124
1125 case sAllowUsers:
1126 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1127 if (options->num_allow_users >= MAX_ALLOW_USERS)
1128 fatal("%s line %d: too many allow users.",
1129 filename, linenum);
1130 options->allow_users[options->num_allow_users++] =
1131 xstrdup(arg);
1132 }
1133 break;
1134
1135 case sDenyUsers:
1136 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1137 if (options->num_deny_users >= MAX_DENY_USERS)
1138 fatal( "%s line %d: too many deny users.",
1139 filename, linenum);
1140 options->deny_users[options->num_deny_users++] =
1141 xstrdup(arg);
1142 }
1143 break;
1144
1145 case sAllowGroups:
1146 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1147 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
1148 fatal("%s line %d: too many allow groups.",
1149 filename, linenum);
1150 options->allow_groups[options->num_allow_groups++] =
1151 xstrdup(arg);
1152 }
1153 break;
1154
1155 case sDenyGroups:
1156 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1157 if (options->num_deny_groups >= MAX_DENY_GROUPS)
1158 fatal("%s line %d: too many deny groups.",
1159 filename, linenum);
1160 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
1161 }
1162 break;
1163
1164 case sCiphers:
1165 arg = strdelim(&cp);
1166 if (!arg || *arg == '\0')
1167 fatal("%s line %d: Missing argument.", filename, linenum);
1168 if (!ciphers_valid(arg))
1169 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1170 filename, linenum, arg ? arg : "<NONE>");
1171 if (options->ciphers == NULL)
1172 options->ciphers = xstrdup(arg);
1173 break;
1174
1175 case sMacs:
1176 arg = strdelim(&cp);
1177 if (!arg || *arg == '\0')
1178 fatal("%s line %d: Missing argument.", filename, linenum);
1179 if (!mac_valid(arg))
1180 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1181 filename, linenum, arg ? arg : "<NONE>");
1182 if (options->macs == NULL)
1183 options->macs = xstrdup(arg);
1184 break;
1185
1186 case sProtocol:
1187 intptr = &options->protocol;
1188 arg = strdelim(&cp);
1189 if (!arg || *arg == '\0')
1190 fatal("%s line %d: Missing argument.", filename, linenum);
1191 value = proto_spec(arg);
1192 if (value == SSH_PROTO_UNKNOWN)
1193 fatal("%s line %d: Bad protocol spec '%s'.",
1194 filename, linenum, arg ? arg : "<NONE>");
1195 if (*intptr == SSH_PROTO_UNKNOWN)
1196 *intptr = value;
1197 break;
1198
1199 case sSubsystem:
1200 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1201 fatal("%s line %d: too many subsystems defined.",
1202 filename, linenum);
1203 }
1204 arg = strdelim(&cp);
1205 if (!arg || *arg == '\0')
1206 fatal("%s line %d: Missing subsystem name.",
1207 filename, linenum);
1208 if (!*activep) {
1209 arg = strdelim(&cp);
1210 break;
1211 }
1212 for (i = 0; i < options->num_subsystems; i++)
1213 if (strcmp(arg, options->subsystem_name[i]) == 0)
1214 fatal("%s line %d: Subsystem '%s' already defined.",
1215 filename, linenum, arg);
1216 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1217 arg = strdelim(&cp);
1218 if (!arg || *arg == '\0')
1219 fatal("%s line %d: Missing subsystem command.",
1220 filename, linenum);
1221 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1222
1223 /*
1224 * Collect arguments (separate to executable), including the
1225 * name of the executable, in a way that is easier to parse
1226 * later.
1227 */
1228 p = xstrdup(arg);
1229 len = strlen(p) + 1;
1230 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1231 len += 1 + strlen(arg);
1232 p = xrealloc(p, len);
1233 strlcat(p, " ", len);
1234 strlcat(p, arg, len);
1235 }
1236 options->subsystem_args[options->num_subsystems] = p;
1237 options->num_subsystems++;
1238 break;
1239
1240 case sMaxStartups:
1241 arg = strdelim(&cp);
1242 if (!arg || *arg == '\0')
1243 fatal("%s line %d: Missing MaxStartups spec.",
1244 filename, linenum);
1245 if ((n = sscanf(arg, "%d:%d:%d",
1246 &options->max_startups_begin,
1247 &options->max_startups_rate,
1248 &options->max_startups)) == 3) {
1249 if (options->max_startups_begin >
1250 options->max_startups ||
1251 options->max_startups_rate > 100 ||
1252 options->max_startups_rate < 1)
1253 fatal("%s line %d: Illegal MaxStartups spec.",
1254 filename, linenum);
1255 } else if (n != 1)
1256 fatal("%s line %d: Illegal MaxStartups spec.",
1257 filename, linenum);
1258 else
1259 options->max_startups = options->max_startups_begin;
1260 break;
1261
1262 case sBanner:
1263 charptr = &options->banner;
1264 goto parse_filename;
1265 /*
1266 * These options can contain %X options expanded at
1267 * connect time, so that you can specify paths like:
1268 *
1269 * AuthorizedKeysFile /etc/ssh_keys/%u
1270 */
1271 case sAuthorizedKeysFile:
1272 case sAuthorizedKeysFile2:
1273 charptr = (opcode == sAuthorizedKeysFile) ?
