1 2 /* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include "includes.h" 15 __RCSID("$FreeBSD$"); 16 17 #include <sys/types.h> 18 #include <sys/socket.h> 19 20 #include <netinet/in.h> 21 #include <netinet/in_systm.h> 22 #include <netinet/ip.h> 23 24 #include <ctype.h> 25 #include <fcntl.h> 26 #include <netdb.h> 27 #include <pwd.h> 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <string.h> 31 #include <signal.h> 32 #include <unistd.h> 33 #include <limits.h> 34 #include <stdarg.h> 35 #include <errno.h> 36 #ifdef HAVE_UTIL_H 37 #include <util.h> 38 #endif 39 40 #include "openbsd-compat/sys-queue.h" 41 #include "xmalloc.h" 42 #include "ssh.h" 43 #include "log.h" 44 #include "buffer.h" 45 #include "misc.h" 46 #include "servconf.h" 47 #include "compat.h" 48 #include "pathnames.h" 49 #include "cipher.h" 50 #include "key.h" 51 #include "kex.h" 52 #include "mac.h" 53 #include "match.h" 54 #include "channels.h" 55 #include "groupaccess.h" 56 #include "canohost.h" 57 #include "packet.h" 58 #include "hostfile.h" 59 #include "auth.h" 60 #include "myproposal.h" 61 #include "digest.h" 62 #include "version.h" 63 64 static void add_listen_addr(ServerOptions *, char *, int); 65 static void add_one_listen_addr(ServerOptions *, char *, int); 66 67 /* Use of privilege separation or not */ 68 extern int use_privsep; 69 extern Buffer cfg; 70 71 /* Initializes the server options to their default values. */ 72 73 void 74 initialize_server_options(ServerOptions *options) 75 { 76 memset(options, 0, sizeof(*options)); 77 78 /* Portable-specific options */ 79 options->use_pam = -1; 80 81 /* Standard Options */ 82 options->num_ports = 0; 83 options->ports_from_cmdline = 0; 84 options->queued_listen_addrs = NULL; 85 options->num_queued_listens = 0; 86 options->listen_addrs = NULL; 87 options->address_family = -1; 88 options->num_host_key_files = 0; 89 options->num_host_cert_files = 0; 90 options->host_key_agent = NULL; 91 options->pid_file = NULL; 92 options->login_grace_time = -1; 93 options->permit_root_login = PERMIT_NOT_SET; 94 options->ignore_rhosts = -1; 95 options->ignore_user_known_hosts = -1; 96 options->print_motd = -1; 97 options->print_lastlog = -1; 98 options->x11_forwarding = -1; 99 options->x11_display_offset = -1; 100 options->x11_use_localhost = -1; 101 options->permit_tty = -1; 102 options->permit_user_rc = -1; 103 options->xauth_location = NULL; 104 options->strict_modes = -1; 105 options->tcp_keep_alive = -1; 106 options->log_facility = SYSLOG_FACILITY_NOT_SET; 107 options->log_level = SYSLOG_LEVEL_NOT_SET; 108 options->hostbased_authentication = -1; 109 options->hostbased_uses_name_from_packet_only = -1; 110 options->hostbased_key_types = NULL; 111 options->hostkeyalgorithms = NULL; 112 options->pubkey_authentication = -1; 113 options->pubkey_key_types = NULL; 114 options->kerberos_authentication = -1; 115 options->kerberos_or_local_passwd = -1; 116 options->kerberos_ticket_cleanup = -1; 117 options->kerberos_get_afs_token = -1; 118 options->gss_authentication=-1; 119 options->gss_cleanup_creds = -1; 120 options->gss_strict_acceptor = -1; 121 options->password_authentication = -1; 122 options->kbd_interactive_authentication = -1; 123 options->challenge_response_authentication = -1; 124 options->permit_empty_passwd = -1; 125 options->permit_user_env = -1; 126 options->compression = -1; 127 options->rekey_limit = -1; 128 options->rekey_interval = -1; 129 options->allow_tcp_forwarding = -1; 130 options->allow_streamlocal_forwarding = -1; 131 options->allow_agent_forwarding = -1; 132 options->num_allow_users = 0; 133 options->num_deny_users = 0; 134 options->num_allow_groups = 0; 135 options->num_deny_groups = 0; 136 options->ciphers = NULL; 137 options->macs = NULL; 138 options->kex_algorithms = NULL; 139 options->fwd_opts.gateway_ports = -1; 140 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 141 options->fwd_opts.streamlocal_bind_unlink = -1; 142 options->num_subsystems = 0; 143 options->max_startups_begin = -1; 144 options->max_startups_rate = -1; 145 options->max_startups = -1; 146 options->max_authtries = -1; 147 options->max_sessions = -1; 148 options->banner = NULL; 149 options->use_dns = -1; 150 options->client_alive_interval = -1; 151 options->client_alive_count_max = -1; 152 options->num_authkeys_files = 0; 153 options->num_accept_env = 0; 154 options->permit_tun = -1; 155 options->num_permitted_opens = -1; 156 options->adm_forced_command = NULL; 157 options->chroot_directory = NULL; 158 options->authorized_keys_command = NULL; 159 options->authorized_keys_command_user = NULL; 160 options->revoked_keys_file = NULL; 161 options->trusted_user_ca_keys = NULL; 162 options->authorized_principals_file = NULL; 163 options->authorized_principals_command = NULL; 164 options->authorized_principals_command_user = NULL; 165 options->ip_qos_interactive = -1; 166 options->ip_qos_bulk = -1; 167 options->version_addendum = NULL; 168 options->fingerprint_hash = -1; 169 options->disable_forwarding = -1; 170 options->use_blacklist = -1; 171 } 172 173 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 174 static int 175 option_clear_or_none(const char *o) 176 { 177 return o == NULL || strcasecmp(o, "none") == 0; 178 } 179 180 static void 181 assemble_algorithms(ServerOptions *o) 182 { 183 if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || 184 kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || 185 kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || 186 kex_assemble_names(KEX_DEFAULT_PK_ALG, 187 &o->hostkeyalgorithms) != 0 || 188 kex_assemble_names(KEX_DEFAULT_PK_ALG, 189 &o->hostbased_key_types) != 0 || 190 kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) 191 fatal("kex_assemble_names failed"); 192 } 193 194 void 195 fill_default_server_options(ServerOptions *options) 196 { 197 int i; 198 199 /* Portable-specific options */ 200 if (options->use_pam == -1) 201 options->use_pam = 1; 202 203 /* Standard Options */ 204 #define add_host_key_file(path) \ 205 do { \ 206 if (access((path), O_RDONLY) == 0) \ 207 options->host_key_files \ 208 [options->num_host_key_files++] = (path); \ 209 } while (0) 210 if (options->num_host_key_files == 0) { 211 /* fill default hostkeys for protocols */ 212 add_host_key_file(_PATH_HOST_RSA_KEY_FILE); 213 add_host_key_file(_PATH_HOST_DSA_KEY_FILE); 214 #ifdef OPENSSL_HAS_ECC 215 add_host_key_file(_PATH_HOST_ECDSA_KEY_FILE); 216 #endif 217 add_host_key_file(_PATH_HOST_ED25519_KEY_FILE); 218 } 219 #undef add_host_key_file 220 if (options->num_host_key_files == 0) 221 fatal("No host key files found"); 222 /* No certificates by default */ 223 if (options->num_ports == 0) 224 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 225 if (options->address_family == -1) 226 options->address_family = AF_UNSPEC; 227 if (options->listen_addrs == NULL) 228 add_listen_addr(options, NULL, 0); 229 if (options->pid_file == NULL) 230 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 231 if (options->login_grace_time == -1) 232 options->login_grace_time = 120; 233 if (options->permit_root_login == PERMIT_NOT_SET) 234 options->permit_root_login = PERMIT_NO; 235 if (options->ignore_rhosts == -1) 236 options->ignore_rhosts = 1; 237 if (options->ignore_user_known_hosts == -1) 238 options->ignore_user_known_hosts = 0; 239 if (options->print_motd == -1) 240 options->print_motd = 1; 241 if (options->print_lastlog == -1) 242 options->print_lastlog = 1; 243 if (options->x11_forwarding == -1) 244 options->x11_forwarding = 1; 245 if (options->x11_display_offset == -1) 246 options->x11_display_offset = 10; 247 if (options->x11_use_localhost == -1) 248 options->x11_use_localhost = 1; 249 if (options->xauth_location == NULL) 250 options->xauth_location = xstrdup(_PATH_XAUTH); 251 if (options->permit_tty == -1) 252 options->permit_tty = 1; 253 if (options->permit_user_rc == -1) 254 options->permit_user_rc = 1; 255 if (options->strict_modes == -1) 256 options->strict_modes = 1; 257 if (options->tcp_keep_alive == -1) 258 options->tcp_keep_alive = 1; 259 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 260 options->log_facility = SYSLOG_FACILITY_AUTH; 261 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 262 options->log_level = SYSLOG_LEVEL_INFO; 263 if (options->hostbased_authentication == -1) 264 options->hostbased_authentication = 0; 265 if (options->hostbased_uses_name_from_packet_only == -1) 266 options->hostbased_uses_name_from_packet_only = 0; 267 if (options->pubkey_authentication == -1) 268 options->pubkey_authentication = 1; 269 if (options->kerberos_authentication == -1) 270 options->kerberos_authentication = 0; 271 if (options->kerberos_or_local_passwd == -1) 272 options->kerberos_or_local_passwd = 1; 273 if (options->kerberos_ticket_cleanup == -1) 274 options->kerberos_ticket_cleanup = 1; 275 if (options->kerberos_get_afs_token == -1) 276 options->kerberos_get_afs_token = 0; 277 if (options->gss_authentication == -1) 278 options->gss_authentication = 0; 279 if (options->gss_cleanup_creds == -1) 280 options->gss_cleanup_creds = 1; 281 if (options->gss_strict_acceptor == -1) 282 options->gss_strict_acceptor = 0; 283 if (options->password_authentication == -1) 284 options->password_authentication = 0; 285 if (options->kbd_interactive_authentication == -1) 286 options->kbd_interactive_authentication = 0; 287 if (options->challenge_response_authentication == -1) 288 options->challenge_response_authentication = 1; 289 if (options->permit_empty_passwd == -1) 290 options->permit_empty_passwd = 0; 291 if (options->permit_user_env == -1) 292 options->permit_user_env = 0; 293 if (options->compression == -1) 294 options->compression = COMP_DELAYED; 