1 2 /* $OpenBSD: servconf.c,v 1.285 2016/02/17 05:29:04 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include "includes.h" 15 __RCSID("$FreeBSD$"); 16 17 #include <sys/types.h> 18 #include <sys/socket.h> 19 20 #include <netinet/in.h> 21 #include <netinet/in_systm.h> 22 #include <netinet/ip.h> 23 24 #include <ctype.h> 25 #include <fcntl.h> 26 #include <netdb.h> 27 #include <pwd.h> 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <string.h> 31 #include <signal.h> 32 #include <unistd.h> 33 #include <limits.h> 34 #include <stdarg.h> 35 #include <errno.h> 36 #ifdef HAVE_UTIL_H 37 #include <util.h> 38 #endif 39 40 #include "openbsd-compat/sys-queue.h" 41 #include "xmalloc.h" 42 #include "ssh.h" 43 #include "log.h" 44 #include "buffer.h" 45 #include "misc.h" 46 #include "servconf.h" 47 #include "compat.h" 48 #include "pathnames.h" 49 #include "cipher.h" 50 #include "key.h" 51 #include "kex.h" 52 #include "mac.h" 53 #include "match.h" 54 #include "channels.h" 55 #include "groupaccess.h" 56 #include "canohost.h" 57 #include "packet.h" 58 #include "hostfile.h" 59 #include "auth.h" 60 #include "myproposal.h" 61 #include "digest.h" 62 #include "version.h" 63 64 static void add_listen_addr(ServerOptions *, char *, int); 65 static void add_one_listen_addr(ServerOptions *, char *, int); 66 67 /* Use of privilege separation or not */ 68 extern int use_privsep; 69 extern Buffer cfg; 70 71 /* Initializes the server options to their default values. */ 72 73 void 74 initialize_server_options(ServerOptions *options) 75 { 76 memset(options, 0, sizeof(*options)); 77 78 /* Portable-specific options */ 79 options->use_pam = -1; 80 81 /* Standard Options */ 82 options->num_ports = 0; 83 options->ports_from_cmdline = 0; 84 options->queued_listen_addrs = NULL; 85 options->num_queued_listens = 0; 86 options->listen_addrs = NULL; 87 options->address_family = -1; 88 options->num_host_key_files = 0; 89 options->num_host_cert_files = 0; 90 options->host_key_agent = NULL; 91 options->pid_file = NULL; 92 options->server_key_bits = -1; 93 options->login_grace_time = -1; 94 options->key_regeneration_time = -1; 95 options->permit_root_login = PERMIT_NOT_SET; 96 options->ignore_rhosts = -1; 97 options->ignore_user_known_hosts = -1; 98 options->print_motd = -1; 99 options->print_lastlog = -1; 100 options->x11_forwarding = -1; 101 options->x11_display_offset = -1; 102 options->x11_use_localhost = -1; 103 options->permit_tty = -1; 104 options->permit_user_rc = -1; 105 options->xauth_location = NULL; 106 options->strict_modes = -1; 107 options->tcp_keep_alive = -1; 108 options->log_facility = SYSLOG_FACILITY_NOT_SET; 109 options->log_level = SYSLOG_LEVEL_NOT_SET; 110 options->rhosts_rsa_authentication = -1; 111 options->hostbased_authentication = -1; 112 options->hostbased_uses_name_from_packet_only = -1; 113 options->hostbased_key_types = NULL; 114 options->hostkeyalgorithms = NULL; 115 options->rsa_authentication = -1; 116 options->pubkey_authentication = -1; 117 options->pubkey_key_types = NULL; 118 options->kerberos_authentication = -1; 119 options->kerberos_or_local_passwd = -1; 120 options->kerberos_ticket_cleanup = -1; 121 options->kerberos_get_afs_token = -1; 122 options->gss_authentication=-1; 123 options->gss_cleanup_creds = -1; 124 options->gss_strict_acceptor = -1; 125 options->password_authentication = -1; 126 options->kbd_interactive_authentication = -1; 127 options->challenge_response_authentication = -1; 128 options->permit_empty_passwd = -1; 129 options->permit_user_env = -1; 130 options->use_login = -1; 131 options->compression = -1; 132 options->rekey_limit = -1; 133 options->rekey_interval = -1; 134 options->allow_tcp_forwarding = -1; 135 options->allow_streamlocal_forwarding = -1; 136 options->allow_agent_forwarding = -1; 137 options->num_allow_users = 0; 138 options->num_deny_users = 0; 139 options->num_allow_groups = 0; 140 options->num_deny_groups = 0; 141 options->ciphers = NULL; 142 options->macs = NULL; 143 options->kex_algorithms = NULL; 144 options->protocol = SSH_PROTO_UNKNOWN; 145 options->fwd_opts.gateway_ports = -1; 146 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 147 options->fwd_opts.streamlocal_bind_unlink = -1; 148 options->num_subsystems = 0; 149 options->max_startups_begin = -1; 150 options->max_startups_rate = -1; 151 options->max_startups = -1; 152 options->max_authtries = -1; 153 options->max_sessions = -1; 154 options->banner = NULL; 155 options->use_dns = -1; 156 options->client_alive_interval = -1; 157 options->client_alive_count_max = -1; 158 options->num_authkeys_files = 0; 159 options->num_accept_env = 0; 160 options->permit_tun = -1; 161 options->num_permitted_opens = -1; 162 options->adm_forced_command = NULL; 163 options->chroot_directory = NULL; 164 options->authorized_keys_command = NULL; 165 options->authorized_keys_command_user = NULL; 166 options->revoked_keys_file = NULL; 167 options->trusted_user_ca_keys = NULL; 168 options->authorized_principals_file = NULL; 169 options->authorized_principals_command = NULL; 170 options->authorized_principals_command_user = NULL; 171 options->ip_qos_interactive = -1; 172 options->ip_qos_bulk = -1; 173 options->version_addendum = NULL; 174 options->fingerprint_hash = -1; 175 } 176 177 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 178 static int 179 option_clear_or_none(const char *o) 180 { 181 return o == NULL || strcasecmp(o, "none") == 0; 182 } 183 184 static void 185 assemble_algorithms(ServerOptions *o) 186 { 187 if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || 188 kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || 189 kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || 190 kex_assemble_names(KEX_DEFAULT_PK_ALG, 191 &o->hostkeyalgorithms) != 0 || 192 kex_assemble_names(KEX_DEFAULT_PK_ALG, 193 &o->hostbased_key_types) != 0 || 194 kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) 195 fatal("kex_assemble_names failed"); 196 } 197 198 void 199 fill_default_server_options(ServerOptions *options) 200 { 201 int i; 202 203 /* Portable-specific options */ 204 if (options->use_pam == -1) 205 options->use_pam = 1; 206 207 /* Standard Options */ 208 if (options->protocol == SSH_PROTO_UNKNOWN) 209 options->protocol = SSH_PROTO_2; 210 #define add_host_key_file(path) \ 211 do { \ 212 if (access((path), O_RDONLY) == 0) \ 213 options->host_key_files \ 214 [options->num_host_key_files++] = (path); \ 215 } while (0) 216 if (options->num_host_key_files == 0) { 217 /* fill default hostkeys for protocols */ 218 if (options->protocol & SSH_PROTO_1) 219 add_host_key_file(_PATH_HOST_KEY_FILE); 220 if (options->protocol & SSH_PROTO_2) { 221 add_host_key_file(_PATH_HOST_RSA_KEY_FILE); 222 add_host_key_file(_PATH_HOST_DSA_KEY_FILE); 223 #ifdef OPENSSL_HAS_ECC 224 add_host_key_file(_PATH_HOST_ECDSA_KEY_FILE); 225 #endif 226 add_host_key_file(_PATH_HOST_ED25519_KEY_FILE); 227 } 228 } 229 #undef add_host_key_file 230 if (options->num_host_key_files == 0) 231 fatal("No host key files found"); 232 /* No certificates by default */ 233 if (options->num_ports == 0) 234 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 235 if (options->address_family == -1) 236 options->address_family = AF_UNSPEC; 237 if (options->listen_addrs == NULL) 238 add_listen_addr(options, NULL, 0); 239 if (options->pid_file == NULL) 240 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 241 if (options->server_key_bits == -1) 242 options->server_key_bits = 1024; 243 if (options->login_grace_time == -1) 244 options->login_grace_time = 120; 245 if (options->key_regeneration_time == -1) 246 options->key_regeneration_time = 3600; 247 if (options->permit_root_login == PERMIT_NOT_SET) 248 options->permit_root_login = PERMIT_NO; 249 if (options->ignore_rhosts == -1) 250 options->ignore_rhosts = 1; 251 if (options->ignore_user_known_hosts == -1) 252 options->ignore_user_known_hosts = 0; 253 if (options->print_motd == -1) 254 options->print_motd = 1; 255 if (options->print_lastlog == -1) 256 options->print_lastlog = 1; 257 if (options->x11_forwarding == -1) 258 options->x11_forwarding = 1; 259 if (options->x11_display_offset == -1) 260 options->x11_display_offset = 10; 261 if (options->x11_use_localhost == -1) 262 options->x11_use_localhost = 1; 263 if (options->xauth_location == NULL) 264 options->xauth_location = xstrdup(_PATH_XAUTH); 265 if (options->permit_tty == -1) 266 options->permit_tty = 1; 267 if (options->permit_user_rc == -1) 268 options->permit_user_rc = 1; 269 if (options->strict_modes == -1) 270 options->strict_modes = 1; 271 if (options->tcp_keep_alive == -1) 272 options->tcp_keep_alive = 1; 273 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 274 options->log_facility = SYSLOG_FACILITY_AUTH; 275 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 276 options->log_level = SYSLOG_LEVEL_INFO; 277 if (options->rhosts_rsa_authentication == -1) 278 options->rhosts_rsa_authentication = 0; 279 if (options->hostbased_authentication == -1) 280 options->hostbased_authentication = 0; 281 if (options->hostbased_uses_name_from_packet_only == -1) 282 options->hostbased_uses_name_from_packet_only = 0; 283 if (options->rsa_authentication == -1) 284 options->rsa_authentication = 1; 285 if (options->pubkey_authentication == -1) 286 options->pubkey_authentication = 1; 287 if (options->kerberos_authentication == -1) 288 options->kerberos_authentication = 0; 289 if (options->kerberos_or_local_passwd == -1) 290 options->kerberos_or_local_passwd = 1; 291 if (options->kerberos_ticket_cleanup == -1) 292 options->kerberos_ticket_cleanup = 1; 293 if (options->kerberos_get_afs_token == -1) 294 options->kerberos_get_afs_token = 0; 295 if (options->gss_authentication == -1) 296 options->gss_authentication = 0; 297 if (options->gss_cleanup_creds == -1) 298 options->gss_cleanup_creds = 1; 299 if (options->gss_strict_acceptor == -1) 300 options->gss_strict_acceptor = 0; 301 if (options->password_authentication == -1) 302 options->password_authentication = 0; 303 if (options->kbd_interactive_authentication == -1) 304 options->kbd_interactive_authentication = 0; 305 if (options->challenge_response_authentication == -1) 306 options->challenge_response_authentication = 1; 307 if (options->permit_empty_passwd == -1) 308 options->permit_empty_passwd = 0; 309 if (options->permit_user_env == -1) 310 options->permit_user_env = 0; 311 if (options->use_login == -1) 312 options->use_login = 0; 313 if (options->compression == -1) 314 options->compression = COMP_DELAYED; 315 if (options->rekey_limit == -1) 316 options->rekey_limit = 0; 317 if (options->rekey_interval == -1) 318 options->rekey_interval = 0; 319 if (options->allow_tcp_forwarding == -1) 320 options->allow_tcp_forwarding = FORWARD_ALLOW; 321 if (options->allow_streamlocal_forwarding == -1) 322 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 323 if (options->allow_agent_forwarding == -1) 324 options->allow_agent_forwarding = 1; 325 if (options->fwd_opts.gateway_ports == -1) 326 options->fwd_opts.gateway_ports = 0; 327 if (options->max_startups == -1) 328 options->max_startups = 100; 329 if (options->max_startups_rate == -1) 330 options->max_startups_rate = 30; /* 30% */ 331 if (options->max_startups_begin == -1) 332 options->max_startups_begin = 10; 333 if (options->max_authtries == -1) 334 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 335 if (options->max_sessions == -1) 336 options->max_sessions = DEFAULT_SESSIONS_MAX; 337 if (options->use_dns == -1) 338 options->use_dns = 1; 339 if (options->client_alive_interval == -1) 340 options->client_alive_interval = 0; 341 if (options->client_alive_count_max == -1) 342 options->client_alive_count_max = 3; 343 if (options->num_authkeys_files == 0) { 344 options->authorized_keys_files[options->num_authkeys_files++] = 345 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); 346 options->authorized_keys_files[options->num_authkeys_files++] = 347 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); 348 } 349 if (options->permit_tun == -1) 350 options->permit_tun = SSH_TUNMODE_NO; 351 if (options->ip_qos_interactive == -1) 352 options->ip_qos_interactive = IPTOS_LOWDELAY; 353 if (options->ip_qos_bulk == -1) 354 options->ip_qos_bulk = IPTOS_THROUGHPUT; 355 if (options->version_addendum == NULL) 356 options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); 357 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 358 options->fwd_opts.streamlocal_bind_mask = 0177; 359 if (options->fwd_opts.streamlocal_bind_unlink == -1) 360 options->fwd_opts.streamlocal_bind_unlink = 0; 361 if (options->fingerprint_hash == -1) 362 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 363 364 assemble_algorithms(options); 365 366 /* Turn privilege separation and sandboxing on by default */ 367 if (use_privsep == -1) 368 use_privsep = PRIVSEP_ON; 369 370 #define CLEAR_ON_NONE(v) \ 371 do { \ 372 if (option_clear_or_none(v)) { \ 373 free(v); \ 374 v = NULL; \ 375 } \ 376 } while(0) 377 CLEAR_ON_NONE(options->pid_file); 378 CLEAR_ON_NONE(options->xauth_location); 379 CLEAR_ON_NONE(options->banner); 380 CLEAR_ON_NONE(options->trusted_user_ca_keys); 381 CLEAR_ON_NONE(options->revoked_keys_file); 382 CLEAR_ON_NONE(options->authorized_principals_file); 383 CLEAR_ON_NONE(options->adm_forced_command); 384 CLEAR_ON_NONE(options->chroot_directory); 385 for (i = 0; i < options->num_host_key_files; i++) 386 CLEAR_ON_NONE(options->host_key_files[i]); 387 for (i = 0; i < options->num_host_cert_files; i++) 388 CLEAR_ON_NONE(options->host_cert_files[i]); 389 #undef CLEAR_ON_NONE 390 391 #ifndef HAVE_MMAP 392 if (use_privsep && options->compression == 1) { 393 error("This platform does not support both privilege " 394 "separation and compression"); 395 error("Compression disabled"); 396 options->compression = 0; 397 } 398 #endif 399 400 } 401 402 /* Keyword tokens. */ 403 typedef enum { 404 sBadOption, /* == unknown option */ 405 /* Portable-specific options */ 406 sUsePAM, 407 /* Standard Options */ 408 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, 409 sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, 410 sRhostsRSAAuthentication, sRSAAuthentication, 411 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 412 sKerberosGetAFSToken, 413 sKerberosTgtPassing, sChallengeResponseAuthentication, 414 sPasswordAuthentication, sKbdInteractiveAuthentication, 415 sListenAddress, sAddressFamily, 416 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 417 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 418 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 419 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 420 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 421 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 422 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 423 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 424 sBanner, sUseDNS, sHostbasedAuthentication, 425 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, 426 sHostKeyAlgorithms, 427 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 428 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 429 sAcceptEnv, sPermitTunnel, 430 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 431 sUsePrivilegeSeparation, sAllowAgentForwarding, 432 sHostCertificate, 433 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 434 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 435 sKexAlgorithms, sIPQoS, sVersionAddendum, 436 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 437 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 438 sStreamLocalBindMask, sStreamLocalBindUnlink, 439 sAllowStreamLocalForwarding, sFingerprintHash, 440 sDeprecated, sUnsupported 441 } ServerOpCodes; 442 443 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 444 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 445 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 446 447 /* Textual representation of the tokens. */ 448 static struct { 449 const char *name; 450 ServerOpCodes opcode; 451 u_int flags; 452 } keywords[] = { 453 /* Portable-specific options */ 454 #ifdef USE_PAM 455 { "usepam", sUsePAM, SSHCFG_GLOBAL }, 456 #else 457 { "usepam", sUnsupported, SSHCFG_GLOBAL }, 458 #endif 459 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, 460 /* Standard Options */ 461 { "port", sPort, SSHCFG_GLOBAL }, 462 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 463 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 464 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 465 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 466 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, 467 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 468 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, 469 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 470 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 471 { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 472 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 473 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, 474 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 475 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 476 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 477 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 478 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, 479 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 480 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 481 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 482 #ifdef KRB5 483 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 484 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 485 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 486 #ifdef USE_AFS 487 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 488 #else 489 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 490 #endif 491 #else 492 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 493 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 494 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 495 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 496 #endif 497 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 498 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 499 #ifdef GSSAPI 500 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 501 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 502 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 503 #else 504 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 505 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 506 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 507 #endif 508 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 509 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 510 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 511 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 512 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 513 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 514 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 515 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 516 #ifdef DISABLE_LASTLOG 517 { "printlastlog", sUnsupported, SSHCFG_GLOBAL }, 518 #else 519 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 520 #endif 521 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 522 