xref: /titanic_44/usr/src/cmd/ssh/sshd/servconf.c (revision 160abee025ef30c34521b981edd40ffcaab560aa)
1 /*
2  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3  *                    All rights reserved
4  *
5  * As far as I am concerned, the code I have written for this software
6  * can be used freely for any purpose.  Any derived versions of this
7  * software must be clearly marked as such, and if the derived work is
8  * incompatible with the protocol description in the RFC file, it must be
9  * called by a name other than "ssh" or "Secure Shell".
10  */
11 /*
12  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
13  * Use is subject to license terms.
14  */
15 
16 #include "includes.h"
17 RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
18 
19 #pragma ident	"%Z%%M%	%I%	%E% SMI"
20 
21 #ifdef HAVE_DEFOPEN
22 #include <deflt.h>
23 #endif /* HAVE_DEFOPEN */
24 
25 #if defined(KRB4)
26 #include <krb.h>
27 #endif
28 #if defined(KRB5)
29 #ifdef HEIMDAL
30 #include <krb.h>
31 #else
32 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
33  * keytab */
34 #define KEYFILE "/etc/krb5.keytab"
35 #endif
36 #endif
37 #ifdef AFS
38 #include <kafs.h>
39 #endif
40 
41 #include "ssh.h"
42 #include "log.h"
43 #include "servconf.h"
44 #include "xmalloc.h"
45 #include "compat.h"
46 #include "pathnames.h"
47 #include "tildexpand.h"
48 #include "misc.h"
49 #include "cipher.h"
50 #include "kex.h"
51 #include "mac.h"
52 #include "auth.h"
53 
54 static void add_listen_addr(ServerOptions *, char *, u_short);
55 static void add_one_listen_addr(ServerOptions *, char *, u_short);
56 
57 /* AF_UNSPEC or AF_INET or AF_INET6 */
58 extern int IPv4or6;
59 
60 /* Initializes the server options to their default values. */
61 
62 void
63 initialize_server_options(ServerOptions *options)
64 {
65 	(void) memset(options, 0, sizeof(*options));
66 
67 	/* Portable-specific options */
68 	options->pam_authentication_via_kbd_int = -1;
69 
70 	/* Standard Options */
71 	options->num_ports = 0;
72 	options->ports_from_cmdline = 0;
73 	options->listen_addrs = NULL;
74 	options->num_host_key_files = 0;
75 	options->pid_file = NULL;
76 	options->server_key_bits = -1;
77 	options->login_grace_time = -1;
78 	options->key_regeneration_time = -1;
79 	options->permit_root_login = PERMIT_NOT_SET;
80 	options->ignore_rhosts = -1;
81 	options->ignore_user_known_hosts = -1;
82 	options->print_motd = -1;
83 	options->print_lastlog = -1;
84 	options->x11_forwarding = -1;
85 	options->x11_display_offset = -1;
86 	options->x11_use_localhost = -1;
87 	options->xauth_location = NULL;
88 	options->strict_modes = -1;
89 	options->keepalives = -1;
90 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
91 	options->log_level = SYSLOG_LEVEL_NOT_SET;
92 	options->rhosts_authentication = -1;
93 	options->rhosts_rsa_authentication = -1;
94 	options->hostbased_authentication = -1;
95 	options->hostbased_uses_name_from_packet_only = -1;
96 	options->rsa_authentication = -1;
97 	options->pubkey_authentication = -1;
98 #ifdef GSSAPI
99 	options->gss_authentication = -1;
100 	options->gss_keyex = -1;
101 	options->gss_store_creds = -1;
102 	options->gss_use_session_ccache = -1;
103 	options->gss_cleanup_creds = -1;
104 #endif
105 #if defined(KRB4) || defined(KRB5)
106 	options->kerberos_authentication = -1;
107 	options->kerberos_or_local_passwd = -1;
108 	options->kerberos_ticket_cleanup = -1;
109 #endif
110 #if defined(AFS) || defined(KRB5)
111 	options->kerberos_tgt_passing = -1;
112 #endif
113 #ifdef AFS
114 	options->afs_token_passing = -1;
115 #endif
116 	options->password_authentication = -1;
117 	options->kbd_interactive_authentication = -1;
118 	options->challenge_response_authentication = -1;
119 	options->permit_empty_passwd = -1;
120 	options->permit_user_env = -1;
121 	options->use_login = -1;
122 	options->compression = -1;
123 	options->allow_tcp_forwarding = -1;
124 	options->num_allow_users = 0;
125 	options->num_deny_users = 0;
126 	options->num_allow_groups = 0;
127 	options->num_deny_groups = 0;
128 	options->ciphers = NULL;
129 	options->macs = NULL;
130 	options->protocol = SSH_PROTO_UNKNOWN;
131 	options->gateway_ports = -1;
132 	options->num_subsystems = 0;
133 	options->max_startups_begin = -1;
134 	options->max_startups_rate = -1;
135 	options->max_startups = -1;
136 	options->banner = NULL;
137 	options->verify_reverse_mapping = -1;
138 	options->client_alive_interval = -1;
139 	options->client_alive_count_max = -1;
140 	options->authorized_keys_file = NULL;
141 	options->authorized_keys_file2 = NULL;
142 
143 	options->max_auth_tries = -1;
144 	options->max_auth_tries_log = -1;
145 
146 	options->max_init_auth_tries = -1;
