xref: /titanic_44/usr/src/cmd/ssh/sshd/servconf.c (revision a38ddfee9c8c6b6c5a2947ff52fd2338362a4444)
1 /*
2  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3  *                    All rights reserved
4  *
5  * As far as I am concerned, the code I have written for this software
6  * can be used freely for any purpose.  Any derived versions of this
7  * software must be clearly marked as such, and if the derived work is
8  * incompatible with the protocol description in the RFC file, it must be
9  * called by a name other than "ssh" or "Secure Shell".
10  */
11 /*
12  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
13  * Use is subject to license terms.
14  */
15 
16 #include "includes.h"
17 RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
18 
19 #ifdef HAVE_DEFOPEN
20 #include <deflt.h>
21 #endif /* HAVE_DEFOPEN */
22 
23 #if defined(KRB4)
24 #include <krb.h>
25 #endif
26 #if defined(KRB5)
27 #ifdef HEIMDAL
28 #include <krb.h>
29 #else
30 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
31  * keytab */
32 #define KEYFILE "/etc/krb5.keytab"
33 #endif
34 #endif
35 #ifdef AFS
36 #include <kafs.h>
37 #endif
38 
39 #include "ssh.h"
40 #include "log.h"
41 #include "servconf.h"
42 #include "xmalloc.h"
43 #include "compat.h"
44 #include "pathnames.h"
45 #include "tildexpand.h"
46 #include "misc.h"
47 #include "cipher.h"
48 #include "kex.h"
49 #include "mac.h"
50 #include "auth.h"
51 
52 static void add_listen_addr(ServerOptions *, char *, u_short);
53 static void add_one_listen_addr(ServerOptions *, char *, u_short);
54 
55 /* AF_UNSPEC or AF_INET or AF_INET6 */
56 extern int IPv4or6;
57 
58 /* Initializes the server options to their default values. */
59 
60 void
61 initialize_server_options(ServerOptions *options)
62 {
63 	(void) memset(options, 0, sizeof(*options));
64 
65 	/* Portable-specific options */
66 	options->pam_authentication_via_kbd_int = -1;
67 
68 	/* Standard Options */
69 	options->num_ports = 0;
70 	options->ports_from_cmdline = 0;
71 	options->listen_addrs = NULL;
72 	options->num_host_key_files = 0;
73 	options->pid_file = NULL;
74 	options->server_key_bits = -1;
75 	options->login_grace_time = -1;
76 	options->key_regeneration_time = -1;
77 	options->permit_root_login = PERMIT_NOT_SET;
78 	options->ignore_rhosts = -1;
79 	options->ignore_user_known_hosts = -1;
80 	options->print_motd = -1;
81 	options->print_lastlog = -1;
82 	options->x11_forwarding = -1;
83 	options->x11_display_offset = -1;
84 	options->x11_use_localhost = -1;
85 	options->xauth_location = NULL;
86 	options->strict_modes = -1;
87 	options->keepalives = -1;
88 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
89 	options->log_level = SYSLOG_LEVEL_NOT_SET;
90 	options->rhosts_authentication = -1;
91 	options->rhosts_rsa_authentication = -1;
92 	options->hostbased_authentication = -1;
93 	options->hostbased_uses_name_from_packet_only = -1;
94 	options->rsa_authentication = -1;
95 	options->pubkey_authentication = -1;
96 #ifdef GSSAPI
97 	options->gss_authentication = -1;
98 	options->gss_keyex = -1;
99 	options->gss_store_creds = -1;
100 	options->gss_use_session_ccache = -1;
101 	options->gss_cleanup_creds = -1;
102 #endif
103 #if defined(KRB4) || defined(KRB5)
104 	options->kerberos_authentication = -1;
105 	options->kerberos_or_local_passwd = -1;
106 	options->kerberos_ticket_cleanup = -1;
107 #endif
108 #if defined(AFS) || defined(KRB5)
109 	options->kerberos_tgt_passing = -1;
110 #endif
111 #ifdef AFS
112 	options->afs_token_passing = -1;
113 #endif
114 	options->password_authentication = -1;
115 	options->kbd_interactive_authentication = -1;
116 	options->challenge_response_authentication = -1;
117 	options->permit_empty_passwd = -1;
118 	options->permit_user_env = -1;
119 	options->use_login = -1;
120 	options->compression = -1;
121 	options->allow_tcp_forwarding = -1;
122 	options->num_allow_users = 0;
123 	options->num_deny_users = 0;
124 	options->num_allow_groups = 0;
125 	options->num_deny_groups = 0;
126 	options->ciphers = NULL;
127 	options->macs = NULL;
128 	options->protocol = SSH_PROTO_UNKNOWN;
129 	options->gateway_ports = -1;
130 	options->num_subsystems = 0;
131 	options->max_startups_begin = -1;
132 	options->max_startups_rate = -1;
133 	options->max_startups = -1;
134 	options->banner = NULL;
135 	options->verify_reverse_mapping = -1;
136 	options->client_alive_interval = -1;
137 	options->client_alive_count_max = -1;
138 	options->authorized_keys_file = NULL;
139 	options->authorized_keys_file2 = NULL;
140 
141 	options->max_auth_tries = -1;
142 	options->max_auth_tries_log = -1;
143 
144 	options->max_init_auth_tries = -1;
145 	options->max_init_auth_tries_log = -1;
146 
147 	options->lookup_client_hostnames = -1;
