xref: /freebsd/crypto/openssh/servconf.c (revision 45dd2eaac379e5576f745380260470204c49beac)
1 
2 /* $OpenBSD: servconf.c,v 1.384 2022/03/18 04:04:11 djm Exp $ */
3 /*
4  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5  *                    All rights reserved
6  *
7  * As far as I am concerned, the code I have written for this software
8  * can be used freely for any purpose.  Any derived versions of this
9  * software must be clearly marked as such, and if the derived work is
10  * incompatible with the protocol description in the RFC file, it must be
11  * called by a name other than "ssh" or "Secure Shell".
12  */
13 
14 #include "includes.h"
15 __RCSID("$FreeBSD$");
16 
17 #include <sys/types.h>
18 #include <sys/socket.h>
19 #include <sys/stat.h>
20 #ifdef __OpenBSD__
21 #include <sys/sysctl.h>
22 #endif
23 
24 #include <netinet/in.h>
25 #include <netinet/in_systm.h>
26 #include <netinet/ip.h>
27 #ifdef HAVE_NET_ROUTE_H
28 #include <net/route.h>
29 #endif
30 
31 #include <ctype.h>
32 #include <netdb.h>
33 #include <pwd.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <signal.h>
38 #include <unistd.h>
39 #include <limits.h>
40 #include <stdarg.h>
41 #include <errno.h>
42 #ifdef HAVE_UTIL_H
43 #include <util.h>
44 #endif
45 #ifdef USE_SYSTEM_GLOB
46 # include <glob.h>
47 #else
48 # include "openbsd-compat/glob.h"
49 #endif
50 
51 #include "openbsd-compat/sys-queue.h"
52 #include "xmalloc.h"
53 #include "ssh.h"
54 #include "log.h"
55 #include "sshbuf.h"
56 #include "misc.h"
57 #include "servconf.h"
58 #include "compat.h"
59 #include "pathnames.h"
60 #include "cipher.h"
61 #include "sshkey.h"
62 #include "kex.h"
63 #include "mac.h"
64 #include "match.h"
65 #include "channels.h"
66 #include "groupaccess.h"
67 #include "canohost.h"
68 #include "packet.h"
69 #include "ssherr.h"
70 #include "hostfile.h"
71 #include "auth.h"
72 #include "myproposal.h"
73 #include "digest.h"
74 #include "version.h"
75 
76 static void add_listen_addr(ServerOptions *, const char *,
77     const char *, int);
78 static void add_one_listen_addr(ServerOptions *, const char *,
79     const char *, int);
80 static void parse_server_config_depth(ServerOptions *options,
81     const char *filename, struct sshbuf *conf, struct include_list *includes,
82     struct connection_info *connectinfo, int flags, int *activep, int depth);
83 
84 /* Use of privilege separation or not */
85 extern int use_privsep;
86 extern struct sshbuf *cfg;
87 
88 /* Initializes the server options to their default values. */
89 
90 void
91 initialize_server_options(ServerOptions *options)
92 {
93 	memset(options, 0, sizeof(*options));
94 
95 	/* Portable-specific options */
96 	options->use_pam = -1;
97 
98 	/* Standard Options */
99 	options->num_ports = 0;
100 	options->ports_from_cmdline = 0;
101 	options->queued_listen_addrs = NULL;
102 	options->num_queued_listens = 0;
103 	options->listen_addrs = NULL;
104 	options->num_listen_addrs = 0;
105 	options->address_family = -1;
106 	options->routing_domain = NULL;
107 	options->num_host_key_files = 0;
108 	options->num_host_cert_files = 0;
109 	options->host_key_agent = NULL;
110 	options->pid_file = NULL;
111 	options->login_grace_time = -1;
112 	options->permit_root_login = PERMIT_NOT_SET;
113 	options->ignore_rhosts = -1;
114 	options->ignore_user_known_hosts = -1;
115 	options->print_motd = -1;
116 	options->print_lastlog = -1;
117 	options->x11_forwarding = -1;
118 	options->x11_display_offset = -1;
119 	options->x11_use_localhost = -1;
120 	options->permit_tty = -1;
121 	options->permit_user_rc = -1;
122 	options->xauth_location = NULL;
123 	options->strict_modes = -1;
124 	options->tcp_keep_alive = -1;
125 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
126 	options->log_level = SYSLOG_LEVEL_NOT_SET;
127 	options->num_log_verbose = 0;
128 	options->log_verbose = NULL;
129 	options->hostbased_authentication = -1;
130 	options->hostbased_uses_name_from_packet_only = -1;
131 	options->hostbased_accepted_algos = NULL;
132 	options->hostkeyalgorithms = NULL;
133 	options->pubkey_authentication = -1;
134 	options->pubkey_auth_options = -1;
135 	options->pubkey_accepted_algos = NULL;
136 	options->kerberos_authentication = -1;
137 	options->kerberos_or_local_passwd = -1;
138 	options->kerberos_ticket_cleanup = -1;
139 	options->kerberos_get_afs_token = -1;
140 	options->gss_authentication=-1;
141 	options->gss_cleanup_creds = -1;
142 	options->gss_strict_acceptor = -1;
143 	options->password_authentication = -1;
144 	options->kbd_interactive_authentication = -1;
145 	options->permit_empty_passwd = -1;
146 	options->permit_user_env = -1;
147 	options->permit_user_env_allowlist = NULL;
148 	options->compression = -1;
149 	options->rekey_limit = -1;
150 	options->rekey_interval = -1;
151 	options->allow_tcp_forwarding = -1;
152 	options->allow_streamlocal_forwarding = -1;
153 	options->allow_agent_forwarding = -1;
154 	options->num_allow_users = 0;
155 	options->num_deny_users = 0;
156 	options->num_allow_groups = 0;
157 	options->num_deny_groups = 0;
158 	options->ciphers = NULL;
159 	options->macs = NULL;
160 	options->kex_algorithms = NULL;
161 	options->ca_sign_algorithms = NULL;
162 	options->fwd_opts.gateway_ports = -1;
163 	options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
164 	options->fwd_opts.streamlocal_bind_unlink = -1;
165 	options->num_subsystems = 0;
166 	options->max_startups_begin = -1;
167 	options->max_startups_rate = -1;
168 	options->max_startups = -1;
169 	options->per_source_max_startups = -1;
170 	options->per_source_masklen_ipv4 = -1;
171 	options->per_source_masklen_ipv6 = -1;
172 	options->max_authtries = -1;
173 	options->max_sessions = -1;
174 	options->banner = NULL;
175 	options->use_dns = -1;
176 	options->client_alive_interval = -1;
177 	options->client_alive_count_max = -1;
178 	options->num_authkeys_files = 0;
179 	options->num_accept_env = 0;
180 	options->num_setenv = 0;
181 	options->permit_tun = -1;
182 	options->permitted_opens = NULL;
183 	options->permitted_listens = NULL;
184 	options->adm_forced_command = NULL;
185 	options->chroot_directory = NULL;
186 	options->authorized_keys_command = NULL;
187 	options->authorized_keys_command_user = NULL;
188 	options->revoked_keys_file = NULL;
189 	options->sk_provider = NULL;
190 	options->trusted_user_ca_keys = NULL;
191 	options->authorized_principals_file = NULL;
192 	options->authorized_principals_command = NULL;
193 	options->authorized_principals_command_user = NULL;
194 	options->ip_qos_interactive = -1;
195 	options->ip_qos_bulk = -1;
196 	options->version_addendum = NULL;
197 	options->fingerprint_hash = -1;
198 	options->disable_forwarding = -1;
199 	options->expose_userauth_info = -1;
200 	options->use_blacklist = -1;
201 }
202 
203 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
204 static int
205 option_clear_or_none(const char *o)
206 {
207 	return o == NULL || strcasecmp(o, "none") == 0;
208 }
209 
210 static void
211 assemble_algorithms(ServerOptions *o)
212 {
213 	char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
214 	char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig;
215 	int r;
216 
217 	all_cipher = cipher_alg_list(',', 0);
218 	all_mac = mac_alg_list(',');
219 	all_kex = kex_alg_list(',');
220 	all_key = sshkey_alg_list(0, 0, 1, ',');
221 	all_sig = sshkey_alg_list(0, 1, 1, ',');
222 	/* remove unsupported algos from default lists */
223 	def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher);
224 	def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac);
225 	def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex);
226 	def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
227 	def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig);
228 #define ASSEMBLE(what, defaults, all) \
229 	do { \
230 		if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
231 			fatal_fr(r, "%s", #what); \
232 	} while (0)
233 	ASSEMBLE(ciphers, def_cipher, all_cipher);
234 	ASSEMBLE(macs, def_mac, all_mac);
235 	ASSEMBLE(kex_algorithms, def_kex, all_kex);
236 	ASSEMBLE(hostkeyalgorithms, def_key, all_key);
237 	ASSEMBLE(hostbased_accepted_algos, def_key, all_key);
238 	ASSEMBLE(pubkey_accepted_algos, def_key, all_key);
239 	ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
240 #undef ASSEMBLE
241 	free(all_cipher);
242 	free(all_mac);
243 	free(all_kex);
244 	free(all_key);
245 	free(all_sig);
246 	free(def_cipher);
247 	free(def_mac);
248 	free(def_kex);
249 	free(def_key);
250 	free(def_sig);
251 }
252 
253 static const char *defaultkey = "[default]";
254 
255 void
256 servconf_add_hostkey(const char *file, const int line,
257     ServerOptions *options, const char *path, int userprovided)
258 {
259 	char *apath = derelativise_path(path);
260 
261 	if (file == defaultkey && access(path, R_OK) != 0)
262 		return;
263 	opt_array_append2(file, line, "HostKey",
264 	    &options->host_key_files, &options->host_key_file_userprovided,
265 	    &options->num_host_key_files, apath, userprovided);
266 	free(apath);
267 }
268 
269 void
270 servconf_add_hostcert(const char *file, const int line,
271     ServerOptions *options, const char *path)
272 {
273 	char *apath = derelativise_path(path);
274 
275 	opt_array_append(file, line, "HostCertificate",
276 	    &options->host_cert_files, &options->num_host_cert_files, apath);
277 	free(apath);
278 }
279 
280 void
281 fill_default_server_options(ServerOptions *options)
282 {
283 	u_int i;
284 
285 	/* Portable-specific options */
286 	if (options->use_pam == -1)
287 		options->use_pam = 1;
288 
289 	/* Standard Options */
290 	if (options->num_host_key_files == 0) {
291 		/* fill default hostkeys for protocols */
292 		servconf_add_hostkey(defaultkey, 0, options,
293 		    _PATH_HOST_RSA_KEY_FILE, 0);
294 #ifdef OPENSSL_HAS_ECC
295 		servconf_add_hostkey(defaultkey, 0, options,
296 		    _PATH_HOST_ECDSA_KEY_FILE, 0);
297 #endif
298 		servconf_add_hostkey(defaultkey, 0, options,
299 		    _PATH_HOST_ED25519_KEY_FILE, 0);
300 #ifdef WITH_XMSS
301 		servconf_add_hostkey(defaultkey, 0, options,
302 		    _PATH_HOST_XMSS_KEY_FILE, 0);
303 #endif /* WITH_XMSS */
304 	}
305 	if (options->num_host_key_files == 0)
306 		fatal("No host key files found");
307 	/* No certificates by default */
308 	if (options->num_ports == 0)
309 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
310 	if (options->address_family == -1)
311 		options->address_family = AF_UNSPEC;
312 	if (options->listen_addrs == NULL)
313 		add_listen_addr(options, NULL, NULL, 0);
314 	if (options->pid_file == NULL)
315 		options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
316 	if (options->moduli_file == NULL)
317 		options->moduli_file = xstrdup(_PATH_DH_MODULI);
318 	if (options->login_grace_time == -1)
319 		options->login_grace_time = 120;
320 	if (options->permit_root_login == PERMIT_NOT_SET)
321 		options->permit_root_login = PERMIT_NO;
322 	if (options->ignore_rhosts == -1)
323 		options->ignore_rhosts = 1;
324 	if (options->ignore_user_known_hosts == -1)
325 		options->ignore_user_known_hosts = 0;
326 	if (options->print_motd == -1)
327 		options->print_motd = 1;
328 	if (options->print_lastlog == -1)
329 		options->print_lastlog = 1;
330 	if (options->x11_forwarding == -1)
331 		options->x11_forwarding = 1;
332 	if (options->x11_display_offset == -1)
333 		options->x11_display_offset = 10;
334 	if (options->x11_use_localhost == -1)
335 		options->x11_use_localhost = 1;
336 	if (options->xauth_location == NULL)
337 		options->xauth_location = xstrdup(_PATH_XAUTH);
338 	if (options->permit_tty == -1)
339 		options->permit_tty = 1;
340 	if (options->permit_user_rc == -1)
341 		options->permit_user_rc = 1;
342 	if (options->strict_modes == -1)
343 		options->strict_modes = 1;
344 	if (options->tcp_keep_alive == -1)
345 		options->tcp_keep_alive = 1;
346 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
347 		options->log_facility = SYSLOG_FACILITY_AUTH;
348 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
349 		options->log_level = SYSLOG_LEVEL_INFO;
350 	if (options->hostbased_authentication == -1)
351 		options->hostbased_authentication = 0;
352 	if (options->hostbased_uses_name_from_packet_only == -1)
353 		options->hostbased_uses_name_from_packet_only = 0;
354 	if (options->pubkey_authentication == -1)
355 		options->pubkey_authentication = 1;
356 	if (options->pubkey_auth_options == -1)
357 		options->pubkey_auth_options = 0;
358 	if (options->kerberos_authentication == -1)
359 		options->kerberos_authentication = 0;
360 	if (options->kerberos_or_local_passwd == -1)
361 		options->kerberos_or_local_passwd = 1;
362 	if (options->kerberos_ticket_cleanup == -1)
363 		options->kerberos_ticket_cleanup = 1;
364 	if (options->kerberos_get_afs_token == -1)
365 		options->kerberos_get_afs_token = 0;
366 	if (options->gss_authentication == -1)
367 		options->gss_authentication = 0;
368 	if (options->gss_cleanup_creds == -1)
369 		options->gss_cleanup_creds = 1;
370 	if (options->gss_strict_acceptor == -1)
371 		options->gss_strict_acceptor = 1;
372 	if (options->password_authentication == -1)
373 		options->password_authentication = 0;
374 	if (options->kbd_interactive_authentication == -1)
375 		options->kbd_interactive_authentication = 1;
376 	if (options->permit_empty_passwd == -1)
377 		options->permit_empty_passwd = 0;
378 	if (options->permit_user_env == -1) {
379 		options->permit_user_env = 0;
380 		options->permit_user_env_allowlist = NULL;
381 	}
382 	if (options->compression == -1)
383 #ifdef WITH_ZLIB
384 		options->compression = COMP_DELAYED;
385 #else
386 		options->compression = COMP_NONE;
387 #endif
388 
389 	if (options->rekey_limit == -1)
390 		options->rekey_limit = 0;
391 	if (options->rekey_interval == -1)
392 		options->rekey_interval = 0;
393 	if (options->allow_tcp_forwarding == -1)
394 		options->allow_tcp_forwarding = FORWARD_ALLOW;
395 	if (options->allow_streamlocal_forwarding == -1)
396 		options->allow_streamlocal_forwarding = FORWARD_ALLOW;
397 	if (options->allow_agent_forwarding == -1)
398 		options->allow_agent_forwarding = 1;
399 	if (options->fwd_opts.gateway_ports == -1)
400 		options->fwd_opts.gateway_ports = 0;
401 	if (options->max_startups == -1)
402 		options->max_startups = 100;
403 	if (options->max_startups_rate == -1)
404 		options->max_startups_rate = 30;		/* 30% */
405 	if (options->max_startups_begin == -1)
406 		options->max_startups_begin = 10;
407 	if (options->per_source_max_startups == -1)
408 		options->per_source_max_startups = INT_MAX;
409 	if (options->per_source_masklen_ipv4 == -1)