147 	options->max_init_auth_tries_log = -1;
148 
149 	options->lookup_client_hostnames = -1;
150 }
151 
152 #ifdef HAVE_DEFOPEN
153 /*
154  * Reads /etc/default/login and defaults several ServerOptions:
155  *
156  * PermitRootLogin
157  * PermitEmptyPasswords
158  * LoginGraceTime
159  *
160  * CONSOLE=*      -> PermitRootLogin=without-password
161  * #CONSOLE=*     -> PermitRootLogin=yes
162  *
163  * PASSREQ=YES    -> PermitEmptyPasswords=no
164  * PASSREQ=NO     -> PermitEmptyPasswords=yes
165  * #PASSREQ=*     -> PermitEmptyPasswords=no
166  *
167  * TIMEOUT=<secs> -> LoginGraceTime=<secs>
168  * #TIMEOUT=<secs> -> LoginGraceTime=300
169  */
170 static
171 void
172 deflt_fill_default_server_options(ServerOptions *options)
173 {
174 	int	flags;
175 	char	*ptr;
176 
177 	if (defopen(_PATH_DEFAULT_LOGIN))
178 		return;
179 
180 	/* Ignore case */
181 	flags = defcntl(DC_GETFLAGS, 0);
182 	TURNOFF(flags, DC_CASE);
183 	(void) defcntl(DC_SETFLAGS, flags);
184 
185 	if (options->permit_root_login == PERMIT_NOT_SET &&
186 	    (ptr = defread("CONSOLE=")) != NULL)
187 		options->permit_root_login = PERMIT_NO_PASSWD;
188 
189 	if (options->permit_empty_passwd == -1 &&
190 	    (ptr = defread("PASSREQ=")) != NULL) {
191 		if (strcasecmp("YES", ptr) == 0)
192 			options->permit_empty_passwd = 0;
193 		else if (strcasecmp("NO", ptr) == 0)
194 			options->permit_empty_passwd = 1;
195 	}
196 
197 	if (options->max_init_auth_tries == -1 &&
198 	    (ptr = defread("RETRIES=")) != NULL) {
199 		options->max_init_auth_tries = atoi(ptr);
200 	}
201 
202 	if (options->max_init_auth_tries_log == -1 &&
203 	    (ptr = defread("SYSLOG_FAILED_LOGINS=")) != NULL) {
204 		options->max_init_auth_tries_log = atoi(ptr);
205 	}
206 
207 	if (options->login_grace_time == -1) {
208 		if ((ptr = defread("TIMEOUT=")) != NULL)
209 			options->login_grace_time = (unsigned)atoi(ptr);
210 		else
211 			options->login_grace_time = 300;
212 	}
213 
214 	(void) defopen((char *)NULL);
215 }
216 #endif /* HAVE_DEFOPEN */
217 
218 void
219 fill_default_server_options(ServerOptions *options)
220 {
221 
222 #ifdef HAVE_DEFOPEN
223 	deflt_fill_default_server_options(options);
224 #endif /* HAVE_DEFOPEN */
225 
226 	/* Portable-specific options */
227 	if (options->pam_authentication_via_kbd_int == -1)
228 		options->pam_authentication_via_kbd_int = 0;
229 
230 	/* Standard Options */
231 	if (options->protocol == SSH_PROTO_UNKNOWN)
232 		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
233 	if (options->num_host_key_files == 0) {
234 		/* fill default hostkeys for protocols */
235 		if (options->protocol & SSH_PROTO_1)
236 			options->host_key_files[options->num_host_key_files++] =
237 			    _PATH_HOST_KEY_FILE;
238 #ifndef GSSAPI
239 		/* With GSS keyex we can run v2 w/ no host keys */
240 		if (options->protocol & SSH_PROTO_2) {
241 			options->host_key_files[options->num_host_key_files++] =
242 			    _PATH_HOST_RSA_KEY_FILE;
243 			options->host_key_files[options->num_host_key_files++] =
244 			    _PATH_HOST_DSA_KEY_FILE;
245 		}
246 #endif /* GSSAPI */
247 	}
248 	if (options->num_ports == 0)
249 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
250 	if (options->listen_addrs == NULL)
251 		add_listen_addr(options, NULL, 0);
252 	if (options->pid_file == NULL)
253 		options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
254 	if (options->server_key_bits == -1)
255 		options->server_key_bits = 768;
256 	if (options->login_grace_time == -1)
257 		options->login_grace_time = 120;
258 	if (options->key_regeneration_time == -1)
259 		options->key_regeneration_time = 3600;
260 	if (options->permit_root_login == PERMIT_NOT_SET)
261 		options->permit_root_login = PERMIT_YES;
262 	if (options->ignore_rhosts == -1)
263 		options->ignore_rhosts = 1;
264 	if (options->ignore_user_known_hosts == -1)
265 		options->ignore_user_known_hosts = 0;
266 	if (options->print_motd == -1)
267 		options->print_motd = 1;
268 	if (options->print_lastlog == -1)
269 		options->print_lastlog = 1;
270 	if (options->x11_forwarding == -1)
271 		options->x11_forwarding = 1;
272 	if (options->x11_display_offset == -1)
273 		options->x11_display_offset = 10;
274 	if (options->x11_use_localhost == -1)
275 		options->x11_use_localhost = 1;
276 	if (options->xauth_location == NULL)
277 		options->xauth_location = _PATH_XAUTH;
278 	if (options->strict_modes == -1)
279 		options->strict_modes = 1;
280 	if (options->keepalives == -1)
281 		options->keepalives = 1;
282 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
283 		options->log_facility = SYSLOG_FACILITY_AUTH;
284 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
285 		options->log_level = SYSLOG_LEVEL_INFO;
286 	if (options->rhosts_authentication == -1)