148 	options->use_openssl_engine = -1;
149 }
150 
151 #ifdef HAVE_DEFOPEN
152 /*
153  * Reads /etc/default/login and defaults several ServerOptions:
154  *
155  * PermitRootLogin
156  * PermitEmptyPasswords
157  * LoginGraceTime
158  *
159  * CONSOLE=*      -> PermitRootLogin=without-password
160  * #CONSOLE=*     -> PermitRootLogin=yes
161  *
162  * PASSREQ=YES    -> PermitEmptyPasswords=no
163  * PASSREQ=NO     -> PermitEmptyPasswords=yes
164  * #PASSREQ=*     -> PermitEmptyPasswords=no
165  *
166  * TIMEOUT=<secs> -> LoginGraceTime=<secs>
167  * #TIMEOUT=<secs> -> LoginGraceTime=300
168  */
169 static
170 void
171 deflt_fill_default_server_options(ServerOptions *options)
172 {
173 	int	flags;
174 	char	*ptr;
175 
176 	if (defopen(_PATH_DEFAULT_LOGIN))
177 		return;
178 
179 	/* Ignore case */
180 	flags = defcntl(DC_GETFLAGS, 0);
181 	TURNOFF(flags, DC_CASE);
182 	(void) defcntl(DC_SETFLAGS, flags);
183 
184 	if (options->permit_root_login == PERMIT_NOT_SET &&
185 	    (ptr = defread("CONSOLE=")) != NULL)
186 		options->permit_root_login = PERMIT_NO_PASSWD;
187 
188 	if (options->permit_empty_passwd == -1 &&
189 	    (ptr = defread("PASSREQ=")) != NULL) {
190 		if (strcasecmp("YES", ptr) == 0)
191 			options->permit_empty_passwd = 0;
192 		else if (strcasecmp("NO", ptr) == 0)
193 			options->permit_empty_passwd = 1;
194 	}
195 
196 	if (options->max_init_auth_tries == -1 &&
197 	    (ptr = defread("RETRIES=")) != NULL) {
198 		options->max_init_auth_tries = atoi(ptr);
199 	}
200 
201 	if (options->max_init_auth_tries_log == -1 &&
202 	    (ptr = defread("SYSLOG_FAILED_LOGINS=")) != NULL) {
203 		options->max_init_auth_tries_log = atoi(ptr);
204 	}
205 
206 	if (options->login_grace_time == -1) {
207 		if ((ptr = defread("TIMEOUT=")) != NULL)
208 			options->login_grace_time = (unsigned)atoi(ptr);
209 		else
210 			options->login_grace_time = 300;
211 	}
212 
213 	(void) defopen((char *)NULL);
214 }
215 #endif /* HAVE_DEFOPEN */
216 
217 void
218 fill_default_server_options(ServerOptions *options)
219 {
220 
221 #ifdef HAVE_DEFOPEN
222 	deflt_fill_default_server_options(options);
223 #endif /* HAVE_DEFOPEN */
224 
225 	/* Portable-specific options */
226 	if (options->pam_authentication_via_kbd_int == -1)
227 		options->pam_authentication_via_kbd_int = 0;
228 
229 	/* Standard Options */
230 	if (options->protocol == SSH_PROTO_UNKNOWN)
231 		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
232 	if (options->num_host_key_files == 0) {
233 		/* fill default hostkeys for protocols */
234 		if (options->protocol & SSH_PROTO_1)
235 			options->host_key_files[options->num_host_key_files++] =
236 			    _PATH_HOST_KEY_FILE;
237 #ifndef GSSAPI
238 		/* With GSS keyex we can run v2 w/ no host keys */
239 		if (options->protocol & SSH_PROTO_2) {
240 			options->host_key_files[options->num_host_key_files++] =
241 			    _PATH_HOST_RSA_KEY_FILE;
242 			options->host_key_files[options->num_host_key_files++] =
243 			    _PATH_HOST_DSA_KEY_FILE;
244 		}
245 #endif /* GSSAPI */
246 	}
247 	if (options->num_ports == 0)
248 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
249 	if (options->listen_addrs == NULL)
250 		add_listen_addr(options, NULL, 0);
251 	if (options->pid_file == NULL)
252 		options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
253 	if (options->server_key_bits == -1)
254 		options->server_key_bits = 768;
255 	if (options->login_grace_time == -1)
256 		options->login_grace_time = 120;
257 	if (options->key_regeneration_time == -1)
258 		options->key_regeneration_time = 3600;
259 	if (options->permit_root_login == PERMIT_NOT_SET)
260 		options->permit_root_login = PERMIT_YES;
261 	if (options->ignore_rhosts == -1)
262 		options->ignore_rhosts = 1;
263 	if (options->ignore_user_known_hosts == -1)
264 		options->ignore_user_known_hosts = 0;
265 	if (options->print_motd == -1)
266 		options->print_motd = 1;
267 	if (options->print_lastlog == -1)
268 		options->print_lastlog = 1;
269 	if (options->x11_forwarding == -1)
270 		options->x11_forwarding = 1;
271 	if (options->x11_display_offset == -1)
272 		options->x11_display_offset = 10;
273 	if (options->x11_use_localhost == -1)
274 		options->x11_use_localhost = 1;
275 	if (options->xauth_location == NULL)
276 		options->xauth_location = _PATH_XAUTH;
277 	if (options->strict_modes == -1)
278 		options->strict_modes = 1;
279 	if (options->keepalives == -1)
280 		options->keepalives = 1;
281 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
282 		options->log_facility = SYSLOG_FACILITY_AUTH;
283 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
284 		options->log_level = SYSLOG_LEVEL_INFO;
285 	if (options->rhosts_authentication == -1)
286 		options->rhosts_authentication = 0;