295 if (options->rekey_limit == -1) 296 options->rekey_limit = 0; 297 if (options->rekey_interval == -1) 298 options->rekey_interval = 0; 299 if (options->allow_tcp_forwarding == -1) 300 options->allow_tcp_forwarding = FORWARD_ALLOW; 301 if (options->allow_streamlocal_forwarding == -1) 302 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 303 if (options->allow_agent_forwarding == -1) 304 options->allow_agent_forwarding = 1; 305 if (options->fwd_opts.gateway_ports == -1) 306 options->fwd_opts.gateway_ports = 0; 307 if (options->max_startups == -1) 308 options->max_startups = 100; 309 if (options->max_startups_rate == -1) 310 options->max_startups_rate = 30; /* 30% */ 311 if (options->max_startups_begin == -1) 312 options->max_startups_begin = 10; 313 if (options->max_authtries == -1) 314 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 315 if (options->max_sessions == -1) 316 options->max_sessions = DEFAULT_SESSIONS_MAX; 317 if (options->use_dns == -1) 318 options->use_dns = 1; 319 if (options->client_alive_interval == -1) 320 options->client_alive_interval = 0; 321 if (options->client_alive_count_max == -1) 322 options->client_alive_count_max = 3; 323 if (options->num_authkeys_files == 0) { 324 options->authorized_keys_files[options->num_authkeys_files++] = 325 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); 326 options->authorized_keys_files[options->num_authkeys_files++] = 327 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); 328 } 329 if (options->permit_tun == -1) 330 options->permit_tun = SSH_TUNMODE_NO; 331 if (options->ip_qos_interactive == -1) 332 options->ip_qos_interactive = IPTOS_LOWDELAY; 333 if (options->ip_qos_bulk == -1) 334 options->ip_qos_bulk = IPTOS_THROUGHPUT; 335 if (options->version_addendum == NULL) 336 options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); 337 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 338 options->fwd_opts.streamlocal_bind_mask = 0177; 339 if (options->fwd_opts.streamlocal_bind_unlink == -1) 340 options->fwd_opts.streamlocal_bind_unlink = 0; 341 if (options->fingerprint_hash == -1) 342 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 343 if (options->disable_forwarding == -1) 344 options->disable_forwarding = 0; 345 if (options->use_blacklist == -1) 346 options->use_blacklist = 0; 347 348 assemble_algorithms(options); 349 350 /* Turn privilege separation and sandboxing on by default */ 351 if (use_privsep == -1) 352 use_privsep = PRIVSEP_ON; 353 354 #define CLEAR_ON_NONE(v) \ 355 do { \ 356 if (option_clear_or_none(v)) { \ 357 free(v); \ 358 v = NULL; \ 359 } \ 360 } while(0) 361 CLEAR_ON_NONE(options->pid_file); 362 CLEAR_ON_NONE(options->xauth_location); 363 CLEAR_ON_NONE(options->banner); 364 CLEAR_ON_NONE(options->trusted_user_ca_keys); 365 CLEAR_ON_NONE(options->revoked_keys_file); 366 CLEAR_ON_NONE(options->authorized_principals_file); 367 CLEAR_ON_NONE(options->adm_forced_command); 368 CLEAR_ON_NONE(options->chroot_directory); 369 for (i = 0; i < options->num_host_key_files; i++) 370 CLEAR_ON_NONE(options->host_key_files[i]); 371 for (i = 0; i < options->num_host_cert_files; i++) 372 CLEAR_ON_NONE(options->host_cert_files[i]); 373 #undef CLEAR_ON_NONE 374 375 /* Similar handling for AuthenticationMethods=any */ 376 if (options->num_auth_methods == 1 && 377 strcmp(options->auth_methods[0], "any") == 0) { 378 free(options->auth_methods[0]); 379 options->auth_methods[0] = NULL; 380 options->num_auth_methods = 0; 381 } 382 383 #ifndef HAVE_MMAP 384 if (use_privsep && options->compression == 1) { 385 error("This platform does not support both privilege " 386 "separation and compression"); 387 error("Compression disabled"); 388 options->compression = 0; 389 } 390 #endif 391 392 } 393 394 /* Keyword tokens. */ 395 typedef enum { 396 sBadOption, /* == unknown option */ 397 /* Portable-specific options */ 398 sUsePAM, 399 /* Standard Options */ 400 sPort, sHostKeyFile, sLoginGraceTime, 401 sPermitRootLogin, sLogFacility, sLogLevel, 402 sRhostsRSAAuthentication, sRSAAuthentication, 403 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 404 sKerberosGetAFSToken, 405 sKerberosTgtPassing, sChallengeResponseAuthentication, 406 sPasswordAuthentication, sKbdInteractiveAuthentication, 407 sListenAddress, sAddressFamily, 408 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 409 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 410 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 411 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 412 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 413 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, 414 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 415 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 416 sBanner, sUseDNS, sHostbasedAuthentication, 417 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, 418 sHostKeyAlgorithms, 419 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 420 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 421 sAcceptEnv, sPermitTunnel, 422 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 423 sUsePrivilegeSeparation, sAllowAgentForwarding, 424 sHostCertificate, 425 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 426 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 427 sKexAlgorithms, sIPQoS, sVersionAddendum, 428 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 429 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 430 sStreamLocalBindMask, sStreamLocalBindUnlink, 431 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 432 sUseBlacklist, 433 sDeprecated, sIgnore, sUnsupported 434 } ServerOpCodes; 435 436 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 437 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 438 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 439 440 /* Textual representation of the tokens. */ 441 static struct { 442 const char *name; 443 ServerOpCodes opcode; 444 u_int flags; 445 } keywords[] = { 446 /* Portable-specific options */ 447 #ifdef USE_PAM 448 { "usepam", sUsePAM, SSHCFG_GLOBAL }, 449 #else 450 { "usepam", sUnsupported, SSHCFG_GLOBAL }, 451 #endif 452 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, 453 /* Standard Options */ 454 { "port", sPort, SSHCFG_GLOBAL }, 455 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 456 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 457 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 458 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 459 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 460 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 461 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 462 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 463 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 464 { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 465 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 466 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 467 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 468 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 469 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 470 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 471 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 472 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 473 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 474 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 475 #ifdef KRB5 476 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 477 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 478 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 479 #ifdef USE_AFS 480 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 481 #else 482 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 483 #endif 484 #else 485 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 486 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 487 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 488 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 489 #endif 490 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 491 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 492 #ifdef GSSAPI 493 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 494 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 495 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 496 #else 497 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 498 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 499 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 500 #endif 501 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 502 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 503 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 504 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 505 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 506 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 507 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 508 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 509 #ifdef DISABLE_LASTLOG 510 { "printlastlog", sUnsupported, SSHCFG_GLOBAL }, 511 #else 512 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 513 #endif 514 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 515 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 516 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 517 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 518 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 519 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 520 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 521 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 522 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 523 