xref: /freebsd/crypto/openssh/servconf.c (revision 76afb20c58adb296f09857aed214b91464242264)
1 
2 /* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */
3 /*
4  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5  *                    All rights reserved
6  *
7  * As far as I am concerned, the code I have written for this software
8  * can be used freely for any purpose.  Any derived versions of this
9  * software must be clearly marked as such, and if the derived work is
10  * incompatible with the protocol description in the RFC file, it must be
11  * called by a name other than "ssh" or "Secure Shell".
12  */
13 
14 #include "includes.h"
15 __RCSID("$FreeBSD$");
16 
17 #include <sys/types.h>
18 #include <sys/socket.h>
19 #ifdef HAVE_SYS_SYSCTL_H
20 #include <sys/sysctl.h>
21 #endif
22 
23 #include <netinet/in.h>
24 #include <netinet/in_systm.h>
25 #include <netinet/ip.h>
26 #ifdef HAVE_NET_ROUTE_H
27 #include <net/route.h>
28 #endif
29 
30 #include <ctype.h>
31 #include <netdb.h>
32 #include <pwd.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <signal.h>
37 #include <unistd.h>
38 #include <limits.h>
39 #include <stdarg.h>
40 #include <errno.h>
41 #ifdef HAVE_UTIL_H
42 #include <util.h>
43 #endif
44 
45 #include "openbsd-compat/sys-queue.h"
46 #include "xmalloc.h"
47 #include "ssh.h"
48 #include "log.h"
49 #include "sshbuf.h"
50 #include "misc.h"
51 #include "servconf.h"
52 #include "compat.h"
53 #include "pathnames.h"
54 #include "cipher.h"
55 #include "sshkey.h"
56 #include "kex.h"
57 #include "mac.h"
58 #include "match.h"
59 #include "channels.h"
60 #include "groupaccess.h"
61 #include "canohost.h"
62 #include "packet.h"
63 #include "ssherr.h"
64 #include "hostfile.h"
65 #include "auth.h"
66 #include "myproposal.h"
67 #include "digest.h"
68 #include "version.h"
69 
70 static void add_listen_addr(ServerOptions *, const char *,
71     const char *, int);
72 static void add_one_listen_addr(ServerOptions *, const char *,
73     const char *, int);
74 
75 /* Use of privilege separation or not */
76 extern int use_privsep;
77 extern struct sshbuf *cfg;
78 
79 /* Initializes the server options to their default values. */
80 
81 void
82 initialize_server_options(ServerOptions *options)
83 {
84 	memset(options, 0, sizeof(*options));
85 
86 	/* Portable-specific options */
87 	options->use_pam = -1;
88 
89 	/* Standard Options */
90 	options->num_ports = 0;
91 	options->ports_from_cmdline = 0;
92 	options->queued_listen_addrs = NULL;
93 	options->num_queued_listens = 0;
94 	options->listen_addrs = NULL;
95 	options->num_listen_addrs = 0;
96 	options->address_family = -1;
97 	options->routing_domain = NULL;
98 	options->num_host_key_files = 0;
99 	options->num_host_cert_files = 0;
100 	options->host_key_agent = NULL;
101 	options->pid_file = NULL;
102 	options->login_grace_time = -1;
103 	options->permit_root_login = PERMIT_NOT_SET;
104 	options->ignore_rhosts = -1;
105 	options->ignore_user_known_hosts = -1;
106 	options->print_motd = -1;
107 	options->print_lastlog = -1;
108 	options->x11_forwarding = -1;
109 	options->x11_display_offset = -1;
110 	options->x11_use_localhost = -1;
111 	options->permit_tty = -1;
112 	options->permit_user_rc = -1;
113 	options->xauth_location = NULL;
114 	options->strict_modes = -1;
115 	options->tcp_keep_alive = -1;
116 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
117 	options->log_level = SYSLOG_LEVEL_NOT_SET;
118 	options->hostbased_authentication = -1;
119 	options->hostbased_uses_name_from_packet_only = -1;
120 	options->hostbased_key_types = NULL;
121 	options->hostkeyalgorithms = NULL;
122 	options->pubkey_authentication = -1;
123 	options->pubkey_key_types = NULL;
124 	options->kerberos_authentication = -1;
125 	options->kerberos_or_local_passwd = -1;
126 	options->kerberos_ticket_cleanup = -1;
127 	options->kerberos_get_afs_token = -1;
128 	options->gss_authentication=-1;
129 	options->gss_cleanup_creds = -1;
130 	options->gss_strict_acceptor = -1;
131 	options->password_authentication = -1;
132 	options->kbd_interactive_authentication = -1;
133 	options->challenge_response_authentication = -1;
134 	options->permit_empty_passwd = -1;
135 	options->permit_user_env = -1;
136 	options->permit_user_env_whitelist = NULL;
137 	options->compression = -1;
138 	options->rekey_limit = -1;
139 	options->rekey_interval = -1;
140 	options->allow_tcp_forwarding = -1;
141 	options->allow_streamlocal_forwarding = -1;
142 	options->allow_agent_forwarding = -1;
143 	options->num_allow_users = 0;
144 	options->num_deny_users = 0;
145 	options->num_allow_groups = 0;
146 	options->num_deny_groups = 0;
147 	options->ciphers = NULL;
148 	options->macs = NULL;
149 	options->kex_algorithms = NULL;
150 	options->fwd_opts.gateway_ports = -1;
151 	options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
152 	options->fwd_opts.streamlocal_bind_unlink = -1;
153 	options->num_subsystems = 0;
154 	options->max_startups_begin = -1;
155 	options->max_startups_rate = -1;
156 	options->max_startups = -1;
157 	options->max_authtries = -1;
158 	options->max_sessions = -1;
159 	options->banner = NULL;
160 	options->use_dns = -1;
161 	options->client_alive_interval = -1;
162 	options->client_alive_count_max = -1;
163 	options->num_authkeys_files = 0;
164 	options->num_accept_env = 0;
165 	options->num_setenv = 0;
166 	options->permit_tun = -1;
167 	options->permitted_opens = NULL;
168 	options->permitted_listens = NULL;
169 	options->adm_forced_command = NULL;
170 	options->chroot_directory = NULL;
171 	options->authorized_keys_command = NULL;
172 	options->authorized_keys_command_user = NULL;
173 	options->revoked_keys_file = NULL;
174 	options->trusted_user_ca_keys = NULL;
175 	options->authorized_principals_file = NULL;
176 	options->authorized_principals_command = NULL;
177 	options->authorized_principals_command_user = NULL;
178 	options->ip_qos_interactive = -1;
179 	options->ip_qos_bulk = -1;
180 	options->version_addendum = NULL;
181 	options->fingerprint_hash = -1;
182 	options->disable_forwarding = -1;
183 	options->expose_userauth_info = -1;
184 	options->use_blacklist = -1;
185 }
186 
187 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
188 static int
189 option_clear_or_none(const char *o)
190 {
191 	return o == NULL || strcasecmp(o, "none") == 0;
192 }
193 
194 static void
195 assemble_algorithms(ServerOptions *o)
196 {
197 	char *all_cipher, *all_mac, *all_kex, *all_key;
198 	int r;
199 
200 	all_cipher = cipher_alg_list(',', 0);
201 	all_mac = mac_alg_list(',');
202 	all_kex = kex_alg_list(',');
203 	all_key = sshkey_alg_list(0, 0, 1, ',');
204 #define ASSEMBLE(what, defaults, all) \
205 	do { \
206 		if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
207 			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
208 	} while (0)
209 	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
210 	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
211 	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
212 	ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
213 	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
214 	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
215 #undef ASSEMBLE
216 	free(all_cipher);
217 	free(all_mac);
218 	free(all_kex);
219 	free(all_key);
220 }
221 
222 static void
223 array_append(const char *file, const int line, const char *directive,
224     char ***array, u_int *lp, const char *s)
225 {
226 
227 	if (*lp >= INT_MAX)
228 		fatal("%s line %d: Too many %s entries", file, line, directive);
229 
230 	*array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
231 	(*array)[*lp] = xstrdup(s);
232 	(*lp)++;
233 }
234 
235 static const char *defaultkey = "[default]";
236 
237 void
238 servconf_add_hostkey(const char *file, const int line,
239     ServerOptions *options, const char *path)
240 {
241 	char *apath = derelativise_path(path);
242 
243 	if (file == defaultkey && access(path, R_OK) != 0)
244 		return;
245 	array_append(file, line, "HostKey",
246 	    &options->host_key_files, &options->num_host_key_files, apath);
247 	free(apath);
248 }
249 
250 void
251 servconf_add_hostcert(const char *file, const int line,
252     ServerOptions *options, const char *path)
253 {
254 	char *apath = derelativise_path(path);
255 
256 	array_append(file, line, "HostCertificate",
257 	    &options->host_cert_files, &options->num_host_cert_files, apath);
258 	free(apath);
259 }
260 
261 void
262 fill_default_server_options(ServerOptions *options)
263 {
264 	u_int i;
265 
266 	/* Portable-specific options */
267 	if (options->use_pam == -1)
268 		options->use_pam = 1;
269 
270 	/* Standard Options */
271 	if (options->num_host_key_files == 0) {
272 		/* fill default hostkeys for protocols */
273 		servconf_add_hostkey(defaultkey, 0, options,
274 		    _PATH_HOST_RSA_KEY_FILE);
275 		servconf_add_hostkey(defaultkey, 0, options,
276 		    _PATH_HOST_DSA_KEY_FILE);
277 #ifdef OPENSSL_HAS_ECC
278 		servconf_add_hostkey(defaultkey, 0, options,
279 		    _PATH_HOST_ECDSA_KEY_FILE);
280 #endif
281 		servconf_add_hostkey(defaultkey, 0, options,
282 		    _PATH_HOST_ED25519_KEY_FILE);
283 #ifdef WITH_XMSS
284 		servconf_add_hostkey(defaultkey, 0, options,
285 		    _PATH_HOST_XMSS_KEY_FILE);
286 #endif /* WITH_XMSS */
287 	}
288 	if (options->num_host_key_files == 0)
289 		fatal("No host key files found");
290 	/* No certificates by default */
291 	if (options->num_ports == 0)
292 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
293 	if (options->address_family == -1)
294 		options->address_family = AF_UNSPEC;
295 	if (options->listen_addrs == NULL)
296 		add_listen_addr(options, NULL, NULL, 0);
297 	if (options->pid_file == NULL)
298 		options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
299 	if (options->login_grace_time == -1)
300 		options->login_grace_time = 120;
301 	if (options->permit_root_login == PERMIT_NOT_SET)
302 		options->permit_root_login = PERMIT_NO;
303 	if (options->ignore_rhosts == -1)
304 		options->ignore_rhosts = 1;
305 	if (options->ignore_user_known_hosts == -1)
306 		options->ignore_user_known_hosts = 0;
307 	if (options->print_motd == -1)
308 		options->print_motd = 1;
309 	if (options->print_lastlog == -1)
310 		options->print_lastlog = 1;
311 	if (options->x11_forwarding == -1)
312 		options->x11_forwarding = 1;
313 	if (options->x11_display_offset == -1)
314 		options->x11_display_offset = 10;
315 	if (options->x11_use_localhost == -1)
316 		options->x11_use_localhost = 1;
317 	if (options->xauth_location == NULL)
318 		options->xauth_location = xstrdup(_PATH_XAUTH);
319 	if (options->permit_tty == -1)
320 		options->permit_tty = 1;
321 	if (options->permit_user_rc == -1)
322 		options->permit_user_rc = 1;
323 	if (options->strict_modes == -1)
324 		options->strict_modes = 1;
325 	if (options->tcp_keep_alive == -1)
326 		options->tcp_keep_alive = 1;
327 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
328 		options->log_facility = SYSLOG_FACILITY_AUTH;
329 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
330 		options->log_level = SYSLOG_LEVEL_INFO;
331 	if (options->hostbased_authentication == -1)
332 		options->hostbased_authentication = 0;
333 	if (options->hostbased_uses_name_from_packet_only == -1)
334 		options->hostbased_uses_name_from_packet_only = 0;
335 	if (options->pubkey_authentication == -1)
336 		options->pubkey_authentication = 1;
337 	if (options->kerberos_authentication == -1)
338 		options->kerberos_authentication = 0;
339 	if (options->kerberos_or_local_passwd == -1)
340 		options->kerberos_or_local_passwd = 1;
341 	if (options->kerberos_ticket_cleanup == -1)
342 		options->kerberos_ticket_cleanup = 1;
343 	if (options->kerberos_get_afs_token == -1)
344 		options->kerberos_get_afs_token = 0;
345 	if (options->gss_authentication == -1)
346 		options->gss_authentication = 0;
347 	if (options->gss_cleanup_creds == -1)
348 		options->gss_cleanup_creds = 1;
349 	if (options->gss_strict_acceptor == -1)
350 		options->gss_strict_acceptor = 1;
351 	if (options->password_authentication == -1)
352 		options->password_authentication = 0;
353 	if (options->kbd_interactive_authentication == -1)
354 		options->kbd_interactive_authentication = 0;
355 	if (options->challenge_response_authentication == -1)
356 		options->challenge_response_authentication = 1;
357 	if (options->permit_empty_passwd == -1)
358 		options->permit_empty_passwd = 0;
359 	if (options->permit_user_env == -1) {
360 		options->permit_user_env = 0;
361 		options->permit_user_env_whitelist = NULL;
362 	}
363 	if (options->compression == -1)
364 		options->compression = COMP_DELAYED;
365 	if (options->rekey_limit == -1)
366 		options->rekey_limit = 0;
367 	if (options->rekey_interval == -1)
368 		options->rekey_interval = 0;
369 	if (options->allow_tcp_forwarding == -1)
370 		options->allow_tcp_forwarding = FORWARD_ALLOW;
371 	if (options->allow_streamlocal_forwarding == -1)
372 		options->allow_streamlocal_forwarding = FORWARD_ALLOW;
373 	if (options->allow_agent_forwarding == -1)
374 		options->allow_agent_forwarding = 1;
375 	if (options->fwd_opts.gateway_ports == -1)
376 		options->fwd_opts.gateway_ports = 0;
377 	if (options->max_startups == -1)
378 		options->max_startups = 100;
379 	if (options->max_startups_rate == -1)
380 		options->max_startups_rate = 30;		/* 30% */
381 	if (options->max_startups_begin == -1)
382 		options->max_startups_begin = 10;
383 	if (options->max_authtries == -1)
