1 /* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */ 2 /* 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be 10 * called by a name other than "ssh" or "Secure Shell". 11 */ 12 13 #include "includes.h" 14 __RCSID("$FreeBSD$"); 15 16 #include <sys/types.h> 17 #include <sys/socket.h> 18 19 #include <netinet/in.h> 20 #include <netinet/in_systm.h> 21 #include <netinet/ip.h> 22 23 #include <netdb.h> 24 #include <pwd.h> 25 #include <stdio.h> 26 #include <stdlib.h> 27 #include <string.h> 28 #include <signal.h> 29 #include <unistd.h> 30 #include <stdarg.h> 31 #include <errno.h> 32 33 #include "openbsd-compat/sys-queue.h" 34 #include "xmalloc.h" 35 #include "ssh.h" 36 #include "log.h" 37 #include "buffer.h" 38 #include "servconf.h" 39 #include "compat.h" 40 #include "pathnames.h" 41 #include "misc.h" 42 #include "cipher.h" 43 #include "key.h" 44 #include "kex.h" 45 #include "mac.h" 46 #include "match.h" 47 #include "channels.h" 48 #include "groupaccess.h" 49 #include "version.h" 50 51 static void add_listen_addr(ServerOptions *, char *, int); 52 static void add_one_listen_addr(ServerOptions *, char *, int); 53 54 /* Use of privilege separation or not */ 55 extern int use_privsep; 56 extern Buffer cfg; 57 58 /* Initializes the server options to their default values. */ 59 60 void 61 initialize_server_options(ServerOptions *options) 62 { 63 memset(options, 0, sizeof(*options)); 64 65 /* Portable-specific options */ 66 options->use_pam = -1; 67 68 /* Standard Options */ 69 options->num_ports = 0; 70 options->ports_from_cmdline = 0; 71 options->listen_addrs = NULL; 72 options->address_family = -1; 73 options->num_host_key_files = 0; 74 options->num_host_cert_files = 0; 75 options->pid_file = NULL; 76 options->server_key_bits = -1; 77 options->login_grace_time = -1; 78 options->key_regeneration_time = -1; 79 options->permit_root_login = PERMIT_NOT_SET; 80 options->ignore_rhosts = -1; 81 options->ignore_user_known_hosts = -1; 82 options->print_motd = -1; 83 options->print_lastlog = -1; 84 options->x11_forwarding = -1; 85 options->x11_display_offset = -1; 86 options->x11_use_localhost = -1; 87 options->xauth_location = NULL; 88 options->strict_modes = -1; 89 options->tcp_keep_alive = -1; 90 options->log_facility = SYSLOG_FACILITY_NOT_SET; 91 options->log_level = SYSLOG_LEVEL_NOT_SET; 92 options->rhosts_rsa_authentication = -1; 93 options->hostbased_authentication = -1; 94 options->hostbased_uses_name_from_packet_only = -1; 95 options->rsa_authentication = -1; 96 options->pubkey_authentication = -1; 97 options->kerberos_authentication = -1; 98 options->kerberos_or_local_passwd = -1; 99 options->kerberos_ticket_cleanup = -1; 100 options->kerberos_get_afs_token = -1; 101 options->gss_authentication=-1; 102 options->gss_cleanup_creds = -1; 103 options->password_authentication = -1; 104 options->kbd_interactive_authentication = -1; 105 options->challenge_response_authentication = -1; 106 options->permit_empty_passwd = -1; 107 options->permit_user_env = -1; 108 options->use_login = -1; 109 options->compression = -1; 110 options->allow_tcp_forwarding = -1; 111 options->allow_agent_forwarding = -1; 112 options->num_allow_users = 0; 113 options->num_deny_users = 0; 114 options->num_allow_groups = 0; 115 options->num_deny_groups = 0; 116 options->ciphers = NULL; 117 options->macs = NULL; 118 options->kex_algorithms = NULL; 119 options->protocol = SSH_PROTO_UNKNOWN; 120 options->gateway_ports = -1; 121 options->num_subsystems = 0; 122 options->max_startups_begin = -1; 123 options->max_startups_rate = -1; 124 options->max_startups = -1; 125 options->max_authtries = -1; 126 options->max_sessions = -1; 127 options->banner = NULL; 128 options->use_dns = -1; 129 options->client_alive_interval = -1; 130 options->client_alive_count_max = -1; 131 options->authorized_keys_file = NULL; 132 options->authorized_keys_file2 = NULL; 133 options->num_accept_env = 0; 134 options->permit_tun = -1; 135 options->num_permitted_opens = -1; 136 options->adm_forced_command = NULL; 137 options->chroot_directory = NULL; 138 options->zero_knowledge_password_authentication = -1; 139 options->revoked_keys_file = NULL; 140 options->trusted_user_ca_keys = NULL; 141 options->authorized_principals_file = NULL; 142 options->ip_qos_interactive = -1; 143 options->ip_qos_bulk = -1; 144 } 145 146 void 147 fill_default_server_options(ServerOptions *options) 148 { 149 /* Portable-specific options */ 150 if (options->use_pam == -1) 151 options->use_pam = 1; 152 153 /* Standard Options */ 154 if (options->protocol == SSH_PROTO_UNKNOWN) 155 options->protocol = SSH_PROTO_2; 156 if (options->num_host_key_files == 0) { 157 /* fill default hostkeys for protocols */ 158 if (options->protocol & SSH_PROTO_1) 159 options->host_key_files[options->num_host_key_files++] = 160 _PATH_HOST_KEY_FILE; 161 if (options->protocol & SSH_PROTO_2) { 162 options->host_key_files[options->num_host_key_files++] = 163 _PATH_HOST_RSA_KEY_FILE; 164 options->host_key_files[options->num_host_key_files++] = 165 _PATH_HOST_DSA_KEY_FILE; 166 #ifdef OPENSSL_HAS_ECC 167 options->host_key_files[options->num_host_key_files++] = 168 _PATH_HOST_ECDSA_KEY_FILE; 169 #endif 170 } 171 } 172 /* No certificates by default */ 173 if (options->num_ports == 0) 174 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 175 if (options->listen_addrs == NULL) 176 add_listen_addr(options, NULL, 0); 177 if (options->pid_file == NULL) 178 options->pid_file = _PATH_SSH_DAEMON_PID_FILE; 179 if (options->server_key_bits == -1) 180 options->server_key_bits = 1024; 181 if (options->login_grace_time == -1) 182 options->login_grace_time = 120; 183 if (options->key_regeneration_time == -1) 184 options->key_regeneration_time = 3600; 185 if (options->permit_root_login == PERMIT_NOT_SET) 186 options->permit_root_login = PERMIT_NO; 187 if (options->ignore_rhosts == -1) 188 options->ignore_rhosts = 1; 189 if (options->ignore_user_known_hosts == -1) 190 options->ignore_user_known_hosts = 0; 191 if (options->print_motd == -1) 192 options->print_motd = 1; 193 if (options->print_lastlog == -1) 194 options->print_lastlog = 1; 195 if (options->x11_forwarding == -1) 196 options->x11_forwarding = 1; 197 if (options->x11_display_offset == -1) 198 options->x11_display_offset = 10; 199 if (options->x11_use_localhost == -1) 200 options->x11_use_localhost = 1; 201 if (options->xauth_location == NULL) 202 options->xauth_location = _PATH_XAUTH; 203 if (options->strict_modes == -1) 204 options->strict_modes = 1; 205 if (options->tcp_keep_alive == -1) 206 options->tcp_keep_alive = 1; 207 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 208 options->log_facility = SYSLOG_FACILITY_AUTH; 209 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 210 options->log_level = SYSLOG_LEVEL_INFO; 211 if (options->rhosts_rsa_authentication == -1) 212 options->rhosts_rsa_authentication = 0; 213 if (options->hostbased_authentication == -1) 214 options->hostbased_authentication = 0; 215 if (options->hostbased_uses_name_from_packet_only == -1) 216 options->hostbased_uses_name_from_packet_only = 0; 217 if (options->rsa_authentication == -1) 218 options->rsa_authentication = 1; 219 if (options->pubkey_authentication == -1) 220 options->pubkey_authentication = 1; 221 if (options->kerberos_authentication == -1) 222 options->kerberos_authentication = 0; 223 if (options->kerberos_or_local_passwd == -1) 224 options->kerberos_or_local_passwd = 1; 225 if (options->kerberos_ticket_cleanup == -1) 226 options->kerberos_ticket_cleanup = 1; 227 if (options->kerberos_get_afs_token == -1) 228 options->kerberos_get_afs_token = 0; 229 if (options->gss_authentication == -1) 230 options->gss_authentication = 0; 231 if (options->gss_cleanup_creds == -1) 232 options->gss_cleanup_creds = 1; 233 if (options->password_authentication == -1) 234 options->password_authentication = 0; 235 if (options->kbd_interactive_authentication == -1) 236 options->kbd_interactive_authentication = 0; 237 if (options->challenge_response_authentication == -1) 238 options->challenge_response_authentication = 1; 239 if (options->permit_empty_passwd == -1) 240 options->permit_empty_passwd = 0; 241 if (options->permit_user_env == -1) 242 options->permit_user_env = 0; 243 if (options->use_login == -1) 244 options->use_login = 0; 245 if (options->compression == -1) 246 options->compression = COMP_DELAYED; 247 if (options->allow_tcp_forwarding == -1) 248 options->allow_tcp_forwarding = 1; 249 if (options->allow_agent_forwarding == -1) 250 options->allow_agent_forwarding = 1; 251 if (options->gateway_ports == -1) 252 options->gateway_ports = 0; 253 if (options->max_startups == -1) 254 options->max_startups = 10; 255 if (options->max_startups_rate == -1) 256 options->max_startups_rate = 100; /* 100% */ 257 if (options->max_startups_begin == -1) 258 options->max_startups_begin = options->max_startups; 259 if (options->max_authtries == -1) 260 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 261 if (options->max_sessions == -1) 262 options->max_sessions = DEFAULT_SESSIONS_MAX; 263 if (options->use_dns == -1) 264 options->use_dns = 1; 265 if (options->client_alive_interval == -1) 266 options->client_alive_interval = 0; 267 if (options->client_alive_count_max == -1) 268 options->client_alive_count_max = 3; 269 if (options->authorized_keys_file2 == NULL) { 270 /* authorized_keys_file2 falls back to authorized_keys_file */ 271 if (options->authorized_keys_file != NULL) 272 options->authorized_keys_file2 = xstrdup(options->authorized_keys_file); 273 else 274 options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); 275 } 276 if (options->authorized_keys_file == NULL) 277 options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); 278 if (options->permit_tun == -1) 279 options->permit_tun = SSH_TUNMODE_NO; 280 if (options->zero_knowledge_password_authentication == -1) 281 options->zero_knowledge_password_authentication = 0; 282 if (options->ip_qos_interactive == -1) 283 options->ip_qos_interactive = IPTOS_LOWDELAY; 284 if (options->ip_qos_bulk == -1) 285 options->ip_qos_bulk = IPTOS_THROUGHPUT; 286 287 /* Turn privilege separation on by default */ 288 if (use_privsep == -1) 289 use_privsep = 1; 290 291 #ifndef HAVE_MMAP 292 if (use_privsep && options->compression == 1) { 293 error("This platform does not support both privilege " 294 "separation and compression"); 295 error("Compression disabled"); 296 options->compression = 0; 297 } 298 #endif 299 300 } 301 302 /* Keyword tokens. */ 303 typedef enum { 304 sBadOption, /* == unknown option */ 305 /* Portable-specific options */ 306 sUsePAM, 307 /* Standard Options */ 308 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, 309 sPermitRootLogin, sLogFacility, sLogLevel, 310 sRhostsRSAAuthentication, sRSAAuthentication, 311 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 312 sKerberosGetAFSToken, 313 sKerberosTgtPassing, sChallengeResponseAuthentication, 314 sPasswordAuthentication, sKbdInteractiveAuthentication, 315 sListenAddress, sAddressFamily, 316 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 317 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 318 sStrictModes, sEmptyPasswd, sTCPKeepAlive, 319 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 320 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 321 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 322 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, 323 sMaxStartups, sMaxAuthTries, sMaxSessions, 324 sBanner, sUseDNS, sHostbasedAuthentication, 325 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 326 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, 327 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, 328 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 329 sUsePrivilegeSeparation, sAllowAgentForwarding, 330 sZeroKnowledgePasswordAuthentication, sHostCertificate, 331 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 332 sKexAlgorithms, sIPQoS, 333 sVersionAddendum, 334 sDeprecated, sUnsupported 335 } ServerOpCodes; 336 337 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 338 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 339 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 340 341 /* Textual representation of the tokens. */ 342 static struct { 343 const char *name; 344 ServerOpCodes opcode; 345 u_int flags; 346 } keywords[] = { 347 /* Portable-specific options */ 348 #ifdef USE_PAM 349 { "usepam", sUsePAM, SSHCFG_GLOBAL }, 350 #else 351 { "usepam", sUnsupported, SSHCFG_GLOBAL }, 352 #endif 353 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, 354 /* Standard Options */ 355 { "port", sPort, SSHCFG_GLOBAL }, 356 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 357 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 358 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 359 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, 360 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 361 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, 362 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 363 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 364 { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 365 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 366 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, 367 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 368 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 369 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, 370 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 371 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 372 #ifdef KRB5 373 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 374 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 375 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 376 #ifdef USE_AFS 377 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 378 #else 379 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 380 #endif 381 #else 382 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 383 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 384 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 385 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 386 #endif 387 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 388 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 389 #ifdef GSSAPI 390 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 391 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 392 #else 393 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 