xref: /freebsd/crypto/openssh/servconf.c (revision 8c48f4c5377ddc3dc55388f181f23111145f7099)
1 
2 /* $OpenBSD: servconf.c,v 1.392 2023/03/05 05:34:09 dtucker Exp $ */
3 /*
4  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5  *                    All rights reserved
6  *
7  * As far as I am concerned, the code I have written for this software
8  * can be used freely for any purpose.  Any derived versions of this
9  * software must be clearly marked as such, and if the derived work is
10  * incompatible with the protocol description in the RFC file, it must be
11  * called by a name other than "ssh" or "Secure Shell".
12  */
13 
14 #include "includes.h"
15 
16 #include <sys/types.h>
17 #include <sys/socket.h>
18 #include <sys/stat.h>
19 #ifdef __OpenBSD__
20 #include <sys/sysctl.h>
21 #endif
22 
23 #include <netinet/in.h>
24 #include <netinet/in_systm.h>
25 #include <netinet/ip.h>
26 #ifdef HAVE_NET_ROUTE_H
27 #include <net/route.h>
28 #endif
29 
30 #include <ctype.h>
31 #include <netdb.h>
32 #include <pwd.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <signal.h>
37 #include <unistd.h>
38 #include <limits.h>
39 #include <stdarg.h>
40 #include <errno.h>
41 #ifdef HAVE_UTIL_H
42 #include <util.h>
43 #endif
44 #ifdef USE_SYSTEM_GLOB
45 # include <glob.h>
46 #else
47 # include "openbsd-compat/glob.h"
48 #endif
49 
50 #include "openbsd-compat/sys-queue.h"
51 #include "xmalloc.h"
52 #include "ssh.h"
53 #include "log.h"
54 #include "sshbuf.h"
55 #include "misc.h"
56 #include "servconf.h"
57 #include "pathnames.h"
58 #include "cipher.h"
59 #include "sshkey.h"
60 #include "kex.h"
61 #include "mac.h"
62 #include "match.h"
63 #include "channels.h"
64 #include "groupaccess.h"
65 #include "canohost.h"
66 #include "packet.h"
67 #include "ssherr.h"
68 #include "hostfile.h"
69 #include "auth.h"
70 #include "myproposal.h"
71 #include "digest.h"
72 #include "version.h"
73 
74 static void add_listen_addr(ServerOptions *, const char *,
75     const char *, int);
76 static void add_one_listen_addr(ServerOptions *, const char *,
77     const char *, int);
78 static void parse_server_config_depth(ServerOptions *options,
79     const char *filename, struct sshbuf *conf, struct include_list *includes,
80     struct connection_info *connectinfo, int flags, int *activep, int depth);
81 
82 /* Use of privilege separation or not */
83 extern int use_privsep;
84 extern struct sshbuf *cfg;
85 
86 /* Initializes the server options to their default values. */
87 
88 void
89 initialize_server_options(ServerOptions *options)
90 {
91 	memset(options, 0, sizeof(*options));
92 
93 	/* Portable-specific options */
94 	options->use_pam = -1;
95 
96 	/* Standard Options */
97 	options->num_ports = 0;
98 	options->ports_from_cmdline = 0;
99 	options->queued_listen_addrs = NULL;
100 	options->num_queued_listens = 0;
101 	options->listen_addrs = NULL;
102 	options->num_listen_addrs = 0;
103 	options->address_family = -1;
104 	options->routing_domain = NULL;
105 	options->num_host_key_files = 0;
106 	options->num_host_cert_files = 0;
107 	options->host_key_agent = NULL;
108 	options->pid_file = NULL;
109 	options->login_grace_time = -1;
110 	options->permit_root_login = PERMIT_NOT_SET;
111 	options->ignore_rhosts = -1;
112 	options->ignore_user_known_hosts = -1;
113 	options->print_motd = -1;
114 	options->print_lastlog = -1;
115 	options->x11_forwarding = -1;
116 	options->x11_display_offset = -1;
117 	options->x11_use_localhost = -1;
118 	options->permit_tty = -1;
119 	options->permit_user_rc = -1;
120 	options->xauth_location = NULL;
121 	options->strict_modes = -1;
122 	options->tcp_keep_alive = -1;
123 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
124 	options->log_level = SYSLOG_LEVEL_NOT_SET;
125 	options->num_log_verbose = 0;
126 	options->log_verbose = NULL;
127 	options->hostbased_authentication = -1;
128 	options->hostbased_uses_name_from_packet_only = -1;
129 	options->hostbased_accepted_algos = NULL;
130 	options->hostkeyalgorithms = NULL;
131 	options->pubkey_authentication = -1;
132 	options->pubkey_auth_options = -1;
133 	options->pubkey_accepted_algos = NULL;
134 	options->kerberos_authentication = -1;
135 	options->kerberos_or_local_passwd = -1;
136 	options->kerberos_ticket_cleanup = -1;
137 	options->kerberos_get_afs_token = -1;
138 	options->gss_authentication=-1;
139 	options->gss_cleanup_creds = -1;
140 	options->gss_strict_acceptor = -1;
141 	options->password_authentication = -1;
142 	options->kbd_interactive_authentication = -1;
143 	options->permit_empty_passwd = -1;
144 	options->permit_user_env = -1;
145 	options->permit_user_env_allowlist = NULL;
146 	options->compression = -1;
147 	options->rekey_limit = -1;
148 	options->rekey_interval = -1;
149 	options->allow_tcp_forwarding = -1;
150 	options->allow_streamlocal_forwarding = -1;
151 	options->allow_agent_forwarding = -1;
152 	options->num_allow_users = 0;
153 	options->num_deny_users = 0;
154 	options->num_allow_groups = 0;
155 	options->num_deny_groups = 0;
156 	options->ciphers = NULL;
157 	options->macs = NULL;
158 	options->kex_algorithms = NULL;
159 	options->ca_sign_algorithms = NULL;
160 	options->fwd_opts.gateway_ports = -1;
161 	options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
162 	options->fwd_opts.streamlocal_bind_unlink = -1;
163 	options->num_subsystems = 0;
164 	options->max_startups_begin = -1;
165 	options->max_startups_rate = -1;
166 	options->max_startups = -1;
167 	options->per_source_max_startups = -1;
168 	options->per_source_masklen_ipv4 = -1;
169 	options->per_source_masklen_ipv6 = -1;
170 	options->max_authtries = -1;
171 	options->max_sessions = -1;
172 	options->banner = NULL;
173 	options->use_dns = -1;
174 	options->client_alive_interval = -1;
175 	options->client_alive_count_max = -1;
176 	options->num_authkeys_files = 0;
177 	options->num_accept_env = 0;
178 	options->num_setenv = 0;
179 	options->permit_tun = -1;
180 	options->permitted_opens = NULL;
181 	options->permitted_listens = NULL;
182 	options->adm_forced_command = NULL;
183 	options->chroot_directory = NULL;
184 	options->authorized_keys_command = NULL;
185 	options->authorized_keys_command_user = NULL;
186 	options->revoked_keys_file = NULL;
187 	options->sk_provider = NULL;
188 	options->trusted_user_ca_keys = NULL;
189 	options->authorized_principals_file = NULL;
190 	options->authorized_principals_command = NULL;
191 	options->authorized_principals_command_user = NULL;
192 	options->ip_qos_interactive = -1;
193 	options->ip_qos_bulk = -1;
194 	options->version_addendum = NULL;
195 	options->fingerprint_hash = -1;
196 	options->disable_forwarding = -1;
197 	options->expose_userauth_info = -1;
198 	options->required_rsa_size = -1;
199 	options->channel_timeouts = NULL;
200 	options->num_channel_timeouts = 0;
201 	options->unused_connection_timeout = -1;
202 	options->use_blacklist = -1;
203 }
204 
205 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
206 static int
207 option_clear_or_none(const char *o)
208 {
209 	return o == NULL || strcasecmp(o, "none") == 0;
210 }
211 
212 static void
213 assemble_algorithms(ServerOptions *o)
214 {
215 	char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
216 	char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig;
217 	int r;
218 
219 	all_cipher = cipher_alg_list(',', 0);
220 	all_mac = mac_alg_list(',');
221 	all_kex = kex_alg_list(',');
222 	all_key = sshkey_alg_list(0, 0, 1, ',');
223 	all_sig = sshkey_alg_list(0, 1, 1, ',');
224 	/* remove unsupported algos from default lists */
225 	def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher);
226 	def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac);
227 	def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex);
228 	def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
229 	def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig);
230 #define ASSEMBLE(what, defaults, all) \
231 	do { \
232 		if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
233 			fatal_fr(r, "%s", #what); \
234 	} while (0)
235 	ASSEMBLE(ciphers, def_cipher, all_cipher);
236 	ASSEMBLE(macs, def_mac, all_mac);
237 	ASSEMBLE(kex_algorithms, def_kex, all_kex);
238 	ASSEMBLE(hostkeyalgorithms, def_key, all_key);
239 	ASSEMBLE(hostbased_accepted_algos, def_key, all_key);
240 	ASSEMBLE(pubkey_accepted_algos, def_key, all_key);
241 	ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
242 #undef ASSEMBLE
243 	free(all_cipher);
244 	free(all_mac);
245 	free(all_kex);
246 	free(all_key);
247 	free(all_sig);
248 	free(def_cipher);
249 	free(def_mac);
250 	free(def_kex);
251 	free(def_key);
252 	free(def_sig);
253 }
254 
255 static const char *defaultkey = "[default]";
256 
257 void
258 servconf_add_hostkey(const char *file, const int line,
259     ServerOptions *options, const char *path, int userprovided)
260 {
261 	char *apath = derelativise_path(path);
262 
263 	if (file == defaultkey && access(path, R_OK) != 0)
264 		return;
265 	opt_array_append2(file, line, "HostKey",
266 	    &options->host_key_files, &options->host_key_file_userprovided,
267 	    &options->num_host_key_files, apath, userprovided);
268 	free(apath);
269 }
270 
271 void
272 servconf_add_hostcert(const char *file, const int line,
273     ServerOptions *options, const char *path)
274 {
275 	char *apath = derelativise_path(path);
276 
277 	opt_array_append(file, line, "HostCertificate",
278 	    &options->host_cert_files, &options->num_host_cert_files, apath);
279 	free(apath);
280 }
281 
282 void
283 fill_default_server_options(ServerOptions *options)
284 {
285 	u_int i;
286 
287 	/* Portable-specific options */
288 	if (options->use_pam == -1)
289 		options->use_pam = 1;
290 
291 	/* Standard Options */
292 	if (options->num_host_key_files == 0) {
293 		/* fill default hostkeys for protocols */
294 		servconf_add_hostkey(defaultkey, 0, options,
295 		    _PATH_HOST_RSA_KEY_FILE, 0);
296 #ifdef OPENSSL_HAS_ECC
297 		servconf_add_hostkey(defaultkey, 0, options,
298 		    _PATH_HOST_ECDSA_KEY_FILE, 0);
299 #endif
300 		servconf_add_hostkey(defaultkey, 0, options,
301 		    _PATH_HOST_ED25519_KEY_FILE, 0);
302 #ifdef WITH_XMSS
303 		servconf_add_hostkey(defaultkey, 0, options,
304 		    _PATH_HOST_XMSS_KEY_FILE, 0);
305 #endif /* WITH_XMSS */
306 	}
307 	if (options->num_host_key_files == 0)
308 		fatal("No host key files found");
309 	/* No certificates by default */
310 	if (options->num_ports == 0)
311 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
312 	if (options->address_family == -1)
313 		options->address_family = AF_UNSPEC;
314 	if (options->listen_addrs == NULL)
315 		add_listen_addr(options, NULL, NULL, 0);
316 	if (options->pid_file == NULL)
317 		options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
318 	if (options->moduli_file == NULL)
319 		options->moduli_file = xstrdup(_PATH_DH_MODULI);
320 	if (options->login_grace_time == -1)
321 		options->login_grace_time = 120;
322 	if (options->permit_root_login == PERMIT_NOT_SET)
323 		options->permit_root_login = PERMIT_NO;
324 	if (options->ignore_rhosts == -1)
325 		options->ignore_rhosts = 1;
326 	if (options->ignore_user_known_hosts == -1)
327 		options->ignore_user_known_hosts = 0;
328 	if (options->print_motd == -1)
329 		options->print_motd = 1;
330 	if (options->print_lastlog == -1)
331 		options->print_lastlog = 1;
332 	if (options->x11_forwarding == -1)
333 		options->x11_forwarding = 0;
334 	if (options->x11_display_offset == -1)
335 		options->x11_display_offset = 10;
336 	if (options->x11_use_localhost == -1)
337 		options->x11_use_localhost = 1;
338 	if (options->xauth_location == NULL)
339 		options->xauth_location = xstrdup(_PATH_XAUTH);
340 	if (options->permit_tty == -1)
341 		options->permit_tty = 1;
342 	if (options->permit_user_rc == -1)
343 		options->permit_user_rc = 1;
344 	if (options->strict_modes == -1)
345 		options->strict_modes = 1;
346 	if (options->tcp_keep_alive == -1)
347 		options->tcp_keep_alive = 1;
348 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
349 		options->log_facility = SYSLOG_FACILITY_AUTH;
350 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
351 		options->log_level = SYSLOG_LEVEL_INFO;
352 	if (options->hostbased_authentication == -1)
353 		options->hostbased_authentication = 0;
354 	if (options->hostbased_uses_name_from_packet_only == -1)
355 		options->hostbased_uses_name_from_packet_only = 0;
356 	if (options->pubkey_authentication == -1)
357 		options->pubkey_authentication = 1;
358 	if (options->pubkey_auth_options == -1)
359 		options->pubkey_auth_options = 0;
360 	if (options->kerberos_authentication == -1)
361 		options->kerberos_authentication = 0;
362 	if (options->kerberos_or_local_passwd == -1)
363 		options->kerberos_or_local_passwd = 1;
364 	if (options->kerberos_ticket_cleanup == -1)
365 		options->kerberos_ticket_cleanup = 1;
366 	if (options->kerberos_get_afs_token == -1)
367 		options->kerberos_get_afs_token = 0;
368 	if (options->gss_authentication == -1)
369 		options->gss_authentication = 0;
370 	if (options->gss_cleanup_creds == -1)
371 		options->gss_cleanup_creds = 1;
372 	if (options->gss_strict_acceptor == -1)
373 		options->gss_strict_acceptor = 1;
374 	if (options->password_authentication == -1)
375 		options->password_authentication = 0;
376 	if (options->kbd_interactive_authentication == -1)
377 		options->kbd_interactive_authentication = 1;
378 	if (options->permit_empty_passwd == -1)
379 		options->permit_empty_passwd = 0;
380 	if (options->permit_user_env == -1) {
381 		options->permit_user_env = 0;
382 		options->permit_user_env_allowlist = NULL;
383 	}
384 	if (options->compression == -1)
385 #ifdef WITH_ZLIB
386 		options->compression = COMP_DELAYED;
387 #else
388 		options->compression = COMP_NONE;
389 #endif
390 
391 	if (options->rekey_limit == -1)
392 		options->rekey_limit = 0;
393 	if (options->rekey_interval == -1)
394 		options->rekey_interval = 0;
395 	if (options->allow_tcp_forwarding == -1)
396 		options->allow_tcp_forwarding = FORWARD_ALLOW;
397 	if (options->allow_streamlocal_forwarding == -1)
398 		options->allow_streamlocal_forwarding = FORWARD_ALLOW;
399 	if (options->allow_agent_forwarding == -1)
400 		options->allow_agent_forwarding = 1;
401 	if (options->fwd_opts.gateway_ports == -1)
402 		options->fwd_opts.gateway_ports = 0;
403 	if (options->max_startups == -1)
404 		options->max_startups = 100;
405 	if (options->max_startups_rate == -1)
406 		options->max_startups_rate = 30;		/* 30% */
407 	if (options->max_startups_begin == -1)
408 		options->max_startups_begin = 10;
409 	if (options->per_source_max_startups == -1)
410 		options->per_source_max_startups = INT_MAX;
411 	if (options->per_source_masklen_ipv4 == -1)
412 		options->per_source_masklen_ipv4 = 32;
413 	if (options->per_source_masklen_ipv6 == -1)
414 		options->per_source_masklen_ipv6 = 128;
415 	if (options->max_authtries == -1)
416 		options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