384 		options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
385 	if (options->max_sessions == -1)
386 		options->max_sessions = DEFAULT_SESSIONS_MAX;
387 	if (options->use_dns == -1)
388 		options->use_dns = 1;
389 	if (options->client_alive_interval == -1)
390 		options->client_alive_interval = 0;
391 	if (options->client_alive_count_max == -1)
392 		options->client_alive_count_max = 3;
393 	if (options->num_authkeys_files == 0) {
394 		array_append(defaultkey, 0, "AuthorizedKeysFiles",
395 		    &options->authorized_keys_files,
396 		    &options->num_authkeys_files,
397 		    _PATH_SSH_USER_PERMITTED_KEYS);
398 		array_append(defaultkey, 0, "AuthorizedKeysFiles",
399 		    &options->authorized_keys_files,
400 		    &options->num_authkeys_files,
401 		    _PATH_SSH_USER_PERMITTED_KEYS2);
402 	}
403 	if (options->permit_tun == -1)
404 		options->permit_tun = SSH_TUNMODE_NO;
405 	if (options->ip_qos_interactive == -1)
406 		options->ip_qos_interactive = IPTOS_DSCP_AF21;
407 	if (options->ip_qos_bulk == -1)
408 		options->ip_qos_bulk = IPTOS_DSCP_CS1;
409 	if (options->version_addendum == NULL)
410 		options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
411 	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
412 		options->fwd_opts.streamlocal_bind_mask = 0177;
413 	if (options->fwd_opts.streamlocal_bind_unlink == -1)
414 		options->fwd_opts.streamlocal_bind_unlink = 0;
415 	if (options->fingerprint_hash == -1)
416 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
417 	if (options->disable_forwarding == -1)
418 		options->disable_forwarding = 0;
419 	if (options->expose_userauth_info == -1)
420 		options->expose_userauth_info = 0;
421 	if (options->use_blacklist == -1)
422 		options->use_blacklist = 0;
423 
424 	assemble_algorithms(options);
425 
426 	/* Turn privilege separation and sandboxing on by default */
427 	if (use_privsep == -1)
428 		use_privsep = PRIVSEP_ON;
429 
430 #define CLEAR_ON_NONE(v) \
431 	do { \
432 		if (option_clear_or_none(v)) { \
433 			free(v); \
434 			v = NULL; \
435 		} \
436 	} while(0)
437 	CLEAR_ON_NONE(options->pid_file);
438 	CLEAR_ON_NONE(options->xauth_location);
439 	CLEAR_ON_NONE(options->banner);
440 	CLEAR_ON_NONE(options->trusted_user_ca_keys);
441 	CLEAR_ON_NONE(options->revoked_keys_file);
442 	CLEAR_ON_NONE(options->authorized_principals_file);
443 	CLEAR_ON_NONE(options->adm_forced_command);
444 	CLEAR_ON_NONE(options->chroot_directory);
445 	CLEAR_ON_NONE(options->routing_domain);
446 	for (i = 0; i < options->num_host_key_files; i++)
447 		CLEAR_ON_NONE(options->host_key_files[i]);
448 	for (i = 0; i < options->num_host_cert_files; i++)
449 		CLEAR_ON_NONE(options->host_cert_files[i]);
450 #undef CLEAR_ON_NONE
451 
452 	/* Similar handling for AuthenticationMethods=any */
453 	if (options->num_auth_methods == 1 &&
454 	    strcmp(options->auth_methods[0], "any") == 0) {
455 		free(options->auth_methods[0]);
456 		options->auth_methods[0] = NULL;
457 		options->num_auth_methods = 0;
458 	}
459 
460 #ifndef HAVE_MMAP
461 	if (use_privsep && options->compression == 1) {
462 		error("This platform does not support both privilege "
463 		    "separation and compression");
464 		error("Compression disabled");
465 		options->compression = 0;
466 	}
467 #endif
468 
469 }
470 
471 /* Keyword tokens. */
472 typedef enum {
473 	sBadOption,		/* == unknown option */
474 	/* Portable-specific options */
475 	sUsePAM,
476 	/* Standard Options */
477 	sPort, sHostKeyFile, sLoginGraceTime,
478 	sPermitRootLogin, sLogFacility, sLogLevel,
479 	sRhostsRSAAuthentication, sRSAAuthentication,
480 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
481 	sKerberosGetAFSToken, sChallengeResponseAuthentication,
482 	sPasswordAuthentication, sKbdInteractiveAuthentication,
483 	sListenAddress, sAddressFamily,
484 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
485 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
486 	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
487 	sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
488 	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
489 	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
490 	sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
491 	sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
492 	sBanner, sUseDNS, sHostbasedAuthentication,
493 	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
494 	sHostKeyAlgorithms,
495 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
496 	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
497 	sAcceptEnv, sSetEnv, sPermitTunnel,
498 	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
499 	sUsePrivilegeSeparation, sAllowAgentForwarding,
500 	sHostCertificate,
501 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
502 	sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
503 	sKexAlgorithms, sIPQoS, sVersionAddendum,
504 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
505 	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
506 	sStreamLocalBindMask, sStreamLocalBindUnlink,
507 	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
508 	sExposeAuthInfo, sRDomain,
509 	sUseBlacklist,
510 	sDeprecated, sIgnore, sUnsupported
511 } ServerOpCodes;
512 
513 #define SSHCFG_GLOBAL	0x01	/* allowed in main section of sshd_config */
514 #define SSHCFG_MATCH	0x02	/* allowed inside a Match section */
515 #define SSHCFG_ALL	(SSHCFG_GLOBAL|SSHCFG_MATCH)
516 
517 /* Textual representation of the tokens. */
518 static struct {
519 	const char *name;
520 	ServerOpCodes opcode;
521 	u_int flags;
522 } keywords[] = {
523 	/* Portable-specific options */
524 #ifdef USE_PAM
525 	{ "usepam", sUsePAM, SSHCFG_GLOBAL },
526 #else
527 	{ "usepam", sUnsupported, SSHCFG_GLOBAL },
528 #endif
529 	{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
530 	/* Standard Options */
531 	{ "port", sPort, SSHCFG_GLOBAL },
532 	{ "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
533 	{ "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL },		/* alias */
534 	{ "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
535 	{ "pidfile", sPidFile, SSHCFG_GLOBAL },
536 	{ "serverkeybits", sDeprecated, SSHCFG_GLOBAL },
537 	{ "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
538 	{ "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
539 	{ "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
540 	{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
541 	{ "loglevel", sLogLevel, SSHCFG_ALL },
542 	{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
543 	{ "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
544 	{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
545 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
546 	{ "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
547 	{ "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
548 	{ "rsaauthentication", sDeprecated, SSHCFG_ALL },
549 	{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
550 	{ "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
551 	{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
552 #ifdef KRB5
553 	{ "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
554 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
555 	{ "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
556 #ifdef USE_AFS
557 	{ "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
558 #else
559 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
560 #endif
561 #else
562 	{ "kerberosauthentication", sUnsupported, SSHCFG_ALL },
563 	{ "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
564 	{ "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
565 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
566 #endif
567 	{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
568 	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
569 #ifdef GSSAPI
570 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
571 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
572 	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
573 #else
574 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
575 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
576 	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
577 #endif
578 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
579 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
580 	{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
581 	{ "skeyauthentication", sDeprecated, SSHCFG_GLOBAL },
582 	{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
583 	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
584 	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
585 	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },
586 #ifdef DISABLE_LASTLOG
587 	{ "printlastlog", sUnsupported, SSHCFG_GLOBAL },
588 #else
589 	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
590 #endif
591 	{ "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
592 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
593 	{ "x11forwarding", sX11Forwarding, SSHCFG_ALL },
594 	{ "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
595 	{ "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
596 	{ "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
597 	{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
598 	{ "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
599 	{ "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
600 	{ "uselogin", sDeprecated, SSHCFG_GLOBAL },
601 	{ "compression", sCompression, SSHCFG_GLOBAL },
602 	{ "rekeylimit", sRekeyLimit, SSHCFG_ALL },
603 	{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
604 	{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL },	/* obsolete alias */
605 	{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
606 	{ "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
607 	{ "allowusers", sAllowUsers, SSHCFG_ALL },
608 	{ "denyusers", sDenyUsers, SSHCFG_ALL },
609 	{ "allowgroups", sAllowGroups, SSHCFG_ALL },
610 	{ "denygroups", sDenyGroups, SSHCFG_ALL },
611 	{ "ciphers", sCiphers, SSHCFG_GLOBAL },
612 	{ "macs", sMacs, SSHCFG_GLOBAL },
613 	{ "protocol", sIgnore, SSHCFG_GLOBAL },
614 	{ "gatewayports", sGatewayPorts, SSHCFG_ALL },
615 	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
616 	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
617 	{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
618 	{ "maxsessions", sMaxSessions, SSHCFG_ALL },
619 	{ "banner", sBanner, SSHCFG_ALL },
620 	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
621 	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
622 	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
623 	{ "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },
624 	{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
625 	{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
626 	{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
627 	{ "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
628 	{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
629 	{ "setenv", sSetEnv, SSHCFG_ALL },
630 	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
631 	{ "permittty", sPermitTTY, SSHCFG_ALL },
632 	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
633 	{ "match", sMatch, SSHCFG_ALL },
634 	{ "permitopen", sPermitOpen, SSHCFG_ALL },
635 	{ "permitlisten", sPermitListen, SSHCFG_ALL },
636 	{ "forcecommand", sForceCommand, SSHCFG_ALL },
637 	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
638 	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
639 	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
640 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
641 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
642 	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
643 	{ "ipqos", sIPQoS, SSHCFG_ALL },
644 	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
645 	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
646 	{ "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
647 	{ "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
648 	{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
649 	{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
650 	{ "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
651 	{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
652 	{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
653 	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
654 	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
655 	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
656 	{ "rdomain", sRDomain, SSHCFG_ALL },
657 	{ "useblacklist", sUseBlacklist, SSHCFG_GLOBAL },
658 	{ "noneenabled", sUnsupported, SSHCFG_ALL },
659 	{ "hpndisabled", sDeprecated, SSHCFG_ALL },
660 	{ "hpnbuffersize", sDeprecated, SSHCFG_ALL },
661 	{ "tcprcvbufpoll", sDeprecated, SSHCFG_ALL },
662 	{ NULL, sBadOption, 0 }
663 };
664 
665 static struct {
666 	int val;
667 	char *text;
668 } tunmode_desc[] = {
669 	{ SSH_TUNMODE_NO, "no" },
670 	{ SSH_TUNMODE_POINTOPOINT, "point-to-point" },
671 	{ SSH_TUNMODE_ETHERNET, "ethernet" },
672 	{ SSH_TUNMODE_YES, "yes" },
673 	{ -1, NULL }
674 };
675 
676 /* Returns an opcode name from its number */
677 
678 static const char *
679 lookup_opcode_name(ServerOpCodes code)
680 {
681 	u_int i;
682 
683 	for (i = 0; keywords[i].name != NULL; i++)
684 		if (keywords[i].opcode == code)
685 			return(keywords[i].name);
686 	return "UNKNOWN";
687 }
688 
689 
690 /*
691  * Returns the number of the token pointed to by cp or sBadOption.
