xref: /titanic_41/usr/src/cmd/ssh/sshd/servconf.c (revision 4d218355460e094792d6bcc161b586d7389d0d83)
1 /*
2  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3  *                    All rights reserved
4  *
5  * As far as I am concerned, the code I have written for this software
6  * can be used freely for any purpose.  Any derived versions of this
7  * software must be clearly marked as such, and if the derived work is
8  * incompatible with the protocol description in the RFC file, it must be
9  * called by a name other than "ssh" or "Secure Shell".
10  */
11 /*
12  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
13  * Use is subject to license terms.
14  */
15 
16 #include "includes.h"
17 RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
18 
19 #pragma ident	"%Z%%M%	%I%	%E% SMI"
20 
21 #ifdef HAVE_DEFOPEN
22 #include <deflt.h>
23 #endif /* HAVE_DEFOPEN */
24 
25 #if defined(KRB4)
26 #include <krb.h>
27 #endif
28 #if defined(KRB5)
29 #ifdef HEIMDAL
30 #include <krb.h>
31 #else
32 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
33  * keytab */
34 #define KEYFILE "/etc/krb5.keytab"
35 #endif
36 #endif
37 #ifdef AFS
38 #include <kafs.h>
39 #endif
40 
41 #include "ssh.h"
42 #include "log.h"
43 #include "servconf.h"
44 #include "xmalloc.h"
45 #include "compat.h"
46 #include "pathnames.h"
47 #include "tildexpand.h"
48 #include "misc.h"
49 #include "cipher.h"
50 #include "kex.h"
51 #include "mac.h"
52 #include "auth.h"
53 
54 static void add_listen_addr(ServerOptions *, char *, u_short);
55 static void add_one_listen_addr(ServerOptions *, char *, u_short);
56 
57 /* AF_UNSPEC or AF_INET or AF_INET6 */
58 extern int IPv4or6;
59 /* Use of privilege separation or not */
60 extern int use_privsep;
61 
62 /* Initializes the server options to their default values. */
63 
64 void
65 initialize_server_options(ServerOptions *options)
66 {
67 	(void) memset(options, 0, sizeof(*options));
68 
69 	/* Portable-specific options */
70 	options->pam_authentication_via_kbd_int = -1;
71 
72 	/* Standard Options */
73 	options->num_ports = 0;
74 	options->ports_from_cmdline = 0;
75 	options->listen_addrs = NULL;
76 	options->num_host_key_files = 0;
77 	options->pid_file = NULL;
78 	options->server_key_bits = -1;
79 	options->login_grace_time = -1;
80 	options->key_regeneration_time = -1;
81 	options->permit_root_login = PERMIT_NOT_SET;
82 	options->ignore_rhosts = -1;
83 	options->ignore_user_known_hosts = -1;
84 	options->print_motd = -1;
85 	options->print_lastlog = -1;
86 	options->x11_forwarding = -1;
87 	options->x11_display_offset = -1;
88 	options->x11_use_localhost = -1;
89 	options->xauth_location = NULL;
90 	options->strict_modes = -1;
91 	options->keepalives = -1;
92 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
93 	options->log_level = SYSLOG_LEVEL_NOT_SET;
94 	options->rhosts_authentication = -1;
95 	options->rhosts_rsa_authentication = -1;
96 	options->hostbased_authentication = -1;
97 	options->hostbased_uses_name_from_packet_only = -1;
98 	options->rsa_authentication = -1;
99 	options->pubkey_authentication = -1;
100 #ifdef GSSAPI
101 	options->gss_authentication = -1;
102 	options->gss_keyex = -1;
103 	options->gss_store_creds = -1;
104 	options->gss_use_session_ccache = -1;
105 	options->gss_cleanup_creds = -1;
106 #endif
107 #if defined(KRB4) || defined(KRB5)
108 	options->kerberos_authentication = -1;
109 	options->kerberos_or_local_passwd = -1;
110 	options->kerberos_ticket_cleanup = -1;
111 #endif
112 #if defined(AFS) || defined(KRB5)
113 	options->kerberos_tgt_passing = -1;
114 #endif
115 #ifdef AFS
116 	options->afs_token_passing = -1;
117 #endif
118 	options->password_authentication = -1;
119 	options->kbd_interactive_authentication = -1;
120 	options->challenge_response_authentication = -1;
121 	options->permit_empty_passwd = -1;
122 	options->permit_user_env = -1;
123 	options->use_login = -1;
124 	options->compression = -1;
125 	options->allow_tcp_forwarding = -1;
126 	options->num_allow_users = 0;
127 	options->num_deny_users = 0;
128 	options->num_allow_groups = 0;
129 	options->num_deny_groups = 0;
130 	options->ciphers = NULL;
131 	options->macs = NULL;
132 	options->protocol = SSH_PROTO_UNKNOWN;
133 	options->gateway_ports = -1;
134 	options->num_subsystems = 0;
135 	options->max_startups_begin = -1;
136 	options->max_startups_rate = -1;
137 	options->max_startups = -1;
138 	options->banner = NULL;
139 	options->verify_reverse_mapping = -1;
140 	options->client_alive_interval = -1;
141 	options->client_alive_count_max = -1;
142 	options->authorized_keys_file = NULL;
143 	options->authorized_keys_file2 = NULL;
144 
145 	options->max_auth_tries = -1;
146 	options->max_auth_tries_log = -1;
147 
148 	options->max_init_auth_tries = -1;
149 	options->max_init_auth_tries_log = -1;
150 
151 	options->lookup_client_hostnames = -1;