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 523 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 524 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 525 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 526 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 527 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 528 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 529 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 530 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 531 { "compression", sCompression, SSHCFG_GLOBAL }, 532 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 533 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 534 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 535 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 536 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 537 { "allowusers", sAllowUsers, SSHCFG_ALL }, 538 { "denyusers", sDenyUsers, SSHCFG_ALL }, 539 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 540 { "denygroups", sDenyGroups, SSHCFG_ALL }, 541 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 542 { "macs", sMacs, SSHCFG_GLOBAL }, 543 { "protocol", sProtocol, SSHCFG_GLOBAL }, 544 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 545 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 546 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 547 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 548 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 549 { "banner", sBanner, SSHCFG_ALL }, 550 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 551 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 552 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 553 { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, 554 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, 555 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 556 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 557 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 558 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 559 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 560 { "permittty", sPermitTTY, SSHCFG_ALL }, 561 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 562 { "match", sMatch, SSHCFG_ALL }, 563 { "permitopen", sPermitOpen, SSHCFG_ALL }, 564 { "forcecommand", sForceCommand, SSHCFG_ALL }, 565 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 566 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 567 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 568 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 569 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 570 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 571 { "ipqos", sIPQoS, SSHCFG_ALL }, 572 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 573 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 574 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 575 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 576 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 577 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 578 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 579 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 580 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 581 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 582 { "noneenabled", sUnsupported, SSHCFG_ALL }, 583 { "hpndisabled", sDeprecated, SSHCFG_ALL }, 584 { "hpnbuffersize", sDeprecated, SSHCFG_ALL }, 585 { "tcprcvbufpoll", sDeprecated, SSHCFG_ALL }, 586 { NULL, sBadOption, 0 } 587 }; 588 589 static struct { 590 int val; 591 char *text; 592 } tunmode_desc[] = { 593 { SSH_TUNMODE_NO, "no" }, 594 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 595 { SSH_TUNMODE_ETHERNET, "ethernet" }, 596 { SSH_TUNMODE_YES, "yes" }, 597 { -1, NULL } 598 }; 599 600 /* 601 * Returns the number of the token pointed to by cp or sBadOption. 602 */ 603 604 static ServerOpCodes 605 parse_token(const char *cp, const char *filename, 606 int linenum, u_int *flags) 607 { 608 u_int i; 609 610 for (i = 0; keywords[i].name; i++) 611 if (strcasecmp(cp, keywords[i].name) == 0) { 612 *flags = keywords[i].flags; 613 return keywords[i].opcode; 614 } 615 616 error("%s: line %d: Bad configuration option: %s", 617 filename, linenum, cp); 618 return sBadOption; 619 } 620 621 char * 622 derelativise_path(const char *path) 623 { 624 char *expanded, *ret, cwd[PATH_MAX]; 625 626 if (strcasecmp(path, "none") == 0) 627 return xstrdup("none"); 628 expanded = tilde_expand_filename(path, getuid()); 629 if (*expanded == '/') 630 return expanded; 631 if (getcwd(cwd, sizeof(cwd)) == NULL) 632 fatal("%s: getcwd: %s", __func__, strerror(errno)); 633 xasprintf(&ret, "%s/%s", cwd, expanded); 634 free(expanded); 635 return ret; 636 } 637 638 static void 639 add_listen_addr(ServerOptions *options, char *addr, int port) 640 { 641 u_int i; 642 643 if (port == 0) 644 for (i = 0; i < options->num_ports; i++) 645 add_one_listen_addr(options, addr, options->ports[i]); 646 else 647 add_one_listen_addr(options, addr, port); 648 } 649 650 static void 651 add_one_listen_addr(ServerOptions *options, char *addr, int port) 652 { 653 struct addrinfo hints, *ai, *aitop; 654 char strport[NI_MAXSERV]; 655 int gaierr; 656 657 memset(&hints, 0, sizeof(hints)); 658 hints.ai_family = options->address_family; 659 hints.ai_socktype = SOCK_STREAM; 660 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 661 snprintf(strport, sizeof strport, "%d", port); 662 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 663 fatal("bad addr or host: %s (%s)", 664 addr ? addr : "<NULL>", 665 ssh_gai_strerror(gaierr)); 666 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 667 ; 668 ai->ai_next = options->listen_addrs; 669 options->listen_addrs = aitop; 670 } 671 672 /* 673 * Queue a ListenAddress to be processed once we have all of the Ports 674 * and AddressFamily options. 675 */ 676 static void 677 queue_listen_addr(ServerOptions *options, char *addr, int port) 678 { 679 options->queued_listen_addrs = xreallocarray( 680 options->queued_listen_addrs, options->num_queued_listens + 1, 681 sizeof(addr)); 682 options->queued_listen_ports = xreallocarray( 683 options->queued_listen_ports, options->num_queued_listens + 1, 684 sizeof(port)); 685 options->queued_listen_addrs[options->num_queued_listens] = 686 xstrdup(addr); 687 options->queued_listen_ports[options->num_queued_listens] = port; 688 options->num_queued_listens++; 689 } 690 691 /* 692 * Process queued (text) ListenAddress entries. 693 */ 694 static void 695 process_queued_listen_addrs(ServerOptions *options) 696 { 697 u_int i; 698 699 if (options->num_ports == 0) 700 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 701 if (options->address_family == -1) 702 options->address_family = AF_UNSPEC; 703 704 for (i = 0; i < options->num_queued_listens; i++) { 705 add_listen_addr(options, options->queued_listen_addrs[i], 706 options->queued_listen_ports[i]); 707 free(options->queued_listen_addrs[i]); 708 options->queued_listen_addrs[i] = NULL; 709 } 710 free(options->queued_listen_addrs); 711 options->queued_listen_addrs = NULL; 712 free(options->queued_listen_ports); 713 options->queued_listen_ports = NULL; 714 options->num_queued_listens = 0; 715 } 716 717 struct connection_info * 718 get_connection_info(int populate, int use_dns) 719 { 720 static struct connection_info ci; 721 722 if (!populate) 723 return &ci; 724 ci.host = get_canonical_hostname(use_dns); 725 ci.address = get_remote_ipaddr(); 726 ci.laddress = get_local_ipaddr(packet_get_connection_in()); 727 ci.lport = get_local_port(); 728 return &ci; 729 } 730 731 /* 732 * The strategy for the Match blocks is that the config file is parsed twice. 733 * 734 * The first time is at startup. activep is initialized to 1 and the 735 * directives in the global context are processed and acted on. Hitting a 736 * Match directive unsets activep and the directives inside the block are 737 * checked for syntax only. 738 * 739 * The second time is after a connection has been established but before 740 * authentication. activep is initialized to 2 and global config directives 741 * are ignored since they have already been processed. If the criteria in a 742 * Match block is met, activep is set and the subsequent directives 743 * processed and actioned until EOF or another Match block unsets it. Any 744 * options set are copied into the main server config. 745 * 746 * Potential additions/improvements: 747 * - Add Match support for pre-kex directives, eg Protocol, Ciphers. 748 * 749 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 750 * Match Address 192.168.0.* 751 * Tag trusted 752 * Match Group wheel 753 * Tag trusted 754 * Match Tag trusted 755 * AllowTcpForwarding yes 756 * GatewayPorts clientspecified 757 * [...] 758 * 759 * - Add a PermittedChannelRequests directive 760 * Match Group shell 761 * PermittedChannelRequests session,forwarded-tcpip 762 */ 763 764 static int 765 match_cfg_line_group(const char *grps, int line, const char *user) 766 { 767 int result = 0; 768 struct passwd *pw; 769 770 if (user == NULL) 771 goto out; 772 773 if ((pw = getpwnam(user)) == NULL) { 774 debug("Can't match group at line %d because user %.100s does " 775 "not exist", line, user); 776 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 777 debug("Can't Match group because user %.100s not in any group " 778 "at line %d", user, line); 779 } else if (ga_match_pattern_list(grps) != 1) { 780 debug("user %.100s does not match group list %.100s at line %d", 781 user, grps, line); 782 } else { 783 debug("user %.100s matched group list %.100s at line %d", user, 784 grps, line); 785 result = 1; 786 } 787 out: 788 ga_free(); 789 return result; 790 } 791 792 /* 793 * All of the attributes on a single Match line are ANDed together, so we need 794 * to check every attribute and set the result to zero if any attribute does 795 * not match. 