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 524 { "compression", sCompression, SSHCFG_GLOBAL }, 525 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 526 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 527 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 528 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 529 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 530 { "allowusers", sAllowUsers, SSHCFG_ALL }, 531 { "denyusers", sDenyUsers, SSHCFG_ALL }, 532 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 533 { "denygroups", sDenyGroups, SSHCFG_ALL }, 534 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 535 { "macs", sMacs, SSHCFG_GLOBAL }, 536 { "protocol", sIgnore, SSHCFG_GLOBAL }, 537 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 538 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 539 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 540 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 541 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 542 { "banner", sBanner, SSHCFG_ALL }, 543 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 544 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 545 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 546 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 547 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 548 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 549 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 550 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 551 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 552 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 553 { "permittty", sPermitTTY, SSHCFG_ALL }, 554 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 555 { "match", sMatch, SSHCFG_ALL }, 556 { "permitopen", sPermitOpen, SSHCFG_ALL }, 557 { "forcecommand", sForceCommand, SSHCFG_ALL }, 558 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 559 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 560 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 561 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 562 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 563 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 564 { "ipqos", sIPQoS, SSHCFG_ALL }, 565 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 566 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 567 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 568 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 569 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 570 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 571 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 572 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 573 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 574 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 575 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 576 { "useblacklist", sUseBlacklist, SSHCFG_GLOBAL }, 577 { "noneenabled", sUnsupported, SSHCFG_ALL }, 578 { "hpndisabled", sDeprecated, SSHCFG_ALL }, 579 { "hpnbuffersize", sDeprecated, SSHCFG_ALL }, 580 { "tcprcvbufpoll", sDeprecated, SSHCFG_ALL }, 581 { NULL, sBadOption, 0 } 582 }; 583 584 static struct { 585 int val; 586 char *text; 587 } tunmode_desc[] = { 588 { SSH_TUNMODE_NO, "no" }, 589 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 590 { SSH_TUNMODE_ETHERNET, "ethernet" }, 591 { SSH_TUNMODE_YES, "yes" }, 592 { -1, NULL } 593 }; 594 595 /* 596 * Returns the number of the token pointed to by cp or sBadOption. 597 */ 598 599 static ServerOpCodes 600 parse_token(const char *cp, const char *filename, 601 int linenum, u_int *flags) 602 { 603 u_int i; 604 605 for (i = 0; keywords[i].name; i++) 606 if (strcasecmp(cp, keywords[i].name) == 0) { 607 *flags = keywords[i].flags; 608 return keywords[i].opcode; 609 } 610 611 error("%s: line %d: Bad configuration option: %s", 612 filename, linenum, cp); 613 return sBadOption; 614 } 615 616 char * 617 derelativise_path(const char *path) 618 { 619 char *expanded, *ret, cwd[PATH_MAX]; 620 621 if (strcasecmp(path, "none") == 0) 622 return xstrdup("none"); 623 expanded = tilde_expand_filename(path, getuid()); 624 if (*expanded == '/') 625 return expanded; 626 if (getcwd(cwd, sizeof(cwd)) == NULL) 627 fatal("%s: getcwd: %s", __func__, strerror(errno)); 628 xasprintf(&ret, "%s/%s", cwd, expanded); 629 free(expanded); 630 return ret; 631 } 632 633 static void 634 add_listen_addr(ServerOptions *options, char *addr, int port) 635 { 636 u_int i; 637 638 if (port == 0) 639 for (i = 0; i < options->num_ports; i++) 640 add_one_listen_addr(options, addr, options->ports[i]); 641 else 642 add_one_listen_addr(options, addr, port); 643 } 644 645 static void 646 add_one_listen_addr(ServerOptions *options, char *addr, int port) 647 { 648 struct addrinfo hints, *ai, *aitop; 649 char strport[NI_MAXSERV]; 650 int gaierr; 651 652 memset(&hints, 0, sizeof(hints)); 653 hints.ai_family = options->address_family; 654 hints.ai_socktype = SOCK_STREAM; 655 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 656 snprintf(strport, sizeof strport, "%d", port); 657 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 658 fatal("bad addr or host: %s (%s)", 659 addr ? addr : "<NULL>", 660 ssh_gai_strerror(gaierr)); 661 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 662 ; 663 ai->ai_next = options->listen_addrs; 664 options->listen_addrs = aitop; 665 } 666 667 /* 668 * Queue a ListenAddress to be processed once we have all of the Ports 669 * and AddressFamily options. 670 */ 671 static void 672 queue_listen_addr(ServerOptions *options, char *addr, int port) 673 { 674 options->queued_listen_addrs = xreallocarray( 675 options->queued_listen_addrs, options->num_queued_listens + 1, 676 sizeof(addr)); 677 options->queued_listen_ports = xreallocarray( 678 options->queued_listen_ports, options->num_queued_listens + 1, 679 sizeof(port)); 680 options->queued_listen_addrs[options->num_queued_listens] = 681 xstrdup(addr); 682 options->queued_listen_ports[options->num_queued_listens] = port; 683 options->num_queued_listens++; 684 } 685 686 /* 687 * Process queued (text) ListenAddress entries. 688 */ 689 static void 690 process_queued_listen_addrs(ServerOptions *options) 691 { 692 u_int i; 693 694 if (options->num_ports == 0) 695 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 696 if (options->address_family == -1) 697 options->address_family = AF_UNSPEC; 698 699 for (i = 0; i < options->num_queued_listens; i++) { 700 add_listen_addr(options, options->queued_listen_addrs[i], 701 options->queued_listen_ports[i]); 702 free(options->queued_listen_addrs[i]); 703 options->queued_listen_addrs[i] = NULL; 704 } 705 free(options->queued_listen_addrs); 706 options->queued_listen_addrs = NULL; 707 free(options->queued_listen_ports); 708 options->queued_listen_ports = NULL; 709 options->num_queued_listens = 0; 710 } 711 712 struct connection_info * 713 get_connection_info(int populate, int use_dns) 714 { 715 struct ssh *ssh = active_state; /* XXX */ 716 static struct connection_info ci; 717 718 if (!populate) 719 return &ci; 720 ci.host = auth_get_canonical_hostname(ssh, use_dns); 721 ci.address = ssh_remote_ipaddr(ssh); 722 ci.laddress = ssh_local_ipaddr(ssh); 723 ci.lport = ssh_local_port(ssh); 724 return &ci; 725 } 726 727 /* 728 * The strategy for the Match blocks is that the config file is parsed twice. 729 * 730 * The first time is at startup. activep is initialized to 1 and the 731 * directives in the global context are processed and acted on. Hitting a 732 * Match directive unsets activep and the directives inside the block are 733 * checked for syntax only. 734 * 735 * The second time is after a connection has been established but before 736 * authentication. activep is initialized to 2 and global config directives 737 * are ignored since they have already been processed. If the criteria in a 738 * Match block is met, activep is set and the subsequent directives 739 * processed and actioned until EOF or another Match block unsets it. Any 740 * options set are copied into the main server config. 741 * 742 * Potential additions/improvements: 743 * - Add Match support for pre-kex directives, eg. Ciphers. 744 * 745 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 746 * Match Address 192.168.0.* 747 * Tag trusted 748 * Match Group wheel 749 * Tag trusted 750 * Match Tag trusted 751 * AllowTcpForwarding yes 752 * GatewayPorts clientspecified 753 * [...] 754 * 755 * - Add a PermittedChannelRequests directive 756 * Match Group shell 757 * PermittedChannelRequests session,forwarded-tcpip 758 */ 759 760 static int 761 match_cfg_line_group(const char *grps, int line, const char *user) 762 { 763 int result = 0; 764 struct passwd *pw; 765 766 if (user == NULL) 767 goto out; 768 769 if ((pw = getpwnam(user)) == NULL) { 770 debug("Can't match group at line %d because user %.100s does " 771 "not exist", line, user); 772 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 773 debug("Can't Match group because user %.100s not in any group " 774 "at line %d", user, line); 775 } else if (ga_match_pattern_list(grps) != 1) { 776 debug("user %.100s does not match group list %.100s at line %d", 777 user, grps, line); 778 } else { 779 debug("user %.100s matched group list %.100s at line %d", user, 780 grps, line); 781 result = 1; 782 } 783 out: 784 ga_free(); 785 return result; 786 } 787 788 /* 789 * All of the attributes on a single Match line are ANDed together, so we need 790 * to check every attribute and set the result to zero if any attribute does 791 * not match. 