692  */
693 
694 static ServerOpCodes
695 parse_token(const char *cp, const char *filename,
696 	    int linenum, u_int *flags)
697 {
698 	u_int i;
699 
700 	for (i = 0; keywords[i].name; i++)
701 		if (strcasecmp(cp, keywords[i].name) == 0) {
702 			*flags = keywords[i].flags;
703 			return keywords[i].opcode;
704 		}
705 
706 	error("%s: line %d: Bad configuration option: %s",
707 	    filename, linenum, cp);
708 	return sBadOption;
709 }
710 
711 char *
712 derelativise_path(const char *path)
713 {
714 	char *expanded, *ret, cwd[PATH_MAX];
715 
716 	if (strcasecmp(path, "none") == 0)
717 		return xstrdup("none");
718 	expanded = tilde_expand_filename(path, getuid());
719 	if (*expanded == '/')
720 		return expanded;
721 	if (getcwd(cwd, sizeof(cwd)) == NULL)
722 		fatal("%s: getcwd: %s", __func__, strerror(errno));
723 	xasprintf(&ret, "%s/%s", cwd, expanded);
724 	free(expanded);
725 	return ret;
726 }
727 
728 static void
729 add_listen_addr(ServerOptions *options, const char *addr,
730     const char *rdomain, int port)
731 {
732 	u_int i;
733 
734 	if (port > 0)
735 		add_one_listen_addr(options, addr, rdomain, port);
736 	else {
737 		for (i = 0; i < options->num_ports; i++) {
738 			add_one_listen_addr(options, addr, rdomain,
739 			    options->ports[i]);
740 		}
741 	}
742 }
743 
744 static void
745 add_one_listen_addr(ServerOptions *options, const char *addr,
746     const char *rdomain, int port)
747 {
748 	struct addrinfo hints, *ai, *aitop;
749 	char strport[NI_MAXSERV];
750 	int gaierr;
751 	u_int i;
752 
753 	/* Find listen_addrs entry for this rdomain */
754 	for (i = 0; i < options->num_listen_addrs; i++) {
755 		if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL)
756 			break;
757 		if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL)
758 			continue;
759 		if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0)
760 			break;
761 	}
762 	if (i >= options->num_listen_addrs) {
763 		/* No entry for this rdomain; allocate one */
764 		if (i >= INT_MAX)
765 			fatal("%s: too many listen addresses", __func__);
766 		options->listen_addrs = xrecallocarray(options->listen_addrs,
767 		    options->num_listen_addrs, options->num_listen_addrs + 1,
768 		    sizeof(*options->listen_addrs));
769 		i = options->num_listen_addrs++;
770 		if (rdomain != NULL)
771 			options->listen_addrs[i].rdomain = xstrdup(rdomain);
772 	}
773 	/* options->listen_addrs[i] points to the addresses for this rdomain */
774 
775 	memset(&hints, 0, sizeof(hints));
776 	hints.ai_family = options->address_family;
777 	hints.ai_socktype = SOCK_STREAM;
778 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
779 	snprintf(strport, sizeof strport, "%d", port);
780 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
781 		fatal("bad addr or host: %s (%s)",
782 		    addr ? addr : "<NULL>",
783 		    ssh_gai_strerror(gaierr));
784 	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
785 		;
786 	ai->ai_next = options->listen_addrs[i].addrs;
787 	options->listen_addrs[i].addrs = aitop;
788 }
789 
790 /* Returns nonzero if the routing domain name is valid */
791 static int
792 valid_rdomain(const char *name)
793 {
794 #if defined(HAVE_SYS_VALID_RDOMAIN)
795 	return sys_valid_rdomain(name);
796 #elif defined(__OpenBSD__)
797 	const char *errstr;
798 	long long num;
799 	struct rt_tableinfo info;
800 	int mib[6];
801 	size_t miblen = sizeof(mib);
802 
803 	if (name == NULL)
804 		return 1;
805 
806 	num = strtonum(name, 0, 255, &errstr);
807 	if (errstr != NULL)
808 		return 0;
809 
810 	/* Check whether the table actually exists */
811 	memset(mib, 0, sizeof(mib));
812 	mib[0] = CTL_NET;
813 	mib[1] = PF_ROUTE;
814 	mib[4] = NET_RT_TABLE;
815 	mib[5] = (int)num;
816 	if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1)
817 		return 0;
818 
819 	return 1;
820 #else /* defined(__OpenBSD__) */
821 	error("Routing domains are not supported on this platform");
822 	return 0;
823 #endif
824 }
825 
826 /*
827  * Queue a ListenAddress to be processed once we have all of the Ports
828  * and AddressFamily options.
829  */
830 static void
831 queue_listen_addr(ServerOptions *options, const char *addr,
832     const char *rdomain, int port)
833 {
834 	struct queued_listenaddr *qla;
835 
836 	options->queued_listen_addrs = xrecallocarray(
837 	    options->queued_listen_addrs,
838 	    options->num_queued_listens, options->num_queued_listens + 1,
839 	    sizeof(*options->queued_listen_addrs));
840 	qla = &options->queued_listen_addrs[options->num_queued_listens++];
841 	qla->addr = xstrdup(addr);
842 	qla->port = port;
843 	qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain);
844 }
845 
846 /*
847  * Process queued (text) ListenAddress entries.
848  */
849 static void
850 process_queued_listen_addrs(ServerOptions *options)
851 {
852 	u_int i;
853 	struct queued_listenaddr *qla;
854 
855 	if (options->num_ports == 0)
856 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
857 	if (options->address_family == -1)
858 		options->address_family = AF_UNSPEC;
859 
860 	for (i = 0; i < options->num_queued_listens; i++) {
861 		qla = &options->queued_listen_addrs[i];
862 		add_listen_addr(options, qla->addr, qla->rdomain, qla->port);
863 		free(qla->addr);
864 		free(qla->rdomain);
865 	}
866 	free(options->queued_listen_addrs);
867 	options->queued_listen_addrs = NULL;
868 	options->num_queued_listens = 0;
869 }
870 
871 /*
872  * Inform channels layer of permitopen options for a single forwarding
873  * direction (local/remote).
874  */
875 static void
876 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
877     char **opens, u_int num_opens)
878 {
879 	u_int i;
880 	int port;
881 	char *host, *arg, *oarg;
882 	int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
883 	const char *what = lookup_opcode_name(opcode);
884 
885 	channel_clear_permission(ssh, FORWARD_ADM, where);
886 	if (num_opens == 0)
887 		return; /* permit any */
888 
889 	/* handle keywords: "any" / "none" */
890 	if (num_opens == 1 && strcmp(opens[0], "any") == 0)
891 		return;
892 	if (num_opens == 1 && strcmp(opens[0], "none") == 0) {
893 		channel_disable_admin(ssh, where);
894 		return;
895 	}
896 	/* Otherwise treat it as a list of permitted host:port */
897 	for (i = 0; i < num_opens; i++) {
898 		oarg = arg = xstrdup(opens[i]);
899 		host = hpdelim(&arg);
900 		if (host == NULL)
901 			fatal("%s: missing host in %s", __func__, what);
902 		host = cleanhostname(host);
903 		if (arg == NULL || ((port = permitopen_port(arg)) < 0))
904 			fatal("%s: bad port number in %s", __func__, what);
905 		/* Send it to channels layer */
906 		channel_add_permission(ssh, FORWARD_ADM,
907 		    where, host, port);
908 		free(oarg);
909 	}
910 }
911 
912 /*
913  * Inform channels layer of permitopen options from configuration.
914  */
915 void
916 process_permitopen(struct ssh *ssh, ServerOptions *options)
917 {
918 	process_permitopen_list(ssh, sPermitOpen,
919 	    options->permitted_opens, options->num_permitted_opens);
920 	process_permitopen_list(ssh, sPermitListen,
921 	    options->permitted_listens,
922 	    options->num_permitted_listens);
923 }
924 
925 struct connection_info *
926 get_connection_info(int populate, int use_dns)
927 {
928 	struct ssh *ssh = active_state; /* XXX */
929 	static struct connection_info ci;
930 
931 	if (!populate)
932 		return &ci;
933 	ci.host = auth_get_canonical_hostname(ssh, use_dns);
934 	ci.address = ssh_remote_ipaddr(ssh);
935 	ci.laddress = ssh_local_ipaddr(ssh);
936 	ci.lport = ssh_local_port(ssh);
937 	ci.rdomain = ssh_packet_rdomain_in(ssh);
938 	return &ci;
939 }
940 
941 /*
942  * The strategy for the Match blocks is that the config file is parsed twice.
943  *
944  * The first time is at startup.  activep is initialized to 1 and the
945  * directives in the global context are processed and acted on.  Hitting a
946  * Match directive unsets activep and the directives inside the block are
947  * checked for syntax only.
948  *
949  * The second time is after a connection has been established but before
950  * authentication.  activep is initialized to 2 and global config directives
951  * are ignored since they have already been processed.  If the criteria in a
952  * Match block is met, activep is set and the subsequent directives
953  * processed and actioned until EOF or another Match block unsets it.  Any
954  * options set are copied into the main server config.
955  *
956  * Potential additions/improvements:
957  *  - Add Match support for pre-kex directives, eg. Ciphers.
958  *
959  *  - Add a Tag directive (idea from David Leonard) ala pf, eg:
960  *	Match Address 192.168.0.*
961  *		Tag trusted
962  *	Match Group wheel
963  *		Tag trusted
964  *	Match Tag trusted
965  *		AllowTcpForwarding yes
966  *		GatewayPorts clientspecified
967  *		[...]
968  *
969  *  - Add a PermittedChannelRequests directive
970  *	Match Group shell
971  *		PermittedChannelRequests session,forwarded-tcpip
972  */
973 
974 static int
975 match_cfg_line_group(const char *grps, int line, const char *user)
976 {
977 	int result = 0;
978 	struct passwd *pw;
979 
980 	if (user == NULL)
981 		goto out;
982 
983 	if ((pw = getpwnam(user)) == NULL) {
984 		debug("Can't match group at line %d because user %.100s does "
985 		    "not exist", line, user);
986 	} else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
987 		debug("Can't Match group because user %.100s not in any group "
988 		    "at line %d", user, line);
989 	} else if (ga_match_pattern_list(grps) != 1) {
990 		debug("user %.100s does not match group list %.100s at line %d",
991 		    user, grps, line);
992 	} else {
993 		debug("user %.100s matched group list %.100s at line %d", user,
994 		    grps, line);
995 		result = 1;
996 	}
997 out:
998 	ga_free();
999 	return result;
1000 }
1001 
1002 static void
1003 match_test_missing_fatal(const char *criteria, const char *attrib)
1004 {
1005 	fatal("'Match %s' in configuration but '%s' not in connection "
1006 	    "test specification.", criteria, attrib);
1007 }
1008 
1009 /*
1010  * All of the attributes on a single Match line are ANDed together, so we need
1011  * to check every attribute and set the result to zero if any attribute does
1012  * not match.