287 	if (options->rhosts_rsa_authentication == -1)
288 		options->rhosts_rsa_authentication = 0;
289 	if (options->hostbased_authentication == -1)
290 		options->hostbased_authentication = 0;
291 	if (options->hostbased_uses_name_from_packet_only == -1)
292 		options->hostbased_uses_name_from_packet_only = 0;
293 	if (options->rsa_authentication == -1)
294 		options->rsa_authentication = 1;
295 	if (options->pubkey_authentication == -1)
296 		options->pubkey_authentication = 1;
297 #ifdef GSSAPI
298 	if (options->gss_authentication == -1)
299 		options->gss_authentication = 1;
300 	if (options->gss_keyex == -1)
301 		options->gss_keyex = 1;
302 	if (options->gss_store_creds == -1)
303 		options->gss_store_creds = 1;
304 	if (options->gss_use_session_ccache == -1)
305 		options->gss_use_session_ccache = 1;
306 	if (options->gss_cleanup_creds == -1)
307 		options->gss_cleanup_creds = 1;
308 #endif
309 #if defined(KRB4) || defined(KRB5)
310 	if (options->kerberos_authentication == -1)
311 		options->kerberos_authentication = 0;
312 	if (options->kerberos_or_local_passwd == -1)
313 		options->kerberos_or_local_passwd = 1;
314 	if (options->kerberos_ticket_cleanup == -1)
315 		options->kerberos_ticket_cleanup = 1;
316 #endif
317 #if defined(AFS) || defined(KRB5)
318 	if (options->kerberos_tgt_passing == -1)
319 		options->kerberos_tgt_passing = 0;
320 #endif
321 #ifdef AFS
322 	if (options->afs_token_passing == -1)
323 		options->afs_token_passing = 0;
324 #endif
325 	if (options->password_authentication == -1)
326 		options->password_authentication = 1;
327 	if (options->kbd_interactive_authentication == -1)
328 		options->kbd_interactive_authentication = 0;
329 	if (options->challenge_response_authentication == -1)
330 		options->challenge_response_authentication = 1;
331 	if (options->permit_empty_passwd == -1)
332 		options->permit_empty_passwd = 0;
333 	if (options->permit_user_env == -1)
334 		options->permit_user_env = 0;
335 	if (options->use_login == -1)
336 		options->use_login = 0;
337 	if (options->compression == -1)
338 		options->compression = 1;
339 	if (options->allow_tcp_forwarding == -1)
340 		options->allow_tcp_forwarding = 1;
341 	if (options->gateway_ports == -1)
342 		options->gateway_ports = 0;
343 	if (options->max_startups == -1)
344 		options->max_startups = 10;
345 	if (options->max_startups_rate == -1)
346 		options->max_startups_rate = 100;		/* 100% */
347 	if (options->max_startups_begin == -1)
348 		options->max_startups_begin = options->max_startups;
349 	if (options->verify_reverse_mapping == -1)
350 		options->verify_reverse_mapping = 0;
351 	if (options->client_alive_interval == -1)
352 		options->client_alive_interval = 0;
353 	if (options->client_alive_count_max == -1)
354 		options->client_alive_count_max = 3;
355 	if (options->authorized_keys_file2 == NULL) {
356 		/* authorized_keys_file2 falls back to authorized_keys_file */
357 		if (options->authorized_keys_file != NULL)
358 			options->authorized_keys_file2 = options->authorized_keys_file;
359 		else
360 			options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
361 	}
362 	if (options->authorized_keys_file == NULL)
363 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
364 
365 	if (options->max_auth_tries == -1)
366 		options->max_auth_tries = AUTH_FAIL_MAX;
367 	if (options->max_auth_tries_log == -1)
368 		options->max_auth_tries_log = options->max_auth_tries / 2;
369 
370 	if (options->max_init_auth_tries == -1)
371 		options->max_init_auth_tries = AUTH_FAIL_MAX;
372 	if (options->max_init_auth_tries_log == -1)
373 		options->max_init_auth_tries_log = options->max_init_auth_tries / 2;
374 
375 	if (options->lookup_client_hostnames == -1)
376 		options->lookup_client_hostnames = 1;
377 	if (options->use_openssl_engine == -1)
378 		options->use_openssl_engine = 1;
379 }
380 
381 /* Keyword tokens. */
382 typedef enum {
383 	sBadOption,		/* == unknown option */
384 	/* Portable-specific options */
385 	sPAMAuthenticationViaKbdInt,
386 	/* Standard Options */
387 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
388 	sPermitRootLogin, sLogFacility, sLogLevel,
389 	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
390 #ifdef GSSAPI
391 	sGssAuthentication, sGssKeyEx, sGssStoreDelegCreds,
392 	sGssUseSessionCredCache, sGssCleanupCreds,
393 #endif /* GSSAPI */
394 #if defined(KRB4) || defined(KRB5)
395 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
396 #endif
397 #if defined(AFS) || defined(KRB5)
398 	sKerberosTgtPassing,
399 #endif
400 #ifdef AFS
401 	sAFSTokenPassing,
402 #endif
403 	sChallengeResponseAuthentication,
404 	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
405 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
