xref: /titanic_44/usr/src/cmd/ssh/sshd/servconf.c (revision 9dd0f810214fdc8e1af881a9a5c4b6927629ff9e)
1 /*
2  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3  *                    All rights reserved
4  *
5  * As far as I am concerned, the code I have written for this software
6  * can be used freely for any purpose.  Any derived versions of this
7  * software must be clearly marked as such, and if the derived work is
8  * incompatible with the protocol description in the RFC file, it must be
9  * called by a name other than "ssh" or "Secure Shell".
10  */
11 /*
12  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
13  * Use is subject to license terms.
14  */
15 
16 #include "includes.h"
17 RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
18 
19 #pragma ident	"%Z%%M%	%I%	%E% SMI"
20 
21 #ifdef HAVE_DEFOPEN
22 #include <deflt.h>
23 #endif /* HAVE_DEFOPEN */
24 
25 #if defined(KRB4)
26 #include <krb.h>
27 #endif
28 #if defined(KRB5)
29 #ifdef HEIMDAL
30 #include <krb.h>
31 #else
32 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
33  * keytab */
34 #define KEYFILE "/etc/krb5.keytab"
35 #endif
36 #endif
37 #ifdef AFS
38 #include <kafs.h>
39 #endif
40 
41 #include "ssh.h"
42 #include "log.h"
43 #include "servconf.h"
44 #include "xmalloc.h"
45 #include "compat.h"
46 #include "pathnames.h"
47 #include "tildexpand.h"
48 #include "misc.h"
49 #include "cipher.h"
50 #include "kex.h"
51 #include "mac.h"
52 #include "auth.h"
53 
54 static void add_listen_addr(ServerOptions *, char *, u_short);
55 static void add_one_listen_addr(ServerOptions *, char *, u_short);
56 
57 /* AF_UNSPEC or AF_INET or AF_INET6 */
58 extern int IPv4or6;
59 /* Use of privilege separation or not */
60 extern int use_privsep;
61 
62 /* Initializes the server options to their default values. */
63 
64 void
65 initialize_server_options(ServerOptions *options)
66 {
67 	(void) memset(options, 0, sizeof(*options));
68 
69 	/* Portable-specific options */
70 	options->pam_authentication_via_kbd_int = -1;
71 
72 	/* Standard Options */
73 	options->num_ports = 0;
74 	options->ports_from_cmdline = 0;
75 	options->listen_addrs = NULL;
76 	options->num_host_key_files = 0;
77 	options->pid_file = NULL;
78 	options->server_key_bits = -1;
79 	options->login_grace_time = -1;
80 	options->key_regeneration_time = -1;
81 	options->permit_root_login = PERMIT_NOT_SET;
82 	options->ignore_rhosts = -1;
83 	options->ignore_user_known_hosts = -1;
84 	options->print_motd = -1;
85 	options->print_lastlog = -1;
86 	options->x11_forwarding = -1;
87 	options->x11_display_offset = -1;
88 	options->x11_use_localhost = -1;
89 	options->xauth_location = NULL;
90 	options->strict_modes = -1;
91 	options->keepalives = -1;
92 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
93 	options->log_level = SYSLOG_LEVEL_NOT_SET;
94 	options->rhosts_authentication = -1;
95 	options->rhosts_rsa_authentication = -1;
96 	options->hostbased_authentication = -1;
97 	options->hostbased_uses_name_from_packet_only = -1;
98 	options->rsa_authentication = -1;
99 	options->pubkey_authentication = -1;
100 #ifdef GSSAPI
101 	options->gss_authentication = -1;
102 	options->gss_keyex = -1;
103 	options->gss_store_creds = -1;
104 	options->gss_use_session_ccache = -1;
105 	options->gss_cleanup_creds = -1;
106 #endif
107 #if defined(KRB4) || defined(KRB5)
108 	options->kerberos_authentication = -1;
109 	options->kerberos_or_local_passwd = -1;
110 	options->kerberos_ticket_cleanup = -1;
111 #endif
112 #if defined(AFS) || defined(KRB5)
113 	options->kerberos_tgt_passing = -1;
114 #endif
115 #ifdef AFS
116 	options->afs_token_passing = -1;
117 #endif
118 	options->password_authentication = -1;
119 	options->kbd_interactive_authentication = -1;
120 	options->challenge_response_authentication = -1;
121 	options->permit_empty_passwd = -1;
122 	options->permit_user_env = -1;
123 	options->use_login = -1;
124 	options->compression = -1;
125 	options->allow_tcp_forwarding = -1;
126 	options->num_allow_users = 0;
127 	options->num_deny_users = 0;
128 	options->num_allow_groups = 0;
129 	options->num_deny_groups = 0;
130 	options->ciphers = NULL;
131 	options->macs = NULL;
132 	options->protocol = SSH_PROTO_UNKNOWN;
133 	options->gateway_ports = -1;
134 	options->num_subsystems = 0;
135 	options->max_startups_begin = -1;
136 	options->max_startups_rate = -1;
137 	options->max_startups = -1;
138 	options->banner = NULL;
139 	options->verify_reverse_mapping = -1;
140 	options->client_alive_interval = -1;
141 	options->client_alive_count_max = -1;
142 	options->authorized_keys_file = NULL;
143 	options->authorized_keys_file2 = NULL;
144 
145 	options->max_auth_tries = -1;
146 	options->max_auth_tries_log = -1;
147 
148 	options->max_init_auth_tries = -1;
149 	options->max_init_auth_tries_log = -1;
150 
151 	options->lookup_client_hostnames = -1;