792 */ 793 static int 794 match_cfg_line(char **condition, int line, struct connection_info *ci) 795 { 796 int result = 1, attributes = 0, port; 797 char *arg, *attrib, *cp = *condition; 798 799 if (ci == NULL) 800 debug3("checking syntax for 'Match %s'", cp); 801 else 802 debug3("checking match for '%s' user %s host %s addr %s " 803 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 804 ci->host ? ci->host : "(null)", 805 ci->address ? ci->address : "(null)", 806 ci->laddress ? ci->laddress : "(null)", ci->lport); 807 808 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 809 attributes++; 810 if (strcasecmp(attrib, "all") == 0) { 811 if (attributes != 1 || 812 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 813 error("'all' cannot be combined with other " 814 "Match attributes"); 815 return -1; 816 } 817 *condition = cp; 818 return 1; 819 } 820 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 821 error("Missing Match criteria for %s", attrib); 822 return -1; 823 } 824 if (strcasecmp(attrib, "user") == 0) { 825 if (ci == NULL || ci->user == NULL) { 826 result = 0; 827 continue; 828 } 829 if (match_pattern_list(ci->user, arg, 0) != 1) 830 result = 0; 831 else 832 debug("user %.100s matched 'User %.100s' at " 833 "line %d", ci->user, arg, line); 834 } else if (strcasecmp(attrib, "group") == 0) { 835 if (ci == NULL || ci->user == NULL) { 836 result = 0; 837 continue; 838 } 839 switch (match_cfg_line_group(arg, line, ci->user)) { 840 case -1: 841 return -1; 842 case 0: 843 result = 0; 844 } 845 } else if (strcasecmp(attrib, "host") == 0) { 846 if (ci == NULL || ci->host == NULL) { 847 result = 0; 848 continue; 849 } 850 if (match_hostname(ci->host, arg) != 1) 851 result = 0; 852 else 853 debug("connection from %.100s matched 'Host " 854 "%.100s' at line %d", ci->host, arg, line); 855 } else if (strcasecmp(attrib, "address") == 0) { 856 if (ci == NULL || ci->address == NULL) { 857 result = 0; 858 continue; 859 } 860 switch (addr_match_list(ci->address, arg)) { 861 case 1: 862 debug("connection from %.100s matched 'Address " 863 "%.100s' at line %d", ci->address, arg, line); 864 break; 865 case 0: 866 case -1: 867 result = 0; 868 break; 869 case -2: 870 return -1; 871 } 872 } else if (strcasecmp(attrib, "localaddress") == 0){ 873 if (ci == NULL || ci->laddress == NULL) { 874 result = 0; 875 continue; 876 } 877 switch (addr_match_list(ci->laddress, arg)) { 878 case 1: 879 debug("connection from %.100s matched " 880 "'LocalAddress %.100s' at line %d", 881 ci->laddress, arg, line); 882 break; 883 case 0: 884 case -1: 885 result = 0; 886 break; 887 case -2: 888 return -1; 889 } 890 } else if (strcasecmp(attrib, "localport") == 0) { 891 if ((port = a2port(arg)) == -1) { 892 error("Invalid LocalPort '%s' on Match line", 893 arg); 894 return -1; 895 } 896 if (ci == NULL || ci->lport == 0) { 897 result = 0; 898 continue; 899 } 900 /* TODO support port lists */ 901 if (port == ci->lport) 902 debug("connection from %.100s matched " 903 "'LocalPort %d' at line %d", 904 ci->laddress, port, line); 905 else 906 result = 0; 907 } else { 908 error("Unsupported Match attribute %s", attrib); 909 return -1; 910 } 911 } 912 if (attributes == 0) { 913 error("One or more attributes required for Match"); 914 return -1; 915 } 916 if (ci != NULL) 917 debug3("match %sfound", result ? "" : "not "); 918 *condition = cp; 919 return result; 920 } 921 922 #define WHITESPACE " \t\r\n" 923 924 /* Multistate option parsing */ 925 struct multistate { 926 char *key; 927 int value; 928 }; 929 static const struct multistate multistate_addressfamily[] = { 930 { "inet", AF_INET }, 931 { "inet6", AF_INET6 }, 932 { "any", AF_UNSPEC }, 933 { NULL, -1 } 934 }; 935 static const struct multistate multistate_permitrootlogin[] = { 936 { "without-password", PERMIT_NO_PASSWD }, 937 { "prohibit-password", PERMIT_NO_PASSWD }, 938 { "forced-commands-only", PERMIT_FORCED_ONLY }, 939 { "yes", PERMIT_YES }, 940 { "no", PERMIT_NO }, 941 { NULL, -1 } 942 }; 943 static const struct multistate multistate_compression[] = { 944 { "yes", COMP_DELAYED }, 945 { "delayed", COMP_DELAYED }, 946 { "no", COMP_NONE }, 947 { NULL, -1 } 948 }; 949 static const struct multistate multistate_gatewayports[] = { 950 { "clientspecified", 2 }, 951 { "yes", 1 }, 952 { "no", 0 }, 953 { NULL, -1 } 954 }; 955 static const struct multistate multistate_privsep[] = { 956 { "yes", PRIVSEP_NOSANDBOX }, 957 { "sandbox", PRIVSEP_ON }, 958 { "nosandbox", PRIVSEP_NOSANDBOX }, 959 { "no", PRIVSEP_OFF }, 960 { NULL, -1 } 961 }; 962 static const struct multistate multistate_tcpfwd[] = { 963 { "yes", FORWARD_ALLOW }, 964 { "all", FORWARD_ALLOW }, 965 { "no", FORWARD_DENY }, 966 { "remote", FORWARD_REMOTE }, 967 { "local", FORWARD_LOCAL }, 968 { NULL, -1 } 969 }; 970 971 int 972 process_server_config_line(ServerOptions *options, char *line, 973 const char *filename, int linenum, int *activep, 974 struct connection_info *connectinfo) 975 { 976 char *cp, **charptr, *arg, *p; 977 int cmdline = 0, *intptr, value, value2, n, port; 978 SyslogFacility *log_facility_ptr; 979 LogLevel *log_level_ptr; 980 ServerOpCodes opcode; 981 u_int i, flags = 0; 982 size_t len; 983 long long val64; 984 const struct multistate *multistate_ptr; 985 986 cp = line; 987 if ((arg = strdelim(&cp)) == NULL) 988 return 0; 989 /* Ignore leading whitespace */ 990 if (*arg == '\0') 991 arg = strdelim(&cp); 992 if (!arg || !*arg || *arg == '#') 993 return 0; 994 intptr = NULL; 995 charptr = NULL; 996 opcode = parse_token(arg, filename, linenum, &flags); 997 998 if (activep == NULL) { /* We are processing a command line directive */ 999 cmdline = 1; 1000 activep = &cmdline; 1001 } 1002 if (*activep && opcode != sMatch) 1003 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 1004 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1005 if (connectinfo == NULL) { 1006 fatal("%s line %d: Directive '%s' is not allowed " 1007 "within a Match block", filename, linenum, arg); 1008 } else { /* this is a directive we have already processed */ 1009 while (arg) 1010 arg = strdelim(&cp); 1011 return 0; 1012 } 1013 } 1014 1015 switch (opcode) { 1016 /* Portable-specific options */ 1017 case sUsePAM: 1018 intptr = &options->use_pam; 1019 goto parse_flag; 1020 1021 /* Standard Options */ 1022 case sBadOption: 1023 return -1; 1024 case sPort: 1025 /* ignore ports from configfile if cmdline specifies ports */ 1026 if (options->ports_from_cmdline) 1027 return 0; 1028 if (options->num_ports >= MAX_PORTS) 1029 fatal("%s line %d: too many ports.", 1030 filename, linenum); 1031 arg = strdelim(&cp); 1032 if (!arg || *arg == '\0') 1033 fatal("%s line %d: missing port number.", 1034 filename, linenum); 1035 options->ports[options->num_ports++] = a2port(arg); 1036 if (options->ports[options->num_ports-1] <= 0) 1037 fatal("%s line %d: Badly formatted port number.", 1038 filename, linenum); 1039 break; 1040 1041 case sLoginGraceTime: 1042 intptr = &options->login_grace_time; 1043 parse_time: 1044 arg = strdelim(&cp); 1045 if (!arg || *arg == '\0') 1046 fatal("%s line %d: missing time value.", 1047 filename, linenum); 1048 if ((value = convtime(arg)) == -1) 1049 fatal("%s line %d: invalid time value.", 1050 filename, linenum); 1051 if (*activep && *intptr == -1) 1052 *intptr = value; 1053 break; 1054 1055 case sListenAddress: 1056 arg = strdelim(&cp); 1057 if (arg == NULL || *arg == '\0') 1058 fatal("%s line %d: missing address", 1059 filename, linenum); 1060 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1061 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1062 && strchr(p+1, ':') != NULL) { 1063 queue_listen_addr(options, arg, 0); 1064 break; 1065 } 1066 p = hpdelim(&arg); 1067 if (p == NULL) 1068 fatal("%s line %d: bad address:port usage", 1069 filename, linenum); 1070 p = cleanhostname(p); 1071 if (arg == NULL) 1072 port = 0; 1073 else if ((port = a2port(arg)) <= 0) 1074 fatal("%s line %d: bad port number", filename, linenum); 1075 1076 queue_listen_addr(options, p, port); 1077 1078 break; 1079 1080 case sAddressFamily: 1081 intptr = &options->address_family; 1082 multistate_ptr = multistate_addressfamily; 1083 parse_multistate: 1084 arg = strdelim(&cp); 1085 if (!arg || *arg == '\0') 1086 fatal("%s line %d: missing argument.", 1087 filename, linenum); 1088 value = -1; 1089 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1090 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1091 value = multistate_ptr[i].value; 1092 break; 1093 } 1094 } 1095 if (value == -1) 1096 fatal("%s line %d: unsupported option \"%s\".", 1097 filename, linenum, arg); 1098 if (*activep && *intptr == -1) 1099 *intptr = value; 1100 break; 1101 1102 case sHostKeyFile: 1103 intptr = &options->num_host_key_files; 1104 if (*intptr >= MAX_HOSTKEYS) 1105 fatal("%s line %d: too many host keys specified (max %d).", 1106 filename, linenum, MAX_HOSTKEYS); 1107 charptr = &options->host_key_files[*intptr]; 1108 parse_filename: 1109 arg = strdelim(&cp); 1110 if (!arg || *arg == '\0') 1111 fatal("%s line %d: missing file name.", 1112 filename, linenum); 1113 if (*activep && *charptr == NULL) { 1114 *charptr = derelativise_path(arg); 1115 /* increase optional counter */ 1116 if (intptr != NULL) 1117 *intptr = *intptr + 1; 1118 } 1119 break; 1120 1121 case sHostKeyAgent: 1122 charptr = &options->host_key_agent; 1123 arg = strdelim(&cp); 1124 if (!arg || *arg == '\0') 1125 fatal("%s line %d: missing socket name.", 1126 filename, linenum); 1127 if (*activep && *charptr == NULL) 1128 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1129 xstrdup(arg) : derelativise_path(arg); 1130 break; 1131 1132 case sHostCertificate: 1133 intptr = &options->num_host_cert_files; 1134 if (*intptr >= MAX_HOSTKEYS) 1135 fatal("%s