xref: /titanic_44/usr/src/cmd/ssh/sshd/servconf.c (revision b509e89b2befbaa42939abad9da1d7f5a8c6aaae)
1 /*
2  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3  *                    All rights reserved
4  *
5  * As far as I am concerned, the code I have written for this software
6  * can be used freely for any purpose.  Any derived versions of this
7  * software must be clearly marked as such, and if the derived work is
8  * incompatible with the protocol description in the RFC file, it must be
9  * called by a name other than "ssh" or "Secure Shell".
10  */
11 /*
12  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
13  * Use is subject to license terms.
14  */
15 
16 #include "includes.h"
17 RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
18 
19 #ifdef HAVE_DEFOPEN
20 #include <deflt.h>
21 #endif /* HAVE_DEFOPEN */
22 
23 #if defined(KRB4)
24 #include <krb.h>
25 #endif
26 #if defined(KRB5)
27 #ifdef HEIMDAL
28 #include <krb.h>
29 #else
30 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
31  * keytab */
32 #define KEYFILE "/etc/krb5.keytab"
33 #endif
34 #endif
35 #ifdef AFS
36 #include <kafs.h>
37 #endif
38 
39 #include "ssh.h"
40 #include "log.h"
41 #include "servconf.h"
42 #include "xmalloc.h"
43 #include "compat.h"
44 #include "pathnames.h"
45 #include "tildexpand.h"
46 #include "misc.h"
47 #include "cipher.h"
48 #include "kex.h"
49 #include "mac.h"
50 #include "auth.h"
51 
52 static void add_listen_addr(ServerOptions *, char *, u_short);
53 static void add_one_listen_addr(ServerOptions *, char *, u_short);
54 
55 /* AF_UNSPEC or AF_INET or AF_INET6 */
56 extern int IPv4or6;
57 
58 /*
59  * Initializes the server options to their initial (unset) values. Some of those
60  * that stay unset after the command line options and configuration files are
61  * read are set to their default values in fill_default_server_options().
62  */
63 void
64 initialize_server_options(ServerOptions *options)
65 {
66 	(void) memset(options, 0, sizeof(*options));
67 
68 	/* Portable-specific options */
69 	options->pam_authentication_via_kbd_int = -1;
70 
71 	/* Standard Options */
72 	options->num_ports = 0;
73 	options->ports_from_cmdline = 0;
74 	options->listen_addrs = NULL;
75 	options->num_host_key_files = 0;
76 	options->pid_file = NULL;
77 	options->server_key_bits = -1;
78 	options->login_grace_time = -1;
79 	options->key_regeneration_time = -1;
80 	options->permit_root_login = PERMIT_NOT_SET;
81 	options->ignore_rhosts = -1;
82 	options->ignore_user_known_hosts = -1;
83 	options->print_motd = -1;
84 	options->print_lastlog = -1;
85 	options->x11_forwarding = -1;
86 	options->x11_display_offset = -1;
87 	options->x11_use_localhost = -1;
88 	options->xauth_location = NULL;
89 	options->strict_modes = -1;
90 	options->keepalives = -1;
91 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
92 	options->log_level = SYSLOG_LEVEL_NOT_SET;
93 	options->rhosts_authentication = -1;
94 	options->rhosts_rsa_authentication = -1;
95 	options->hostbased_authentication = -1;
96 	options->hostbased_uses_name_from_packet_only = -1;
97 	options->rsa_authentication = -1;
98 	options->pubkey_authentication = -1;
99 #ifdef GSSAPI
100 	options->gss_authentication = -1;
101 	options->gss_keyex = -1;
102 	options->gss_store_creds = -1;
103 	options->gss_use_session_ccache = -1;
104 	options->gss_cleanup_creds = -1;
105 #endif
106 #if defined(KRB4) || defined(KRB5)
107 	options->kerberos_authentication = -1;
108 	options->kerberos_or_local_passwd = -1;
109 	options->kerberos_ticket_cleanup = -1;
110 #endif
111 #if defined(AFS) || defined(KRB5)
112 	options->kerberos_tgt_passing = -1;
113 #endif
114 #ifdef AFS
115 	options->afs_token_passing = -1;
116 #endif
117 	options->password_authentication = -1;
118 	options->kbd_interactive_authentication = -1;
119 	options->challenge_response_authentication = -1;