796 */ 797 static int 798 match_cfg_line(char **condition, int line, struct connection_info *ci) 799 { 800 int result = 1, attributes = 0, port; 801 char *arg, *attrib, *cp = *condition; 802 803 if (ci == NULL) 804 debug3("checking syntax for 'Match %s'", cp); 805 else 806 debug3("checking match for '%s' user %s host %s addr %s " 807 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 808 ci->host ? ci->host : "(null)", 809 ci->address ? ci->address : "(null)", 810 ci->laddress ? ci->laddress : "(null)", ci->lport); 811 812 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 813 attributes++; 814 if (strcasecmp(attrib, "all") == 0) { 815 if (attributes != 1 || 816 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 817 error("'all' cannot be combined with other " 818 "Match attributes"); 819 return -1; 820 } 821 *condition = cp; 822 return 1; 823 } 824 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 825 error("Missing Match criteria for %s", attrib); 826 return -1; 827 } 828 if (strcasecmp(attrib, "user") == 0) { 829 if (ci == NULL || ci->user == NULL) { 830 result = 0; 831 continue; 832 } 833 if (match_pattern_list(ci->user, arg, 0) != 1) 834 result = 0; 835 else 836 debug("user %.100s matched 'User %.100s' at " 837 "line %d", ci->user, arg, line); 838 } else if (strcasecmp(attrib, "group") == 0) { 839 if (ci == NULL || ci->user == NULL) { 840 result = 0; 841 continue; 842 } 843 switch (match_cfg_line_group(arg, line, ci->user)) { 844 case -1: 845 return -1; 846 case 0: 847 result = 0; 848 } 849 } else if (strcasecmp(attrib, "host") == 0) { 850 if (ci == NULL || ci->host == NULL) { 851 result = 0; 852 continue; 853 } 854 if (match_hostname(ci->host, arg) != 1) 855 result = 0; 856 else 857 debug("connection from %.100s matched 'Host " 858 "%.100s' at line %d", ci->host, arg, line); 859 } else if (strcasecmp(attrib, "address") == 0) { 860 if (ci == NULL || ci->address == NULL) { 861 result = 0; 862 continue; 863 } 864 switch (addr_match_list(ci->address, arg)) { 865 case 1: 866 debug("connection from %.100s matched 'Address " 867 "%.100s' at line %d", ci->address, arg, line); 868 break; 869 case 0: 870 case -1: 871 result = 0; 872 break; 873 case -2: 874 return -1; 875 } 876 } else if (strcasecmp(attrib, "localaddress") == 0){ 877 if (ci == NULL || ci->laddress == NULL) { 878 result = 0; 879 continue; 880 } 881 switch (addr_match_list(ci->laddress, arg)) { 882 case 1: 883 debug("connection from %.100s matched " 884 "'LocalAddress %.100s' at line %d", 885 ci->laddress, arg, line); 886 break; 887 case 0: 888 case -1: 889 result = 0; 890 break; 891 case -2: 892 return -1; 893 } 894 } else if (strcasecmp(attrib, "localport") == 0) { 895 if ((port = a2port(arg)) == -1) { 896 error("Invalid LocalPort '%s' on Match line", 897 arg); 898 return -1; 899 } 900 if (ci == NULL || ci->lport == 0) { 901 result = 0; 902 continue; 903 } 904 /* TODO support port lists */ 905 if (port == ci->lport) 906 debug("connection from %.100s matched " 907 "'LocalPort %d' at line %d", 908 ci->laddress, port, line); 909 else 910 result = 0; 911 } else { 912 error("Unsupported Match attribute %s", attrib); 913 return -1; 914 } 915 } 916 if (attributes == 0) { 917 error("One or more attributes required for Match"); 918 return -1; 919 } 920 if (ci != NULL) 921 debug3("match %sfound", result ? "" : "not "); 922 *condition = cp; 923 return result; 924 } 925 926 #define WHITESPACE " \t\r\n" 927 928 /* Multistate option parsing */ 929 struct multistate { 930 char *key; 931 int value; 932 }; 933 static const struct multistate multistate_addressfamily[] = { 934 { "inet", AF_INET }, 935 { "inet6", AF_INET6 }, 936 { "any", AF_UNSPEC }, 937 { NULL, -1 } 938 }; 939 static const struct multistate multistate_permitrootlogin[] = { 940 { "without-password", PERMIT_NO_PASSWD }, 941 { "prohibit-password", PERMIT_NO_PASSWD }, 942 { "forced-commands-only", PERMIT_FORCED_ONLY }, 943 { "yes", PERMIT_YES }, 944 { "no", PERMIT_NO }, 945 { NULL, -1 } 946 }; 947 static const struct multistate multistate_compression[] = { 948 { "delayed", COMP_DELAYED }, 949 { "yes", COMP_ZLIB }, 950 { "no", COMP_NONE }, 951 { NULL, -1 } 952 }; 953 static const struct multistate multistate_gatewayports[] = { 954 { "clientspecified", 2 }, 955 { "yes", 1 }, 956 { "no", 0 }, 957 { NULL, -1 } 958 }; 959 static const struct multistate multistate_privsep[] = { 960 { "yes", PRIVSEP_NOSANDBOX }, 961 { "sandbox", PRIVSEP_ON }, 962 { "nosandbox", PRIVSEP_NOSANDBOX }, 963 { "no", PRIVSEP_OFF }, 964 { NULL, -1 } 965 }; 966 static const struct multistate multistate_tcpfwd[] = { 967 { "yes", FORWARD_ALLOW }, 968 { "all", FORWARD_ALLOW }, 969 { "no", FORWARD_DENY }, 970 { "remote", FORWARD_REMOTE }, 971 { "local", FORWARD_LOCAL }, 972 { NULL, -1 } 973 }; 974 975 int 976 process_server_config_line(ServerOptions *options, char *line, 977 const char *filename, int linenum, int *activep, 978 struct connection_info *connectinfo) 979 { 980 char *cp, **charptr, *arg, *p; 981 int cmdline = 0, *intptr, value, value2, n, port; 982 SyslogFacility *log_facility_ptr; 983 LogLevel *log_level_ptr; 984 ServerOpCodes opcode; 985 u_int i, flags = 0; 986 size_t len; 987 long long val64; 988 const struct multistate *multistate_ptr; 989 990 cp = line; 991 if ((arg = strdelim(&cp)) == NULL) 992 return 0; 993 /* Ignore leading whitespace */ 994 if (*arg == '\0') 995 arg = strdelim(&cp); 996 if (!arg || !*arg || *arg == '#') 997 return 0; 998 intptr = NULL; 999 charptr = NULL; 1000 opcode = parse_token(arg, filename, linenum, &flags); 1001 1002 if (activep == NULL) { /* We are processing a command line directive */ 1003 cmdline = 1; 1004 activep = &cmdline; 1005 } 1006 if (*activep && opcode != sMatch) 1007 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 1008 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1009 if (connectinfo == NULL) { 1010 fatal("%s line %d: Directive '%s' is not allowed " 1011 "within a Match block", filename, linenum, arg); 1012 } else { /* this is a directive we have already processed */ 1013 while (arg) 1014 arg = strdelim(&cp); 1015 return 0; 1016 } 1017 } 1018 1019 switch (opcode) { 1020 /* Portable-specific options */ 1021 case sUsePAM: 1022 intptr = &options->use_pam; 1023 goto parse_flag; 1024 1025 /* Standard Options */ 1026 case sBadOption: 1027 return -1; 1028 case sPort: 1029 /* ignore ports from configfile if cmdline specifies ports */ 1030 if (options->ports_from_cmdline) 1031 return 0; 1032 if (options->num_ports >= MAX_PORTS) 1033 fatal("%s line %d: too many ports.", 1034 filename, linenum); 1035 arg = strdelim(&cp); 1036 if (!arg || *arg == '\0') 1037 fatal("%s line %d: missing port number.", 1038 filename, linenum); 1039 options->ports[options->num_ports++] = a2port(arg); 1040 if (options->ports[options->num_ports-1] <= 0) 1041 fatal("%s line %d: Badly formatted port number.", 1042 filename, linenum); 1043 break; 1044 1045 case sServerKeyBits: 1046 intptr = &options->server_key_bits; 1047 parse_int: 1048 arg = strdelim(&cp); 1049 if (!arg || *arg == '\0') 1050 fatal("%s line %d: missing integer value.", 1051 filename, linenum); 1052 value = atoi(arg); 1053 if (*activep && *intptr == -1) 1054 *intptr = value; 1055 break; 1056 1057 case sLoginGraceTime: 1058 intptr = &options->login_grace_time; 1059 parse_time: 1060 arg = strdelim(&cp); 1061 if (!arg || *arg == '\0') 1062 fatal("%s line %d: missing time value.", 1063 filename, linenum); 1064 if ((value = convtime(arg)) == -1) 1065 fatal("%s line %d: invalid time value.", 1066 filename, linenum); 1067 if (*activep && *intptr == -1) 1068 *intptr = value; 1069 break; 1070 1071 case sKeyRegenerationTime: 1072 intptr = &options->key_regeneration_time; 1073 goto parse_time; 1074 1075 case sListenAddress: 1076 arg = strdelim(&cp); 1077 if (arg == NULL || *arg == '\0') 1078 fatal("%s line %d: missing address", 1079 filename, linenum); 1080 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1081 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1082 && strchr(p+1, ':') != NULL) { 1083 queue_listen_addr(options, arg, 0); 1084 break; 1085 } 1086 p = hpdelim(&arg); 1087 if (p == NULL) 1088 fatal("%s line %d: bad address:port usage", 1089 filename, linenum); 1090 p = cleanhostname(p); 1091 if (arg == NULL) 1092 port = 0; 1093 else if ((port = a2port(arg)) <= 0) 1094 fatal("%s line %d: bad port number", filename, linenum); 1095 1096 queue_listen_addr(options, p, port); 1097 1098 break; 1099 1100 case sAddressFamily: 1101 intptr = &options->address_family; 1102 multistate_ptr = multistate_addressfamily; 1103 parse_multistate: 1104 arg = strdelim(&cp); 1105 if (!arg || *arg == '\0') 1106 fatal("%s line %d: missing argument.", 1107 filename, linenum); 1108 value = -1; 1109 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1110 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1111 value = multistate_ptr[i].value; 1112 break; 1113 } 1114 } 1115 if (value == -1) 1116 fatal("%s line %d: unsupported option \"%s\".", 1117 filename, linenum, arg); 1118 if (*activep && *intptr == -1) 1119 *intptr = value; 1120 break; 1121 1122 case sHostKeyFile: 1123 intptr = &options->num_host_key_files; 1124 if (*intptr >= MAX_HOSTKEYS) 1125 fatal("%s line %d: too many host keys specified (max %d).", 1126 filename, linenum, MAX_HOSTKEYS); 1127 charptr = &options->host_key_files[*intptr]; 1128 parse_filename: 1129 arg = strdelim(&cp); 