line %d: too many host certificates " 1136 "specified (max %d).", filename, linenum, 1137 MAX_HOSTCERTS); 1138 charptr = &options->host_cert_files[*intptr]; 1139 goto parse_filename; 1140 1141 case sPidFile: 1142 charptr = &options->pid_file; 1143 goto parse_filename; 1144 1145 case sPermitRootLogin: 1146 intptr = &options->permit_root_login; 1147 multistate_ptr = multistate_permitrootlogin; 1148 goto parse_multistate; 1149 1150 case sIgnoreRhosts: 1151 intptr = &options->ignore_rhosts; 1152 parse_flag: 1153 arg = strdelim(&cp); 1154 if (!arg || *arg == '\0') 1155 fatal("%s line %d: missing yes/no argument.", 1156 filename, linenum); 1157 value = 0; /* silence compiler */ 1158 if (strcmp(arg, "yes") == 0) 1159 value = 1; 1160 else if (strcmp(arg, "no") == 0) 1161 value = 0; 1162 else 1163 fatal("%s line %d: Bad yes/no argument: %s", 1164 filename, linenum, arg); 1165 if (*activep && *intptr == -1) 1166 *intptr = value; 1167 break; 1168 1169 case sIgnoreUserKnownHosts: 1170 intptr = &options->ignore_user_known_hosts; 1171 goto parse_flag; 1172 1173 case sHostbasedAuthentication: 1174 intptr = &options->hostbased_authentication; 1175 goto parse_flag; 1176 1177 case sHostbasedUsesNameFromPacketOnly: 1178 intptr = &options->hostbased_uses_name_from_packet_only; 1179 goto parse_flag; 1180 1181 case sHostbasedAcceptedKeyTypes: 1182 charptr = &options->hostbased_key_types; 1183 parse_keytypes: 1184 arg = strdelim(&cp); 1185 if (!arg || *arg == '\0') 1186 fatal("%s line %d: Missing argument.", 1187 filename, linenum); 1188 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) 1189 fatal("%s line %d: Bad key types '%s'.", 1190 filename, linenum, arg ? arg : "<NONE>"); 1191 if (*activep && *charptr == NULL) 1192 *charptr = xstrdup(arg); 1193 break; 1194 1195 case sHostKeyAlgorithms: 1196 charptr = &options->hostkeyalgorithms; 1197 goto parse_keytypes; 1198 1199 case sPubkeyAuthentication: 1200 intptr = &options->pubkey_authentication; 1201 goto parse_flag; 1202 1203 case sPubkeyAcceptedKeyTypes: 1204 charptr = &options->pubkey_key_types; 1205 goto parse_keytypes; 1206 1207 case sKerberosAuthentication: 1208 intptr = &options->kerberos_authentication; 1209 goto parse_flag; 1210 1211 case sKerberosOrLocalPasswd: 1212 intptr = &options->kerberos_or_local_passwd; 1213 goto parse_flag; 1214 1215 case sKerberosTicketCleanup: 1216 intptr = &options->kerberos_ticket_cleanup; 1217 goto parse_flag; 1218 1219 case sKerberosGetAFSToken: 1220 intptr = &options->kerberos_get_afs_token; 1221 goto parse_flag; 1222 1223 case sGssAuthentication: 1224 intptr = &options->gss_authentication; 1225 goto parse_flag; 1226 1227 case sGssCleanupCreds: 1228 intptr = &options->gss_cleanup_creds; 1229 goto parse_flag; 1230 1231 case sGssStrictAcceptor: 1232 intptr = &options->gss_strict_acceptor; 1233 goto parse_flag; 1234 1235 case sPasswordAuthentication: 1236 intptr = &options->password_authentication; 1237 goto parse_flag; 1238 1239 case sKbdInteractiveAuthentication: 1240 intptr = &options->kbd_interactive_authentication; 1241 goto parse_flag; 1242 1243 case sChallengeResponseAuthentication: 1244 intptr = &options->challenge_response_authentication; 1245 goto parse_flag; 1246 1247 case sPrintMotd: 1248 intptr = &options->print_motd; 1249 goto parse_flag; 1250 1251 case sPrintLastLog: 1252 intptr = &options->print_lastlog; 1253 goto parse_flag; 1254 1255 case sX11Forwarding: 1256 intptr = &options->x11_forwarding; 1257 goto parse_flag; 1258 1259 case sX11DisplayOffset: 1260 intptr = &options->x11_display_offset; 1261 parse_int: 1262 arg = strdelim(&cp); 1263 if (!arg || *arg == '\0') 1264 fatal("%s line %d: missing integer value.", 1265 filename, linenum); 1266 value = atoi(arg); 1267 if (*activep && *intptr == -1) 1268 *intptr = value; 1269 break; 1270 1271 case sX11UseLocalhost: 1272 intptr = &options->x11_use_localhost; 1273 goto parse_flag; 1274 1275 case sXAuthLocation: 1276 charptr = &options->xauth_location; 1277 goto parse_filename; 1278 1279 case sPermitTTY: 1280 intptr = &options->permit_tty; 1281 goto parse_flag; 1282 1283 case sPermitUserRC: 1284 intptr = &options->permit_user_rc; 1285 goto parse_flag; 1286 1287 case sStrictModes: 1288 intptr = &options->strict_modes; 1289 goto parse_flag; 1290 1291 case sTCPKeepAlive: 1292 intptr = &options->tcp_keep_alive; 1293 goto parse_flag; 1294 1295 case sEmptyPasswd: 1296 intptr = &options->permit_empty_passwd; 1297 goto parse_flag; 1298 1299 case sPermitUserEnvironment: 1300 intptr = &options->permit_user_env; 1301 goto parse_flag; 1302 1303 case sCompression: 1304 intptr = &options->compression; 1305 multistate_ptr = multistate_compression; 1306 goto parse_multistate; 1307 1308 case sRekeyLimit: 1309 arg = strdelim(&cp); 1310 if (!arg || *arg == '\0') 1311 fatal("%.200s line %d: Missing argument.", filename, 1312 linenum); 1313 if (strcmp(arg, "default") == 0) { 1314 val64 = 0; 1315 } else { 1316 if (scan_scaled(arg, &val64) == -1) 1317 fatal("%.200s line %d: Bad number '%s': %s", 1318 filename, linenum, arg, strerror(errno)); 1319 if (val64 != 0 && val64 < 16) 1320 fatal("%.200s line %d: RekeyLimit too small", 1321 filename, linenum); 1322 } 1323 if (*activep && options->rekey_limit == -1) 1324 options->rekey_limit = val64; 1325 if (cp != NULL) { /* optional rekey interval present */ 1326 if (strcmp(cp, "none") == 0) { 1327 (void)strdelim(&cp); /* discard */ 1328 break; 1329 } 1330 intptr = &options->rekey_interval; 1331 goto parse_time; 1332 } 1333 break; 1334 1335 case sGatewayPorts: 1336 intptr = &options->fwd_opts.gateway_ports; 1337 multistate_ptr = multistate_gatewayports; 1338 goto parse_multistate; 1339 1340 case sUseDNS: 1341 intptr = &options->use_dns; 1342 goto parse_flag; 1343 1344 case sLogFacility: 1345 log_facility_ptr = &options->log_facility; 1346 arg = strdelim(&cp); 1347 value = log_facility_number(arg); 1348 if (value == SYSLOG_FACILITY_NOT_SET) 1349 fatal("%.200s line %d: unsupported log facility '%s'", 1350 filename, linenum, arg ? arg : "<NONE>"); 1351 if (*log_facility_ptr == -1) 1352 *log_facility_ptr = (SyslogFacility) value; 1353 break; 1354 1355 case sLogLevel: 1356 log_level_ptr = &options->log_level; 1357 arg = strdelim(&cp); 1358 value = log_level_number(arg); 1359 if (value == SYSLOG_LEVEL_NOT_SET) 1360 fatal("%.200s line %d: unsupported log level '%s'", 1361 filename, linenum, arg ? arg : "<NONE>"); 1362 if (*log_level_ptr == -1) 1363 *log_level_ptr = (LogLevel) value; 1364 break; 1365 1366 case sAllowTcpForwarding: 1367 intptr = &options->allow_tcp_forwarding; 1368 multistate_ptr = multistate_tcpfwd; 1369 goto parse_multistate; 1370 1371 case sAllowStreamLocalForwarding: 1372 intptr = &options->allow_streamlocal_forwarding; 1373 multistate_ptr = multistate_tcpfwd; 1374 goto parse_multistate; 1375 1376 case sAllowAgentForwarding: 1377 intptr = &options->allow_agent_forwarding; 1378 goto parse_flag; 1379 1380 case sDisableForwarding: 1381 intptr = &options->disable_forwarding; 1382 goto parse_flag; 1383 1384 case sUsePrivilegeSeparation: 1385 intptr = &use_privsep; 1386 multistate_ptr = multistate_privsep; 1387 goto parse_multistate; 1388 1389 case sAllowUsers: 1390 while ((arg = strdelim(&cp)) && *arg != '\0') { 1391 if (options->num_allow_users >= MAX_ALLOW_USERS) 1392 fatal("%s line %d: too many allow users.", 1393 filename, linenum); 1394 if (match_user(NULL, NULL, NULL, arg) == -1) 1395 fatal("%s line %d: invalid AllowUsers pattern: " 1396 "\"%.100s\"", filename, linenum, arg); 1397 if (!*activep) 1398 continue; 1399 options->allow_users[options->num_allow_users++] = 1400 xstrdup(arg); 1401 } 1402 break; 1403 1404 case sDenyUsers: 1405 while ((arg = strdelim(&cp)) && *arg != '\0') { 1406 if (options->num_deny_users >= MAX_DENY_USERS) 1407 fatal("%s line %d: too many deny users.", 1408 filename, linenum); 1409 if (match_user(NULL, NULL, NULL, arg) == -1) 1410 fatal("%s line %d: invalid DenyUsers pattern: " 1411 "\"%.100s\"", filename, linenum, arg); 1412 if (!*activep) 1413 continue; 1414 options->deny_users[options->num_deny_users++] = 1415 xstrdup(arg); 1416 } 1417 break; 1418 1419 case sAllowGroups: 1420 while ((arg = strdelim(&cp)) && *arg != '\0') { 1421 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 1422 fatal("%s line %d: too many allow groups.", 1423 filename, linenum); 1424 if (!*activep) 1425 continue; 1426 options->allow_groups[options->num_allow_groups++] = 1427 xstrdup(arg); 1428 } 1429 break; 1430 1431 case sDenyGroups: 1432 while ((arg = strdelim(&cp)) && *arg != '\0') { 1433 if (options->num_deny_groups >= MAX_DENY_GROUPS) 1434 fatal("%s line %d: too many deny groups.", 1435 filename, linenum); 1436 if (!*activep) 1437 continue; 1438 options->deny_groups[options->num_deny_groups++] = 1439 xstrdup(arg); 1440 } 1441 break; 1442 1443 case sCiphers: 1444 arg = strdelim(&cp); 1445 if (!arg || *arg == '\0') 1446 fatal("%s line %d: Missing argument.", filename, linenum); 1447 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) 1448 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1449 filename, linenum, arg ? arg : "<NONE>"); 1450 if (options->ciphers == NULL) 1451 options->ciphers = xstrdup(arg); 1452 break; 1453 1454 case sMacs: 1455 arg = strdelim(&cp); 1456 if (!arg || *arg == '\0') 1457 fatal("%s line %d: Missing argument.", filename, linenum); 1458 if (!mac_valid(*arg == '+' ? arg + 1 : arg)) 1459 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1460 filename, linenum, arg ? arg : "<NONE>"); 1461 if (options->macs == NULL) 1462 options->macs = xstrdup(arg); 1463 break; 1464 1465 case sKexAlgorithms: 1466 arg = strdelim(&cp); 1467 if (!arg || *arg == '\0') 1468 fatal("%s line %d: Missing argument.", 1469 filename, linenum); 1470 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) 1471 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1472 filename, linenum, arg ? arg : "<NONE>"); 1473 if (options->kex_algorithms == NULL) 1474 options->kex_algorithms = xstrdup(arg); 1475 break; 1476 1477 case sSubsystem: 1478 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1479 fatal("%s line %d: too many subsystems defined.", 1480 filename, linenum); 1481 } 1482 arg = strdelim(&cp); 1483 if (!arg || *arg == '\0') 1484 fatal("%s line %d: Missing subsystem name.", 1485 filename, linenum); 1486 if (!