120 	options->permit_empty_passwd = -1;
121 	options->permit_user_env = -1;
122 	options->use_login = -1;
123 	options->compression = -1;
124 	options->allow_tcp_forwarding = -1;
125 	options->num_allow_users = 0;
126 	options->num_deny_users = 0;
127 	options->num_allow_groups = 0;
128 	options->num_deny_groups = 0;
129 	options->ciphers = NULL;
130 	options->macs = NULL;
131 	options->protocol = SSH_PROTO_UNKNOWN;
132 	options->gateway_ports = -1;
133 	options->num_subsystems = 0;
134 	options->max_startups_begin = -1;
135 	options->max_startups_rate = -1;
136 	options->max_startups = -1;
137 	options->banner = NULL;
138 	options->verify_reverse_mapping = -1;
139 	options->client_alive_interval = -1;
140 	options->client_alive_count_max = -1;
141 	options->authorized_keys_file = NULL;
142 	options->authorized_keys_file2 = NULL;
143 
144 	options->max_auth_tries = -1;
145 	options->max_auth_tries_log = -1;
146 
147 	options->max_init_auth_tries = -1;
148 	options->max_init_auth_tries_log = -1;
149 
150 	options->lookup_client_hostnames = -1;
151 	options->use_openssl_engine = -1;
152 	options->chroot_directory = NULL;
153 }
154 
155 #ifdef HAVE_DEFOPEN
156 /*
157  * Reads /etc/default/login and defaults several ServerOptions:
158  *
159  * PermitRootLogin
160  * PermitEmptyPasswords
161  * LoginGraceTime
162  *
163  * CONSOLE=*      -> PermitRootLogin=without-password
164  * #CONSOLE=*     -> PermitRootLogin=yes
165  *
166  * PASSREQ=YES    -> PermitEmptyPasswords=no
167  * PASSREQ=NO     -> PermitEmptyPasswords=yes
168  * #PASSREQ=*     -> PermitEmptyPasswords=no
169  *
170  * TIMEOUT=<secs> -> LoginGraceTime=<secs>
171  * #TIMEOUT=<secs> -> LoginGraceTime=300
172  */
173 static
174 void
175 deflt_fill_default_server_options(ServerOptions *options)
176 {
177 	int	flags;
178 	char	*ptr;
179 
180 	if (defopen(_PATH_DEFAULT_LOGIN))
181 		return;
182 
183 	/* Ignore case */
184 	flags = defcntl(DC_GETFLAGS, 0);
185 	TURNOFF(flags, DC_CASE);
186 	(void) defcntl(DC_SETFLAGS, flags);
187 
188 	if (options->permit_root_login == PERMIT_NOT_SET &&
189 	    (ptr = defread("CONSOLE=")) != NULL)
190 		options->permit_root_login = PERMIT_NO_PASSWD;
191 
192 	if (options->permit_empty_passwd == -1 &&
193 	    (ptr = defread("PASSREQ=")) != NULL) {
194 		if (strcasecmp("YES", ptr) == 0)
195 			options->permit_empty_passwd = 0;
196 		else if (strcasecmp("NO", ptr) == 0)
197 			options->permit_empty_passwd = 1;
198 	}
199 
200 	if (options->max_init_auth_tries == -1 &&
201 	    (ptr = defread("RETRIES=")) != NULL) {
202 		options->max_init_auth_tries = atoi(ptr);
203 	}
204 
205 	if (options->max_init_auth_tries_log == -1 &&
206 	    (ptr = defread("SYSLOG_FAILED_LOGINS=")) != NULL) {
207 		options->max_init_auth_tries_log = atoi(ptr);
208 	}
209 
210 	if (options->login_grace_time == -1) {
211 		if ((ptr = defread("TIMEOUT=")) != NULL)
212 			options->login_grace_time = (unsigned)atoi(ptr);
213 		else
214 			options->login_grace_time = 300;
215 	}
216 
217 	(void) defopen((char *)NULL);
218 }
219 #endif /* HAVE_DEFOPEN */
220 
221 void
222 fill_default_server_options(ServerOptions *options)
223 {
224 
225 #ifdef HAVE_DEFOPEN
226 	deflt_fill_default_server_options(options);
227 #endif /* HAVE_DEFOPEN */
228 
229 	/* Portable-specific options */
230 	if (options->pam_authentication_via_kbd_int == -1)
231 		options->pam_authentication_via_kbd_int = 0;
232 
233 	/* Standard Options */
234 	if (options->protocol == SSH_PROTO_UNKNOWN)
235 		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
236 	if (options->num_host_key_files == 0) {
237 		/* fill default hostkeys for protocols */
238 		if (options->protocol & SSH_PROTO_1)
239 			options->host_key_files[options->num_host_key_files++] =
240 			    _PATH_HOST_KEY_FILE;
241 #ifndef GSSAPI
242 		/* With GSS keyex we can run v2 w/ no host keys */