1013  */
1014 static int
1015 match_cfg_line(char **condition, int line, struct connection_info *ci)
1016 {
1017 	int result = 1, attributes = 0, port;
1018 	char *arg, *attrib, *cp = *condition;
1019 
1020 	if (ci == NULL)
1021 		debug3("checking syntax for 'Match %s'", cp);
1022 	else
1023 		debug3("checking match for '%s' user %s host %s addr %s "
1024 		    "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
1025 		    ci->host ? ci->host : "(null)",
1026 		    ci->address ? ci->address : "(null)",
1027 		    ci->laddress ? ci->laddress : "(null)", ci->lport);
1028 
1029 	while ((attrib = strdelim(&cp)) && *attrib != '\0') {
1030 		attributes++;
1031 		if (strcasecmp(attrib, "all") == 0) {
1032 			if (attributes != 1 ||
1033 			    ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
1034 				error("'all' cannot be combined with other "
1035 				    "Match attributes");
1036 				return -1;
1037 			}
1038 			*condition = cp;
1039 			return 1;
1040 		}
1041 		if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
1042 			error("Missing Match criteria for %s", attrib);
1043 			return -1;
1044 		}
1045 		if (strcasecmp(attrib, "user") == 0) {
1046 			if (ci == NULL) {
1047 				result = 0;
1048 				continue;
1049 			}
1050 			if (ci->user == NULL)
1051 				match_test_missing_fatal("User", "user");
1052 			if (match_pattern_list(ci->user, arg, 0) != 1)
1053 				result = 0;
1054 			else
1055 				debug("user %.100s matched 'User %.100s' at "
1056 				    "line %d", ci->user, arg, line);
1057 		} else if (strcasecmp(attrib, "group") == 0) {
1058 			if (ci == NULL) {
1059 				result = 0;
1060 				continue;
1061 			}
1062 			if (ci->user == NULL)
1063 				match_test_missing_fatal("Group", "user");
1064 			switch (match_cfg_line_group(arg, line, ci->user)) {
1065 			case -1:
1066 				return -1;
1067 			case 0:
1068 				result = 0;
1069 			}
1070 		} else if (strcasecmp(attrib, "host") == 0) {
1071 			if (ci == NULL) {
1072 				result = 0;
1073 				continue;
1074 			}
1075 			if (ci->host == NULL)
1076 				match_test_missing_fatal("Host", "host");
1077 			if (match_hostname(ci->host, arg) != 1)
1078 				result = 0;
1079 			else
1080 				debug("connection from %.100s matched 'Host "
1081 				    "%.100s' at line %d", ci->host, arg, line);
1082 		} else if (strcasecmp(attrib, "address") == 0) {
1083 			if (ci == NULL) {
1084 				result = 0;
1085 				continue;
1086 			}
1087 			if (ci->address == NULL)
1088 				match_test_missing_fatal("Address", "addr");
1089 			switch (addr_match_list(ci->address, arg)) {
1090 			case 1:
1091 				debug("connection from %.100s matched 'Address "
1092 				    "%.100s' at line %d", ci->address, arg, line);
1093 				break;
1094 			case 0:
1095 			case -1:
1096 				result = 0;
1097 				break;
1098 			case -2:
1099 				return -1;
1100 			}
1101 		} else if (strcasecmp(attrib, "localaddress") == 0){
1102 			if (ci == NULL) {
1103 				result = 0;
1104 				continue;
1105 			}
1106 			if (ci->laddress == NULL)
1107 				match_test_missing_fatal("LocalAddress",
1108 				    "laddr");
1109 			switch (addr_match_list(ci->laddress, arg)) {
1110 			case 1:
1111 				debug("connection from %.100s matched "
1112 				    "'LocalAddress %.100s' at line %d",
1113 				    ci->laddress, arg, line);
1114 				break;
1115 			case 0:
1116 			case -1:
1117 				result = 0;
1118 				break;
1119 			case -2:
1120 				return -1;
1121 			}
1122 		} else if (strcasecmp(attrib, "localport") == 0) {
1123 			if ((port = a2port(arg)) == -1) {
1124 				error("Invalid LocalPort '%s' on Match line",
1125 				    arg);
1126 				return -1;
1127 			}
1128 			if (ci == NULL) {
1129 				result = 0;
1130 				continue;
1131 			}
1132 			if (ci->lport == 0)
1133 				match_test_missing_fatal("LocalPort", "lport");
1134 			/* TODO support port lists */
1135 			if (port == ci->lport)
1136 				debug("connection from %.100s matched "
1137 				    "'LocalPort %d' at line %d",
1138 				    ci->laddress, port, line);
1139 			else
1140 				result = 0;
1141 		} else if (strcasecmp(attrib, "rdomain") == 0) {
1142 			if (ci == NULL || ci->rdomain == NULL) {
1143 				result = 0;
1144 				continue;
1145 			}
1146 			if (match_pattern_list(ci->rdomain, arg, 0) != 1)
1147 				result = 0;
1148 			else
1149 				debug("user %.100s matched 'RDomain %.100s' at "
1150 				    "line %d", ci->rdomain, arg, line);
1151 		} else {
1152 			error("Unsupported Match attribute %s", attrib);
1153 			return -1;
1154 		}
1155 	}
1156 	if (attributes == 0) {
1157 		error("One or more attributes required for Match");
1158 		return -1;
1159 	}
1160 	if (ci != NULL)
1161 		debug3("match %sfound", result ? "" : "not ");
1162 	*condition = cp;
1163 	return result;
1164 }
1165 
1166 #define WHITESPACE " \t\r\n"
1167 
1168 /* Multistate option parsing */
1169 struct multistate {
1170 	char *key;
1171 	int value;
1172 };
1173 static const struct multistate multistate_flag[] = {
1174 	{ "yes",			1 },
1175 	{ "no",				0 },
1176 	{ NULL, -1 }
1177 };
1178 static const struct multistate multistate_addressfamily[] = {
1179 	{ "inet",			AF_INET },
1180 	{ "inet6",			AF_INET6 },
1181 	{ "any",			AF_UNSPEC },
1182 	{ NULL, -1 }
1183 };
1184 static const struct multistate multistate_permitrootlogin[] = {
1185 	{ "without-password",		PERMIT_NO_PASSWD },
1186 	{ "prohibit-password",		PERMIT_NO_PASSWD },
1187 	{ "forced-commands-only",	PERMIT_FORCED_ONLY },
1188 	{ "yes",			PERMIT_YES },
1189 	{ "no",				PERMIT_NO },
1190 	{ NULL, -1 }
1191 };
1192 static const struct multistate multistate_compression[] = {
1193 	{ "yes",			COMP_DELAYED },
1194 	{ "delayed",			COMP_DELAYED },
1195 	{ "no",				COMP_NONE },
1196 	{ NULL, -1 }
1197 };
1198 static const struct multistate multistate_gatewayports[] = {
1199 	{ "clientspecified",		2 },
1200 	{ "yes",			1 },
1201 	{ "no",				0 },
1202 	{ NULL, -1 }
1203 };
1204 static const struct multistate multistate_tcpfwd[] = {
1205 	{ "yes",			FORWARD_ALLOW },
1206 	{ "all",			FORWARD_ALLOW },
1207 	{ "no",				FORWARD_DENY },
1208 	{ "remote",			FORWARD_REMOTE },
1209 	{ "local",			FORWARD_LOCAL },
1210 	{ NULL, -1 }
1211 };
1212 
1213 int
1214 process_server_config_line(ServerOptions *options, char *line,
1215     const char *filename, int linenum, int *activep,
1216     struct connection_info *connectinfo)
1217 {
1218 	char *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
1219 	int cmdline = 0, *intptr, value, value2, n, port;
1220 	SyslogFacility *log_facility_ptr;
1221 	LogLevel *log_level_ptr;
1222 	ServerOpCodes opcode;
1223 	u_int i, *uintptr, uvalue, flags = 0;
1224 	size_t len;
1225 	long long val64;
1226 	const struct multistate *multistate_ptr;
1227 	const char *errstr;
1228 
1229 	/* Strip trailing whitespace. Allow \f (form feed) at EOL only */
1230 	if ((len = strlen(line)) == 0)
1231 		return 0;
1232 	for (len--; len > 0; len--) {
1233 		if (strchr(WHITESPACE "\f", line[len]) == NULL)
1234 			break;
1235 		line[len] = '\0';
1236 	}
1237 
1238 	cp = line;
1239 	if ((arg = strdelim(&cp)) == NULL)
1240 		return 0;
1241 	/* Ignore leading whitespace */
1242 	if (*arg == '\0')
1243 		arg = strdelim(&cp);
1244 	if (!arg || !*arg || *arg == '#')
1245 		return 0;
1246 	intptr = NULL;
1247 	charptr = NULL;
1248 	opcode = parse_token(arg, filename, linenum, &flags);
1249 
1250 	if (activep == NULL) { /* We are processing a command line directive */
1251 		cmdline = 1;
1252 		activep = &cmdline;
1253 	}
1254 	if (*activep && opcode != sMatch)
1255 		debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
1256 	if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
1257 		if (connectinfo == NULL) {
1258 			fatal("%s line %d: Directive '%s' is not allowed "
1259 			    "within a Match block", filename, linenum, arg);
1260 		} else { /* this is a directive we have already processed */
1261 			while (arg)
1262 				arg = strdelim(&cp);
1263 			return 0;
1264 		}
1265 	}
1266 
1267 	switch (opcode) {
1268 	/* Portable-specific options */
1269 	case sUsePAM:
1270 		intptr = &options->use_pam;
1271 		goto parse_flag;
1272 
1273 	/* Standard Options */
1274 	case sBadOption:
1275 		return -1;
1276 	case sPort:
1277 		/* ignore ports from configfile if cmdline specifies ports */
1278 		if (options->ports_from_cmdline)
1279 			return 0;
1280 		if (options->num_ports >= MAX_PORTS)
1281 			fatal("%s line %d: too many ports.",
1282 			    filename, linenum);
1283 		arg = strdelim(&cp);
1284 		if (!arg || *arg == '\0')
1285 			fatal("%s line %d: missing port number.",
1286 			    filename, linenum);
1287 		options->ports[options->num_ports++] = a2port(arg);
1288 		if (options->ports[options->num_ports-1] <= 0)
1289 			fatal("%s line %d: Badly formatted port number.",
1290 			    filename, linenum);
1291 		break;
1292 
1293 	case sLoginGraceTime:
1294 		intptr = &options->login_grace_time;
1295  parse_time:
1296 		arg = strdelim(&cp);
1297 		if (!arg || *arg == '\0')
1298 			fatal("%s line %d: missing time value.",
1299 			    filename, linenum);
1300 		if ((value = convtime(arg)) == -1)
1301 			fatal("%s line %d: invalid time value.",
1302 			    filename, linenum);
1303 		if (*activep && *intptr == -1)
1304 			*intptr = value;
1305 		break;
1306 
1307 	case sListenAddress:
1308 		arg = strdelim(&cp);
1309 		if (arg == NULL || *arg == '\0')
1310 			fatal("%s line %d: missing address",
1311 			    filename, linenum);
1312 		/* check for bare IPv6 address: no "[]" and 2 or more ":" */
1313 		if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
1314 		    && strchr(p+1, ':') != NULL) {
1315 			port = 0;
1316 			p = arg;
1317 		} else {
1318 			p = hpdelim(&arg);
1319 			if (p == NULL)
1320 				fatal("%s line %d: bad address:port usage",
1321 				    filename, linenum);
1322 			p = cleanhostname(p);