417 	if (options->max_sessions == -1)
418 		options->max_sessions = DEFAULT_SESSIONS_MAX;
419 	if (options->use_dns == -1)
420 		options->use_dns = 1;
421 	if (options->client_alive_interval == -1)
422 		options->client_alive_interval = 0;
423 	if (options->client_alive_count_max == -1)
424 		options->client_alive_count_max = 3;
425 	if (options->num_authkeys_files == 0) {
426 		opt_array_append(defaultkey, 0, "AuthorizedKeysFiles",
427 		    &options->authorized_keys_files,
428 		    &options->num_authkeys_files,
429 		    _PATH_SSH_USER_PERMITTED_KEYS);
430 		opt_array_append(defaultkey, 0, "AuthorizedKeysFiles",
431 		    &options->authorized_keys_files,
432 		    &options->num_authkeys_files,
433 		    _PATH_SSH_USER_PERMITTED_KEYS2);
434 	}
435 	if (options->permit_tun == -1)
436 		options->permit_tun = SSH_TUNMODE_NO;
437 	if (options->ip_qos_interactive == -1)
438 		options->ip_qos_interactive = IPTOS_DSCP_AF21;
439 	if (options->ip_qos_bulk == -1)
440 		options->ip_qos_bulk = IPTOS_DSCP_CS1;
441 	if (options->version_addendum == NULL)
442 		options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
443 	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
444 		options->fwd_opts.streamlocal_bind_mask = 0177;
445 	if (options->fwd_opts.streamlocal_bind_unlink == -1)
446 		options->fwd_opts.streamlocal_bind_unlink = 0;
447 	if (options->fingerprint_hash == -1)
448 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
449 	if (options->disable_forwarding == -1)
450 		options->disable_forwarding = 0;
451 	if (options->expose_userauth_info == -1)
452 		options->expose_userauth_info = 0;
453 	if (options->sk_provider == NULL)
454 		options->sk_provider = xstrdup("internal");
455 	if (options->required_rsa_size == -1)
456 		options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE;
457 	if (options->unused_connection_timeout == -1)
458 		options->unused_connection_timeout = 0;
459 	if (options->use_blacklist == -1)
460 		options->use_blacklist = 0;
461 
462 	assemble_algorithms(options);
463 
464 	/* Turn privilege separation and sandboxing on by default */
465 	if (use_privsep == -1)
466 		use_privsep = PRIVSEP_ON;
467 
468 #define CLEAR_ON_NONE(v) \
469 	do { \
470 		if (option_clear_or_none(v)) { \
471 			free(v); \
472 			v = NULL; \
473 		} \
474 	} while(0)
475 #define CLEAR_ON_NONE_ARRAY(v, nv, none) \
476 	do { \
477 		if (options->nv == 1 && \
478 		    strcasecmp(options->v[0], none) == 0) { \
479 			free(options->v[0]); \
480 			free(options->v); \
481 			options->v = NULL; \
482 			options->nv = 0; \
483 		} \
484 	} while (0)
485 	CLEAR_ON_NONE(options->pid_file);
486 	CLEAR_ON_NONE(options->xauth_location);
487 	CLEAR_ON_NONE(options->banner);
488 	CLEAR_ON_NONE(options->trusted_user_ca_keys);
489 	CLEAR_ON_NONE(options->revoked_keys_file);
490 	CLEAR_ON_NONE(options->sk_provider);
491 	CLEAR_ON_NONE(options->authorized_principals_file);
492 	CLEAR_ON_NONE(options->adm_forced_command);
493 	CLEAR_ON_NONE(options->chroot_directory);
494 	CLEAR_ON_NONE(options->routing_domain);
495 	CLEAR_ON_NONE(options->host_key_agent);
496 
497 	for (i = 0; i < options->num_host_key_files; i++)
498 		CLEAR_ON_NONE(options->host_key_files[i]);
499 	for (i = 0; i < options->num_host_cert_files; i++)
500 		CLEAR_ON_NONE(options->host_cert_files[i]);
501 
502 	CLEAR_ON_NONE_ARRAY(channel_timeouts, num_channel_timeouts, "none");
503 	CLEAR_ON_NONE_ARRAY(auth_methods, num_auth_methods, "any");
504 #undef CLEAR_ON_NONE
505 #undef CLEAR_ON_NONE_ARRAY
506 }
507 
508 /* Keyword tokens. */
509 typedef enum {
510 	sBadOption,		/* == unknown option */
511 	/* Portable-specific options */
512 	sUsePAM,
513 	/* Standard Options */
514 	sPort, sHostKeyFile, sLoginGraceTime,
515 	sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
516 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
517 	sKerberosGetAFSToken, sPasswordAuthentication,
518 	sKbdInteractiveAuthentication, sListenAddress, sAddressFamily,
519 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
520 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
521 	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
522 	sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
523 	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
524 	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, sModuliFile,
525 	sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms,
526 	sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
527 	sBanner, sUseDNS, sHostbasedAuthentication,
528 	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms,
529 	sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize,
530 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
531 	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
532 	sAcceptEnv, sSetEnv, sPermitTunnel,
533 	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
534 	sUsePrivilegeSeparation, sAllowAgentForwarding,
535 	sHostCertificate, sInclude,
536 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
537 	sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
538 	sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
539 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
540 	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
541 	sStreamLocalBindMask, sStreamLocalBindUnlink,
542 	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
543 	sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
544 	sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout,
545 	sUseBlacklist,
546 	sDeprecated, sIgnore, sUnsupported
547 } ServerOpCodes;
548 
549 #define SSHCFG_GLOBAL		0x01	/* allowed in main section of config */
550 #define SSHCFG_MATCH		0x02	/* allowed inside a Match section */
551 #define SSHCFG_ALL		(SSHCFG_GLOBAL|SSHCFG_MATCH)
552 #define SSHCFG_NEVERMATCH	0x04  /* Match never matches; internal only */
553 #define SSHCFG_MATCH_ONLY	0x08  /* Match only in conditional blocks; internal only */
554 
555 /* Textual representation of the tokens. */
556 static struct {
557 	const char *name;
558 	ServerOpCodes opcode;
559 	u_int flags;
560 } keywords[] = {
561 	/* Portable-specific options */
562 #ifdef USE_PAM
563 	{ "usepam", sUsePAM, SSHCFG_GLOBAL },
564 #else
565 	{ "usepam", sUnsupported, SSHCFG_GLOBAL },
566 #endif
567 	{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
568 	/* Standard Options */
569 	{ "port", sPort, SSHCFG_GLOBAL },
570 	{ "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
571 	{ "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL },		/* alias */
572 	{ "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
573 	{ "pidfile", sPidFile, SSHCFG_GLOBAL },
574 	{ "modulifile", sModuliFile, SSHCFG_GLOBAL },
575 	{ "serverkeybits", sDeprecated, SSHCFG_GLOBAL },
576 	{ "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
577 	{ "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
578 	{ "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
579 	{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
580 	{ "loglevel", sLogLevel, SSHCFG_ALL },
581 	{ "logverbose", sLogVerbose, SSHCFG_ALL },
582 	{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
583 	{ "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
584 	{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
585 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
586 	{ "hostbasedacceptedalgorithms", sHostbasedAcceptedAlgorithms, SSHCFG_ALL },
587 	{ "hostbasedacceptedkeytypes", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */
588 	{ "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
589 	{ "rsaauthentication", sDeprecated, SSHCFG_ALL },
590 	{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
591 	{ "pubkeyacceptedalgorithms", sPubkeyAcceptedAlgorithms, SSHCFG_ALL },
592 	{ "pubkeyacceptedkeytypes", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */
593 	{ "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL },
594 	{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
595 #ifdef KRB5
596 	{ "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
597 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
598 	{ "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
599 #ifdef USE_AFS
600 	{ "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
601 #else
602 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
603 #endif
604 #else
605 	{ "kerberosauthentication", sUnsupported, SSHCFG_ALL },
606 	{ "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
607 	{ "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
608 	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
609 #endif
610 	{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
611 	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
612 #ifdef GSSAPI
613 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
614 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
615 	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
616 #else
617 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
618 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
619 	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
620 #endif
621 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
622 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
623 	{ "challengeresponseauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */
624 	{ "skeyauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */
625 	{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
626 	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
627 	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
628 	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },
629 #ifdef DISABLE_LASTLOG
630 	{ "printlastlog", sUnsupported, SSHCFG_GLOBAL },
631 #else
632 	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
633 #endif
634 	{ "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL },
635 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
636 	{ "x11forwarding", sX11Forwarding, SSHCFG_ALL },
637 	{ "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
638 	{ "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
639 	{ "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
640 	{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
641 	{ "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
642 	{ "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
643 	{ "uselogin", sDeprecated, SSHCFG_GLOBAL },
644 	{ "compression", sCompression, SSHCFG_GLOBAL },
645 	{ "rekeylimit", sRekeyLimit, SSHCFG_ALL },
646 	{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
647 	{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL },	/* obsolete alias */
648 	{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
649 	{ "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
650 	{ "allowusers", sAllowUsers, SSHCFG_ALL },
651 	{ "denyusers", sDenyUsers, SSHCFG_ALL },
652 	{ "allowgroups", sAllowGroups, SSHCFG_ALL },
653 	{ "denygroups", sDenyGroups, SSHCFG_ALL },
654 	{ "ciphers", sCiphers, SSHCFG_GLOBAL },
655 	{ "macs", sMacs, SSHCFG_GLOBAL },
656 	{ "protocol", sIgnore, SSHCFG_GLOBAL },
657 	{ "gatewayports", sGatewayPorts, SSHCFG_ALL },
658 	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
659 	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
660 	{ "persourcemaxstartups", sPerSourceMaxStartups, SSHCFG_GLOBAL },
661 	{ "persourcenetblocksize", sPerSourceNetBlockSize, SSHCFG_GLOBAL },
662 	{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
663 	{ "maxsessions", sMaxSessions, SSHCFG_ALL },
664 	{ "banner", sBanner, SSHCFG_ALL },
665 	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
666 	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
667 	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
668 	{ "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },
669 	{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
670 	{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
671 	{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
672 	{ "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
673 	{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
674 	{ "setenv", sSetEnv, SSHCFG_ALL },
675 	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
676 	{ "permittty", sPermitTTY, SSHCFG_ALL },
677 	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
678 	{ "match", sMatch, SSHCFG_ALL },
679 	{ "permitopen", sPermitOpen, SSHCFG_ALL },
680 	{ "permitlisten", sPermitListen, SSHCFG_ALL },
681 	{ "forcecommand", sForceCommand, SSHCFG_ALL },
682 	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
683 	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
684 	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
685 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
686 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
687 	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
688 	{ "include", sInclude, SSHCFG_ALL },
689 	{ "ipqos", sIPQoS, SSHCFG_ALL },
690 	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
691 	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
692 	{ "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
693 	{ "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
694 	{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
695 	{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
696 	{ "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
697 	{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
698 	{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
699 	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
700 	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
701 	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
702 	{ "rdomain", sRDomain, SSHCFG_ALL },
703 	{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
704 	{ "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
705 	{ "requiredrsasize", sRequiredRSASize, SSHCFG_ALL },
706 	{ "channeltimeout", sChannelTimeout, SSHCFG_ALL },
707 	{ "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL },
708 	{ "useblacklist", sUseBlacklist, SSHCFG_GLOBAL },
709 	{ "useblocklist", sUseBlacklist, SSHCFG_GLOBAL }, /* alias */
710 	{ "noneenabled", sUnsupported, SSHCFG_ALL },
711 	{ "hpndisabled", sDeprecated, SSHCFG_ALL },
712 	{ "hpnbuffersize", sDeprecated, SSHCFG_ALL },
713 	{ "tcprcvbufpoll", sDeprecated, SSHCFG_ALL },
714 	{ NULL, sBadOption, 0 }
715 };
716 
717 static struct {
718 	int val;
719 	char *text;
720 } tunmode_desc[] = {
721 	{ SSH_TUNMODE_NO, "no" },
722 	{ SSH_TUNMODE_POINTOPOINT, "point-to-point" },
723 	{ SSH_TUNMODE_ETHERNET, "ethernet" },
724 	{ SSH_TUNMODE_YES, "yes" },
725 	{ -1, NULL }
726 };
727 
728 /* Returns an opcode name from its number */
729 
730 static const char *
731 lookup_opcode_name(ServerOpCodes code)
732 {
733 	u_int i;
734 
735 	for (i = 0; keywords[i].name != NULL; i++)
736 		if (keywords[i].opcode == code)
737 			return(keywords[i].name);
738 	return "UNKNOWN";
739 }
740 
741 
742 /*
743  * Returns the number of the token pointed to by cp or sBadOption.