243 		if (options->protocol & SSH_PROTO_2) {
244 			options->host_key_files[options->num_host_key_files++] =
245 			    _PATH_HOST_RSA_KEY_FILE;
246 			options->host_key_files[options->num_host_key_files++] =
247 			    _PATH_HOST_DSA_KEY_FILE;
248 		}
249 #endif /* GSSAPI */
250 	}
251 	if (options->num_ports == 0)
252 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
253 	if (options->listen_addrs == NULL)
254 		add_listen_addr(options, NULL, 0);
255 	if (options->pid_file == NULL)
256 		options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
257 	if (options->server_key_bits == -1)
258 		options->server_key_bits = 768;
259 	if (options->login_grace_time == -1)
260 		options->login_grace_time = 120;
261 	if (options->key_regeneration_time == -1)
262 		options->key_regeneration_time = 3600;
263 	if (options->permit_root_login == PERMIT_NOT_SET)
264 		options->permit_root_login = PERMIT_YES;
265 	if (options->ignore_rhosts == -1)
266 		options->ignore_rhosts = 1;
267 	if (options->ignore_user_known_hosts == -1)
268 		options->ignore_user_known_hosts = 0;
269 	if (options->print_motd == -1)
270 		options->print_motd = 1;
271 	if (options->print_lastlog == -1)
272 		options->print_lastlog = 1;
273 	if (options->x11_forwarding == -1)
274 		options->x11_forwarding = 1;
275 	if (options->x11_display_offset == -1)
276 		options->x11_display_offset = 10;
277 	if (options->x11_use_localhost == -1)
278 		options->x11_use_localhost = 1;
279 	if (options->xauth_location == NULL)
280 		options->xauth_location = _PATH_XAUTH;
281 	if (options->strict_modes == -1)
282 		options->strict_modes = 1;
283 	if (options->keepalives == -1)
284 		options->keepalives = 1;
285 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
286 		options->log_facility = SYSLOG_FACILITY_AUTH;
287 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
288 		options->log_level = SYSLOG_LEVEL_INFO;
289 	if (options->rhosts_authentication == -1)
290 		options->rhosts_authentication = 0;
291 	if (options->rhosts_rsa_authentication == -1)
292 		options->rhosts_rsa_authentication = 0;
293 	if (options->hostbased_authentication == -1)
294 		options->hostbased_authentication = 0;
295 	if (options->hostbased_uses_name_from_packet_only == -1)
296 		options->hostbased_uses_name_from_packet_only = 0;
297 	if (options->rsa_authentication == -1)
298 		options->rsa_authentication = 1;
299 	if (options->pubkey_authentication == -1)
300 		options->pubkey_authentication = 1;
301 #ifdef GSSAPI
302 	if (options->gss_authentication == -1)
303 		options->gss_authentication = 1;
304 	if (options->gss_keyex == -1)
305 		options->gss_keyex = 1;
306 	if (options->gss_store_creds == -1)
307 		options->gss_store_creds = 1;
308 	if (options->gss_use_session_ccache == -1)
309 		options->gss_use_session_ccache = 1;
310 	if (options->gss_cleanup_creds == -1)
311 		options->gss_cleanup_creds = 1;
312 #endif
313 #if defined(KRB4) || defined(KRB5)
314 	if (options->kerberos_authentication == -1)
315 		options->kerberos_authentication = 0;
316 	if (options->kerberos_or_local_passwd == -1)
317 		options->kerberos_or_local_passwd = 1;
318 	if (options->kerberos_ticket_cleanup == -1)
319 		options->kerberos_ticket_cleanup = 1;
320 #endif
321 #if defined(AFS) || defined(KRB5)
322 	if (options->kerberos_tgt_passing == -1)
323 		options->kerberos_tgt_passing = 0;
324 #endif
325 #ifdef AFS
326 	if (options->afs_token_passing == -1)
327 		options->afs_token_passing = 0;
328 #endif
329 	if (options->password_authentication == -1)
330 		options->password_authentication = 1;
331 	if (options->kbd_interactive_authentication == -1)
332 		options->kbd_interactive_authentication = 0;
333 	if (options->challenge_response_authentication == -1)
334 		options->challenge_response_authentication = 1;
335 	if (options->permit_empty_passwd == -1)