152 
153 	/* Needs to be accessable in many places */
154 	use_privsep = -1;
155 }
156 
157 #ifdef HAVE_DEFOPEN
158 /*
159  * Reads /etc/default/login and defaults several ServerOptions:
160  *
161  * PermitRootLogin
162  * PermitEmptyPasswords
163  * LoginGraceTime
164  *
165  * CONSOLE=*      -> PermitRootLogin=without-password
166  * #CONSOLE=*     -> PermitRootLogin=yes
167  *
168  * PASSREQ=YES    -> PermitEmptyPasswords=no
169  * PASSREQ=NO     -> PermitEmptyPasswords=yes
170  * #PASSREQ=*     -> PermitEmptyPasswords=no
171  *
172  * TIMEOUT=<secs> -> LoginGraceTime=<secs>
173  * #TIMEOUT=<secs> -> LoginGraceTime=300
174  */
175 static
176 void
177 deflt_fill_default_server_options(ServerOptions *options)
178 {
179 	int	flags;
180 	char	*ptr;
181 
182 	if (defopen(_PATH_DEFAULT_LOGIN))
183 		return;
184 
185 	/* Ignore case */
186 	flags = defcntl(DC_GETFLAGS, 0);
187 	TURNOFF(flags, DC_CASE);
188 	(void) defcntl(DC_SETFLAGS, flags);
189 
190 	if (options->permit_root_login == PERMIT_NOT_SET &&
191 	    (ptr = defread("CONSOLE=")) != NULL)
192 		options->permit_root_login = PERMIT_NO_PASSWD;
193 
194 	if (options->permit_empty_passwd == -1 &&
195 	    (ptr = defread("PASSREQ=")) != NULL) {
196 		if (strcasecmp("YES", ptr) == 0)
197 			options->permit_empty_passwd = 0;
198 		else if (strcasecmp("NO", ptr) == 0)
199 			options->permit_empty_passwd = 1;
200 	}
201 
202 	if (options->max_init_auth_tries == -1 &&
203 	    (ptr = defread("RETRIES=")) != NULL) {
204 		options->max_init_auth_tries = atoi(ptr);
205 	}
206 
207 	if (options->max_init_auth_tries_log == -1 &&
208 	    (ptr = defread("SYSLOG_FAILED_LOGINS=")) != NULL) {
209 		options->max_init_auth_tries_log = atoi(ptr);
210 	}
211 
212 	if (options->login_grace_time == -1) {
213 		if ((ptr = defread("TIMEOUT=")) != NULL)
214 			options->login_grace_time = (unsigned)atoi(ptr);
215 		else
216 			options->login_grace_time = 300;
217 	}
218 
219 	(void) defopen((char *)NULL);
220 }
221 #endif /* HAVE_DEFOPEN */
222 
223 void
224 fill_default_server_options(ServerOptions *options)
225 {
226 
227 #ifdef HAVE_DEFOPEN
228 	deflt_fill_default_server_options(options);
229 #endif /* HAVE_DEFOPEN */
230 
231 	/* Portable-specific options */
232 	if (options->pam_authentication_via_kbd_int == -1)
233 		options->pam_authentication_via_kbd_int = 0;
234 
235 	/* Standard Options */
236 	if (options->protocol == SSH_PROTO_UNKNOWN)
237 		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
238 	if (options->num_host_key_files == 0) {
239 		/* fill default hostkeys for protocols */
240 		if (options->protocol & SSH_PROTO_1)
241 			options->host_key_files[options->num_host_key_files++] =
242 			    _PATH_HOST_KEY_FILE;
243 #ifndef GSSAPI
244 		/* With GSS keyex we can run v2 w/ no host keys */
245 		if (options->protocol & SSH_PROTO_2) {
246 			options->host_key_files[options->num_host_key_files++] =
247 			    _PATH_HOST_RSA_KEY_FILE;
248 			options->host_key_files[options->num_host_key_files++] =
249 			    _PATH_HOST_DSA_KEY_FILE;
250 		}
251 #endif /* GSSAPI */
252 	}
253 	if (options->num_ports == 0)
254 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
255 	if (options->listen_addrs == NULL)
256 		add_listen_addr(options, NULL, 0);
257 	if (options->pid_file == NULL)
258 		options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
259 	if (options->server_key_bits == -1)
260 		options->server_key_bits = 768;
261 	if (options->login_grace_time == -1)
262 		options->login_grace_time = 120;
263 	if (options->key_regeneration_time == -1)
264 		options->key_regeneration_time = 3600;
265 	if (options->permit_root_login == PERMIT_NOT_SET)
266 		options->permit_root_login = PERMIT_YES;
267 	if (options->ignore_rhosts == -1)
268 		options->ignore_rhosts = 1;
269 	if (options->ignore_user_known_hosts == -1)
270 		options->ignore_user_known_hosts = 0;
271 	if (options->print_motd == -1)
272 		options->print_motd = 1;
273 	if (options->print_lastlog == -1)
274 		options->print_lastlog = 1;
275 	if (options->x11_forwarding == -1)
276 		options->x11_forwarding = 1;
277 	if (options->x11_display_offset == -1)
278 		options->x11_display_offset = 10;
279 	if (options->x11_use_localhost == -1)
280 		options->x11_use_localhost = 1;
281 	if (options->xauth_location == NULL)
282 		options->xauth_location = _PATH_XAUTH;
283 	if (options->strict_modes == -1)
284 		options->strict_modes = 1;
285 	if (options->keepalives == -1)
286 		options->keepalives = 1;
287 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
288 		options->log_facility = SYSLOG_FACILITY_AUTH;
289 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
290 		options->log_level = SYSLOG_LEVEL_INFO;
291 	if (options->rhosts_authentication == -1)
292 		options->rhosts_authentication = 0;
293 	if (options->rhosts_rsa_authentication == -1)