394 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 395 #endif 396 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 397 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 398 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 399 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 400 #ifdef JPAKE 401 { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL }, 402 #else 403 { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL }, 404 #endif 405 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 406 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 407 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 408 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 409 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 410 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 411 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 412 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 413 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 414 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 415 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 416 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 417 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 418 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 419 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 420 { "compression", sCompression, SSHCFG_GLOBAL }, 421 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 422 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 423 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 424 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 425 { "allowusers", sAllowUsers, SSHCFG_GLOBAL }, 426 { "denyusers", sDenyUsers, SSHCFG_GLOBAL }, 427 { "allowgroups", sAllowGroups, SSHCFG_GLOBAL }, 428 { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, 429 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 430 { "macs", sMacs, SSHCFG_GLOBAL }, 431 { "protocol", sProtocol, SSHCFG_GLOBAL }, 432 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 433 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 434 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 435 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 436 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 437 { "banner", sBanner, SSHCFG_ALL }, 438 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 439 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 440 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 441 { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, 442 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, 443 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 444 { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, 445 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 446 { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, 447 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 448 { "match", sMatch, SSHCFG_ALL }, 449 { "permitopen", sPermitOpen, SSHCFG_ALL }, 450 { "forcecommand", sForceCommand, SSHCFG_ALL }, 451 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 452 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 453 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 454 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 455 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 456 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 457 { "ipqos", sIPQoS, SSHCFG_ALL }, 458 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 459 { NULL, sBadOption, 0 } 460 }; 461 462 static struct { 463 int val; 464 char *text; 465 } tunmode_desc[] = { 466 { SSH_TUNMODE_NO, "no" }, 467 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 468 { SSH_TUNMODE_ETHERNET, "ethernet" }, 469 { SSH_TUNMODE_YES, "yes" }, 470 { -1, NULL } 471 }; 472 473 /* 474 * Returns the number of the token pointed to by cp or sBadOption. 475 */ 476 477 static ServerOpCodes 478 parse_token(const char *cp, const char *filename, 479 int linenum, u_int *flags) 480 { 481 u_int i; 482 483 for (i = 0; keywords[i].name; i++) 484 if (strcasecmp(cp, keywords[i].name) == 0) { 485 *flags = keywords[i].flags; 486 return keywords[i].opcode; 487 } 488 489 error("%s: line %d: Bad configuration option: %s", 490 filename, linenum, cp); 491 return sBadOption; 492 } 493 494 char * 495 derelativise_path(const char *path) 496 { 497 char *expanded, *ret, cwd[MAXPATHLEN]; 498 499 expanded = tilde_expand_filename(path, getuid()); 500 if (*expanded == '/') 501 return expanded; 502 if (getcwd(cwd, sizeof(cwd)) == NULL) 503 fatal("%s: getcwd: %s", __func__, strerror(errno)); 504 xasprintf(&ret, "%s/%s", cwd, expanded); 505 xfree(expanded); 506 return ret; 507 } 508 509 static void 510 add_listen_addr(ServerOptions *options, char *addr, int port) 511 { 512 u_int i; 513 514 if (options->num_ports == 0) 515 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 516 if (options->address_family == -1) 517 options->address_family = AF_UNSPEC; 518 if (port == 0) 519 for (i = 0; i < options->num_ports; i++) 520 add_one_listen_addr(options, addr, options->ports[i]); 521 else 522 add_one_listen_addr(options, addr, port); 523 } 524 525 static void 526 add_one_listen_addr(ServerOptions *options, char *addr, int port) 527 { 528 struct addrinfo hints, *ai, *aitop; 529 char strport[NI_MAXSERV]; 530 int gaierr; 531 532 memset(&hints, 0, sizeof(hints)); 533 hints.ai_family = options->address_family; 534 hints.ai_socktype = SOCK_STREAM; 535 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 536 snprintf(strport, sizeof strport, "%d", port); 537 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 538 fatal("bad addr or host: %s (%s)", 539 addr ? addr : "<NULL>", 540 ssh_gai_strerror(gaierr)); 541 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 542 ; 543 ai->ai_next = options->listen_addrs; 544 options->listen_addrs = aitop; 545 } 546 547 /* 548 * The strategy for the Match blocks is that the config file is parsed twice. 549 * 550 * The first time is at startup. activep is initialized to 1 and the 551 * directives in the global context are processed and acted on. Hitting a 552 * Match directive unsets activep and the directives inside the block are 553 * checked for syntax only. 554 * 555 * The second time is after a connection has been established but before 556 * authentication. activep is initialized to 2 and global config directives 557 * are ignored since they have already been processed. If the criteria in a 558 * Match block is met, activep is set and the subsequent directives 559 * processed and actioned until EOF or another Match block unsets it. Any 560 * options set are copied into the main server config. 561 * 562 * Potential additions/improvements: 563 * - Add Match support for pre-kex directives, eg Protocol, Ciphers. 564 * 565 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 566 * Match Address 192.168.0.* 567 * Tag trusted 568 * Match Group wheel 569 * Tag trusted 570 * Match Tag trusted 571 * AllowTcpForwarding yes 572 * GatewayPorts clientspecified 573 * [...] 