152 
153 	/* Needs to be accessable in many places */
154 	use_privsep = -1;
155 }
156 
157 #ifdef HAVE_DEFOPEN
158 /*
159  * Reads /etc/default/login and defaults several ServerOptions:
160  *
161  * PermitRootLogin
162  * PermitEmptyPasswords
163  * LoginGraceTime
164  *
165  * CONSOLE=*      -> PermitRootLogin=without-password
166  * #CONSOLE=*     -> PermitRootLogin=yes
167  *
168  * PASSREQ=YES    -> PermitEmptyPasswords=no
169  * PASSREQ=NO     -> PermitEmptyPasswords=yes
170  * #PASSREQ=*     -> PermitEmptyPasswords=no
171  *
172  * TIMEOUT=<secs> -> LoginGraceTime=<secs>
173  * #TIMEOUT=<secs> -> LoginGraceTime=300
174  */
175 static
176 void
177 deflt_fill_default_server_options(ServerOptions *options)
178 {
179 	int	flags;
180 	char	*ptr;
181 
182 	if (defopen(_PATH_DEFAULT_LOGIN))
183 		return;
184 
185 	/* Ignore case */
186 	flags = defcntl(DC_GETFLAGS, 0);
187 	TURNOFF(flags, DC_CASE);
188 	(void) defcntl(DC_SETFLAGS, flags);
189 
190 	if (options->permit_root_login == PERMIT_NOT_SET &&
191 	    (ptr = defread("CONSOLE=")) != NULL)
192 		options->permit_root_login = PERMIT_NO_PASSWD;
193 
194 	if (options->permit_empty_passwd == -1 &&
195 	    (ptr = defread("PASSREQ=")) != NULL) {
196 		if (strcasecmp("YES", ptr) == 0)
197 			options->permit_empty_passwd = 0;
198 		else if (strcasecmp("NO", ptr) == 0)
199 			options->permit_empty_passwd = 1;
200 	}
201 
202 	if (options->max_init_auth_tries == -1 &&
203 	    (ptr = defread("RETRIES=")) != NULL) {
204 		options->max_init_auth_tries = atoi(ptr);
205 	}
206 
207 	if (options->max_init_auth_tries_log == -1 &&
208 	    (ptr = defread("SYSLOG_FAILED_LOGINS=")) != NULL) {
209 		options->max_init_auth_tries_log = atoi(ptr);
210 	}
211 
212 	if (options->login_grace_time == -1) {
213 		if ((ptr = defread("TIMEOUT=")) != NULL)
214 			options->login_grace_time = (unsigned)atoi(ptr);
215 		else
216 			options->login_grace_time = 300;
217 	}
218 
219 	(void) defopen((char *)NULL);
220 }
221 #endif /* HAVE_DEFOPEN */
222 
223 void
224 fill_default_server_options(ServerOptions *options)
225 {
226 
227 #ifdef HAVE_DEFOPEN
228 	deflt_fill_default_server_options(options);
229 #endif /* HAVE_DEFOPEN */
230 
231 	/* Portable-specific options */
232 	if (options->pam_authentication_via_kbd_int == -1)
233 		options->pam_authentication_via_kbd_int = 0;
234 
235 	/* Standard Options */
236 	if (options->protocol == SSH_PROTO_UNKNOWN)
237 		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
238 	if (options->num_host_key_files == 0) {
239 		/* fill default hostkeys for protocols */
240 		if (options->protocol & SSH_PROTO_1)
241 			options->host_key_files[options->num_host_key_files++] =
242 			    _PATH_HOST_KEY_FILE;
243 #ifndef GSSAPI
244 		/* With GSS keyex we can run v2 w/ no host keys */
245 		if (options->protocol & SSH_PROTO_2) {
246 			options->host_key_files[options->num_host_key_files++] =
247 			    _PATH_HOST_RSA_KEY_FILE;
248 			options->host_key_files[options->num_host_key_files++] =
249 			    _PATH_HOST_DSA_KEY_FILE;
250 		}
251 #endif /* GSSAPI */
252 	}
253 	if (options->num_ports == 0)
254 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
255 	if (options->listen_addrs == NULL)
256 		add_listen_addr(options, NULL, 0);
257 	if (options->pid_file == NULL)
258 		options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
259 	if (options->server_key_bits == -1)
260 		options->server_key_bits = 768;
261 	if (options->login_grace_time == -1)
262 		options->login_grace_time = 120;
263 	if (options->key_regeneration_time == -1)
264 		options->key_regeneration_time = 3600;
265 	if (options->permit_root_login == PERMIT_NOT_SET)
266 		options->permit_root_login = PERMIT_YES;
267 	if (options->ignore_rhosts == -1)
268 		options->ignore_rhosts = 1;
269 	if (options->ignore_user_known_hosts == -1)
270 		options->ignore_user_known_hosts = 0;
271 	if (options->print_motd == -1)
272 		options->print_motd = 1;
273 	if (options->print_lastlog == -1)
274 		options->print_lastlog = 1;
275 	if (options->x11_forwarding == -1)
276 		options->x11_forwarding = 1;
277 	if (options->x11_display_offset == -1)
278 		options->x11_display_offset = 10;
279 	if (options->x11_use_localhost == -1)
280 		options->x11_use_localhost = 1;
281 	if (options->xauth_location == NULL)
282 		options->xauth_location = _PATH_XAUTH;
283 	if (options->strict_modes == -1)
284 		options->strict_modes = 1;
285 	if (options->keepalives == -1)
286 		options->keepalives = 1;
287 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
288 		options->log_facility = SYSLOG_FACILITY_AUTH;
289 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
290 		options->log_level = SYSLOG_LEVEL_INFO;
291 	if (options->rhosts_authentication == -1)
292 		options->rhosts_authentication = 0;
293 	if (options->rhosts_rsa_authentication == -1)