410 		options->per_source_masklen_ipv4 = 32;
411 	if (options->per_source_masklen_ipv6 == -1)
412 		options->per_source_masklen_ipv6 = 128;
413 	if (options->max_authtries == -1)
414 		options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
415 	if (options->max_sessions == -1)
416 		options->max_sessions = DEFAULT_SESSIONS_MAX;
417 	if (options->use_dns == -1)
418 		options->use_dns = 1;
419 	if (options->client_alive_interval == -1)
420 		options->client_alive_interval = 0;
421 	if (options->client_alive_count_max == -1)
422 		options->client_alive_count_max = 3;
423 	if (options->num_authkeys_files == 0) {
424 		opt_array_append(defaultkey, 0, "AuthorizedKeysFiles",
425 		    &options->authorized_keys_files,
426 		    &options->num_authkeys_files,
427 		    _PATH_SSH_USER_PERMITTED_KEYS);
428 		opt_array_append(defaultkey, 0, "AuthorizedKeysFiles",
429 		    &options->authorized_keys_files,
430 		    &options->num_authkeys_files,
431 		    _PATH_SSH_USER_PERMITTED_KEYS2);
432 	}
433 	if (options->permit_tun == -1)
434 		options->permit_tun = SSH_TUNMODE_NO;
435 	if (options->ip_qos_interactive == -1)
436 		options->ip_qos_interactive = IPTOS_DSCP_AF21;
437 	if (options->ip_qos_bulk == -1)
438 		options->ip_qos_bulk = IPTOS_DSCP_CS1;
439 	if (options->version_addendum == NULL)
440 		options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
441 	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
442 		options->fwd_opts.streamlocal_bind_mask = 0177;
443 	if (options->fwd_opts.streamlocal_bind_unlink == -1)
444 		options->fwd_opts.streamlocal_bind_unlink = 0;
445 	if (options->fingerprint_hash == -1)
446 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
447 	if (options->disable_forwarding == -1)
448 		options->disable_forwarding = 0;
449 	if (options->expose_userauth_info == -1)
450 		options->expose_userauth_info = 0;
451 	if (options->sk_provider == NULL)
452 		options->sk_provider = xstrdup("internal");
453 	if (options->use_blacklist == -1)
454 		options->use_blacklist = 0;
455 
456 	assemble_algorithms(options);
457 
458 	/* Turn privilege separation and sandboxing on by default */
459 	if (use_privsep == -1)
460 		use_privsep = PRIVSEP_ON;
461 
462 #define CLEAR_ON_NONE(v) \
463 	do { \
464 		if (option_clear_or_none(v)) { \
465 			free(v); \
466 			v = NULL; \
467 		} \
468 	} while(0)
469 	CLEAR_ON_NONE(options->pid_file);
470 	CLEAR_ON_NONE(options->xauth_location);
471 	CLEAR_ON_NONE(options->banner);
472 	CLEAR_ON_NONE(options->trusted_user_ca_keys);
473 	CLEAR_ON_NONE(options->revoked_keys_file);
474 	CLEAR_ON_NONE(options->sk_provider);
475 	CLEAR_ON_NONE(options->authorized_principals_file);
476 	CLEAR_ON_NONE(options->adm_forced_command);
477 	CLEAR_ON_NONE(options->chroot_directory);
478 	CLEAR_ON_NONE(options->routing_domain);
479 	CLEAR_ON_NONE(options->host_key_agent);
480 	for (i = 0; i < options->num_host_key_files; i++)
481 		CLEAR_ON_NONE(options->host_key_files[i]);
482 	for (i = 0; i < options->num_host_cert_files; i++)
483 		CLEAR_ON_NONE(options->host_cert_files[i]);
484 #undef CLEAR_ON_NONE
485 
486 	/* Similar handling for AuthenticationMethods=any */
487 	if (options->num_auth_methods == 1 &&
488 	    strcmp(options->auth_methods[0], "any") == 0) {
489 		free(options->auth_methods[0]);
490 		options->auth_methods[0] = NULL;
491 		options->num_auth_methods = 0;
492 	}
493 }
494 
495 /* Keyword tokens. */
496 typedef enum {
497 	sBadOption,		/* == unknown option */
498 	/* Portable-specific options */
499 	sUsePAM,
500 	/* Standard Options */
501 	sPort, sHostKeyFile, sLoginGraceTime,
502 	sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
503 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
504 	sKerberosGetAFSToken, sPasswordAuthentication,
505 	sKbdInteractiveAuthentication, sListenAddress, sAddressFamily,
506 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
507 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
508 	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
509 	sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
510 	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
511 	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, sModuliFile,
512 	sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms,
513 	sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
514 	sBanner, sUseDNS, sHostbasedAuthentication,
515 	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms,
516 	sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize,
517 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
518 	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
519 	sAcceptEnv, sSetEnv, sPermitTunnel,
520 	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
521 	sUsePrivilegeSeparation, sAllowAgentForwarding,
522 	sHostCertificate, sInclude,
523 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
524 	sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
525 	sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
526 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
527 	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
528 	sStreamLocalBindMask, sStreamLocalBindUnlink,
529 	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
530 	sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
531 	sUseBlacklist,
532 	sDeprecated, sIgnore, sUnsupported
533 } ServerOpCodes;
534 
535 #define SSHCFG_GLOBAL		0x01	/* allowed in main section of config */
536 #define SSHCFG_MATCH		0x02	/* allowed inside a Match section */
537 #define SSHCFG_ALL		(SSHCFG_GLOBAL|SSHCFG_MATCH)
538 #define SSHCFG_NEVERMATCH	0x04  /* Match never matches; internal only */
539 #define SSHCFG_MATCH_ONLY	0x08  /* Match only in conditional blocks; internal only */
540 
541 /* Textual representation of the tokens. */
542 static struct {
543 	const char *name;
544 	ServerOpCodes opcode;
545 	u_int flags;
546 } keywords[] = {
547 	/* Portable-specific options */
548 #ifdef USE_PAM
549 	{ "usepam", sUsePAM, SSHCFG_GLOBAL },
550 #else
551 	{ "usepam", sUnsupported, SSHCFG_GLOBAL },
552 #endif
553 	{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
554 	/* Standard Options */
555 	{ "port", sPort, SSHCFG_GLOBAL },
556 	{ "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
557 	{ "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL },		/* alias */
558 	{ "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
559 	{ "pidfile", sPidFile, SSHCFG_GLOBAL },
560 	{ "modulifile", sModuliFile, SSHCFG_GLOBAL },
561 	{ "serverkeybits", sDeprecated, SSHCFG_GLOBAL },
562 	{ "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
563 	{ "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
564 	{ "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
565 	{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
566 	{ "loglevel", sLogLevel, SSHCFG_ALL },
567 	{ "logverbose", sLogVerbose, SSHCFG_ALL },
568 	{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
569 	{ "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
570 	{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
571 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
572 	{ "hostbasedacceptedalgorithms", sHostbasedAcceptedAlgorithms, SSHCFG_ALL },
573 	{ "hostbasedacceptedkeytypes", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */
574 	{ "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
575 	{ "rsaauthentication", sDeprecated, SSHCFG_ALL },
576 	{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
577 	{ "pubkeyacceptedalgorithms", sPubkeyAcceptedAlgorithms, SSHCFG_ALL },
578 	{ "pubkeyacceptedkeytypes", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */
579 	{ "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL },
580 	{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
581 #ifdef KRB5
582 	{ "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
583 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
584 	{ "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
585 #ifdef USE_AFS
586 	{ "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
587 #else
588 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
589 #endif
590 #else
591 	{ "kerberosauthentication", sUnsupported, SSHCFG_ALL },
592 	{ "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
593 	{ "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
594 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
595 #endif
596 	{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
597 	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
598 #ifdef GSSAPI
599 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
600 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
601 	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
602 #else
603 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
604 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
605 	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
606 #endif
607 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
608 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
609 	{ "challengeresponseauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */
610 	{ "skeyauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */
611 	{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
612 	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
613 	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
614 	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },
615 #ifdef DISABLE_LASTLOG
616 	{ "printlastlog", sUnsupported, SSHCFG_GLOBAL },
617 #else
618 	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
619 #endif
620 	{ "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL },
621 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
622 	{ "x11forwarding", sX11Forwarding, SSHCFG_ALL },
623 	{ "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
624 	{ "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
625 	{ "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
626 	{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
627 	{ "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
628 	{ "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
629 	{ "uselogin", sDeprecated, SSHCFG_GLOBAL },
630 	{ "compression", sCompression, SSHCFG_GLOBAL },
631 	{ "rekeylimit", sRekeyLimit, SSHCFG_ALL },
632 	{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
633 	{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL },	/* obsolete alias */
634 	{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
635 	{ "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
636 	{ "allowusers", sAllowUsers, SSHCFG_ALL },
637 	{ "denyusers", sDenyUsers, SSHCFG_ALL },
638 	{ "allowgroups", sAllowGroups, SSHCFG_ALL },
639 	{ "denygroups", sDenyGroups, SSHCFG_ALL },
640 	{ "ciphers", sCiphers, SSHCFG_GLOBAL },
641 	{ "macs", sMacs, SSHCFG_GLOBAL },
642 	{ "protocol", sIgnore, SSHCFG_GLOBAL },
643 	{ "gatewayports", sGatewayPorts, SSHCFG_ALL },
644 	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
645 	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
646 	{ "persourcemaxstartups", sPerSourceMaxStartups, SSHCFG_GLOBAL },
647 	{ "persourcenetblocksize", sPerSourceNetBlockSize, SSHCFG_GLOBAL },
648 	{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
649 	{ "maxsessions", sMaxSessions, SSHCFG_ALL },
650 	{ "banner", sBanner, SSHCFG_ALL },
651 	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
652 	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
653 	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
654 	{ "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },
655 	{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
656 	{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
657 	{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
658 	{ "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
659 	{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
660 	{ "setenv", sSetEnv, SSHCFG_ALL },
661 	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
662 	{ "permittty", sPermitTTY, SSHCFG_ALL },
663 	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
664 	{ "match", sMatch, SSHCFG_ALL },
665 	{ "permitopen", sPermitOpen, SSHCFG_ALL },
666 	{ "permitlisten", sPermitListen, SSHCFG_ALL },
667 	{ "forcecommand", sForceCommand, SSHCFG_ALL },
668 	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
669 	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
670 	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
671 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
672 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
673 	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
674 	{ "include", sInclude, SSHCFG_ALL },
675 	{ "ipqos", sIPQoS, SSHCFG_ALL },
676 	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
677 	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
678 	{ "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
679 	{ "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
680 	{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
681 	{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
682 	{ "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
683 	{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
684 	{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
685 	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
686 	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
687 	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
688 	{ "rdomain", sRDomain, SSHCFG_ALL },
689 	{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
690 	{ "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
691 	{ "useblacklist", sUseBlacklist, SSHCFG_GLOBAL },
692 	{ "useblocklist", sUseBlacklist, SSHCFG_GLOBAL }, /* alias */
693 	{ "noneenabled", sUnsupported, SSHCFG_ALL },
694 	{ "hpndisabled", sDeprecated, SSHCFG_ALL },
695 	{ "hpnbuffersize", sDeprecated, SSHCFG_ALL },
696 	{ "tcprcvbufpoll", sDeprecated, SSHCFG_ALL },
697 	{ NULL, sBadOption, 0 }
698 };
699 
700 static struct {
701 	int val;
702 	char *text;
703 } tunmode_desc[] = {
704 	{ SSH_TUNMODE_NO, "no" },
705 	{ SSH_TUNMODE_POINTOPOINT, "point-to-point" },
706 	{ SSH_TUNMODE_ETHERNET, "ethernet" },
707 	{ SSH_TUNMODE_YES, "yes" },
708 	{ -1, NULL }
709 };
710 
711 /* Returns an opcode name from its number */
712 
713 static const char *
714 lookup_opcode_name(ServerOpCodes code)
715 {
716 	u_int i;
717 
718 	for (i = 0; keywords[i].name != NULL; i++)
719 		if (keywords[i].opcode == code)
720 			return(keywords[i].name);
721 	return "UNKNOWN";
722 }
723 
724 
725 /*
726  * Returns the number of the token pointed to by cp or sBadOption.