294 		options->rhosts_rsa_authentication = 0;
295 	if (options->hostbased_authentication == -1)
296 		options->hostbased_authentication = 0;
297 	if (options->hostbased_uses_name_from_packet_only == -1)
298 		options->hostbased_uses_name_from_packet_only = 0;
299 	if (options->rsa_authentication == -1)
300 		options->rsa_authentication = 1;
301 	if (options->pubkey_authentication == -1)
302 		options->pubkey_authentication = 1;
303 #ifdef GSSAPI
304 	if (options->gss_authentication == -1)
305 		options->gss_authentication = 1;
306 	if (options->gss_keyex == -1)
307 		options->gss_keyex = 1;
308 	if (options->gss_store_creds == -1)
309 		options->gss_store_creds = 1;
310 	if (options->gss_use_session_ccache == -1)
311 		options->gss_use_session_ccache = 1;
312 	if (options->gss_cleanup_creds == -1)
313 		options->gss_cleanup_creds = 1;
314 #endif
315 #if defined(KRB4) || defined(KRB5)
316 	if (options->kerberos_authentication == -1)
317 		options->kerberos_authentication = 0;
318 	if (options->kerberos_or_local_passwd == -1)
319 		options->kerberos_or_local_passwd = 1;
320 	if (options->kerberos_ticket_cleanup == -1)
321 		options->kerberos_ticket_cleanup = 1;
322 #endif
323 #if defined(AFS) || defined(KRB5)
324 	if (options->kerberos_tgt_passing == -1)
325 		options->kerberos_tgt_passing = 0;
326 #endif
327 #ifdef AFS
328 	if (options->afs_token_passing == -1)
329 		options->afs_token_passing = 0;
330 #endif
331 	if (options->password_authentication == -1)
332 		options->password_authentication = 1;
333 	if (options->kbd_interactive_authentication == -1)
334 		options->kbd_interactive_authentication = 0;
335 	if (options->challenge_response_authentication == -1)
336 		options->challenge_response_authentication = 1;
337 	if (options->permit_empty_passwd == -1)
338 		options->permit_empty_passwd = 0;
339 	if (options->permit_user_env == -1)
340 		options->permit_user_env = 0;
341 	if (options->use_login == -1)
342 		options->use_login = 0;
343 	if (options->compression == -1)
344 		options->compression = 1;
345 	if (options->allow_tcp_forwarding == -1)
346 		options->allow_tcp_forwarding = 1;
347 	if (options->gateway_ports == -1)
348 		options->gateway_ports = 0;
349 	if (options->max_startups == -1)
350 		options->max_startups = 10;
351 	if (options->max_startups_rate == -1)
352 		options->max_startups_rate = 100;		/* 100% */
353 	if (options->max_startups_begin == -1)
354 		options->max_startups_begin = options->max_startups;
355 	if (options->verify_reverse_mapping == -1)
356 		options->verify_reverse_mapping = 0;
357 	if (options->client_alive_interval == -1)
358 		options->client_alive_interval = 0;
359 	if (options->client_alive_count_max == -1)
360 		options->client_alive_count_max = 3;
361 	if (options->authorized_keys_file2 == NULL) {
362 		/* authorized_keys_file2 falls back to authorized_keys_file */
363 		if (options->authorized_keys_file != NULL)
364 			options->authorized_keys_file2 = options->authorized_keys_file;
365 		else
366 			options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
367 	}
368 	if (options->authorized_keys_file == NULL)
369 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
370 
371 	if (options->max_auth_tries == -1)
372 		options->max_auth_tries = AUTH_FAIL_MAX;
373 	if (options->max_auth_tries_log == -1)
374 		options->max_auth_tries_log = options->max_auth_tries / 2;
375 
376 	if (options->max_init_auth_tries == -1)
377 		options->max_init_auth_tries = AUTH_FAIL_MAX;
378 	if (options->max_init_auth_tries_log == -1)
379 		options->max_init_auth_tries_log = options->max_init_auth_tries / 2;
380 
381 	if (options->lookup_client_hostnames == -1)
382 		options->lookup_client_hostnames = 1;
383 
384 	/* XXX SUNWssh resync */
385 	/* Turn privilege separation OFF by default */
386 	if (use_privsep == -1)
387 		use_privsep = 0;
388 
389 #ifndef HAVE_MMAP
390 	if (use_privsep && options->compression == 1) {
391 		error("This platform does not support both privilege "
392 		    "separation and compression");
393 		error("Compression disabled");
394 		options->compression = 0;
395 	}
396 #endif
397 
398 }
399 
400 /* Keyword tokens. */
401 typedef enum {
402 	sBadOption,		/* == unknown option */
403 	/* Portable-specific options */
404 	sPAMAuthenticationViaKbdInt,
405 	/* Standard Options */
406 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
407 	sPermitRootLogin, sLogFacility, sLogLevel,
408 	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
409 #ifdef GSSAPI
410 	sGssAuthentication, sGssKeyEx, sGssStoreDelegCreds,
411 	sGssUseSessionCredCache, sGssCleanupCreds,
412 #endif /* GSSAPI */
413 #if defined(KRB4) || defined(KRB5)
414 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
415 #endif
416 #if defined(AFS) || defined(KRB5)
417 	sKerberosTgtPassing,
418 #endif
419 #ifdef AFS
420 	sAFSTokenPassing,
421 #endif