287 		options->rhosts_authentication = 0;
288 	if (options->rhosts_rsa_authentication == -1)
289 		options->rhosts_rsa_authentication = 0;
290 	if (options->hostbased_authentication == -1)
291 		options->hostbased_authentication = 0;
292 	if (options->hostbased_uses_name_from_packet_only == -1)
293 		options->hostbased_uses_name_from_packet_only = 0;
294 	if (options->rsa_authentication == -1)
295 		options->rsa_authentication = 1;
296 	if (options->pubkey_authentication == -1)
297 		options->pubkey_authentication = 1;
298 #ifdef GSSAPI
299 	if (options->gss_authentication == -1)
300 		options->gss_authentication = 1;
301 	if (options->gss_keyex == -1)
302 		options->gss_keyex = 1;
303 	if (options->gss_store_creds == -1)
304 		options->gss_store_creds = 1;
305 	if (options->gss_use_session_ccache == -1)
306 		options->gss_use_session_ccache = 1;
307 	if (options->gss_cleanup_creds == -1)
308 		options->gss_cleanup_creds = 1;
309 #endif
310 #if defined(KRB4) || defined(KRB5)
311 	if (options->kerberos_authentication == -1)
312 		options->kerberos_authentication = 0;
313 	if (options->kerberos_or_local_passwd == -1)
314 		options->kerberos_or_local_passwd = 1;
315 	if (options->kerberos_ticket_cleanup == -1)
316 		options->kerberos_ticket_cleanup = 1;
317 #endif
318 #if defined(AFS) || defined(KRB5)
319 	if (options->kerberos_tgt_passing == -1)
320 		options->kerberos_tgt_passing = 0;
321 #endif
322 #ifdef AFS
323 	if (options->afs_token_passing == -1)
324 		options->afs_token_passing = 0;
325 #endif
326 	if (options->password_authentication == -1)
327 		options->password_authentication = 1;
328 	if (options->kbd_interactive_authentication == -1)
329 		options->kbd_interactive_authentication = 0;
330 	if (options->challenge_response_authentication == -1)
331 		options->challenge_response_authentication = 1;
332 	if (options->permit_empty_passwd == -1)
333 		options->permit_empty_passwd = 0;
334 	if (options->permit_user_env == -1)
335 		options->permit_user_env = 0;
336 	if (options->use_login == -1)
337 		options->use_login = 0;
338 	if (options->compression == -1)
339 		options->compression = 1;
340 	if (options->allow_tcp_forwarding == -1)
341 		options->allow_tcp_forwarding = 1;
342 	if (options->gateway_ports == -1)
343 		options->gateway_ports = 0;
344 	if (options->max_startups == -1)
345 		options->max_startups = 10;
346 	if (options->max_startups_rate == -1)
347 		options->max_startups_rate = 100;		/* 100% */
348 	if (options->max_startups_begin == -1)
349 		options->max_startups_begin = options->max_startups;
350 	if (options->verify_reverse_mapping == -1)
351 		options->verify_reverse_mapping = 0;
352 	if (options->client_alive_interval == -1)
353 		options->client_alive_interval = 0;
354 	if (options->client_alive_count_max == -1)
355 		options->client_alive_count_max = 3;
356 	if (options->authorized_keys_file2 == NULL) {
357 		/* authorized_keys_file2 falls back to authorized_keys_file */
358 		if (options->authorized_keys_file != NULL)
359 			options->authorized_keys_file2 = options->authorized_keys_file;
360 		else
361 			options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
362 	}
363 	if (options->authorized_keys_file == NULL)
364 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
365 
366 	if (options->max_auth_tries == -1)
367 		options->max_auth_tries = AUTH_FAIL_MAX;
368 	if (options->max_auth_tries_log == -1)
369 		options->max_auth_tries_log = options->max_auth_tries / 2;
370 
371 	if (options->max_init_auth_tries == -1)
372 		options->max_init_auth_tries = AUTH_FAIL_MAX;
373 	if (options->max_init_auth_tries_log == -1)
374 		options->max_init_auth_tries_log = options->max_init_auth_tries / 2;
375 
376 	if (options->lookup_client_hostnames == -1)
377 		options->lookup_client_hostnames = 1;
378 }
379 
380 /* Keyword tokens. */
381 typedef enum {
382 	sBadOption,		/* == unknown option */
383 	/* Portable-specific options */
384 	sPAMAuthenticationViaKbdInt,
385 	/* Standard Options */
386 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
387 	sPermitRootLogin, sLogFacility, sLogLevel,
388 	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
389 #ifdef GSSAPI
390 	sGssAuthentication, sGssKeyEx, sGssStoreDelegCreds,
391 	sGssUseSessionCredCache, sGssCleanupCreds,
392 #endif /* GSSAPI */
393 #if defined(KRB4) || defined(KRB5)
394 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
395 #endif
396 #if defined(AFS) || defined(KRB5)
397 	sKerberosTgtPassing,
398 #endif
399 #ifdef AFS
400 	sAFSTokenPassing,
401 #endif
402 	sChallengeResponseAuthentication,
403 	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
404 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