727  */
728 
729 static ServerOpCodes
730 parse_token(const char *cp, const char *filename,
731 	    int linenum, u_int *flags)
732 {
733 	u_int i;
734 
735 	for (i = 0; keywords[i].name; i++)
736 		if (strcasecmp(cp, keywords[i].name) == 0) {
737 			*flags = keywords[i].flags;
738 			return keywords[i].opcode;
739 		}
740 
741 	error("%s: line %d: Bad configuration option: %s",
742 	    filename, linenum, cp);
743 	return sBadOption;
744 }
745 
746 char *
747 derelativise_path(const char *path)
748 {
749 	char *expanded, *ret, cwd[PATH_MAX];
750 
751 	if (strcasecmp(path, "none") == 0)
752 		return xstrdup("none");
753 	expanded = tilde_expand_filename(path, getuid());
754 	if (path_absolute(expanded))
755 		return expanded;
756 	if (getcwd(cwd, sizeof(cwd)) == NULL)
757 		fatal_f("getcwd: %s", strerror(errno));
758 	xasprintf(&ret, "%s/%s", cwd, expanded);
759 	free(expanded);
760 	return ret;
761 }
762 
763 static void
764 add_listen_addr(ServerOptions *options, const char *addr,
765     const char *rdomain, int port)
766 {
767 	u_int i;
768 
769 	if (port > 0)
770 		add_one_listen_addr(options, addr, rdomain, port);
771 	else {
772 		for (i = 0; i < options->num_ports; i++) {
773 			add_one_listen_addr(options, addr, rdomain,
774 			    options->ports[i]);
775 		}
776 	}
777 }
778 
779 static void
780 add_one_listen_addr(ServerOptions *options, const char *addr,
781     const char *rdomain, int port)
782 {
783 	struct addrinfo hints, *ai, *aitop;
784 	char strport[NI_MAXSERV];
785 	int gaierr;
786 	u_int i;
787 
788 	/* Find listen_addrs entry for this rdomain */
789 	for (i = 0; i < options->num_listen_addrs; i++) {
790 		if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL)
791 			break;
792 		if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL)
793 			continue;
794 		if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0)
795 			break;
796 	}
797 	if (i >= options->num_listen_addrs) {
798 		/* No entry for this rdomain; allocate one */
799 		if (i >= INT_MAX)
800 			fatal_f("too many listen addresses");
801 		options->listen_addrs = xrecallocarray(options->listen_addrs,
802 		    options->num_listen_addrs, options->num_listen_addrs + 1,
803 		    sizeof(*options->listen_addrs));
804 		i = options->num_listen_addrs++;
805 		if (rdomain != NULL)
806 			options->listen_addrs[i].rdomain = xstrdup(rdomain);
807 	}
808 	/* options->listen_addrs[i] points to the addresses for this rdomain */
809 
810 	memset(&hints, 0, sizeof(hints));
811 	hints.ai_family = options->address_family;
812 	hints.ai_socktype = SOCK_STREAM;
813 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
814 	snprintf(strport, sizeof strport, "%d", port);
815 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
816 		fatal("bad addr or host: %s (%s)",
817 		    addr ? addr : "<NULL>",
818 		    ssh_gai_strerror(gaierr));
819 	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
820 		;
821 	ai->ai_next = options->listen_addrs[i].addrs;
822 	options->listen_addrs[i].addrs = aitop;
823 }
824 
825 /* Returns nonzero if the routing domain name is valid */
826 static int
827 valid_rdomain(const char *name)
828 {
829 #if defined(HAVE_SYS_VALID_RDOMAIN)
830 	return sys_valid_rdomain(name);
831 #elif defined(__OpenBSD__)
832 	const char *errstr;
833 	long long num;
834 	struct rt_tableinfo info;
835 	int mib[6];
836 	size_t miblen = sizeof(mib);
837 
838 	if (name == NULL)
839 		return 1;
840 
841 	num = strtonum(name, 0, 255, &errstr);
842 	if (errstr != NULL)
843 		return 0;
844 
845 	/* Check whether the table actually exists */
846 	memset(mib, 0, sizeof(mib));
847 	mib[0] = CTL_NET;
848 	mib[1] = PF_ROUTE;
849 	mib[4] = NET_RT_TABLE;
850 	mib[5] = (int)num;
851 	if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1)
852 		return 0;
853 
854 	return 1;
855 #else /* defined(__OpenBSD__) */
856 	error("Routing domains are not supported on this platform");
857 	return 0;
858 #endif
859 }
860 
861 /*
862  * Queue a ListenAddress to be processed once we have all of the Ports
863  * and AddressFamily options.
864  */
865 static void
866 queue_listen_addr(ServerOptions *options, const char *addr,
867     const char *rdomain, int port)
868 {
869 	struct queued_listenaddr *qla;
870 
871 	options->queued_listen_addrs = xrecallocarray(
872 	    options->queued_listen_addrs,
873 	    options->num_queued_listens, options->num_queued_listens + 1,
874 	    sizeof(*options->queued_listen_addrs));
875 	qla = &options->queued_listen_addrs[options->num_queued_listens++];
876 	qla->addr = xstrdup(addr);
877 	qla->port = port;
878 	qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain);
879 }
880 
881 /*
882  * Process queued (text) ListenAddress entries.
883  */
884 static void
885 process_queued_listen_addrs(ServerOptions *options)
886 {
887 	u_int i;
888 	struct queued_listenaddr *qla;
889 
890 	if (options->num_ports == 0)
891 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
892 	if (options->address_family == -1)
893 		options->address_family = AF_UNSPEC;
894 
895 	for (i = 0; i < options->num_queued_listens; i++) {
896 		qla = &options->queued_listen_addrs[i];
897 		add_listen_addr(options, qla->addr, qla->rdomain, qla->port);
898 		free(qla->addr);
899 		free(qla->rdomain);
900 	}
901 	free(options->queued_listen_addrs);
902 	options->queued_listen_addrs = NULL;
903 	options->num_queued_listens = 0;
904 }
905 
906 /*
907  * Inform channels layer of permitopen options for a single forwarding
908  * direction (local/remote).
909  */
910 static void
911 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
912     char **opens, u_int num_opens)
913 {
914 	u_int i;
915 	int port;
916 	char *host, *arg, *oarg;
917 	int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
918 	const char *what = lookup_opcode_name(opcode);
919 
920 	channel_clear_permission(ssh, FORWARD_ADM, where);
921 	if (num_opens == 0)
922 		return; /* permit any */
923 
924 	/* handle keywords: "any" / "none" */
925 	if (num_opens == 1 && strcmp(opens[0], "any") == 0)
926 		return;
927 	if (num_opens == 1 && strcmp(opens[0], "none") == 0) {
928 		channel_disable_admin(ssh, where);
929 		return;
930 	}
931 	/* Otherwise treat it as a list of permitted host:port */
932 	for (i = 0; i < num_opens; i++) {
933 		oarg = arg = xstrdup(opens[i]);
934 		host = hpdelim(&arg);
935 		if (host == NULL)
936 			fatal_f("missing host in %s", what);
937 		host = cleanhostname(host);
938 		if (arg == NULL || ((port = permitopen_port(arg)) < 0))
939 			fatal_f("bad port number in %s", what);
940 		/* Send it to channels layer */
941 		channel_add_permission(ssh, FORWARD_ADM,
942 		    where, host, port);
943 		free(oarg);
944 	}
945 }
946 
947 /*
948  * Inform channels layer of permitopen options from configuration.
949  */
950 void
951 process_permitopen(struct ssh *ssh, ServerOptions *options)
952 {
953 	process_permitopen_list(ssh, sPermitOpen,
954 	    options->permitted_opens, options->num_permitted_opens);
955 	process_permitopen_list(ssh, sPermitListen,
956 	    options->permitted_listens,
957 	    options->num_permitted_listens);
958 }
959 
960 struct connection_info *
961 get_connection_info(struct ssh *ssh, int populate, int use_dns)
962 {
963 	static struct connection_info ci;
964 
965 	if (ssh == NULL || !populate)
966 		return &ci;
967 	ci.host = auth_get_canonical_hostname(ssh, use_dns);
968 	ci.address = ssh_remote_ipaddr(ssh);
969 	ci.laddress = ssh_local_ipaddr(ssh);
970 	ci.lport = ssh_local_port(ssh);
971 	ci.rdomain = ssh_packet_rdomain_in(ssh);
972 	return &ci;
973 }
974 
975 /*
976  * The strategy for the Match blocks is that the config file is parsed twice.
977  *
978  * The first time is at startup.  activep is initialized to 1 and the
979  * directives in the global context are processed and acted on.  Hitting a
980  * Match directive unsets activep and the directives inside the block are
981  * checked for syntax only.
982  *
983  * The second time is after a connection has been established but before
984  * authentication.  activep is initialized to 2 and global config directives
985  * are ignored since they have already been processed.  If the criteria in a
986  * Match block is met, activep is set and the subsequent directives
987  * processed and actioned until EOF or another Match block unsets it.  Any
988  * options set are copied into the main server config.
989  *
990  * Potential additions/improvements:
991  *  - Add Match support for pre-kex directives, eg. Ciphers.
992  *
993  *  - Add a Tag directive (idea from David Leonard) ala pf, eg:
994  *	Match Address 192.168.0.*
995  *		Tag trusted
996  *	Match Group wheel
997  *		Tag trusted
998  *	Match Tag trusted
999  *		AllowTcpForwarding yes
1000  *		GatewayPorts clientspecified
1001  *		[...]
1002  *
1003  *  - Add a PermittedChannelRequests directive
1004  *	Match Group shell
1005  *		PermittedChannelRequests session,forwarded-tcpip
1006  */
1007 
1008 static int
1009 match_cfg_line_group(const char *grps, int line, const char *user)
1010 {
1011 	int result = 0;
1012 	struct passwd *pw;
1013 
1014 	if (user == NULL)
1015 		goto out;
1016 
1017 	if ((pw = getpwnam(user)) == NULL) {
1018 		debug("Can't match group at line %d because user %.100s does "
1019 		    "not exist", line, user);
1020 	} else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
1021 		debug("Can't Match group because user %.100s not in any group "
1022 		    "at line %d", user, line);
1023 	} else if (ga_match_pattern_list(grps) != 1) {
1024 		debug("user %.100s does not match group list %.100s at line %d",
1025 		    user, grps, line);
1026 	} else {
1027 		debug("user %.100s matched group list %.100s at line %d", user,
1028 		    grps, line);
1029 		result = 1;
1030 	}
1031 out:
1032 	ga_free();
1033 	return result;
1034 }
1035 
1036 static void
1037 match_test_missing_fatal(const char *criteria, const char *attrib)
1038 {
1039 	fatal("'Match %s' in configuration but '%s' not in connection "
1040 	    "test specification.", criteria, attrib);
1041 }
1042 
1043 /*
1044  * All of the attributes on a single Match line are ANDed together, so we need
1045  * to check every attribute and set the result to zero if any attribute does
1046  * not match.
1047  */
1048 static int
1049 match_cfg_line(char **condition, int line, struct connection_info *ci)
1050 {
1051 	int result = 1, attributes = 0, port;
1052 	char *arg, *attrib, *cp = *condition;
1053 
1054 	if (ci == NULL)
1055 		debug3("checking syntax for 'Match %s'", cp);
1056 	else
1057 		debug3("checking match for '%s' user %s host %s addr %s "
1058 		    "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
1059 		    ci->host ? ci->host : "(null)",
1060 		    ci->address ? ci->address : "(null)",
1061 		    ci->laddress ? ci->laddress : "(null)", ci->lport);
1062 
1063 	while ((attrib = strdelim(&cp)) && *attrib != '\0') {
1064 		/* Terminate on comment */
1065 		if (*attrib == '#') {
1066 			cp = NULL; /* mark all arguments consumed */
1067 			break;
1068 		}
1069 		arg = NULL;
1070 		attributes++;
1071 		/* Criterion "all" has no argument and must appear alone */
1072 		if (strcasecmp(attrib, "all") == 0) {
1073 			if (attributes > 1 || ((arg = strdelim(&cp)) != NULL &&
1074 			    *arg != '\0' && *arg != '#')) {
1075 				error("'all' cannot be combined with other "
1076 				    "Match attributes");
1077 				return -1;
1078 			}
1079 			if (arg != NULL && *arg == '#')
1080 				cp = NULL; /* mark all arguments consumed */
1081 			*condition = cp;
1082 			return 1;
1083 		}
1084 		/* All other criteria require an argument */
1085 		if ((arg = strdelim(&cp)) == NULL ||
1086 		    *arg == '\0' || *arg == '#') {
1087 			error("Missing Match criteria for %s", attrib);
1088 			return -1;
1089 		}
1090 		if (strcasecmp(attrib, "user") == 0) {
1091 			if (ci == NULL || (ci->test && ci->user == NULL)) {
1092 				result = 0;
1093 				continue;
1094 			}
1095 			if (ci->user == NULL)
1096 				match_test_missing_fatal("User", "user");
1097 			if (match_usergroup_pattern_list(ci->user, arg) != 1)
1098 				result = 0;
1099 			else
1100 				debug("user %.100s matched 'User %.100s' at "
1101 				    "line %d", ci->user, arg, line);
1102 		} else if (strcasecmp(attrib, "group") == 0) {
1103 			if (ci == NULL || (ci->test && ci->user == NULL)) {
1104 				result = 0;
1105 				continue;
1106 			}
1107 			if (ci->user == NULL)
1108 				match_test_missing_fatal("Group", "user");
1109 			switch (match_cfg_line_group(arg, line, ci->user)) {
1110 			case -1:
1111 				return -1;
1112 			case 0:
1113 				result = 0;
1114 			}
1115 		} else if (strcasecmp(attrib, "host") == 0) {
1116 			if (ci == NULL || (ci->test && ci->host == NULL)) {
1117 				result = 0;
1118 				continue;
1119 			}
1120 			if (ci->host == NULL)
1121 				match_test_missing_fatal("Host", "host");
1122 			if (match_hostname(ci->host, arg) != 1)
1123 				result = 0;
1124 			else
1125 				debug("connection from %.100s matched 'Host "