336 		options->permit_empty_passwd = 0;
337 	if (options->permit_user_env == -1)
338 		options->permit_user_env = 0;
339 	if (options->use_login == -1)
340 		options->use_login = 0;
341 	if (options->compression == -1)
342 		options->compression = 1;
343 	if (options->allow_tcp_forwarding == -1)
344 		options->allow_tcp_forwarding = 1;
345 	if (options->gateway_ports == -1)
346 		options->gateway_ports = 0;
347 	if (options->max_startups == -1)
348 		options->max_startups = 10;
349 	if (options->max_startups_rate == -1)
350 		options->max_startups_rate = 100;		/* 100% */
351 	if (options->max_startups_begin == -1)
352 		options->max_startups_begin = options->max_startups;
353 	if (options->verify_reverse_mapping == -1)
354 		options->verify_reverse_mapping = 0;
355 	if (options->client_alive_interval == -1)
356 		options->client_alive_interval = 0;
357 	if (options->client_alive_count_max == -1)
358 		options->client_alive_count_max = 3;
359 	if (options->authorized_keys_file2 == NULL) {
360 		/* authorized_keys_file2 falls back to authorized_keys_file */
361 		if (options->authorized_keys_file != NULL)
362 			options->authorized_keys_file2 = options->authorized_keys_file;
363 		else
364 			options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
365 	}
366 	if (options->authorized_keys_file == NULL)
367 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
368 
369 	if (options->max_auth_tries == -1)
370 		options->max_auth_tries = AUTH_FAIL_MAX;
371 	if (options->max_auth_tries_log == -1)
372 		options->max_auth_tries_log = options->max_auth_tries / 2;
373 
374 	if (options->max_init_auth_tries == -1)
375 		options->max_init_auth_tries = AUTH_FAIL_MAX;
376 	if (options->max_init_auth_tries_log == -1)
377 		options->max_init_auth_tries_log = options->max_init_auth_tries / 2;
378 
379 	if (options->lookup_client_hostnames == -1)
380 		options->lookup_client_hostnames = 1;
381 	if (options->use_openssl_engine == -1)
382 		options->use_openssl_engine = 1;
383 }
384 
385 /* Keyword tokens. */
386 typedef enum {
387 	sBadOption,		/* == unknown option */
388 	/* Portable-specific options */
389 	sPAMAuthenticationViaKbdInt,
390 	/* Standard Options */
391 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
392 	sPermitRootLogin, sLogFacility, sLogLevel,
393 	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
394 #ifdef GSSAPI
395 	sGssAuthentication, sGssKeyEx, sGssStoreDelegCreds,
396 	sGssUseSessionCredCache, sGssCleanupCreds,
397 #endif /* GSSAPI */
398 #if defined(KRB4) || defined(KRB5)
399 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
400 #endif
401 #if defined(AFS) || defined(KRB5)
402 	sKerberosTgtPassing,
403 #endif
404 #ifdef AFS
405 	sAFSTokenPassing,
406 #endif
407 	sChallengeResponseAuthentication,
408 	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
409 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
410 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
411 	sStrictModes, sEmptyPasswd, sKeepAlives,
412 	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
413 	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
414 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
415 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
416 	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
417 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
418 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
419 	sMaxAuthTries, sMaxAuthTriesLog, sUsePrivilegeSeparation,
420 	sLookupClientHostnames, sUseOpenSSLEngine, sChrootDirectory,
421 	sDeprecated
422 } ServerOpCodes;
423 
424 /* Textual representation of the tokens. */
425 static struct {
426 	const char *name;
427 	ServerOpCodes opcode;
428 } keywords[] = {
429 	/* Portable-specific options */
430 	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
431 	/* Standard Options */
432 	{ "port", sPort },