*activep) { 1487 arg = strdelim(&cp); 1488 break; 1489 } 1490 for (i = 0; i < options->num_subsystems; i++) 1491 if (strcmp(arg, options->subsystem_name[i]) == 0) 1492 fatal("%s line %d: Subsystem '%s' already defined.", 1493 filename, linenum, arg); 1494 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1495 arg = strdelim(&cp); 1496 if (!arg || *arg == '\0') 1497 fatal("%s line %d: Missing subsystem command.", 1498 filename, linenum); 1499 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1500 1501 /* Collect arguments (separate to executable) */ 1502 p = xstrdup(arg); 1503 len = strlen(p) + 1; 1504 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1505 len += 1 + strlen(arg); 1506 p = xreallocarray(p, 1, len); 1507 strlcat(p, " ", len); 1508 strlcat(p, arg, len); 1509 } 1510 options->subsystem_args[options->num_subsystems] = p; 1511 options->num_subsystems++; 1512 break; 1513 1514 case sMaxStartups: 1515 arg = strdelim(&cp); 1516 if (!arg || *arg == '\0') 1517 fatal("%s line %d: Missing MaxStartups spec.", 1518 filename, linenum); 1519 if ((n = sscanf(arg, "%d:%d:%d", 1520 &options->max_startups_begin, 1521 &options->max_startups_rate, 1522 &options->max_startups)) == 3) { 1523 if (options->max_startups_begin > 1524 options->max_startups || 1525 options->max_startups_rate > 100 || 1526 options->max_startups_rate < 1) 1527 fatal("%s line %d: Illegal MaxStartups spec.", 1528 filename, linenum); 1529 } else if (n != 1) 1530 fatal("%s line %d: Illegal MaxStartups spec.", 1531 filename, linenum); 1532 else 1533 options->max_startups = options->max_startups_begin; 1534 break; 1535 1536 case sMaxAuthTries: 1537 intptr = &options->max_authtries; 1538 goto parse_int; 1539 1540 case sMaxSessions: 1541 intptr = &options->max_sessions; 1542 goto parse_int; 1543 1544 case sBanner: 1545 charptr = &options->banner; 1546 goto parse_filename; 1547 1548 /* 1549 * These options can contain %X options expanded at 1550 * connect time, so that you can specify paths like: 1551 * 1552 * AuthorizedKeysFile /etc/ssh_keys/%u 1553 */ 1554 case sAuthorizedKeysFile: 1555 if (*activep && options->num_authkeys_files == 0) { 1556 while ((arg = strdelim(&cp)) && *arg != '\0') { 1557 if (options->num_authkeys_files >= 1558 MAX_AUTHKEYS_FILES) 1559 fatal("%s line %d: " 1560 "too many authorized keys files.", 1561 filename, linenum); 1562 options->authorized_keys_files[ 1563 options->num_authkeys_files++] = 1564 tilde_expand_filename(arg, getuid()); 1565 } 1566 } 1567 return 0; 1568 1569 case sAuthorizedPrincipalsFile: 1570 charptr = &options->authorized_principals_file; 1571 arg = strdelim(&cp); 1572 if (!arg || *arg == '\0') 1573 fatal("%s line %d: missing file name.", 1574 filename, linenum); 1575 if (*activep && *charptr == NULL) { 1576 *charptr = tilde_expand_filename(arg, getuid()); 1577 /* increase optional counter */ 1578 if (intptr != NULL) 1579 *intptr = *intptr + 1; 1580 } 1581 break; 1582 1583 case sClientAliveInterval: 1584 intptr = &options->client_alive_interval; 1585 goto parse_time; 1586 1587 case sClientAliveCountMax: 1588 intptr = &options->client_alive_count_max; 1589 goto parse_int; 1590 1591 case sAcceptEnv: 1592 while ((arg = strdelim(&cp)) && *arg != '\0') { 1593 if (strchr(arg, '=') != NULL) 1594 fatal("%s line %d: Invalid environment name.", 1595 filename, linenum); 1596 if (options->num_accept_env >= MAX_ACCEPT_ENV) 1597 fatal("%s line %d: too many allow env.", 1598 filename, linenum); 1599 if (!*activep) 1600 continue; 1601 options->accept_env[options->num_accept_env++] = 1602 xstrdup(arg); 1603 } 1604 break; 1605 1606 case sPermitTunnel: 1607 intptr = &options->permit_tun; 1608 arg = strdelim(&cp); 1609 if (!arg || *arg == '\0') 1610 fatal("%s line %d: Missing yes/point-to-point/" 1611 "ethernet/no argument.", filename, linenum); 1612 value = -1; 1613 for (i = 0; tunmode_desc[i].val != -1; i++) 1614 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1615 value = tunmode_desc[i].val; 1616 break; 1617 } 1618 if (value == -1) 1619 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1620 "no argument: %s", filename, linenum, arg); 1621 if (*activep && *intptr == -1) 1622 *intptr = value; 1623 break; 1624 1625 case sMatch: 1626 if (cmdline) 1627 fatal("Match directive not supported as a command-line " 1628 "option"); 1629 value = match_cfg_line(&cp, linenum, connectinfo); 1630 if (value < 0) 1631 fatal("%s line %d: Bad Match condition", filename, 1632 linenum); 1633 *activep = value; 1634 break; 1635 1636 case sPermitOpen: 1637 arg = strdelim(&cp); 1638 if (!arg || *arg == '\0') 1639 fatal("%s line %d: missing PermitOpen specification", 1640 filename, linenum); 1641 n = options->num_permitted_opens; /* modified later */ 1642 if (strcmp(arg, "any") == 0) { 1643 if (*activep && n == -1) { 1644 channel_clear_adm_permitted_opens(); 1645 options->num_permitted_opens = 0; 1646 } 1647 break; 1648 } 1649 if (strcmp(arg, "none") == 0) { 1650 if (*activep && n == -1) { 1651 options->num_permitted_opens = 1; 1652 channel_disable_adm_local_opens(); 1653 } 1654 break; 1655 } 1656 if (*activep && n == -1) 1657 channel_clear_adm_permitted_opens(); 1658 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 1659 p = hpdelim(&arg); 1660 if (p == NULL) 1661 fatal("%s line %d: missing host in PermitOpen", 1662 filename, linenum); 1663 p = cleanhostname(p); 1664 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 1665 fatal("%s line %d: bad port number in " 1666 "PermitOpen", filename, linenum); 1667 if (*activep && n == -1) 1668 options->num_permitted_opens = 1669 channel_add_adm_permitted_opens(p, port); 1670 } 1671 break; 1672 1673 case sForceCommand: 1674 if (cp == NULL || *cp == '\0') 1675 fatal("%.200s line %d: Missing argument.", filename, 1676 linenum); 1677 len = strspn(cp, WHITESPACE); 1678 if (*activep && options->adm_forced_command == NULL) 1679 options->adm_forced_command = xstrdup(cp + len); 1680 return 0; 1681 1682 case sChrootDirectory: 1683 charptr = &options->chroot_directory; 1684 1685 arg = strdelim(&cp); 1686 if (!arg || *arg == '\0') 1687 fatal("%s line %d: missing file name.", 1688 filename, linenum); 1689 if (*activep && *charptr == NULL) 1690 *charptr = xstrdup(arg); 1691 break; 1692 1693 case sTrustedUserCAKeys: 1694 charptr = &options->trusted_user_ca_keys; 1695 goto parse_filename; 1696 1697 case sRevokedKeys: 1698 charptr = &options->revoked_keys_file; 1699 goto parse_filename; 1700 1701 case sIPQoS: 1702 arg = strdelim(&cp); 1703 if ((value = parse_ipqos(arg)) == -1) 1704 fatal("%s line %d: Bad IPQoS value: %s", 1705 filename, linenum, arg); 1706 arg = strdelim(&cp); 1707 if (arg == NULL) 1708 value2 = value; 1709 else if ((value2 = parse_ipqos(arg)) == -1) 1710 fatal("%s line %d: Bad IPQoS value: %s", 1711 filename, linenum, arg); 1712 if (*activep) { 1713 options->ip_qos_interactive = value; 1714 options->ip_qos_bulk = value2; 1715 } 1716 break; 1717 1718 case sVersionAddendum: 1719 if (cp == NULL || *cp == '\0') 1720 fatal("%.200s line %d: Missing argument.", filename, 1721 linenum); 1722 len = strspn(cp, WHITESPACE); 1723 if (*activep && options->version_addendum == NULL) { 1724 if (strcasecmp(cp + len, "none") == 0) 1725 options->version_addendum = xstrdup(""); 1726 else if (strchr(cp + len, '\r') != NULL) 1727 fatal("%.200s line %d: Invalid argument", 1728 filename, linenum); 1729 else 1730 options->version_addendum = xstrdup(cp + len); 1731 } 1732 return 0; 1733 1734 case sAuthorizedKeysCommand: 1735 if (cp == NULL) 1736 fatal("%.200s line %d: Missing argument.", filename, 1737 linenum); 1738 len = strspn(cp, WHITESPACE); 1739 if (*activep && options->authorized_keys_command == NULL) { 1740 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 1741 fatal("%.200s line %d: AuthorizedKeysCommand " 1742 "must be an absolute path", 1743 filename, linenum); 1744 options->authorized_keys_command = xstrdup(cp + len); 1745 } 1746 return 0; 1747 1748 case sAuthorizedKeysCommandUser: 1749 charptr = &options->authorized_keys_command_user; 1750 1751 arg = strdelim(&cp); 1752 if (!arg || *arg == '\0') 1753 fatal("%s line %d: missing AuthorizedKeysCommandUser " 1754 "argument.", filename, linenum); 1755 if (*activep && *charptr == NULL) 1756 *charptr = xstrdup(arg); 1757 break; 1758 1759 case sAuthorizedPrincipalsCommand: 1760 if (cp == NULL) 1761 fatal("%.200s line %d: Missing argument.", filename, 1762 linenum); 1763 len = strspn(cp, WHITESPACE); 1764 if (*activep && 1765 options->authorized_principals_command == NULL) { 1766 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 1767 fatal("%.200s line %d: " 1768 "AuthorizedPrincipalsCommand must be " 1769 "an absolute path", filename, linenum); 1770 options->authorized_principals_command = 1771 xstrdup(cp + len); 1772 } 1773 return 0; 1774 1775 case sAuthorizedPrincipalsCommandUser: 1776 charptr = &options->authorized_principals_command_user; 1777 1778 arg = strdelim(&cp); 1779 if (!arg || *arg == '\0') 1780 fatal("%s line %d: missing " 1781 "AuthorizedPrincipalsCommandUser argument.", 1782 filename, linenum); 1783 if (*activep && *charptr == NULL) 1784 *charptr = xstrdup(arg); 1785 break; 1786 1787 case sAuthenticationMethods: 1788 if (options->num_auth_methods == 0) { 1789 value = 0; /* seen "any" pseudo-method */ 1790 value2 = 0; /* sucessfully parsed any method */ 1791 while ((arg = strdelim(&cp)) && *arg != '\0') { 1792 if (options->num_auth_methods >= 1793 MAX_AUTH_METHODS) 1794 fatal("%s line %d: " 1795 "too many authentication methods.", 1796 filename, linenum); 1797 if (strcmp(arg, "any") == 0) { 1798 if (options->num_auth_methods > 0) { 1799 fatal("%s line %d: \"any\" " 1800 "must appear alone in " 1801 "AuthenticationMethods", 1802 filename, linenum); 1803 } 1804 value = 1; 1805 } else if (value) { 1806 fatal("%s line %d: \"any\" must appear " 1807 "alone in AuthenticationMethods", 1808 filename, linenum); 1809 } else if (auth2_methods_valid(arg, 0) != 0) { 1810 fatal("%s line %d: invalid " 1811 "authentication method list.", 1812 filename, linenum); 1813 } 1814 value2 = 1; 1815 if (!