1126 				    "%.100s' at line %d", ci->host, arg, line);
1127 		} else if (strcasecmp(attrib, "address") == 0) {
1128 			if (ci == NULL || (ci->test && ci->address == NULL)) {
1129 				if (addr_match_list(NULL, arg) != 0)
1130 					fatal("Invalid Match address argument "
1131 					    "'%s' at line %d", arg, line);
1132 				result = 0;
1133 				continue;
1134 			}
1135 			if (ci->address == NULL)
1136 				match_test_missing_fatal("Address", "addr");
1137 			switch (addr_match_list(ci->address, arg)) {
1138 			case 1:
1139 				debug("connection from %.100s matched 'Address "
1140 				    "%.100s' at line %d", ci->address, arg, line);
1141 				break;
1142 			case 0:
1143 			case -1:
1144 				result = 0;
1145 				break;
1146 			case -2:
1147 				return -1;
1148 			}
1149 		} else if (strcasecmp(attrib, "localaddress") == 0){
1150 			if (ci == NULL || (ci->test && ci->laddress == NULL)) {
1151 				if (addr_match_list(NULL, arg) != 0)
1152 					fatal("Invalid Match localaddress "
1153 					    "argument '%s' at line %d", arg,
1154 					    line);
1155 				result = 0;
1156 				continue;
1157 			}
1158 			if (ci->laddress == NULL)
1159 				match_test_missing_fatal("LocalAddress",
1160 				    "laddr");
1161 			switch (addr_match_list(ci->laddress, arg)) {
1162 			case 1:
1163 				debug("connection from %.100s matched "
1164 				    "'LocalAddress %.100s' at line %d",
1165 				    ci->laddress, arg, line);
1166 				break;
1167 			case 0:
1168 			case -1:
1169 				result = 0;
1170 				break;
1171 			case -2:
1172 				return -1;
1173 			}
1174 		} else if (strcasecmp(attrib, "localport") == 0) {
1175 			if ((port = a2port(arg)) == -1) {
1176 				error("Invalid LocalPort '%s' on Match line",
1177 				    arg);
1178 				return -1;
1179 			}
1180 			if (ci == NULL || (ci->test && ci->lport == -1)) {
1181 				result = 0;
1182 				continue;
1183 			}
1184 			if (ci->lport == 0)
1185 				match_test_missing_fatal("LocalPort", "lport");
1186 			/* TODO support port lists */
1187 			if (port == ci->lport)
1188 				debug("connection from %.100s matched "
1189 				    "'LocalPort %d' at line %d",
1190 				    ci->laddress, port, line);
1191 			else
1192 				result = 0;
1193 		} else if (strcasecmp(attrib, "rdomain") == 0) {
1194 			if (ci == NULL || (ci->test && ci->rdomain == NULL)) {
1195 				result = 0;
1196 				continue;
1197 			}
1198 			if (ci->rdomain == NULL)
1199 				match_test_missing_fatal("RDomain", "rdomain");
1200 			if (match_pattern_list(ci->rdomain, arg, 0) != 1)
1201 				result = 0;
1202 			else
1203 				debug("user %.100s matched 'RDomain %.100s' at "
1204 				    "line %d", ci->rdomain, arg, line);
1205 		} else {
1206 			error("Unsupported Match attribute %s", attrib);
1207 			return -1;
1208 		}
1209 	}
1210 	if (attributes == 0) {
1211 		error("One or more attributes required for Match");
1212 		return -1;
1213 	}
1214 	if (ci != NULL)
1215 		debug3("match %sfound", result ? "" : "not ");
1216 	*condition = cp;
1217 	return result;
1218 }
1219 
1220 #define WHITESPACE " \t\r\n"
1221 
1222 /* Multistate option parsing */
1223 struct multistate {
1224 	char *key;
1225 	int value;
1226 };
1227 static const struct multistate multistate_flag[] = {
1228 	{ "yes",			1 },
1229 	{ "no",				0 },
1230 	{ NULL, -1 }
1231 };
1232 static const struct multistate multistate_ignore_rhosts[] = {
1233 	{ "yes",			IGNORE_RHOSTS_YES },
1234 	{ "no",				IGNORE_RHOSTS_NO },
1235 	{ "shosts-only",		IGNORE_RHOSTS_SHOSTS },
1236 	{ NULL, -1 }
1237 };
1238 static const struct multistate multistate_addressfamily[] = {
1239 	{ "inet",			AF_INET },
1240 	{ "inet6",			AF_INET6 },
1241 	{ "any",			AF_UNSPEC },
1242 	{ NULL, -1 }
1243 };
1244 static const struct multistate multistate_permitrootlogin[] = {
1245 	{ "without-password",		PERMIT_NO_PASSWD },
1246 	{ "prohibit-password",		PERMIT_NO_PASSWD },
1247 	{ "forced-commands-only",	PERMIT_FORCED_ONLY },
1248 	{ "yes",			PERMIT_YES },
1249 	{ "no",				PERMIT_NO },
1250 	{ NULL, -1 }
1251 };
1252 static const struct multistate multistate_compression[] = {
1253 #ifdef WITH_ZLIB
1254 	{ "yes",			COMP_DELAYED },
1255 	{ "delayed",			COMP_DELAYED },
1256 #endif
1257 	{ "no",				COMP_NONE },
1258 	{ NULL, -1 }
1259 };
1260 static const struct multistate multistate_gatewayports[] = {
1261 	{ "clientspecified",		2 },
1262 	{ "yes",			1 },
1263 	{ "no",				0 },
1264 	{ NULL, -1 }
1265 };
1266 static const struct multistate multistate_tcpfwd[] = {
1267 	{ "yes",			FORWARD_ALLOW },
1268 	{ "all",			FORWARD_ALLOW },
1269 	{ "no",				FORWARD_DENY },
1270 	{ "remote",			FORWARD_REMOTE },
1271 	{ "local",			FORWARD_LOCAL },
1272 	{ NULL, -1 }
1273 };
1274 
1275 static int
1276 process_server_config_line_depth(ServerOptions *options, char *line,
1277     const char *filename, int linenum, int *activep,
1278     struct connection_info *connectinfo, int *inc_flags, int depth,
1279     struct include_list *includes)
1280 {
1281 	char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
1282 	int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
1283 	SyslogFacility *log_facility_ptr;
1284 	LogLevel *log_level_ptr;
1285 	ServerOpCodes opcode;
1286 	u_int i, *uintptr, uvalue, flags = 0;
1287 	size_t len;
1288 	long long val64;
1289 	const struct multistate *multistate_ptr;
1290 	const char *errstr;
1291 	struct include_item *item;
1292 	glob_t gbuf;
1293 	char **oav = NULL, **av;
1294 	int oac = 0, ac;
1295 	int ret = -1;
1296 
1297 	/* Strip trailing whitespace. Allow \f (form feed) at EOL only */
1298 	if ((len = strlen(line)) == 0)
1299 		return 0;
1300 	for (len--; len > 0; len--) {
1301 		if (strchr(WHITESPACE "\f", line[len]) == NULL)
1302 			break;
1303 		line[len] = '\0';
1304 	}
1305 
1306 	str = line;
1307 	if ((keyword = strdelim(&str)) == NULL)
1308 		return 0;
1309 	/* Ignore leading whitespace */
1310 	if (*keyword == '\0')
1311 		keyword = strdelim(&str);
1312 	if (!keyword || !*keyword || *keyword == '#')
1313 		return 0;
1314 	if (str == NULL || *str == '\0') {
1315 		error("%s line %d: no argument after keyword \"%s\"",
1316 		    filename, linenum, keyword);
1317 		return -1;
1318 	}
1319 	intptr = NULL;
1320 	charptr = NULL;
1321 	opcode = parse_token(keyword, filename, linenum, &flags);
1322 
1323 	if (argv_split(str, &oac, &oav, 1) != 0) {
1324 		error("%s line %d: invalid quotes", filename, linenum);
1325 		return -1;
1326 	}
1327 	ac = oac;
1328 	av = oav;
1329 
1330 	if (activep == NULL) { /* We are processing a command line directive */
1331 		cmdline = 1;
1332 		activep = &cmdline;
1333 	}
1334 	if (*activep && opcode != sMatch && opcode != sInclude)
1335 		debug3("%s:%d setting %s %s", filename, linenum, keyword, str);
1336 	if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
1337 		if (connectinfo == NULL) {
1338 			fatal("%s line %d: Directive '%s' is not allowed "
1339 			    "within a Match block", filename, linenum, keyword);
1340 		} else { /* this is a directive we have already processed */
1341 			ret = 0;
1342 			goto out;
1343 		}
1344 	}
1345 
1346 	switch (opcode) {
1347 	/* Portable-specific options */
1348 	case sUsePAM:
1349 		intptr = &options->use_pam;
1350 		goto parse_flag;
1351 
1352 	/* Standard Options */
1353 	case sBadOption:
1354 		goto out;
1355 	case sPort:
1356 		/* ignore ports from configfile if cmdline specifies ports */
1357 		if (options->ports_from_cmdline) {
1358 			argv_consume(&ac);
1359 			break;
1360 		}
1361 		if (options->num_ports >= MAX_PORTS)
1362 			fatal("%s line %d: too many ports.",
1363 			    filename, linenum);
1364 		arg = argv_next(&ac, &av);
1365 		if (!arg || *arg == '\0')
1366 			fatal("%s line %d: missing port number.",
1367 			    filename, linenum);
1368 		options->ports[options->num_ports++] = a2port(arg);
1369 		if (options->ports[options->num_ports-1] <= 0)
1370 			fatal("%s line %d: Badly formatted port number.",
1371 			    filename, linenum);
1372 		break;
1373 
1374 	case sLoginGraceTime:
1375 		intptr = &options->login_grace_time;
1376  parse_time:
1377 		arg = argv_next(&ac, &av);
1378 		if (!arg || *arg == '\0')
1379 			fatal("%s line %d: missing time value.",
1380 			    filename, linenum);
1381 		if ((value = convtime(arg)) == -1)
1382 			fatal("%s line %d: invalid time value.",
1383 			    filename, linenum);
1384 		if (*activep && *intptr == -1)
1385 			*intptr = value;
1386 		break;
1387 
1388 	case sListenAddress:
1389 		arg = argv_next(&ac, &av);
1390 		if (arg == NULL || *arg == '\0')
1391 			fatal("%s line %d: missing address",
1392 			    filename, linenum);
1393 		/* check for bare IPv6 address: no "[]" and 2 or more ":" */
1394 		if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
1395 		    && strchr(p+1, ':') != NULL) {
1396 			port = 0;
1397 			p = arg;
1398 		} else {
1399 			arg2 = NULL;
1400 			p = hpdelim(&arg);
1401 			if (p == NULL)
1402 				fatal("%s line %d: bad address:port usage",
1403 				    filename, linenum);
1404 			p = cleanhostname(p);
1405 			if (arg == NULL)
1406 				port = 0;
1407 			else if ((port = a2port(arg)) <= 0)
1408 				fatal("%s line %d: bad port number",
1409 				    filename, linenum);
1410 		}
1411 		/* Optional routing table */
1412 		arg2 = NULL;
1413 		if ((arg = argv_next(&ac, &av)) != NULL) {
1414 			if (strcmp(arg, "rdomain") != 0 ||
1415 			    (arg2 = argv_next(&ac, &av)) == NULL)
1416 				fatal("%s line %d: bad ListenAddress syntax",
1417 				    filename, linenum);
1418 			if (!valid_rdomain(arg2))
1419 				fatal("%s line %d: bad routing domain",
1420 				    filename, linenum);
1421 		}
1422 		queue_listen_addr(options, p, arg2, port);
1423 
1424 		break;
1425 
1426 	case sAddressFamily:
1427 		intptr = &options->address_family;
1428 		multistate_ptr = multistate_addressfamily;
1429  parse_multistate:
1430 		arg = argv_next(&ac, &av);
1431 		if (!arg || *arg == '\0')
1432 			fatal("%s line %d: missing argument.",
1433 			    filename, linenum);
1434 		value = -1;
1435 		for (i = 0; multistate_ptr[i].key != NULL; i++) {
1436 			if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
1437 				value = multistate_ptr[i].value;
1438 				break;
1439 			}
1440 		}
1441 		if (value == -1)
1442 			fatal("%s line %d: unsupported option \"%s\".",
1443 			    filename, linenum, arg);
1444 		if (*activep && *intptr == -1)
1445 			*intptr = value;
1446 		break;
1447 
1448 	case sHostKeyFile:
1449 		arg = argv_next(&ac, &av);
1450 		if (!arg || *arg == '\0')
1451 			fatal("%s line %d: missing file name.",
1452 			    filename, linenum);
1453 		if (*activep) {
1454 			servconf_add_hostkey(filename, linenum,
1455 			    options, arg, 1);
1456 		}
1457 		break;
1458 
1459 	case sHostKeyAgent:
1460 		charptr = &options->host_key_agent;
1461 		arg = argv_next(&ac, &av);
1462 		if (!arg || *arg == '\0')
1463 			fatal("%s line %d: missing socket name.",
1464 			    filename, linenum);
1465 		if (*activep && *charptr == NULL)
1466 			*charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
1467 			    xstrdup(arg) : derelativise_path(arg);
1468 		break;
1469 
1470 	case sHostCertificate:
1471 		arg = argv_next(&ac, &av);
1472 		if (!arg || *arg == '\0')
1473 			fatal("%s line %d: missing file name.",
1474 			    filename, linenum);
1475 		if (*activep)
1476 			servconf_add_hostcert(filename, linenum, options, arg);
1477 		break;
1478 
1479 	case sPidFile:
1480 		charptr = &options->pid_file;
1481  parse_filename:
1482 		arg = argv_next(&ac, &av);
1483 		if (!arg || *arg == '\0')
1484 			fatal("%s line %d: missing file name.",
1485 			    filename, linenum);
1486 		if (*activep && *charptr == NULL) {
1487 			*charptr = derelativise_path(arg);
1488 			/* increase optional counter */
1489 			if (intptr != NULL)
1490 				*intptr = *intptr + 1;
1491 		}
1492 		break;
1493 
1494 	case sModuliFile:
1495 		charptr = &options->moduli_file;
1496 		goto parse_filename;
1497 
1498 	case sPermitRootLogin:
1499 		intptr = &options->permit_root_login;
1500 		multistate_ptr = multistate_permitrootlogin;
1501 		goto parse_multistate;
1502 
1503 	case sIgnoreRhosts:
1504 		intptr = &options->ignore_rhosts;
1505 		multistate_ptr = multistate_ignore_rhosts;
1506 		goto parse_multistate;
1507 
1508 	case sIgnoreUserKnownHosts:
1509 		intptr = &options->ignore_user_known_hosts;
1510  parse_flag:
1511 		multistate_ptr = multistate_flag;
1512 		goto parse_multistate;
1513 
1514 	case sHostbasedAuthentication:
1515 		intptr = &options->hostbased_authentication;
1516 		goto parse_flag;
1517 
1518 	case sHostbasedUsesNameFromPacketOnly:
1519 		intptr = &options->hostbased_uses_name_from_packet_only;
1520 		goto parse_flag;
1521 
1522 	case sHostbasedAcceptedAlgorithms:
1523 		charptr = &options->hostbased_accepted_algos;
1524  parse_pubkey_algos:
1525 		arg = argv_next(&ac, &av);
1526 		if (!arg || *arg == '\0')
1527 			fatal("%s line %d: Missing argument.",
1528 			    filename, linenum);
1529 		if (*arg != '-' &&
1530 		    !sshkey_names_valid2(*arg == '+' || *arg == '^' ?