422 	sChallengeResponseAuthentication,
423 	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
424 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
425 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
426 	sStrictModes, sEmptyPasswd, sKeepAlives,
427 	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
428 	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
429 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
430 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
431 	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
432 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
433 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
434 	sMaxAuthTries, sMaxAuthTriesLog, sUsePrivilegeSeparation,
435 	sLookupClientHostnames,
436 	sDeprecated
437 } ServerOpCodes;
438 
439 /* Textual representation of the tokens. */
440 static struct {
441 	const char *name;
442 	ServerOpCodes opcode;
443 } keywords[] = {
444 	/* Portable-specific options */
445 	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
446 	/* Standard Options */
447 	{ "port", sPort },
448 	{ "hostkey", sHostKeyFile },
449 	{ "hostdsakey", sHostKeyFile },					/* alias */
450 	{ "pidfile", sPidFile },
451 	{ "serverkeybits", sServerKeyBits },
452 	{ "logingracetime", sLoginGraceTime },
453 	{ "keyregenerationinterval", sKeyRegenerationTime },
454 	{ "permitrootlogin", sPermitRootLogin },
455 	{ "syslogfacility", sLogFacility },
456 	{ "loglevel", sLogLevel },
457 	{ "rhostsauthentication", sRhostsAuthentication },
458 	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
459 	{ "hostbasedauthentication", sHostbasedAuthentication },
460 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
461 	{ "rsaauthentication", sRSAAuthentication },
462 	{ "pubkeyauthentication", sPubkeyAuthentication },
463 	{ "dsaauthentication", sPubkeyAuthentication },			/* alias */
464 #ifdef GSSAPI
465 	{ "gssapiauthentication", sGssAuthentication },
466 	{ "gssapikeyexchange", sGssKeyEx },
467 	{ "gssapistoredelegatedcredentials", sGssStoreDelegCreds },
468 	{ "gssauthentication", sGssAuthentication },			/* alias */
469 	{ "gsskeyex", sGssKeyEx },					/* alias */
470 	{ "gssstoredelegcreds", sGssStoreDelegCreds },			/* alias */
471 #ifndef SUNW_GSSAPI
472 	{ "gssusesessionccache", sGssUseSessionCredCache },
473 	{ "gssusesessioncredcache", sGssUseSessionCredCache },
474 	{ "gsscleanupcreds", sGssCleanupCreds },
475 #endif /* SUNW_GSSAPI */
476 #endif
477 #if defined(KRB4) || defined(KRB5)
478 	{ "kerberosauthentication", sKerberosAuthentication },
479 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
480 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
481 #endif
482 #if defined(AFS) || defined(KRB5)
483 	{ "kerberostgtpassing", sKerberosTgtPassing },
484 #endif
485 #ifdef AFS
486 	{ "afstokenpassing", sAFSTokenPassing },
487 #endif
488 	{ "passwordauthentication", sPasswordAuthentication },
489 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
490 	{ "challengeresponseauthentication", sChallengeResponseAuthentication },
491 	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
492 	{ "checkmail", sDeprecated },
493 	{ "listenaddress", sListenAddress },
494 	{ "printmotd", sPrintMotd },
495 	{ "printlastlog", sPrintLastLog },
496 	{ "ignorerhosts", sIgnoreRhosts },
497 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
498 	{ "x11forwarding", sX11Forwarding },
499 	{ "x11displayoffset", sX11DisplayOffset },
500 	{ "x11uselocalhost", sX11UseLocalhost },
501 	{ "xauthlocation", sXAuthLocation },
502 	{ "strictmodes", sStrictModes },
503 	{ "permitemptypasswords", sEmptyPasswd },
504 	{ "permituserenvironment", sPermitUserEnvironment },
505 	{ "uselogin", sUseLogin },
506 	{ "compression", sCompression },
507 	{ "keepalive", sKeepAlives },
508 	{ "allowtcpforwarding", sAllowTcpForwarding },
509 	{ "allowusers", sAllowUsers },
510 	{ "denyusers", sDenyUsers },
511 	{ "allowgroups", sAllowGroups },
512 	{ "denygroups", sDenyGroups },
513 	{ "ciphers", sCiphers },
514 	{ "macs", sMacs },
515 	{ "protocol", sProtocol },
516 	{ "gatewayports", sGatewayPorts },
517 	{ "subsystem", sSubsystem },
518 	{ "maxstartups", sMaxStartups },
519 	{ "banner", sBanner },
520 	{ "verifyreversemapping", sVerifyReverseMapping },
521 	{ "reversemappingcheck", sVerifyReverseMapping },
522 	{ "clientaliveinterval", sClientAliveInterval },
523 	{ "clientalivecountmax", sClientAliveCountMax },
524 	{ "authorizedkeysfile", sAuthorizedKeysFile },
525 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
526 	{ "maxauthtries", sMaxAuthTries },
527 	{ "maxauthtrieslog", sMaxAuthTriesLog },
528 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
529 	{ "lookupclienthostnames", sLookupClientHostnames},
530 	{ NULL, sBadOption }
531 };
532 
533 /*
534  * Returns the number of the token pointed to by cp or sBadOption.