405 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
406 	sStrictModes, sEmptyPasswd, sKeepAlives,
407 	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
408 	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
409 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
410 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
411 	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
412 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
413 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
414 	sMaxAuthTries, sMaxAuthTriesLog, sUsePrivilegeSeparation,
415 	sLookupClientHostnames,
416 	sDeprecated
417 } ServerOpCodes;
418 
419 /* Textual representation of the tokens. */
420 static struct {
421 	const char *name;
422 	ServerOpCodes opcode;
423 } keywords[] = {
424 	/* Portable-specific options */
425 	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
426 	/* Standard Options */
427 	{ "port", sPort },
428 	{ "hostkey", sHostKeyFile },
429 	{ "hostdsakey", sHostKeyFile },					/* alias */
430 	{ "pidfile", sPidFile },
431 	{ "serverkeybits", sServerKeyBits },
432 	{ "logingracetime", sLoginGraceTime },
433 	{ "keyregenerationinterval", sKeyRegenerationTime },
434 	{ "permitrootlogin", sPermitRootLogin },
435 	{ "syslogfacility", sLogFacility },
436 	{ "loglevel", sLogLevel },
437 	{ "rhostsauthentication", sRhostsAuthentication },
438 	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
439 	{ "hostbasedauthentication", sHostbasedAuthentication },
440 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
441 	{ "rsaauthentication", sRSAAuthentication },
442 	{ "pubkeyauthentication", sPubkeyAuthentication },
443 	{ "dsaauthentication", sPubkeyAuthentication },			/* alias */
444 #ifdef GSSAPI
445 	{ "gssapiauthentication", sGssAuthentication },
446 	{ "gssapikeyexchange", sGssKeyEx },
447 	{ "gssapistoredelegatedcredentials", sGssStoreDelegCreds },
448 	{ "gssauthentication", sGssAuthentication },			/* alias */
449 	{ "gsskeyex", sGssKeyEx },					/* alias */
450 	{ "gssstoredelegcreds", sGssStoreDelegCreds },			/* alias */
451 #ifndef SUNW_GSSAPI
452 	{ "gssusesessionccache", sGssUseSessionCredCache },
453 	{ "gssusesessioncredcache", sGssUseSessionCredCache },
454 	{ "gsscleanupcreds", sGssCleanupCreds },
455 #endif /* SUNW_GSSAPI */
456 #endif
457 #if defined(KRB4) || defined(KRB5)
458 	{ "kerberosauthentication", sKerberosAuthentication },
459 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
460 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
461 #endif
462 #if defined(AFS) || defined(KRB5)
463 	{ "kerberostgtpassing", sKerberosTgtPassing },
464 #endif
465 #ifdef AFS
466 	{ "afstokenpassing", sAFSTokenPassing },
467 #endif
468 	{ "passwordauthentication", sPasswordAuthentication },
469 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
470 	{ "challengeresponseauthentication", sChallengeResponseAuthentication },
471 	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
472 	{ "checkmail", sDeprecated },
473 	{ "listenaddress", sListenAddress },
474 	{ "printmotd", sPrintMotd },
475 	{ "printlastlog", sPrintLastLog },
476 	{ "ignorerhosts", sIgnoreRhosts },
477 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
478 	{ "x11forwarding", sX11Forwarding },
479 	{ "x11displayoffset", sX11DisplayOffset },
480 	{ "x11uselocalhost", sX11UseLocalhost },
481 	{ "xauthlocation", sXAuthLocation },
482 	{ "strictmodes", sStrictModes },
483 	{ "permitemptypasswords", sEmptyPasswd },
484 	{ "permituserenvironment", sPermitUserEnvironment },
485 	{ "uselogin", sUseLogin },
486 	{ "compression", sCompression },
487 	{ "keepalive", sKeepAlives },
488 	{ "allowtcpforwarding", sAllowTcpForwarding },
489 	{ "allowusers", sAllowUsers },
490 	{ "denyusers", sDenyUsers },
491 	{ "allowgroups", sAllowGroups },
492 	{ "denygroups", sDenyGroups },
493 	{ "ciphers", sCiphers },
494 	{ "macs", sMacs },
495 	{ "protocol", sProtocol },
496 	{ "gatewayports", sGatewayPorts },
497 	{ "subsystem", sSubsystem },
498 	{ "maxstartups", sMaxStartups },
499 	{ "banner", sBanner },
500 	{ "verifyreversemapping", sVerifyReverseMapping },
501 	{ "reversemappingcheck", sVerifyReverseMapping },
502 	{ "clientaliveinterval", sClientAliveInterval },
503 	{ "clientalivecountmax", sClientAliveCountMax },
504 	{ "authorizedkeysfile", sAuthorizedKeysFile },
505 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
506 	{ "maxauthtries", sMaxAuthTries },
507 	{ "maxauthtrieslog", sMaxAuthTriesLog },
508 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
509 	{ "lookupclienthostnames", sLookupClientHostnames},
510 	{ NULL, sBadOption }
511 };
512 
513 /*
514  * Returns the number of the token pointed to by cp or sBadOption.