744  */
745 
746 static ServerOpCodes
747 parse_token(const char *cp, const char *filename,
748 	    int linenum, u_int *flags)
749 {
750 	u_int i;
751 
752 	for (i = 0; keywords[i].name; i++)
753 		if (strcasecmp(cp, keywords[i].name) == 0) {
754 			*flags = keywords[i].flags;
755 			return keywords[i].opcode;
756 		}
757 
758 	error("%s: line %d: Bad configuration option: %s",
759 	    filename, linenum, cp);
760 	return sBadOption;
761 }
762 
763 char *
764 derelativise_path(const char *path)
765 {
766 	char *expanded, *ret, cwd[PATH_MAX];
767 
768 	if (strcasecmp(path, "none") == 0)
769 		return xstrdup("none");
770 	expanded = tilde_expand_filename(path, getuid());
771 	if (path_absolute(expanded))
772 		return expanded;
773 	if (getcwd(cwd, sizeof(cwd)) == NULL)
774 		fatal_f("getcwd: %s", strerror(errno));
775 	xasprintf(&ret, "%s/%s", cwd, expanded);
776 	free(expanded);
777 	return ret;
778 }
779 
780 static void
781 add_listen_addr(ServerOptions *options, const char *addr,
782     const char *rdomain, int port)
783 {
784 	u_int i;
785 
786 	if (port > 0)
787 		add_one_listen_addr(options, addr, rdomain, port);
788 	else {
789 		for (i = 0; i < options->num_ports; i++) {
790 			add_one_listen_addr(options, addr, rdomain,
791 			    options->ports[i]);
792 		}
793 	}
794 }
795 
796 static void
797 add_one_listen_addr(ServerOptions *options, const char *addr,
798     const char *rdomain, int port)
799 {
800 	struct addrinfo hints, *ai, *aitop;
801 	char strport[NI_MAXSERV];
802 	int gaierr;
803 	u_int i;
804 
805 	/* Find listen_addrs entry for this rdomain */
806 	for (i = 0; i < options->num_listen_addrs; i++) {
807 		if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL)
808 			break;
809 		if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL)
810 			continue;
811 		if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0)
812 			break;
813 	}
814 	if (i >= options->num_listen_addrs) {
815 		/* No entry for this rdomain; allocate one */
816 		if (i >= INT_MAX)
817 			fatal_f("too many listen addresses");
818 		options->listen_addrs = xrecallocarray(options->listen_addrs,
819 		    options->num_listen_addrs, options->num_listen_addrs + 1,
820 		    sizeof(*options->listen_addrs));
821 		i = options->num_listen_addrs++;
822 		if (rdomain != NULL)
823 			options->listen_addrs[i].rdomain = xstrdup(rdomain);
824 	}
825 	/* options->listen_addrs[i] points to the addresses for this rdomain */
826 
827 	memset(&hints, 0, sizeof(hints));
828 	hints.ai_family = options->address_family;
829 	hints.ai_socktype = SOCK_STREAM;
830 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
831 	snprintf(strport, sizeof strport, "%d", port);
832 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
833 		fatal("bad addr or host: %s (%s)",
834 		    addr ? addr : "<NULL>",
835 		    ssh_gai_strerror(gaierr));
836 	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
837 		;
838 	ai->ai_next = options->listen_addrs[i].addrs;
839 	options->listen_addrs[i].addrs = aitop;
840 }
841 
842 /* Returns nonzero if the routing domain name is valid */
843 static int
844 valid_rdomain(const char *name)
845 {
846 #if defined(HAVE_SYS_VALID_RDOMAIN)
847 	return sys_valid_rdomain(name);
848 #elif defined(__OpenBSD__)
849 	const char *errstr;
850 	long long num;
851 	struct rt_tableinfo info;
852 	int mib[6];
853 	size_t miblen = sizeof(mib);
854 
855 	if (name == NULL)
856 		return 1;
857 
858 	num = strtonum(name, 0, 255, &errstr);
859 	if (errstr != NULL)
860 		return 0;
861 
862 	/* Check whether the table actually exists */
863 	memset(mib, 0, sizeof(mib));
864 	mib[0] = CTL_NET;
865 	mib[1] = PF_ROUTE;
866 	mib[4] = NET_RT_TABLE;
867 	mib[5] = (int)num;
868 	if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1)
869 		return 0;
870 
871 	return 1;
872 #else /* defined(__OpenBSD__) */
873 	error("Routing domains are not supported on this platform");
874 	return 0;
875 #endif
876 }
877 
878 /*
879  * Queue a ListenAddress to be processed once we have all of the Ports
880  * and AddressFamily options.
881  */
882 static void
883 queue_listen_addr(ServerOptions *options, const char *addr,
884     const char *rdomain, int port)
885 {
886 	struct queued_listenaddr *qla;
887 
888 	options->queued_listen_addrs = xrecallocarray(
889 	    options->queued_listen_addrs,
890 	    options->num_queued_listens, options->num_queued_listens + 1,
891 	    sizeof(*options->queued_listen_addrs));
892 	qla = &options->queued_listen_addrs[options->num_queued_listens++];
893 	qla->addr = xstrdup(addr);
894 	qla->port = port;
895 	qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain);
896 }
897 
898 /*
899  * Process queued (text) ListenAddress entries.
900  */
901 static void
902 process_queued_listen_addrs(ServerOptions *options)
903 {
904 	u_int i;
905 	struct queued_listenaddr *qla;
906 
907 	if (options->num_ports == 0)
908 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
909 	if (options->address_family == -1)
910 		options->address_family = AF_UNSPEC;
911 
912 	for (i = 0; i < options->num_queued_listens; i++) {
913 		qla = &options->queued_listen_addrs[i];
914 		add_listen_addr(options, qla->addr, qla->rdomain, qla->port);
915 		free(qla->addr);
916 		free(qla->rdomain);
917 	}
918 	free(options->queued_listen_addrs);
919 	options->queued_listen_addrs = NULL;
920 	options->num_queued_listens = 0;
921 }
922 
923 /*
924  * Inform channels layer of permitopen options for a single forwarding
925  * direction (local/remote).
926  */
927 static void
928 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
929     char **opens, u_int num_opens)
930 {
931 	u_int i;
932 	int port;
933 	char *host, *arg, *oarg;
934 	int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
935 	const char *what = lookup_opcode_name(opcode);
936 
937 	channel_clear_permission(ssh, FORWARD_ADM, where);
938 	if (num_opens == 0)
939 		return; /* permit any */
940 
941 	/* handle keywords: "any" / "none" */
942 	if (num_opens == 1 && strcmp(opens[0], "any") == 0)
943 		return;
944 	if (num_opens == 1 && strcmp(opens[0], "none") == 0) {
945 		channel_disable_admin(ssh, where);
946 		return;
947 	}
948 	/* Otherwise treat it as a list of permitted host:port */
949 	for (i = 0; i < num_opens; i++) {
950 		oarg = arg = xstrdup(opens[i]);
951 		host = hpdelim(&arg);
952 		if (host == NULL)
953 			fatal_f("missing host in %s", what);
954 		host = cleanhostname(host);
955 		if (arg == NULL || ((port = permitopen_port(arg)) < 0))
956 			fatal_f("bad port number in %s", what);
957 		/* Send it to channels layer */
958 		channel_add_permission(ssh, FORWARD_ADM,
959 		    where, host, port);
960 		free(oarg);
961 	}
962 }
963 
964 /*
965  * Inform channels layer of permitopen options from configuration.
966  */
967 void
968 process_permitopen(struct ssh *ssh, ServerOptions *options)
969 {
970 	process_permitopen_list(ssh, sPermitOpen,
971 	    options->permitted_opens, options->num_permitted_opens);
972 	process_permitopen_list(ssh, sPermitListen,
973 	    options->permitted_listens,
974 	    options->num_permitted_listens);
975 }
976 
977 /* Parse a ChannelTimeout clause "pattern=interval" */
978 static int
979 parse_timeout(const char *s, char **typep, u_int *secsp)
980 {
981 	char *cp, *sdup;
982 	int secs;
983 
984 	if (typep != NULL)
985 		*typep = NULL;
986 	if (secsp != NULL)
987 		*secsp = 0;
988 	if (s == NULL)
989 		return -1;
990 	sdup = xstrdup(s);
991 
992 	if ((cp = strchr(sdup, '=')) == NULL || cp == sdup) {
993 		free(sdup);
994 		return -1;
995 	}
996 	*cp++ = '\0';
997 	if ((secs = convtime(cp)) < 0) {
998 		free(sdup);
999 		return -1;
1000 	}
1001 	/* success */
1002 	if (typep != NULL)
1003 		*typep = xstrdup(sdup);
1004 	if (secsp != NULL)
1005 		*secsp = (u_int)secs;
1006 	free(sdup);
1007 	return 0;
1008 }
1009 
1010 void
1011 process_channel_timeouts(struct ssh *ssh, ServerOptions *options)
1012 {
1013 	u_int i, secs;
1014 	char *type;
1015 
1016 	debug3_f("setting %u timeouts", options->num_channel_timeouts);
1017 	channel_clear_timeouts(ssh);
1018 	for (i = 0; i < options->num_channel_timeouts; i++) {
1019 		if (parse_timeout(options->channel_timeouts[i],
1020 		    &type, &secs) != 0) {
1021 			fatal_f("internal error: bad timeout %s",
1022 			    options->channel_timeouts[i]);
1023 		}
1024 		channel_add_timeout(ssh, type, secs);
1025 		free(type);
1026 	}
1027 }
1028 
1029 struct connection_info *
1030 get_connection_info(struct ssh *ssh, int populate, int use_dns)
1031 {
1032 	static struct connection_info ci;
1033 
1034 	if (ssh == NULL || !populate)
1035 		return &ci;
1036 	ci.host = auth_get_canonical_hostname(ssh, use_dns);
1037 	ci.address = ssh_remote_ipaddr(ssh);
1038 	ci.laddress = ssh_local_ipaddr(ssh);
1039 	ci.lport = ssh_local_port(ssh);
1040 	ci.rdomain = ssh_packet_rdomain_in(ssh);
1041 	return &ci;
1042 }
1043 
1044 /*
1045  * The strategy for the Match blocks is that the config file is parsed twice.
1046  *
1047  * The first time is at startup.  activep is initialized to 1 and the
1048  * directives in the global context are processed and acted on.  Hitting a
1049  * Match directive unsets activep and the directives inside the block are
1050  * checked for syntax only.
1051  *
1052  * The second time is after a connection has been established but before
1053  * authentication.  activep is initialized to 2 and global config directives
1054  * are ignored since they have already been processed.  If the criteria in a
1055  * Match block is met, activep is set and the subsequent directives
1056  * processed and actioned until EOF or another Match block unsets it.  Any
1057  * options set are copied into the main server config.
1058  *
1059  * Potential additions/improvements:
1060  *  - Add Match support for pre-kex directives, eg. Ciphers.
1061  *
1062  *  - Add a Tag directive (idea from David Leonard) ala pf, eg:
1063  *	Match Address 192.168.0.*
1064  *		Tag trusted
1065  *	Match Group wheel
1066  *		Tag trusted
1067  *	Match Tag trusted
1068  *		AllowTcpForwarding yes
1069  *		GatewayPorts clientspecified
1070  *		[...]
1071  *
1072  *  - Add a PermittedChannelRequests directive
1073  *	Match Group shell
1074  *		PermittedChannelRequests session,forwarded-tcpip
1075  */
1076 
1077 static int
1078 match_cfg_line_group(const char *grps, int line, const char *user)
1079 {
1080 	int result = 0;
1081 	struct passwd *pw;
1082 
1083 	if (user == NULL)
1084 		goto out;
1085 
1086 	if ((pw = getpwnam(user)) == NULL) {
1087 		debug("Can't match group at line %d because user %.100s does "
1088 		    "not exist", line, user);
1089 	} else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
1090 		debug("Can't Match group because user %.100s not in any group "
1091 		    "at line %d", user, line);
1092 	} else if (ga_match_pattern_list(grps) != 1) {
1093 		debug("user %.100s does not match group list %.100s at line %d",
1094 		    user, grps, line);
1095 	} else {
1096 		debug("user %.100s matched group list %.100s at line %d", user,
1097 		    grps, line);
1098 		result = 1;
1099 	}
1100 out:
1101 	ga_free();
1102 	return result;
1103 }
1104 
1105 static void
1106 match_test_missing_fatal(const char *criteria, const char *attrib)
1107 {
1108 	fatal("'Match %s' in configuration but '%s' not in connection "
1109 	    "test specification.", criteria, attrib);
1110 }
1111 
1112 /*
1113  * All of the attributes on a single Match line are ANDed together, so we need
1114  * to check every attribute and set the result to zero if any attribute does
1115  * not match.