535  */
536 
537 static ServerOpCodes
538 parse_token(const char *cp, const char *filename,
539 	    int linenum)
540 {
541 	u_int i;
542 
543 	for (i = 0; keywords[i].name; i++)
544 		if (strcasecmp(cp, keywords[i].name) == 0)
545 			return keywords[i].opcode;
546 
547 	error("%s: line %d: Bad configuration option: %s",
548 	    filename, linenum, cp);
549 	return sBadOption;
550 }
551 
552 static void
553 add_listen_addr(ServerOptions *options, char *addr, u_short port)
554 {
555 	int i;
556 
557 	if (options->num_ports == 0)
558 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
559 	if (port == 0)
560 		for (i = 0; i < options->num_ports; i++)
561 			add_one_listen_addr(options, addr, options->ports[i]);
562 	else
563 		add_one_listen_addr(options, addr, port);
564 }
565 
566 static void
567 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
568 {
569 	struct addrinfo hints, *ai, *aitop;
570 	char strport[NI_MAXSERV];
571 	int gaierr;
572 
573 	(void) memset(&hints, 0, sizeof(hints));
574 	hints.ai_family = IPv4or6;
575 	hints.ai_socktype = SOCK_STREAM;
576 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
577 	(void) snprintf(strport, sizeof strport, "%u", port);
578 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
579 		fatal("bad addr or host: %s (%s)",
580 		    addr ? addr : "<NULL>",
581 		    gai_strerror(gaierr));
582 	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
583 		;
584 	ai->ai_next = options->listen_addrs;
585 	options->listen_addrs = aitop;
586 }
587 
588 int
589 process_server_config_line(ServerOptions *options, char *line,
590     const char *filename, int linenum)
591 {
592 	char *cp, **charptr, *arg, *p;
593 	int *intptr, value, i, n;
594 	ServerOpCodes opcode;
595 
596 	cp = line;
597 	arg = strdelim(&cp);
598 	/* Ignore leading whitespace */
599 	if (*arg == '\0')
600 		arg = strdelim(&cp);
601 	if (!arg || !*arg || *arg == '#')
602 		return 0;
603 	intptr = NULL;
604 	charptr = NULL;
605 	opcode = parse_token(arg, filename, linenum);
606 	switch (opcode) {
607 	/* Portable-specific options */
608 	case sPAMAuthenticationViaKbdInt:
609 		intptr = &options->pam_authentication_via_kbd_int;
610 		goto parse_flag;
611 
612 	/* Standard Options */
613 	case sBadOption:
614 		return -1;
615 	case sPort:
616 		/* ignore ports from configfile if cmdline specifies ports */
617 		if (options->ports_from_cmdline)
618 			return 0;
619 		if (options->listen_addrs != NULL)
620 			fatal("%s line %d: ports must be specified before "
621 			    "ListenAddress.", filename, linenum);
622 		if (options->num_ports >= MAX_PORTS)
623 			fatal("%s line %d: too many ports.",
624 			    filename, linenum);
625 		arg = strdelim(&cp);
626 		if (!arg || *arg == '\0')
627 			fatal("%s line %d: missing port number.",
628 			    filename, linenum);
629 		options->ports[options->num_ports++] = a2port(arg);
630 		if (options->ports[options->num_ports-1] == 0)
631 			fatal("%s line %d: Badly formatted port number.",
632 			    filename, linenum);
633 		break;
634 
635 	case sServerKeyBits:
636 		intptr = &options->server_key_bits;
637 parse_int:
638 		arg = strdelim(&cp);
639 		if (!arg || *arg == '\0')
640 			fatal("%s line %d: missing integer value.",
641 			    filename, linenum);
642 		value = atoi(arg);
643 		if (*intptr == -1)
644 			*intptr = value;
645 		break;
646 
647 	case sLoginGraceTime:
648 		intptr = &options->login_grace_time;
649 parse_time:
650 		arg = strdelim(&cp);
651 		if (!arg || *arg == '\0')
652 			fatal("%s line %d: missing time value.",
653 			    filename, linenum);
654 		if ((value = convtime(arg)) == -1)
655 			fatal("%s line %d: invalid time value.",
656 			    filename, linenum);
657 		if (*intptr == -1)
658 			*intptr = value;
659 		break;
660 
661 	case sKeyRegenerationTime:
662 		intptr = &options->key_regeneration_time;
663 		goto parse_time;
664 
665 	case sListenAddress:
666 		arg = strdelim(&cp);
667 		if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
668 			fatal("%s line %d: missing inet addr.",
669 			    filename, linenum);
670 		if (*arg == '[') {
671 			if ((p = strchr(arg, ']')) == NULL)
672 				fatal("%s line %d: bad ipv6 inet addr usage.",
673 				    filename, linenum);
674 			arg++;
675 			(void) memmove(p, p+1, strlen(p+1)+1);
676 		} else if (((p = strchr(arg, ':')) == NULL) ||
677 			    (strchr(p+1, ':') != NULL)) {
678 			add_listen_addr(options, arg, 0);
679 			break;
680 		}
681 		if (*p == ':') {
682 			u_short port;
683 
684 			p++;
685 			if (*p == '\0')