294 		options->rhosts_rsa_authentication = 0;
295 	if (options->hostbased_authentication == -1)
296 		options->hostbased_authentication = 0;
297 	if (options->hostbased_uses_name_from_packet_only == -1)
298 		options->hostbased_uses_name_from_packet_only = 0;
299 	if (options->rsa_authentication == -1)
300 		options->rsa_authentication = 1;
301 	if (options->pubkey_authentication == -1)
302 		options->pubkey_authentication = 1;
303 #ifdef GSSAPI
304 	if (options->gss_authentication == -1)
305 		options->gss_authentication = 1;
306 	if (options->gss_keyex == -1)
307 		options->gss_keyex = 1;
308 	if (options->gss_store_creds == -1)
309 		options->gss_store_creds = 1;
310 	if (options->gss_use_session_ccache == -1)
311 		options->gss_use_session_ccache = 1;
312 	if (options->gss_cleanup_creds == -1)
313 		options->gss_cleanup_creds = 1;
314 #endif
315 #if defined(KRB4) || defined(KRB5)
316 	if (options->kerberos_authentication == -1)
317 		options->kerberos_authentication = 0;
318 	if (options->kerberos_or_local_passwd == -1)
319 		options->kerberos_or_local_passwd = 1;
320 	if (options->kerberos_ticket_cleanup == -1)
321 		options->kerberos_ticket_cleanup = 1;
322 #endif
323 #if defined(AFS) || defined(KRB5)
324 	if (options->kerberos_tgt_passing == -1)
325 		options->kerberos_tgt_passing = 0;
326 #endif
327 #ifdef AFS
328 	if (options->afs_token_passing == -1)
329 		options->afs_token_passing = 0;
330 #endif
331 	if (options->password_authentication == -1)
332 		options->password_authentication = 1;
333 	if (options->kbd_interactive_authentication == -1)
334 		options->kbd_interactive_authentication = 0;
335 	if (options->challenge_response_authentication == -1)
336 		options->challenge_response_authentication = 1;
337 	if (options->permit_empty_passwd == -1)
338 		options->permit_empty_passwd = 0;
339 	if (options->permit_user_env == -1)
340 		options->permit_user_env = 0;
341 	if (options->use_login == -1)
342 		options->use_login = 0;
343 	if (options->compression == -1)
344 		options->compression = 1;
345 	if (options->allow_tcp_forwarding == -1)
346 		options->allow_tcp_forwarding = 1;
347 	if (options->gateway_ports == -1)
348 		options->gateway_ports = 0;
349 	if (options->max_startups == -1)
350 		options->max_startups = 10;
351 	if (options->max_startups_rate == -1)
352 		options->max_startups_rate = 100;		/* 100% */
353 	if (options->max_startups_begin == -1)
354 		options->max_startups_begin = options->max_startups;
355 	if (options->verify_reverse_mapping == -1)
356 		options->verify_reverse_mapping = 0;
357 	if (options->client_alive_interval == -1)
358 		options->client_alive_interval = 0;
359 	if (options->client_alive_count_max == -1)
360 		options->client_alive_count_max = 3;
361 	if (options->authorized_keys_file2 == NULL) {
362 		/* authorized_keys_file2 falls back to authorized_keys_file */
363 		if (options->authorized_keys_file != NULL)
364 			options->authorized_keys_file2 = options->authorized_keys_file;
365 		else
366 			options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
367 	}
368 	if (options->authorized_keys_file == NULL)
369 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
370 
371 	if (options->max_auth_tries == -1)
372 		options->max_auth_tries = AUTH_FAIL_MAX;
373 	if (options->max_auth_tries_log == -1)
374 		options->max_auth_tries_log = options->max_auth_tries / 2;
375 
376 	if (options->max_init_auth_tries == -1)
377 		options->max_init_auth_tries = AUTH_FAIL_MAX;
378 	if (options->max_init_auth_tries_log == -1)
379 		options->max_init_auth_tries_log = options->max_init_auth_tries / 2;
380 
381 	if (options->lookup_client_hostnames == -1)
382 		options->lookup_client_hostnames = 1;
383 
384 	/* XXX SUNWssh resync */
385 	/* Turn privilege separation OFF by default */
386 	if (use_privsep == -1)
387 		use_privsep = 0;
388 
389 #ifndef HAVE_MMAP
390 	if (use_privsep && options->compression == 1) {
391 		error("This platform does not support both privilege "
392 		    "separation and compression");
393 		error("Compression disabled");
394 		options->compression = 0;
395 	}
396 #endif
397 
398 }
399 
400 /* Keyword tokens. */
401 typedef enum {
402 	sBadOption,		/* == unknown option */
403 	/* Portable-specific options */
404 	sPAMAuthenticationViaKbdInt,
405 	/* Standard Options */
406 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
407 	sPermitRootLogin, sLogFacility, sLogLevel,
408 	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
409 #ifdef GSSAPI
410 	sGssAuthentication, sGssKeyEx, sGssStoreDelegCreds,
411 	sGssUseSessionCredCache, sGssCleanupCreds,
412 #endif /* GSSAPI */
413 #if defined(KRB4) || defined(KRB5)
414 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
415 #endif
416 #if defined(AFS) || defined(KRB5)
417 	sKerberosTgtPassing,
418 #endif
419 #ifdef AFS
420 	sAFSTokenPassing,
421 #endif