1116  */
1117 static int
1118 match_cfg_line(char **condition, int line, struct connection_info *ci)
1119 {
1120 	int result = 1, attributes = 0, port;
1121 	char *arg, *attrib, *cp = *condition;
1122 
1123 	if (ci == NULL)
1124 		debug3("checking syntax for 'Match %s'", cp);
1125 	else
1126 		debug3("checking match for '%s' user %s host %s addr %s "
1127 		    "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
1128 		    ci->host ? ci->host : "(null)",
1129 		    ci->address ? ci->address : "(null)",
1130 		    ci->laddress ? ci->laddress : "(null)", ci->lport);
1131 
1132 	while ((attrib = strdelim(&cp)) && *attrib != '\0') {
1133 		/* Terminate on comment */
1134 		if (*attrib == '#') {
1135 			cp = NULL; /* mark all arguments consumed */
1136 			break;
1137 		}
1138 		arg = NULL;
1139 		attributes++;
1140 		/* Criterion "all" has no argument and must appear alone */
1141 		if (strcasecmp(attrib, "all") == 0) {
1142 			if (attributes > 1 || ((arg = strdelim(&cp)) != NULL &&
1143 			    *arg != '\0' && *arg != '#')) {
1144 				error("'all' cannot be combined with other "
1145 				    "Match attributes");
1146 				return -1;
1147 			}
1148 			if (arg != NULL && *arg == '#')
1149 				cp = NULL; /* mark all arguments consumed */
1150 			*condition = cp;
1151 			return 1;
1152 		}
1153 		/* All other criteria require an argument */
1154 		if ((arg = strdelim(&cp)) == NULL ||
1155 		    *arg == '\0' || *arg == '#') {
1156 			error("Missing Match criteria for %s", attrib);
1157 			return -1;
1158 		}
1159 		if (strcasecmp(attrib, "user") == 0) {
1160 			if (ci == NULL || (ci->test && ci->user == NULL)) {
1161 				result = 0;
1162 				continue;
1163 			}
1164 			if (ci->user == NULL)
1165 				match_test_missing_fatal("User", "user");
1166 			if (match_usergroup_pattern_list(ci->user, arg) != 1)
1167 				result = 0;
1168 			else
1169 				debug("user %.100s matched 'User %.100s' at "
1170 				    "line %d", ci->user, arg, line);
1171 		} else if (strcasecmp(attrib, "group") == 0) {
1172 			if (ci == NULL || (ci->test && ci->user == NULL)) {
1173 				result = 0;
1174 				continue;
1175 			}
1176 			if (ci->user == NULL)
1177 				match_test_missing_fatal("Group", "user");
1178 			switch (match_cfg_line_group(arg, line, ci->user)) {
1179 			case -1:
1180 				return -1;
1181 			case 0:
1182 				result = 0;
1183 			}
1184 		} else if (strcasecmp(attrib, "host") == 0) {
1185 			if (ci == NULL || (ci->test && ci->host == NULL)) {
1186 				result = 0;
1187 				continue;
1188 			}
1189 			if (ci->host == NULL)
1190 				match_test_missing_fatal("Host", "host");
1191 			if (match_hostname(ci->host, arg) != 1)
1192 				result = 0;
1193 			else
1194 				debug("connection from %.100s matched 'Host "
1195 				    "%.100s' at line %d", ci->host, arg, line);
1196 		} else if (strcasecmp(attrib, "address") == 0) {
1197 			if (ci == NULL || (ci->test && ci->address == NULL)) {
1198 				if (addr_match_list(NULL, arg) != 0)
1199 					fatal("Invalid Match address argument "
1200 					    "'%s' at line %d", arg, line);
1201 				result = 0;
1202 				continue;
1203 			}
1204 			if (ci->address == NULL)
1205 				match_test_missing_fatal("Address", "addr");
1206 			switch (addr_match_list(ci->address, arg)) {
1207 			case 1:
1208 				debug("connection from %.100s matched 'Address "
1209 				    "%.100s' at line %d", ci->address, arg, line);
1210 				break;
1211 			case 0:
1212 			case -1:
1213 				result = 0;
1214 				break;
1215 			case -2:
1216 				return -1;
1217 			}
1218 		} else if (strcasecmp(attrib, "localaddress") == 0){
1219 			if (ci == NULL || (ci->test && ci->laddress == NULL)) {
1220 				if (addr_match_list(NULL, arg) != 0)
1221 					fatal("Invalid Match localaddress "
1222 					    "argument '%s' at line %d", arg,
1223 					    line);
1224 				result = 0;
1225 				continue;
1226 			}
1227 			if (ci->laddress == NULL)
1228 				match_test_missing_fatal("LocalAddress",
1229 				    "laddr");
1230 			switch (addr_match_list(ci->laddress, arg)) {
1231 			case 1:
1232 				debug("connection from %.100s matched "
1233 				    "'LocalAddress %.100s' at line %d",
1234 				    ci->laddress, arg, line);
1235 				break;
1236 			case 0:
1237 			case -1:
1238 				result = 0;
1239 				break;
1240 			case -2:
1241 				return -1;
1242 			}
1243 		} else if (strcasecmp(attrib, "localport") == 0) {
1244 			if ((port = a2port(arg)) == -1) {
1245 				error("Invalid LocalPort '%s' on Match line",
1246 				    arg);
1247 				return -1;
1248 			}
1249 			if (ci == NULL || (ci->test && ci->lport == -1)) {
1250 				result = 0;
1251 				continue;
1252 			}
1253 			if (ci->lport == 0)
1254 				match_test_missing_fatal("LocalPort", "lport");
1255 			/* TODO support port lists */
1256 			if (port == ci->lport)
1257 				debug("connection from %.100s matched "
1258 				    "'LocalPort %d' at line %d",
1259 				    ci->laddress, port, line);
1260 			else
1261 				result = 0;
1262 		} else if (strcasecmp(attrib, "rdomain") == 0) {
1263 			if (ci == NULL || (ci->test && ci->rdomain == NULL)) {
1264 				result = 0;
1265 				continue;
1266 			}
1267 			if (ci->rdomain == NULL)
1268 				match_test_missing_fatal("RDomain", "rdomain");
1269 			if (match_pattern_list(ci->rdomain, arg, 0) != 1)
1270 				result = 0;
1271 			else
1272 				debug("user %.100s matched 'RDomain %.100s' at "
1273 				    "line %d", ci->rdomain, arg, line);
1274 		} else {
1275 			error("Unsupported Match attribute %s", attrib);
1276 			return -1;
1277 		}
1278 	}
1279 	if (attributes == 0) {
1280 		error("One or more attributes required for Match");
1281 		return -1;
1282 	}
1283 	if (ci != NULL)
1284 		debug3("match %sfound", result ? "" : "not ");
1285 	*condition = cp;
1286 	return result;
1287 }
1288 
1289 #define WHITESPACE " \t\r\n"
1290 
1291 /* Multistate option parsing */
1292 struct multistate {
1293 	char *key;
1294 	int value;
1295 };
1296 static const struct multistate multistate_flag[] = {
1297 	{ "yes",			1 },
1298 	{ "no",				0 },
1299 	{ NULL, -1 }
1300 };
1301 static const struct multistate multistate_ignore_rhosts[] = {
1302 	{ "yes",			IGNORE_RHOSTS_YES },
1303 	{ "no",				IGNORE_RHOSTS_NO },
1304 	{ "shosts-only",		IGNORE_RHOSTS_SHOSTS },
1305 	{ NULL, -1 }
1306 };
1307 static const struct multistate multistate_addressfamily[] = {
1308 	{ "inet",			AF_INET },
1309 	{ "inet6",			AF_INET6 },
1310 	{ "any",			AF_UNSPEC },
1311 	{ NULL, -1 }
1312 };
1313 static const struct multistate multistate_permitrootlogin[] = {
1314 	{ "without-password",		PERMIT_NO_PASSWD },
1315 	{ "prohibit-password",		PERMIT_NO_PASSWD },
1316 	{ "forced-commands-only",	PERMIT_FORCED_ONLY },
1317 	{ "yes",			PERMIT_YES },
1318 	{ "no",				PERMIT_NO },
1319 	{ NULL, -1 }
1320 };
1321 static const struct multistate multistate_compression[] = {
1322 #ifdef WITH_ZLIB
1323 	{ "yes",			COMP_DELAYED },
1324 	{ "delayed",			COMP_DELAYED },
1325 #endif
1326 	{ "no",				COMP_NONE },
1327 	{ NULL, -1 }
1328 };
1329 static const struct multistate multistate_gatewayports[] = {
1330 	{ "clientspecified",		2 },
1331 	{ "yes",			1 },
1332 	{ "no",				0 },
1333 	{ NULL, -1 }
1334 };
1335 static const struct multistate multistate_tcpfwd[] = {
1336 	{ "yes",			FORWARD_ALLOW },
1337 	{ "all",			FORWARD_ALLOW },
1338 	{ "no",				FORWARD_DENY },
1339 	{ "remote",			FORWARD_REMOTE },
1340 	{ "local",			FORWARD_LOCAL },
1341 	{ NULL, -1 }
1342 };
1343 
1344 static int
1345 process_server_config_line_depth(ServerOptions *options, char *line,
1346     const char *filename, int linenum, int *activep,
1347     struct connection_info *connectinfo, int *inc_flags, int depth,
1348     struct include_list *includes)
1349 {
1350 	char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
1351 	int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
1352 	SyslogFacility *log_facility_ptr;
1353 	LogLevel *log_level_ptr;
1354 	ServerOpCodes opcode;
1355 	u_int i, *uintptr, uvalue, flags = 0;
1356 	size_t len;
1357 	long long val64;
1358 	const struct multistate *multistate_ptr;
1359 	const char *errstr;
1360 	struct include_item *item;
1361 	glob_t gbuf;
1362 	char **oav = NULL, **av;
1363 	int oac = 0, ac;
1364 	int ret = -1;
1365 
1366 	/* Strip trailing whitespace. Allow \f (form feed) at EOL only */
1367 	if ((len = strlen(line)) == 0)
1368 		return 0;
1369 	for (len--; len > 0; len--) {
1370 		if (strchr(WHITESPACE "\f", line[len]) == NULL)
1371 			break;
1372 		line[len] = '\0';
1373 	}
1374 
1375 	str = line;
1376 	if ((keyword = strdelim(&str)) == NULL)
1377 		return 0;
1378 	/* Ignore leading whitespace */
1379 	if (*keyword == '\0')
1380 		keyword = strdelim(&str);
1381 	if (!keyword || !*keyword || *keyword == '#')
1382 		return 0;
1383 	if (str == NULL || *str == '\0') {
1384 		error("%s line %d: no argument after keyword \"%s\"",
1385 		    filename, linenum, keyword);
1386 		return -1;
1387 	}
1388 	intptr = NULL;
1389 	charptr = NULL;
1390 	opcode = parse_token(keyword, filename, linenum, &flags);
1391 
1392 	if (argv_split(str, &oac, &oav, 1) != 0) {
1393 		error("%s line %d: invalid quotes", filename, linenum);
1394 		return -1;
1395 	}
1396 	ac = oac;
1397 	av = oav;
1398 
1399 	if (activep == NULL) { /* We are processing a command line directive */
1400 		cmdline = 1;
1401 		activep = &cmdline;
1402 	}
1403 	if (*activep && opcode != sMatch && opcode != sInclude)
1404 		debug3("%s:%d setting %s %s", filename, linenum, keyword, str);
1405 	if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
1406 		if (connectinfo == NULL) {
1407 			fatal("%s line %d: Directive '%s' is not allowed "
1408 			    "within a Match block", filename, linenum, keyword);
1409 		} else { /* this is a directive we have already processed */
1410 			ret = 0;
1411 			goto out;
1412 		}
1413 	}
1414 
1415 	switch (opcode) {
1416 	/* Portable-specific options */
1417 	case sUsePAM:
1418 		intptr = &options->use_pam;
1419 		goto parse_flag;
1420 
1421 	/* Standard Options */
1422 	case sBadOption:
1423 		goto out;
1424 	case sPort:
1425 		/* ignore ports from configfile if cmdline specifies ports */
1426 		if (options->ports_from_cmdline) {
1427 			argv_consume(&ac);
1428 			break;
1429 		}
1430 		if (options->num_ports >= MAX_PORTS)
1431 			fatal("%s line %d: too many ports.",
1432 			    filename, linenum);
1433 		arg = argv_next(&ac, &av);
1434 		if (!arg || *arg == '\0')
1435 			fatal("%s line %d: missing port number.",
1436 			    filename, linenum);
1437 		options->ports[options->num_ports++] = a2port(arg);
1438 		if (options->ports[options->num_ports-1] <= 0)
1439 			fatal("%s line %d: Badly formatted port number.",
1440 			    filename, linenum);
1441 		break;
1442 
1443 	case sLoginGraceTime:
1444 		intptr = &options->login_grace_time;
1445  parse_time:
1446 		arg = argv_next(&ac, &av);
1447 		if (!arg || *arg == '\0')
1448 			fatal("%s line %d: missing time value.",
1449 			    filename, linenum);
1450 		if ((value = convtime(arg)) == -1)
1451 			fatal("%s line %d: invalid time value.",
1452 			    filename, linenum);
1453 		if (*activep && *intptr == -1)
1454 			*intptr = value;
1455 		break;
1456 
1457 	case sListenAddress:
1458 		arg = argv_next(&ac, &av);
1459 		if (arg == NULL || *arg == '\0')
1460 			fatal("%s line %d: missing address",
1461 			    filename, linenum);
1462 		/* check for bare IPv6 address: no "[]" and 2 or more ":" */
1463 		if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
1464 		    && strchr(p+1, ':') != NULL) {
1465 			port = 0;
1466 			p = arg;
1467 		} else {
1468 			arg2 = NULL;
1469 			p = hpdelim(&arg);
1470 			if (p == NULL)
1471 				fatal("%s line %d: bad address:port usage",
1472 				    filename, linenum);
1473 			p = cleanhostname(p);
1474 			if (arg == NULL)
1475 				port = 0;
1476 			else if ((port = a2port(arg)) <= 0)
1477 				fatal("%s line %d: bad port number",
1478 				    filename, linenum);
1479 		}
1480 		/* Optional routing table */
1481 		arg2 = NULL;
1482 		if ((arg = argv_next(&ac, &av)) != NULL) {
1483 			if (strcmp(arg, "rdomain") != 0 ||
1484 			    (arg2 = argv_next(&ac, &av)) == NULL)
1485 				fatal("%s line %d: bad ListenAddress syntax",
1486 				    filename, linenum);
1487 			if (!valid_rdomain(arg2))
1488 				fatal("%s line %d: bad routing domain",
1489 				    filename, linenum);
1490 		}
1491 		queue_listen_addr(options, p, arg2, port);
1492 
1493 		break;
1494 
1495 	case sAddressFamily:
1496 		intptr = &options->address_family;
1497 		multistate_ptr = multistate_addressfamily;
1498  parse_multistate:
1499 		arg = argv_next(&ac, &av);
1500 		if (!arg || *arg == '\0')
1501 			fatal("%s line %d: missing argument.",
1502 			    filename, linenum);
1503 		value = -1;
1504 		for (i = 0; multistate_ptr[i].key != NULL; i++) {
1505 			if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
1506 				value = multistate_ptr[i].value;
1507 				break;
1508 			}
1509 		}
1510 		if (value == -1)
1511 			fatal("%s line %d: unsupported option \"%s\".",
1512 			    filename, linenum, arg);
1513 		if (*activep && *intptr == -1)
1514 			*intptr = value;
1515 		break;
1516 
1517 	case sHostKeyFile:
1518 		arg = argv_next(&ac, &av);
1519 		if (!arg || *arg == '\0')
1520 			fatal("%s line %d: missing file name.",
1521 			    filename, linenum);
1522 		if (*activep) {
1523 			servconf_add_hostkey(filename, linenum,
1524 			    options, arg, 1);
1525 		}
1526 		break;
1527 
1528 	case sHostKeyAgent:
1529 		charptr = &options->host_key_agent;
1530 		arg = argv_next(&ac, &av);
1531 		if (!arg || *arg == '\0')
1532 			fatal("%s line %d: missing socket name.",
1533 			    filename, linenum);
1534 		if (*activep && *charptr == NULL)
1535 			*charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
1536 			    xstrdup(arg) : derelativise_path(arg);
1537 		break;
1538 
1539 	case sHostCertificate:
1540 		arg = argv_next(&ac, &av);
1541 		if (!arg || *arg == '\0')
1542 			fatal("%s line %d: missing file name.",
1543 			    filename, linenum);
1544 		if (*activep)
1545 			servconf_add_hostcert(filename, linenum, options, arg);
1546 		break;
1547 
1548 	case sPidFile:
1549 		charptr = &options->pid_file;
1550  parse_filename:
1551 		arg = argv_next(&ac, &av);
1552 		if (!arg || *arg == '\0')
1553 			fatal("%s line %d: missing file name.",
1554 			    filename, linenum);
1555 		if (*activep && *charptr == NULL) {
1556 			*charptr = derelativise_path(arg);
1557 			/* increase optional counter */
1558 			if (intptr != NULL)
1559 				*intptr = *intptr + 1;
1560 		}
1561 		break;
1562 
1563 	case sModuliFile:
1564 		charptr = &options->moduli_file;
1565 		goto parse_filename;
1566 
1567 	case sPermitRootLogin:
1568 		intptr = &options->permit_root_login;
1569 		multistate_ptr = multistate_permitrootlogin;
1570 		goto parse_multistate;
1571 
1572 	case sIgnoreRhosts:
1573 		intptr = &options->ignore_rhosts;
1574 		multistate_ptr = multistate_ignore_rhosts;
1575 		goto parse_multistate;
1576 
1577 	case sIgnoreUserKnownHosts:
1578 		intptr = &options->ignore_user_known_hosts;
1579  parse_flag:
1580 		multistate_ptr = multistate_flag;
1581 		goto parse_multistate;
1582 
1583 	case sHostbasedAuthentication:
1584 		intptr = &options->hostbased_authentication;
1585 		goto parse_flag;
1586 
1587 	case sHostbasedUsesNameFromPacketOnly:
1588 		intptr = &options->hostbased_uses_name_from_packet_only;
1589 		goto parse_flag;
1590 
1591 	case sHostbasedAcceptedAlgorithms:
1592 		charptr = &options->hostbased_accepted_algos;
1593  parse_pubkey_algos:
1594 		arg = argv_next(&ac, &av);
1595 		if (!arg || *arg == '\0')
1596 			fatal("%s line %d: Missing argument.",
1597 			    filename, linenum);
1598 		if (*arg != '-' &&
1599 		    !sshkey_names_valid2(*arg == '+' || *arg == '^' ?