406 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
407 	sStrictModes, sEmptyPasswd, sKeepAlives,
408 	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
409 	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
410 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
411 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
412 	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
413 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
414 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
415 	sMaxAuthTries, sMaxAuthTriesLog, sUsePrivilegeSeparation,
416 	sLookupClientHostnames, sUseOpenSSLEngine,
417 	sDeprecated
418 } ServerOpCodes;
419 
420 /* Textual representation of the tokens. */
421 static struct {
422 	const char *name;
423 	ServerOpCodes opcode;
424 } keywords[] = {
425 	/* Portable-specific options */
426 	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
427 	/* Standard Options */
428 	{ "port", sPort },
429 	{ "hostkey", sHostKeyFile },
430 	{ "hostdsakey", sHostKeyFile },					/* alias */
431 	{ "pidfile", sPidFile },
432 	{ "serverkeybits", sServerKeyBits },
433 	{ "logingracetime", sLoginGraceTime },
434 	{ "keyregenerationinterval", sKeyRegenerationTime },
435 	{ "permitrootlogin", sPermitRootLogin },
436 	{ "syslogfacility", sLogFacility },
437 	{ "loglevel", sLogLevel },
438 	{ "rhostsauthentication", sRhostsAuthentication },
439 	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
440 	{ "hostbasedauthentication", sHostbasedAuthentication },
441 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
442 	{ "rsaauthentication", sRSAAuthentication },
443 	{ "pubkeyauthentication", sPubkeyAuthentication },
444 	{ "dsaauthentication", sPubkeyAuthentication },			/* alias */
445 #ifdef GSSAPI
446 	{ "gssapiauthentication", sGssAuthentication },
447 	{ "gssapikeyexchange", sGssKeyEx },
448 	{ "gssapistoredelegatedcredentials", sGssStoreDelegCreds },
449 	{ "gssauthentication", sGssAuthentication },			/* alias */
450 	{ "gsskeyex", sGssKeyEx },					/* alias */
451 	{ "gssstoredelegcreds", sGssStoreDelegCreds },			/* alias */
452 #ifndef SUNW_GSSAPI
453 	{ "gssusesessionccache", sGssUseSessionCredCache },
454 	{ "gssusesessioncredcache", sGssUseSessionCredCache },
455 	{ "gsscleanupcreds", sGssCleanupCreds },
456 #endif /* SUNW_GSSAPI */
457 #endif
458 #if defined(KRB4) || defined(KRB5)
459 	{ "kerberosauthentication", sKerberosAuthentication },
460 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
461 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
462 #endif
463 #if defined(AFS) || defined(KRB5)
464 	{ "kerberostgtpassing", sKerberosTgtPassing },
465 #endif
466 #ifdef AFS
467 	{ "afstokenpassing", sAFSTokenPassing },
468 #endif
469 	{ "passwordauthentication", sPasswordAuthentication },
470 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
471 	{ "challengeresponseauthentication", sChallengeResponseAuthentication },
472 	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
473 	{ "checkmail", sDeprecated },
474 	{ "listenaddress", sListenAddress },
475 	{ "printmotd", sPrintMotd },
476 	{ "printlastlog", sPrintLastLog },
477 	{ "ignorerhosts", sIgnoreRhosts },
478 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
479 	{ "x11forwarding", sX11Forwarding },
480 	{ "x11displayoffset", sX11DisplayOffset },
481 	{ "x11uselocalhost", sX11UseLocalhost },
482 	{ "xauthlocation", sXAuthLocation },
483 	{ "strictmodes", sStrictModes },
484 	{ "permitemptypasswords", sEmptyPasswd },
485 	{ "permituserenvironment", sPermitUserEnvironment },
486 	{ "uselogin", sUseLogin },
487 	{ "compression", sCompression },
488 	{ "keepalive", sKeepAlives },
489 	{ "allowtcpforwarding", sAllowTcpForwarding },
490 	{ "allowusers", sAllowUsers },
491 	{ "denyusers", sDenyUsers },
492 	{ "allowgroups", sAllowGroups },
493 	{ "denygroups", sDenyGroups },
494 	{ "ciphers", sCiphers },
495 	{ "macs", sMacs },
496 	{ "protocol", sProtocol },
497 	{ "gatewayports", sGatewayPorts },
498 	{ "subsystem", sSubsystem },
499 	{ "maxstartups", sMaxStartups },
500 	{ "banner", sBanner },
501 	{ "verifyreversemapping", sVerifyReverseMapping },
502 	{ "reversemappingcheck", sVerifyReverseMapping },
503 	{ "clientaliveinterval", sClientAliveInterval },
504 	{ "clientalivecountmax", sClientAliveCountMax },
505 	{ "authorizedkeysfile", sAuthorizedKeysFile },
506 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
507 	{ "maxauthtries", sMaxAuthTries },
508 	{ "maxauthtrieslog", sMaxAuthTriesLog },
509 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
510 	{ "lookupclienthostnames", sLookupClientHostnames},
511 	{ "useopensslengine", sUseOpenSSLEngine},
512 	{ NULL, sBadOption }
513 };
514 
515 /*
516  * Returns the number of the token pointed to by cp or sBadOption.