574 * 575 * - Add a PermittedChannelRequests directive 576 * Match Group shell 577 * PermittedChannelRequests session,forwarded-tcpip 578 */ 579 580 static int 581 match_cfg_line_group(const char *grps, int line, const char *user) 582 { 583 int result = 0; 584 struct passwd *pw; 585 586 if (user == NULL) 587 goto out; 588 589 if ((pw = getpwnam(user)) == NULL) { 590 debug("Can't match group at line %d because user %.100s does " 591 "not exist", line, user); 592 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 593 debug("Can't Match group because user %.100s not in any group " 594 "at line %d", user, line); 595 } else if (ga_match_pattern_list(grps) != 1) { 596 debug("user %.100s does not match group list %.100s at line %d", 597 user, grps, line); 598 } else { 599 debug("user %.100s matched group list %.100s at line %d", user, 600 grps, line); 601 result = 1; 602 } 603 out: 604 ga_free(); 605 return result; 606 } 607 608 static int 609 match_cfg_line(char **condition, int line, const char *user, const char *host, 610 const char *address) 611 { 612 int result = 1; 613 char *arg, *attrib, *cp = *condition; 614 size_t len; 615 616 if (user == NULL) 617 debug3("checking syntax for 'Match %s'", cp); 618 else 619 debug3("checking match for '%s' user %s host %s addr %s", cp, 620 user ? user : "(null)", host ? host : "(null)", 621 address ? address : "(null)"); 622 623 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 624 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 625 error("Missing Match criteria for %s", attrib); 626 return -1; 627 } 628 len = strlen(arg); 629 if (strcasecmp(attrib, "user") == 0) { 630 if (!user) { 631 result = 0; 632 continue; 633 } 634 if (match_pattern_list(user, arg, len, 0) != 1) 635 result = 0; 636 else 637 debug("user %.100s matched 'User %.100s' at " 638 "line %d", user, arg, line); 639 } else if (strcasecmp(attrib, "group") == 0) { 640 switch (match_cfg_line_group(arg, line, user)) { 641 case -1: 642 return -1; 643 case 0: 644 result = 0; 645 } 646 } else if (strcasecmp(attrib, "host") == 0) { 647 if (!host) { 648 result = 0; 649 continue; 650 } 651 if (match_hostname(host, arg, len) != 1) 652 result = 0; 653 else 654 debug("connection from %.100s matched 'Host " 655 "%.100s' at line %d", host, arg, line); 656 } else if (strcasecmp(attrib, "address") == 0) { 657 switch (addr_match_list(address, arg)) { 658 case 1: 659 debug("connection from %.100s matched 'Address " 660 "%.100s' at line %d", address, arg, line); 661 break; 662 case 0: 663 case -1: 664 result = 0; 665 break; 666 case -2: 667 return -1; 668 } 669 } else { 670 error("Unsupported Match attribute %s", attrib); 671 return -1; 672 } 673 } 674 if (user != NULL) 675 debug3("match %sfound", result ? "" : "not "); 676 *condition = cp; 677 return result; 678 } 679 680 #define WHITESPACE " \t\r\n" 681 682 int 683 process_server_config_line(ServerOptions *options, char *line, 684 const char *filename, int linenum, int *activep, const char *user, 685 const char *host, const char *address) 686 { 687 char *cp, **charptr, *arg, *p; 688 int cmdline = 0, *intptr, value, value2, n; 689 SyslogFacility *log_facility_ptr; 690 LogLevel *log_level_ptr; 691 ServerOpCodes opcode; 692 int port; 693 u_int i, flags = 0; 694 size_t len; 695 696 cp = line; 697 if ((arg = strdelim(&cp)) == NULL) 698 return 0; 699 /* Ignore leading whitespace */ 700 if (*arg == '\0') 701 arg = strdelim(&cp); 702 if (!arg || !*arg || *arg == '#') 703 return 0; 704 intptr = NULL; 705 charptr = NULL; 706 opcode = parse_token(arg, filename, linenum, &flags); 707 708 if (activep == NULL) { /* We are processing a command line directive */ 709 cmdline = 1; 710 activep = &cmdline; 711 } 712 if (*activep && opcode != sMatch) 713 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 714 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 715 if (user == NULL) { 716 fatal("%s line %d: Directive '%s' is not allowed " 717 "within a Match block", filename, linenum, arg); 718 } else { /* this is a directive we have already processed */ 719 while (arg) 720 arg = strdelim(&cp); 721 return 0; 722 } 723 } 724 725 switch (opcode) { 726 /* Portable-specific options */ 727 case sUsePAM: 728 intptr = &options->use_pam; 729 goto parse_flag; 730 731 /* Standard Options */ 732 case sBadOption: 733 return -1; 734 case sPort: 735 /* ignore ports from configfile if cmdline specifies ports */ 736 if (options->ports_from_cmdline) 737 return 0; 738 if (options->listen_addrs != NULL) 739 fatal("%s line %d: ports must be specified before " 740 "ListenAddress.", filename, linenum); 741 if (options->num_ports >= MAX_PORTS) 742 fatal("%s line %d: too many ports.", 743 filename, linenum); 744 arg = strdelim(&cp); 745 if (!arg || *arg == '\0') 746 fatal("%s line %d: missing port number.", 747 filename, linenum); 748 options->ports[options->num_ports++] = a2port(arg); 749 if (options->ports[options->num_ports-1] <= 0) 750 fatal("%s line %d: Badly formatted port number.", 751 filename, linenum); 752 break; 753 754 case sServerKeyBits: 755 intptr = &options->server_key_bits; 756 parse_int: 757 arg = strdelim(&cp); 758 if (!arg || *arg == '\0') 759 fatal("%s line %d: missing integer value.", 760 filename, linenum); 761 value = atoi(arg); 762 if (*activep && *intptr == -1) 763 *intptr = value; 764 break; 765 766 case sLoginGraceTime: 767 intptr = &options->login_grace_time; 768 parse_time: 769 arg = strdelim(&cp); 770 if (!arg || *arg == '\0') 771 fatal("%s line %d: missing time value.", 772 filename, linenum); 773 if ((value = convtime(arg)) == -1) 774 fatal("%s line %d: invalid time value.", 775 filename, linenum); 776 if (*intptr == -1) 777 *intptr = value; 778 break; 779 780 case sKeyRegenerationTime: 781 intptr = &options->key_regeneration_time; 782 goto parse_time; 783 784 case sListenAddress: 785 arg = strdelim(&cp); 786 if (arg == NULL || *arg == '\0') 787 fatal("%s line %d: missing address", 788 filename, linenum); 789 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 790 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 791 && strchr(p+1, ':') != NULL) { 792 add_listen_addr(options, arg, 0); 793 break; 794 } 795 p = hpdelim(&arg); 796 if (p == NULL) 797 fatal("%s line %d: bad address:port usage", 798 filename, linenum); 799 p = cleanhostname(p); 800 if (arg == NULL) 801 port = 0; 802 else if ((port = a2port(arg)) <= 0) 803 fatal("%s line %d: bad port number", filename, linenum); 804 805 add_listen_addr(options, p, port); 806 807 break; 808 809 case sAddressFamily: 810 arg = strdelim(&cp); 811 if (!arg || *arg == '\0') 812 fatal("%s line %d: missing address family.", 813 filename, linenum); 814 intptr = &options->address_family; 815 if (options->listen_addrs != NULL) 816 fatal("%s line %d: address family must be specified before " 817 "ListenAddress.", filename, linenum); 818 if (strcasecmp(arg, "inet") == 0) 819 value = AF_INET; 820 else if (strcasecmp(arg, "inet6") == 0) 821 value = AF_INET6; 822 else if (strcasecmp(arg, "any") == 0) 823 value = AF_UNSPEC; 824 else 825 fatal("%s line %d: unsupported address family \"%s\".", 826 filename, linenum, arg); 827 if (*intptr == -1) 828 *intptr = value; 829 break; 830 831 case sHostKeyFile: 832 intptr = &options->num_host_key_files; 833 if (*intptr >= MAX_HOSTKEYS) 834 fatal("%s line %d: too many host keys specified (max %d).", 835 filename, linenum, MAX_HOSTKEYS); 836 charptr = &options->host_key_files[*intptr]; 837 