686 				fatal("%s line %d: bad inet addr:port usage.",
687 				    filename, linenum);
688 			else {
689 				*(p-1) = '\0';
690 				if ((port = a2port(p)) == 0)
691 					fatal("%s line %d: bad port number.",
692 					    filename, linenum);
693 				add_listen_addr(options, arg, port);
694 			}
695 		} else if (*p == '\0')
696 			add_listen_addr(options, arg, 0);
697 		else
698 			fatal("%s line %d: bad inet addr usage.",
699 			    filename, linenum);
700 		break;
701 
702 	case sHostKeyFile:
703 		intptr = &options->num_host_key_files;
704 		if (*intptr >= MAX_HOSTKEYS)
705 			fatal("%s line %d: too many host keys specified (max %d).",
706 			    filename, linenum, MAX_HOSTKEYS);
707 		charptr = &options->host_key_files[*intptr];
708 parse_filename:
709 		arg = strdelim(&cp);
710 		if (!arg || *arg == '\0')
711 			fatal("%s line %d: missing file name.",
712 			    filename, linenum);
713 		if (*charptr == NULL) {
714 			*charptr = tilde_expand_filename(arg, getuid());
715 			/* increase optional counter */
716 			if (intptr != NULL)
717 				*intptr = *intptr + 1;
718 		}
719 		break;
720 
721 	case sPidFile:
722 		charptr = &options->pid_file;
723 		goto parse_filename;
724 
725 	case sPermitRootLogin:
726 		intptr = &options->permit_root_login;
727 		arg = strdelim(&cp);
728 		if (!arg || *arg == '\0')
729 			fatal("%s line %d: missing yes/"
730 			    "without-password/forced-commands-only/no "
731 			    "argument.", filename, linenum);
732 		value = 0;	/* silence compiler */
733 		if (strcmp(arg, "without-password") == 0)
734 			value = PERMIT_NO_PASSWD;
735 		else if (strcmp(arg, "forced-commands-only") == 0)
736 			value = PERMIT_FORCED_ONLY;
737 		else if (strcmp(arg, "yes") == 0)
738 			value = PERMIT_YES;
739 		else if (strcmp(arg, "no") == 0)
740 			value = PERMIT_NO;
741 		else
742 			fatal("%s line %d: Bad yes/"
743 			    "without-password/forced-commands-only/no "
744 			    "argument: %s", filename, linenum, arg);
745 		if (*intptr == -1)
746 			*intptr = value;
747 		break;
748 
749 	case sIgnoreRhosts:
750 		intptr = &options->ignore_rhosts;
751 parse_flag:
752 		arg = strdelim(&cp);
753 		if (!arg || *arg == '\0')
754 			fatal("%s line %d: missing yes/no argument.",
755 			    filename, linenum);
756 		value = 0;	/* silence compiler */
757 		if (strcmp(arg, "yes") == 0)
758 			value = 1;
759 		else if (strcmp(arg, "no") == 0)
760 			value = 0;
761 		else
762 			fatal("%s line %d: Bad yes/no argument: %s",
763 				filename, linenum, arg);
764 		if (*intptr == -1)
765 			*intptr = value;
766 		break;
767 
768 	case sIgnoreUserKnownHosts:
769 		intptr = &options->ignore_user_known_hosts;
770 		goto parse_flag;
771 
772 	case sRhostsAuthentication:
773 		intptr = &options->rhosts_authentication;
774 		goto parse_flag;
775 
776 	case sRhostsRSAAuthentication:
777 		intptr = &options->rhosts_rsa_authentication;
778 		goto parse_flag;
779 
780 	case sHostbasedAuthentication:
781 		intptr = &options->hostbased_authentication;
782 		goto parse_flag;
783 
784 	case sHostbasedUsesNameFromPacketOnly:
785 		intptr = &options->hostbased_uses_name_from_packet_only;
786 		goto parse_flag;
787 
788 	case sRSAAuthentication:
789 		intptr = &options->rsa_authentication;
790 		goto parse_flag;
791 
792 	case sPubkeyAuthentication:
793 		intptr = &options->pubkey_authentication;
794 		goto parse_flag;
795 #ifdef GSSAPI
796 	case sGssAuthentication:
797 		intptr = &options->gss_authentication;
798 		goto parse_flag;
799 	case sGssKeyEx:
800 		intptr = &options->gss_keyex;
801 		goto parse_flag;
802 	case sGssStoreDelegCreds:
803 		intptr = &options->gss_keyex;
804 		goto parse_flag;
805 #ifndef SUNW_GSSAPI
806 	case sGssUseSessionCredCache:
807 		intptr = &options->gss_use_session_ccache;
808 		goto parse_flag;
809 	case sGssCleanupCreds:
810 		intptr = &options->gss_cleanup_creds;
811 		goto parse_flag;
812 #endif /* SUNW_GSSAPI */
813 #endif /* GSSAPI */
814 #if defined(KRB4) || defined(KRB5)
815 	case sKerberosAuthentication:
816 		intptr = &options->kerberos_authentication;
817 		goto parse_flag;
818 
819 	case sKerberosOrLocalPasswd:
820 		intptr = &options->kerberos_or_local_passwd;
821 		goto parse_flag;
822 
823 	case sKerberosTicketCleanup:
824 		intptr = &options->kerberos_ticket_cleanup;
825 		goto parse_flag;
826 #endif
827 #if defined(AFS) || defined(KRB5)
828 	case sKerberosTgtPassing:
829 		intptr = &options->kerberos_tgt_passing;
830 		goto parse_flag;
831 #endif
832 #ifdef AFS
833 	case sAFSTokenPassing:
834 		intptr = &options->afs_token_passing;
835 		goto parse_flag;