517  */
518 
519 static ServerOpCodes
520 parse_token(const char *cp, const char *filename,
521 	    int linenum)
522 {
523 	u_int i;
524 
525 	for (i = 0; keywords[i].name; i++)
526 		if (strcasecmp(cp, keywords[i].name) == 0)
527 			return keywords[i].opcode;
528 
529 	error("%s: line %d: Bad configuration option: %s",
530 	    filename, linenum, cp);
531 	return sBadOption;
532 }
533 
534 static void
535 add_listen_addr(ServerOptions *options, char *addr, u_short port)
536 {
537 	int i;
538 
539 	if (options->num_ports == 0)
540 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
541 	if (port == 0)
542 		for (i = 0; i < options->num_ports; i++)
543 			add_one_listen_addr(options, addr, options->ports[i]);
544 	else
545 		add_one_listen_addr(options, addr, port);
546 }
547 
548 static void
549 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
550 {
551 	struct addrinfo hints, *ai, *aitop;
552 	char strport[NI_MAXSERV];
553 	int gaierr;
554 
555 	(void) memset(&hints, 0, sizeof(hints));
556 	hints.ai_family = IPv4or6;
557 	hints.ai_socktype = SOCK_STREAM;
558 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
559 	(void) snprintf(strport, sizeof strport, "%u", port);
560 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
561 		fatal("bad addr or host: %s (%s)",
562 		    addr ? addr : "<NULL>",
563 		    gai_strerror(gaierr));
564 	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
565 		;
566 	ai->ai_next = options->listen_addrs;
567 	options->listen_addrs = aitop;
568 }
569 
570 int
571 process_server_config_line(ServerOptions *options, char *line,
572     const char *filename, int linenum)
573 {
574 	char *cp, **charptr, *arg, *p;
575 	int *intptr, value, i, n;
576 	ServerOpCodes opcode;
577 
578 	cp = line;
579 	arg = strdelim(&cp);
580 	/* Ignore leading whitespace */
581 	if (*arg == '\0')
582 		arg = strdelim(&cp);
583 	if (!arg || !*arg || *arg == '#')
584 		return 0;
585 	intptr = NULL;
586 	charptr = NULL;
587 	opcode = parse_token(arg, filename, linenum);
588 	switch (opcode) {
589 	/* Portable-specific options */
590 	case sPAMAuthenticationViaKbdInt:
591 		intptr = &options->pam_authentication_via_kbd_int;
592 		goto parse_flag;
593 
594 	/* Standard Options */
595 	case sBadOption:
596 		return -1;
597 	case sPort:
598 		/* ignore ports from configfile if cmdline specifies ports */
599 		if (options->ports_from_cmdline)
600 			return 0;
601 		if (options->listen_addrs != NULL)
602 			fatal("%s line %d: ports must be specified before "
603 			    "ListenAddress.", filename, linenum);
604 		if (options->num_ports >= MAX_PORTS)
605 			fatal("%s line %d: too many ports.",
606 			    filename, linenum);
607 		arg = strdelim(&cp);
608 		if (!arg || *arg == '\0')
609 			fatal("%s line %d: missing port number.",
610 			    filename, linenum);
611 		options->ports[options->num_ports++] = a2port(arg);
612 		if (options->ports[options->num_ports-1] == 0)
613 			fatal("%s line %d: Badly formatted port number.",
614 			    filename, linenum);
615 		break;
616 
617 	case sServerKeyBits:
618 		intptr = &options->server_key_bits;
619 parse_int:
620 		arg = strdelim(&cp);
621 		if (!arg || *arg == '\0')
622 			fatal("%s line %d: missing integer value.",
623 			    filename, linenum);
624 		value = atoi(arg);
625 		if (*intptr == -1)
626 			*intptr = value;
627 		break;
628 
629 	case sLoginGraceTime:
630 		intptr = &options->login_grace_time;
631 parse_time:
632 		arg = strdelim(&cp);
633 		if (!arg || *arg == '\0')
634 			fatal("%s line %d: missing time value.",
635 			    filename, linenum);
636 		if ((value = convtime(arg)) == -1)
637 			fatal("%s line %d: invalid time value.",
638 			    filename, linenum);
639 		if (*intptr == -1)
640 			*intptr = value;
641 		break;
642 
643 	case sKeyRegenerationTime:
644 		intptr = &options->key_regeneration_time;
645 		goto parse_time;
646 
647 	case sListenAddress:
648 		arg = strdelim(&cp);
649 		if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
650 			fatal("%s line %d: missing inet addr.",
651 			    filename, linenum);
652 		if (*arg == '[') {
653 			if ((p = strchr(arg, ']')) == NULL)
654 				fatal("%s line %d: bad ipv6 inet addr usage.",
655 				    filename, linenum);
656 			arg++;
657 			(void) memmove(p, p+1, strlen(p+1)+1);
658 		} else if (((p = strchr(arg, ':')) == NULL) ||
659 			    (strchr(p+1, ':') != NULL)) {
660 			add_listen_addr(options, arg, 0);
661 			break;
662 		}
663 		if (*p == ':') {
664 			u_short port;
665 
666 			p++;
667 			if (*p == '\0')
668 				fatal("%s line %d: bad inet addr:port usage.",
669 				    filename, linenum);
670 			else {
671 				*(p-1) = '\0';
672 				if ((port = a2port(p)) == 0)