1531 		    arg + 1 : arg, 1))
1532 			fatal("%s line %d: Bad key types '%s'.",
1533 			    filename, linenum, arg ? arg : "<NONE>");
1534 		if (*activep && *charptr == NULL)
1535 			*charptr = xstrdup(arg);
1536 		break;
1537 
1538 	case sHostKeyAlgorithms:
1539 		charptr = &options->hostkeyalgorithms;
1540 		goto parse_pubkey_algos;
1541 
1542 	case sCASignatureAlgorithms:
1543 		charptr = &options->ca_sign_algorithms;
1544 		goto parse_pubkey_algos;
1545 
1546 	case sPubkeyAuthentication:
1547 		intptr = &options->pubkey_authentication;
1548 		goto parse_flag;
1549 
1550 	case sPubkeyAcceptedAlgorithms:
1551 		charptr = &options->pubkey_accepted_algos;
1552 		goto parse_pubkey_algos;
1553 
1554 	case sPubkeyAuthOptions:
1555 		intptr = &options->pubkey_auth_options;
1556 		value = 0;
1557 		while ((arg = argv_next(&ac, &av)) != NULL) {
1558 			if (strcasecmp(arg, "none") == 0)
1559 				continue;
1560 			if (strcasecmp(arg, "touch-required") == 0)
1561 				value |= PUBKEYAUTH_TOUCH_REQUIRED;
1562 			else if (strcasecmp(arg, "verify-required") == 0)
1563 				value |= PUBKEYAUTH_VERIFY_REQUIRED;
1564 			else {
1565 				error("%s line %d: unsupported %s option %s",
1566 				    filename, linenum, keyword, arg);
1567 				goto out;
1568 			}
1569 		}
1570 		if (*activep && *intptr == -1)
1571 			*intptr = value;
1572 		break;
1573 
1574 	case sKerberosAuthentication:
1575 		intptr = &options->kerberos_authentication;
1576 		goto parse_flag;
1577 
1578 	case sKerberosOrLocalPasswd:
1579 		intptr = &options->kerberos_or_local_passwd;
1580 		goto parse_flag;
1581 
1582 	case sKerberosTicketCleanup:
1583 		intptr = &options->kerberos_ticket_cleanup;
1584 		goto parse_flag;
1585 
1586 	case sKerberosGetAFSToken:
1587 		intptr = &options->kerberos_get_afs_token;
1588 		goto parse_flag;
1589 
1590 	case sGssAuthentication:
1591 		intptr = &options->gss_authentication;
1592 		goto parse_flag;
1593 
1594 	case sGssCleanupCreds:
1595 		intptr = &options->gss_cleanup_creds;
1596 		goto parse_flag;
1597 
1598 	case sGssStrictAcceptor:
1599 		intptr = &options->gss_strict_acceptor;
1600 		goto parse_flag;
1601 
1602 	case sPasswordAuthentication:
1603 		intptr = &options->password_authentication;
1604 		goto parse_flag;
1605 
1606 	case sKbdInteractiveAuthentication:
1607 		intptr = &options->kbd_interactive_authentication;
1608 		goto parse_flag;
1609 
1610 	case sPrintMotd:
1611 		intptr = &options->print_motd;
1612 		goto parse_flag;
1613 
1614 	case sPrintLastLog:
1615 		intptr = &options->print_lastlog;
1616 		goto parse_flag;
1617 
1618 	case sX11Forwarding:
1619 		intptr = &options->x11_forwarding;
1620 		goto parse_flag;
1621 
1622 	case sX11DisplayOffset:
1623 		intptr = &options->x11_display_offset;
1624  parse_int:
1625 		arg = argv_next(&ac, &av);
1626 		if ((errstr = atoi_err(arg, &value)) != NULL)
1627 			fatal("%s line %d: %s integer value %s.",
1628 			    filename, linenum, keyword, errstr);
1629 		if (*activep && *intptr == -1)
1630 			*intptr = value;
1631 		break;
1632 
1633 	case sX11UseLocalhost:
1634 		intptr = &options->x11_use_localhost;
1635 		goto parse_flag;
1636 
1637 	case sXAuthLocation:
1638 		charptr = &options->xauth_location;
1639 		goto parse_filename;
1640 
1641 	case sPermitTTY:
1642 		intptr = &options->permit_tty;
1643 		goto parse_flag;
1644 
1645 	case sPermitUserRC:
1646 		intptr = &options->permit_user_rc;
1647 		goto parse_flag;
1648 
1649 	case sStrictModes:
1650 		intptr = &options->strict_modes;
1651 		goto parse_flag;
1652 
1653 	case sTCPKeepAlive:
1654 		intptr = &options->tcp_keep_alive;
1655 		goto parse_flag;
1656 
1657 	case sEmptyPasswd:
1658 		intptr = &options->permit_empty_passwd;
1659 		goto parse_flag;
1660 
1661 	case sPermitUserEnvironment:
1662 		intptr = &options->permit_user_env;
1663 		charptr = &options->permit_user_env_allowlist;
1664 		arg = argv_next(&ac, &av);
1665 		if (!arg || *arg == '\0')
1666 			fatal("%s line %d: %s missing argument.",
1667 			    filename, linenum, keyword);
1668 		value = 0;
1669 		p = NULL;
1670 		if (strcmp(arg, "yes") == 0)
1671 			value = 1;
1672 		else if (strcmp(arg, "no") == 0)
1673 			value = 0;
1674 		else {
1675 			/* Pattern-list specified */
1676 			value = 1;
1677 			p = xstrdup(arg);
1678 		}
1679 		if (*activep && *intptr == -1) {
1680 			*intptr = value;
1681 			*charptr = p;
1682 			p = NULL;
1683 		}
1684 		free(p);
1685 		break;
1686 
1687 	case sCompression:
1688 		intptr = &options->compression;
1689 		multistate_ptr = multistate_compression;
1690 		goto parse_multistate;
1691 
1692 	case sRekeyLimit:
1693 		arg = argv_next(&ac, &av);
1694 		if (!arg || *arg == '\0')
1695 			fatal("%s line %d: %s missing argument.",
1696 			    filename, linenum, keyword);
1697 		if (strcmp(arg, "default") == 0) {
1698 			val64 = 0;
1699 		} else {
1700 			if (scan_scaled(arg, &val64) == -1)
1701 				fatal("%.200s line %d: Bad %s number '%s': %s",
1702 				    filename, linenum, keyword,
1703 				    arg, strerror(errno));
1704 			if (val64 != 0 && val64 < 16)
1705 				fatal("%.200s line %d: %s too small",
1706 				    filename, linenum, keyword);
1707 		}
1708 		if (*activep && options->rekey_limit == -1)
1709 			options->rekey_limit = val64;
1710 		if (ac != 0) { /* optional rekey interval present */
1711 			if (strcmp(av[0], "none") == 0) {
1712 				(void)argv_next(&ac, &av);	/* discard */
1713 				break;
1714 			}
1715 			intptr = &options->rekey_interval;
1716 			goto parse_time;
1717 		}
1718 		break;
1719 
1720 	case sGatewayPorts:
1721 		intptr = &options->fwd_opts.gateway_ports;
1722 		multistate_ptr = multistate_gatewayports;
1723 		goto parse_multistate;
1724 
1725 	case sUseDNS:
1726 		intptr = &options->use_dns;
1727 		goto parse_flag;
1728 
1729 	case sLogFacility:
1730 		log_facility_ptr = &options->log_facility;
1731 		arg = argv_next(&ac, &av);
1732 		value = log_facility_number(arg);
1733 		if (value == SYSLOG_FACILITY_NOT_SET)
1734 			fatal("%.200s line %d: unsupported log facility '%s'",
1735 			    filename, linenum, arg ? arg : "<NONE>");
1736 		if (*log_facility_ptr == -1)
1737 			*log_facility_ptr = (SyslogFacility) value;
1738 		break;
1739 
1740 	case sLogLevel:
1741 		log_level_ptr = &options->log_level;
1742 		arg = argv_next(&ac, &av);
1743 		value = log_level_number(arg);
1744 		if (value == SYSLOG_LEVEL_NOT_SET)
1745 			fatal("%.200s line %d: unsupported log level '%s'",
1746 			    filename, linenum, arg ? arg : "<NONE>");
1747 		if (*activep && *log_level_ptr == -1)
1748 			*log_level_ptr = (LogLevel) value;
1749 		break;
1750 
1751 	case sLogVerbose:
1752 		found = options->num_log_verbose == 0;
1753 		i = 0;
1754 		while ((arg = argv_next(&ac, &av)) != NULL) {
1755 			if (*arg == '\0') {
1756 				error("%s line %d: keyword %s empty argument",
1757 				    filename, linenum, keyword);
1758 				goto out;
1759 			}
1760 			/* Allow "none" only in first position */
1761 			if (strcasecmp(arg, "none") == 0) {
1762 				if (i > 0 || ac > 0) {
1763 					error("%s line %d: keyword %s \"none\" "
1764 					    "argument must appear alone.",
1765 					    filename, linenum, keyword);
1766 					goto out;
1767 				}
1768 			}
1769 			i++;
1770 			if (!found || !*activep)
1771 				continue;
1772 			opt_array_append(filename, linenum, keyword,
1773 			    &options->log_verbose, &options->num_log_verbose,
1774 			    arg);
1775 		}
1776 		break;
1777 
1778 	case sAllowTcpForwarding:
1779 		intptr = &options->allow_tcp_forwarding;
1780 		multistate_ptr = multistate_tcpfwd;
1781 		goto parse_multistate;
1782 
1783 	case sAllowStreamLocalForwarding:
1784 		intptr = &options->allow_streamlocal_forwarding;
1785 		multistate_ptr = multistate_tcpfwd;
1786 		goto parse_multistate;
1787 
1788 	case sAllowAgentForwarding:
1789 		intptr = &options->allow_agent_forwarding;
1790 		goto parse_flag;
1791 
1792 	case sDisableForwarding:
1793 		intptr = &options->disable_forwarding;
1794 		goto parse_flag;
1795 
1796 	case sAllowUsers:
1797 		chararrayptr = &options->allow_users;
1798 		uintptr = &options->num_allow_users;
1799  parse_allowdenyusers:
1800 		while ((arg = argv_next(&ac, &av)) != NULL) {
1801 			if (*arg == '\0' ||
1802 			    match_user(NULL, NULL, NULL, arg) == -1)
1803 				fatal("%s line %d: invalid %s pattern: \"%s\"",
1804 				    filename, linenum, keyword, arg);
1805 			if (!*activep)
1806 				continue;
1807 			opt_array_append(filename, linenum, keyword,
1808 			    chararrayptr, uintptr, arg);
1809 		}
1810 		break;
1811 
1812 	case sDenyUsers:
1813 		chararrayptr = &options->deny_users;
1814 		uintptr = &options->num_deny_users;
1815 		goto parse_allowdenyusers;
1816 
1817 	case sAllowGroups:
1818 		chararrayptr = &options->allow_groups;
1819 		uintptr = &options->num_allow_groups;
1820  parse_allowdenygroups:
1821 		while ((arg = argv_next(&ac, &av)) != NULL) {
1822 			if (*arg == '\0')
1823 				fatal("%s line %d: empty %s pattern",
1824 				    filename, linenum, keyword);
1825 			if (!*activep)
1826 				continue;
1827 			opt_array_append(filename, linenum, keyword,
1828 			    chararrayptr, uintptr, arg);
1829 		}
1830 		break;
1831 
1832 	case sDenyGroups:
1833 		chararrayptr = &options->deny_groups;
1834 		uintptr = &options->num_deny_groups;
1835 		goto parse_allowdenygroups;
1836 
1837 	case sCiphers:
1838 		arg = argv_next(&ac, &av);
1839 		if (!arg || *arg == '\0')
1840 			fatal("%s line %d: %s missing argument.",
1841 			    filename, linenum, keyword);
1842 		if (*arg != '-' &&
1843 		    !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
1844 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1845 			    filename, linenum, arg ? arg : "<NONE>");
1846 		if (options->ciphers == NULL)
1847 			options->ciphers = xstrdup(arg);
1848 		break;
1849 
1850 	case sMacs:
1851 		arg = argv_next(&ac, &av);
1852 		if (!arg || *arg == '\0')
1853 			fatal("%s line %d: %s missing argument.",
1854 			    filename, linenum, keyword);
1855 		if (*arg != '-' &&
1856 		    !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
1857 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1858 			    filename, linenum, arg ? arg : "<NONE>");
1859 		if (options->macs == NULL)
1860 			options->macs = xstrdup(arg);
1861 		break;
1862 
1863 	case sKexAlgorithms:
1864 		arg = argv_next(&ac, &av);
1865 		if (!arg || *arg == '\0')
1866 			fatal("%s line %d: %s missing argument.",
1867 			    filename, linenum, keyword);
1868 		if (*arg != '-' &&
1869 		    !kex_names_valid(*arg == '+' || *arg == '^' ?