836 #endif
837 
838 	case sPasswordAuthentication:
839 		intptr = &options->password_authentication;
840 		goto parse_flag;
841 
842 	case sKbdInteractiveAuthentication:
843 		intptr = &options->kbd_interactive_authentication;
844 		goto parse_flag;
845 
846 	case sChallengeResponseAuthentication:
847 		intptr = &options->challenge_response_authentication;
848 		goto parse_flag;
849 
850 	case sPrintMotd:
851 		intptr = &options->print_motd;
852 		goto parse_flag;
853 
854 	case sPrintLastLog:
855 		intptr = &options->print_lastlog;
856 		goto parse_flag;
857 
858 	case sX11Forwarding:
859 		intptr = &options->x11_forwarding;
860 		goto parse_flag;
861 
862 	case sX11DisplayOffset:
863 		intptr = &options->x11_display_offset;
864 		goto parse_int;
865 
866 	case sX11UseLocalhost:
867 		intptr = &options->x11_use_localhost;
868 		goto parse_flag;
869 
870 	case sXAuthLocation:
871 		charptr = &options->xauth_location;
872 		goto parse_filename;
873 
874 	case sStrictModes:
875 		intptr = &options->strict_modes;
876 		goto parse_flag;
877 
878 	case sKeepAlives:
879 		intptr = &options->keepalives;
880 		goto parse_flag;
881 
882 	case sEmptyPasswd:
883 		intptr = &options->permit_empty_passwd;
884 		goto parse_flag;
885 
886 	case sPermitUserEnvironment:
887 		intptr = &options->permit_user_env;
888 		goto parse_flag;
889 
890 	case sUseLogin:
891 		intptr = &options->use_login;
892 		goto parse_flag;
893 
894 	case sCompression:
895 		intptr = &options->compression;
896 		goto parse_flag;
897 
898 	case sGatewayPorts:
899 		intptr = &options->gateway_ports;
900 		goto parse_flag;
901 
902 	case sVerifyReverseMapping:
903 		intptr = &options->verify_reverse_mapping;
904 		goto parse_flag;
905 
906 	case sLogFacility:
907 		intptr = (int *) &options->log_facility;
908 		arg = strdelim(&cp);
909 		value = log_facility_number(arg);
910 		if (value == SYSLOG_FACILITY_NOT_SET)
911 			fatal("%.200s line %d: unsupported log facility '%s'",
912 			    filename, linenum, arg ? arg : "<NONE>");
913 		if (*intptr == -1)
914 			*intptr = (SyslogFacility) value;
915 		break;
916 
917 	case sLogLevel:
918 		intptr = (int *) &options->log_level;
919 		arg = strdelim(&cp);
920 		value = log_level_number(arg);
921 		if (value == SYSLOG_LEVEL_NOT_SET)
922 			fatal("%.200s line %d: unsupported log level '%s'",
923 			    filename, linenum, arg ? arg : "<NONE>");
924 		if (*intptr == -1)
925 			*intptr = (LogLevel) value;
926 		break;
927 
928 	case sAllowTcpForwarding:
929 		intptr = &options->allow_tcp_forwarding;
930 		goto parse_flag;
931 
932 	case sUsePrivilegeSeparation:
933 		intptr = &use_privsep;
934 		goto parse_flag;
935 
936 	case sAllowUsers:
937 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
938 			if (options->num_allow_users >= MAX_ALLOW_USERS)
939 				fatal("%s line %d: too many allow users.",
940 				    filename, linenum);
941 			options->allow_users[options->num_allow_users++] =
942 			    xstrdup(arg);
943 		}
944 		break;
945 
946 	case sDenyUsers:
947 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
948 			if (options->num_deny_users >= MAX_DENY_USERS)
949 				fatal( "%s line %d: too many deny users.",
950 				    filename, linenum);
951 			options->deny_users[options->num_deny_users++] =
952 			    xstrdup(arg);
953 		}
954 		break;
955 
956 	case sAllowGroups:
957 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
958 			if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
959 				fatal("%s line %d: too many allow groups.",
960 				    filename, linenum);
961 			options->allow_groups[options->num_allow_groups++] =
962 			    xstrdup(arg);
963 		}
964 		break;
965 
966 	case sDenyGroups:
967 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
968 			if (options->num_deny_groups >= MAX_DENY_GROUPS)
969 				fatal("%s line %d: too many deny groups.",
970 				    filename, linenum);
971 			options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
972 		}
973 		break;
974 
975 	case sCiphers:
976 		arg = strdelim(&cp);
977 		if (!arg || *arg == '\0')
978 			fatal("%s line %d: Missing argument.", filename, linenum);
979 		if (!ciphers_valid(arg))
980 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
981 			    filename, linenum, arg ? arg : "<NONE>");
982 		if (options->ciphers == NULL)
983 			options->ciphers = xstrdup(arg);
984 		break;
985 
986 	case sMacs:
987 		arg = strdelim(&cp);
988 		if (!arg || *arg == '\0')
989 			fatal("%s line %d: Missing argument.", filename, linenum);
990 		if (!mac_valid(arg))