673 					fatal("%s line %d: bad port number.",
674 					    filename, linenum);
675 				add_listen_addr(options, arg, port);
676 			}
677 		} else if (*p == '\0')
678 			add_listen_addr(options, arg, 0);
679 		else
680 			fatal("%s line %d: bad inet addr usage.",
681 			    filename, linenum);
682 		break;
683 
684 	case sHostKeyFile:
685 		intptr = &options->num_host_key_files;
686 		if (*intptr >= MAX_HOSTKEYS)
687 			fatal("%s line %d: too many host keys specified (max %d).",
688 			    filename, linenum, MAX_HOSTKEYS);
689 		charptr = &options->host_key_files[*intptr];
690 parse_filename:
691 		arg = strdelim(&cp);
692 		if (!arg || *arg == '\0')
693 			fatal("%s line %d: missing file name.",
694 			    filename, linenum);
695 		if (*charptr == NULL) {
696 			*charptr = tilde_expand_filename(arg, getuid());
697 			/* increase optional counter */
698 			if (intptr != NULL)
699 				*intptr = *intptr + 1;
700 		}
701 		break;
702 
703 	case sPidFile:
704 		charptr = &options->pid_file;
705 		goto parse_filename;
706 
707 	case sPermitRootLogin:
708 		intptr = &options->permit_root_login;
709 		arg = strdelim(&cp);
710 		if (!arg || *arg == '\0')
711 			fatal("%s line %d: missing yes/"
712 			    "without-password/forced-commands-only/no "
713 			    "argument.", filename, linenum);
714 		value = 0;	/* silence compiler */
715 		if (strcmp(arg, "without-password") == 0)
716 			value = PERMIT_NO_PASSWD;
717 		else if (strcmp(arg, "forced-commands-only") == 0)
718 			value = PERMIT_FORCED_ONLY;
719 		else if (strcmp(arg, "yes") == 0)
720 			value = PERMIT_YES;
721 		else if (strcmp(arg, "no") == 0)
722 			value = PERMIT_NO;
723 		else
724 			fatal("%s line %d: Bad yes/"
725 			    "without-password/forced-commands-only/no "
726 			    "argument: %s", filename, linenum, arg);
727 		if (*intptr == -1)
728 			*intptr = value;
729 		break;
730 
731 	case sIgnoreRhosts:
732 		intptr = &options->ignore_rhosts;
733 parse_flag:
734 		arg = strdelim(&cp);
735 		if (!arg || *arg == '\0')
736 			fatal("%s line %d: missing yes/no argument.",
737 			    filename, linenum);
738 		value = 0;	/* silence compiler */
739 		if (strcmp(arg, "yes") == 0)
740 			value = 1;
741 		else if (strcmp(arg, "no") == 0)
742 			value = 0;
743 		else
744 			fatal("%s line %d: Bad yes/no argument: %s",
745 				filename, linenum, arg);
746 		if (*intptr == -1)
747 			*intptr = value;
748 		break;
749 
750 	case sIgnoreUserKnownHosts:
751 		intptr = &options->ignore_user_known_hosts;
752 		goto parse_flag;
753 
754 	case sRhostsAuthentication:
755 		intptr = &options->rhosts_authentication;
756 		goto parse_flag;
757 
758 	case sRhostsRSAAuthentication:
759 		intptr = &options->rhosts_rsa_authentication;
760 		goto parse_flag;
761 
762 	case sHostbasedAuthentication:
763 		intptr = &options->hostbased_authentication;
764 		goto parse_flag;
765 
766 	case sHostbasedUsesNameFromPacketOnly:
767 		intptr = &options->hostbased_uses_name_from_packet_only;
768 		goto parse_flag;
769 
770 	case sRSAAuthentication:
771 		intptr = &options->rsa_authentication;
772 		goto parse_flag;
773 
774 	case sPubkeyAuthentication:
775 		intptr = &options->pubkey_authentication;
776 		goto parse_flag;
777 #ifdef GSSAPI
778 	case sGssAuthentication:
779 		intptr = &options->gss_authentication;
780 		goto parse_flag;
781 	case sGssKeyEx:
782 		intptr = &options->gss_keyex;
783 		goto parse_flag;
784 	case sGssStoreDelegCreds:
785 		intptr = &options->gss_keyex;
786 		goto parse_flag;
787 #ifndef SUNW_GSSAPI
788 	case sGssUseSessionCredCache:
789 		intptr = &options->gss_use_session_ccache;
790 		goto parse_flag;
791 	case sGssCleanupCreds:
792 		intptr = &options->gss_cleanup_creds;
793 		goto parse_flag;
794 #endif /* SUNW_GSSAPI */
795 #endif /* GSSAPI */
796 #if defined(KRB4) || defined(KRB5)
797 	case sKerberosAuthentication:
798 		intptr = &options->kerberos_authentication;
799 		goto parse_flag;
800 
801 	case sKerberosOrLocalPasswd:
802 		intptr = &options->kerberos_or_local_passwd;
803 		goto parse_flag;
804 
805 	case sKerberosTicketCleanup:
806 		intptr = &options->kerberos_ticket_cleanup;
807 		goto parse_flag;
808 #endif
809 #if defined(AFS) || defined(KRB5)
810 	case sKerberosTgtPassing:
811 		intptr = &options->kerberos_tgt_passing;
812 		goto parse_flag;
813 #endif
814 #ifdef AFS
815 	case sAFSTokenPassing:
816 		intptr = &options->afs_token_passing;
817 		goto parse_flag;
818 #endif
819 
820 	case sPasswordAuthentication:
821 		intptr = &options->password_authentication;
822 		goto parse_flag;
823 
824 	case sKbdInteractiveAuthentication:
825 		intptr = &options->kbd_interactive_authentication;
826 		goto parse_flag;
827 