1323 			if (arg == NULL)
1324 				port = 0;
1325 			else if ((port = a2port(arg)) <= 0)
1326 				fatal("%s line %d: bad port number",
1327 				    filename, linenum);
1328 		}
1329 		/* Optional routing table */
1330 		arg2 = NULL;
1331 		if ((arg = strdelim(&cp)) != NULL) {
1332 			if (strcmp(arg, "rdomain") != 0 ||
1333 			    (arg2 = strdelim(&cp)) == NULL)
1334 				fatal("%s line %d: bad ListenAddress syntax",
1335 				    filename, linenum);
1336 			if (!valid_rdomain(arg2))
1337 				fatal("%s line %d: bad routing domain",
1338 				    filename, linenum);
1339 		}
1340 
1341 		queue_listen_addr(options, p, arg2, port);
1342 
1343 		break;
1344 
1345 	case sAddressFamily:
1346 		intptr = &options->address_family;
1347 		multistate_ptr = multistate_addressfamily;
1348  parse_multistate:
1349 		arg = strdelim(&cp);
1350 		if (!arg || *arg == '\0')
1351 			fatal("%s line %d: missing argument.",
1352 			    filename, linenum);
1353 		value = -1;
1354 		for (i = 0; multistate_ptr[i].key != NULL; i++) {
1355 			if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
1356 				value = multistate_ptr[i].value;
1357 				break;
1358 			}
1359 		}
1360 		if (value == -1)
1361 			fatal("%s line %d: unsupported option \"%s\".",
1362 			    filename, linenum, arg);
1363 		if (*activep && *intptr == -1)
1364 			*intptr = value;
1365 		break;
1366 
1367 	case sHostKeyFile:
1368 		arg = strdelim(&cp);
1369 		if (!arg || *arg == '\0')
1370 			fatal("%s line %d: missing file name.",
1371 			    filename, linenum);
1372 		if (*activep)
1373 			servconf_add_hostkey(filename, linenum, options, arg);
1374 		break;
1375 
1376 	case sHostKeyAgent:
1377 		charptr = &options->host_key_agent;
1378 		arg = strdelim(&cp);
1379 		if (!arg || *arg == '\0')
1380 			fatal("%s line %d: missing socket name.",
1381 			    filename, linenum);
1382 		if (*activep && *charptr == NULL)
1383 			*charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
1384 			    xstrdup(arg) : derelativise_path(arg);
1385 		break;
1386 
1387 	case sHostCertificate:
1388 		arg = strdelim(&cp);
1389 		if (!arg || *arg == '\0')
1390 			fatal("%s line %d: missing file name.",
1391 			    filename, linenum);
1392 		if (*activep)
1393 			servconf_add_hostcert(filename, linenum, options, arg);
1394 		break;
1395 
1396 	case sPidFile:
1397 		charptr = &options->pid_file;
1398  parse_filename:
1399 		arg = strdelim(&cp);
1400 		if (!arg || *arg == '\0')
1401 			fatal("%s line %d: missing file name.",
1402 			    filename, linenum);
1403 		if (*activep && *charptr == NULL) {
1404 			*charptr = derelativise_path(arg);
1405 			/* increase optional counter */
1406 			if (intptr != NULL)
1407 				*intptr = *intptr + 1;
1408 		}
1409 		break;
1410 
1411 	case sPermitRootLogin:
1412 		intptr = &options->permit_root_login;
1413 		multistate_ptr = multistate_permitrootlogin;
1414 		goto parse_multistate;
1415 
1416 	case sIgnoreRhosts:
1417 		intptr = &options->ignore_rhosts;
1418  parse_flag:
1419 		multistate_ptr = multistate_flag;
1420 		goto parse_multistate;
1421 
1422 	case sIgnoreUserKnownHosts:
1423 		intptr = &options->ignore_user_known_hosts;
1424 		goto parse_flag;
1425 
1426 	case sHostbasedAuthentication:
1427 		intptr = &options->hostbased_authentication;
1428 		goto parse_flag;
1429 
1430 	case sHostbasedUsesNameFromPacketOnly:
1431 		intptr = &options->hostbased_uses_name_from_packet_only;
1432 		goto parse_flag;
1433 
1434 	case sHostbasedAcceptedKeyTypes:
1435 		charptr = &options->hostbased_key_types;
1436  parse_keytypes:
1437 		arg = strdelim(&cp);
1438 		if (!arg || *arg == '\0')
1439 			fatal("%s line %d: Missing argument.",
1440 			    filename, linenum);
1441 		if (*arg != '-' &&
1442 		    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1443 			fatal("%s line %d: Bad key types '%s'.",
1444 			    filename, linenum, arg ? arg : "<NONE>");
1445 		if (*activep && *charptr == NULL)
1446 			*charptr = xstrdup(arg);
1447 		break;
1448 
1449 	case sHostKeyAlgorithms:
1450 		charptr = &options->hostkeyalgorithms;
1451 		goto parse_keytypes;
1452 
1453 	case sPubkeyAuthentication:
1454 		intptr = &options->pubkey_authentication;
1455 		goto parse_flag;
1456 
1457 	case sPubkeyAcceptedKeyTypes:
1458 		charptr = &options->pubkey_key_types;
1459 		goto parse_keytypes;
1460 
1461 	case sKerberosAuthentication:
1462 		intptr = &options->kerberos_authentication;
1463 		goto parse_flag;
1464 
1465 	case sKerberosOrLocalPasswd:
1466 		intptr = &options->kerberos_or_local_passwd;
1467 		goto parse_flag;
1468 
1469 	case sKerberosTicketCleanup:
1470 		intptr = &options->kerberos_ticket_cleanup;
1471 		goto parse_flag;
1472 
1473 	case sKerberosGetAFSToken:
1474 		intptr = &options->kerberos_get_afs_token;
1475 		goto parse_flag;
1476 
1477 	case sGssAuthentication:
1478 		intptr = &options->gss_authentication;
1479 		goto parse_flag;
1480 
1481 	case sGssCleanupCreds:
1482 		intptr = &options->gss_cleanup_creds;
1483 		goto parse_flag;
1484 
1485 	case sGssStrictAcceptor:
1486 		intptr = &options->gss_strict_acceptor;
1487 		goto parse_flag;
1488 
1489 	case sPasswordAuthentication:
1490 		intptr = &options->password_authentication;
1491 		goto parse_flag;
1492 
1493 	case sKbdInteractiveAuthentication:
1494 		intptr = &options->kbd_interactive_authentication;
1495 		goto parse_flag;
1496 
1497 	case sChallengeResponseAuthentication:
1498 		intptr = &options->challenge_response_authentication;
1499 		goto parse_flag;
1500 
1501 	case sPrintMotd:
1502 		intptr = &options->print_motd;
1503 		goto parse_flag;
1504 
1505 	case sPrintLastLog:
1506 		intptr = &options->print_lastlog;
1507 		goto parse_flag;
1508 
1509 	case sX11Forwarding:
1510 		intptr = &options->x11_forwarding;
1511 		goto parse_flag;
1512 
1513 	case sX11DisplayOffset:
1514 		intptr = &options->x11_display_offset;
1515  parse_int:
1516 		arg = strdelim(&cp);
1517 		if ((errstr = atoi_err(arg, &value)) != NULL)
1518 			fatal("%s line %d: integer value %s.",
1519 			    filename, linenum, errstr);
1520 		if (*activep && *intptr == -1)
1521 			*intptr = value;
1522 		break;
1523 
1524 	case sX11UseLocalhost:
1525 		intptr = &options->x11_use_localhost;
1526 		goto parse_flag;
1527 
1528 	case sXAuthLocation:
1529 		charptr = &options->xauth_location;
1530 		goto parse_filename;
1531 
1532 	case sPermitTTY:
1533 		intptr = &options->permit_tty;
1534 		goto parse_flag;
1535 
1536 	case sPermitUserRC:
1537 		intptr = &options->permit_user_rc;
1538 		goto parse_flag;
1539 
1540 	case sStrictModes:
1541 		intptr = &options->strict_modes;
1542 		goto parse_flag;
1543 
1544 	case sTCPKeepAlive:
1545 		intptr = &options->tcp_keep_alive;
1546 		goto parse_flag;
1547 
1548 	case sEmptyPasswd:
1549 		intptr = &options->permit_empty_passwd;
1550 		goto parse_flag;
1551 
1552 	case sPermitUserEnvironment:
1553 		intptr = &options->permit_user_env;
1554 		charptr = &options->permit_user_env_whitelist;
1555 		arg = strdelim(&cp);
1556 		if (!arg || *arg == '\0')
1557 			fatal("%s line %d: missing argument.",
1558 			    filename, linenum);
1559 		value = 0;
1560 		p = NULL;
1561 		if (strcmp(arg, "yes") == 0)
1562 			value = 1;
1563 		else if (strcmp(arg, "no") == 0)
1564 			value = 0;
1565 		else {
1566 			/* Pattern-list specified */
1567 			value = 1;
1568 			p = xstrdup(arg);
1569 		}
1570 		if (*activep && *intptr == -1) {
1571 			*intptr = value;
1572 			*charptr = p;
1573 			p = NULL;
1574 		}
1575 		free(p);
1576 		break;
1577 
1578 	case sCompression:
1579 		intptr = &options->compression;
1580 		multistate_ptr = multistate_compression;
1581 		goto parse_multistate;
1582 
1583 	case sRekeyLimit:
1584 		arg = strdelim(&cp);
1585 		if (!arg || *arg == '\0')
1586 			fatal("%.200s line %d: Missing argument.", filename,
1587 			    linenum);
1588 		if (strcmp(arg, "default") == 0) {
1589 			val64 = 0;
1590 		} else {
1591 			if (scan_scaled(arg, &val64) == -1)
1592 				fatal("%.200s line %d: Bad number '%s': %s",
1593 				    filename, linenum, arg, strerror(errno));
1594 			if (val64 != 0 && val64 < 16)
1595 				fatal("%.200s line %d: RekeyLimit too small",
1596 				    filename, linenum);
1597 		}
1598 		if (*activep && options->rekey_limit == -1)
1599 			options->rekey_limit = val64;
1600 		if (cp != NULL) { /* optional rekey interval present */
1601 			if (strcmp(cp, "none") == 0) {
1602 				(void)strdelim(&cp);	/* discard */
1603 				break;
1604 			}
1605 			intptr = &options->rekey_interval;
1606 			goto parse_time;
1607 		}
1608 		break;
1609 
1610 	case sGatewayPorts:
1611 		intptr = &options->fwd_opts.gateway_ports;
1612 		multistate_ptr = multistate_gatewayports;
1613 		goto parse_multistate;
1614 
1615 	case sUseDNS:
1616 		intptr = &options->use_dns;
1617 		goto parse_flag;
1618 
1619 	case sLogFacility:
1620 		log_facility_ptr = &options->log_facility;
1621 		arg = strdelim(&cp);
1622 		value = log_facility_number(arg);
1623 		if (value == SYSLOG_FACILITY_NOT_SET)
1624 			fatal("%.200s line %d: unsupported log facility '%s'",
1625 			    filename, linenum, arg ? arg : "<NONE>");
1626 		if (*log_facility_ptr == -1)
1627 			*log_facility_ptr = (SyslogFacility) value;
1628 		break;
1629 
1630 	case sLogLevel:
1631 		log_level_ptr = &options->log_level;
1632 		arg = strdelim(&cp);
1633 		value = log_level_number(arg);
1634 		if (value == SYSLOG_LEVEL_NOT_SET)
1635 			fatal("%.200s line %d: unsupported log level '%s'",
1636 			    filename, linenum, arg ? arg : "<NONE>");
1637 		if (*activep && *log_level_ptr == -1)
1638 			*log_level_ptr = (LogLevel) value;
1639 		break;
1640 
1641 	case sAllowTcpForwarding:
1642 		intptr = &options->allow_tcp_forwarding;
1643 		multistate_ptr = multistate_tcpfwd;
1644 		goto parse_multistate;
1645 
1646 	case sAllowStreamLocalForwarding:
1647 		intptr = &options->allow_streamlocal_forwarding;
1648 		multistate_ptr = multistate_tcpfwd;
1649 		goto parse_multistate;
1650 
1651 	case sAllowAgentForwarding:
1652 		intptr = &options->allow_agent_forwarding;
1653 		goto parse_flag;
1654 
1655 	case sDisableForwarding:
1656 		intptr = &options->disable_forwarding;
1657 		goto parse_flag;
1658 
1659 	case sAllowUsers:
1660 		while ((arg = strdelim(&cp)) && *arg != '\0') {
1661 			if (match_user(NULL, NULL, NULL, arg) == -1)
1662 				fatal("%s line %d: invalid AllowUsers pattern: "
1663 				    "\"%.100s\"", filename, linenum, arg);
1664 			if (!*activep)
1665 				continue;
1666 			array_append(filename, linenum, "AllowUsers",
1667 			    &options->allow_users, &options->num_allow_users,
1668 			    arg);
1669 		}
1670 		break;
1671 
1672 	case sDenyUsers:
1673 		while ((arg = strdelim(&cp)) && *arg != '\0') {
1674 			if (match_user(NULL, NULL, NULL, arg) == -1)
1675 				fatal("%s line %d: invalid DenyUsers pattern: "
1676 				    "\"%.100s\"", filename, linenum, arg);
1677 			if (!*activep)
1678 				continue;
1679 			array_append(filename, linenum, "DenyUsers",
1680 			    &options->deny_users, &options->num_deny_users,
1681 			    arg);
1682 		}
1683 		break;
1684 
1685 	case sAllowGroups:
1686 		while ((arg = strdelim(&cp)) && *arg != '\0') {
1687 			if (!*activep)
1688 				continue;
1689 			array_append(filename, linenum, "AllowGroups",
1690 			    &options->allow_groups, &options->num_allow_groups,
1691 			    arg);
1692 		}
1693 		break;
1694 
1695 	case sDenyGroups:
1696 		while ((arg = strdelim(&cp)) && *arg != '\0') {
1697 			if (!*activep)
1698 				continue;
1699 			array_append(filename, linenum, "DenyGroups",
1700 			    &options->deny_groups, &options->num_deny_groups,
1701 			    arg);
1702 		}
1703 		break;
1704 
1705 	case sCiphers:
1706 		arg = strdelim(&cp);
1707 		if (!arg || *arg == '\0')
1708 			fatal("%s line %d: Missing argument.", filename, linenum);
1709 		if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
1710 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1711 			    filename, linenum, arg ? arg : "<NONE>");
1712 		if (options->ciphers == NULL)
1713 			options->ciphers = xstrdup(arg);
1714 		break;
1715 
1716 	case sMacs:
1717 		arg = strdelim(&cp);
1718 		if (!arg || *arg == '\0')
1719 			fatal("%s line %d: Missing argument.", filename, linenum);
1720 		if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
1721 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1722 			    filename, linenum, arg ? arg : "<NONE>");
1723 		if (options->macs == NULL)
1724 			options->macs = xstrdup(arg);
1725 		break;
1726 
1727 	case sKexAlgorithms:
1728 		arg = strdelim(&cp);
1729 		if (!arg || *arg == '\0')
1730 			fatal("%s line %d: Missing argument.",
1731 			    filename, linenum);
1732 		if (*arg != '-' &&
1733 		    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
1734 			fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1735 			    filename, linenum, arg ? arg : "<NONE>");
1736 		if (options->kex_algorithms == NULL)
1737 			options->kex_algorithms = xstrdup(arg);
1738 		break;
1739 
1740 	case sSubsystem:
1741 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1742 			fatal("%s line %d: too many subsystems defined.",
1743 			    filename, linenum);
1744 		}
1745 		arg = strdelim(&cp);
1746 		if (!arg || *arg == '\0')
1747 			fatal("%s line %d: Missing subsystem name.",
1748 			    filename, linenum);
1749 		if (!*activep) {
1750 			arg = strdelim(&cp);
1751 			break;
1752 		}
1753 		for (i = 0; i < options->num_subsystems; i++)
1754 			if (strcmp(arg, options->subsystem_name[i]) == 0)
1755 				fatal("%s line %d: Subsystem '%s' already defined.",
1756 				    filename, linenum, arg);
1757 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1758 		arg = strdelim(&cp);
1759 		if (!arg || *arg == '\0')
1760 			fatal("%s line %d: Missing subsystem command.",
1761 			    filename, linenum);
1762 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1763 
1764 		/* Collect arguments (separate to executable) */
1765 		p = xstrdup(arg);
1766 		len = strlen(p) + 1;
1767 		while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1768 			len += 1 + strlen(arg);
1769 			p = xreallocarray(p, 1, len);
1770 			strlcat(p, " ", len);
1771 			strlcat(p, arg, len);
1772 		}
1773 		options->subsystem_args[options->num_subsystems] = p;
1774 		options->num_subsystems++;
1775 		break;
1776 
1777 	case sMaxStartups:
1778 		arg = strdelim(&cp);
1779 		if (!arg || *arg == '\0')
1780 			fatal("%s line %d: Missing MaxStartups spec.",
1781 			    filename, linenum);
1782 		if ((n = sscanf(arg, "%d:%d:%d",
1783 		    &options->max_startups_begin,
1784 		    &options->max_startups_rate,
1785 		    &options->max_startups)) == 3) {
1786 			if (options->max_startups_begin >
1787 			    options->max_startups ||
1788 			    options->max_startups_rate > 100 ||
1789 			    options->max_startups_rate < 1)
1790 				fatal("%s line %d: Illegal MaxStartups spec.",
1791 				    filename, linenum);
1792 		} else if (n != 1)
1793 			fatal("%s line %d: Illegal MaxStartups spec.",
1794 			    filename, linenum);
1795 		else
1796 			options->max_startups = options->max_startups_begin;
1797 		break;
1798 
1799 	case sMaxAuthTries:
1800 		intptr = &options->max_authtries;
1801 		goto parse_int;
1802 
1803 	case sMaxSessions:
1804 		intptr = &options->max_sessions;
1805 		goto parse_int;
1806 
1807 	case sBanner:
1808 		charptr = &options->banner;
1809 		goto parse_filename;
1810 
1811 	/*
1812 	 * These options can contain %X options expanded at
1813 	 * connect time, so that you can specify paths like:
1814 	 *
1815 	 * AuthorizedKeysFile	/etc/ssh_keys/%u
1816 	 */
1817 	case sAuthorizedKeysFile:
1818 		if (*activep && options->num_authkeys_files == 0) {
1819 			while ((arg = strdelim(&cp)) && *arg != '\0') {
1820 				arg = tilde_expand_filename(arg, getuid());
1821 				array_append(filename, linenum,
1822 				    "AuthorizedKeysFile",
1823 				    &options->authorized_keys_files,
1824 				    &options->num_authkeys_files, arg);
1825 				free(arg);
1826 			}
1827 		}
1828 		return 0;
1829 
1830 	case sAuthorizedPrincipalsFile:
1831 		charptr = &options->authorized_principals_file;
1832 		arg = strdelim(&cp);
1833 		if (!arg || *arg == '\0')
1834 			fatal("%s line %d: missing file name.",
1835 			    filename, linenum);
1836 		if (*activep && *charptr == NULL) {
1837 			*charptr = tilde_expand_filename(arg, getuid());
1838 			/* increase optional counter */
1839 			if (intptr != NULL)
1840 				*intptr = *intptr + 1;
1841 		}
1842 		break;
1843 
1844 	case sClientAliveInterval:
1845 		intptr = &options->client_alive_interval;
1846 		goto parse_time;
1847 
1848 	case sClientAliveCountMax:
1849 		intptr = &options->client_alive_count_max;
1850 		goto parse_int;
1851 
1852 	case sAcceptEnv:
1853 		while ((arg = strdelim(&cp)) && *arg != '\0') {
1854 			if (strchr(arg, '=') != NULL)
1855 				fatal("%s line %d: Invalid environment name.",
1856 				    filename, linenum);
1857 			if (!*activep)
1858 				continue;
1859 			array_append(filename, linenum, "AcceptEnv",
1860 			    &options->accept_env, &options->num_accept_env,
1861 			    arg);
1862 		}
1863 		break;
1864 
1865 	case sSetEnv:
1866 		uvalue = options->num_setenv;
1867 		while ((arg = strdelimw(&cp)) && *arg != '\0') {
1868 			if (strchr(arg, '=') == NULL)
1869 				fatal("%s line %d: Invalid environment.",
1870 				    filename, linenum);
1871 			if (!*activep || uvalue != 0)
1872 				continue;
1873 			array_append(filename, linenum, "SetEnv",
1874 			    &options->setenv, &options->num_setenv, arg);
1875 		}
1876 		break;
1877 
1878 	case sPermitTunnel:
1879 		intptr = &options->permit_tun;
1880 		arg = strdelim(&cp);
1881 		if (!arg || *arg == '\0')
1882 			fatal("%s line %d: Missing yes/point-to-point/"
1883 			    "ethernet/no argument.", filename, linenum);
1884 		value = -1;
1885 		for (i = 0; tunmode_desc[i].val != -1; i++)
1886 			if (strcmp(tunmode_desc[i].text, arg) == 0) {
1887 				value = tunmode_desc[i].val;
1888 				break;
1889 			}
1890 		if (value == -1)
1891 			fatal("%s line %d: Bad yes/point-to-point/ethernet/"
1892 			    "no argument: %s", filename, linenum, arg);
1893 		if (*activep && *intptr == -1)
1894 			*intptr = value;
1895 		break;
1896 
1897 	case sMatch:
1898 		if (cmdline)
1899 			fatal("Match directive not supported as a command-line "
1900 			   "option");
1901 		value = match_cfg_line(&cp, linenum, connectinfo);
1902 		if (value < 0)
1903 			fatal("%s line %d: Bad Match condition", filename,
1904 			    linenum);
1905 		*activep = value;
1906 		break;
1907 
1908 	case sPermitListen:
1909 	case sPermitOpen:
1910 		if (opcode == sPermitListen) {
1911 			uintptr = &options->num_permitted_listens;
1912 			chararrayptr = &options->permitted_listens;
1913 		} else {
1914 			uintptr = &options->num_permitted_opens;
1915 			chararrayptr = &options->permitted_opens;
1916 		}
1917 		arg = strdelim(&cp);
1918 		if (!arg || *arg == '\0')
1919 			fatal("%s line %d: missing %s specification",
1920 			    filename, linenum, lookup_opcode_name(opcode));
1921 		uvalue = *uintptr;	/* modified later */
1922 		if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
1923 			if (*activep && uvalue == 0) {
1924 				*uintptr = 1;
1925 				*chararrayptr = xcalloc(1,
1926 				    sizeof(**chararrayptr));
1927 				(*chararrayptr)[0] = xstrdup(arg);
1928 			}
1929 			break;
1930 		}
1931 		for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
1932 			if (opcode == sPermitListen &&
1933 			    strchr(arg, ':') == NULL) {
1934 				/*
1935 				 * Allow bare port number for PermitListen
1936 				 * to indicate a wildcard listen host.