parse_filename: 838 arg = strdelim(&cp); 839 if (!arg || *arg == '\0') 840 fatal("%s line %d: missing file name.", 841 filename, linenum); 842 if (*activep && *charptr == NULL) { 843 *charptr = derelativise_path(arg); 844 /* increase optional counter */ 845 if (intptr != NULL) 846 *intptr = *intptr + 1; 847 } 848 break; 849 850 case sHostCertificate: 851 intptr = &options->num_host_cert_files; 852 if (*intptr >= MAX_HOSTKEYS) 853 fatal("%s line %d: too many host certificates " 854 "specified (max %d).", filename, linenum, 855 MAX_HOSTCERTS); 856 charptr = &options->host_cert_files[*intptr]; 857 goto parse_filename; 858 break; 859 860 case sPidFile: 861 charptr = &options->pid_file; 862 goto parse_filename; 863 864 case sPermitRootLogin: 865 intptr = &options->permit_root_login; 866 arg = strdelim(&cp); 867 if (!arg || *arg == '\0') 868 fatal("%s line %d: missing yes/" 869 "without-password/forced-commands-only/no " 870 "argument.", filename, linenum); 871 value = 0; /* silence compiler */ 872 if (strcmp(arg, "without-password") == 0) 873 value = PERMIT_NO_PASSWD; 874 else if (strcmp(arg, "forced-commands-only") == 0) 875 value = PERMIT_FORCED_ONLY; 876 else if (strcmp(arg, "yes") == 0) 877 value = PERMIT_YES; 878 else if (strcmp(arg, "no") == 0) 879 value = PERMIT_NO; 880 else 881 fatal("%s line %d: Bad yes/" 882 "without-password/forced-commands-only/no " 883 "argument: %s", filename, linenum, arg); 884 if (*activep && *intptr == -1) 885 *intptr = value; 886 break; 887 888 case sIgnoreRhosts: 889 intptr = &options->ignore_rhosts; 890 parse_flag: 891 arg = strdelim(&cp); 892 if (!arg || *arg == '\0') 893 fatal("%s line %d: missing yes/no argument.", 894 filename, linenum); 895 value = 0; /* silence compiler */ 896 if (strcmp(arg, "yes") == 0) 897 value = 1; 898 else if (strcmp(arg, "no") == 0) 899 value = 0; 900 else 901 fatal("%s line %d: Bad yes/no argument: %s", 902 filename, linenum, arg); 903 if (*activep && *intptr == -1) 904 *intptr = value; 905 break; 906 907 case sIgnoreUserKnownHosts: 908 intptr = &options->ignore_user_known_hosts; 909 goto parse_flag; 910 911 case sRhostsRSAAuthentication: 912 intptr = &options->rhosts_rsa_authentication; 913 goto parse_flag; 914 915 case sHostbasedAuthentication: 916 intptr = &options->hostbased_authentication; 917 goto parse_flag; 918 919 case sHostbasedUsesNameFromPacketOnly: 920 intptr = &options->hostbased_uses_name_from_packet_only; 921 goto parse_flag; 922 923 case sRSAAuthentication: 924 intptr = &options->rsa_authentication; 925 goto parse_flag; 926 927 case sPubkeyAuthentication: 928 intptr = &options->pubkey_authentication; 929 goto parse_flag; 930 931 case sKerberosAuthentication: 932 intptr = &options->kerberos_authentication; 933 goto parse_flag; 934 935 case sKerberosOrLocalPasswd: 936 intptr = &options->kerberos_or_local_passwd; 937 goto parse_flag; 938 939 case sKerberosTicketCleanup: 940 intptr = &options->kerberos_ticket_cleanup; 941 goto parse_flag; 942 943 case sKerberosGetAFSToken: 944 intptr = &options->kerberos_get_afs_token; 945 goto parse_flag; 946 947 case sGssAuthentication: 948 intptr = &options->gss_authentication; 949 goto parse_flag; 950 951 case sGssCleanupCreds: 952 intptr = &options->gss_cleanup_creds; 953 goto parse_flag; 954 955 case sPasswordAuthentication: 956 intptr = &options->password_authentication; 957 goto parse_flag; 958 959 case sZeroKnowledgePasswordAuthentication: 960 intptr = &options->zero_knowledge_password_authentication; 961 goto parse_flag; 962 963 case sKbdInteractiveAuthentication: 964 intptr = &options->kbd_interactive_authentication; 965 goto parse_flag; 966 967 case sChallengeResponseAuthentication: 968 intptr = &options->challenge_response_authentication; 969 goto parse_flag; 970 971 case sPrintMotd: 972 intptr = &options->print_motd; 973 goto parse_flag; 974 975 case sPrintLastLog: 976 intptr = &options->print_lastlog; 977 goto parse_flag; 978 979 case sX11Forwarding: 980 intptr = &options->x11_forwarding; 981 goto parse_flag; 982 983 case sX11DisplayOffset: 984 intptr = &options->x11_display_offset; 985 goto parse_int; 986 987 case sX11UseLocalhost: 988 intptr = &options->x11_use_localhost; 989 goto parse_flag; 990 991 case sXAuthLocation: 992 charptr = &options->xauth_location; 993 goto parse_filename; 994 995 case sStrictModes: 996 intptr = &options->strict_modes; 997 goto parse_flag; 998 999 case sTCPKeepAlive: 1000 intptr = &options->tcp_keep_alive; 1001 goto parse_flag; 1002 1003 case sEmptyPasswd: 1004 intptr = &options->permit_empty_passwd; 1005 goto parse_flag; 1006 1007 case sPermitUserEnvironment: 1008 intptr = &options->permit_user_env; 1009 goto parse_flag; 1010 1011 case sUseLogin: 1012 intptr = &options->use_login; 1013 goto parse_flag; 1014 1015 case sCompression: 1016 intptr = &options->compression; 1017 arg = strdelim(&cp); 1018 if (!arg || *arg == '\0') 1019 fatal("%s line %d: missing yes/no/delayed " 1020 "argument.", filename, linenum); 1021 value = 0; /* silence compiler */ 1022 if (strcmp(arg, "delayed") == 0) 1023 value = COMP_DELAYED; 1024 else if (strcmp(arg, "yes") == 0) 1025 value = COMP_ZLIB; 1026 else if (strcmp(arg, "no") == 0) 1027 value = COMP_NONE; 1028 else 1029 fatal("%s line %d: Bad yes/no/delayed " 1030 "argument: %s", filename, linenum, arg); 1031 if (*intptr == -1) 1032 *intptr = value; 1033 break; 1034 1035 case sGatewayPorts: 1036 intptr = &options->gateway_ports; 1037 arg = strdelim(&cp); 1038 if (!arg || *arg == '\0') 1039 fatal("%s line %d: missing yes/no/clientspecified " 1040 "argument.", filename, linenum); 1041 value = 0; /* silence compiler */ 1042 if (strcmp(arg, "clientspecified") == 0) 1043 value = 2; 1044 else if (strcmp(arg, "yes") == 0) 1045 value = 1; 1046 else if (strcmp(arg, "no") == 0) 1047 value = 0; 1048 else 1049 fatal("%s line %d: Bad yes/no/clientspecified " 1050 "argument: %s", filename, linenum, arg); 1051 if (*activep && *intptr == -1) 1052 *intptr = value; 1053 break; 1054 1055 case sUseDNS: 1056 intptr = &options->use_dns; 1057 goto parse_flag; 1058 1059 case sLogFacility: 1060 log_facility_ptr = &options->log_facility; 1061 arg = strdelim(&cp); 1062 value = log_facility_number(arg); 1063 if (value == SYSLOG_FACILITY_NOT_SET) 1064 fatal("%.200s line %d: unsupported log facility '%s'", 1065 filename, linenum, arg ? arg : "<NONE>"); 1066 if (*log_facility_ptr == -1) 1067 *log_facility_ptr = (SyslogFacility) value; 1068 break; 1069 1070 case sLogLevel: 1071 log_level_ptr = &options->log_level; 1072 arg = strdelim(&cp); 1073 value = log_level_number(arg); 1074 if (value == SYSLOG_LEVEL_NOT_SET) 1075 fatal("%.200s line %d: unsupported log level '%s'", 1076 filename, linenum, arg ? arg : "<NONE>"); 1077 if (*log_level_ptr == -1) 1078 *log_level_ptr = (LogLevel) value; 1079 break; 1080 1081 case sAllowTcpForwarding: 1082 intptr = &options->allow_tcp_forwarding; 1083 goto parse_flag; 1084 1085 case sAllowAgentForwarding: 1086 intptr = &options->allow_agent_forwarding; 1087 goto parse_flag; 1088 1089 case sUsePrivilegeSeparation: 1090 intptr = &use_privsep; 1091 goto parse_flag; 1092 1093 case sAllowUsers: 1094 while ((arg = strdelim(&cp)) && *arg != '\0') { 1095 if (options->num_allow_users >= MAX_ALLOW_USERS) 1096 fatal("%s line %d: too