828 	case sChallengeResponseAuthentication:
829 		intptr = &options->challenge_response_authentication;
830 		goto parse_flag;
831 
832 	case sPrintMotd:
833 		intptr = &options->print_motd;
834 		goto parse_flag;
835 
836 	case sPrintLastLog:
837 		intptr = &options->print_lastlog;
838 		goto parse_flag;
839 
840 	case sX11Forwarding:
841 		intptr = &options->x11_forwarding;
842 		goto parse_flag;
843 
844 	case sX11DisplayOffset:
845 		intptr = &options->x11_display_offset;
846 		goto parse_int;
847 
848 	case sX11UseLocalhost:
849 		intptr = &options->x11_use_localhost;
850 		goto parse_flag;
851 
852 	case sXAuthLocation:
853 		charptr = &options->xauth_location;
854 		goto parse_filename;
855 
856 	case sStrictModes:
857 		intptr = &options->strict_modes;
858 		goto parse_flag;
859 
860 	case sKeepAlives:
861 		intptr = &options->keepalives;
862 		goto parse_flag;
863 
864 	case sEmptyPasswd:
865 		intptr = &options->permit_empty_passwd;
866 		goto parse_flag;
867 
868 	case sPermitUserEnvironment:
869 		intptr = &options->permit_user_env;
870 		goto parse_flag;
871 
872 	case sUseLogin:
873 		intptr = &options->use_login;
874 		goto parse_flag;
875 
876 	case sCompression:
877 		intptr = &options->compression;
878 		goto parse_flag;
879 
880 	case sGatewayPorts:
881 		arg = strdelim(&cp);
882 		if (get_yes_no_flag(&options->gateway_ports, arg, filename,
883 		    linenum, 1) == 1)
884 			break;
885 
886 		if (strcmp(arg, "clientspecified") == 0)
887 			options->gateway_ports = 2;
888 		else
889 			fatal("%.200s line %d: Bad yes/no/clientspecified "
890 			    "argument.", filename, linenum);
891 		break;
892 
893 	case sVerifyReverseMapping:
894 		intptr = &options->verify_reverse_mapping;
895 		goto parse_flag;
896 
897 	case sLogFacility:
898 		intptr = (int *) &options->log_facility;
899 		arg = strdelim(&cp);
900 		value = log_facility_number(arg);
901 		if (value == SYSLOG_FACILITY_NOT_SET)
902 			fatal("%.200s line %d: unsupported log facility '%s'",
903 			    filename, linenum, arg ? arg : "<NONE>");
904 		if (*intptr == -1)
905 			*intptr = (SyslogFacility) value;
906 		break;
907 
908 	case sLogLevel:
909 		intptr = (int *) &options->log_level;
910 		arg = strdelim(&cp);
911 		value = log_level_number(arg);
912 		if (value == SYSLOG_LEVEL_NOT_SET)
913 			fatal("%.200s line %d: unsupported log level '%s'",
914 			    filename, linenum, arg ? arg : "<NONE>");
915 		if (*intptr == -1)
916 			*intptr = (LogLevel) value;
917 		break;
918 
919 	case sAllowTcpForwarding:
920 		intptr = &options->allow_tcp_forwarding;
921 		goto parse_flag;
922 
923 	case sUsePrivilegeSeparation:
924 		log("%s line %d: ignoring UsePrivilegeSeparation option value."
925 		    " This option is always on.", filename, linenum);
926 		while (arg)
927 		    arg = strdelim(&cp);
928 		break;
929 
930 	case sAllowUsers:
931 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
932 			if (options->num_allow_users >= MAX_ALLOW_USERS)
933 				fatal("%s line %d: too many allow users.",
934 				    filename, linenum);
935 			options->allow_users[options->num_allow_users++] =
936 			    xstrdup(arg);
937 		}
938 		break;
939 
940 	case sDenyUsers:
941 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
942 			if (options->num_deny_users >= MAX_DENY_USERS)
943 				fatal( "%s line %d: too many deny users.",
944 				    filename, linenum);
945 			options->deny_users[options->num_deny_users++] =
946 			    xstrdup(arg);
947 		}
948 		break;
949 
950 	case sAllowGroups:
951 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
952 			if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
953 				fatal("%s line %d: too many allow groups.",
954 				    filename, linenum);
955 			options->allow_groups[options->num_allow_groups++] =
956 			    xstrdup(arg);
957 		}
958 		break;
959 
960 	case sDenyGroups:
961 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
962 			if (options->num_deny_groups >= MAX_DENY_GROUPS)
963 				fatal("%s line %d: too many deny groups.",
964 				    filename, linenum);
965 			options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
966 		}
967 		break;
968 
969 	case sCiphers:
970 		arg = strdelim(&cp);
971 		if (!arg || *arg == '\0')
972 			fatal("%s line %d: Missing argument.", filename, linenum);
973 		if (!ciphers_valid(arg))
974 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
975 			    filename, linenum, arg ? arg : "<NONE>");
976 		if (options->ciphers == NULL)
977 			options->ciphers = xstrdup(arg);
978 		break;
979 
980 	case sMacs:
981 		arg = strdelim(&cp);
982 		if (!arg || *arg == '\0')
983 			fatal("%s line %d: Missing argument.", filename, linenum);
984 		if (!mac_valid(arg))