433 	{ "hostkey", sHostKeyFile },
434 	{ "hostdsakey", sHostKeyFile },					/* alias */
435 	{ "pidfile", sPidFile },
436 	{ "serverkeybits", sServerKeyBits },
437 	{ "logingracetime", sLoginGraceTime },
438 	{ "keyregenerationinterval", sKeyRegenerationTime },
439 	{ "permitrootlogin", sPermitRootLogin },
440 	{ "syslogfacility", sLogFacility },
441 	{ "loglevel", sLogLevel },
442 	{ "rhostsauthentication", sRhostsAuthentication },
443 	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
444 	{ "hostbasedauthentication", sHostbasedAuthentication },
445 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
446 	{ "rsaauthentication", sRSAAuthentication },
447 	{ "pubkeyauthentication", sPubkeyAuthentication },
448 	{ "dsaauthentication", sPubkeyAuthentication },			/* alias */
449 #ifdef GSSAPI
450 	{ "gssapiauthentication", sGssAuthentication },
451 	{ "gssapikeyexchange", sGssKeyEx },
452 	{ "gssapistoredelegatedcredentials", sGssStoreDelegCreds },
453 	{ "gssauthentication", sGssAuthentication },			/* alias */
454 	{ "gsskeyex", sGssKeyEx },					/* alias */
455 	{ "gssstoredelegcreds", sGssStoreDelegCreds },			/* alias */
456 #ifndef SUNW_GSSAPI
457 	{ "gssusesessionccache", sGssUseSessionCredCache },
458 	{ "gssusesessioncredcache", sGssUseSessionCredCache },
459 	{ "gsscleanupcreds", sGssCleanupCreds },
460 #endif /* SUNW_GSSAPI */
461 #endif
462 #if defined(KRB4) || defined(KRB5)
463 	{ "kerberosauthentication", sKerberosAuthentication },
464 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
465 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
466 #endif
467 #if defined(AFS) || defined(KRB5)
468 	{ "kerberostgtpassing", sKerberosTgtPassing },
469 #endif
470 #ifdef AFS
471 	{ "afstokenpassing", sAFSTokenPassing },
472 #endif
473 	{ "passwordauthentication", sPasswordAuthentication },
474 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
475 	{ "challengeresponseauthentication", sChallengeResponseAuthentication },
476 	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
477 	{ "checkmail", sDeprecated },
478 	{ "listenaddress", sListenAddress },
479 	{ "printmotd", sPrintMotd },
480 	{ "printlastlog", sPrintLastLog },
481 	{ "ignorerhosts", sIgnoreRhosts },
482 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
483 	{ "x11forwarding", sX11Forwarding },
484 	{ "x11displayoffset", sX11DisplayOffset },
485 	{ "x11uselocalhost", sX11UseLocalhost },
486 	{ "xauthlocation", sXAuthLocation },
487 	{ "strictmodes", sStrictModes },
488 	{ "permitemptypasswords", sEmptyPasswd },
489 	{ "permituserenvironment", sPermitUserEnvironment },
490 	{ "uselogin", sUseLogin },
491 	{ "compression", sCompression },
492 	{ "keepalive", sKeepAlives },
493 	{ "allowtcpforwarding", sAllowTcpForwarding },
494 	{ "allowusers", sAllowUsers },
495 	{ "denyusers", sDenyUsers },
496 	{ "allowgroups", sAllowGroups },
497 	{ "denygroups", sDenyGroups },
498 	{ "ciphers", sCiphers },
499 	{ "macs", sMacs },
500 	{ "protocol", sProtocol },
501 	{ "gatewayports", sGatewayPorts },
502 	{ "subsystem", sSubsystem },
503 	{ "maxstartups", sMaxStartups },
504 	{ "banner", sBanner },
505 	{ "verifyreversemapping", sVerifyReverseMapping },
506 	{ "reversemappingcheck", sVerifyReverseMapping },
507 	{ "clientaliveinterval", sClientAliveInterval },
508 	{ "clientalivecountmax", sClientAliveCountMax },
509 	{ "authorizedkeysfile", sAuthorizedKeysFile },
510 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
511 	{ "maxauthtries", sMaxAuthTries },
512 	{ "maxauthtrieslog", sMaxAuthTriesLog },
513 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
514 	{ "lookupclienthostnames", sLookupClientHostnames},
515 	{ "useopensslengine", sUseOpenSSLEngine},
516 	{ "chrootdirectory", sChrootDirectory},
517 	{ NULL, sBadOption }
518 };
519 
520 /*
521  * Returns the number of the token pointed to by cp or sBadOption.