1130 if (!arg || *arg == '\0') 1131 fatal("%s line %d: missing file name.", 1132 filename, linenum); 1133 if (*activep && *charptr == NULL) { 1134 *charptr = derelativise_path(arg); 1135 /* increase optional counter */ 1136 if (intptr != NULL) 1137 *intptr = *intptr + 1; 1138 } 1139 break; 1140 1141 case sHostKeyAgent: 1142 charptr = &options->host_key_agent; 1143 arg = strdelim(&cp); 1144 if (!arg || *arg == '\0') 1145 fatal("%s line %d: missing socket name.", 1146 filename, linenum); 1147 if (*activep && *charptr == NULL) 1148 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1149 xstrdup(arg) : derelativise_path(arg); 1150 break; 1151 1152 case sHostCertificate: 1153 intptr = &options->num_host_cert_files; 1154 if (*intptr >= MAX_HOSTKEYS) 1155 fatal("%s line %d: too many host certificates " 1156 "specified (max %d).", filename, linenum, 1157 MAX_HOSTCERTS); 1158 charptr = &options->host_cert_files[*intptr]; 1159 goto parse_filename; 1160 break; 1161 1162 case sPidFile: 1163 charptr = &options->pid_file; 1164 goto parse_filename; 1165 1166 case sPermitRootLogin: 1167 intptr = &options->permit_root_login; 1168 multistate_ptr = multistate_permitrootlogin; 1169 goto parse_multistate; 1170 1171 case sIgnoreRhosts: 1172 intptr = &options->ignore_rhosts; 1173 parse_flag: 1174 arg = strdelim(&cp); 1175 if (!arg || *arg == '\0') 1176 fatal("%s line %d: missing yes/no argument.", 1177 filename, linenum); 1178 value = 0; /* silence compiler */ 1179 if (strcmp(arg, "yes") == 0) 1180 value = 1; 1181 else if (strcmp(arg, "no") == 0) 1182 value = 0; 1183 else 1184 fatal("%s line %d: Bad yes/no argument: %s", 1185 filename, linenum, arg); 1186 if (*activep && *intptr == -1) 1187 *intptr = value; 1188 break; 1189 1190 case sIgnoreUserKnownHosts: 1191 intptr = &options->ignore_user_known_hosts; 1192 goto parse_flag; 1193 1194 case sRhostsRSAAuthentication: 1195 intptr = &options->rhosts_rsa_authentication; 1196 goto parse_flag; 1197 1198 case sHostbasedAuthentication: 1199 intptr = &options->hostbased_authentication; 1200 goto parse_flag; 1201 1202 case sHostbasedUsesNameFromPacketOnly: 1203 intptr = &options->hostbased_uses_name_from_packet_only; 1204 goto parse_flag; 1205 1206 case sHostbasedAcceptedKeyTypes: 1207 charptr = &options->hostbased_key_types; 1208 parse_keytypes: 1209 arg = strdelim(&cp); 1210 if (!arg || *arg == '\0') 1211 fatal("%s line %d: Missing argument.", 1212 filename, linenum); 1213 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) 1214 fatal("%s line %d: Bad key types '%s'.", 1215 filename, linenum, arg ? arg : "<NONE>"); 1216 if (*activep && *charptr == NULL) 1217 *charptr = xstrdup(arg); 1218 break; 1219 1220 case sHostKeyAlgorithms: 1221 charptr = &options->hostkeyalgorithms; 1222 goto parse_keytypes; 1223 1224 case sRSAAuthentication: 1225 intptr = &options->rsa_authentication; 1226 goto parse_flag; 1227 1228 case sPubkeyAuthentication: 1229 intptr = &options->pubkey_authentication; 1230 goto parse_flag; 1231 1232 case sPubkeyAcceptedKeyTypes: 1233 charptr = &options->pubkey_key_types; 1234 goto parse_keytypes; 1235 1236 case sKerberosAuthentication: 1237 intptr = &options->kerberos_authentication; 1238 goto parse_flag; 1239 1240 case sKerberosOrLocalPasswd: 1241 intptr = &options->kerberos_or_local_passwd; 1242 goto parse_flag; 1243 1244 case sKerberosTicketCleanup: 1245 intptr = &options->kerberos_ticket_cleanup; 1246 goto parse_flag; 1247 1248 case sKerberosGetAFSToken: 1249 intptr = &options->kerberos_get_afs_token; 1250 goto parse_flag; 1251 1252 case sGssAuthentication: 1253 intptr = &options->gss_authentication; 1254 goto parse_flag; 1255 1256 case sGssCleanupCreds: 1257 intptr = &options->gss_cleanup_creds; 1258 goto parse_flag; 1259 1260 case sGssStrictAcceptor: 1261 intptr = &options->gss_strict_acceptor; 1262 goto parse_flag; 1263 1264 case sPasswordAuthentication: 1265 intptr = &options->password_authentication; 1266 goto parse_flag; 1267 1268 case sKbdInteractiveAuthentication: 1269 intptr = &options->kbd_interactive_authentication; 1270 goto parse_flag; 1271 1272 case sChallengeResponseAuthentication: 1273 intptr = &options->challenge_response_authentication; 1274 goto parse_flag; 1275 1276 case sPrintMotd: 1277 intptr = &options->print_motd; 1278 goto parse_flag; 1279 1280 case sPrintLastLog: 1281 intptr = &options->print_lastlog; 1282 goto parse_flag; 1283 1284 case sX11Forwarding: 1285 intptr = &options->x11_forwarding; 1286 goto parse_flag; 1287 1288 case sX11DisplayOffset: 1289 intptr = &options->x11_display_offset; 1290 goto parse_int; 1291 1292 case sX11UseLocalhost: 1293 intptr = &options->x11_use_localhost; 1294 goto parse_flag; 1295 1296 case sXAuthLocation: 1297 charptr = &options->xauth_location; 1298 goto parse_filename; 1299 1300 case sPermitTTY: 1301 intptr = &options->permit_tty; 1302 goto parse_flag; 1303 1304 case sPermitUserRC: 1305 intptr = &options->permit_user_rc; 1306 goto parse_flag; 1307 1308 case sStrictModes: 1309 intptr = &options->strict_modes; 1310 goto parse_flag; 1311 1312 case sTCPKeepAlive: 1313 intptr = &options->tcp_keep_alive; 1314 goto parse_flag; 1315 1316 case sEmptyPasswd: 1317 intptr = &options->permit_empty_passwd; 1318 goto parse_flag; 1319 1320 case sPermitUserEnvironment: 1321 intptr = &options->permit_user_env; 1322 goto parse_flag; 1323 1324 case sUseLogin: 1325 intptr = &options->use_login; 1326 goto parse_flag; 1327 1328 case sCompression: 1329 intptr = &options->compression; 1330 multistate_ptr = multistate_compression; 1331 goto parse_multistate; 1332 1333 case sRekeyLimit: 1334 arg = strdelim(&cp); 1335 if (!arg || *arg == '\0') 1336 fatal("%.200s line %d: Missing argument.", filename, 1337 linenum); 1338 if (strcmp(arg, "default") == 0) { 1339 val64 = 0; 1340 } else { 1341 if (scan_scaled(arg, &val64) == -1) 1342 fatal("%.200s line %d: Bad number '%s': %s", 1343 filename, linenum, arg, strerror(errno)); 1344 if (val64 != 0 && val64 < 16) 1345 fatal("%.200s line %d: RekeyLimit too small", 1346 filename, linenum); 1347 } 1348 if (*activep && options->rekey_limit == -1) 1349 options->rekey_limit = val64; 1350 if (cp != NULL) { /* optional rekey interval present */ 1351 if (strcmp(cp, "none") == 0) { 1352 (void)strdelim(&cp); /* discard */ 1353 break; 1354 } 1355 intptr = &options->rekey_interval; 1356 goto parse_time; 1357 } 1358 break; 1359 1360 case sGatewayPorts: 1361 intptr = &options->fwd_opts.gateway_ports; 1362 multistate_ptr = multistate_gatewayports; 1363 goto parse_multistate; 1364 1365 case sUseDNS: 1366 intptr = &options->use_dns; 1367 goto parse_flag; 1368 1369 case sLogFacility: 1370 log_facility_ptr = &options->log_facility; 1371 arg = strdelim(&cp); 1372 value = log_facility_number(arg); 1373 if (value == SYSLOG_FACILITY_NOT_SET) 1374 fatal("%.200s line %d: unsupported log facility '%s'", 1375 filename, linenum, arg ? arg : "<NONE>"); 1376 if (*log_facility_ptr == -1) 1377 *log_facility_ptr = (SyslogFacility) value; 1378 break; 1379 1380 case sLogLevel: 1381 log_level_ptr = &options->log_level; 1382 arg = strdelim(&cp); 1383 value = log_level_number(arg); 1384 if (value == SYSLOG_LEVEL_NOT_SET) 1385 fatal("%.200s line %d: unsupported log level '%s'", 1386 filename, linenum, arg ? arg : "<NONE>"); 1387 if (*log_level_ptr == -1) 1388 *log_level_ptr = (LogLevel) value; 1389 break; 1390 1391 case sAllowTcpForwarding: 1392 intptr = &options->allow_tcp_forwarding; 1393 multistate_ptr = multistate_tcpfwd; 1394 goto parse_multistate; 1395 1396 case sAllowStreamLocalForwarding: 1397 intptr = &options->allow_streamlocal_forwarding; 1398 multistate_ptr = multistate_tcpfwd; 1399 goto parse_multistate; 1400 1401 case sAllowAgentForwarding: 1402 intptr = &options->allow_agent_forwarding; 1403 goto parse_flag; 1404 1405 case sUsePrivilegeSeparation: 1406 intptr = &use_privsep; 1407 multistate_ptr = multistate_privsep; 1408 goto parse_multistate; 1409 1410 case sAllowUsers: 1411 while ((arg = strdelim(&cp)) && *arg != '\0') { 1412 if (options->num_allow_users >= MAX_ALLOW_USERS) 1413 fatal("%s line %d: too many allow users.", 1414 filename, linenum); 1415 if (!*activep) 1416 continue; 1417 options->allow_users[options->num_allow_users++] = 1418 xstrdup(arg); 1419 } 1420 break; 1421 1422 case sDenyUsers: 1423 while ((arg = strdelim(&cp)) && *arg != '\0') { 1424 if (options->num_deny_users >= MAX_DENY_USERS) 1425 fatal("%s line %d: too many deny users.", 1426 filename, linenum); 1427 if (!*activep) 1428 continue; 1429 options->deny_users[options->num_deny_users++] = 1430 xstrdup(arg); 1431 } 1432 break; 1433 1434 case sAllowGroups: 1435 while ((arg = strdelim(&cp)) && *arg != '\0') { 1436 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 1437 fatal("%s line %d: too many allow groups.", 1438 filename, linenum); 1439 if (!*activep) 1440 continue; 1441 options->allow_groups[options->num_allow_groups++] = 1442 xstrdup(arg); 1443 } 1444 break; 1445 1446 case sDenyGroups: 1447 while ((arg = strdelim(&cp)) && *arg != '\0') { 1448 if (options->num_deny_groups >= MAX_DENY_GROUPS) 1449 fatal("%s line %d: too many deny groups.", 1450 filename, linenum); 1451 if (!