1937 				 */
1938 				xasprintf(&arg2, "*:%s", arg);
1939 			} else {
1940 				arg2 = xstrdup(arg);
1941 				p = hpdelim(&arg);
1942 				if (p == NULL) {
1943 					fatal("%s line %d: missing host in %s",
1944 					    filename, linenum,
1945 					    lookup_opcode_name(opcode));
1946 				}
1947 				p = cleanhostname(p);
1948 			}
1949 			if (arg == NULL ||
1950 			    ((port = permitopen_port(arg)) < 0)) {
1951 				fatal("%s line %d: bad port number in %s",
1952 				    filename, linenum,
1953 				    lookup_opcode_name(opcode));
1954 			}
1955 			if (*activep && uvalue == 0) {
1956 				array_append(filename, linenum,
1957 				    lookup_opcode_name(opcode),
1958 				    chararrayptr, uintptr, arg2);
1959 			}
1960 			free(arg2);
1961 		}
1962 		break;
1963 
1964 	case sForceCommand:
1965 		if (cp == NULL || *cp == '\0')
1966 			fatal("%.200s line %d: Missing argument.", filename,
1967 			    linenum);
1968 		len = strspn(cp, WHITESPACE);
1969 		if (*activep && options->adm_forced_command == NULL)
1970 			options->adm_forced_command = xstrdup(cp + len);
1971 		return 0;
1972 
1973 	case sChrootDirectory:
1974 		charptr = &options->chroot_directory;
1975 
1976 		arg = strdelim(&cp);
1977 		if (!arg || *arg == '\0')
1978 			fatal("%s line %d: missing file name.",
1979 			    filename, linenum);
1980 		if (*activep && *charptr == NULL)
1981 			*charptr = xstrdup(arg);
1982 		break;
1983 
1984 	case sTrustedUserCAKeys:
1985 		charptr = &options->trusted_user_ca_keys;
1986 		goto parse_filename;
1987 
1988 	case sRevokedKeys:
1989 		charptr = &options->revoked_keys_file;
1990 		goto parse_filename;
1991 
1992 	case sIPQoS:
1993 		arg = strdelim(&cp);
1994 		if ((value = parse_ipqos(arg)) == -1)
1995 			fatal("%s line %d: Bad IPQoS value: %s",
1996 			    filename, linenum, arg);
1997 		arg = strdelim(&cp);
1998 		if (arg == NULL)
1999 			value2 = value;
2000 		else if ((value2 = parse_ipqos(arg)) == -1)
2001 			fatal("%s line %d: Bad IPQoS value: %s",
2002 			    filename, linenum, arg);
2003 		if (*activep) {
2004 			options->ip_qos_interactive = value;
2005 			options->ip_qos_bulk = value2;
2006 		}
2007 		break;
2008 
2009 	case sVersionAddendum:
2010 		if (cp == NULL || *cp == '\0')
2011 			fatal("%.200s line %d: Missing argument.", filename,
2012 			    linenum);
2013 		len = strspn(cp, WHITESPACE);
2014 		if (*activep && options->version_addendum == NULL) {
2015 			if (strcasecmp(cp + len, "none") == 0)
2016 				options->version_addendum = xstrdup("");
2017 			else if (strchr(cp + len, '\r') != NULL)
2018 				fatal("%.200s line %d: Invalid argument",
2019 				    filename, linenum);
2020 			else
2021 				options->version_addendum = xstrdup(cp + len);
2022 		}
2023 		return 0;
2024 
2025 	case sAuthorizedKeysCommand:
2026 		if (cp == NULL)
2027 			fatal("%.200s line %d: Missing argument.", filename,
2028 			    linenum);
2029 		len = strspn(cp, WHITESPACE);
2030 		if (*activep && options->authorized_keys_command == NULL) {
2031 			if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
2032 				fatal("%.200s line %d: AuthorizedKeysCommand "
2033 				    "must be an absolute path",
2034 				    filename, linenum);
2035 			options->authorized_keys_command = xstrdup(cp + len);
2036 		}
2037 		return 0;
2038 
2039 	case sAuthorizedKeysCommandUser:
2040 		charptr = &options->authorized_keys_command_user;
2041 
2042 		arg = strdelim(&cp);
2043 		if (!arg || *arg == '\0')
2044 			fatal("%s line %d: missing AuthorizedKeysCommandUser "
2045 			    "argument.", filename, linenum);
2046 		if (*activep && *charptr == NULL)
2047 			*charptr = xstrdup(arg);
2048 		break;
2049 
2050 	case sAuthorizedPrincipalsCommand:
2051 		if (cp == NULL)
2052 			fatal("%.200s line %d: Missing argument.", filename,
2053 			    linenum);
2054 		len = strspn(cp, WHITESPACE);
2055 		if (*activep &&
2056 		    options->authorized_principals_command == NULL) {
2057 			if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
2058 				fatal("%.200s line %d: "
2059 				    "AuthorizedPrincipalsCommand must be "
2060 				    "an absolute path", filename, linenum);
2061 			options->authorized_principals_command =
2062 			    xstrdup(cp + len);
2063 		}
2064 		return 0;
2065 
2066 	case sAuthorizedPrincipalsCommandUser:
2067 		charptr = &options->authorized_principals_command_user;
2068 
2069 		arg = strdelim(&cp);
2070 		if (!arg || *arg == '\0')
2071 			fatal("%s line %d: missing "
2072 			    "AuthorizedPrincipalsCommandUser argument.",
2073 			    filename, linenum);
2074 		if (*activep && *charptr == NULL)
2075 			*charptr = xstrdup(arg);
2076 		break;
2077 
2078 	case sAuthenticationMethods:
2079 		if (options->num_auth_methods == 0) {
2080 			value = 0; /* seen "any" pseudo-method */
2081 			value2 = 0; /* successfully parsed any method */
2082 			while ((arg = strdelim(&cp)) && *arg != '\0') {
2083 				if (strcmp(arg, "any") == 0) {
2084 					if (options->num_auth_methods > 0) {
2085 						fatal("%s line %d: \"any\" "
2086 						    "must appear alone in "
2087 						    "AuthenticationMethods",
2088 						    filename, linenum);
2089 					}
2090 					value = 1;
2091 				} else if (value) {
2092 					fatal("%s line %d: \"any\" must appear "
2093 					    "alone in AuthenticationMethods",
2094 					    filename, linenum);
2095 				} else if (auth2_methods_valid(arg, 0) != 0) {
2096 					fatal("%s line %d: invalid "
2097 					    "authentication method list.",
2098 					    filename, linenum);
2099 				}
2100 				value2 = 1;
2101 				if (!*activep)
2102 					continue;
2103 				array_append(filename, linenum,
2104 				    "AuthenticationMethods",
2105 				    &options->auth_methods,
2106 				    &options->num_auth_methods, arg);
2107 			}
2108 			if (value2 == 0) {
2109 				fatal("%s line %d: no AuthenticationMethods "
2110 				    "specified", filename, linenum);
2111 			}
2112 		}
2113 		return 0;
2114 
2115 	case sStreamLocalBindMask:
2116 		arg = strdelim(&cp);
2117 		if (!arg || *arg == '\0')
2118 			fatal("%s line %d: missing StreamLocalBindMask "
2119 			    "argument.", filename, linenum);
2120 		/* Parse mode in octal format */
2121 		value = strtol(arg, &p, 8);
2122 		if (arg == p || value < 0 || value > 0777)
2123 			fatal("%s line %d: Bad mask.", filename, linenum);
2124 		if (*activep)
2125 			options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
2126 		break;
2127 
2128 	case sStreamLocalBindUnlink:
2129 		intptr = &options->fwd_opts.streamlocal_bind_unlink;
2130 		goto parse_flag;
2131 
2132 	case sFingerprintHash:
2133 		arg = strdelim(&cp);
2134 		if (!arg || *arg == '\0')
2135 			fatal("%.200s line %d: Missing argument.",
2136 			    filename, linenum);
2137 		if ((value = ssh_digest_alg_by_name(arg)) == -1)
2138 			fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
2139 			    filename, linenum, arg);
2140 		if (*activep)
2141 			options->fingerprint_hash = value;
2142 		break;
2143 
2144 	case sExposeAuthInfo:
2145 		intptr = &options->expose_userauth_info;
2146 		goto parse_flag;
2147 
2148 	case sRDomain:
2149 		charptr = &options->routing_domain;
2150 		arg = strdelim(&cp);
2151 		if (!arg || *arg == '\0')
2152 			fatal("%.200s line %d: Missing argument.",
2153 			    filename, linenum);
2154 		if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
2155 		    !valid_rdomain(arg))
2156 			fatal("%s line %d: bad routing domain",
2157 			    filename, linenum);
2158 		if (*activep && *charptr == NULL)
2159 			*charptr = xstrdup(arg);
2160 		break;
2161 
2162 	case sUseBlacklist:
2163 		intptr = &options->use_blacklist;
2164 		goto parse_flag;
2165 
2166 	case sDeprecated:
2167 	case sIgnore:
2168 	case sUnsupported:
2169 		do_log2(opcode == sIgnore ?
2170 		    SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO,
2171 		    "%s line %d: %s option %s", filename, linenum,
2172 		    opcode == sUnsupported ? "Unsupported" : "Deprecated", arg);
2173 		while (arg)
2174 		    arg = strdelim(&cp);
2175 		break;
2176 
2177 	default:
2178 		fatal("%s line %d: Missing handler for opcode %s (%d)",
2179 		    filename, linenum, arg, opcode);
2180 	}
2181 	if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
2182 		fatal("%s line %d: garbage at end of line; \"%.200s\".",
2183 		    filename, linenum, arg);
2184 	return 0;
2185 }
2186 
2187 /* Reads the server configuration file. */
2188 
2189 void
2190 load_server_config(const char *filename, struct sshbuf *conf)
2191 {
2192 	char *line = NULL, *cp;
2193 	size_t linesize = 0;
2194 	FILE *f;
2195 	int r, lineno = 0;
2196 
2197 	debug2("%s: filename %s", __func__, filename);
2198 	if ((f = fopen(filename, "r")) == NULL) {
2199 		perror(filename);
2200 		exit(1);
2201 	}
2202 	sshbuf_reset(conf);
2203 	while (getline(&line, &linesize, f) != -1) {
2204 		lineno++;
2205 		/*
2206 		 * Trim out comments and strip whitespace
2207 		 * NB - preserve newlines, they are needed to reproduce
2208 		 * line numbers later for error messages
2209 		 */
2210 		if ((cp = strchr(line, '#')) != NULL)
2211 			memcpy(cp, "\n", 2);
2212 		cp = line + strspn(line, " \t\r");
2213 		if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
2214 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
2215 	}
2216 	free(line);
2217 	if ((r = sshbuf_put_u8(conf, 0)) != 0)
2218 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
2219 	fclose(f);
2220 	debug2("%s: done config len = %zu", __func__, sshbuf_len(conf));
2221 }
2222 
2223 void
2224 parse_server_match_config(ServerOptions *options,
2225    struct connection_info *connectinfo)
2226 {
2227 	ServerOptions mo;
2228 
2229 	initialize_server_options(&mo);
2230 	parse_server_config(&mo, "reprocess config", cfg, connectinfo);
2231 	copy_set_server_options(options, &mo, 0);
2232 }
2233 
2234 int parse_server_match_testspec(struct connection_info *ci, char *spec)
2235 {
2236 	char *p;
2237 
2238 	while ((p = strsep(&spec, ",")) && *p != '\0') {
2239 		if (strncmp(p, "addr=", 5) == 0) {
2240 			ci->address = xstrdup(p + 5);
2241 		} else if (strncmp(p, "host=", 5) == 0) {
2242 			ci->host = xstrdup(p + 5);
2243 		} else if (strncmp(p, "user=", 5) == 0) {
2244 			ci->user = xstrdup(p + 5);
2245 		} else if (strncmp(p, "laddr=", 6) == 0) {
2246 			ci->laddress = xstrdup(p + 6);
2247 		} else if (strncmp(p, "rdomain=", 8) == 0) {
2248 			ci->rdomain = xstrdup(p + 8);
2249 		} else if (strncmp(p, "lport=", 6) == 0) {
2250 			ci->lport = a2port(p + 6);
2251 			if (ci->lport == -1) {
2252 				fprintf(stderr, "Invalid port '%s' in test mode"
2253 				   " specification %s\n", p+6, p);
2254 				return -1;
2255 			}
2256 		} else {
2257 			fprintf(stderr, "Invalid test mode specification %s\n",
2258 			   p);
2259 			return -1;
2260 		}
2261 	}
2262 	return 0;
2263 }
2264 
2265 /*
2266  * Copy any supported values that are set.
2267  *
2268  * If the preauth flag is set, we do not bother copying the string or
2269  * array values that are not used pre-authentication, because any that we
2270  * do use must be explicitly sent in mm_getpwnamallow().
2271  */
2272 void
2273 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2274 {
2275 #define M_CP_INTOPT(n) do {\
2276 	if (src->n != -1) \
2277 		dst->n = src->n; \
2278 } while (0)
2279 
2280 	M_CP_INTOPT(password_authentication);
2281 	M_CP_INTOPT(gss_authentication);
2282 	M_CP_INTOPT(pubkey_authentication);
2283 	M_CP_INTOPT(kerberos_authentication);
2284 	M_CP_INTOPT(hostbased_authentication);
2285 	M_CP_INTOPT(hostbased_uses_name_from_packet_only);
2286 	M_CP_INTOPT(kbd_interactive_authentication);
2287 	M_CP_INTOPT(permit_root_login);
2288 	M_CP_INTOPT(permit_empty_passwd);
2289 
2290 	M_CP_INTOPT(allow_tcp_forwarding);
2291 	M_CP_INTOPT(allow_streamlocal_forwarding);
2292 	M_CP_INTOPT(allow_agent_forwarding);
2293 	M_CP_INTOPT(disable_forwarding);
2294 	M_CP_INTOPT(expose_userauth_info);
2295 	M_CP_INTOPT(permit_tun);
2296 	M_CP_INTOPT(fwd_opts.gateway_ports);
2297 	M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
2298 	M_CP_INTOPT(x11_display_offset);
2299 	M_CP_INTOPT(x11_forwarding);
2300 	M_CP_INTOPT(x11_use_localhost);
2301 	M_CP_INTOPT(permit_tty);
2302 	M_CP_INTOPT(permit_user_rc);
2303 	M_CP_INTOPT(max_sessions);
2304 	M_CP_INTOPT(max_authtries);
2305 	M_CP_INTOPT(client_alive_count_max);
2306 	M_CP_INTOPT(client_alive_interval);
2307 	M_CP_INTOPT(ip_qos_interactive);
2308 	M_CP_INTOPT(ip_qos_bulk);
2309 	M_CP_INTOPT(rekey_limit);
2310 	M_CP_INTOPT(rekey_interval);
2311 	M_CP_INTOPT(log_level);
2312 
2313 	/*
2314 	 * The bind_mask is a mode_t that may be unsigned, so we can't use
2315 	 * M_CP_INTOPT - it does a signed comparison that causes compiler
2316 	 * warnings.
2317 	 */
2318 	if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) {
2319 		dst->fwd_opts.streamlocal_bind_mask =
2320 		    src->fwd_opts.streamlocal_bind_mask;
2321 	}
2322 
2323 	/* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
2324 #define M_CP_STROPT(n) do {\
2325 	if (src->n != NULL && dst->n != src->n) { \
2326 		free(dst->n); \
2327 		dst->n = src->n; \
2328 	} \
2329 } while(0)
2330 #define M_CP_STRARRAYOPT(s, num_s) do {\
2331 	u_int i; \
2332 	if (src->num_s != 0) { \
2333 		for (i = 0; i < dst->num_s; i++) \
2334 			free(dst->s[i]); \
2335 		free(dst->s); \
2336 		dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \
2337 		for (i = 0; i < src->num_s; i++) \
2338 			dst->s[i] = xstrdup(src->s[i]); \
2339 		dst->num_s = src->num_s; \
2340 	} \
2341 } while(0)
2342 
2343 	/* See comment in servconf.h */
2344 	COPY_MATCH_STRING_OPTS();
2345 
2346 	/* Arguments that accept '+...' need to be expanded */
2347 	assemble_algorithms(dst);
2348 
2349 	/*
2350 	 * The only things that should be below this point are string options
2351 	 * which are only used after authentication.