*activep) 1816 continue; 1817 options->auth_methods[ 1818 options->num_auth_methods++] = xstrdup(arg); 1819 } 1820 if (value2 == 0) { 1821 fatal("%s line %d: no AuthenticationMethods " 1822 "specified", filename, linenum); 1823 } 1824 } 1825 return 0; 1826 1827 case sStreamLocalBindMask: 1828 arg = strdelim(&cp); 1829 if (!arg || *arg == '\0') 1830 fatal("%s line %d: missing StreamLocalBindMask " 1831 "argument.", filename, linenum); 1832 /* Parse mode in octal format */ 1833 value = strtol(arg, &p, 8); 1834 if (arg == p || value < 0 || value > 0777) 1835 fatal("%s line %d: Bad mask.", filename, linenum); 1836 if (*activep) 1837 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 1838 break; 1839 1840 case sStreamLocalBindUnlink: 1841 intptr = &options->fwd_opts.streamlocal_bind_unlink; 1842 goto parse_flag; 1843 1844 case sFingerprintHash: 1845 arg = strdelim(&cp); 1846 if (!arg || *arg == '\0') 1847 fatal("%.200s line %d: Missing argument.", 1848 filename, linenum); 1849 if ((value = ssh_digest_alg_by_name(arg)) == -1) 1850 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 1851 filename, linenum, arg); 1852 if (*activep) 1853 options->fingerprint_hash = value; 1854 break; 1855 1856 case sUseBlacklist: 1857 intptr = &options->use_blacklist; 1858 goto parse_flag; 1859 1860 case sDeprecated: 1861 case sIgnore: 1862 case sUnsupported: 1863 do_log2(opcode == sIgnore ? 1864 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 1865 "%s line %d: %s option %s", filename, linenum, 1866 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); 1867 while (arg) 1868 arg = strdelim(&cp); 1869 break; 1870 1871 default: 1872 fatal("%s line %d: Missing handler for opcode %s (%d)", 1873 filename, linenum, arg, opcode); 1874 } 1875 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 1876 fatal("%s line %d: garbage at end of line; \"%.200s\".", 1877 filename, linenum, arg); 1878 return 0; 1879 } 1880 1881 /* Reads the server configuration file. */ 1882 1883 void 1884 load_server_config(const char *filename, Buffer *conf) 1885 { 1886 char line[4096], *cp; 1887 FILE *f; 1888 int lineno = 0; 1889 1890 debug2("%s: filename %s", __func__, filename); 1891 if ((f = fopen(filename, "r")) == NULL) { 1892 perror(filename); 1893 exit(1); 1894 } 1895 buffer_clear(conf); 1896 while (fgets(line, sizeof(line), f)) { 1897 lineno++; 1898 if (strlen(line) == sizeof(line) - 1) 1899 fatal("%s line %d too long", filename, lineno); 1900 /* 1901 * Trim out comments and strip whitespace 1902 * NB - preserve newlines, they are needed to reproduce 1903 * line numbers later for error messages 1904 */ 1905 if ((cp = strchr(line, '#')) != NULL) 1906 memcpy(cp, "\n", 2); 1907 cp = line + strspn(line, " \t\r"); 1908 1909 buffer_append(conf, cp, strlen(cp)); 1910 } 1911 buffer_append(conf, "\0", 1); 1912 fclose(f); 1913 debug2("%s: done config len = %d", __func__, buffer_len(conf)); 1914 } 1915 1916 void 1917 parse_server_match_config(ServerOptions *options, 1918 struct connection_info *connectinfo) 1919 { 1920 ServerOptions mo; 1921 1922 initialize_server_options(&mo); 1923 parse_server_config(&mo, "reprocess config", &cfg, connectinfo); 1924 copy_set_server_options(options, &mo, 0); 1925 } 1926 1927 int parse_server_match_testspec(struct connection_info *ci, char *spec) 1928 { 1929 char *p; 1930 1931 while ((p = strsep(&spec, ",")) && *p != '\0') { 1932 if (strncmp(p, "addr=", 5) == 0) { 1933 ci->address = xstrdup(p + 5); 1934 } else if (strncmp(p, "host=", 5) == 0) { 1935 ci->host = xstrdup(p + 5); 1936 } else if (strncmp(p, "user=", 5) == 0) { 1937 ci->user = xstrdup(p + 5); 1938 } else if (strncmp(p, "laddr=", 6) == 0) { 1939 ci->laddress = xstrdup(p + 6); 1940 } else if (strncmp(p, "lport=", 6) == 0) { 1941 ci->lport = a2port(p + 6); 1942 if (ci->lport == -1) { 1943 fprintf(stderr, "Invalid port '%s' in test mode" 1944 " specification %s\n", p+6, p); 1945 return -1; 1946 } 1947 } else { 1948 fprintf(stderr, "Invalid test mode specification %s\n", 1949 p); 1950 return -1; 1951 } 1952 } 1953 return 0; 1954 } 1955 1956 /* 1957 * returns 1 for a complete spec, 0 for partial spec and -1 for an 1958 * empty spec. 1959 */ 1960 int server_match_spec_complete(struct connection_info *ci) 1961 { 1962 if (ci->user && ci->host && ci->address) 1963 return 1; /* complete */ 1964 if (!ci->user && !ci->host && !ci->address) 1965 return -1; /* empty */ 1966 return 0; /* partial */ 1967 } 1968 1969 /* 1970 * Copy any supported values that are set. 1971 * 1972 * If the preauth flag is set, we do not bother copying the string or 1973 * array values that are not used pre-authentication, because any that we 1974 * do use must be explictly sent in mm_getpwnamallow(). 1975 */ 1976 void 1977 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 1978 { 1979 #define M_CP_INTOPT(n) do {\ 1980 if (src->n != -1) \ 1981 dst->n = src->n; \ 1982 } while (0) 1983 1984 M_CP_INTOPT(password_authentication); 1985 M_CP_INTOPT(gss_authentication); 1986 M_CP_INTOPT(pubkey_authentication); 1987 M_CP_INTOPT(kerberos_authentication); 1988 M_CP_INTOPT(hostbased_authentication); 1989 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 1990 M_CP_INTOPT(kbd_interactive_authentication); 1991 M_CP_INTOPT(permit_root_login); 1992 M_CP_INTOPT(permit_empty_passwd); 1993 1994 M_CP_INTOPT(allow_tcp_forwarding); 1995 M_CP_INTOPT(allow_streamlocal_forwarding); 1996 M_CP_INTOPT(allow_agent_forwarding); 1997 M_CP_INTOPT(disable_forwarding); 1998 M_CP_INTOPT(permit_tun); 1999 M_CP_INTOPT(fwd_opts.gateway_ports); 2000 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2001 M_CP_INTOPT(x11_display_offset); 2002 M_CP_INTOPT(x11_forwarding); 2003 M_CP_INTOPT(x11_use_localhost); 2004 M_CP_INTOPT(permit_tty); 2005 M_CP_INTOPT(permit_user_rc); 2006 M_CP_INTOPT(max_sessions); 2007 M_CP_INTOPT(max_authtries); 2008 M_CP_INTOPT(client_alive_count_max); 2009 M_CP_INTOPT(client_alive_interval); 2010 M_CP_INTOPT(ip_qos_interactive); 2011 M_CP_INTOPT(ip_qos_bulk); 2012 M_CP_INTOPT(rekey_limit); 2013 M_CP_INTOPT(rekey_interval); 2014 2015 /* 2016 * The bind_mask is a mode_t that may be unsigned, so we can't use 2017 * M_CP_INTOPT - it does a signed comparison that causes compiler 2018 * warnings. 2019 */ 2020 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 2021 dst->fwd_opts.streamlocal_bind_mask = 2022 src->fwd_opts.streamlocal_bind_mask; 2023 } 2024 2025 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2026 #define M_CP_STROPT(n) do {\ 2027 if (src->n != NULL && dst->n != src->n) { \ 2028 free(dst->n); \ 2029 dst->n = src->n; \ 2030 } \ 2031 } while(0) 2032 #define M_CP_STRARRAYOPT(n, num_n) do {\ 2033 if (src->num_n != 0) { \ 2034 for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ 2035 dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ 2036 } \ 2037 } while(0) 2038 2039 /* See comment in servconf.h */ 2040 COPY_MATCH_STRING_OPTS(); 2041 2042 /* Arguments that accept '+...' need to be expanded */ 2043 assemble_algorithms(dst); 2044 2045 /* 2046 * The only things that should be below this point are string options 2047 * which are only used after authentication. 2048 */ 2049 if (preauth) 2050 return; 2051 2052 /* These options may be "none" to clear a global setting */ 2053 M_CP_STROPT(adm_forced_command); 2054 if (option_clear_or_none(dst->adm_forced_command)) { 2055 free(dst->adm_forced_command); 2056 dst->adm_forced_command = NULL; 2057 } 2058 M_CP_STROPT(chroot_directory); 2059 if (option_clear_or_none(dst->chroot_directory)) { 2060 free(dst->chroot_directory); 2061 dst->chroot_directory = NULL; 2062 } 2063 } 2064 2065 #undef M_CP_INTOPT 2066 #undef M_CP_STROPT 2067 #undef M_CP_STRARRAYOPT 2068 2069 void 2070 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 2071 struct connection_info *connectinfo) 2072 { 2073 int active, linenum, bad_options = 0; 2074 char *cp, *obuf, *cbuf; 2075 2076 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 2077 2078 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2079 fatal("%s: sshbuf_dup_string failed", __func__); 2080 active = connectinfo ? 