422 	sChallengeResponseAuthentication,
423 	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
424 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
425 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
426 	sStrictModes, sEmptyPasswd, sKeepAlives,
427 	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
428 	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
429 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
430 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
431 	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
432 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
433 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
434 	sMaxAuthTries, sMaxAuthTriesLog, sUsePrivilegeSeparation,
435 	sLookupClientHostnames,
436 	sDeprecated
437 } ServerOpCodes;
438 
439 /* Textual representation of the tokens. */
440 static struct {
441 	const char *name;
442 	ServerOpCodes opcode;
443 } keywords[] = {
444 	/* Portable-specific options */
445 	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
446 	/* Standard Options */
447 	{ "port", sPort },
448 	{ "hostkey", sHostKeyFile },
449 	{ "hostdsakey", sHostKeyFile },					/* alias */
450 	{ "pidfile", sPidFile },
451 	{ "serverkeybits", sServerKeyBits },
452 	{ "logingracetime", sLoginGraceTime },
453 	{ "keyregenerationinterval", sKeyRegenerationTime },
454 	{ "permitrootlogin", sPermitRootLogin },
455 	{ "syslogfacility", sLogFacility },
456 	{ "loglevel", sLogLevel },
457 	{ "rhostsauthentication", sRhostsAuthentication },
458 	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
459 	{ "hostbasedauthentication", sHostbasedAuthentication },
460 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
461 	{ "rsaauthentication", sRSAAuthentication },
462 	{ "pubkeyauthentication", sPubkeyAuthentication },
463 	{ "dsaauthentication", sPubkeyAuthentication },			/* alias */
464 #ifdef GSSAPI
465 	{ "gssapiauthentication", sGssAuthentication },
466 	{ "gssapikeyexchange", sGssKeyEx },
467 	{ "gssapistoredelegatedcredentials", sGssStoreDelegCreds },
468 	{ "gssauthentication", sGssAuthentication },			/* alias */
469 	{ "gsskeyex", sGssKeyEx },					/* alias */
470 	{ "gssstoredelegcreds", sGssStoreDelegCreds },			/* alias */
471 #ifndef SUNW_GSSAPI
472 	{ "gssusesessionccache", sGssUseSessionCredCache },
473 	{ "gssusesessioncredcache", sGssUseSessionCredCache },
474 	{ "gsscleanupcreds", sGssCleanupCreds },
475 #endif /* SUNW_GSSAPI */
476 #endif
477 #if defined(KRB4) || defined(KRB5)
478 	{ "kerberosauthentication", sKerberosAuthentication },
479 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
480 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
481 #endif
482 #if defined(AFS) || defined(KRB5)
483 	{ "kerberostgtpassing", sKerberosTgtPassing },
484 #endif
485 #ifdef AFS
486 	{ "afstokenpassing", sAFSTokenPassing },
487 #endif
488 	{ "passwordauthentication", sPasswordAuthentication },
489 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
490 	{ "challengeresponseauthentication", sChallengeResponseAuthentication },
491 	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
492 	{ "checkmail", sDeprecated },
493 	{ "listenaddress", sListenAddress },
494 	{ "printmotd", sPrintMotd },
495 	{ "printlastlog", sPrintLastLog },
496 	{ "ignorerhosts", sIgnoreRhosts },
497 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
498 	{ "x11forwarding", sX11Forwarding },
499 	{ "x11displayoffset", sX11DisplayOffset },
500 	{ "x11uselocalhost", sX11UseLocalhost },
501 	{ "xauthlocation", sXAuthLocation },
502 	{ "strictmodes", sStrictModes },
503 	{ "permitemptypasswords", sEmptyPasswd },
504 	{ "permituserenvironment", sPermitUserEnvironment },
505 	{ "uselogin", sUseLogin },
506 	{ "compression", sCompression },
507 	{ "keepalive", sKeepAlives },
508 	{ "allowtcpforwarding", sAllowTcpForwarding },
509 	{ "allowusers", sAllowUsers },
510 	{ "denyusers", sDenyUsers },
511 	{ "allowgroups", sAllowGroups },
512 	{ "denygroups", sDenyGroups },
513 	{ "ciphers", sCiphers },
514 	{ "macs", sMacs },
515 	{ "protocol", sProtocol },
516 	{ "gatewayports", sGatewayPorts },
517 	{ "subsystem", sSubsystem },
518 	{ "maxstartups", sMaxStartups },
519 	{ "banner", sBanner },
520 	{ "verifyreversemapping", sVerifyReverseMapping },
521 	{ "reversemappingcheck", sVerifyReverseMapping },
522 	{ "clientaliveinterval", sClientAliveInterval },
523 	{ "clientalivecountmax", sClientAliveCountMax },
524 	{ "authorizedkeysfile", sAuthorizedKeysFile },
525 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
526 	{ "maxauthtries", sMaxAuthTries },
527 	{ "maxauthtrieslog", sMaxAuthTriesLog },
528 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
529 	{ "lookupclienthostnames", sLookupClientHostnames},
530 	{ NULL, sBadOption }
531 };
532 
533 /*
534  * Returns the number of the token pointed to by cp or sBadOption.