1600 		    arg + 1 : arg, 1))
1601 			fatal("%s line %d: Bad key types '%s'.",
1602 			    filename, linenum, arg ? arg : "<NONE>");
1603 		if (*activep && *charptr == NULL)
1604 			*charptr = xstrdup(arg);
1605 		break;
1606 
1607 	case sHostKeyAlgorithms:
1608 		charptr = &options->hostkeyalgorithms;
1609 		goto parse_pubkey_algos;
1610 
1611 	case sCASignatureAlgorithms:
1612 		charptr = &options->ca_sign_algorithms;
1613 		goto parse_pubkey_algos;
1614 
1615 	case sPubkeyAuthentication:
1616 		intptr = &options->pubkey_authentication;
1617 		goto parse_flag;
1618 
1619 	case sPubkeyAcceptedAlgorithms:
1620 		charptr = &options->pubkey_accepted_algos;
1621 		goto parse_pubkey_algos;
1622 
1623 	case sPubkeyAuthOptions:
1624 		intptr = &options->pubkey_auth_options;
1625 		value = 0;
1626 		while ((arg = argv_next(&ac, &av)) != NULL) {
1627 			if (strcasecmp(arg, "none") == 0)
1628 				continue;
1629 			if (strcasecmp(arg, "touch-required") == 0)
1630 				value |= PUBKEYAUTH_TOUCH_REQUIRED;
1631 			else if (strcasecmp(arg, "verify-required") == 0)
1632 				value |= PUBKEYAUTH_VERIFY_REQUIRED;
1633 			else {
1634 				error("%s line %d: unsupported %s option %s",
1635 				    filename, linenum, keyword, arg);
1636 				goto out;
1637 			}
1638 		}
1639 		if (*activep && *intptr == -1)
1640 			*intptr = value;
1641 		break;
1642 
1643 	case sKerberosAuthentication:
1644 		intptr = &options->kerberos_authentication;
1645 		goto parse_flag;
1646 
1647 	case sKerberosOrLocalPasswd:
1648 		intptr = &options->kerberos_or_local_passwd;
1649 		goto parse_flag;
1650 
1651 	case sKerberosTicketCleanup:
1652 		intptr = &options->kerberos_ticket_cleanup;
1653 		goto parse_flag;
1654 
1655 	case sKerberosGetAFSToken:
1656 		intptr = &options->kerberos_get_afs_token;
1657 		goto parse_flag;
1658 
1659 	case sGssAuthentication:
1660 		intptr = &options->gss_authentication;
1661 		goto parse_flag;
1662 
1663 	case sGssCleanupCreds:
1664 		intptr = &options->gss_cleanup_creds;
1665 		goto parse_flag;
1666 
1667 	case sGssStrictAcceptor:
1668 		intptr = &options->gss_strict_acceptor;
1669 		goto parse_flag;
1670 
1671 	case sPasswordAuthentication:
1672 		intptr = &options->password_authentication;
1673 		goto parse_flag;
1674 
1675 	case sKbdInteractiveAuthentication:
1676 		intptr = &options->kbd_interactive_authentication;
1677 		goto parse_flag;
1678 
1679 	case sPrintMotd:
1680 		intptr = &options->print_motd;
1681 		goto parse_flag;
1682 
1683 	case sPrintLastLog:
1684 		intptr = &options->print_lastlog;
1685 		goto parse_flag;
1686 
1687 	case sX11Forwarding:
1688 		intptr = &options->x11_forwarding;
1689 		goto parse_flag;
1690 
1691 	case sX11DisplayOffset:
1692 		intptr = &options->x11_display_offset;
1693  parse_int:
1694 		arg = argv_next(&ac, &av);
1695 		if ((errstr = atoi_err(arg, &value)) != NULL)
1696 			fatal("%s line %d: %s integer value %s.",
1697 			    filename, linenum, keyword, errstr);
1698 		if (*activep && *intptr == -1)
1699 			*intptr = value;
1700 		break;
1701 
1702 	case sX11UseLocalhost:
1703 		intptr = &options->x11_use_localhost;
1704 		goto parse_flag;
1705 
1706 	case sXAuthLocation:
1707 		charptr = &options->xauth_location;
1708 		goto parse_filename;
1709 
1710 	case sPermitTTY:
1711 		intptr = &options->permit_tty;
1712 		goto parse_flag;
1713 
1714 	case sPermitUserRC:
1715 		intptr = &options->permit_user_rc;
1716 		goto parse_flag;
1717 
1718 	case sStrictModes:
1719 		intptr = &options->strict_modes;
1720 		goto parse_flag;
1721 
1722 	case sTCPKeepAlive:
1723 		intptr = &options->tcp_keep_alive;
1724 		goto parse_flag;
1725 
1726 	case sEmptyPasswd:
1727 		intptr = &options->permit_empty_passwd;
1728 		goto parse_flag;
1729 
1730 	case sPermitUserEnvironment:
1731 		intptr = &options->permit_user_env;
1732 		charptr = &options->permit_user_env_allowlist;
1733 		arg = argv_next(&ac, &av);
1734 		if (!arg || *arg == '\0')
1735 			fatal("%s line %d: %s missing argument.",
1736 			    filename, linenum, keyword);
1737 		value = 0;
1738 		p = NULL;
1739 		if (strcmp(arg, "yes") == 0)
1740 			value = 1;
1741 		else if (strcmp(arg, "no") == 0)
1742 			value = 0;
1743 		else {
1744 			/* Pattern-list specified */
1745 			value = 1;
1746 			p = xstrdup(arg);
1747 		}
1748 		if (*activep && *intptr == -1) {
1749 			*intptr = value;
1750 			*charptr = p;
1751 			p = NULL;
1752 		}
1753 		free(p);
1754 		break;
1755 
1756 	case sCompression:
1757 		intptr = &options->compression;
1758 		multistate_ptr = multistate_compression;
1759 		goto parse_multistate;
1760 
1761 	case sRekeyLimit:
1762 		arg = argv_next(&ac, &av);
1763 		if (!arg || *arg == '\0')
1764 			fatal("%s line %d: %s missing argument.",
1765 			    filename, linenum, keyword);
1766 		if (strcmp(arg, "default") == 0) {
1767 			val64 = 0;
1768 		} else {
1769 			if (scan_scaled(arg, &val64) == -1)
1770 				fatal("%.200s line %d: Bad %s number '%s': %s",
1771 				    filename, linenum, keyword,
1772 				    arg, strerror(errno));
1773 			if (val64 != 0 && val64 < 16)
1774 				fatal("%.200s line %d: %s too small",
1775 				    filename, linenum, keyword);
1776 		}
1777 		if (*activep && options->rekey_limit == -1)
1778 			options->rekey_limit = val64;
1779 		if (ac != 0) { /* optional rekey interval present */
1780 			if (strcmp(av[0], "none") == 0) {
1781 				(void)argv_next(&ac, &av);	/* discard */
1782 				break;
1783 			}
1784 			intptr = &options->rekey_interval;
1785 			goto parse_time;
1786 		}
1787 		break;
1788 
1789 	case sGatewayPorts:
1790 		intptr = &options->fwd_opts.gateway_ports;
1791 		multistate_ptr = multistate_gatewayports;
1792 		goto parse_multistate;
1793 
1794 	case sUseDNS:
1795 		intptr = &options->use_dns;
1796 		goto parse_flag;
1797 
1798 	case sLogFacility:
1799 		log_facility_ptr = &options->log_facility;
1800 		arg = argv_next(&ac, &av);
1801 		value = log_facility_number(arg);
1802 		if (value == SYSLOG_FACILITY_NOT_SET)
1803 			fatal("%.200s line %d: unsupported log facility '%s'",
1804 			    filename, linenum, arg ? arg : "<NONE>");
1805 		if (*log_facility_ptr == -1)
1806 			*log_facility_ptr = (SyslogFacility) value;
1807 		break;
1808 
1809 	case sLogLevel:
1810 		log_level_ptr = &options->log_level;
1811 		arg = argv_next(&ac, &av);
1812 		value = log_level_number(arg);
1813 		if (value == SYSLOG_LEVEL_NOT_SET)
1814 			fatal("%.200s line %d: unsupported log level '%s'",
1815 			    filename, linenum, arg ? arg : "<NONE>");
1816 		if (*activep && *log_level_ptr == -1)
1817 			*log_level_ptr = (LogLevel) value;
1818 		break;
1819 
1820 	case sLogVerbose:
1821 		found = options->num_log_verbose == 0;
1822 		i = 0;
1823 		while ((arg = argv_next(&ac, &av)) != NULL) {
1824 			if (*arg == '\0') {
1825 				error("%s line %d: keyword %s empty argument",
1826 				    filename, linenum, keyword);
1827 				goto out;
1828 			}
1829 			/* Allow "none" only in first position */
1830 			if (strcasecmp(arg, "none") == 0) {
1831 				if (i > 0 || ac > 0) {
1832 					error("%s line %d: keyword %s \"none\" "
1833 					    "argument must appear alone.",
1834 					    filename, linenum, keyword);
1835 					goto out;
1836 				}
1837 			}
1838 			i++;
1839 			if (!found || !*activep)
1840 				continue;
1841 			opt_array_append(filename, linenum, keyword,
1842 			    &options->log_verbose, &options->num_log_verbose,
1843 			    arg);
1844 		}
1845 		break;
1846 
1847 	case sAllowTcpForwarding:
1848 		intptr = &options->allow_tcp_forwarding;
1849 		multistate_ptr = multistate_tcpfwd;
1850 		goto parse_multistate;
1851 
1852 	case sAllowStreamLocalForwarding:
1853 		intptr = &options->allow_streamlocal_forwarding;
1854 		multistate_ptr = multistate_tcpfwd;
1855 		goto parse_multistate;
1856 
1857 	case sAllowAgentForwarding:
1858 		intptr = &options->allow_agent_forwarding;
1859 		goto parse_flag;
1860 
1861 	case sDisableForwarding:
1862 		intptr = &options->disable_forwarding;
1863 		goto parse_flag;
1864 
1865 	case sAllowUsers:
1866 		chararrayptr = &options->allow_users;
1867 		uintptr = &options->num_allow_users;
1868  parse_allowdenyusers:
1869 		while ((arg = argv_next(&ac, &av)) != NULL) {
1870 			if (*arg == '\0' ||
1871 			    match_user(NULL, NULL, NULL, arg) == -1)
1872 				fatal("%s line %d: invalid %s pattern: \"%s\"",
1873 				    filename, linenum, keyword, arg);
1874 			if (!*activep)
1875 				continue;
1876 			opt_array_append(filename, linenum, keyword,
1877 			    chararrayptr, uintptr, arg);
1878 		}
1879 		break;
1880 
1881 	case sDenyUsers:
1882 		chararrayptr = &options->deny_users;
1883 		uintptr = &options->num_deny_users;
1884 		goto parse_allowdenyusers;
1885 
1886 	case sAllowGroups:
1887 		chararrayptr = &options->allow_groups;
1888 		uintptr = &options->num_allow_groups;
1889  parse_allowdenygroups:
1890 		while ((arg = argv_next(&ac, &av)) != NULL) {
1891 			if (*arg == '\0')
1892 				fatal("%s line %d: empty %s pattern",
1893 				    filename, linenum, keyword);
1894 			if (!*activep)
1895 				continue;
1896 			opt_array_append(filename, linenum, keyword,
1897 			    chararrayptr, uintptr, arg);
1898 		}
1899 		break;
1900 
1901 	case sDenyGroups:
1902 		chararrayptr = &options->deny_groups;
1903 		uintptr = &options->num_deny_groups;
1904 		goto parse_allowdenygroups;
1905 
1906 	case sCiphers:
1907 		arg = argv_next(&ac, &av);
1908 		if (!arg || *arg == '\0')
1909 			fatal("%s line %d: %s missing argument.",
1910 			    filename, linenum, keyword);
1911 		if (*arg != '-' &&
1912 		    !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
1913 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1914 			    filename, linenum, arg ? arg : "<NONE>");
1915 		if (options->ciphers == NULL)
1916 			options->ciphers = xstrdup(arg);
1917 		break;
1918 
1919 	case sMacs:
1920 		arg = argv_next(&ac, &av);
1921 		if (!arg || *arg == '\0')
1922 			fatal("%s line %d: %s missing argument.",
1923 			    filename, linenum, keyword);
1924 		if (*arg != '-' &&
1925 		    !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
1926 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1927 			    filename, linenum, arg ? arg : "<NONE>");
1928 		if (options->macs == NULL)
1929 			options->macs = xstrdup(arg);
1930 		break;
1931 
1932 	case sKexAlgorithms:
1933 		arg = argv_next(&ac, &av);
1934 		if (!arg || *arg == '\0')
1935 			fatal("%s line %d: %s missing argument.",
1936 			    filename, linenum, keyword);
1937 		if (*arg != '-' &&
1938 		    !kex_names_valid(*arg == '+' || *arg == '^' ?