many allow users.", 1097 filename, linenum); 1098 options->allow_users[options->num_allow_users++] = 1099 xstrdup(arg); 1100 } 1101 break; 1102 1103 case sDenyUsers: 1104 while ((arg = strdelim(&cp)) && *arg != '\0') { 1105 if (options->num_deny_users >= MAX_DENY_USERS) 1106 fatal("%s line %d: too many deny users.", 1107 filename, linenum); 1108 options->deny_users[options->num_deny_users++] = 1109 xstrdup(arg); 1110 } 1111 break; 1112 1113 case sAllowGroups: 1114 while ((arg = strdelim(&cp)) && *arg != '\0') { 1115 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 1116 fatal("%s line %d: too many allow groups.", 1117 filename, linenum); 1118 options->allow_groups[options->num_allow_groups++] = 1119 xstrdup(arg); 1120 } 1121 break; 1122 1123 case sDenyGroups: 1124 while ((arg = strdelim(&cp)) && *arg != '\0') { 1125 if (options->num_deny_groups >= MAX_DENY_GROUPS) 1126 fatal("%s line %d: too many deny groups.", 1127 filename, linenum); 1128 options->deny_groups[options->num_deny_groups++] = xstrdup(arg); 1129 } 1130 break; 1131 1132 case sCiphers: 1133 arg = strdelim(&cp); 1134 if (!arg || *arg == '\0') 1135 fatal("%s line %d: Missing argument.", filename, linenum); 1136 if (!ciphers_valid(arg)) 1137 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1138 filename, linenum, arg ? arg : "<NONE>"); 1139 if (options->ciphers == NULL) 1140 options->ciphers = xstrdup(arg); 1141 break; 1142 1143 case sMacs: 1144 arg = strdelim(&cp); 1145 if (!arg || *arg == '\0') 1146 fatal("%s line %d: Missing argument.", filename, linenum); 1147 if (!mac_valid(arg)) 1148 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1149 filename, linenum, arg ? arg : "<NONE>"); 1150 if (options->macs == NULL) 1151 options->macs = xstrdup(arg); 1152 break; 1153 1154 case sKexAlgorithms: 1155 arg = strdelim(&cp); 1156 if (!arg || *arg == '\0') 1157 fatal("%s line %d: Missing argument.", 1158 filename, linenum); 1159 if (!kex_names_valid(arg)) 1160 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1161 filename, linenum, arg ? arg : "<NONE>"); 1162 if (options->kex_algorithms == NULL) 1163 options->kex_algorithms = xstrdup(arg); 1164 break; 1165 1166 case sProtocol: 1167 intptr = &options->protocol; 1168 arg = strdelim(&cp); 1169 if (!arg || *arg == '\0') 1170 fatal("%s line %d: Missing argument.", filename, linenum); 1171 value = proto_spec(arg); 1172 if (value == SSH_PROTO_UNKNOWN) 1173 fatal("%s line %d: Bad protocol spec '%s'.", 1174 filename, linenum, arg ? arg : "<NONE>"); 1175 if (*intptr == SSH_PROTO_UNKNOWN) 1176 *intptr = value; 1177 break; 1178 1179 case sSubsystem: 1180 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1181 fatal("%s line %d: too many subsystems defined.", 1182 filename, linenum); 1183 } 1184 arg = strdelim(&cp); 1185 if (!arg || *arg == '\0') 1186 fatal("%s line %d: Missing subsystem name.", 1187 filename, linenum); 1188 if (!*activep) { 1189 arg = strdelim(&cp); 1190 break; 1191 } 1192 for (i = 0; i < options->num_subsystems; i++) 1193 if (strcmp(arg, options->subsystem_name[i]) == 0) 1194 fatal("%s line %d: Subsystem '%s' already defined.", 1195 filename, linenum, arg); 1196 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1197 arg = strdelim(&cp); 1198 if (!arg || *arg == '\0') 1199 fatal("%s line %d: Missing subsystem command.", 1200 filename, linenum); 1201 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1202 1203 /* Collect arguments (separate to executable) */ 1204 p = xstrdup(arg); 1205 len = strlen(p) + 1; 1206 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1207 len += 1 + strlen(arg); 1208 p = xrealloc(p, 1, len); 1209 strlcat(p, " ", len); 1210 strlcat(p, arg, len); 1211 } 1212 options->subsystem_args[options->num_subsystems] = p; 1213 options->num_subsystems++; 1214 break; 1215 1216 case sMaxStartups: 1217 arg = strdelim(&cp); 1218 if (!arg || *arg == '\0') 1219 fatal("%s line %d: Missing MaxStartups spec.", 1220 filename, linenum); 1221 if ((n = sscanf(arg, "%d:%d:%d", 1222 &options->max_startups_begin, 1223 &options->max_startups_rate, 1224 &options->max_startups)) == 3) { 1225 if (options->max_startups_begin > 1226 options->max_startups || 1227 options->max_startups_rate > 100 || 1228 options->max_startups_rate < 1) 1229 fatal("%s line %d: Illegal MaxStartups spec.", 1230 filename, linenum); 1231 } else if (n != 1) 1232 fatal("%s line %d: Illegal MaxStartups spec.", 1233 filename, linenum); 1234 else 1235 options->max_startups = options->max_startups_begin; 1236 break; 1237 1238 case sMaxAuthTries: 1239 intptr = &options->max_authtries; 1240 goto parse_int; 1241 1242 case sMaxSessions: 1243 intptr = &options->max_sessions; 1244 goto parse_int; 1245 1246 case sBanner: 1247 charptr = &options->banner; 1248 goto parse_filename; 1249 1250 /* 1251 * These options can contain %X options expanded at 1252 * connect time, so that you can specify paths like: 1253 * 1254 * AuthorizedKeysFile /etc/ssh_keys/%u 1255 */ 1256 case sAuthorizedKeysFile: 1257 charptr = &options->authorized_keys_file; 1258 goto parse_tilde_filename; 1259 case sAuthorizedKeysFile2: 1260 charptr = &options->authorized_keys_file2; 1261 goto parse_tilde_filename; 1262 case sAuthorizedPrincipalsFile: 1263 charptr = &options->authorized_principals_file; 1264 parse_tilde_filename: 1265 arg = strdelim(&cp); 1266 if (!arg || *arg == '\0') 1267 fatal("%s line %d: missing file name.", 1268 filename, linenum); 1269 if (*activep && *charptr == NULL) { 1270 *charptr = tilde_expand_filename(arg, getuid()); 1271 /* increase optional counter */ 1272 if (intptr != NULL) 1273 *intptr = *intptr + 1; 1274 } 1275 break; 1276 1277 case sClientAliveInterval: 1278 intptr = &options->client_alive_interval; 1279 goto parse_time; 1280 1281 case sClientAliveCountMax: 1282 intptr = &options->client_alive_count_max; 1283 goto parse_int; 1284 1285 case sAcceptEnv: 1286 while ((arg = strdelim(&cp)) && *arg != '\0') { 1287 if (strchr(arg, '=') != NULL) 1288 fatal("%s line %d: Invalid environment name.", 1289 filename, linenum); 1290 if (options->num_accept_env >= MAX_ACCEPT_ENV) 1291 fatal("%s line %d: too many allow env.", 1292 filename, linenum); 1293 if (!*activep) 1294 break; 1295 options->accept_env[options->num_accept_env++] = 1296 xstrdup(arg); 1297 } 1298 break; 1299 1300 case sPermitTunnel: 1301 intptr = &options->permit_tun; 1302 arg = strdelim(&cp); 1303 if (!arg || *arg == '\0') 1304 fatal("%s line %d: Missing yes/point-to-point/" 1305 "ethernet/no argument.", filename, linenum); 1306 value = -1; 1307 for (i = 0; tunmode_desc[i].val != -1; i++) 1308 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1309 value = tunmode_desc[i].val; 1310 break; 1311 } 1312 if (value == -1) 1313 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1314 "no argument: %s", filename, linenum, arg); 1315 if (*intptr == -1) 1316 *intptr = value; 1317 break; 1318 1319 case sMatch: 1320 if (cmdline) 1321 fatal("Match directive not supported as a command-line " 1322 "option"); 1323 value = match_cfg_line(&cp, linenum, user, host, address); 1324 if (value < 0) 1325 fatal("%s line %d: Bad Match condition", filename, 1326 linenum); 1327 *activep = value; 1328 break; 1329 1330 case sPermitOpen: 1331 arg = strdelim(&cp); 1332 if (!arg || *arg == '\0') 1333 fatal("%s line %d: missing PermitOpen specification", 1334 filename, linenum); 1335 n = options->num_permitted_opens; /* modified later */ 1336 if (strcmp(arg, "any") == 0) { 1337 if (*activep && n == -1) { 1338 channel_clear_adm_permitted_opens(); 1339 options->num_permitted_opens = 0; 1340 } 1341 break; 1342 } 1343 if (*activep && n == -1) 1344 channel_clear_adm_permitted_opens(); 1345 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 1346 p = hpdelim(&arg); 1347 if (p == NULL) 1348 fatal("%s line %d: missing host in PermitOpen", 1349 filename, linenum); 1350 p = cleanhostname(p); 1351 if (arg == NULL || (port = a2port(arg)) <= 0) 1352 fatal("%s line %d: bad port number in " 1353 "PermitOpen", filename, linenum); 1354 if (*activep && n == -1) 1355 options->num_permitted_opens = 1356 channel_add_adm_permitted_opens(p, port); 1357 } 1358 break; 1359 1360 case sForceCommand: 1361 if (cp == NULL) 1362 fatal("%.200s line %d: Missing argument.", filename, 1363 linenum); 1364 len = strspn(cp, WHITESPACE); 1365 if (*activep && options->adm_forced_command == NULL) 1366 options->adm_forced_command = xstrdup(cp + len); 1367 return 0; 1368 1369 case sChrootDirectory: 1370 charptr = &options->chroot_directory; 1371 1372 arg = strdelim(&cp); 1373 if (!arg || *arg == '\0') 1374 fatal("%s line %d: missing file name.", 1375 filename, linenum); 1376 if (*activep && *charptr == NULL) 1377 *charptr = xstrdup(arg); 1378 break; 1379 1380 case sTrustedUserCAKeys: 1381 charptr = &options->trusted_user_ca_keys; 1382 goto parse_filename; 1383 1384 case sRevokedKeys: 1385 charptr = &options->revoked_keys_file; 1386 goto parse_filename; 1387 1388 case sIPQoS: 1389 arg = strdelim(&cp); 1390 if ((value = parse_ipqos(arg)) == -1) 1391 fatal("%s line %d: Bad IPQoS value: %s", 1392 filename, linenum, arg); 1393 arg = strdelim(&cp); 1394 if (arg == NULL) 1395 value2 = value; 1396 else if ((value2 = parse_ipqos(arg)) == -1) 1397 fatal("%s line %d: Bad IPQoS value: %s", 1398 filename, linenum, arg); 1399 if (*activep) { 1400 options->ip_qos_interactive = value; 1401 options->ip_qos_bulk = value2; 1402 } 1403 break; 1404 1405 case sVersionAddendum: 1406 ssh_version_set_addendum(strtok(cp, "\n")); 1407 do { 1408 arg = strdelim(&cp); 1409 } while (arg != NULL && *arg != '\0'); 1410 break; 1411 1412 case sDeprecated: 1413 logit("%s line %d: Deprecated option %s", 1414 filename, linenum, arg); 1415 while (arg) 1416 arg = strdelim(&cp); 1417 break; 1418 1419 case sUnsupported: 1420 logit("%s line %d: Unsupported option %s", 1421 filename, linenum, arg); 1422 while (arg) 1423 arg = strdelim(&cp); 1424 break; 1425 1426 default: 1427 fatal("%s line %d: Missing handler for opcode %s (%d)", 1428 filename, linenum, arg, opcode); 1429 } 1430 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 1431 fatal("%s line %d: garbage at end of line; \"%.200s\".", 1432 filename, linenum, arg); 1433 return 0; 1434 } 1435 1436 /* Reads the server configuration file. */ 1437 1438 void 1439 load_server_config(const char *filename, Buffer *conf) 1440 { 1441 char line[1024], *cp; 1442 FILE *f; 1443 1444 debug2("%s: filename %s", __func__, filename); 1445 if ((f = fopen(filename, "r")) == NULL) { 1446 perror(filename); 1447 exit(1); 1448 } 1449 buffer_clear(conf); 1450 while (fgets(line, sizeof(line), f)) { 1451 /* 1452 * Trim out comments and strip whitespace 1453 * NB - preserve newlines, they are needed to reproduce 1454 * line numbers later for error messages 1455 */ 1456 if ((cp = strchr(line, '#')) != NULL) 1457 memcpy(cp, "\n", 2); 1458 cp = line + strspn(line, " \t\r"); 1459 1460 buffer_append(conf, cp, strlen(cp)); 1461 } 1462 buffer_append(conf, "\0", 1); 1463 fclose(f); 1464 debug2("%s: done config len = %d", __func__, buffer_len(conf)); 1465 } 1466 1467 void 1468 parse_server_match_config(ServerOptions *options, const char *user, 1469 const char *host, const char *address) 1470 { 1471 ServerOptions mo; 1472 1473 initialize_server_options(&mo); 1474 parse_server_config(&mo, "reprocess config", &cfg, user, host, address); 1475 copy_set_server_options(options, &mo, 0); 1476 } 1477 1478 /* Helper macros */ 1479 #define M_CP_INTOPT(n) do {\ 1480 if (src->n != -1) \ 1481 dst->n = src->n; \ 1482 } while (0) 1483 #define M_CP_STROPT(n) do {\ 1484 if (src->n != NULL) { \ 1485 if (dst->n != NULL) \ 1486 xfree(dst->n); \ 1487 dst->n = src->n; \ 1488 } \ 1489 } while(0) 1490 1491 /* 1492 * Copy any supported values that are set. 1493 * 1494 * If the preauth flag is set, we do not bother copying the string or 1495 * array values that are not used pre-authentication, because any that we 1496 * do use must be explictly sent in mm_getpwnamallow(). 1497 */ 1498 void 1499 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 1500 { 1501 M_CP_INTOPT(password_authentication); 1502 M_CP_INTOPT(gss_authentication); 1503 M_CP_INTOPT(rsa_authentication); 1504 M_CP_INTOPT(pubkey_authentication); 1505 M_CP_INTOPT(kerberos_authentication); 1506 M_CP_INTOPT(hostbased_authentication); 1507 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 1508 M_CP_INTOPT(kbd_interactive_authentication); 1509 M_CP_INTOPT(zero_knowledge_password_authentication); 1510 M_CP_INTOPT(permit_root_login); 1511 M_CP_INTOPT(permit_empty_passwd); 1512 1513 M_CP_INTOPT(allow_tcp_forwarding); 1514 M_CP_INTOPT(allow_agent_forwarding); 1515 M_CP_INTOPT(permit_tun); 1516 M_CP_INTOPT(gateway_ports); 1517 M_CP_INTOPT(x11_display_offset); 1518 M_CP_INTOPT(x11_forwarding); 1519 M_CP_INTOPT(x11_use_localhost); 1520 M_CP_INTOPT(max_sessions); 1521 M_CP_INTOPT(max_authtries); 1522 M_CP_INTOPT(ip_qos_interactive); 1523 M_CP_INTOPT(ip_qos_bulk); 1524 1525 M_CP_STROPT(banner); 1526 if (preauth) 1527 return; 1528 M_CP_STROPT(adm_forced_command); 1529 M_CP_STROPT(chroot_directory); 1530 M_CP_STROPT(trusted_user_ca_keys); 1531 M_CP_STROPT(revoked_keys_file); 1532 M_CP_STROPT(authorized_keys_file); 1533 M_CP_STROPT(authorized_keys_file2); 1534 M_CP_STROPT(authorized_principals_file); 1535 } 1536 1537 #undef M_CP_INTOPT 1538 #undef M_CP_STROPT 1539 1540 void 1541 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 1542 const char *user, const char *host, const char *address) 1543 { 1544 int active, linenum, bad_options = 0; 1545 char *cp, *obuf, *cbuf; 1546 1547 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 1548 1549 obuf = cbuf = xstrdup(buffer_ptr(conf)); 1550 active = user ? 