1870 		    arg + 1 : arg))
1871 			fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1872 			    filename, linenum, arg ? arg : "<NONE>");
1873 		if (options->kex_algorithms == NULL)
1874 			options->kex_algorithms = xstrdup(arg);
1875 		break;
1876 
1877 	case sSubsystem:
1878 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1879 			fatal("%s line %d: too many subsystems defined.",
1880 			    filename, linenum);
1881 		}
1882 		arg = argv_next(&ac, &av);
1883 		if (!arg || *arg == '\0')
1884 			fatal("%s line %d: %s missing argument.",
1885 			    filename, linenum, keyword);
1886 		if (!*activep) {
1887 			arg = argv_next(&ac, &av);
1888 			break;
1889 		}
1890 		for (i = 0; i < options->num_subsystems; i++)
1891 			if (strcmp(arg, options->subsystem_name[i]) == 0)
1892 				fatal("%s line %d: Subsystem '%s' "
1893 				    "already defined.", filename, linenum, arg);
1894 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1895 		arg = argv_next(&ac, &av);
1896 		if (!arg || *arg == '\0')
1897 			fatal("%s line %d: Missing subsystem command.",
1898 			    filename, linenum);
1899 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1900 
1901 		/* Collect arguments (separate to executable) */
1902 		p = xstrdup(arg);
1903 		len = strlen(p) + 1;
1904 		while ((arg = argv_next(&ac, &av)) != NULL) {
1905 			len += 1 + strlen(arg);
1906 			p = xreallocarray(p, 1, len);
1907 			strlcat(p, " ", len);
1908 			strlcat(p, arg, len);
1909 		}
1910 		options->subsystem_args[options->num_subsystems] = p;
1911 		options->num_subsystems++;
1912 		break;
1913 
1914 	case sMaxStartups:
1915 		arg = argv_next(&ac, &av);
1916 		if (!arg || *arg == '\0')
1917 			fatal("%s line %d: %s missing argument.",
1918 			    filename, linenum, keyword);
1919 		if ((n = sscanf(arg, "%d:%d:%d",
1920 		    &options->max_startups_begin,
1921 		    &options->max_startups_rate,
1922 		    &options->max_startups)) == 3) {
1923 			if (options->max_startups_begin >
1924 			    options->max_startups ||
1925 			    options->max_startups_rate > 100 ||
1926 			    options->max_startups_rate < 1)
1927 				fatal("%s line %d: Invalid %s spec.",
1928 				    filename, linenum, keyword);
1929 		} else if (n != 1)
1930 			fatal("%s line %d: Invalid %s spec.",
1931 			    filename, linenum, keyword);
1932 		else
1933 			options->max_startups = options->max_startups_begin;
1934 		break;
1935 
1936 	case sPerSourceNetBlockSize:
1937 		arg = argv_next(&ac, &av);
1938 		if (!arg || *arg == '\0')
1939 			fatal("%s line %d: %s missing argument.",
1940 			    filename, linenum, keyword);
1941 		switch (n = sscanf(arg, "%d:%d", &value, &value2)) {
1942 		case 2:
1943 			if (value2 < 0 || value2 > 128)
1944 				n = -1;
1945 			/* FALLTHROUGH */
1946 		case 1:
1947 			if (value < 0 || value > 32)
1948 				n = -1;
1949 		}
1950 		if (n != 1 && n != 2)
1951 			fatal("%s line %d: Invalid %s spec.",
1952 			    filename, linenum, keyword);
1953 		if (*activep) {
1954 			options->per_source_masklen_ipv4 = value;
1955 			options->per_source_masklen_ipv6 = value2;
1956 		}
1957 		break;
1958 
1959 	case sPerSourceMaxStartups:
1960 		arg = argv_next(&ac, &av);
1961 		if (!arg || *arg == '\0')
1962 			fatal("%s line %d: %s missing argument.",
1963 			    filename, linenum, keyword);
1964 		if (strcmp(arg, "none") == 0) { /* no limit */
1965 			value = INT_MAX;
1966 		} else {
1967 			if ((errstr = atoi_err(arg, &value)) != NULL)
1968 				fatal("%s line %d: %s integer value %s.",
1969 				    filename, linenum, keyword, errstr);
1970 		}
1971 		if (*activep)
1972 			options->per_source_max_startups = value;
1973 		break;
1974 
1975 	case sMaxAuthTries:
1976 		intptr = &options->max_authtries;
1977 		goto parse_int;
1978 
1979 	case sMaxSessions:
1980 		intptr = &options->max_sessions;
1981 		goto parse_int;
1982 
1983 	case sBanner:
1984 		charptr = &options->banner;
1985 		goto parse_filename;
1986 
1987 	/*
1988 	 * These options can contain %X options expanded at
1989 	 * connect time, so that you can specify paths like:
1990 	 *
1991 	 * AuthorizedKeysFile	/etc/ssh_keys/%u
1992 	 */
1993 	case sAuthorizedKeysFile:
1994 		uvalue = options->num_authkeys_files;
1995 		while ((arg = argv_next(&ac, &av)) != NULL) {
1996 			if (*arg == '\0') {
1997 				error("%s line %d: keyword %s empty argument",
1998 				    filename, linenum, keyword);
1999 				goto out;
2000 			}
2001 			arg2 = tilde_expand_filename(arg, getuid());
2002 			if (*activep && uvalue == 0) {
2003 				opt_array_append(filename, linenum, keyword,
2004 				    &options->authorized_keys_files,
2005 				    &options->num_authkeys_files, arg2);
2006 			}
2007 			free(arg2);
2008 		}
2009 		break;
2010 
2011 	case sAuthorizedPrincipalsFile:
2012 		charptr = &options->authorized_principals_file;
2013 		arg = argv_next(&ac, &av);
2014 		if (!arg || *arg == '\0')
2015 			fatal("%s line %d: %s missing argument.",
2016 			    filename, linenum, keyword);
2017 		if (*activep && *charptr == NULL) {
2018 			*charptr = tilde_expand_filename(arg, getuid());
2019 			/* increase optional counter */
2020 			if (intptr != NULL)
2021 				*intptr = *intptr + 1;
2022 		}
2023 		break;
2024 
2025 	case sClientAliveInterval:
2026 		intptr = &options->client_alive_interval;
2027 		goto parse_time;
2028 
2029 	case sClientAliveCountMax:
2030 		intptr = &options->client_alive_count_max;
2031 		goto parse_int;
2032 
2033 	case sAcceptEnv:
2034 		while ((arg = argv_next(&ac, &av)) != NULL) {
2035 			if (*arg == '\0' || strchr(arg, '=') != NULL)
2036 				fatal("%s line %d: Invalid environment name.",
2037 				    filename, linenum);
2038 			if (!*activep)
2039 				continue;
2040 			opt_array_append(filename, linenum, keyword,
2041 			    &options->accept_env, &options->num_accept_env,
2042 			    arg);
2043 		}
2044 		break;
2045 
2046 	case sSetEnv:
2047 		uvalue = options->num_setenv;
2048 		while ((arg = argv_next(&ac, &av)) != NULL) {
2049 			if (*arg == '\0' || strchr(arg, '=') == NULL)
2050 				fatal("%s line %d: Invalid environment.",
2051 				    filename, linenum);
2052 			if (!*activep || uvalue != 0)
2053 				continue;
2054 			opt_array_append(filename, linenum, keyword,
2055 			    &options->setenv, &options->num_setenv, arg);
2056 		}
2057 		break;
2058 
2059 	case sPermitTunnel:
2060 		intptr = &options->permit_tun;
2061 		arg = argv_next(&ac, &av);
2062 		if (!arg || *arg == '\0')
2063 			fatal("%s line %d: %s missing argument.",
2064 			    filename, linenum, keyword);
2065 		value = -1;
2066 		for (i = 0; tunmode_desc[i].val != -1; i++)
2067 			if (strcmp(tunmode_desc[i].text, arg) == 0) {
2068 				value = tunmode_desc[i].val;
2069 				break;
2070 			}
2071 		if (value == -1)
2072 			fatal("%s line %d: bad %s argument %s",
2073 			    filename, linenum, keyword, arg);
2074 		if (*activep && *intptr == -1)
2075 			*intptr = value;
2076 		break;
2077 
2078 	case sInclude:
2079 		if (cmdline) {
2080 			fatal("Include directive not supported as a "
2081 			    "command-line option");
2082 		}
2083 		value = 0;
2084 		while ((arg2 = argv_next(&ac, &av)) != NULL) {
2085 			if (*arg2 == '\0') {
2086 				error("%s line %d: keyword %s empty argument",
2087 				    filename, linenum, keyword);
2088 				goto out;
2089 			}
2090 			value++;
2091 			found = 0;
2092 			if (*arg2 != '/' && *arg2 != '~') {
2093 				xasprintf(&arg, "%s/%s", SSHDIR, arg2);
2094 			} else
2095 				arg = xstrdup(arg2);
2096 
2097 			/*
2098 			 * Don't let included files clobber the containing
2099 			 * file's Match state.
2100 			 */
2101 			oactive = *activep;
2102 
2103 			/* consult cache of include files */
2104 			TAILQ_FOREACH(item, includes, entry) {
2105 				if (strcmp(item->selector, arg) != 0)
2106 					continue;
2107 				if (item->filename != NULL) {
2108 					parse_server_config_depth(options,
2109 					    item->filename, item->contents,
2110 					    includes, connectinfo,
2111 					    (*inc_flags & SSHCFG_MATCH_ONLY
2112 					        ? SSHCFG_MATCH_ONLY : (oactive
2113 					            ? 0 : SSHCFG_NEVERMATCH)),
2114 					    activep, depth + 1);
2115 				}
2116 				found = 1;
2117 				*activep = oactive;
2118 			}
2119 			if (found != 0) {
2120 				free(arg);
2121 				continue;
2122 			}
2123 
2124 			/* requested glob was not in cache */
2125 			debug2("%s line %d: new include %s",
2126 			    filename, linenum, arg);
2127 			if ((r = glob(arg, 0, NULL, &gbuf)) != 0) {
2128 				if (r != GLOB_NOMATCH) {
2129 					fatal("%s line %d: include \"%s\" glob "
2130 					    "failed", filename, linenum, arg);
2131 				}
2132 				/*
2133 				 * If no entry matched then record a
2134 				 * placeholder to skip later glob calls.
2135 				 */
2136 				debug2("%s line %d: no match for %s",
2137 				    filename, linenum, arg);
2138 				item = xcalloc(1, sizeof(*item));
2139 				item->selector = strdup(arg);
2140 				TAILQ_INSERT_TAIL(includes,
2141 				    item, entry);
2142 			}
2143 			if (gbuf.gl_pathc > INT_MAX)
2144 				fatal_f("too many glob results");
2145 			for (n = 0; n < (int)gbuf.gl_pathc; n++) {
2146 				debug2("%s line %d: including %s",
2147 				    filename, linenum, gbuf.gl_pathv[n]);
2148 				item = xcalloc(1, sizeof(*item));
2149 				item->selector = strdup(arg);
2150 				item->filename = strdup(gbuf.gl_pathv[n]);
2151 				if ((item->contents = sshbuf_new()) == NULL)
2152 					fatal_f("sshbuf_new failed");
2153 				load_server_config(item->filename,
2154 				    item->contents);
2155 				parse_server_config_depth(options,
2156 				    item->filename, item->contents,
2157 				    includes, connectinfo,
2158 				    (*inc_flags & SSHCFG_MATCH_ONLY
2159 				        ? SSHCFG_MATCH_ONLY : (oactive
2160 				            ? 0 : SSHCFG_NEVERMATCH)),
2161 				    activep, depth + 1);
2162 				*activep = oactive;
2163 				TAILQ_INSERT_TAIL(includes, item, entry);
2164 			}
2165 			globfree(&gbuf);
2166 			free(arg);
2167 		}
2168 		if (value == 0) {
2169 			fatal("%s line %d: %s missing filename argument",
2170 			    filename, linenum, keyword);
2171 		}
2172 		break;
2173 
2174 	case sMatch:
2175 		if (cmdline)
2176 			fatal("Match directive not supported as a command-line "
2177 			    "option");
2178 		value = match_cfg_line(&str, linenum,
2179 		    (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo));
2180 		if (value < 0)
2181 			fatal("%s line %d: Bad Match condition", filename,
2182 			    linenum);
2183 		*activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
2184 		/*
2185 		 * The MATCH_ONLY flag is applicable only until the first
2186 		 * match block.
2187 		 */
2188 		*inc_flags &= ~SSHCFG_MATCH_ONLY;
2189 		/*
2190 		 * If match_cfg_line() didn't consume all its arguments then
2191 		 * arrange for the extra arguments check below to fail.
2192 		 */
2193 		if (str == NULL || *str == '\0')
2194 			argv_consume(&ac);
2195 		break;
2196 
2197 	case sPermitListen:
2198 	case sPermitOpen:
2199 		if (opcode == sPermitListen) {
2200 			uintptr = &options->num_permitted_listens;
2201 			chararrayptr = &options->permitted_listens;
2202 		} else {
2203 			uintptr = &options->num_permitted_opens;
2204 			chararrayptr = &options->permitted_opens;
2205 		}
2206 		arg = argv_next(&ac, &av);
2207 		if (!arg || *arg == '\0')
2208 			fatal("%s line %d: %s missing argument.",
2209 			    filename, linenum, keyword);
2210 		uvalue = *uintptr;	/* modified later */
2211 		if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
2212 			if (*activep && uvalue == 0) {
2213 				*uintptr = 1;
2214 				*chararrayptr = xcalloc(1,
2215 				    sizeof(**chararrayptr));
2216 				(*chararrayptr)[0] = xstrdup(arg);
2217 			}
2218 			break;
2219 		}
2220 		for (; arg != NULL && *arg != '\0'; arg = argv_next(&ac, &av)) {
2221 			if (opcode == sPermitListen &&
2222 			    strchr(arg, ':') == NULL) {
2223 				/*
2224 				 * Allow bare port number for PermitListen
2225 				 * to indicate a wildcard listen host.
2226 				 */
2227 				xasprintf(&arg2, "*:%s", arg);
2228 			} else {
2229 				arg2 = xstrdup(arg);
2230 				p = hpdelim(&arg);
2231 				if (p == NULL) {
2232 					fatal("%s line %d: %s missing host",
2233 					    filename, linenum, keyword);
2234 				}
2235 				p = cleanhostname(p);
2236 			}
2237 			if (arg == NULL ||
2238 			    ((port = permitopen_port(arg)) < 0)) {
2239 				fatal("%s line %d: %s bad port number",
2240 				    filename, linenum, keyword);
2241 			}
2242 			if (*activep && uvalue == 0) {
2243 				opt_array_append(filename, linenum, keyword,
2244 				    chararrayptr, uintptr, arg2);
2245 			}
2246 			free(arg2);
2247 		}
2248 		break;
2249 
2250 	case sForceCommand:
2251 		if (str == NULL || *str == '\0')
2252 			fatal("%s line %d: %s missing argument.",
2253 			    filename, linenum, keyword);
2254 		len = strspn(str, WHITESPACE);
2255 		if (*activep && options->adm_forced_command == NULL)
2256 			options->adm_forced_command = xstrdup(str + len);
2257 		argv_consume(&ac);
2258 		break;
2259 
2260 	case sChrootDirectory:
2261 		charptr = &options->chroot_directory;
2262 
2263 		arg = argv_next(&ac, &av);
2264 		if (!arg || *arg == '\0')
2265 			fatal("%s line %d: %s missing argument.",
2266 			    filename, linenum, keyword);
2267 		if (*activep && *charptr == NULL)
2268 			*charptr = xstrdup(arg);
2269 		break;
2270 
2271 	case sTrustedUserCAKeys:
2272 		charptr = &options->trusted_user_ca_keys;
2273 		goto parse_filename;
2274 
2275 	case sRevokedKeys:
2276 		charptr = &options->revoked_keys_file;
2277 		goto parse_filename;
2278 
2279 	case sSecurityKeyProvider:
2280 		charptr = &options->sk_provider;
2281 		arg = argv_next(&ac, &av);
2282 		if (!arg || *arg == '\0')
2283 			fatal("%s line %d: %s missing argument.",
2284 			    filename, linenum, keyword);
2285 		if (*activep && *charptr == NULL) {
2286 			*charptr = strcasecmp(arg, "internal") == 0 ?