515  */
516 
517 static ServerOpCodes
518 parse_token(const char *cp, const char *filename,
519 	    int linenum)
520 {
521 	u_int i;
522 
523 	for (i = 0; keywords[i].name; i++)
524 		if (strcasecmp(cp, keywords[i].name) == 0)
525 			return keywords[i].opcode;
526 
527 	error("%s: line %d: Bad configuration option: %s",
528 	    filename, linenum, cp);
529 	return sBadOption;
530 }
531 
532 static void
533 add_listen_addr(ServerOptions *options, char *addr, u_short port)
534 {
535 	int i;
536 
537 	if (options->num_ports == 0)
538 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
539 	if (port == 0)
540 		for (i = 0; i < options->num_ports; i++)
541 			add_one_listen_addr(options, addr, options->ports[i]);
542 	else
543 		add_one_listen_addr(options, addr, port);
544 }
545 
546 static void
547 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
548 {
549 	struct addrinfo hints, *ai, *aitop;
550 	char strport[NI_MAXSERV];
551 	int gaierr;
552 
553 	(void) memset(&hints, 0, sizeof(hints));
554 	hints.ai_family = IPv4or6;
555 	hints.ai_socktype = SOCK_STREAM;
556 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
557 	(void) snprintf(strport, sizeof strport, "%u", port);
558 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
559 		fatal("bad addr or host: %s (%s)",
560 		    addr ? addr : "<NULL>",
561 		    gai_strerror(gaierr));
562 	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
563 		;
564 	ai->ai_next = options->listen_addrs;
565 	options->listen_addrs = aitop;
566 }
567 
568 int
569 process_server_config_line(ServerOptions *options, char *line,
570     const char *filename, int linenum)
571 {
572 	char *cp, **charptr, *arg, *p;
573 	int *intptr, value, i, n;
574 	ServerOpCodes opcode;
575 
576 	cp = line;
577 	arg = strdelim(&cp);
578 	/* Ignore leading whitespace */
579 	if (*arg == '\0')
580 		arg = strdelim(&cp);
581 	if (!arg || !*arg || *arg == '#')
582 		return 0;
583 	intptr = NULL;
584 	charptr = NULL;
585 	opcode = parse_token(arg, filename, linenum);
586 	switch (opcode) {
587 	/* Portable-specific options */
588 	case sPAMAuthenticationViaKbdInt:
589 		intptr = &options->pam_authentication_via_kbd_int;
590 		goto parse_flag;
591 
592 	/* Standard Options */
593 	case sBadOption:
594 		return -1;
595 	case sPort:
596 		/* ignore ports from configfile if cmdline specifies ports */
597 		if (options->ports_from_cmdline)
598 			return 0;
599 		if (options->listen_addrs != NULL)
600 			fatal("%s line %d: ports must be specified before "
601 			    "ListenAddress.", filename, linenum);
602 		if (options->num_ports >= MAX_PORTS)
603 			fatal("%s line %d: too many ports.",
604 			    filename, linenum);
605 		arg = strdelim(&cp);
606 		if (!arg || *arg == '\0')
607 			fatal("%s line %d: missing port number.",
608 			    filename, linenum);
609 		options->ports[options->num_ports++] = a2port(arg);
610 		if (options->ports[options->num_ports-1] == 0)
611 			fatal("%s line %d: Badly formatted port number.",
612 			    filename, linenum);
613 		break;
614 
615 	case sServerKeyBits:
616 		intptr = &options->server_key_bits;
617 parse_int:
618 		arg = strdelim(&cp);
619 		if (!arg || *arg == '\0')
620 			fatal("%s line %d: missing integer value.",
621 			    filename, linenum);
622 		value = atoi(arg);
623 		if (*intptr == -1)
624 			*intptr = value;
625 		break;
626 
627 	case sLoginGraceTime:
628 		intptr = &options->login_grace_time;
629 parse_time:
630 		arg = strdelim(&cp);
631 		if (!arg || *arg == '\0')
632 			fatal("%s line %d: missing time value.",
633 			    filename, linenum);
634 		if ((value = convtime(arg)) == -1)
635 			fatal("%s line %d: invalid time value.",
636 			    filename, linenum);
637 		if (*intptr == -1)
638 			*intptr = value;
639 		break;
640 
641 	case sKeyRegenerationTime:
642 		intptr = &options->key_regeneration_time;
643 		goto parse_time;
644 
645 	case sListenAddress:
646 		arg = strdelim(&cp);
647 		if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
648 			fatal("%s line %d: missing inet addr.",
649 			    filename, linenum);
650 		if (*arg == '[') {
651 			if ((p = strchr(arg, ']')) == NULL)
652 				fatal("%s line %d: bad ipv6 inet addr usage.",
653 				    filename, linenum);
654 			arg++;
655 			(void) memmove(p, p+1, strlen(p+1)+1);
656 		} else if (((p = strchr(arg, ':')) == NULL) ||
657 			    (strchr(p+1, ':') != NULL)) {
658 			add_listen_addr(options, arg, 0);
659 			break;
660 		}
661 		if (*p == ':') {
662 			u_short port;
663 
664 			p++;
665 			if (*p == '\0')
666 				fatal("%s line %d: bad inet addr:port usage.",
667 				    filename, linenum);
668 			else {
669 				*(p-1) = '\0';