0 : 1; 1551 linenum = 1; 1552 while ((cp = strsep(&cbuf, "\n")) != NULL) { 1553 if (process_server_config_line(options, cp, filename, 1554 linenum++, &active, user, host, address) != 0) 1555 bad_options++; 1556 } 1557 xfree(obuf); 1558 if (bad_options > 0) 1559 fatal("%s: terminating, %d bad configuration options", 1560 filename, bad_options); 1561 } 1562 1563 static const char * 1564 fmt_intarg(ServerOpCodes code, int val) 1565 { 1566 if (code == sAddressFamily) { 1567 switch (val) { 1568 case AF_INET: 1569 return "inet"; 1570 case AF_INET6: 1571 return "inet6"; 1572 case AF_UNSPEC: 1573 return "any"; 1574 default: 1575 return "UNKNOWN"; 1576 } 1577 } 1578 if (code == sPermitRootLogin) { 1579 switch (val) { 1580 case PERMIT_NO_PASSWD: 1581 return "without-password"; 1582 case PERMIT_FORCED_ONLY: 1583 return "forced-commands-only"; 1584 case PERMIT_YES: 1585 return "yes"; 1586 } 1587 } 1588 if (code == sProtocol) { 1589 switch (val) { 1590 case SSH_PROTO_1: 1591 return "1"; 1592 case SSH_PROTO_2: 1593 return "2"; 1594 case (SSH_PROTO_1|SSH_PROTO_2): 1595 return "2,1"; 1596 default: 1597 return "UNKNOWN"; 1598 } 1599 } 1600 if (code == sGatewayPorts && val == 2) 1601 return "clientspecified"; 1602 if (code == sCompression && val == COMP_DELAYED) 1603 return "delayed"; 1604 switch (val) { 1605 case -1: 1606 return "unset"; 1607 case 0: 1608 return "no"; 1609 case 1: 1610 return "yes"; 1611 } 1612 return "UNKNOWN"; 1613 } 1614 1615 static const char * 1616 lookup_opcode_name(ServerOpCodes code) 1617 { 1618 u_int i; 1619 1620 for (i = 0; keywords[i].name != NULL; i++) 1621 if (keywords[i].opcode == code) 1622 return(keywords[i].name); 1623 return "UNKNOWN"; 1624 } 1625 1626 static void 1627 dump_cfg_int(ServerOpCodes code, int val) 1628 { 1629 printf("%s %d\n", lookup_opcode_name(code), val); 1630 } 1631 1632 static void 1633 dump_cfg_fmtint(ServerOpCodes code, int val) 1634 { 1635 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 1636 } 1637 1638 static void 1639 dump_cfg_string(ServerOpCodes code, const char *val) 1640 { 1641 if (val == NULL) 1642 return; 1643 printf("%s %s\n", lookup_opcode_name(code), val); 1644 } 1645 1646 static void 1647 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 1648 { 1649 u_int i; 1650 1651 for (i = 0; i < count; i++) 1652 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 1653 } 1654 1655 void 1656 dump_config(ServerOptions *o) 1657 { 1658 u_int i; 1659 int ret; 1660 struct addrinfo *ai; 1661 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 1662 1663 /* these are usually at the top of the config */ 1664 for (i = 0; i < o->num_ports; i++) 1665 printf("port %d\n", o->ports[i]); 1666 dump_cfg_fmtint(sProtocol, o->protocol); 1667 dump_cfg_fmtint(sAddressFamily, o->address_family); 1668 1669 /* ListenAddress must be after Port */ 1670 for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 1671 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 1672 sizeof(addr), port, sizeof(port), 1673 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 1674 error("getnameinfo failed: %.100s", 1675 (ret != EAI_SYSTEM) ? gai_strerror(ret) : 1676 strerror(errno)); 1677 } else { 1678 if (ai->ai_family == AF_INET6) 1679 printf("listenaddress [%s]:%s\n", addr, port); 1680 else 1681 printf("listenaddress %s:%s\n", addr, port); 1682 } 1683 } 1684 1685 /* integer arguments */ 1686 #ifdef USE_PAM 1687 dump_cfg_int(sUsePAM, o->use_pam); 1688 #endif 1689 dump_cfg_int(sServerKeyBits, o->server_key_bits); 1690 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 1691 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); 1692 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 1693 dump_cfg_int(sMaxAuthTries, o->max_authtries); 1694 dump_cfg_int(sMaxSessions, o->max_sessions); 1695 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 1696 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 1697 1698 /* formatted integer arguments */ 1699 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 1700 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 1701 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 1702 dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication); 1703 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 1704 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 1705 o->hostbased_uses_name_from_packet_only); 1706 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication); 1707 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 1708 #ifdef KRB5 1709 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 1710 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 1711 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 1712 # ifdef USE_AFS 1713 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 1714 # endif 1715 #endif 1716 #ifdef GSSAPI 1717 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 1718 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 1719 #endif 1720 #ifdef JPAKE 1721 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, 1722 o->zero_knowledge_password_authentication); 1723 #endif 1724 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 1725 dump_cfg_fmtint(sKbdInteractiveAuthentication, 1726 o->kbd_interactive_authentication); 1727 dump_cfg_fmtint(sChallengeResponseAuthentication, 1728 o->challenge_response_authentication); 1729 dump_cfg_fmtint(sPrintMotd, o->print_motd); 1730 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 1731 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 1732 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 1733 dump_cfg_fmtint(sStrictModes, o->strict_modes); 1734 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 1735 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 1736 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 1737 dump_cfg_fmtint(sUseLogin, o->use_login); 1738 dump_cfg_fmtint(sCompression, o->compression); 1739 dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); 1740 dump_cfg_fmtint(sUseDNS, o->use_dns); 1741 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 1742 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 1743 1744 /* string arguments */ 1745 dump_cfg_string(sPidFile, o->pid_file); 1746 dump_cfg_string(sXAuthLocation, o->xauth_location); 1747 dump_cfg_string(sCiphers, o->ciphers); 1748 dump_cfg_string(sMacs, o->macs); 1749 dump_cfg_string(sBanner, o->banner); 1750 dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file); 1751 dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2); 1752 dump_cfg_string(sForceCommand, o->adm_forced_command); 1753 dump_cfg_string(sChrootDirectory, o->chroot_directory); 1754 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 1755 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 1756 dump_cfg_string(sAuthorizedPrincipalsFile, 1757 o->authorized_principals_file); 1758 1759 /* string arguments requiring a lookup */ 1760 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 1761 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 1762 1763 /* string array arguments */ 1764 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 1765 o->host_key_files); 1766 dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, 1767 o->host_cert_files); 1768 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 1769 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 1770 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 1771 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 1772 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 1773 1774 /* other arguments */ 1775 for (i = 0; i < o->num_subsystems; i++) 1776 printf("subsystem %s %s\n", o->subsystem_name[i], 1777 o->subsystem_args[i]); 1778 1779 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 1780 o->max_startups_rate, o->max_startups); 1781 1782 for (i = 0; tunmode_desc[i].val != -1; i++) 1783 if (tunmode_desc[i].val == o->permit_tun) { 1784 s = tunmode_desc[i].text; 1785 break; 1786 } 1787 dump_cfg_string(sPermitTunnel, s); 1788 1789 printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk); 1790 1791 channel_print_adm_permitted_opens(); 1792 } 1793