2287 			    xstrdup(arg) : derelativise_path(arg);
2288 			/* increase optional counter */
2289 			if (intptr != NULL)
2290 				*intptr = *intptr + 1;
2291 		}
2292 		break;
2293 
2294 	case sIPQoS:
2295 		arg = argv_next(&ac, &av);
2296 		if (!arg || *arg == '\0')
2297 			fatal("%s line %d: %s missing argument.",
2298 			    filename, linenum, keyword);
2299 		if ((value = parse_ipqos(arg)) == -1)
2300 			fatal("%s line %d: Bad %s value: %s",
2301 			    filename, linenum, keyword, arg);
2302 		arg = argv_next(&ac, &av);
2303 		if (arg == NULL)
2304 			value2 = value;
2305 		else if ((value2 = parse_ipqos(arg)) == -1)
2306 			fatal("%s line %d: Bad %s value: %s",
2307 			    filename, linenum, keyword, arg);
2308 		if (*activep) {
2309 			options->ip_qos_interactive = value;
2310 			options->ip_qos_bulk = value2;
2311 		}
2312 		break;
2313 
2314 	case sVersionAddendum:
2315 		if (str == NULL || *str == '\0')
2316 			fatal("%s line %d: %s missing argument.",
2317 			    filename, linenum, keyword);
2318 		len = strspn(str, WHITESPACE);
2319 		if (strchr(str + len, '\r') != NULL) {
2320 			fatal("%.200s line %d: Invalid %s argument",
2321 			    filename, linenum, keyword);
2322 		}
2323 		if ((arg = strchr(line, '#')) != NULL) {
2324 			*arg = '\0';
2325 			rtrim(line);
2326 		}
2327 		if (*activep && options->version_addendum == NULL) {
2328 			if (strcasecmp(str + len, "none") == 0)
2329 				options->version_addendum = xstrdup("");
2330 			else
2331 				options->version_addendum = xstrdup(str + len);
2332 		}
2333 		argv_consume(&ac);
2334 		break;
2335 
2336 	case sAuthorizedKeysCommand:
2337 		charptr = &options->authorized_keys_command;
2338  parse_command:
2339 		len = strspn(str, WHITESPACE);
2340 		if (str[len] != '/' && strcasecmp(str + len, "none") != 0) {
2341 			fatal("%.200s line %d: %s must be an absolute path",
2342 			    filename, linenum, keyword);
2343 		}
2344 		if (*activep && options->authorized_keys_command == NULL)
2345 			*charptr = xstrdup(str + len);
2346 		argv_consume(&ac);
2347 		break;
2348 
2349 	case sAuthorizedKeysCommandUser:
2350 		charptr = &options->authorized_keys_command_user;
2351  parse_localuser:
2352 		arg = argv_next(&ac, &av);
2353 		if (!arg || *arg == '\0') {
2354 			fatal("%s line %d: missing %s argument.",
2355 			    filename, linenum, keyword);
2356 		}
2357 		if (*activep && *charptr == NULL)
2358 			*charptr = xstrdup(arg);
2359 		break;
2360 
2361 	case sAuthorizedPrincipalsCommand:
2362 		charptr = &options->authorized_principals_command;
2363 		goto parse_command;
2364 
2365 	case sAuthorizedPrincipalsCommandUser:
2366 		charptr = &options->authorized_principals_command_user;
2367 		goto parse_localuser;
2368 
2369 	case sAuthenticationMethods:
2370 		found = options->num_auth_methods == 0;
2371 		value = 0; /* seen "any" pseudo-method */
2372 		value2 = 0; /* successfully parsed any method */
2373 		while ((arg = argv_next(&ac, &av)) != NULL) {
2374 			if (strcmp(arg, "any") == 0) {
2375 				if (options->num_auth_methods > 0) {
2376 					fatal("%s line %d: \"any\" must "
2377 					    "appear alone in %s",
2378 					    filename, linenum, keyword);
2379 				}
2380 				value = 1;
2381 			} else if (value) {
2382 				fatal("%s line %d: \"any\" must appear "
2383 				    "alone in %s", filename, linenum, keyword);
2384 			} else if (auth2_methods_valid(arg, 0) != 0) {
2385 				fatal("%s line %d: invalid %s method list.",
2386 				    filename, linenum, keyword);
2387 			}
2388 			value2 = 1;
2389 			if (!found || !*activep)
2390 				continue;
2391 			opt_array_append(filename, linenum, keyword,
2392 			    &options->auth_methods,
2393 			    &options->num_auth_methods, arg);
2394 		}
2395 		if (value2 == 0) {
2396 			fatal("%s line %d: no %s specified",
2397 			    filename, linenum, keyword);
2398 		}
2399 		break;
2400 
2401 	case sStreamLocalBindMask:
2402 		arg = argv_next(&ac, &av);
2403 		if (!arg || *arg == '\0')
2404 			fatal("%s line %d: %s missing argument.",
2405 			    filename, linenum, keyword);
2406 		/* Parse mode in octal format */
2407 		value = strtol(arg, &p, 8);
2408 		if (arg == p || value < 0 || value > 0777)
2409 			fatal("%s line %d: Invalid %s.",
2410 			    filename, linenum, keyword);
2411 		if (*activep)
2412 			options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
2413 		break;
2414 
2415 	case sStreamLocalBindUnlink:
2416 		intptr = &options->fwd_opts.streamlocal_bind_unlink;
2417 		goto parse_flag;
2418 
2419 	case sFingerprintHash:
2420 		arg = argv_next(&ac, &av);
2421 		if (!arg || *arg == '\0')
2422 			fatal("%s line %d: %s missing argument.",
2423 			    filename, linenum, keyword);
2424 		if ((value = ssh_digest_alg_by_name(arg)) == -1)
2425 			fatal("%.200s line %d: Invalid %s algorithm \"%s\".",
2426 			    filename, linenum, keyword, arg);
2427 		if (*activep)
2428 			options->fingerprint_hash = value;
2429 		break;
2430 
2431 	case sExposeAuthInfo:
2432 		intptr = &options->expose_userauth_info;
2433 		goto parse_flag;
2434 
2435 	case sRDomain:
2436 #if !defined(__OpenBSD__) && !defined(HAVE_SYS_SET_PROCESS_RDOMAIN)
2437 		fatal("%s line %d: setting RDomain not supported on this "
2438 		    "platform.", filename, linenum);
2439 #endif
2440 		charptr = &options->routing_domain;
2441 		arg = argv_next(&ac, &av);
2442 		if (!arg || *arg == '\0')
2443 			fatal("%s line %d: %s missing argument.",
2444 			    filename, linenum, keyword);
2445 		if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
2446 		    !valid_rdomain(arg))
2447 			fatal("%s line %d: invalid routing domain",
2448 			    filename, linenum);
2449 		if (*activep && *charptr == NULL)
2450 			*charptr = xstrdup(arg);
2451 		break;
2452 
2453 	case sUseBlacklist:
2454 		intptr = &options->use_blacklist;
2455 		goto parse_flag;
2456 
2457 	case sDeprecated:
2458 	case sIgnore:
2459 	case sUnsupported:
2460 		do_log2(opcode == sIgnore ?
2461 		    SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO,
2462 		    "%s line %d: %s option %s", filename, linenum,
2463 		    opcode == sUnsupported ? "Unsupported" : "Deprecated",
2464 		    keyword);
2465 		argv_consume(&ac);
2466 		break;
2467 
2468 	default:
2469 		fatal("%s line %d: Missing handler for opcode %s (%d)",
2470 		    filename, linenum, keyword, opcode);
2471 	}
2472 	/* Check that there is no garbage at end of line. */
2473 	if (ac > 0) {
2474 		error("%.200s line %d: keyword %s extra arguments "
2475 		    "at end of line", filename, linenum, keyword);
2476 		goto out;
2477 	}
2478 
2479 	/* success */
2480 	ret = 0;
2481  out:
2482 	argv_free(oav, oac);
2483 	return ret;
2484 }
2485 
2486 int
2487 process_server_config_line(ServerOptions *options, char *line,
2488     const char *filename, int linenum, int *activep,
2489     struct connection_info *connectinfo, struct include_list *includes)
2490 {
2491 	int inc_flags = 0;
2492 
2493 	return process_server_config_line_depth(options, line, filename,
2494 	    linenum, activep, connectinfo, &inc_flags, 0, includes);
2495 }
2496 
2497 
2498 /* Reads the server configuration file. */
2499 
2500 void
2501 load_server_config(const char *filename, struct sshbuf *conf)
2502 {
2503 	struct stat st;
2504 	char *line = NULL, *cp;
2505 	size_t linesize = 0;
2506 	FILE *f;
2507 	int r, lineno = 0;
2508 
2509 	debug2_f("filename %s", filename);
2510 	if ((f = fopen(filename, "r")) == NULL) {
2511 		perror(filename);
2512 		exit(1);
2513 	}
2514 	sshbuf_reset(conf);
2515 	/* grow buffer, so realloc is avoided for large config files */
2516 	if (fstat(fileno(f), &st) == 0 && st.st_size > 0 &&
2517 	    (r = sshbuf_allocate(conf, st.st_size)) != 0)
2518 		fatal_fr(r, "allocate");
2519 	while (getline(&line, &linesize, f) != -1) {
2520 		lineno++;
2521 		/*
2522 		 * Strip whitespace
2523 		 * NB - preserve newlines, they are needed to reproduce
2524 		 * line numbers later for error messages
2525 		 */
2526 		cp = line + strspn(line, " \t\r");
2527 		if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
2528 			fatal_fr(r, "sshbuf_put");
2529 	}
2530 	free(line);
2531 	if ((r = sshbuf_put_u8(conf, 0)) != 0)
2532 		fatal_fr(r, "sshbuf_put_u8");
2533 	fclose(f);
2534 	debug2_f("done config len = %zu", sshbuf_len(conf));
2535 }
2536 
2537 void
2538 parse_server_match_config(ServerOptions *options,
2539    struct include_list *includes, struct connection_info *connectinfo)
2540 {
2541 	ServerOptions mo;
2542 
2543 	initialize_server_options(&mo);
2544 	parse_server_config(&mo, "reprocess config", cfg, includes,
2545 	    connectinfo, 0);
2546 	copy_set_server_options(options, &mo, 0);
2547 }
2548 
2549 int parse_server_match_testspec(struct connection_info *ci, char *spec)
2550 {
2551 	char *p;
2552 
2553 	while ((p = strsep(&spec, ",")) && *p != '\0') {
2554 		if (strncmp(p, "addr=", 5) == 0) {
2555 			ci->address = xstrdup(p + 5);
2556 		} else if (strncmp(p, "host=", 5) == 0) {
2557 			ci->host = xstrdup(p + 5);
2558 		} else if (strncmp(p, "user=", 5) == 0) {
2559 			ci->user = xstrdup(p + 5);
2560 		} else if (strncmp(p, "laddr=", 6) == 0) {
2561 			ci->laddress = xstrdup(p + 6);
2562 		} else if (strncmp(p, "rdomain=", 8) == 0) {
2563 			ci->rdomain = xstrdup(p + 8);
2564 		} else if (strncmp(p, "lport=", 6) == 0) {
2565 			ci->lport = a2port(p + 6);
2566 			if (ci->lport == -1) {
2567 				fprintf(stderr, "Invalid port '%s' in test mode"
2568 				    " specification %s\n", p+6, p);
2569 				return -1;
2570 			}
2571 		} else {
2572 			fprintf(stderr, "Invalid test mode specification %s\n",
2573 			    p);
2574 			return -1;
2575 		}
2576 	}
2577 	return 0;
2578 }
2579 
2580 /*
2581  * Copy any supported values that are set.
2582  *
2583  * If the preauth flag is set, we do not bother copying the string or
2584  * array values that are not used pre-authentication, because any that we
2585  * do use must be explicitly sent in mm_getpwnamallow().
2586  */
2587 void
2588 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2589 {
2590 #define M_CP_INTOPT(n) do {\
2591 	if (src->n != -1) \
2592 		dst->n = src->n; \
2593 } while (0)
2594 
2595 	M_CP_INTOPT(password_authentication);
2596 	M_CP_INTOPT(gss_authentication);
2597 	M_CP_INTOPT(pubkey_authentication);
2598 	M_CP_INTOPT(pubkey_auth_options);
2599 	M_CP_INTOPT(kerberos_authentication);
2600 	M_CP_INTOPT(hostbased_authentication);
2601 	M_CP_INTOPT(hostbased_uses_name_from_packet_only);
2602 	M_CP_INTOPT(kbd_interactive_authentication);
2603 	M_CP_INTOPT(permit_root_login);
2604 	M_CP_INTOPT(permit_empty_passwd);
2605 	M_CP_INTOPT(ignore_rhosts);
2606 
2607 	M_CP_INTOPT(allow_tcp_forwarding);
2608 	M_CP_INTOPT(allow_streamlocal_forwarding);
2609 	M_CP_INTOPT(allow_agent_forwarding);
2610 	M_CP_INTOPT(disable_forwarding);
2611 	M_CP_INTOPT(expose_userauth_info);
2612 	M_CP_INTOPT(permit_tun);
2613 	M_CP_INTOPT(fwd_opts.gateway_ports);
2614 	M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
2615 	M_CP_INTOPT(x11_display_offset);
2616 	M_CP_INTOPT(x11_forwarding);
2617 	M_CP_INTOPT(x11_use_localhost);
2618 	M_CP_INTOPT(permit_tty);
2619 	M_CP_INTOPT(permit_user_rc);
2620 	M_CP_INTOPT(max_sessions);
2621 	M_CP_INTOPT(max_authtries);
2622 	M_CP_INTOPT(client_alive_count_max);
2623 	M_CP_INTOPT(client_alive_interval);
2624 	M_CP_INTOPT(ip_qos_interactive);
2625 	M_CP_INTOPT(ip_qos_bulk);
2626 	M_CP_INTOPT(rekey_limit);
2627 	M_CP_INTOPT(rekey_interval);
2628 	M_CP_INTOPT(log_level);
2629 
2630 	/*
2631 	 * The bind_mask is a mode_t that may be unsigned, so we can't use
2632 	 * M_CP_INTOPT - it does a signed comparison that causes compiler
2633 	 * warnings.