991 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
992 			    filename, linenum, arg ? arg : "<NONE>");
993 		if (options->macs == NULL)
994 			options->macs = xstrdup(arg);
995 		break;
996 
997 	case sProtocol:
998 		intptr = &options->protocol;
999 		arg = strdelim(&cp);
1000 		if (!arg || *arg == '\0')
1001 			fatal("%s line %d: Missing argument.", filename, linenum);
1002 		value = proto_spec(arg);
1003 		if (value == SSH_PROTO_UNKNOWN)
1004 			fatal("%s line %d: Bad protocol spec '%s'.",
1005 			    filename, linenum, arg ? arg : "<NONE>");
1006 		if (*intptr == SSH_PROTO_UNKNOWN)
1007 			*intptr = value;
1008 		break;
1009 
1010 	case sSubsystem:
1011 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1012 			fatal("%s line %d: too many subsystems defined.",
1013 			    filename, linenum);
1014 		}
1015 		arg = strdelim(&cp);
1016 		if (!arg || *arg == '\0')
1017 			fatal("%s line %d: Missing subsystem name.",
1018 			    filename, linenum);
1019 		for (i = 0; i < options->num_subsystems; i++)
1020 			if (strcmp(arg, options->subsystem_name[i]) == 0)
1021 				fatal("%s line %d: Subsystem '%s' already defined.",
1022 				    filename, linenum, arg);
1023 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1024 		arg = strdelim(&cp);
1025 		if (!arg || *arg == '\0')
1026 			fatal("%s line %d: Missing subsystem command.",
1027 			    filename, linenum);
1028 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1029 		options->num_subsystems++;
1030 		break;
1031 
1032 	case sMaxStartups:
1033 		arg = strdelim(&cp);
1034 		if (!arg || *arg == '\0')
1035 			fatal("%s line %d: Missing MaxStartups spec.",
1036 			    filename, linenum);
1037 		if ((n = sscanf(arg, "%d:%d:%d",
1038 		    &options->max_startups_begin,
1039 		    &options->max_startups_rate,
1040 		    &options->max_startups)) == 3) {
1041 			if (options->max_startups_begin >
1042 			    options->max_startups ||
1043 			    options->max_startups_rate > 100 ||
1044 			    options->max_startups_rate < 1)
1045 				fatal("%s line %d: Illegal MaxStartups spec.",
1046 				    filename, linenum);
1047 		} else if (n != 1)
1048 			fatal("%s line %d: Illegal MaxStartups spec.",
1049 			    filename, linenum);
1050 		else
1051 			options->max_startups = options->max_startups_begin;
1052 		break;
1053 
1054 	case sBanner:
1055 		charptr = &options->banner;
1056 		goto parse_filename;
1057 	/*
1058 	 * These options can contain %X options expanded at
1059 	 * connect time, so that you can specify paths like:
1060 	 *
1061 	 * AuthorizedKeysFile	/etc/ssh_keys/%u
1062 	 */
1063 	case sAuthorizedKeysFile:
1064 	case sAuthorizedKeysFile2:
1065 		charptr = (opcode == sAuthorizedKeysFile ) ?
1066 		    &options->authorized_keys_file :
1067 		    &options->authorized_keys_file2;
1068 		goto parse_filename;
1069 
1070 	case sClientAliveInterval:
1071 		intptr = &options->client_alive_interval;
1072 		goto parse_time;
1073 
1074 	case sClientAliveCountMax:
1075 		intptr = &options->client_alive_count_max;
1076 		goto parse_int;
1077 
1078 	case sMaxAuthTries:
1079 		intptr = &options->max_auth_tries;
1080 		goto parse_int;
1081 
1082 	case sMaxAuthTriesLog:
1083 		intptr = &options->max_auth_tries_log;
1084 		goto parse_int;
1085 
1086 	case sLookupClientHostnames:
1087 		intptr = &options->lookup_client_hostnames;
1088 		goto parse_flag;
1089 
1090 	case sDeprecated:
1091 		log("%s line %d: Deprecated option %s",
1092 		    filename, linenum, arg);
1093 		while (arg)
1094 		    arg = strdelim(&cp);
1095 		break;
1096 
1097 	default:
1098 		fatal("%s line %d: Missing handler for opcode %s (%d)",
1099 		    filename, linenum, arg, opcode);
1100 	}
1101 	if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1102 		fatal("%s line %d: garbage at end of line; \"%.200s\".",
1103 		    filename, linenum, arg);
1104 	return 0;
1105 }
1106 
1107 /* Reads the server configuration file. */
1108 
1109 void
1110 read_server_config(ServerOptions *options, const char *filename)
1111 {
1112 	int linenum, bad_options = 0;
1113 	char line[1024];
1114 	FILE *f;
1115 
1116 	f = fopen(filename, "r");
1117 	if (!f) {
1118 		perror(filename);
1119 		exit(1);
1120 	}
1121 	linenum = 0;
1122 	while (fgets(line, sizeof(line), f)) {
1123 		/* Update line number counter. */
1124 		linenum++;
1125 		if (process_server_config_line(options, line, filename, linenum) != 0)
1126 			bad_options++;
1127 	}
1128 	(void) fclose(f);
1129 	if (bad_options > 0)
1130 		fatal("%s: terminating, %d bad configuration options",
1131 		    filename, bad_options);
1132 }
1133