1274 &options->authorized_keys_file :
1275 &options->authorized_keys_file2;
1276 goto parse_filename;
1277
1278 case sClientAliveInterval:
1279 intptr = &options->client_alive_interval;
1280 goto parse_time;
1281
1282 case sClientAliveCountMax:
1283 intptr = &options->client_alive_count_max;
1284 goto parse_int;
1285
1286 case sMaxAuthTries:
1287 intptr = &options->max_auth_tries;
1288 goto parse_int;
1289
1290 case sMaxAuthTriesLog:
1291 intptr = &options->max_auth_tries_log;
1292 goto parse_int;
1293
1294 case sLookupClientHostnames:
1295 intptr = &options->lookup_client_hostnames;
1296 goto parse_flag;
1297
1298 case sUseOpenSSLEngine:
1299 intptr = &options->use_openssl_engine;
1300 goto parse_flag;
1301
1302 case sChrootDirectory:
1303 charptr = &options->chroot_directory;
1304
1305 arg = strdelim(&cp);
1306 if (arg == NULL || *arg == '\0')
1307 fatal("%s line %d: missing directory name for "
1308 "ChrootDirectory.", filename, linenum);
1309 if (*activep && *charptr == NULL)
1310 *charptr = xstrdup(arg);
1311 break;
1312
1313 case sPreUserauthHook:
1314 charptr = &options->pre_userauth_hook;
1315 goto parse_filename;
1316
1317 case sMatch:
1318 if (cmdline)
1319 fatal("Match directive not supported as a command-line "
1320 "option");
1321 value = match_cfg_line(&cp, linenum, user, host, address);
1322 if (value < 0)
1323 fatal("%s line %d: Bad Match condition", filename,
1324 linenum);
1325 *activep = value;
1326 break;
1327
1328 case sDeprecated:
1329 log("%s line %d: Deprecated option %s",
1330 filename, linenum, arg);
1331 while (arg)
1332 arg = strdelim(&cp);
1333 break;
1334
1335 case sPAMServicePrefix:
1336 arg = strdelim(&cp);
1337 if (!arg || *arg == '\0')
1338 fatal("%s line %d: Missing argument.",
1339 filename, linenum);
1340 if (options->pam_service_name != NULL)
1341 fatal("%s line %d: PAMServiceName and PAMServicePrefix "
1342 "are mutually exclusive.", filename, linenum);
1343 if (options->pam_service_prefix == NULL)
1344 options->pam_service_prefix = xstrdup(arg);
1345 break;
1346
1347 case sPAMServiceName:
1348 arg = strdelim(&cp);
1349 if (!arg || *arg == '\0')
1350 fatal("%s line %d: Missing argument.",
1351 filename, linenum);
1352 if (options->pam_service_prefix != NULL)
1353 fatal("%s line %d: PAMServiceName and PAMServicePrefix "
1354 "are mutually exclusive.", filename, linenum);
1355 if (options->pam_service_name == NULL)
1356 options->pam_service_name = xstrdup(arg);
1357 break;
1358
1359 default:
1360 fatal("%s line %d: Missing handler for opcode %s (%d)",
1361 filename, linenum, arg, opcode);
1362 }
1363 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1364 fatal("%s line %d: garbage at end of line; \"%.200s\".",
1365 filename, linenum, arg);
1366 return 0;
1367 }
1368
1369
1370 /* Reads the server configuration file. */
1371
1372 void
load_server_config(const char * filename,Buffer * conf)1373 load_server_config(const char *filename, Buffer *conf)
1374 {
1375 char line[1024], *cp;
1376 FILE *f;
1377
1378 debug2("%s: filename %s", __func__, filename);
1379 if ((f = fopen(filename, "r")) == NULL) {
1380 perror(filename);
1381 exit(1);
1382 }
1383 buffer_clear(conf);
1384 while (fgets(line, sizeof(line), f)) {
1385 /*
1386 * Trim out comments and strip whitespace
1387 * NB - preserve newlines, they are needed to reproduce
1388 * line numbers later for error messages
1389 */