2352 	 */
2353 	if (preauth)
2354 		return;
2355 
2356 	/* These options may be "none" to clear a global setting */
2357 	M_CP_STROPT(adm_forced_command);
2358 	if (option_clear_or_none(dst->adm_forced_command)) {
2359 		free(dst->adm_forced_command);
2360 		dst->adm_forced_command = NULL;
2361 	}
2362 	M_CP_STROPT(chroot_directory);
2363 	if (option_clear_or_none(dst->chroot_directory)) {
2364 		free(dst->chroot_directory);
2365 		dst->chroot_directory = NULL;
2366 	}
2367 }
2368 
2369 #undef M_CP_INTOPT
2370 #undef M_CP_STROPT
2371 #undef M_CP_STRARRAYOPT
2372 
2373 void
2374 parse_server_config(ServerOptions *options, const char *filename,
2375     struct sshbuf *conf, struct connection_info *connectinfo)
2376 {
2377 	int active, linenum, bad_options = 0;
2378 	char *cp, *obuf, *cbuf;
2379 
2380 	debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf));
2381 
2382 	if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
2383 		fatal("%s: sshbuf_dup_string failed", __func__);
2384 	active = connectinfo ? 0 : 1;
2385 	linenum = 1;
2386 	while ((cp = strsep(&cbuf, "\n")) != NULL) {
2387 		if (process_server_config_line(options, cp, filename,
2388 		    linenum++, &active, connectinfo) != 0)
2389 			bad_options++;
2390 	}
2391 	free(obuf);
2392 	if (bad_options > 0)
2393 		fatal("%s: terminating, %d bad configuration options",
2394 		    filename, bad_options);
2395 	process_queued_listen_addrs(options);
2396 }
2397 
2398 static const char *
2399 fmt_multistate_int(int val, const struct multistate *m)
2400 {
2401 	u_int i;
2402 
2403 	for (i = 0; m[i].key != NULL; i++) {
2404 		if (m[i].value == val)
2405 			return m[i].key;
2406 	}
2407 	return "UNKNOWN";
2408 }
2409 
2410 static const char *
2411 fmt_intarg(ServerOpCodes code, int val)
2412 {
2413 	if (val == -1)
2414 		return "unset";
2415 	switch (code) {
2416 	case sAddressFamily:
2417 		return fmt_multistate_int(val, multistate_addressfamily);
2418 	case sPermitRootLogin:
2419 		return fmt_multistate_int(val, multistate_permitrootlogin);
2420 	case sGatewayPorts:
2421 		return fmt_multistate_int(val, multistate_gatewayports);
2422 	case sCompression:
2423 		return fmt_multistate_int(val, multistate_compression);
2424 	case sAllowTcpForwarding:
2425 		return fmt_multistate_int(val, multistate_tcpfwd);
2426 	case sAllowStreamLocalForwarding:
2427 		return fmt_multistate_int(val, multistate_tcpfwd);
2428 	case sFingerprintHash:
2429 		return ssh_digest_alg_name(val);
2430 	default:
2431 		switch (val) {
2432 		case 0:
2433 			return "no";
2434 		case 1:
2435 			return "yes";
2436 		default:
2437 			return "UNKNOWN";
2438 		}
2439 	}
2440 }
2441 
2442 static void
2443 dump_cfg_int(ServerOpCodes code, int val)
2444 {
2445 	printf("%s %d\n", lookup_opcode_name(code), val);
2446 }
2447 
2448 static void
2449 dump_cfg_oct(ServerOpCodes code, int val)
2450 {
2451 	printf("%s 0%o\n", lookup_opcode_name(code), val);
2452 }
2453 
2454 static void
2455 dump_cfg_fmtint(ServerOpCodes code, int val)
2456 {
2457 	printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
2458 }
2459 
2460 static void
2461 dump_cfg_string(ServerOpCodes code, const char *val)
2462 {
2463 	printf("%s %s\n", lookup_opcode_name(code),
2464 	    val == NULL ? "none" : val);
2465 }
2466 
2467 static void
2468 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
2469 {
2470 	u_int i;
2471 
2472 	for (i = 0; i < count; i++)
2473 		printf("%s %s\n", lookup_opcode_name(code), vals[i]);
2474 }
2475 
2476 static void
2477 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
2478 {
2479 	u_int i;
2480 
2481 	if (count <= 0 && code != sAuthenticationMethods)
2482 		return;
2483 	printf("%s", lookup_opcode_name(code));
2484 	for (i = 0; i < count; i++)
2485 		printf(" %s",  vals[i]);
2486 	if (code == sAuthenticationMethods && count == 0)
2487 		printf(" any");
2488 	printf("\n");
2489 }
2490 
2491 static char *
2492 format_listen_addrs(struct listenaddr *la)
2493 {
2494 	int r;
2495 	struct addrinfo *ai;
2496 	char addr[NI_MAXHOST], port[NI_MAXSERV];
2497 	char *laddr1 = xstrdup(""), *laddr2 = NULL;
2498 
2499 	/*
2500 	 * ListenAddress must be after Port.  add_one_listen_addr pushes
2501 	 * addresses onto a stack, so to maintain ordering we need to
2502 	 * print these in reverse order.
2503 	 */
2504 	for (ai = la->addrs; ai; ai = ai->ai_next) {
2505 		if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
2506 		    sizeof(addr), port, sizeof(port),
2507 		    NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
2508 			error("getnameinfo: %.100s", ssh_gai_strerror(r));
2509 			continue;
2510 		}
2511 		laddr2 = laddr1;
2512 		if (ai->ai_family == AF_INET6) {
2513 			xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s",
2514 			    addr, port,
2515 			    la->rdomain == NULL ? "" : " rdomain ",
2516 			    la->rdomain == NULL ? "" : la->rdomain,
2517 			    laddr2);
2518 		} else {
2519 			xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s",
2520 			    addr, port,
2521 			    la->rdomain == NULL ? "" : " rdomain ",
2522 			    la->rdomain == NULL ? "" : la->rdomain,
2523 			    laddr2);
2524 		}
2525 		free(laddr2);
2526 	}
2527 	return laddr1;
2528 }
2529 
2530 void
2531 dump_config(ServerOptions *o)
2532 {
2533 	char *s;
2534 	u_int i;
2535 
2536 	/* these are usually at the top of the config */
2537 	for (i = 0; i < o->num_ports; i++)
2538 		printf("port %d\n", o->ports[i]);
2539 	dump_cfg_fmtint(sAddressFamily, o->address_family);
2540 
2541 	for (i = 0; i < o->num_listen_addrs; i++) {
2542 		s = format_listen_addrs(&o->listen_addrs[i]);
2543 		printf("%s", s);
2544 		free(s);
2545 	}
2546 
2547 	/* integer arguments */
2548 #ifdef USE_PAM
2549 	dump_cfg_fmtint(sUsePAM, o->use_pam);
2550 #endif
2551 	dump_cfg_int(sLoginGraceTime, o->login_grace_time);
2552 	dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
2553 	dump_cfg_int(sMaxAuthTries, o->max_authtries);
2554 	dump_cfg_int(sMaxSessions, o->max_sessions);
2555 	dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
2556 	dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
2557 	dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
2558 
2559 	/* formatted integer arguments */
2560 	dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
2561 	dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
2562 	dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
2563 	dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
2564 	dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
2565 	    o->hostbased_uses_name_from_packet_only);
2566 	dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
2567 #ifdef KRB5
2568 	dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
2569 	dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
2570 	dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
2571 # ifdef USE_AFS
2572 	dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
2573 # endif
2574 #endif
2575 #ifdef GSSAPI
2576 	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
2577 	dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
2578 #endif
2579 	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
2580 	dump_cfg_fmtint(sKbdInteractiveAuthentication,
2581 	    o->kbd_interactive_authentication);
2582 	dump_cfg_fmtint(sChallengeResponseAuthentication,
2583 	    o->challenge_response_authentication);
2584 	dump_cfg_fmtint(sPrintMotd, o->print_motd);
2585 #ifndef DISABLE_LASTLOG
2586 	dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
2587 #endif
2588 	dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
2589 	dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
2590 	dump_cfg_fmtint(sPermitTTY, o->permit_tty);
2591 	dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
2592 	dump_cfg_fmtint(sStrictModes, o->strict_modes);
2593 	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
2594 	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
2595 	dump_cfg_fmtint(sCompression, o->compression);
2596 	dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2597 	dump_cfg_fmtint(sUseDNS, o->use_dns);
2598 	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2599 	dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
2600 	dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
2601 	dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2602 	dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2603 	dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2604 	dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
2605 	dump_cfg_fmtint(sUseBlacklist, o->use_blacklist);
2606 
2607 	/* string arguments */
2608 	dump_cfg_string(sPidFile, o->pid_file);
2609 	dump_cfg_string(sXAuthLocation, o->xauth_location);
2610 	dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT);
2611 	dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC);
2612 	dump_cfg_string(sBanner, o->banner);
2613 	dump_cfg_string(sForceCommand, o->adm_forced_command);
2614 	dump_cfg_string(sChrootDirectory, o->chroot_directory);
2615 	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
2616 	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
2617 	dump_cfg_string(sAuthorizedPrincipalsFile,
2618 	    o->authorized_principals_file);
2619 	dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
2620 	    ? "none" : o->version_addendum);
2621 	dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
2622 	dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
2623 	dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
2624 	dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
2625 	dump_cfg_string(sHostKeyAgent, o->host_key_agent);
2626 	dump_cfg_string(sKexAlgorithms,
2627 	    o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
2628 	dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
2629 	    o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
2630 	dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?
2631 	    o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
2632 	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
2633 	    o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
2634 	dump_cfg_string(sRDomain, o->routing_domain);
2635 
2636 	/* string arguments requiring a lookup */
2637 	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
2638 	dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
2639 
2640 	/* string array arguments */
2641 	dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
2642 	    o->authorized_keys_files);
2643 	dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
2644 	     o->host_key_files);
2645 	dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
2646 	     o->host_cert_files);
2647 	dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
2648 	dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
2649 	dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
2650 	dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
2651 	dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
2652 	dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv);
2653 	dump_cfg_strarray_oneline(sAuthenticationMethods,
2654 	    o->num_auth_methods, o->auth_methods);
2655 
2656 	/* other arguments */
2657 	for (i = 0; i < o->num_subsystems; i++)
2658 		printf("subsystem %s %s\n", o->subsystem_name[i],
2659 		    o->subsystem_args[i]);
2660 
2661 	printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
2662 	    o->max_startups_rate, o->max_startups);
2663 
2664 	s = NULL;
2665 	for (i = 0; tunmode_desc[i].val != -1; i++) {
2666 		if (tunmode_desc[i].val == o->permit_tun) {
2667 			s = tunmode_desc[i].text;
2668 			break;
2669 		}
2670 	}
2671 	dump_cfg_string(sPermitTunnel, s);
2672 
2673 	printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
2674 	printf("%s\n", iptos2str(o->ip_qos_bulk));
2675 
2676 	printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
2677 	    o->rekey_interval);
2678 
2679 	printf("permitopen");
2680 	if (o->num_permitted_opens == 0)
2681 		printf(" any");
2682 	else {
2683 		for (i = 0; i < o->num_permitted_opens; i++)
2684 			printf(" %s", o->permitted_opens[i]);
2685 	}
2686 	printf("\n");
2687 	printf("permitlisten");
2688 	if (o->num_permitted_listens == 0)
2689 		printf(" any");
2690 	else {
2691 		for (i = 0; i < o->num_permitted_listens; i++)
2692 			printf(" %s", o->permitted_listens[i]);
2693 	}
2694 	printf("\n");
2695 
2696 	if (o->permit_user_env_whitelist == NULL) {
2697 		dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2698 	} else {
2699 		printf("permituserenvironment %s\n",
2700 		    o->permit_user_env_whitelist);
2701 	}
2702 
2703 }
2704