522  */
523 
524 static ServerOpCodes
525 parse_token(const char *cp, const char *filename,
526 	    int linenum)
527 {
528 	u_int i;
529 
530 	for (i = 0; keywords[i].name; i++)
531 		if (strcasecmp(cp, keywords[i].name) == 0)
532 			return keywords[i].opcode;
533 
534 	error("%s: line %d: Bad configuration option: %s",
535 	    filename, linenum, cp);
536 	return sBadOption;
537 }
538 
539 static void
540 add_listen_addr(ServerOptions *options, char *addr, u_short port)
541 {
542 	int i;
543 
544 	if (options->num_ports == 0)
545 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
546 	if (port == 0)
547 		for (i = 0; i < options->num_ports; i++)
548 			add_one_listen_addr(options, addr, options->ports[i]);
549 	else
550 		add_one_listen_addr(options, addr, port);
551 }
552 
553 static void
554 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
555 {
556 	struct addrinfo hints, *ai, *aitop;
557 	char strport[NI_MAXSERV];
558 	int gaierr;
559 
560 	(void) memset(&hints, 0, sizeof(hints));
561 	hints.ai_family = IPv4or6;
562 	hints.ai_socktype = SOCK_STREAM;
563 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
564 	(void) snprintf(strport, sizeof strport, "%u", port);
565 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
566 		fatal("bad addr or host: %s (%s)",
567 		    addr ? addr : "<NULL>",
568 		    gai_strerror(gaierr));
569 	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
570 		;
571 	ai->ai_next = options->listen_addrs;
572 	options->listen_addrs = aitop;
573 }
574 
575 int
576 process_server_config_line(ServerOptions *options, char *line,
577     const char *filename, int linenum)
578 {
579 	char *cp, **charptr, *arg, *p;
580 	int *intptr, value, i, n;
581 	ServerOpCodes opcode;
582 	size_t len;
583 
584 	cp = line;
585 	arg = strdelim(&cp);
586 	/* Ignore leading whitespace */
587 	if (*arg == '\0')
588 		arg = strdelim(&cp);
589 	if (!arg || !*arg || *arg == '#')
590 		return 0;
591 	intptr = NULL;
592 	charptr = NULL;
593 	opcode = parse_token(arg, filename, linenum);
594 	switch (opcode) {
595 	/* Portable-specific options */
596 	case sPAMAuthenticationViaKbdInt:
597 		intptr = &options->pam_authentication_via_kbd_int;
598 		goto parse_flag;
599 
600 	/* Standard Options */
601 	case sBadOption:
602 		return -1;
603 	case sPort:
604 		/* ignore ports from configfile if cmdline specifies ports */
605 		if (options->ports_from_cmdline)
606 			return 0;
607 		if (options->listen_addrs != NULL)
608 			fatal("%s line %d: ports must be specified before "
609 			    "ListenAddress.", filename, linenum);
610 		if (options->num_ports >= MAX_PORTS)
611 			fatal("%s line %d: too many ports.",
612 			    filename, linenum);
613 		arg = strdelim(&cp);
614 		if (!arg || *arg == '\0')
615 			fatal("%s line %d: missing port number.",
616 			    filename, linenum);
617 		options->ports[options->num_ports++] = a2port(arg);
618 		if (options->ports[options->num_ports-1] == 0)
619 			fatal("%s line %d: Badly formatted port number.",
620 			    filename, linenum);
621 		break;
622 
623 	case sServerKeyBits:
624 		intptr = &options->server_key_bits;
625 parse_int:
626 		arg = strdelim(&cp);
627 		if (!arg || *arg == '\0')
628 			fatal("%s line %d: missing integer value.",
629 			    filename, linenum);
630 		value = atoi(arg);
631 		if (*intptr == -1)
632 			*intptr = value;
633 		break;
634 
635 	case sLoginGraceTime:
636 		intptr = &options->login_grace_time;
637 parse_time:
638 		arg = strdelim(&cp);