985 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
986 			    filename, linenum, arg ? arg : "<NONE>");
987 		if (options->macs == NULL)
988 			options->macs = xstrdup(arg);
989 		break;
990 
991 	case sProtocol:
992 		intptr = &options->protocol;
993 		arg = strdelim(&cp);
994 		if (!arg || *arg == '\0')
995 			fatal("%s line %d: Missing argument.", filename, linenum);
996 		value = proto_spec(arg);
997 		if (value == SSH_PROTO_UNKNOWN)
998 			fatal("%s line %d: Bad protocol spec '%s'.",
999 			    filename, linenum, arg ? arg : "<NONE>");
1000 		if (*intptr == SSH_PROTO_UNKNOWN)
1001 			*intptr = value;
1002 		break;
1003 
1004 	case sSubsystem:
1005 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1006 			fatal("%s line %d: too many subsystems defined.",
1007 			    filename, linenum);
1008 		}
1009 		arg = strdelim(&cp);
1010 		if (!arg || *arg == '\0')
1011 			fatal("%s line %d: Missing subsystem name.",
1012 			    filename, linenum);
1013 		for (i = 0; i < options->num_subsystems; i++)
1014 			if (strcmp(arg, options->subsystem_name[i]) == 0)
1015 				fatal("%s line %d: Subsystem '%s' already defined.",
1016 				    filename, linenum, arg);
1017 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1018 		arg = strdelim(&cp);
1019 		if (!arg || *arg == '\0')
1020 			fatal("%s line %d: Missing subsystem command.",
1021 			    filename, linenum);
1022 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1023 		options->num_subsystems++;
1024 		break;
1025 
1026 	case sMaxStartups:
1027 		arg = strdelim(&cp);
1028 		if (!arg || *arg == '\0')
1029 			fatal("%s line %d: Missing MaxStartups spec.",
1030 			    filename, linenum);
1031 		if ((n = sscanf(arg, "%d:%d:%d",
1032 		    &options->max_startups_begin,
1033 		    &options->max_startups_rate,
1034 		    &options->max_startups)) == 3) {
1035 			if (options->max_startups_begin >
1036 			    options->max_startups ||
1037 			    options->max_startups_rate > 100 ||
1038 			    options->max_startups_rate < 1)
1039 				fatal("%s line %d: Illegal MaxStartups spec.",
1040 				    filename, linenum);
1041 		} else if (n != 1)
1042 			fatal("%s line %d: Illegal MaxStartups spec.",
1043 			    filename, linenum);
1044 		else
1045 			options->max_startups = options->max_startups_begin;
1046 		break;
1047 
1048 	case sBanner:
1049 		charptr = &options->banner;
1050 		goto parse_filename;
1051 	/*
1052 	 * These options can contain %X options expanded at
1053 	 * connect time, so that you can specify paths like:
1054 	 *
1055 	 * AuthorizedKeysFile	/etc/ssh_keys/%u
1056 	 */
1057 	case sAuthorizedKeysFile:
1058 	case sAuthorizedKeysFile2:
1059 		charptr = (opcode == sAuthorizedKeysFile ) ?
1060 		    &options->authorized_keys_file :
1061 		    &options->authorized_keys_file2;
1062 		goto parse_filename;
1063 
1064 	case sClientAliveInterval:
1065 		intptr = &options->client_alive_interval;
1066 		goto parse_time;
1067 
1068 	case sClientAliveCountMax:
1069 		intptr = &options->client_alive_count_max;
1070 		goto parse_int;
1071 
1072 	case sMaxAuthTries:
1073 		intptr = &options->max_auth_tries;
1074 		goto parse_int;
1075 
1076 	case sMaxAuthTriesLog:
1077 		intptr = &options->max_auth_tries_log;
1078 		goto parse_int;
1079 
1080 	case sLookupClientHostnames:
1081 		intptr = &options->lookup_client_hostnames;
1082 		goto parse_flag;
1083 	case sUseOpenSSLEngine:
1084 		intptr = &options->use_openssl_engine;
1085 		goto parse_flag;
1086 
1087 	case sDeprecated:
1088 		log("%s line %d: Deprecated option %s",
1089 		    filename, linenum, arg);
1090 		while (arg)
1091 		    arg = strdelim(&cp);
1092 		break;
1093 
1094 	default:
1095 		fatal("%s line %d: Missing handler for opcode %s (%d)",
1096 		    filename, linenum, arg, opcode);
1097 	}
1098 	if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1099 		fatal("%s line %d: garbage at end of line; \"%.200s\".",
1100 		    filename, linenum, arg);
1101 	return 0;
1102 }
1103 
1104 /* Reads the server configuration file. */
1105 
1106 void
1107 read_server_config(ServerOptions *options, const char *filename)
1108 {
1109 	int linenum, bad_options = 0;
1110 	char line[1024];
1111 	FILE *f;
1112 
1113 	f = fopen(filename, "r");
1114 	if (!f) {
1115 		perror(filename);
1116 		exit(1);
1117 	}
1118 	linenum = 0;
1119 	while (fgets(line, sizeof(line), f)) {
1120 		/* Update line number counter. */
1121 		linenum++;
1122 		if (process_server_config_line(options, line, filename, linenum) != 0)
1123 			bad_options++;
1124 	}
1125 	(void) fclose(f);
1126 	if (bad_options > 0)
1127 		fatal("%s: terminating, %d bad configuration options",
1128 		    filename, bad_options);
1129 }
1130