*activep) 1452 continue; 1453 options->deny_groups[options->num_deny_groups++] = 1454 xstrdup(arg); 1455 } 1456 break; 1457 1458 case sCiphers: 1459 arg = strdelim(&cp); 1460 if (!arg || *arg == '\0') 1461 fatal("%s line %d: Missing argument.", filename, linenum); 1462 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) 1463 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1464 filename, linenum, arg ? arg : "<NONE>"); 1465 if (options->ciphers == NULL) 1466 options->ciphers = xstrdup(arg); 1467 break; 1468 1469 case sMacs: 1470 arg = strdelim(&cp); 1471 if (!arg || *arg == '\0') 1472 fatal("%s line %d: Missing argument.", filename, linenum); 1473 if (!mac_valid(*arg == '+' ? arg + 1 : arg)) 1474 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1475 filename, linenum, arg ? arg : "<NONE>"); 1476 if (options->macs == NULL) 1477 options->macs = xstrdup(arg); 1478 break; 1479 1480 case sKexAlgorithms: 1481 arg = strdelim(&cp); 1482 if (!arg || *arg == '\0') 1483 fatal("%s line %d: Missing argument.", 1484 filename, linenum); 1485 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) 1486 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1487 filename, linenum, arg ? arg : "<NONE>"); 1488 if (options->kex_algorithms == NULL) 1489 options->kex_algorithms = xstrdup(arg); 1490 break; 1491 1492 case sProtocol: 1493 intptr = &options->protocol; 1494 arg = strdelim(&cp); 1495 if (!arg || *arg == '\0') 1496 fatal("%s line %d: Missing argument.", filename, linenum); 1497 value = proto_spec(arg); 1498 if (value == SSH_PROTO_UNKNOWN) 1499 fatal("%s line %d: Bad protocol spec '%s'.", 1500 filename, linenum, arg ? arg : "<NONE>"); 1501 if (*intptr == SSH_PROTO_UNKNOWN) 1502 *intptr = value; 1503 break; 1504 1505 case sSubsystem: 1506 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1507 fatal("%s line %d: too many subsystems defined.", 1508 filename, linenum); 1509 } 1510 arg = strdelim(&cp); 1511 if (!arg || *arg == '\0') 1512 fatal("%s line %d: Missing subsystem name.", 1513 filename, linenum); 1514 if (!*activep) { 1515 arg = strdelim(&cp); 1516 break; 1517 } 1518 for (i = 0; i < options->num_subsystems; i++) 1519 if (strcmp(arg, options->subsystem_name[i]) == 0) 1520 fatal("%s line %d: Subsystem '%s' already defined.", 1521 filename, linenum, arg); 1522 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1523 arg = strdelim(&cp); 1524 if (!arg || *arg == '\0') 1525 fatal("%s line %d: Missing subsystem command.", 1526 filename, linenum); 1527 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1528 1529 /* Collect arguments (separate to executable) */ 1530 p = xstrdup(arg); 1531 len = strlen(p) + 1; 1532 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1533 len += 1 + strlen(arg); 1534 p = xreallocarray(p, 1, len); 1535 strlcat(p, " ", len); 1536 strlcat(p, arg, len); 1537 } 1538 options->subsystem_args[options->num_subsystems] = p; 1539 options->num_subsystems++; 1540 break; 1541 1542 case sMaxStartups: 1543 arg = strdelim(&cp); 1544 if (!arg || *arg == '\0') 1545 fatal("%s line %d: Missing MaxStartups spec.", 1546 filename, linenum); 1547 if ((n = sscanf(arg, "%d:%d:%d", 1548 &options->max_startups_begin, 1549 &options->max_startups_rate, 1550 &options->max_startups)) == 3) { 1551 if (options->max_startups_begin > 1552 options->max_startups || 1553 options->max_startups_rate > 100 || 1554 options->max_startups_rate < 1) 1555 fatal("%s line %d: Illegal MaxStartups spec.", 1556 filename, linenum); 1557 } else if (n != 1) 1558 fatal("%s line %d: Illegal MaxStartups spec.", 1559 filename, linenum); 1560 else 1561 options->max_startups = options->max_startups_begin; 1562 break; 1563 1564 case sMaxAuthTries: 1565 intptr = &options->max_authtries; 1566 goto parse_int; 1567 1568 case sMaxSessions: 1569 intptr = &options->max_sessions; 1570 goto parse_int; 1571 1572 case sBanner: 1573 charptr = &options->banner; 1574 goto parse_filename; 1575 1576 /* 1577 * These options can contain %X options expanded at 1578 * connect time, so that you can specify paths like: 1579 * 1580 * AuthorizedKeysFile /etc/ssh_keys/%u 1581 */ 1582 case sAuthorizedKeysFile: 1583 if (*activep && options->num_authkeys_files == 0) { 1584 while ((arg = strdelim(&cp)) && *arg != '\0') { 1585 if (options->num_authkeys_files >= 1586 MAX_AUTHKEYS_FILES) 1587 fatal("%s line %d: " 1588 "too many authorized keys files.", 1589 filename, linenum); 1590 options->authorized_keys_files[ 1591 options->num_authkeys_files++] = 1592 tilde_expand_filename(arg, getuid()); 1593 } 1594 } 1595 return 0; 1596 1597 case sAuthorizedPrincipalsFile: 1598 charptr = &options->authorized_principals_file; 1599 arg = strdelim(&cp); 1600 if (!arg || *arg == '\0') 1601 fatal("%s line %d: missing file name.", 1602 filename, linenum); 1603 if (*activep && *charptr == NULL) { 1604 *charptr = tilde_expand_filename(arg, getuid()); 1605 /* increase optional counter */ 1606 if (intptr != NULL) 1607 *intptr = *intptr + 1; 1608 } 1609 break; 1610 1611 case sClientAliveInterval: 1612 intptr = &options->client_alive_interval; 1613 goto parse_time; 1614 1615 case sClientAliveCountMax: 1616 intptr = &options->client_alive_count_max; 1617 goto parse_int; 1618 1619 case sAcceptEnv: 1620 while ((arg = strdelim(&cp)) && *arg != '\0') { 1621 if (strchr(arg, '=') != NULL) 1622 fatal("%s line %d: Invalid environment name.", 1623 filename, linenum); 1624 if (options->num_accept_env >= MAX_ACCEPT_ENV) 1625 fatal("%s line %d: too many allow env.", 1626 filename, linenum); 1627 if (!*activep) 1628 continue; 1629 options->accept_env[options->num_accept_env++] = 1630 xstrdup(arg); 1631 } 1632 break; 1633 1634 case sPermitTunnel: 1635 intptr = &options->permit_tun; 1636 arg = strdelim(&cp); 1637 if (!arg || *arg == '\0') 1638 fatal("%s line %d: Missing yes/point-to-point/" 1639 "ethernet/no argument.", filename, linenum); 1640 value = -1; 1641 for (i = 0; tunmode_desc[i].val != -1; i++) 1642 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1643 value = tunmode_desc[i].val; 1644 break; 1645 } 1646 if (value == -1) 1647 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1648 "no argument: %s", filename, linenum, arg); 1649 if (*activep && *intptr == -1) 1650 *intptr = value; 1651 break; 1652 1653 case sMatch: 1654 if (cmdline) 1655 fatal("Match directive not supported as a command-line " 1656 "option"); 1657 value = match_cfg_line(&cp, linenum, connectinfo); 1658 if (value < 0) 1659 fatal("%s line %d: Bad Match condition", filename, 1660 linenum); 1661 *activep = value; 1662 break; 1663 1664 case sPermitOpen: 1665 arg = strdelim(&cp); 1666 if (!arg || *arg == '\0') 1667 fatal("%s line %d: missing PermitOpen specification", 1668 filename, linenum); 1669 n = options->num_permitted_opens; /* modified later */ 1670 if (strcmp(arg, "any") == 0) { 1671 if (*activep && n == -1) { 1672 channel_clear_adm_permitted_opens(); 1673 options->num_permitted_opens = 0; 1674 } 1675 break; 1676 } 1677 if (strcmp(arg, "none") == 0) { 1678 if (*activep && n == -1) { 1679 options->num_permitted_opens = 1; 1680 channel_disable_adm_local_opens(); 1681 } 1682 break; 1683 } 1684 if (*activep && n == -1) 1685 channel_clear_adm_permitted_opens(); 1686 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 1687 p = hpdelim(&arg); 1688 if (p == NULL) 1689 fatal("%s line %d: missing host in PermitOpen", 1690 filename, linenum); 1691 p = cleanhostname(p); 1692 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 1693 fatal("%s line %d: bad port number in " 1694 "PermitOpen", filename, linenum); 1695 if (*activep && n == -1) 1696 options->num_permitted_opens = 1697 channel_add_adm_permitted_opens(p, port); 1698 } 1699 break; 1700 1701 case sForceCommand: 1702 if (cp == NULL || *cp == '\0') 1703 fatal("%.200s line %d: Missing argument.", filename, 1704 linenum); 1705 len = strspn(cp, WHITESPACE); 1706 if (*activep && options->adm_forced_command == NULL) 1707 options->adm_forced_command = xstrdup(cp + len); 1708 return 0; 1709 1710 case sChrootDirectory: 1711 charptr = &options->chroot_directory; 1712 1713 arg = strdelim(&cp); 1714 if (!arg || *arg == '\0') 1715 fatal("%s line %d: missing file name.", 1716 filename, linenum); 1717 if (*activep && *charptr == NULL) 1718 *charptr = xstrdup(arg); 1719 break; 1720 1721 case sTrustedUserCAKeys: 1722 charptr = &options->trusted_user_ca_keys; 1723 goto parse_filename; 1724 1725 case sRevokedKeys: 1726 charptr = &options->revoked_keys_file; 1727 goto parse_filename; 1728 1729 case sIPQoS: 1730 arg = strdelim(&cp); 1731 if ((value = parse_ipqos(arg)) == -1) 1732 fatal("%s line %d: Bad IPQoS value: %s", 1733 filename, linenum, arg); 1734 arg = strdelim(&cp); 1735 if (arg == NULL) 1736 value2 = value; 1737 else if ((value2 = parse_ipqos(arg)) == -1) 1738 fatal("%s line %d: Bad IPQoS value: %s", 1739 filename, linenum, arg); 1740 if (*activep) { 1741 options->ip_qos_interactive = value; 1742 options->ip_qos_bulk = value2; 1743 } 1744 break; 1745 1746 case sVersionAddendum: 1747 if (cp == NULL || *cp == '\0') 1748 fatal("%.200s line %d: Missing argument.", filename, 1749 linenum); 1750 len = strspn(cp, WHITESPACE); 1751 if (*activep && options->version_addendum == NULL) { 1752 if (strcasecmp(cp + len, "none") == 0) 1753 options->version_addendum = xstrdup(""); 1754 else if (strchr(cp + len, '\r') != NULL) 1755 fatal("%.200s line %d: Invalid argument", 1756 filename, linenum); 1757 else 1758 options->version_addendum = xstrdup(cp + len); 1759 } 1760 return 0; 1761 1762 case sAuthorizedKeysCommand: 1763 if (cp == NULL) 1764 fatal("%.200s line %d: Missing argument.", filename, 1765 linenum); 1766 len = strspn(cp, WHITESPACE); 1767 if (*activep && options->authorized_keys_command == NULL) { 1768 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 1769 fatal("%.200s line %d: AuthorizedKeysCommand " 1770 "must be an absolute path", 1771 filename, linenum); 1772 options->authorized_keys_command = xstrdup(cp + len); 1773 } 1774 return 0; 1775 1776 case sAuthorizedKeysCommandUser: 1777 charptr = &options->authorized_keys_command_user; 1778 1779 arg = strdelim(&cp); 1780 if (!arg || *arg == '\0') 1781 fatal("%s line %d: missing AuthorizedKeysCommandUser " 1782 "argument.", filename, linenum); 1783 if (*activep && *charptr == NULL) 1784 *charptr = xstrdup(arg); 1785 break; 1786 1787 case sAuthorizedPrincipalsCommand: 1788 if (cp == NULL) 1789 fatal("%.200s line %d: Missing argument.", filename, 1790 linenum); 1791 len = strspn(cp, WHITESPACE); 1792 if (*activep && 1793 options->authorized_principals_command == NULL) { 1794 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 1795 fatal("%.200s line %d: " 1796 "AuthorizedPrincipalsCommand must be " 1797 "an absolute path", filename, linenum); 1798 options->authorized_principals_command = 1799 xstrdup(cp + len); 1800 } 1801 return 0; 1802 1803 case sAuthorizedPrincipalsCommandUser: 1804 charptr = &options->authorized_principals_command_user; 1805 1806 arg = strdelim(&cp); 1807 if (!arg || *arg == '\0') 1808 fatal("%s line %d: missing " 1809 "AuthorizedPrincipalsCommandUser argument.", 1810 filename, linenum); 1811 if (*activep && *charptr == NULL) 1812 *charptr = xstrdup(arg); 1813 break; 1814 1815 case sAuthenticationMethods: 1816 if (options->num_auth_methods == 0) { 1817 while ((arg = strdelim(&cp)) && *arg != '\0') { 1818 if (options->num_auth_methods >= 1819 MAX_AUTH_METHODS) 1820 fatal("%s line %d: " 1821 "too many authentication methods.", 1822 filename, linenum); 1823 if (auth2_methods_valid(arg, 0) != 0) 1824 fatal("%s line %d: invalid " 1825 "authentication method list.", 1826 filename, linenum); 1827 if (!