0 : 1; 2081 linenum = 1; 2082 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2083 if (process_server_config_line(options, cp, filename, 2084 linenum++, &active, connectinfo) != 0) 2085 bad_options++; 2086 } 2087 free(obuf); 2088 if (bad_options > 0) 2089 fatal("%s: terminating, %d bad configuration options", 2090 filename, bad_options); 2091 process_queued_listen_addrs(options); 2092 } 2093 2094 static const char * 2095 fmt_multistate_int(int val, const struct multistate *m) 2096 { 2097 u_int i; 2098 2099 for (i = 0; m[i].key != NULL; i++) { 2100 if (m[i].value == val) 2101 return m[i].key; 2102 } 2103 return "UNKNOWN"; 2104 } 2105 2106 static const char * 2107 fmt_intarg(ServerOpCodes code, int val) 2108 { 2109 if (val == -1) 2110 return "unset"; 2111 switch (code) { 2112 case sAddressFamily: 2113 return fmt_multistate_int(val, multistate_addressfamily); 2114 case sPermitRootLogin: 2115 return fmt_multistate_int(val, multistate_permitrootlogin); 2116 case sGatewayPorts: 2117 return fmt_multistate_int(val, multistate_gatewayports); 2118 case sCompression: 2119 return fmt_multistate_int(val, multistate_compression); 2120 case sUsePrivilegeSeparation: 2121 return fmt_multistate_int(val, multistate_privsep); 2122 case sAllowTcpForwarding: 2123 return fmt_multistate_int(val, multistate_tcpfwd); 2124 case sAllowStreamLocalForwarding: 2125 return fmt_multistate_int(val, multistate_tcpfwd); 2126 case sFingerprintHash: 2127 return ssh_digest_alg_name(val); 2128 default: 2129 switch (val) { 2130 case 0: 2131 return "no"; 2132 case 1: 2133 return "yes"; 2134 default: 2135 return "UNKNOWN"; 2136 } 2137 } 2138 } 2139 2140 static const char * 2141 lookup_opcode_name(ServerOpCodes code) 2142 { 2143 u_int i; 2144 2145 for (i = 0; keywords[i].name != NULL; i++) 2146 if (keywords[i].opcode == code) 2147 return(keywords[i].name); 2148 return "UNKNOWN"; 2149 } 2150 2151 static void 2152 dump_cfg_int(ServerOpCodes code, int val) 2153 { 2154 printf("%s %d\n", lookup_opcode_name(code), val); 2155 } 2156 2157 static void 2158 dump_cfg_oct(ServerOpCodes code, int val) 2159 { 2160 printf("%s 0%o\n", lookup_opcode_name(code), val); 2161 } 2162 2163 static void 2164 dump_cfg_fmtint(ServerOpCodes code, int val) 2165 { 2166 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2167 } 2168 2169 static void 2170 dump_cfg_string(ServerOpCodes code, const char *val) 2171 { 2172 if (val == NULL) 2173 return; 2174 printf("%s %s\n", lookup_opcode_name(code), 2175 val == NULL ? "none" : val); 2176 } 2177 2178 static void 2179 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2180 { 2181 u_int i; 2182 2183 for (i = 0; i < count; i++) 2184 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2185 } 2186 2187 static void 2188 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2189 { 2190 u_int i; 2191 2192 if (count <= 0 && code != sAuthenticationMethods) 2193 return; 2194 printf("%s", lookup_opcode_name(code)); 2195 for (i = 0; i < count; i++) 2196 printf(" %s", vals[i]); 2197 if (code == sAuthenticationMethods && count == 0) 2198 printf(" any"); 2199 printf("\n"); 2200 } 2201 2202 void 2203 dump_config(ServerOptions *o) 2204 { 2205 u_int i; 2206 int ret; 2207 struct addrinfo *ai; 2208 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 2209 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2210 2211 /* these are usually at the top of the config */ 2212 for (i = 0; i < o->num_ports; i++) 2213 printf("port %d\n", o->ports[i]); 2214 dump_cfg_fmtint(sAddressFamily, o->address_family); 2215 2216 /* 2217 * ListenAddress must be after Port. add_one_listen_addr pushes 2218 * addresses onto a stack, so to maintain ordering we need to 2219 * print these in reverse order. 2220 */ 2221 for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 2222 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2223 sizeof(addr), port, sizeof(port), 2224 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2225 error("getnameinfo failed: %.100s", 2226 (ret != EAI_SYSTEM) ? gai_strerror(ret) : 2227 strerror(errno)); 2228 } else { 2229 laddr2 = laddr1; 2230 if (ai->ai_family == AF_INET6) 2231 xasprintf(&laddr1, "listenaddress [%s]:%s\n%s", 2232 addr, port, laddr2); 2233 else 2234 xasprintf(&laddr1, "listenaddress %s:%s\n%s", 2235 addr, port, laddr2); 2236 free(laddr2); 2237 } 2238 } 2239 printf("%s", laddr1); 2240 free(laddr1); 2241 2242 /* integer arguments */ 2243 #ifdef USE_PAM 2244 dump_cfg_fmtint(sUsePAM, o->use_pam); 2245 #endif 2246 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2247 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2248 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2249 dump_cfg_int(sMaxSessions, o->max_sessions); 2250 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2251 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2252 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2253 2254 /* formatted integer arguments */ 2255 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2256 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2257 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2258 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2259 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2260 o->hostbased_uses_name_from_packet_only); 2261 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2262 #ifdef KRB5 2263 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2264 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2265 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2266 # ifdef USE_AFS 2267 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2268 # endif 2269 #endif 2270 #ifdef GSSAPI 2271 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2272 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2273 #endif 2274 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2275 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2276 o->kbd_interactive_authentication); 2277 dump_cfg_fmtint(sChallengeResponseAuthentication, 2278 o->challenge_response_authentication); 2279 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2280 #ifndef DISABLE_LASTLOG 2281 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2282 #endif 2283 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2284 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2285 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2286 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2287 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2288 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2289 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2290 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2291 dump_cfg_fmtint(sCompression, o->compression); 2292 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2293 dump_cfg_fmtint(sUseDNS, o->use_dns); 2294 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2295 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2296 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2297 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2298 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2299 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 2300 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2301 dump_cfg_fmtint(sUseBlacklist, o->use_blacklist); 2302 2303 /* string arguments */ 2304 dump_cfg_string(sPidFile, o->pid_file); 2305 dump_cfg_string(sXAuthLocation, o->xauth_location); 2306 dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); 2307 dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); 2308 dump_cfg_string(sBanner, o->banner); 2309 dump_cfg_string(sForceCommand, o->adm_forced_command); 2310 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2311 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2312 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2313 dump_cfg_string(sAuthorizedPrincipalsFile, 2314 o->authorized_principals_file); 2315 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2316 ? "none" : o->version_addendum); 2317 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2318 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2319 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2320 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2321 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2322 dump_cfg_string(sKexAlgorithms, 2323 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); 2324 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? 2325 o->hostbased_key_types : KEX_DEFAULT_PK_ALG); 2326 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? 2327 o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); 2328 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? 2329 o->pubkey_key_types : KEX_DEFAULT_PK_ALG); 2330 2331 /* string arguments requiring a lookup */ 2332 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2333 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2334 2335 /* string array arguments */ 2336 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2337 o->authorized_keys_files); 2338 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2339 o->host_key_files); 2340 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2341 o->host_cert_files); 2342 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2343 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2344 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2345 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2346 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2347 dump_cfg_strarray_oneline(sAuthenticationMethods, 2348 o->num_auth_methods, o->auth_methods); 2349 2350 /* other arguments */ 2351 for (i = 0; i < o->num_subsystems; i++) 2352 printf("subsystem %s %s\n", o->subsystem_name[i], 2353 o->subsystem_args[i]); 2354 2355 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2356 o->max_startups_rate, o->max_startups); 2357 2358 for (i = 0; tunmode_desc[i].val != -1; i++) 2359 if (tunmode_desc[i].val == o->permit_tun) { 2360 s = tunmode_desc[i].text; 2361 break; 2362 } 2363 dump_cfg_string(sPermitTunnel, s); 2364 2365 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2366 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2367 2368 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2369 o->rekey_interval); 2370 2371 channel_print_adm_permitted_opens(); 2372 } 2373