670 				if ((port = a2port(p)) == 0)
671 					fatal("%s line %d: bad port number.",
672 					    filename, linenum);
673 				add_listen_addr(options, arg, port);
674 			}
675 		} else if (*p == '\0')
676 			add_listen_addr(options, arg, 0);
677 		else
678 			fatal("%s line %d: bad inet addr usage.",
679 			    filename, linenum);
680 		break;
681 
682 	case sHostKeyFile:
683 		intptr = &options->num_host_key_files;
684 		if (*intptr >= MAX_HOSTKEYS)
685 			fatal("%s line %d: too many host keys specified (max %d).",
686 			    filename, linenum, MAX_HOSTKEYS);
687 		charptr = &options->host_key_files[*intptr];
688 parse_filename:
689 		arg = strdelim(&cp);
690 		if (!arg || *arg == '\0')
691 			fatal("%s line %d: missing file name.",
692 			    filename, linenum);
693 		if (*charptr == NULL) {
694 			*charptr = tilde_expand_filename(arg, getuid());
695 			/* increase optional counter */
696 			if (intptr != NULL)
697 				*intptr = *intptr + 1;
698 		}
699 		break;
700 
701 	case sPidFile:
702 		charptr = &options->pid_file;
703 		goto parse_filename;
704 
705 	case sPermitRootLogin:
706 		intptr = &options->permit_root_login;
707 		arg = strdelim(&cp);
708 		if (!arg || *arg == '\0')
709 			fatal("%s line %d: missing yes/"
710 			    "without-password/forced-commands-only/no "
711 			    "argument.", filename, linenum);
712 		value = 0;	/* silence compiler */
713 		if (strcmp(arg, "without-password") == 0)
714 			value = PERMIT_NO_PASSWD;
715 		else if (strcmp(arg, "forced-commands-only") == 0)
716 			value = PERMIT_FORCED_ONLY;
717 		else if (strcmp(arg, "yes") == 0)
718 			value = PERMIT_YES;
719 		else if (strcmp(arg, "no") == 0)
720 			value = PERMIT_NO;
721 		else
722 			fatal("%s line %d: Bad yes/"
723 			    "without-password/forced-commands-only/no "
724 			    "argument: %s", filename, linenum, arg);
725 		if (*intptr == -1)
726 			*intptr = value;
727 		break;
728 
729 	case sIgnoreRhosts:
730 		intptr = &options->ignore_rhosts;
731 parse_flag:
732 		arg = strdelim(&cp);
733 		if (!arg || *arg == '\0')
734 			fatal("%s line %d: missing yes/no argument.",
735 			    filename, linenum);
736 		value = 0;	/* silence compiler */
737 		if (strcmp(arg, "yes") == 0)
738 			value = 1;
739 		else if (strcmp(arg, "no") == 0)
740 			value = 0;
741 		else
742 			fatal("%s line %d: Bad yes/no argument: %s",
743 				filename, linenum, arg);
744 		if (*intptr == -1)
745 			*intptr = value;
746 		break;
747 
748 	case sIgnoreUserKnownHosts:
749 		intptr = &options->ignore_user_known_hosts;
750 		goto parse_flag;
751 
752 	case sRhostsAuthentication:
753 		intptr = &options->rhosts_authentication;
754 		goto parse_flag;
755 
756 	case sRhostsRSAAuthentication:
757 		intptr = &options->rhosts_rsa_authentication;
758 		goto parse_flag;
759 
760 	case sHostbasedAuthentication:
761 		intptr = &options->hostbased_authentication;
762 		goto parse_flag;
763 
764 	case sHostbasedUsesNameFromPacketOnly:
765 		intptr = &options->hostbased_uses_name_from_packet_only;
766 		goto parse_flag;
767 
768 	case sRSAAuthentication:
769 		intptr = &options->rsa_authentication;
770 		goto parse_flag;
771 
772 	case sPubkeyAuthentication:
773 		intptr = &options->pubkey_authentication;
774 		goto parse_flag;
775 #ifdef GSSAPI
776 	case sGssAuthentication:
777 		intptr = &options->gss_authentication;
778 		goto parse_flag;
779 	case sGssKeyEx:
780 		intptr = &options->gss_keyex;
781 		goto parse_flag;
782 	case sGssStoreDelegCreds:
783 		intptr = &options->gss_keyex;
784 		goto parse_flag;
785 #ifndef SUNW_GSSAPI
786 	case sGssUseSessionCredCache:
787 		intptr = &options->gss_use_session_ccache;
788 		goto parse_flag;
789 	case sGssCleanupCreds:
790 		intptr = &options->gss_cleanup_creds;
791 		goto parse_flag;
792 #endif /* SUNW_GSSAPI */
793 #endif /* GSSAPI */
794 #if defined(KRB4) || defined(KRB5)
795 	case sKerberosAuthentication:
796 		intptr = &options->kerberos_authentication;
797 		goto parse_flag;
798 
799 	case sKerberosOrLocalPasswd:
800 		intptr = &options->kerberos_or_local_passwd;
801 		goto parse_flag;
802 
803 	case sKerberosTicketCleanup:
804 		intptr = &options->kerberos_ticket_cleanup;
805 		goto parse_flag;
806 #endif
807 #if defined(AFS) || defined(KRB5)
808 	case sKerberosTgtPassing:
809 		intptr = &options->kerberos_tgt_passing;
810 		goto parse_flag;
811 #endif
812 #ifdef AFS
813 	case sAFSTokenPassing:
814 		intptr = &options->afs_token_passing;
815 		goto parse_flag;
816 #endif
817 
818 	case sPasswordAuthentication:
819 		intptr = &options->password_authentication;
820 		goto parse_flag;
821 
822 	case sKbdInteractiveAuthentication:
823 		intptr = &options->kbd_interactive_authentication;