1939 		    arg + 1 : arg))
1940 			fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1941 			    filename, linenum, arg ? arg : "<NONE>");
1942 		if (options->kex_algorithms == NULL)
1943 			options->kex_algorithms = xstrdup(arg);
1944 		break;
1945 
1946 	case sSubsystem:
1947 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1948 			fatal("%s line %d: too many subsystems defined.",
1949 			    filename, linenum);
1950 		}
1951 		arg = argv_next(&ac, &av);
1952 		if (!arg || *arg == '\0')
1953 			fatal("%s line %d: %s missing argument.",
1954 			    filename, linenum, keyword);
1955 		if (!*activep) {
1956 			arg = argv_next(&ac, &av);
1957 			break;
1958 		}
1959 		for (i = 0; i < options->num_subsystems; i++)
1960 			if (strcmp(arg, options->subsystem_name[i]) == 0)
1961 				fatal("%s line %d: Subsystem '%s' "
1962 				    "already defined.", filename, linenum, arg);
1963 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1964 		arg = argv_next(&ac, &av);
1965 		if (!arg || *arg == '\0')
1966 			fatal("%s line %d: Missing subsystem command.",
1967 			    filename, linenum);
1968 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1969 
1970 		/* Collect arguments (separate to executable) */
1971 		p = xstrdup(arg);
1972 		len = strlen(p) + 1;
1973 		while ((arg = argv_next(&ac, &av)) != NULL) {
1974 			len += 1 + strlen(arg);
1975 			p = xreallocarray(p, 1, len);
1976 			strlcat(p, " ", len);
1977 			strlcat(p, arg, len);
1978 		}
1979 		options->subsystem_args[options->num_subsystems] = p;
1980 		options->num_subsystems++;
1981 		break;
1982 
1983 	case sMaxStartups:
1984 		arg = argv_next(&ac, &av);
1985 		if (!arg || *arg == '\0')
1986 			fatal("%s line %d: %s missing argument.",
1987 			    filename, linenum, keyword);
1988 		if ((n = sscanf(arg, "%d:%d:%d",
1989 		    &options->max_startups_begin,
1990 		    &options->max_startups_rate,
1991 		    &options->max_startups)) == 3) {
1992 			if (options->max_startups_begin >
1993 			    options->max_startups ||
1994 			    options->max_startups_rate > 100 ||
1995 			    options->max_startups_rate < 1)
1996 				fatal("%s line %d: Invalid %s spec.",
1997 				    filename, linenum, keyword);
1998 		} else if (n != 1)
1999 			fatal("%s line %d: Invalid %s spec.",
2000 			    filename, linenum, keyword);
2001 		else
2002 			options->max_startups = options->max_startups_begin;
2003 		if (options->max_startups <= 0 ||
2004 		    options->max_startups_begin <= 0)
2005 			fatal("%s line %d: Invalid %s spec.",
2006 			    filename, linenum, keyword);
2007 		break;
2008 
2009 	case sPerSourceNetBlockSize:
2010 		arg = argv_next(&ac, &av);
2011 		if (!arg || *arg == '\0')
2012 			fatal("%s line %d: %s missing argument.",
2013 			    filename, linenum, keyword);
2014 		switch (n = sscanf(arg, "%d:%d", &value, &value2)) {
2015 		case 2:
2016 			if (value2 < 0 || value2 > 128)
2017 				n = -1;
2018 			/* FALLTHROUGH */
2019 		case 1:
2020 			if (value < 0 || value > 32)
2021 				n = -1;
2022 		}
2023 		if (n != 1 && n != 2)
2024 			fatal("%s line %d: Invalid %s spec.",
2025 			    filename, linenum, keyword);
2026 		if (*activep) {
2027 			options->per_source_masklen_ipv4 = value;
2028 			options->per_source_masklen_ipv6 = value2;
2029 		}
2030 		break;
2031 
2032 	case sPerSourceMaxStartups:
2033 		arg = argv_next(&ac, &av);
2034 		if (!arg || *arg == '\0')
2035 			fatal("%s line %d: %s missing argument.",
2036 			    filename, linenum, keyword);
2037 		if (strcmp(arg, "none") == 0) { /* no limit */
2038 			value = INT_MAX;
2039 		} else {
2040 			if ((errstr = atoi_err(arg, &value)) != NULL)
2041 				fatal("%s line %d: %s integer value %s.",
2042 				    filename, linenum, keyword, errstr);
2043 		}
2044 		if (*activep)
2045 			options->per_source_max_startups = value;
2046 		break;
2047 
2048 	case sMaxAuthTries:
2049 		intptr = &options->max_authtries;
2050 		goto parse_int;
2051 
2052 	case sMaxSessions:
2053 		intptr = &options->max_sessions;
2054 		goto parse_int;
2055 
2056 	case sBanner:
2057 		charptr = &options->banner;
2058 		goto parse_filename;
2059 
2060 	/*
2061 	 * These options can contain %X options expanded at
2062 	 * connect time, so that you can specify paths like:
2063 	 *
2064 	 * AuthorizedKeysFile	/etc/ssh_keys/%u
2065 	 */
2066 	case sAuthorizedKeysFile:
2067 		uvalue = options->num_authkeys_files;
2068 		while ((arg = argv_next(&ac, &av)) != NULL) {
2069 			if (*arg == '\0') {
2070 				error("%s line %d: keyword %s empty argument",
2071 				    filename, linenum, keyword);
2072 				goto out;
2073 			}
2074 			arg2 = tilde_expand_filename(arg, getuid());
2075 			if (*activep && uvalue == 0) {
2076 				opt_array_append(filename, linenum, keyword,
2077 				    &options->authorized_keys_files,
2078 				    &options->num_authkeys_files, arg2);
2079 			}
2080 			free(arg2);
2081 		}
2082 		break;
2083 
2084 	case sAuthorizedPrincipalsFile:
2085 		charptr = &options->authorized_principals_file;
2086 		arg = argv_next(&ac, &av);
2087 		if (!arg || *arg == '\0')
2088 			fatal("%s line %d: %s missing argument.",
2089 			    filename, linenum, keyword);
2090 		if (*activep && *charptr == NULL) {
2091 			*charptr = tilde_expand_filename(arg, getuid());
2092 			/* increase optional counter */
2093 			if (intptr != NULL)
2094 				*intptr = *intptr + 1;
2095 		}
2096 		break;
2097 
2098 	case sClientAliveInterval:
2099 		intptr = &options->client_alive_interval;
2100 		goto parse_time;
2101 
2102 	case sClientAliveCountMax:
2103 		intptr = &options->client_alive_count_max;
2104 		goto parse_int;
2105 
2106 	case sAcceptEnv:
2107 		while ((arg = argv_next(&ac, &av)) != NULL) {
2108 			if (*arg == '\0' || strchr(arg, '=') != NULL)
2109 				fatal("%s line %d: Invalid environment name.",
2110 				    filename, linenum);
2111 			if (!*activep)
2112 				continue;
2113 			opt_array_append(filename, linenum, keyword,
2114 			    &options->accept_env, &options->num_accept_env,
2115 			    arg);
2116 		}
2117 		break;
2118 
2119 	case sSetEnv:
2120 		uvalue = options->num_setenv;
2121 		while ((arg = argv_next(&ac, &av)) != NULL) {
2122 			if (*arg == '\0' || strchr(arg, '=') == NULL)
2123 				fatal("%s line %d: Invalid environment.",
2124 				    filename, linenum);
2125 			if (!*activep || uvalue != 0)
2126 				continue;
2127 			if (lookup_setenv_in_list(arg, options->setenv,
2128 			    options->num_setenv) != NULL) {
2129 				debug2("%s line %d: ignoring duplicate env "
2130 				    "name \"%.64s\"", filename, linenum, arg);
2131 				continue;
2132 			}
2133 			opt_array_append(filename, linenum, keyword,
2134 			    &options->setenv, &options->num_setenv, arg);
2135 		}
2136 		break;
2137 
2138 	case sPermitTunnel:
2139 		intptr = &options->permit_tun;
2140 		arg = argv_next(&ac, &av);
2141 		if (!arg || *arg == '\0')
2142 			fatal("%s line %d: %s missing argument.",
2143 			    filename, linenum, keyword);
2144 		value = -1;
2145 		for (i = 0; tunmode_desc[i].val != -1; i++)
2146 			if (strcmp(tunmode_desc[i].text, arg) == 0) {
2147 				value = tunmode_desc[i].val;
2148 				break;
2149 			}
2150 		if (value == -1)
2151 			fatal("%s line %d: bad %s argument %s",
2152 			    filename, linenum, keyword, arg);
2153 		if (*activep && *intptr == -1)
2154 			*intptr = value;
2155 		break;
2156 
2157 	case sInclude:
2158 		if (cmdline) {
2159 			fatal("Include directive not supported as a "
2160 			    "command-line option");
2161 		}
2162 		value = 0;
2163 		while ((arg2 = argv_next(&ac, &av)) != NULL) {
2164 			if (*arg2 == '\0') {
2165 				error("%s line %d: keyword %s empty argument",
2166 				    filename, linenum, keyword);
2167 				goto out;
2168 			}
2169 			value++;
2170 			found = 0;
2171 			if (*arg2 != '/' && *arg2 != '~') {
2172 				xasprintf(&arg, "%s/%s", SSHDIR, arg2);
2173 			} else
2174 				arg = xstrdup(arg2);
2175 
2176 			/*
2177 			 * Don't let included files clobber the containing
2178 			 * file's Match state.
2179 			 */
2180 			oactive = *activep;
2181 
2182 			/* consult cache of include files */
2183 			TAILQ_FOREACH(item, includes, entry) {
2184 				if (strcmp(item->selector, arg) != 0)
2185 					continue;
2186 				if (item->filename != NULL) {
2187 					parse_server_config_depth(options,
2188 					    item->filename, item->contents,
2189 					    includes, connectinfo,
2190 					    (*inc_flags & SSHCFG_MATCH_ONLY
2191 					        ? SSHCFG_MATCH_ONLY : (oactive
2192 					            ? 0 : SSHCFG_NEVERMATCH)),
2193 					    activep, depth + 1);
2194 				}
2195 				found = 1;
2196 				*activep = oactive;
2197 			}
2198 			if (found != 0) {
2199 				free(arg);
2200 				continue;
2201 			}
2202 
2203 			/* requested glob was not in cache */
2204 			debug2("%s line %d: new include %s",
2205 			    filename, linenum, arg);
2206 			if ((r = glob(arg, 0, NULL, &gbuf)) != 0) {
2207 				if (r != GLOB_NOMATCH) {
2208 					fatal("%s line %d: include \"%s\" glob "
2209 					    "failed", filename, linenum, arg);
2210 				}
2211 				/*
2212 				 * If no entry matched then record a
2213 				 * placeholder to skip later glob calls.
2214 				 */
2215 				debug2("%s line %d: no match for %s",
2216 				    filename, linenum, arg);
2217 				item = xcalloc(1, sizeof(*item));
2218 				item->selector = strdup(arg);
2219 				TAILQ_INSERT_TAIL(includes,
2220 				    item, entry);
2221 			}
2222 			if (gbuf.gl_pathc > INT_MAX)
2223 				fatal_f("too many glob results");
2224 			for (n = 0; n < (int)gbuf.gl_pathc; n++) {
2225 				debug2("%s line %d: including %s",
2226 				    filename, linenum, gbuf.gl_pathv[n]);
2227 				item = xcalloc(1, sizeof(*item));
2228 				item->selector = strdup(arg);
2229 				item->filename = strdup(gbuf.gl_pathv[n]);
2230 				if ((item->contents = sshbuf_new()) == NULL)
2231 					fatal_f("sshbuf_new failed");
2232 				load_server_config(item->filename,
2233 				    item->contents);
2234 				parse_server_config_depth(options,
2235 				    item->filename, item->contents,
2236 				    includes, connectinfo,
2237 				    (*inc_flags & SSHCFG_MATCH_ONLY
2238 				        ? SSHCFG_MATCH_ONLY : (oactive
2239 				            ? 0 : SSHCFG_NEVERMATCH)),
2240 				    activep, depth + 1);
2241 				*activep = oactive;
2242 				TAILQ_INSERT_TAIL(includes, item, entry);
2243 			}
2244 			globfree(&gbuf);
2245 			free(arg);
2246 		}
2247 		if (value == 0) {
2248 			fatal("%s line %d: %s missing filename argument",
2249 			    filename, linenum, keyword);
2250 		}
2251 		break;
2252 
2253 	case sMatch:
2254 		if (cmdline)
2255 			fatal("Match directive not supported as a command-line "
2256 			    "option");
2257 		value = match_cfg_line(&str, linenum,
2258 		    (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo));
2259 		if (value < 0)
2260 			fatal("%s line %d: Bad Match condition", filename,
2261 			    linenum);
2262 		*activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
2263 		/*
2264 		 * The MATCH_ONLY flag is applicable only until the first
2265 		 * match block.
2266 		 */
2267 		*inc_flags &= ~SSHCFG_MATCH_ONLY;
2268 		/*
2269 		 * If match_cfg_line() didn't consume all its arguments then
2270 		 * arrange for the extra arguments check below to fail.
2271 		 */
2272 		if (str == NULL || *str == '\0')
2273 			argv_consume(&ac);
2274 		break;
2275 
2276 	case sPermitListen:
2277 	case sPermitOpen:
2278 		if (opcode == sPermitListen) {
2279 			uintptr = &options->num_permitted_listens;
2280 			chararrayptr = &options->permitted_listens;
2281 		} else {
2282 			uintptr = &options->num_permitted_opens;
2283 			chararrayptr = &options->permitted_opens;
2284 		}
2285 		arg = argv_next(&ac, &av);
2286 		if (!arg || *arg == '\0')
2287 			fatal("%s line %d: %s missing argument.",
2288 			    filename, linenum, keyword);
2289 		uvalue = *uintptr;	/* modified later */
2290 		if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
2291 			if (*activep && uvalue == 0) {
2292 				*uintptr = 1;
2293 				*chararrayptr = xcalloc(1,
2294 				    sizeof(**chararrayptr));
2295 				(*chararrayptr)[0] = xstrdup(arg);
2296 			}
2297 			break;
2298 		}
2299 		for (; arg != NULL && *arg != '\0'; arg = argv_next(&ac, &av)) {
2300 			if (opcode == sPermitListen &&
2301 			    strchr(arg, ':') == NULL) {
2302 				/*
2303 				 * Allow bare port number for PermitListen
2304 				 * to indicate a wildcard listen host.
2305 				 */
2306 				xasprintf(&arg2, "*:%s", arg);
2307 			} else {
2308 				arg2 = xstrdup(arg);
2309 				p = hpdelim(&arg);
2310 				if (p == NULL) {
2311 					fatal("%s line %d: %s missing host",
2312 					    filename, linenum, keyword);
2313 				}
2314 				p = cleanhostname(p);
2315 			}
2316 			if (arg == NULL ||
2317 			    ((port = permitopen_port(arg)) < 0)) {
2318 				fatal("%s line %d: %s bad port number",
2319 				    filename, linenum, keyword);
2320 			}
2321 			if (*activep && uvalue == 0) {
2322 				opt_array_append(filename, linenum, keyword,
2323 				    chararrayptr, uintptr, arg2);
2324 			}
2325 			free(arg2);
2326 		}
2327 		break;
2328 
2329 	case sForceCommand:
2330 		if (str == NULL || *str == '\0')
2331 			fatal("%s line %d: %s missing argument.",
2332 			    filename, linenum, keyword);
2333 		len = strspn(str, WHITESPACE);
2334 		if (*activep && options->adm_forced_command == NULL)
2335 			options->adm_forced_command = xstrdup(str + len);
2336 		argv_consume(&ac);
2337 		break;
2338 
2339 	case sChrootDirectory:
2340 		charptr = &options->chroot_directory;
2341 
2342 		arg = argv_next(&ac, &av);
2343 		if (!arg || *arg == '\0')
2344 			fatal("%s line %d: %s missing argument.",
2345 			    filename, linenum, keyword);
2346 		if (*activep && *charptr == NULL)
2347 			*charptr = xstrdup(arg);
2348 		break;
2349 
2350 	case sTrustedUserCAKeys:
2351 		charptr = &options->trusted_user_ca_keys;
2352 		goto parse_filename;
2353 
2354 	case sRevokedKeys:
2355 		charptr = &options->revoked_keys_file;
2356 		goto parse_filename;
2357 
2358 	case sSecurityKeyProvider:
2359 		charptr = &options->sk_provider;
2360 		arg = argv_next(&ac, &av);
2361 		if (!arg || *arg == '\0')
2362 			fatal("%s line %d: %s missing argument.",
2363 			    filename, linenum, keyword);
2364 		if (*activep && *charptr == NULL) {
2365 			*charptr = strcasecmp(arg, "internal") == 0 ?