535  */
536 
537 static ServerOpCodes
538 parse_token(const char *cp, const char *filename,
539 	    int linenum)
540 {
541 	u_int i;
542 
543 	for (i = 0; keywords[i].name; i++)
544 		if (strcasecmp(cp, keywords[i].name) == 0)
545 			return keywords[i].opcode;
546 
547 	error("%s: line %d: Bad configuration option: %s",
548 	    filename, linenum, cp);
549 	return sBadOption;
550 }
551 
552 static void
553 add_listen_addr(ServerOptions *options, char *addr, u_short port)
554 {
555 	int i;
556 
557 	if (options->num_ports == 0)
558 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
559 	if (port == 0)
560 		for (i = 0; i < options->num_ports; i++)
561 			add_one_listen_addr(options, addr, options->ports[i]);
562 	else
563 		add_one_listen_addr(options, addr, port);
564 }
565 
566 static void
567 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
568 {
569 	struct addrinfo hints, *ai, *aitop;
570 	char strport[NI_MAXSERV];
571 	int gaierr;
572 
573 	(void) memset(&hints, 0, sizeof(hints));
574 	hints.ai_family = IPv4or6;
575 	hints.ai_socktype = SOCK_STREAM;
576 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
577 	(void) snprintf(strport, sizeof strport, "%u", port);
578 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
579 		fatal("bad addr or host: %s (%s)",
580 		    addr ? addr : "<NULL>",
581 		    gai_strerror(gaierr));
582 	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
583 		;
584 	ai->ai_next = options->listen_addrs;
585 	options->listen_addrs = aitop;
586 }
587 
588 int
589 process_server_config_line(ServerOptions *options, char *line,
590     const char *filename, int linenum)
591 {
592 	char *cp, **charptr, *arg, *p;
593 	int *intptr, value, i, n;
594 	ServerOpCodes opcode;
595 
596 	cp = line;
597 	arg = strdelim(&cp);
598 	/* Ignore leading whitespace */
599 	if (*arg == '\0')
600 		arg = strdelim(&cp);
601 	if (!arg || !*arg || *arg == '#')
602 		return 0;
603 	intptr = NULL;
604 	charptr = NULL;
605 	opcode = parse_token(arg, filename, linenum);
606 	switch (opcode) {
607 	/* Portable-specific options */
608 	case sPAMAuthenticationViaKbdInt:
609 		intptr = &options->pam_authentication_via_kbd_int;
610 		goto parse_flag;
611 
612 	/* Standard Options */
613 	case sBadOption:
614 		return -1;
615 	case sPort:
616 		/* ignore ports from configfile if cmdline specifies ports */
617 		if (options->ports_from_cmdline)
618 			return 0;
619 		if (options->listen_addrs != NULL)
620 			fatal("%s line %d: ports must be specified before "
621 			    "ListenAddress.", filename, linenum);
622 		if (options->num_ports >= MAX_PORTS)
623 			fatal("%s line %d: too many ports.",
624 			    filename, linenum);
625 		arg = strdelim(&cp);
626 		if (!arg || *arg == '\0')
627 			fatal("%s line %d: missing port number.",
628 			    filename, linenum);
629 		options->ports[options->num_ports++] = a2port(arg);
630 		if (options->ports[options->num_ports-1] == 0)
631 			fatal("%s line %d: Badly formatted port number.",
632 			    filename, linenum);
633 		break;
634 
635 	case sServerKeyBits:
636 		intptr = &options->server_key_bits;
637 parse_int:
638 		arg = strdelim(&cp);
639 		if (!arg || *arg == '\0')
640 			fatal("%s line %d: missing integer value.",
641 			    filename, linenum);
642 		value = atoi(arg);
643 		if (*intptr == -1)
644 			*intptr = value;
645 		break;
646 
647 	case sLoginGraceTime:
648 		intptr = &options->login_grace_time;
649 parse_time:
650 		arg = strdelim(&cp);
651 		if (!arg || *arg == '\0')
652 			fatal("%s line %d: missing time value.",
653 			    filename, linenum);
654 		if ((value = convtime(arg)) == -1)
655 			fatal("%s line %d: invalid time value.",
656 			    filename, linenum);
657 		if (*intptr == -1)
658 			*intptr = value;
659 		break;
660 
661 	case sKeyRegenerationTime:
662 		intptr = &options->key_regeneration_time;
663 		goto parse_time;
664 
665 	case sListenAddress:
666 		arg = strdelim(&cp);
667 		if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
668 			fatal("%s line %d: missing inet addr.",
669 			    filename, linenum);
670 		if (*arg == '[') {
671 			if ((p = strchr(arg, ']')) == NULL)
672 				fatal("%s line %d: bad ipv6 inet addr usage.",
673 				    filename, linenum);
674 			arg++;
675 			(void) memmove(p, p+1, strlen(p+1)+1);
676 		} else if (((p = strchr(arg, ':')) == NULL) ||
677 			    (strchr(p+1, ':') != NULL)) {
678 			add_listen_addr(options, arg, 0);
679 			break;
680 		}
681 		if (*p == ':') {
682 			u_short port;
683 
684 			p++;
685 			if (*p == '\0')
686 				fatal("%s line %d: bad inet addr:port usage.",
687 				    filename, linenum);
688 			else {