639 		if (!arg || *arg == '\0')
640 			fatal("%s line %d: missing time value.",
641 			    filename, linenum);
642 		if ((value = convtime(arg)) == -1)
643 			fatal("%s line %d: invalid time value.",
644 			    filename, linenum);
645 		if (*intptr == -1)
646 			*intptr = value;
647 		break;
648 
649 	case sKeyRegenerationTime:
650 		intptr = &options->key_regeneration_time;
651 		goto parse_time;
652 
653 	case sListenAddress:
654 		arg = strdelim(&cp);
655 		if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
656 			fatal("%s line %d: missing inet addr.",
657 			    filename, linenum);
658 		if (*arg == '[') {
659 			if ((p = strchr(arg, ']')) == NULL)
660 				fatal("%s line %d: bad ipv6 inet addr usage.",
661 				    filename, linenum);
662 			arg++;
663 			(void) memmove(p, p+1, strlen(p+1)+1);
664 		} else if (((p = strchr(arg, ':')) == NULL) ||
665 			    (strchr(p+1, ':') != NULL)) {
666 			add_listen_addr(options, arg, 0);
667 			break;
668 		}
669 		if (*p == ':') {
670 			u_short port;
671 
672 			p++;
673 			if (*p == '\0')
674 				fatal("%s line %d: bad inet addr:port usage.",
675 				    filename, linenum);
676 			else {
677 				*(p-1) = '\0';
678 				if ((port = a2port(p)) == 0)
679 					fatal("%s line %d: bad port number.",
680 					    filename, linenum);
681 				add_listen_addr(options, arg, port);
682 			}
683 		} else if (*p == '\0')
684 			add_listen_addr(options, arg, 0);
685 		else
686 			fatal("%s line %d: bad inet addr usage.",
687 			    filename, linenum);
688 		break;
689 
690 	case sHostKeyFile:
691 		intptr = &options->num_host_key_files;
692 		if (*intptr >= MAX_HOSTKEYS)
693 			fatal("%s line %d: too many host keys specified (max %d).",
694 			    filename, linenum, MAX_HOSTKEYS);
695 		charptr = &options->host_key_files[*intptr];
696 parse_filename:
697 		arg = strdelim(&cp);
698 		if (!arg || *arg == '\0')
699 			fatal("%s line %d: missing file name.",
700 			    filename, linenum);
701 		if (*charptr == NULL) {
702 			*charptr = tilde_expand_filename(arg, getuid());
703 			/* increase optional counter */
704 			if (intptr != NULL)
705 				*intptr = *intptr + 1;
706 		}
707 		break;
708 
709 	case sPidFile:
710 		charptr = &options->pid_file;
711 		goto parse_filename;
712 
713 	case sPermitRootLogin:
714 		intptr = &options->permit_root_login;
715 		arg = strdelim(&cp);
716 		if (!arg || *arg == '\0')
717 			fatal("%s line %d: missing yes/"
718 			    "without-password/forced-commands-only/no "
719 			    "argument.", filename, linenum);
720 		value = 0;	/* silence compiler */
721 		if (strcmp(arg, "without-password") == 0)
722 			value = PERMIT_NO_PASSWD;
723 		else if (strcmp(arg, "forced-commands-only") == 0)
724 			value = PERMIT_FORCED_ONLY;
725 		else if (strcmp(arg, "yes") == 0)
726 			value = PERMIT_YES;
727 		else if (strcmp(arg, "no") == 0)
728 			value = PERMIT_NO;
729 		else
730 			fatal("%s line %d: Bad yes/"
731 			    "without-password/forced-commands-only/no "
732 			    "argument: %s", filename, linenum, arg);
733 		if (*intptr == -1)
734 			*intptr = value;
735 		break;
736 
737 	case sIgnoreRhosts:
738 		intptr = &options->ignore_rhosts;
739 parse_flag:
740 		arg = strdelim(&cp);
741 		if (!arg || *arg == '\0')
742 			fatal("%s line %d: missing yes/no argument.",
743 			    filename, linenum);
744 		value = 0;	/* silence compiler */
745 		if (strcmp(arg, "yes") == 0)
746 			value = 1;
747 		else if (strcmp(arg, "no") == 0)
748 			value = 0;