1390 if ((cp = strchr(line, '#')) != NULL)
1391 memcpy(cp, "\n", 2);
1392 cp = line + strspn(line, " \t\r");
1393
1394 buffer_append(conf, cp, strlen(cp));
1395 }
1396 buffer_append(conf, "\0", 1);
1397 fclose(f);
1398 debug2("%s: done config len = %d", __func__, buffer_len(conf));
1399 }
1400
1401 void
parse_server_match_config(ServerOptions * options,const char * user,const char * host,const char * address)1402 parse_server_match_config(ServerOptions *options, const char *user,
1403 const char *host, const char *address)
1404 {
1405 ServerOptions mo;
1406
1407 initialize_server_options(&mo);
1408 parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
1409 copy_set_server_options(options, &mo, 0);
1410 }
1411
1412
1413
1414 /* Helper macros */
1415 #define M_CP_INTOPT(n) do {\
1416 if (src->n != -1) \
1417 dst->n = src->n; \
1418 } while (0)
1419 #define M_CP_STROPT(n) do {\
1420 if (src->n != NULL) { \
1421 if (dst->n != NULL) \
1422 xfree(dst->n); \
1423 dst->n = src->n; \
1424 } \
1425 } while(0)
1426
1427 /*
1428 * Copy any supported values that are set.
1429 *
1430 * If the preauth flag is set, we do not bother copying the the string or
1431 * array values that are not used pre-authentication, because any that we
1432 * do use must be explictly sent in mm_getpwnamallow().
1433 */
1434 void
copy_set_server_options(ServerOptions * dst,ServerOptions * src,int preauth)1435 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1436 {
1437 M_CP_INTOPT(password_authentication);
1438 M_CP_INTOPT(gss_authentication);
1439 M_CP_INTOPT(rsa_authentication);
1440 M_CP_INTOPT(pubkey_authentication);
1441 M_CP_INTOPT(hostbased_authentication);
1442 M_CP_INTOPT(kbd_interactive_authentication);
1443 M_CP_INTOPT(permit_root_login);
1444 M_CP_INTOPT(permit_empty_passwd);
1445 M_CP_INTOPT(allow_tcp_forwarding);
1446 M_CP_INTOPT(gateway_ports);
1447 M_CP_INTOPT(x11_display_offset);
1448 M_CP_INTOPT(x11_forwarding);
1449 M_CP_INTOPT(x11_use_localhost);
1450 M_CP_INTOPT(max_auth_tries);
1451 M_CP_STROPT(banner);
1452
1453 if (preauth)
1454 return;
1455 M_CP_STROPT(chroot_directory);
1456 }
1457
1458 #undef M_CP_INTOPT
1459 #undef M_CP_STROPT
1460
1461 void
parse_server_config(ServerOptions * options,const char * filename,Buffer * conf,const char * user,const char * host,const char * address)1462 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
1463 const char *user, const char *host, const char *address)
1464 {
1465 int active, linenum, bad_options = 0;
1466 char *cp, *obuf, *cbuf;
1467
1468 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf));
1469
1470 obuf = cbuf = xstrdup(buffer_ptr(conf));
1471 active = user ? 0 : 1;
1472 linenum = 1;
1473 while ((cp = strsep(&cbuf, "\n")) != NULL) {
1474 if (process_server_config_line(options, cp, filename,
1475 linenum++, &active, user, host, address) != 0)
1476 bad_options++;
1477 }
1478 xfree(obuf);
1479 if (bad_options > 0)
1480 fatal("%s: terminating, %d bad configuration options",
1481 filename, bad_options);
1482 }
1483
1484
1485 /*
1486 * Note that "none" is a special path having the same affect on sshd
1487 * configuration as not specifying ChrootDirectory at all.
1488 */
1489 int
chroot_requested(char * chroot_directory)1490 chroot_requested(char *chroot_directory)
1491 {
1492 return (chroot_directory != NULL &&
1493 strcasecmp(chroot_directory, "none") != 0);
1494 }
1495