2366 			    xstrdup(arg) : derelativise_path(arg);
2367 			/* increase optional counter */
2368 			if (intptr != NULL)
2369 				*intptr = *intptr + 1;
2370 		}
2371 		break;
2372 
2373 	case sIPQoS:
2374 		arg = argv_next(&ac, &av);
2375 		if (!arg || *arg == '\0')
2376 			fatal("%s line %d: %s missing argument.",
2377 			    filename, linenum, keyword);
2378 		if ((value = parse_ipqos(arg)) == -1)
2379 			fatal("%s line %d: Bad %s value: %s",
2380 			    filename, linenum, keyword, arg);
2381 		arg = argv_next(&ac, &av);
2382 		if (arg == NULL)
2383 			value2 = value;
2384 		else if ((value2 = parse_ipqos(arg)) == -1)
2385 			fatal("%s line %d: Bad %s value: %s",
2386 			    filename, linenum, keyword, arg);
2387 		if (*activep) {
2388 			options->ip_qos_interactive = value;
2389 			options->ip_qos_bulk = value2;
2390 		}
2391 		break;
2392 
2393 	case sVersionAddendum:
2394 		if (str == NULL || *str == '\0')
2395 			fatal("%s line %d: %s missing argument.",
2396 			    filename, linenum, keyword);
2397 		len = strspn(str, WHITESPACE);
2398 		if (strchr(str + len, '\r') != NULL) {
2399 			fatal("%.200s line %d: Invalid %s argument",
2400 			    filename, linenum, keyword);
2401 		}
2402 		if ((arg = strchr(line, '#')) != NULL) {
2403 			*arg = '\0';
2404 			rtrim(line);
2405 		}
2406 		if (*activep && options->version_addendum == NULL) {
2407 			if (strcasecmp(str + len, "none") == 0)
2408 				options->version_addendum = xstrdup("");
2409 			else
2410 				options->version_addendum = xstrdup(str + len);
2411 		}
2412 		argv_consume(&ac);
2413 		break;
2414 
2415 	case sAuthorizedKeysCommand:
2416 		charptr = &options->authorized_keys_command;
2417  parse_command:
2418 		len = strspn(str, WHITESPACE);
2419 		if (str[len] != '/' && strcasecmp(str + len, "none") != 0) {
2420 			fatal("%.200s line %d: %s must be an absolute path",
2421 			    filename, linenum, keyword);
2422 		}
2423 		if (*activep && options->authorized_keys_command == NULL)
2424 			*charptr = xstrdup(str + len);
2425 		argv_consume(&ac);
2426 		break;
2427 
2428 	case sAuthorizedKeysCommandUser:
2429 		charptr = &options->authorized_keys_command_user;
2430  parse_localuser:
2431 		arg = argv_next(&ac, &av);
2432 		if (!arg || *arg == '\0') {
2433 			fatal("%s line %d: missing %s argument.",
2434 			    filename, linenum, keyword);
2435 		}
2436 		if (*activep && *charptr == NULL)
2437 			*charptr = xstrdup(arg);
2438 		break;
2439 
2440 	case sAuthorizedPrincipalsCommand:
2441 		charptr = &options->authorized_principals_command;
2442 		goto parse_command;
2443 
2444 	case sAuthorizedPrincipalsCommandUser:
2445 		charptr = &options->authorized_principals_command_user;
2446 		goto parse_localuser;
2447 
2448 	case sAuthenticationMethods:
2449 		found = options->num_auth_methods == 0;
2450 		value = 0; /* seen "any" pseudo-method */
2451 		value2 = 0; /* successfully parsed any method */
2452 		while ((arg = argv_next(&ac, &av)) != NULL) {
2453 			if (strcmp(arg, "any") == 0) {
2454 				if (options->num_auth_methods > 0) {
2455 					fatal("%s line %d: \"any\" must "
2456 					    "appear alone in %s",
2457 					    filename, linenum, keyword);
2458 				}
2459 				value = 1;
2460 			} else if (value) {
2461 				fatal("%s line %d: \"any\" must appear "
2462 				    "alone in %s", filename, linenum, keyword);
2463 			} else if (auth2_methods_valid(arg, 0) != 0) {
2464 				fatal("%s line %d: invalid %s method list.",
2465 				    filename, linenum, keyword);
2466 			}
2467 			value2 = 1;
2468 			if (!found || !*activep)
2469 				continue;
2470 			opt_array_append(filename, linenum, keyword,
2471 			    &options->auth_methods,
2472 			    &options->num_auth_methods, arg);
2473 		}
2474 		if (value2 == 0) {
2475 			fatal("%s line %d: no %s specified",
2476 			    filename, linenum, keyword);
2477 		}
2478 		break;
2479 
2480 	case sStreamLocalBindMask:
2481 		arg = argv_next(&ac, &av);
2482 		if (!arg || *arg == '\0')
2483 			fatal("%s line %d: %s missing argument.",
2484 			    filename, linenum, keyword);
2485 		/* Parse mode in octal format */
2486 		value = strtol(arg, &p, 8);
2487 		if (arg == p || value < 0 || value > 0777)
2488 			fatal("%s line %d: Invalid %s.",
2489 			    filename, linenum, keyword);
2490 		if (*activep)
2491 			options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
2492 		break;
2493 
2494 	case sStreamLocalBindUnlink:
2495 		intptr = &options->fwd_opts.streamlocal_bind_unlink;
2496 		goto parse_flag;
2497 
2498 	case sFingerprintHash:
2499 		arg = argv_next(&ac, &av);
2500 		if (!arg || *arg == '\0')
2501 			fatal("%s line %d: %s missing argument.",
2502 			    filename, linenum, keyword);
2503 		if ((value = ssh_digest_alg_by_name(arg)) == -1)
2504 			fatal("%.200s line %d: Invalid %s algorithm \"%s\".",
2505 			    filename, linenum, keyword, arg);
2506 		if (*activep)
2507 			options->fingerprint_hash = value;
2508 		break;
2509 
2510 	case sExposeAuthInfo:
2511 		intptr = &options->expose_userauth_info;
2512 		goto parse_flag;
2513 
2514 	case sRDomain:
2515 #if !defined(__OpenBSD__) && !defined(HAVE_SYS_SET_PROCESS_RDOMAIN)
2516 		fatal("%s line %d: setting RDomain not supported on this "
2517 		    "platform.", filename, linenum);
2518 #endif
2519 		charptr = &options->routing_domain;
2520 		arg = argv_next(&ac, &av);
2521 		if (!arg || *arg == '\0')
2522 			fatal("%s line %d: %s missing argument.",
2523 			    filename, linenum, keyword);
2524 		if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
2525 		    !valid_rdomain(arg))
2526 			fatal("%s line %d: invalid routing domain",
2527 			    filename, linenum);
2528 		if (*activep && *charptr == NULL)
2529 			*charptr = xstrdup(arg);
2530 		break;
2531 
2532 	case sRequiredRSASize:
2533 		intptr = &options->required_rsa_size;
2534 		goto parse_int;
2535 
2536 	case sChannelTimeout:
2537 		uvalue = options->num_channel_timeouts;
2538 		i = 0;
2539 		while ((arg = argv_next(&ac, &av)) != NULL) {
2540 			/* Allow "none" only in first position */
2541 			if (strcasecmp(arg, "none") == 0) {
2542 				if (i > 0 || ac > 0) {
2543 					error("%s line %d: keyword %s \"none\" "
2544 					    "argument must appear alone.",
2545 					    filename, linenum, keyword);
2546 					goto out;
2547 				}
2548 			} else if (parse_timeout(arg, NULL, NULL) != 0) {
2549 				fatal("%s line %d: invalid channel timeout %s",
2550 				    filename, linenum, arg);
2551 			}
2552 			if (!*activep || uvalue != 0)
2553 				continue;
2554 			opt_array_append(filename, linenum, keyword,
2555 			    &options->channel_timeouts,
2556 			    &options->num_channel_timeouts, arg);
2557 		}
2558 		break;
2559 
2560 	case sUnusedConnectionTimeout:
2561 		intptr = &options->unused_connection_timeout;
2562 		/* peek at first arg for "none" so we can reuse parse_time */
2563 		if (av[0] != NULL && strcasecmp(av[0], "none") == 0) {
2564 			(void)argv_next(&ac, &av); /* consume arg */
2565 			if (*activep)
2566 				*intptr = 0;
2567 			break;
2568 		}
2569 		goto parse_time;
2570 
2571 	case sUseBlacklist:
2572 		intptr = &options->use_blacklist;
2573 		goto parse_flag;
2574 
2575 	case sDeprecated:
2576 	case sIgnore:
2577 	case sUnsupported:
2578 		do_log2(opcode == sIgnore ?
2579 		    SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO,
2580 		    "%s line %d: %s option %s", filename, linenum,
2581 		    opcode == sUnsupported ? "Unsupported" : "Deprecated",
2582 		    keyword);
2583 		argv_consume(&ac);
2584 		break;
2585 
2586 	default:
2587 		fatal("%s line %d: Missing handler for opcode %s (%d)",
2588 		    filename, linenum, keyword, opcode);
2589 	}
2590 	/* Check that there is no garbage at end of line. */
2591 	if (ac > 0) {
2592 		error("%.200s line %d: keyword %s extra arguments "
2593 		    "at end of line", filename, linenum, keyword);
2594 		goto out;
2595 	}
2596 
2597 	/* success */
2598 	ret = 0;
2599  out:
2600 	argv_free(oav, oac);
2601 	return ret;
2602 }
2603 
2604 int
2605 process_server_config_line(ServerOptions *options, char *line,
2606     const char *filename, int linenum, int *activep,
2607     struct connection_info *connectinfo, struct include_list *includes)
2608 {
2609 	int inc_flags = 0;
2610 
2611 	return process_server_config_line_depth(options, line, filename,
2612 	    linenum, activep, connectinfo, &inc_flags, 0, includes);
2613 }
2614 
2615 
2616 /* Reads the server configuration file. */
2617 
2618 void
2619 load_server_config(const char *filename, struct sshbuf *conf)
2620 {
2621 	struct stat st;
2622 	char *line = NULL, *cp;
2623 	size_t linesize = 0;
2624 	FILE *f;
2625 	int r;
2626 
2627 	debug2_f("filename %s", filename);
2628 	if ((f = fopen(filename, "r")) == NULL) {
2629 		perror(filename);
2630 		exit(1);
2631 	}
2632 	sshbuf_reset(conf);
2633 	/* grow buffer, so realloc is avoided for large config files */
2634 	if (fstat(fileno(f), &st) == 0 && st.st_size > 0 &&
2635 	    (r = sshbuf_allocate(conf, st.st_size)) != 0)
2636 		fatal_fr(r, "allocate");
2637 	while (getline(&line, &linesize, f) != -1) {
2638 		/*
2639 		 * Strip whitespace
2640 		 * NB - preserve newlines, they are needed to reproduce
2641 		 * line numbers later for error messages
2642 		 */
2643 		cp = line + strspn(line, " \t\r");
2644 		if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
2645 			fatal_fr(r, "sshbuf_put");
2646 	}
2647 	free(line);
2648 	if ((r = sshbuf_put_u8(conf, 0)) != 0)
2649 		fatal_fr(r, "sshbuf_put_u8");
2650 	fclose(f);
2651 	debug2_f("done config len = %zu", sshbuf_len(conf));
2652 }
2653 
2654 void
2655 parse_server_match_config(ServerOptions *options,
2656    struct include_list *includes, struct connection_info *connectinfo)
2657 {
2658 	ServerOptions mo;
2659 
2660 	initialize_server_options(&mo);
2661 	parse_server_config(&mo, "reprocess config", cfg, includes,
2662 	    connectinfo, 0);
2663 	copy_set_server_options(options, &mo, 0);
2664 }
2665 
2666 int parse_server_match_testspec(struct connection_info *ci, char *spec)
2667 {
2668 	char *p;
2669 
2670 	while ((p = strsep(&spec, ",")) && *p != '\0') {
2671 		if (strncmp(p, "addr=", 5) == 0) {
2672 			ci->address = xstrdup(p + 5);
2673 		} else if (strncmp(p, "host=", 5) == 0) {
2674 			ci->host = xstrdup(p + 5);
2675 		} else if (strncmp(p, "user=", 5) == 0) {
2676 			ci->user = xstrdup(p + 5);
2677 		} else if (strncmp(p, "laddr=", 6) == 0) {
2678 			ci->laddress = xstrdup(p + 6);
2679 		} else if (strncmp(p, "rdomain=", 8) == 0) {
2680 			ci->rdomain = xstrdup(p + 8);
2681 		} else if (strncmp(p, "lport=", 6) == 0) {
2682 			ci->lport = a2port(p + 6);
2683 			if (ci->lport == -1) {
2684 				fprintf(stderr, "Invalid port '%s' in test mode"
2685 				    " specification %s\n", p+6, p);
2686 				return -1;
2687 			}
2688 		} else {
2689 			fprintf(stderr, "Invalid test mode specification %s\n",
2690 			    p);
2691 			return -1;
2692 		}
2693 	}
2694 	return 0;
2695 }
2696 
2697 /*
2698  * Copy any supported values that are set.
2699  *
2700  * If the preauth flag is set, we do not bother copying the string or
2701  * array values that are not used pre-authentication, because any that we
2702  * do use must be explicitly sent in mm_getpwnamallow().
2703  */
2704 void
2705 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2706 {
2707 #define M_CP_INTOPT(n) do {\
2708 	if (src->n != -1) \
2709 		dst->n = src->n; \
2710 } while (0)
2711 
2712 	M_CP_INTOPT(password_authentication);
2713 	M_CP_INTOPT(gss_authentication);
2714 	M_CP_INTOPT(pubkey_authentication);
2715 	M_CP_INTOPT(pubkey_auth_options);
2716 	M_CP_INTOPT(kerberos_authentication);
2717 	M_CP_INTOPT(hostbased_authentication);
2718 	M_CP_INTOPT(hostbased_uses_name_from_packet_only);
2719 	M_CP_INTOPT(kbd_interactive_authentication);
2720 	M_CP_INTOPT(permit_root_login);
2721 	M_CP_INTOPT(permit_empty_passwd);
2722 	M_CP_INTOPT(ignore_rhosts);
2723 
2724 	M_CP_INTOPT(allow_tcp_forwarding);
2725 	M_CP_INTOPT(allow_streamlocal_forwarding);
2726 	M_CP_INTOPT(allow_agent_forwarding);
2727 	M_CP_INTOPT(disable_forwarding);
2728 	M_CP_INTOPT(expose_userauth_info);
2729 	M_CP_INTOPT(permit_tun);
2730 	M_CP_INTOPT(fwd_opts.gateway_ports);
2731 	M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
2732 	M_CP_INTOPT(x11_display_offset);
2733 	M_CP_INTOPT(x11_forwarding);
2734 	M_CP_INTOPT(x11_use_localhost);
2735 	M_CP_INTOPT(permit_tty);
2736 	M_CP_INTOPT(permit_user_rc);
2737 	M_CP_INTOPT(max_sessions);
2738 	M_CP_INTOPT(max_authtries);
2739 	M_CP_INTOPT(client_alive_count_max);
2740 	M_CP_INTOPT(client_alive_interval);
2741 	M_CP_INTOPT(ip_qos_interactive);
2742 	M_CP_INTOPT(ip_qos_bulk);
2743 	M_CP_INTOPT(rekey_limit);
2744 	M_CP_INTOPT(rekey_interval);
2745 	M_CP_INTOPT(log_level);
2746 	M_CP_INTOPT(required_rsa_size);
2747 	M_CP_INTOPT(unused_connection_timeout);
2748 
2749 	/*
2750 	 * The bind_mask is a mode_t that may be unsigned, so we can't use
2751 	 * M_CP_INTOPT - it does a signed comparison that causes compiler
2752 	 * warnings.