824 		goto parse_flag;
825 
826 	case sChallengeResponseAuthentication:
827 		intptr = &options->challenge_response_authentication;
828 		goto parse_flag;
829 
830 	case sPrintMotd:
831 		intptr = &options->print_motd;
832 		goto parse_flag;
833 
834 	case sPrintLastLog:
835 		intptr = &options->print_lastlog;
836 		goto parse_flag;
837 
838 	case sX11Forwarding:
839 		intptr = &options->x11_forwarding;
840 		goto parse_flag;
841 
842 	case sX11DisplayOffset:
843 		intptr = &options->x11_display_offset;
844 		goto parse_int;
845 
846 	case sX11UseLocalhost:
847 		intptr = &options->x11_use_localhost;
848 		goto parse_flag;
849 
850 	case sXAuthLocation:
851 		charptr = &options->xauth_location;
852 		goto parse_filename;
853 
854 	case sStrictModes:
855 		intptr = &options->strict_modes;
856 		goto parse_flag;
857 
858 	case sKeepAlives:
859 		intptr = &options->keepalives;
860 		goto parse_flag;
861 
862 	case sEmptyPasswd:
863 		intptr = &options->permit_empty_passwd;
864 		goto parse_flag;
865 
866 	case sPermitUserEnvironment:
867 		intptr = &options->permit_user_env;
868 		goto parse_flag;
869 
870 	case sUseLogin:
871 		intptr = &options->use_login;
872 		goto parse_flag;
873 
874 	case sCompression:
875 		intptr = &options->compression;
876 		goto parse_flag;
877 
878 	case sGatewayPorts:
879 		arg = strdelim(&cp);
880 		if (get_yes_no_flag(&options->gateway_ports, arg, filename,
881 		    linenum, 1) == 1)
882 			break;
883 
884 		if (strcmp(arg, "clientspecified") == 0)
885 			options->gateway_ports = 2;
886 		else
887 			fatal("%.200s line %d: Bad yes/no/clientspecified "
888 			    "argument.", filename, linenum);
889 		break;
890 
891 	case sVerifyReverseMapping:
892 		intptr = &options->verify_reverse_mapping;
893 		goto parse_flag;
894 
895 	case sLogFacility:
896 		intptr = (int *) &options->log_facility;
897 		arg = strdelim(&cp);
898 		value = log_facility_number(arg);
899 		if (value == SYSLOG_FACILITY_NOT_SET)
900 			fatal("%.200s line %d: unsupported log facility '%s'",
901 			    filename, linenum, arg ? arg : "<NONE>");
902 		if (*intptr == -1)
903 			*intptr = (SyslogFacility) value;
904 		break;
905 
906 	case sLogLevel:
907 		intptr = (int *) &options->log_level;
908 		arg = strdelim(&cp);
909 		value = log_level_number(arg);
910 		if (value == SYSLOG_LEVEL_NOT_SET)
911 			fatal("%.200s line %d: unsupported log level '%s'",
912 			    filename, linenum, arg ? arg : "<NONE>");
913 		if (*intptr == -1)
914 			*intptr = (LogLevel) value;
915 		break;
916 
917 	case sAllowTcpForwarding:
918 		intptr = &options->allow_tcp_forwarding;
919 		goto parse_flag;
920 
921 	case sUsePrivilegeSeparation:
922 		log("%s line %d: ignoring UsePrivilegeSeparation option value."
923 		    " This option is always on.", filename, linenum);
924 		while (arg)
925 		    arg = strdelim(&cp);
926 		break;
927 
928 	case sAllowUsers:
929 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
930 			if (options->num_allow_users >= MAX_ALLOW_USERS)
931 				fatal("%s line %d: too many allow users.",
932 				    filename, linenum);
933 			options->allow_users[options->num_allow_users++] =
934 			    xstrdup(arg);
935 		}
936 		break;
937 
938 	case sDenyUsers:
939 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
940 			if (options->num_deny_users >= MAX_DENY_USERS)
941 				fatal( "%s line %d: too many deny users.",
942 				    filename, linenum);
943 			options->deny_users[options->num_deny_users++] =
944 			    xstrdup(arg);
945 		}
946 		break;
947 
948 	case sAllowGroups:
949 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
950 			if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
951 				fatal("%s line %d: too many allow groups.",
952 				    filename, linenum);
953 			options->allow_groups[options->num_allow_groups++] =
954 			    xstrdup(arg);
955 		}
956 		break;
957 
958 	case sDenyGroups:
959 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
960 			if (options->num_deny_groups >= MAX_DENY_GROUPS)
961 				fatal("%s line %d: too many deny groups.",
962 				    filename, linenum);
963 			options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
964 		}
965 		break;
966 
967 	case sCiphers:
968 		arg = strdelim(&cp);
969 		if (!arg || *arg == '\0')
970 			fatal("%s line %d: Missing argument.", filename, linenum);
971 		if (!ciphers_valid(arg))
972 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
973 			    filename, linenum, arg ? arg : "<NONE>");
974 		if (options->ciphers == NULL)
975 			options->ciphers = xstrdup(arg);
976 		break;
977 
978 	case sMacs:
979 		arg = strdelim(&cp);
980 		if (!arg || *arg == '\0')