689 				*(p-1) = '\0';
690 				if ((port = a2port(p)) == 0)
691 					fatal("%s line %d: bad port number.",
692 					    filename, linenum);
693 				add_listen_addr(options, arg, port);
694 			}
695 		} else if (*p == '\0')
696 			add_listen_addr(options, arg, 0);
697 		else
698 			fatal("%s line %d: bad inet addr usage.",
699 			    filename, linenum);
700 		break;
701 
702 	case sHostKeyFile:
703 		intptr = &options->num_host_key_files;
704 		if (*intptr >= MAX_HOSTKEYS)
705 			fatal("%s line %d: too many host keys specified (max %d).",
706 			    filename, linenum, MAX_HOSTKEYS);
707 		charptr = &options->host_key_files[*intptr];
708 parse_filename:
709 		arg = strdelim(&cp);
710 		if (!arg || *arg == '\0')
711 			fatal("%s line %d: missing file name.",
712 			    filename, linenum);
713 		if (*charptr == NULL) {
714 			*charptr = tilde_expand_filename(arg, getuid());
715 			/* increase optional counter */
716 			if (intptr != NULL)
717 				*intptr = *intptr + 1;
718 		}
719 		break;
720 
721 	case sPidFile:
722 		charptr = &options->pid_file;
723 		goto parse_filename;
724 
725 	case sPermitRootLogin:
726 		intptr = &options->permit_root_login;
727 		arg = strdelim(&cp);
728 		if (!arg || *arg == '\0')
729 			fatal("%s line %d: missing yes/"
730 			    "without-password/forced-commands-only/no "
731 			    "argument.", filename, linenum);
732 		value = 0;	/* silence compiler */
733 		if (strcmp(arg, "without-password") == 0)
734 			value = PERMIT_NO_PASSWD;
735 		else if (strcmp(arg, "forced-commands-only") == 0)
736 			value = PERMIT_FORCED_ONLY;
737 		else if (strcmp(arg, "yes") == 0)
738 			value = PERMIT_YES;
739 		else if (strcmp(arg, "no") == 0)
740 			value = PERMIT_NO;
741 		else
742 			fatal("%s line %d: Bad yes/"
743 			    "without-password/forced-commands-only/no "
744 			    "argument: %s", filename, linenum, arg);
745 		if (*intptr == -1)
746 			*intptr = value;
747 		break;
748 
749 	case sIgnoreRhosts:
750 		intptr = &options->ignore_rhosts;
751 parse_flag:
752 		arg = strdelim(&cp);
753 		if (!arg || *arg == '\0')
754 			fatal("%s line %d: missing yes/no argument.",
755 			    filename, linenum);
756 		value = 0;	/* silence compiler */
757 		if (strcmp(arg, "yes") == 0)
758 			value = 1;
759 		else if (strcmp(arg, "no") == 0)
760 			value = 0;
761 		else
762 			fatal("%s line %d: Bad yes/no argument: %s",
763 				filename, linenum, arg);
764 		if (*intptr == -1)
765 			*intptr = value;
766 		break;
767 
768 	case sIgnoreUserKnownHosts:
769 		intptr = &options->ignore_user_known_hosts;
770 		goto parse_flag;
771 
772 	case sRhostsAuthentication:
773 		intptr = &options->rhosts_authentication;
774 		goto parse_flag;
775 
776 	case sRhostsRSAAuthentication:
777 		intptr = &options->rhosts_rsa_authentication;
778 		goto parse_flag;
779 
780 	case sHostbasedAuthentication:
781 		intptr = &options->hostbased_authentication;
782 		goto parse_flag;
783 
784 	case sHostbasedUsesNameFromPacketOnly:
785 		intptr = &options->hostbased_uses_name_from_packet_only;
786 		goto parse_flag;
787 
788 	case sRSAAuthentication:
789 		intptr = &options->rsa_authentication;
790 		goto parse_flag;
791 
792 	case sPubkeyAuthentication:
793 		intptr = &options->pubkey_authentication;
794 		goto parse_flag;
795 #ifdef GSSAPI
796 	case sGssAuthentication:
797 		intptr = &options->gss_authentication;
798 		goto parse_flag;
799 	case sGssKeyEx:
800 		intptr = &options->gss_keyex;
801 		goto parse_flag;
802 	case sGssStoreDelegCreds:
803 		intptr = &options->gss_keyex;
804 		goto parse_flag;
805 #ifndef SUNW_GSSAPI
806 	case sGssUseSessionCredCache:
807 		intptr = &options->gss_use_session_ccache;
808 		goto parse_flag;
809 	case sGssCleanupCreds:
810 		intptr = &options->gss_cleanup_creds;
811 		goto parse_flag;
812 #endif /* SUNW_GSSAPI */
813 #endif /* GSSAPI */
814 #if defined(KRB4) || defined(KRB5)
815 	case sKerberosAuthentication:
816 		intptr = &options->kerberos_authentication;
817 		goto parse_flag;
818 
819 	case sKerberosOrLocalPasswd:
820 		intptr = &options->kerberos_or_local_passwd;
821 		goto parse_flag;
822 
823 	case sKerberosTicketCleanup:
824 		intptr = &options->kerberos_ticket_cleanup;
825 		goto parse_flag;
826 #endif
827 #if defined(AFS) || defined(KRB5)
828 	case sKerberosTgtPassing:
829 		intptr = &options->kerberos_tgt_passing;
830 		goto parse_flag;
831 #endif
832 #ifdef AFS
833 	case sAFSTokenPassing:
834 		intptr = &options->afs_token_passing;
835 		goto parse_flag;
836 #endif
837 
838 	case sPasswordAuthentication:
839 		intptr = &options->password_authentication;
840 		goto parse_flag;
841 