2634 	 */
2635 	if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) {
2636 		dst->fwd_opts.streamlocal_bind_mask =
2637 		    src->fwd_opts.streamlocal_bind_mask;
2638 	}
2639 
2640 	/* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
2641 #define M_CP_STROPT(n) do {\
2642 	if (src->n != NULL && dst->n != src->n) { \
2643 		free(dst->n); \
2644 		dst->n = src->n; \
2645 	} \
2646 } while(0)
2647 #define M_CP_STRARRAYOPT(s, num_s) do {\
2648 	u_int i; \
2649 	if (src->num_s != 0) { \
2650 		for (i = 0; i < dst->num_s; i++) \
2651 			free(dst->s[i]); \
2652 		free(dst->s); \
2653 		dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \
2654 		for (i = 0; i < src->num_s; i++) \
2655 			dst->s[i] = xstrdup(src->s[i]); \
2656 		dst->num_s = src->num_s; \
2657 	} \
2658 } while(0)
2659 
2660 	/* See comment in servconf.h */
2661 	COPY_MATCH_STRING_OPTS();
2662 
2663 	/* Arguments that accept '+...' need to be expanded */
2664 	assemble_algorithms(dst);
2665 
2666 	/*
2667 	 * The only things that should be below this point are string options
2668 	 * which are only used after authentication.
2669 	 */
2670 	if (preauth)
2671 		return;
2672 
2673 	/* These options may be "none" to clear a global setting */
2674 	M_CP_STROPT(adm_forced_command);
2675 	if (option_clear_or_none(dst->adm_forced_command)) {
2676 		free(dst->adm_forced_command);
2677 		dst->adm_forced_command = NULL;
2678 	}
2679 	M_CP_STROPT(chroot_directory);
2680 	if (option_clear_or_none(dst->chroot_directory)) {
2681 		free(dst->chroot_directory);
2682 		dst->chroot_directory = NULL;
2683 	}
2684 }
2685 
2686 #undef M_CP_INTOPT
2687 #undef M_CP_STROPT
2688 #undef M_CP_STRARRAYOPT
2689 
2690 #define SERVCONF_MAX_DEPTH	16
2691 static void
2692 parse_server_config_depth(ServerOptions *options, const char *filename,
2693     struct sshbuf *conf, struct include_list *includes,
2694     struct connection_info *connectinfo, int flags, int *activep, int depth)
2695 {
2696 	int linenum, bad_options = 0;
2697 	char *cp, *obuf, *cbuf;
2698 
2699 	if (depth < 0 || depth > SERVCONF_MAX_DEPTH)
2700 		fatal("Too many recursive configuration includes");
2701 
2702 	debug2_f("config %s len %zu%s", filename, sshbuf_len(conf),
2703 	    (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : ""));
2704 
2705 	if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
2706 		fatal_f("sshbuf_dup_string failed");
2707 	linenum = 1;
2708 	while ((cp = strsep(&cbuf, "\n")) != NULL) {
2709 		if (process_server_config_line_depth(options, cp,
2710 		    filename, linenum++, activep, connectinfo, &flags,
2711 		    depth, includes) != 0)
2712 			bad_options++;
2713 	}
2714 	free(obuf);
2715 	if (bad_options > 0)
2716 		fatal("%s: terminating, %d bad configuration options",
2717 		    filename, bad_options);
2718 }
2719 
2720 void
2721 parse_server_config(ServerOptions *options, const char *filename,
2722     struct sshbuf *conf, struct include_list *includes,
2723     struct connection_info *connectinfo, int reexec)
2724 {
2725 	int active = connectinfo ? 0 : 1;
2726 	parse_server_config_depth(options, filename, conf, includes,
2727 	    connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0);
2728 	if (!reexec)
2729 		process_queued_listen_addrs(options);
2730 }
2731 
2732 static const char *
2733 fmt_multistate_int(int val, const struct multistate *m)
2734 {
2735 	u_int i;
2736 
2737 	for (i = 0; m[i].key != NULL; i++) {
2738 		if (m[i].value == val)
2739 			return m[i].key;
2740 	}
2741 	return "UNKNOWN";
2742 }
2743 
2744 static const char *
2745 fmt_intarg(ServerOpCodes code, int val)
2746 {
2747 	if (val == -1)
2748 		return "unset";
2749 	switch (code) {
2750 	case sAddressFamily:
2751 		return fmt_multistate_int(val, multistate_addressfamily);
2752 	case sPermitRootLogin:
2753 		return fmt_multistate_int(val, multistate_permitrootlogin);
2754 	case sGatewayPorts:
2755 		return fmt_multistate_int(val, multistate_gatewayports);
2756 	case sCompression:
2757 		return fmt_multistate_int(val, multistate_compression);
2758 	case sAllowTcpForwarding:
2759 		return fmt_multistate_int(val, multistate_tcpfwd);
2760 	case sAllowStreamLocalForwarding:
2761 		return fmt_multistate_int(val, multistate_tcpfwd);
2762 	case sIgnoreRhosts:
2763 		return fmt_multistate_int(val, multistate_ignore_rhosts);
2764 	case sFingerprintHash:
2765 		return ssh_digest_alg_name(val);
2766 	default:
2767 		switch (val) {
2768 		case 0:
2769 			return "no";
2770 		case 1:
2771 			return "yes";
2772 		default:
2773 			return "UNKNOWN";
2774 		}
2775 	}
2776 }
2777 
2778 static void
2779 dump_cfg_int(ServerOpCodes code, int val)
2780 {
2781 	printf("%s %d\n", lookup_opcode_name(code), val);
2782 }
2783 
2784 static void
2785 dump_cfg_oct(ServerOpCodes code, int val)
2786 {
2787 	printf("%s 0%o\n", lookup_opcode_name(code), val);
2788 }
2789 
2790 static void
2791 dump_cfg_fmtint(ServerOpCodes code, int val)
2792 {
2793 	printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
2794 }
2795 
2796 static void
2797 dump_cfg_string(ServerOpCodes code, const char *val)
2798 {
2799 	printf("%s %s\n", lookup_opcode_name(code),
2800 	    val == NULL ? "none" : val);
2801 }
2802 
2803 static void
2804 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
2805 {
2806 	u_int i;
2807 
2808 	for (i = 0; i < count; i++)
2809 		printf("%s %s\n", lookup_opcode_name(code), vals[i]);
2810 }
2811 
2812 static void
2813 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
2814 {
2815 	u_int i;
2816 
2817 	if (count <= 0 && code != sAuthenticationMethods)
2818 		return;
2819 	printf("%s", lookup_opcode_name(code));
2820 	for (i = 0; i < count; i++)
2821 		printf(" %s",  vals[i]);
2822 	if (code == sAuthenticationMethods && count == 0)
2823 		printf(" any");
2824 	printf("\n");
2825 }
2826 
2827 static char *
2828 format_listen_addrs(struct listenaddr *la)
2829 {
2830 	int r;
2831 	struct addrinfo *ai;
2832 	char addr[NI_MAXHOST], port[NI_MAXSERV];
2833 	char *laddr1 = xstrdup(""), *laddr2 = NULL;
2834 
2835 	/*
2836 	 * ListenAddress must be after Port.  add_one_listen_addr pushes
2837 	 * addresses onto a stack, so to maintain ordering we need to
2838 	 * print these in reverse order.
2839 	 */
2840 	for (ai = la->addrs; ai; ai = ai->ai_next) {
2841 		if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
2842 		    sizeof(addr), port, sizeof(port),
2843 		    NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
2844 			error("getnameinfo: %.100s", ssh_gai_strerror(r));
2845 			continue;
2846 		}
2847 		laddr2 = laddr1;
2848 		if (ai->ai_family == AF_INET6) {
2849 			xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s",
2850 			    addr, port,
2851 			    la->rdomain == NULL ? "" : " rdomain ",
2852 			    la->rdomain == NULL ? "" : la->rdomain,
2853 			    laddr2);
2854 		} else {
2855 			xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s",
2856 			    addr, port,
2857 			    la->rdomain == NULL ? "" : " rdomain ",
2858 			    la->rdomain == NULL ? "" : la->rdomain,
2859 			    laddr2);
2860 		}
2861 		free(laddr2);
2862 	}
2863 	return laddr1;
2864 }
2865 
2866 void
2867 dump_config(ServerOptions *o)
2868 {
2869 	char *s;
2870 	u_int i;
2871 
2872 	/* these are usually at the top of the config */
2873 	for (i = 0; i < o->num_ports; i++)
2874 		printf("port %d\n", o->ports[i]);
2875 	dump_cfg_fmtint(sAddressFamily, o->address_family);
2876 
2877 	for (i = 0; i < o->num_listen_addrs; i++) {
2878 		s = format_listen_addrs(&o->listen_addrs[i]);
2879 		printf("%s", s);
2880 		free(s);
2881 	}
2882 
2883 	/* integer arguments */
2884 #ifdef USE_PAM
2885 	dump_cfg_fmtint(sUsePAM, o->use_pam);
2886 #endif
2887 	dump_cfg_int(sLoginGraceTime, o->login_grace_time);
2888 	dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
2889 	dump_cfg_int(sMaxAuthTries, o->max_authtries);
2890 	dump_cfg_int(sMaxSessions, o->max_sessions);
2891 	dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
2892 	dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
2893 	dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
2894 
2895 	/* formatted integer arguments */
2896 	dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
2897 	dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
2898 	dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
2899 	dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
2900 	dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
2901 	    o->hostbased_uses_name_from_packet_only);
2902 	dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
2903 #ifdef KRB5
2904 	dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
2905 	dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
2906 	dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
2907 # ifdef USE_AFS
2908 	dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
2909 # endif
2910 #endif
2911 #ifdef GSSAPI
2912 	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
2913 	dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
2914 #endif
2915 	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
2916 	dump_cfg_fmtint(sKbdInteractiveAuthentication,
2917 	    o->kbd_interactive_authentication);
2918 	dump_cfg_fmtint(sPrintMotd, o->print_motd);
2919 #ifndef DISABLE_LASTLOG
2920 	dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
2921 #endif
2922 	dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
2923 	dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
2924 	dump_cfg_fmtint(sPermitTTY, o->permit_tty);
2925 	dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
2926 	dump_cfg_fmtint(sStrictModes, o->strict_modes);
2927 	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
2928 	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
2929 	dump_cfg_fmtint(sCompression, o->compression);
2930 	dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2931 	dump_cfg_fmtint(sUseDNS, o->use_dns);
2932 	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2933 	dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
2934 	dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
2935 	dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2936 	dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2937 	dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2938 	dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
2939 	dump_cfg_fmtint(sUseBlacklist, o->use_blacklist);
2940 
2941 	/* string arguments */
2942 	dump_cfg_string(sPidFile, o->pid_file);
2943 	dump_cfg_string(sModuliFile, o->moduli_file);
2944 	dump_cfg_string(sXAuthLocation, o->xauth_location);
2945 	dump_cfg_string(sCiphers, o->ciphers);
2946 	dump_cfg_string(sMacs, o->macs);
2947 	dump_cfg_string(sBanner, o->banner);
2948 	dump_cfg_string(sForceCommand, o->adm_forced_command);
2949 	dump_cfg_string(sChrootDirectory, o->chroot_directory);
2950 	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
2951 	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
2952 	dump_cfg_string(sSecurityKeyProvider, o->sk_provider);
2953 	dump_cfg_string(sAuthorizedPrincipalsFile,
2954 	    o->authorized_principals_file);
2955 	dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
2956 	    ? "none" : o->version_addendum);
2957 	dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
2958 	dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
2959 	dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
2960 	dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
2961 	dump_cfg_string(sHostKeyAgent, o->host_key_agent);
2962 	dump_cfg_string(sKexAlgorithms, o->kex_algorithms);
2963 	dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms);
2964 	dump_cfg_string(sHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos);
2965 	dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms);
2966 	dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos);
2967 #if defined(__OpenBSD__) || defined(HAVE_SYS_SET_PROCESS_RDOMAIN)
2968 	dump_cfg_string(sRDomain, o->routing_domain);
2969 #endif
2970 
2971 	/* string arguments requiring a lookup */
2972 	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
2973 	dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
2974 
2975 	/* string array arguments */
2976 	dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
2977 	    o->authorized_keys_files);
2978 	dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
2979 	    o->host_key_files);
2980 	dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
2981 	    o->host_cert_files);
2982 	dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
2983 	dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
2984 	dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
2985 	dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
2986 	dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
2987 	dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv);
2988 	dump_cfg_strarray_oneline(sAuthenticationMethods,
2989 	    o->num_auth_methods, o->auth_methods);
2990 	dump_cfg_strarray_oneline(sLogVerbose,
2991 	    o->num_log_verbose, o->log_verbose);
2992 
2993 	/* other arguments */
2994 	for (i = 0; i < o->num_subsystems; i++)
2995 		printf("subsystem %s %s\n", o->subsystem_name[i],
2996 		    o->subsystem_args[i]);
2997 
2998 	printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
2999 	    o->max_startups_rate, o->max_startups);
3000 	printf("persourcemaxstartups ");
3001 	if (o->per_source_max_startups == INT_MAX)
3002 		printf("none\n");
3003 	else
3004 		printf("%d\n", o->per_source_max_startups);
3005 	printf("persourcenetblocksize %d:%d\n", o->per_source_masklen_ipv4,
3006 	    o->per_source_masklen_ipv6);
3007 
3008 	s = NULL;
3009 	for (i = 0; tunmode_desc[i].val != -1; i++) {
3010 		if (tunmode_desc[i].val == o->permit_tun) {
3011 			s = tunmode_desc[i].text;
3012 			break;
3013 		}
3014 	}
3015 	dump_cfg_string(sPermitTunnel, s);
3016 
3017 	printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
3018 	printf("%s\n", iptos2str(o->ip_qos_bulk));
3019 
3020 	printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
3021 	    o->rekey_interval);
3022 
3023 	printf("permitopen");
3024 	if (o->num_permitted_opens == 0)
3025 		printf(" any");
3026 	else {
3027 		for (i = 0; i < o->num_permitted_opens; i++)
3028 			printf(" %s", o->permitted_opens[i]);
3029 	}
3030 	printf("\n");
3031 	printf("permitlisten");
3032 	if (o->num_permitted_listens == 0)
3033 		printf(" any");
3034 	else {
3035 		for (i = 0; i < o->num_permitted_listens; i++)
3036 			printf(" %s", o->permitted_listens[i]);
3037 	}
3038 	printf("\n");
3039 
3040 	if (o->permit_user_env_allowlist == NULL) {
3041 		dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
3042 	} else {
3043 		printf("permituserenvironment %s\n",
3044 		    o->permit_user_env_allowlist);
3045 	}
3046 
3047 	printf("pubkeyauthoptions");
3048 	if (o->pubkey_auth_options == 0)
3049 		printf(" none");
3050 	if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED)
3051 		printf(" touch-required");
3052 	if (o->pubkey_auth_options & PUBKEYAUTH_VERIFY_REQUIRED)
3053 		printf(" verify-required");
3054 	printf("\n");
3055 }
3056