981 			fatal("%s line %d: Missing argument.", filename, linenum);
982 		if (!mac_valid(arg))
983 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
984 			    filename, linenum, arg ? arg : "<NONE>");
985 		if (options->macs == NULL)
986 			options->macs = xstrdup(arg);
987 		break;
988 
989 	case sProtocol:
990 		intptr = &options->protocol;
991 		arg = strdelim(&cp);
992 		if (!arg || *arg == '\0')
993 			fatal("%s line %d: Missing argument.", filename, linenum);
994 		value = proto_spec(arg);
995 		if (value == SSH_PROTO_UNKNOWN)
996 			fatal("%s line %d: Bad protocol spec '%s'.",
997 			    filename, linenum, arg ? arg : "<NONE>");
998 		if (*intptr == SSH_PROTO_UNKNOWN)
999 			*intptr = value;
1000 		break;
1001 
1002 	case sSubsystem:
1003 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1004 			fatal("%s line %d: too many subsystems defined.",
1005 			    filename, linenum);
1006 		}
1007 		arg = strdelim(&cp);
1008 		if (!arg || *arg == '\0')
1009 			fatal("%s line %d: Missing subsystem name.",
1010 			    filename, linenum);
1011 		for (i = 0; i < options->num_subsystems; i++)
1012 			if (strcmp(arg, options->subsystem_name[i]) == 0)
1013 				fatal("%s line %d: Subsystem '%s' already defined.",
1014 				    filename, linenum, arg);
1015 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1016 		arg = strdelim(&cp);
1017 		if (!arg || *arg == '\0')
1018 			fatal("%s line %d: Missing subsystem command.",
1019 			    filename, linenum);
1020 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1021 		options->num_subsystems++;
1022 		break;
1023 
1024 	case sMaxStartups:
1025 		arg = strdelim(&cp);
1026 		if (!arg || *arg == '\0')
1027 			fatal("%s line %d: Missing MaxStartups spec.",
1028 			    filename, linenum);
1029 		if ((n = sscanf(arg, "%d:%d:%d",
1030 		    &options->max_startups_begin,
1031 		    &options->max_startups_rate,
1032 		    &options->max_startups)) == 3) {
1033 			if (options->max_startups_begin >
1034 			    options->max_startups ||
1035 			    options->max_startups_rate > 100 ||
1036 			    options->max_startups_rate < 1)
1037 				fatal("%s line %d: Illegal MaxStartups spec.",
1038 				    filename, linenum);
1039 		} else if (n != 1)
1040 			fatal("%s line %d: Illegal MaxStartups spec.",
1041 			    filename, linenum);
1042 		else
1043 			options->max_startups = options->max_startups_begin;
1044 		break;
1045 
1046 	case sBanner:
1047 		charptr = &options->banner;
1048 		goto parse_filename;
1049 	/*
1050 	 * These options can contain %X options expanded at
1051 	 * connect time, so that you can specify paths like:
1052 	 *
1053 	 * AuthorizedKeysFile	/etc/ssh_keys/%u
1054 	 */
1055 	case sAuthorizedKeysFile:
1056 	case sAuthorizedKeysFile2:
1057 		charptr = (opcode == sAuthorizedKeysFile ) ?
1058 		    &options->authorized_keys_file :
1059 		    &options->authorized_keys_file2;
1060 		goto parse_filename;
1061 
1062 	case sClientAliveInterval:
1063 		intptr = &options->client_alive_interval;
1064 		goto parse_time;
1065 
1066 	case sClientAliveCountMax:
1067 		intptr = &options->client_alive_count_max;
1068 		goto parse_int;
1069 
1070 	case sMaxAuthTries:
1071 		intptr = &options->max_auth_tries;
1072 		goto parse_int;
1073 
1074 	case sMaxAuthTriesLog:
1075 		intptr = &options->max_auth_tries_log;
1076 		goto parse_int;
1077 
1078 	case sLookupClientHostnames:
1079 		intptr = &options->lookup_client_hostnames;
1080 		goto parse_flag;
1081 
1082 	case sDeprecated:
1083 		log("%s line %d: Deprecated option %s",
1084 		    filename, linenum, arg);
1085 		while (arg)
1086 		    arg = strdelim(&cp);
1087 		break;
1088 
1089 	default:
1090 		fatal("%s line %d: Missing handler for opcode %s (%d)",
1091 		    filename, linenum, arg, opcode);
1092 	}
1093 	if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1094 		fatal("%s line %d: garbage at end of line; \"%.200s\".",
1095 		    filename, linenum, arg);
1096 	return 0;
1097 }
1098 
1099 /* Reads the server configuration file. */
1100 
1101 void
1102 read_server_config(ServerOptions *options, const char *filename)
1103 {
1104 	int linenum, bad_options = 0;
1105 	char line[1024];
1106 	FILE *f;
1107 
1108 	f = fopen(filename, "r");
1109 	if (!f) {
1110 		perror(filename);
1111 		exit(1);
1112 	}
1113 	linenum = 0;
1114 	while (fgets(line, sizeof(line), f)) {
1115 		/* Update line number counter. */
1116 		linenum++;
1117 		if (process_server_config_line(options, line, filename, linenum) != 0)
1118 			bad_options++;
1119 	}
1120 	(void) fclose(f);
1121 	if (bad_options > 0)
1122 		fatal("%s: terminating, %d bad configuration options",
1123 		    filename, bad_options);
1124 }
1125