842 	case sKbdInteractiveAuthentication:
843 		intptr = &options->kbd_interactive_authentication;
844 		goto parse_flag;
845 
846 	case sChallengeResponseAuthentication:
847 		intptr = &options->challenge_response_authentication;
848 		goto parse_flag;
849 
850 	case sPrintMotd:
851 		intptr = &options->print_motd;
852 		goto parse_flag;
853 
854 	case sPrintLastLog:
855 		intptr = &options->print_lastlog;
856 		goto parse_flag;
857 
858 	case sX11Forwarding:
859 		intptr = &options->x11_forwarding;
860 		goto parse_flag;
861 
862 	case sX11DisplayOffset:
863 		intptr = &options->x11_display_offset;
864 		goto parse_int;
865 
866 	case sX11UseLocalhost:
867 		intptr = &options->x11_use_localhost;
868 		goto parse_flag;
869 
870 	case sXAuthLocation:
871 		charptr = &options->xauth_location;
872 		goto parse_filename;
873 
874 	case sStrictModes:
875 		intptr = &options->strict_modes;
876 		goto parse_flag;
877 
878 	case sKeepAlives:
879 		intptr = &options->keepalives;
880 		goto parse_flag;
881 
882 	case sEmptyPasswd:
883 		intptr = &options->permit_empty_passwd;
884 		goto parse_flag;
885 
886 	case sPermitUserEnvironment:
887 		intptr = &options->permit_user_env;
888 		goto parse_flag;
889 
890 	case sUseLogin:
891 		intptr = &options->use_login;
892 		goto parse_flag;
893 
894 	case sCompression:
895 		intptr = &options->compression;
896 		goto parse_flag;
897 
898 	case sGatewayPorts:
899 		arg = strdelim(&cp);
900 		if (get_yes_no_flag(&options->gateway_ports, arg, filename,
901 		    linenum, 1) == 1)
902 			break;
903 
904 		if (strcmp(arg, "clientspecified") == 0)
905 			options->gateway_ports = 2;
906 		else
907 			fatal("%.200s line %d: Bad yes/no/clientspecified "
908 			    "argument.", filename, linenum);
909 		break;
910 
911 	case sVerifyReverseMapping:
912 		intptr = &options->verify_reverse_mapping;
913 		goto parse_flag;
914 
915 	case sLogFacility:
916 		intptr = (int *) &options->log_facility;
917 		arg = strdelim(&cp);
918 		value = log_facility_number(arg);
919 		if (value == SYSLOG_FACILITY_NOT_SET)
920 			fatal("%.200s line %d: unsupported log facility '%s'",
921 			    filename, linenum, arg ? arg : "<NONE>");
922 		if (*intptr == -1)
923 			*intptr = (SyslogFacility) value;
924 		break;
925 
926 	case sLogLevel:
927 		intptr = (int *) &options->log_level;
928 		arg = strdelim(&cp);
929 		value = log_level_number(arg);
930 		if (value == SYSLOG_LEVEL_NOT_SET)
931 			fatal("%.200s line %d: unsupported log level '%s'",
932 			    filename, linenum, arg ? arg : "<NONE>");
933 		if (*intptr == -1)
934 			*intptr = (LogLevel) value;
935 		break;
936 
937 	case sAllowTcpForwarding:
938 		intptr = &options->allow_tcp_forwarding;
939 		goto parse_flag;
940 
941 	case sUsePrivilegeSeparation:
942 		intptr = &use_privsep;
943 		goto parse_flag;
944 
945 	case sAllowUsers:
946 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
947 			if (options->num_allow_users >= MAX_ALLOW_USERS)
948 				fatal("%s line %d: too many allow users.",
949 				    filename, linenum);
950 			options->allow_users[options->num_allow_users++] =
951 			    xstrdup(arg);
952 		}
953 		break;
954 
955 	case sDenyUsers:
956 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
957 			if (options->num_deny_users >= MAX_DENY_USERS)
958 				fatal( "%s line %d: too many deny users.",
959 				    filename, linenum);
960 			options->deny_users[options->num_deny_users++] =
961 			    xstrdup(arg);
962 		}
963 		break;
964 
965 	case sAllowGroups:
966 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
967 			if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
968 				fatal("%s line %d: too many allow groups.",
969 				    filename, linenum);
970 			options->allow_groups[options->num_allow_groups++] =
971 			    xstrdup(arg);
972 		}
973 		break;
974 
975 	case sDenyGroups:
976 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
977 			if (options->num_deny_groups >= MAX_DENY_GROUPS)
978 				fatal("%s line %d: too many deny groups.",
979 				    filename, linenum);
980 			options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
981 		}
982 		break;
983 
984 	case sCiphers:
985 		arg = strdelim(&cp);
986 		if (!arg || *arg == '\0')
987 			fatal("%s line %d: Missing argument.", filename, linenum);
988 		if (!ciphers_valid(arg))
989 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
990 			    filename, linenum, arg ? arg : "<NONE>");
991 		if (options->ciphers == NULL)
992 			options->ciphers = xstrdup(arg);
993 		break;
994 
995 	case sMacs:
996 		arg = strdelim(&cp);
997 		if (!arg || *arg == '\0')
998 			fatal("%s line %d: Missing argument.", filename, linenum);