*activep) 1828 continue; 1829 options->auth_methods[ 1830 options->num_auth_methods++] = xstrdup(arg); 1831 } 1832 } 1833 return 0; 1834 1835 case sStreamLocalBindMask: 1836 arg = strdelim(&cp); 1837 if (!arg || *arg == '\0') 1838 fatal("%s line %d: missing StreamLocalBindMask " 1839 "argument.", filename, linenum); 1840 /* Parse mode in octal format */ 1841 value = strtol(arg, &p, 8); 1842 if (arg == p || value < 0 || value > 0777) 1843 fatal("%s line %d: Bad mask.", filename, linenum); 1844 if (*activep) 1845 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 1846 break; 1847 1848 case sStreamLocalBindUnlink: 1849 intptr = &options->fwd_opts.streamlocal_bind_unlink; 1850 goto parse_flag; 1851 1852 case sFingerprintHash: 1853 arg = strdelim(&cp); 1854 if (!arg || *arg == '\0') 1855 fatal("%.200s line %d: Missing argument.", 1856 filename, linenum); 1857 if ((value = ssh_digest_alg_by_name(arg)) == -1) 1858 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 1859 filename, linenum, arg); 1860 if (*activep) 1861 options->fingerprint_hash = value; 1862 break; 1863 1864 case sDeprecated: 1865 logit("%s line %d: Deprecated option %s", 1866 filename, linenum, arg); 1867 while (arg) 1868 arg = strdelim(&cp); 1869 break; 1870 1871 case sUnsupported: 1872 logit("%s line %d: Unsupported option %s", 1873 filename, linenum, arg); 1874 while (arg) 1875 arg = strdelim(&cp); 1876 break; 1877 1878 default: 1879 fatal("%s line %d: Missing handler for opcode %s (%d)", 1880 filename, linenum, arg, opcode); 1881 } 1882 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 1883 fatal("%s line %d: garbage at end of line; \"%.200s\".", 1884 filename, linenum, arg); 1885 return 0; 1886 } 1887 1888 /* Reads the server configuration file. */ 1889 1890 void 1891 load_server_config(const char *filename, Buffer *conf) 1892 { 1893 char line[4096], *cp; 1894 FILE *f; 1895 int lineno = 0; 1896 1897 debug2("%s: filename %s", __func__, filename); 1898 if ((f = fopen(filename, "r")) == NULL) { 1899 perror(filename); 1900 exit(1); 1901 } 1902 buffer_clear(conf); 1903 while (fgets(line, sizeof(line), f)) { 1904 lineno++; 1905 if (strlen(line) == sizeof(line) - 1) 1906 fatal("%s line %d too long", filename, lineno); 1907 /* 1908 * Trim out comments and strip whitespace 1909 * NB - preserve newlines, they are needed to reproduce 1910 * line numbers later for error messages 1911 */ 1912 if ((cp = strchr(line, '#')) != NULL) 1913 memcpy(cp, "\n", 2); 1914 cp = line + strspn(line, " \t\r"); 1915 1916 buffer_append(conf, cp, strlen(cp)); 1917 } 1918 buffer_append(conf, "\0", 1); 1919 fclose(f); 1920 debug2("%s: done config len = %d", __func__, buffer_len(conf)); 1921 } 1922 1923 void 1924 parse_server_match_config(ServerOptions *options, 1925 struct connection_info *connectinfo) 1926 { 1927 ServerOptions mo; 1928 1929 initialize_server_options(&mo); 1930 parse_server_config(&mo, "reprocess config", &cfg, connectinfo); 1931 copy_set_server_options(options, &mo, 0); 1932 } 1933 1934 int parse_server_match_testspec(struct connection_info *ci, char *spec) 1935 { 1936 char *p; 1937 1938 while ((p = strsep(&spec, ",")) && *p != '\0') { 1939 if (strncmp(p, "addr=", 5) == 0) { 1940 ci->address = xstrdup(p + 5); 1941 } else if (strncmp(p, "host=", 5) == 0) { 1942 ci->host = xstrdup(p + 5); 1943 } else if (strncmp(p, "user=", 5) == 0) { 1944 ci->user = xstrdup(p + 5); 1945 } else if (strncmp(p, "laddr=", 6) == 0) { 1946 ci->laddress = xstrdup(p + 6); 1947 } else if (strncmp(p, "lport=", 6) == 0) { 1948 ci->lport = a2port(p + 6); 1949 if (ci->lport == -1) { 1950 fprintf(stderr, "Invalid port '%s' in test mode" 1951 " specification %s\n", p+6, p); 1952 return -1; 1953 } 1954 } else { 1955 fprintf(stderr, "Invalid test mode specification %s\n", 1956 p); 1957 return -1; 1958 } 1959 } 1960 return 0; 1961 } 1962 1963 /* 1964 * returns 1 for a complete spec, 0 for partial spec and -1 for an 1965 * empty spec. 1966 */ 1967 int server_match_spec_complete(struct connection_info *ci) 1968 { 1969 if (ci->user && ci->host && ci->address) 1970 return 1; /* complete */ 1971 if (!ci->user && !ci->host && !ci->address) 1972 return -1; /* empty */ 1973 return 0; /* partial */ 1974 } 1975 1976 /* 1977 * Copy any supported values that are set. 1978 * 1979 * If the preauth flag is set, we do not bother copying the string or 1980 * array values that are not used pre-authentication, because any that we 1981 * do use must be explictly sent in mm_getpwnamallow(). 1982 */ 1983 void 1984 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 1985 { 1986 #define M_CP_INTOPT(n) do {\ 1987 if (src->n != -1) \ 1988 dst->n = src->n; \ 1989 } while (0) 1990 1991 M_CP_INTOPT(password_authentication); 1992 M_CP_INTOPT(gss_authentication); 1993 M_CP_INTOPT(rsa_authentication); 1994 M_CP_INTOPT(pubkey_authentication); 1995 M_CP_INTOPT(kerberos_authentication); 1996 M_CP_INTOPT(hostbased_authentication); 1997 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 1998 M_CP_INTOPT(kbd_interactive_authentication); 1999 M_CP_INTOPT(permit_root_login); 2000 M_CP_INTOPT(permit_empty_passwd); 2001 2002 M_CP_INTOPT(allow_tcp_forwarding); 2003 M_CP_INTOPT(allow_streamlocal_forwarding); 2004 M_CP_INTOPT(allow_agent_forwarding); 2005 M_CP_INTOPT(permit_tun); 2006 M_CP_INTOPT(fwd_opts.gateway_ports); 2007 M_CP_INTOPT(x11_display_offset); 2008 M_CP_INTOPT(x11_forwarding); 2009 M_CP_INTOPT(x11_use_localhost); 2010 M_CP_INTOPT(permit_tty); 2011 M_CP_INTOPT(permit_user_rc); 2012 M_CP_INTOPT(max_sessions); 2013 M_CP_INTOPT(max_authtries); 2014 M_CP_INTOPT(ip_qos_interactive); 2015 M_CP_INTOPT(ip_qos_bulk); 2016 M_CP_INTOPT(rekey_limit); 2017 M_CP_INTOPT(rekey_interval); 2018 2019 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2020 #define M_CP_STROPT(n) do {\ 2021 if (src->n != NULL && dst->n != src->n) { \ 2022 free(dst->n); \ 2023 dst->n = src->n; \ 2024 } \ 2025 } while(0) 2026 #define M_CP_STRARRAYOPT(n, num_n) do {\ 2027 if (src->num_n != 0) { \ 2028 for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ 2029 dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ 2030 } \ 2031 } while(0) 2032 2033 /* See comment in servconf.h */ 2034 COPY_MATCH_STRING_OPTS(); 2035 2036 /* Arguments that accept '+...' need to be expanded */ 2037 assemble_algorithms(dst); 2038 2039 /* 2040 * The only things that should be below this point are string options 2041 * which are only used after authentication. 2042 */ 2043 if (preauth) 2044 return; 2045 2046 /* These options may be "none" to clear a global setting */ 2047 M_CP_STROPT(adm_forced_command); 2048 if (option_clear_or_none(dst->adm_forced_command)) { 2049 free(dst->adm_forced_command); 2050 dst->adm_forced_command = NULL; 2051 } 2052 M_CP_STROPT(chroot_directory); 2053 if (option_clear_or_none(dst->chroot_directory)) { 2054 free(dst->chroot_directory); 2055 dst->chroot_directory = NULL; 2056 } 2057 } 2058 2059 #undef M_CP_INTOPT 2060 #undef M_CP_STROPT 2061 #undef M_CP_STRARRAYOPT 2062 2063 void 2064 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 2065 struct connection_info *connectinfo) 2066 { 2067 int active, linenum, bad_options = 0; 2068 char *cp, *obuf, *cbuf; 2069 2070 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 2071 2072 obuf = cbuf = xstrdup(buffer_ptr(conf)); 2073 active = connectinfo ? 