2753 	 */
2754 	if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) {
2755 		dst->fwd_opts.streamlocal_bind_mask =
2756 		    src->fwd_opts.streamlocal_bind_mask;
2757 	}
2758 
2759 	/* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
2760 #define M_CP_STROPT(n) do {\
2761 	if (src->n != NULL && dst->n != src->n) { \
2762 		free(dst->n); \
2763 		dst->n = src->n; \
2764 	} \
2765 } while(0)
2766 #define M_CP_STRARRAYOPT(s, num_s) do {\
2767 	u_int i; \
2768 	if (src->num_s != 0) { \
2769 		for (i = 0; i < dst->num_s; i++) \
2770 			free(dst->s[i]); \
2771 		free(dst->s); \
2772 		dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \
2773 		for (i = 0; i < src->num_s; i++) \
2774 			dst->s[i] = xstrdup(src->s[i]); \
2775 		dst->num_s = src->num_s; \
2776 	} \
2777 } while(0)
2778 
2779 	/* See comment in servconf.h */
2780 	COPY_MATCH_STRING_OPTS();
2781 
2782 	/* Arguments that accept '+...' need to be expanded */
2783 	assemble_algorithms(dst);
2784 
2785 	/*
2786 	 * The only things that should be below this point are string options
2787 	 * which are only used after authentication.
2788 	 */
2789 	if (preauth)
2790 		return;
2791 
2792 	/* These options may be "none" to clear a global setting */
2793 	M_CP_STROPT(adm_forced_command);
2794 	if (option_clear_or_none(dst->adm_forced_command)) {
2795 		free(dst->adm_forced_command);
2796 		dst->adm_forced_command = NULL;
2797 	}
2798 	M_CP_STROPT(chroot_directory);
2799 	if (option_clear_or_none(dst->chroot_directory)) {
2800 		free(dst->chroot_directory);
2801 		dst->chroot_directory = NULL;
2802 	}
2803 }
2804 
2805 #undef M_CP_INTOPT
2806 #undef M_CP_STROPT
2807 #undef M_CP_STRARRAYOPT
2808 
2809 #define SERVCONF_MAX_DEPTH	16
2810 static void
2811 parse_server_config_depth(ServerOptions *options, const char *filename,
2812     struct sshbuf *conf, struct include_list *includes,
2813     struct connection_info *connectinfo, int flags, int *activep, int depth)
2814 {
2815 	int linenum, bad_options = 0;
2816 	char *cp, *obuf, *cbuf;
2817 
2818 	if (depth < 0 || depth > SERVCONF_MAX_DEPTH)
2819 		fatal("Too many recursive configuration includes");
2820 
2821 	debug2_f("config %s len %zu%s", filename, sshbuf_len(conf),
2822 	    (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : ""));
2823 
2824 	if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
2825 		fatal_f("sshbuf_dup_string failed");
2826 	linenum = 1;
2827 	while ((cp = strsep(&cbuf, "\n")) != NULL) {
2828 		if (process_server_config_line_depth(options, cp,
2829 		    filename, linenum++, activep, connectinfo, &flags,
2830 		    depth, includes) != 0)
2831 			bad_options++;
2832 	}
2833 	free(obuf);
2834 	if (bad_options > 0)
2835 		fatal("%s: terminating, %d bad configuration options",
2836 		    filename, bad_options);
2837 }
2838 
2839 void
2840 parse_server_config(ServerOptions *options, const char *filename,
2841     struct sshbuf *conf, struct include_list *includes,
2842     struct connection_info *connectinfo, int reexec)
2843 {
2844 	int active = connectinfo ? 0 : 1;
2845 	parse_server_config_depth(options, filename, conf, includes,
2846 	    connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0);
2847 	if (!reexec)
2848 		process_queued_listen_addrs(options);
2849 }
2850 
2851 static const char *
2852 fmt_multistate_int(int val, const struct multistate *m)
2853 {
2854 	u_int i;
2855 
2856 	for (i = 0; m[i].key != NULL; i++) {
2857 		if (m[i].value == val)
2858 			return m[i].key;
2859 	}
2860 	return "UNKNOWN";
2861 }
2862 
2863 static const char *
2864 fmt_intarg(ServerOpCodes code, int val)
2865 {
2866 	if (val == -1)
2867 		return "unset";
2868 	switch (code) {
2869 	case sAddressFamily:
2870 		return fmt_multistate_int(val, multistate_addressfamily);
2871 	case sPermitRootLogin:
2872 		return fmt_multistate_int(val, multistate_permitrootlogin);
2873 	case sGatewayPorts:
2874 		return fmt_multistate_int(val, multistate_gatewayports);
2875 	case sCompression:
2876 		return fmt_multistate_int(val, multistate_compression);
2877 	case sAllowTcpForwarding:
2878 		return fmt_multistate_int(val, multistate_tcpfwd);
2879 	case sAllowStreamLocalForwarding:
2880 		return fmt_multistate_int(val, multistate_tcpfwd);
2881 	case sIgnoreRhosts:
2882 		return fmt_multistate_int(val, multistate_ignore_rhosts);
2883 	case sFingerprintHash:
2884 		return ssh_digest_alg_name(val);
2885 	default:
2886 		switch (val) {
2887 		case 0:
2888 			return "no";
2889 		case 1:
2890 			return "yes";
2891 		default:
2892 			return "UNKNOWN";
2893 		}
2894 	}
2895 }
2896 
2897 static void
2898 dump_cfg_int(ServerOpCodes code, int val)
2899 {
2900 	if (code == sUnusedConnectionTimeout && val == 0) {
2901 		printf("%s none\n", lookup_opcode_name(code));
2902 		return;
2903 	}
2904 	printf("%s %d\n", lookup_opcode_name(code), val);
2905 }
2906 
2907 static void
2908 dump_cfg_oct(ServerOpCodes code, int val)
2909 {
2910 	printf("%s 0%o\n", lookup_opcode_name(code), val);
2911 }
2912 
2913 static void
2914 dump_cfg_fmtint(ServerOpCodes code, int val)
2915 {
2916 	printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
2917 }
2918 
2919 static void
2920 dump_cfg_string(ServerOpCodes code, const char *val)
2921 {
2922 	printf("%s %s\n", lookup_opcode_name(code),
2923 	    val == NULL ? "none" : val);
2924 }
2925 
2926 static void
2927 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
2928 {
2929 	u_int i;
2930 
2931 	for (i = 0; i < count; i++)
2932 		printf("%s %s\n", lookup_opcode_name(code), vals[i]);
2933 }
2934 
2935 static void
2936 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
2937 {
2938 	u_int i;
2939 
2940 	switch (code) {
2941 	case sAuthenticationMethods:
2942 	case sChannelTimeout:
2943 		break;
2944 	default:
2945 		if (count <= 0)
2946 			return;
2947 		break;
2948 	}
2949 
2950 	printf("%s", lookup_opcode_name(code));
2951 	for (i = 0; i < count; i++)
2952 		printf(" %s",  vals[i]);
2953 	if (code == sAuthenticationMethods && count == 0)
2954 		printf(" any");
2955 	else if (code == sChannelTimeout && count == 0)
2956 		printf(" none");
2957 	printf("\n");
2958 }
2959 
2960 static char *
2961 format_listen_addrs(struct listenaddr *la)
2962 {
2963 	int r;
2964 	struct addrinfo *ai;
2965 	char addr[NI_MAXHOST], port[NI_MAXSERV];
2966 	char *laddr1 = xstrdup(""), *laddr2 = NULL;
2967 
2968 	/*
2969 	 * ListenAddress must be after Port.  add_one_listen_addr pushes
2970 	 * addresses onto a stack, so to maintain ordering we need to
2971 	 * print these in reverse order.
2972 	 */
2973 	for (ai = la->addrs; ai; ai = ai->ai_next) {
2974 		if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
2975 		    sizeof(addr), port, sizeof(port),
2976 		    NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
2977 			error("getnameinfo: %.100s", ssh_gai_strerror(r));
2978 			continue;
2979 		}
2980 		laddr2 = laddr1;
2981 		if (ai->ai_family == AF_INET6) {
2982 			xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s",
2983 			    addr, port,
2984 			    la->rdomain == NULL ? "" : " rdomain ",
2985 			    la->rdomain == NULL ? "" : la->rdomain,
2986 			    laddr2);
2987 		} else {
2988 			xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s",
2989 			    addr, port,
2990 			    la->rdomain == NULL ? "" : " rdomain ",
2991 			    la->rdomain == NULL ? "" : la->rdomain,
2992 			    laddr2);
2993 		}
2994 		free(laddr2);
2995 	}
2996 	return laddr1;
2997 }
2998 
2999 void
3000 dump_config(ServerOptions *o)
3001 {
3002 	char *s;
3003 	u_int i;
3004 
3005 	/* these are usually at the top of the config */
3006 	for (i = 0; i < o->num_ports; i++)
3007 		printf("port %d\n", o->ports[i]);
3008 	dump_cfg_fmtint(sAddressFamily, o->address_family);
3009 
3010 	for (i = 0; i < o->num_listen_addrs; i++) {
3011 		s = format_listen_addrs(&o->listen_addrs[i]);
3012 		printf("%s", s);
3013 		free(s);
3014 	}
3015 
3016 	/* integer arguments */
3017 #ifdef USE_PAM
3018 	dump_cfg_fmtint(sUsePAM, o->use_pam);
3019 #endif
3020 	dump_cfg_int(sLoginGraceTime, o->login_grace_time);
3021 	dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
3022 	dump_cfg_int(sMaxAuthTries, o->max_authtries);
3023 	dump_cfg_int(sMaxSessions, o->max_sessions);
3024 	dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
3025 	dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
3026 	dump_cfg_int(sRequiredRSASize, o->required_rsa_size);
3027 	dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
3028 	dump_cfg_int(sUnusedConnectionTimeout, o->unused_connection_timeout);
3029 
3030 	/* formatted integer arguments */
3031 	dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
3032 	dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
3033 	dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
3034 	dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
3035 	dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
3036 	    o->hostbased_uses_name_from_packet_only);
3037 	dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
3038 #ifdef KRB5
3039 	dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
3040 	dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
3041 	dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
3042 # ifdef USE_AFS
3043 	dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
3044 # endif
3045 #endif
3046 #ifdef GSSAPI
3047 	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
3048 	dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
3049 #endif
3050 	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
3051 	dump_cfg_fmtint(sKbdInteractiveAuthentication,
3052 	    o->kbd_interactive_authentication);
3053 	dump_cfg_fmtint(sPrintMotd, o->print_motd);
3054 #ifndef DISABLE_LASTLOG
3055 	dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
3056 #endif
3057 	dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
3058 	dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
3059 	dump_cfg_fmtint(sPermitTTY, o->permit_tty);
3060 	dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
3061 	dump_cfg_fmtint(sStrictModes, o->strict_modes);
3062 	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
3063 	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
3064 	dump_cfg_fmtint(sCompression, o->compression);
3065 	dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
3066 	dump_cfg_fmtint(sUseDNS, o->use_dns);
3067 	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
3068 	dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
3069 	dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
3070 	dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
3071 	dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
3072 	dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
3073 	dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
3074 	dump_cfg_fmtint(sUseBlacklist, o->use_blacklist);
3075 
3076 	/* string arguments */
3077 	dump_cfg_string(sPidFile, o->pid_file);
3078 	dump_cfg_string(sModuliFile, o->moduli_file);
3079 	dump_cfg_string(sXAuthLocation, o->xauth_location);
3080 	dump_cfg_string(sCiphers, o->ciphers);
3081 	dump_cfg_string(sMacs, o->macs);
3082 	dump_cfg_string(sBanner, o->banner);
3083 	dump_cfg_string(sForceCommand, o->adm_forced_command);
3084 	dump_cfg_string(sChrootDirectory, o->chroot_directory);
3085 	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
3086 	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
3087 	dump_cfg_string(sSecurityKeyProvider, o->sk_provider);
3088 	dump_cfg_string(sAuthorizedPrincipalsFile,
3089 	    o->authorized_principals_file);
3090 	dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
3091 	    ? "none" : o->version_addendum);
3092 	dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
3093 	dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
3094 	dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
3095 	dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
3096 	dump_cfg_string(sHostKeyAgent, o->host_key_agent);
3097 	dump_cfg_string(sKexAlgorithms, o->kex_algorithms);
3098 	dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms);
3099 	dump_cfg_string(sHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos);
3100 	dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms);
3101 	dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos);
3102 #if defined(__OpenBSD__) || defined(HAVE_SYS_SET_PROCESS_RDOMAIN)
3103 	dump_cfg_string(sRDomain, o->routing_domain);
3104 #endif
3105 
3106 	/* string arguments requiring a lookup */
3107 	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
3108 	dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
3109 
3110 	/* string array arguments */
3111 	dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
3112 	    o->authorized_keys_files);
3113 	dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
3114 	    o->host_key_files);
3115 	dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
3116 	    o->host_cert_files);
3117 	dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
3118 	dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
3119 	dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
3120 	dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
3121 	dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
3122 	dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv);
3123 	dump_cfg_strarray_oneline(sAuthenticationMethods,
3124 	    o->num_auth_methods, o->auth_methods);
3125 	dump_cfg_strarray_oneline(sLogVerbose,
3126 	    o->num_log_verbose, o->log_verbose);
3127 	dump_cfg_strarray_oneline(sChannelTimeout,
3128 	    o->num_channel_timeouts, o->channel_timeouts);
3129 
3130 	/* other arguments */
3131 	for (i = 0; i < o->num_subsystems; i++)
3132 		printf("subsystem %s %s\n", o->subsystem_name[i],
3133 		    o->subsystem_args[i]);
3134 
3135 	printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
3136 	    o->max_startups_rate, o->max_startups);
3137 	printf("persourcemaxstartups ");
3138 	if (o->per_source_max_startups == INT_MAX)
3139 		printf("none\n");
3140 	else
3141 		printf("%d\n", o->per_source_max_startups);
3142 	printf("persourcenetblocksize %d:%d\n", o->per_source_masklen_ipv4,
3143 	    o->per_source_masklen_ipv6);
3144 
3145 	s = NULL;
3146 	for (i = 0; tunmode_desc[i].val != -1; i++) {
3147 		if (tunmode_desc[i].val == o->permit_tun) {
3148 			s = tunmode_desc[i].text;
3149 			break;
3150 		}
3151 	}
3152 	dump_cfg_string(sPermitTunnel, s);
3153 
3154 	printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
3155 	printf("%s\n", iptos2str(o->ip_qos_bulk));
3156 
3157 	printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
3158 	    o->rekey_interval);
3159 
3160 	printf("permitopen");
3161 	if (o->num_permitted_opens == 0)
3162 		printf(" any");
3163 	else {
3164 		for (i = 0; i < o->num_permitted_opens; i++)
3165 			printf(" %s", o->permitted_opens[i]);
3166 	}
3167 	printf("\n");
3168 	printf("permitlisten");
3169 	if (o->num_permitted_listens == 0)
3170 		printf(" any");
3171 	else {
3172 		for (i = 0; i < o->num_permitted_listens; i++)
3173 			printf(" %s", o->permitted_listens[i]);
3174 	}
3175 	printf("\n");
3176 
3177 	if (o->permit_user_env_allowlist == NULL) {
3178 		dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
3179 	} else {
3180 		printf("permituserenvironment %s\n",
3181 		    o->permit_user_env_allowlist);
3182 	}
3183 
3184 	printf("pubkeyauthoptions");
3185 	if (o->pubkey_auth_options == 0)
3186 		printf(" none");
3187 	if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED)
3188 		printf(" touch-required");
3189 	if (o->pubkey_auth_options & PUBKEYAUTH_VERIFY_REQUIRED)
3190 		printf(" verify-required");
3191 	printf("\n");
3192 }
3193