999 		if (!mac_valid(arg))
1000 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1001 			    filename, linenum, arg ? arg : "<NONE>");
1002 		if (options->macs == NULL)
1003 			options->macs = xstrdup(arg);
1004 		break;
1005 
1006 	case sProtocol:
1007 		intptr = &options->protocol;
1008 		arg = strdelim(&cp);
1009 		if (!arg || *arg == '\0')
1010 			fatal("%s line %d: Missing argument.", filename, linenum);
1011 		value = proto_spec(arg);
1012 		if (value == SSH_PROTO_UNKNOWN)
1013 			fatal("%s line %d: Bad protocol spec '%s'.",
1014 			    filename, linenum, arg ? arg : "<NONE>");
1015 		if (*intptr == SSH_PROTO_UNKNOWN)
1016 			*intptr = value;
1017 		break;
1018 
1019 	case sSubsystem:
1020 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1021 			fatal("%s line %d: too many subsystems defined.",
1022 			    filename, linenum);
1023 		}
1024 		arg = strdelim(&cp);
1025 		if (!arg || *arg == '\0')
1026 			fatal("%s line %d: Missing subsystem name.",
1027 			    filename, linenum);
1028 		for (i = 0; i < options->num_subsystems; i++)
1029 			if (strcmp(arg, options->subsystem_name[i]) == 0)
1030 				fatal("%s line %d: Subsystem '%s' already defined.",
1031 				    filename, linenum, arg);
1032 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1033 		arg = strdelim(&cp);
1034 		if (!arg || *arg == '\0')
1035 			fatal("%s line %d: Missing subsystem command.",
1036 			    filename, linenum);
1037 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1038 		options->num_subsystems++;
1039 		break;
1040 
1041 	case sMaxStartups:
1042 		arg = strdelim(&cp);
1043 		if (!arg || *arg == '\0')
1044 			fatal("%s line %d: Missing MaxStartups spec.",
1045 			    filename, linenum);
1046 		if ((n = sscanf(arg, "%d:%d:%d",
1047 		    &options->max_startups_begin,
1048 		    &options->max_startups_rate,
1049 		    &options->max_startups)) == 3) {
1050 			if (options->max_startups_begin >
1051 			    options->max_startups ||
1052 			    options->max_startups_rate > 100 ||
1053 			    options->max_startups_rate < 1)
1054 				fatal("%s line %d: Illegal MaxStartups spec.",
1055 				    filename, linenum);
1056 		} else if (n != 1)
1057 			fatal("%s line %d: Illegal MaxStartups spec.",
1058 			    filename, linenum);
1059 		else
1060 			options->max_startups = options->max_startups_begin;
1061 		break;
1062 
1063 	case sBanner:
1064 		charptr = &options->banner;
1065 		goto parse_filename;
1066 	/*
1067 	 * These options can contain %X options expanded at
1068 	 * connect time, so that you can specify paths like:
1069 	 *
1070 	 * AuthorizedKeysFile	/etc/ssh_keys/%u
1071 	 */
1072 	case sAuthorizedKeysFile:
1073 	case sAuthorizedKeysFile2:
1074 		charptr = (opcode == sAuthorizedKeysFile ) ?
1075 		    &options->authorized_keys_file :
1076 		    &options->authorized_keys_file2;
1077 		goto parse_filename;
1078 
1079 	case sClientAliveInterval:
1080 		intptr = &options->client_alive_interval;
1081 		goto parse_time;
1082 
1083 	case sClientAliveCountMax:
1084 		intptr = &options->client_alive_count_max;
1085 		goto parse_int;
1086 
1087 	case sMaxAuthTries:
1088 		intptr = &options->max_auth_tries;
1089 		goto parse_int;
1090 
1091 	case sMaxAuthTriesLog:
1092 		intptr = &options->max_auth_tries_log;
1093 		goto parse_int;
1094 
1095 	case sLookupClientHostnames:
1096 		intptr = &options->lookup_client_hostnames;
1097 		goto parse_flag;
1098 
1099 	case sDeprecated:
1100 		log("%s line %d: Deprecated option %s",
1101 		    filename, linenum, arg);
1102 		while (arg)
1103 		    arg = strdelim(&cp);
1104 		break;
1105 
1106 	default:
1107 		fatal("%s line %d: Missing handler for opcode %s (%d)",
1108 		    filename, linenum, arg, opcode);
1109 	}
1110 	if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1111 		fatal("%s line %d: garbage at end of line; \"%.200s\".",
1112 		    filename, linenum, arg);
1113 	return 0;
1114 }
1115 
1116 /* Reads the server configuration file. */
1117 
1118 void
1119 read_server_config(ServerOptions *options, const char *filename)
1120 {
1121 	int linenum, bad_options = 0;
1122 	char line[1024];
1123 	FILE *f;
1124 
1125 	f = fopen(filename, "r");
1126 	if (!f) {
1127 		perror(filename);
1128 		exit(1);
1129 	}
1130 	linenum = 0;
1131 	while (fgets(line, sizeof(line), f)) {
1132 		/* Update line number counter. */
1133 		linenum++;
1134 		if (process_server_config_line(options, line, filename, linenum) != 0)
1135 			bad_options++;
1136 	}
1137 	(void) fclose(f);
1138 	if (bad_options > 0)
1139 		fatal("%s: terminating, %d bad configuration options",
1140 		    filename, bad_options);
1141 }
1142