0 : 1; 2074 linenum = 1; 2075 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2076 if (process_server_config_line(options, cp, filename, 2077 linenum++, &active, connectinfo) != 0) 2078 bad_options++; 2079 } 2080 free(obuf); 2081 if (bad_options > 0) 2082 fatal("%s: terminating, %d bad configuration options", 2083 filename, bad_options); 2084 process_queued_listen_addrs(options); 2085 } 2086 2087 static const char * 2088 fmt_multistate_int(int val, const struct multistate *m) 2089 { 2090 u_int i; 2091 2092 for (i = 0; m[i].key != NULL; i++) { 2093 if (m[i].value == val) 2094 return m[i].key; 2095 } 2096 return "UNKNOWN"; 2097 } 2098 2099 static const char * 2100 fmt_intarg(ServerOpCodes code, int val) 2101 { 2102 if (val == -1) 2103 return "unset"; 2104 switch (code) { 2105 case sAddressFamily: 2106 return fmt_multistate_int(val, multistate_addressfamily); 2107 case sPermitRootLogin: 2108 return fmt_multistate_int(val, multistate_permitrootlogin); 2109 case sGatewayPorts: 2110 return fmt_multistate_int(val, multistate_gatewayports); 2111 case sCompression: 2112 return fmt_multistate_int(val, multistate_compression); 2113 case sUsePrivilegeSeparation: 2114 return fmt_multistate_int(val, multistate_privsep); 2115 case sAllowTcpForwarding: 2116 return fmt_multistate_int(val, multistate_tcpfwd); 2117 case sAllowStreamLocalForwarding: 2118 return fmt_multistate_int(val, multistate_tcpfwd); 2119 case sFingerprintHash: 2120 return ssh_digest_alg_name(val); 2121 case sProtocol: 2122 switch (val) { 2123 case SSH_PROTO_1: 2124 return "1"; 2125 case SSH_PROTO_2: 2126 return "2"; 2127 case (SSH_PROTO_1|SSH_PROTO_2): 2128 return "2,1"; 2129 default: 2130 return "UNKNOWN"; 2131 } 2132 default: 2133 switch (val) { 2134 case 0: 2135 return "no"; 2136 case 1: 2137 return "yes"; 2138 default: 2139 return "UNKNOWN"; 2140 } 2141 } 2142 } 2143 2144 static const char * 2145 lookup_opcode_name(ServerOpCodes code) 2146 { 2147 u_int i; 2148 2149 for (i = 0; keywords[i].name != NULL; i++) 2150 if (keywords[i].opcode == code) 2151 return(keywords[i].name); 2152 return "UNKNOWN"; 2153 } 2154 2155 static void 2156 dump_cfg_int(ServerOpCodes code, int val) 2157 { 2158 printf("%s %d\n", lookup_opcode_name(code), val); 2159 } 2160 2161 static void 2162 dump_cfg_oct(ServerOpCodes code, int val) 2163 { 2164 printf("%s 0%o\n", lookup_opcode_name(code), val); 2165 } 2166 2167 static void 2168 dump_cfg_fmtint(ServerOpCodes code, int val) 2169 { 2170 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2171 } 2172 2173 static void 2174 dump_cfg_string(ServerOpCodes code, const char *val) 2175 { 2176 if (val == NULL) 2177 return; 2178 printf("%s %s\n", lookup_opcode_name(code), 2179 val == NULL ? "none" : val); 2180 } 2181 2182 static void 2183 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2184 { 2185 u_int i; 2186 2187 for (i = 0; i < count; i++) 2188 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2189 } 2190 2191 static void 2192 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2193 { 2194 u_int i; 2195 2196 if (count <= 0) 2197 return; 2198 printf("%s", lookup_opcode_name(code)); 2199 for (i = 0; i < count; i++) 2200 printf(" %s", vals[i]); 2201 printf("\n"); 2202 } 2203 2204 void 2205 dump_config(ServerOptions *o) 2206 { 2207 u_int i; 2208 int ret; 2209 struct addrinfo *ai; 2210 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 2211 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2212 2213 /* these are usually at the top of the config */ 2214 for (i = 0; i < o->num_ports; i++) 2215 printf("port %d\n", o->ports[i]); 2216 dump_cfg_fmtint(sProtocol, o->protocol); 2217 dump_cfg_fmtint(sAddressFamily, o->address_family); 2218 2219 /* 2220 * ListenAddress must be after Port. add_one_listen_addr pushes 2221 * addresses onto a stack, so to maintain ordering we need to 2222 * print these in reverse order. 2223 */ 2224 for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 2225 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2226 sizeof(addr), port, sizeof(port), 2227 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2228 error("getnameinfo failed: %.100s", 2229 (ret != EAI_SYSTEM) ? gai_strerror(ret) : 2230 strerror(errno)); 2231 } else { 2232 laddr2 = laddr1; 2233 if (ai->ai_family == AF_INET6) 2234 xasprintf(&laddr1, "listenaddress [%s]:%s\n%s", 2235 addr, port, laddr2); 2236 else 2237 xasprintf(&laddr1, "listenaddress %s:%s\n%s", 2238 addr, port, laddr2); 2239 free(laddr2); 2240 } 2241 } 2242 printf("%s", laddr1); 2243 free(laddr1); 2244 2245 /* integer arguments */ 2246 #ifdef USE_PAM 2247 dump_cfg_fmtint(sUsePAM, o->use_pam); 2248 #endif 2249 dump_cfg_int(sServerKeyBits, o->server_key_bits); 2250 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2251 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); 2252 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2253 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2254 dump_cfg_int(sMaxSessions, o->max_sessions); 2255 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2256 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2257 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2258 2259 /* formatted integer arguments */ 2260 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2261 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2262 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2263 dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication); 2264 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2265 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2266 o->hostbased_uses_name_from_packet_only); 2267 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication); 2268 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2269 #ifdef KRB5 2270 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2271 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2272 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2273 # ifdef USE_AFS 2274 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2275 # endif 2276 #endif 2277 #ifdef GSSAPI 2278 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2279 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2280 #endif 2281 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2282 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2283 o->kbd_interactive_authentication); 2284 dump_cfg_fmtint(sChallengeResponseAuthentication, 2285 o->challenge_response_authentication); 2286 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2287 #ifndef DISABLE_LASTLOG 2288 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2289 #endif 2290 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2291 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2292 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2293 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2294 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2295 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2296 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2297 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2298 dump_cfg_fmtint(sUseLogin, o->use_login); 2299 dump_cfg_fmtint(sCompression, o->compression); 2300 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2301 dump_cfg_fmtint(sUseDNS, o->use_dns); 2302 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2303 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2304 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2305 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 2306 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2307 2308 /* string arguments */ 2309 dump_cfg_string(sPidFile, o->pid_file); 2310 dump_cfg_string(sXAuthLocation, o->xauth_location); 2311 dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); 2312 dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); 2313 dump_cfg_string(sBanner, o->banner); 2314 dump_cfg_string(sForceCommand, o->adm_forced_command); 2315 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2316 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2317 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2318 dump_cfg_string(sAuthorizedPrincipalsFile, 2319 o->authorized_principals_file); 2320 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2321 ? "none" : o->version_addendum); 2322 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2323 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2324 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2325 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2326 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2327 dump_cfg_string(sKexAlgorithms, 2328 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); 2329 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? 2330 o->hostbased_key_types : KEX_DEFAULT_PK_ALG); 2331 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? 2332 o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); 2333 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? 2334 o->pubkey_key_types : KEX_DEFAULT_PK_ALG); 2335 2336 /* string arguments requiring a lookup */ 2337 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2338 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2339 2340 /* string array arguments */ 2341 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2342 o->authorized_keys_files); 2343 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2344 o->host_key_files); 2345 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2346 o->host_cert_files); 2347 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2348 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2349 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2350 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2351 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2352 dump_cfg_strarray_oneline(sAuthenticationMethods, 2353 o->num_auth_methods, o->auth_methods); 2354 2355 /* other arguments */ 2356 for (i = 0; i < o->num_subsystems; i++) 2357 printf("subsystem %s %s\n", o->subsystem_name[i], 2358 o->subsystem_args[i]); 2359 2360 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2361 o->max_startups_rate, o->max_startups); 2362 2363 for (i = 0; tunmode_desc[i].val != -1; i++) 2364 if (tunmode_desc[i].val == o->permit_tun) { 2365 s = tunmode_desc[i].text; 2366 break; 2367 } 2368 dump_cfg_string(sPermitTunnel, s); 2369 2370 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2371 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2372 2373 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2374 o->rekey_interval); 2375 2376 channel_print_adm_permitted_opens(); 2377 } 2378