749 		else
750 			fatal("%s line %d: Bad yes/no argument: %s",
751 				filename, linenum, arg);
752 		if (*intptr == -1)
753 			*intptr = value;
754 		break;
755 
756 	case sIgnoreUserKnownHosts:
757 		intptr = &options->ignore_user_known_hosts;
758 		goto parse_flag;
759 
760 	case sRhostsAuthentication:
761 		intptr = &options->rhosts_authentication;
762 		goto parse_flag;
763 
764 	case sRhostsRSAAuthentication:
765 		intptr = &options->rhosts_rsa_authentication;
766 		goto parse_flag;
767 
768 	case sHostbasedAuthentication:
769 		intptr = &options->hostbased_authentication;
770 		goto parse_flag;
771 
772 	case sHostbasedUsesNameFromPacketOnly:
773 		intptr = &options->hostbased_uses_name_from_packet_only;
774 		goto parse_flag;
775 
776 	case sRSAAuthentication:
777 		intptr = &options->rsa_authentication;
778 		goto parse_flag;
779 
780 	case sPubkeyAuthentication:
781 		intptr = &options->pubkey_authentication;
782 		goto parse_flag;
783 #ifdef GSSAPI
784 	case sGssAuthentication:
785 		intptr = &options->gss_authentication;
786 		goto parse_flag;
787 	case sGssKeyEx:
788 		intptr = &options->gss_keyex;
789 		goto parse_flag;
790 	case sGssStoreDelegCreds:
791 		intptr = &options->gss_keyex;
792 		goto parse_flag;
793 #ifndef SUNW_GSSAPI
794 	case sGssUseSessionCredCache:
795 		intptr = &options->gss_use_session_ccache;
796 		goto parse_flag;
797 	case sGssCleanupCreds:
798 		intptr = &options->gss_cleanup_creds;
799 		goto parse_flag;
800 #endif /* SUNW_GSSAPI */
801 #endif /* GSSAPI */
802 #if defined(KRB4) || defined(KRB5)
803 	case sKerberosAuthentication:
804 		intptr = &options->kerberos_authentication;
805 		goto parse_flag;
806 
807 	case sKerberosOrLocalPasswd:
808 		intptr = &options->kerberos_or_local_passwd;
809 		goto parse_flag;
810 
811 	case sKerberosTicketCleanup:
812 		intptr = &options->kerberos_ticket_cleanup;
813 		goto parse_flag;
814 #endif
815 #if defined(AFS) || defined(KRB5)
816 	case sKerberosTgtPassing:
817 		intptr = &options->kerberos_tgt_passing;
818 		goto parse_flag;
819 #endif
820 #ifdef AFS
821 	case sAFSTokenPassing:
822 		intptr = &options->afs_token_passing;
823 		goto parse_flag;
824 #endif
825 
826 	case sPasswordAuthentication:
827 		intptr = &options->password_authentication;
828 		goto parse_flag;
829 
830 	case sKbdInteractiveAuthentication:
831 		intptr = &options->kbd_interactive_authentication;
832 		goto parse_flag;
833 
834 	case sChallengeResponseAuthentication:
835 		intptr = &options->challenge_response_authentication;
836 		goto parse_flag;
837 
838 	case sPrintMotd:
839 		intptr = &options->print_motd;
840 		goto parse_flag;
841 
842 	case sPrintLastLog:
843 		intptr = &options->print_lastlog;
844 		goto parse_flag;
845 
846 	case sX11Forwarding:
847 		intptr = &options->x11_forwarding;
848 		goto parse_flag;
849 
850 	case sX11DisplayOffset:
851 		intptr = &options->x11_display_offset;
852 		goto parse_int;
853 
854 	case sX11UseLocalhost:
855 		intptr = &options->x11_use_localhost;
856 		goto parse_flag;
857 
858 	case sXAuthLocation:
859 		charptr = &options->xauth_location;
860 		goto parse_filename;
861 
862 	case sStrictModes:
863 		intptr = &options->strict_modes;
864 		goto parse_flag;
865 
866 	case sKeepAlives:
867 		intptr = &options->keepalives;
868 		goto parse_flag;
869 
870 	case sEmptyPasswd:
871 		intptr = &options->permit_empty_passwd;
872 		goto parse_flag;
873 
874 	case sPermitUserEnvironment:
875 		intptr = &options->permit_user_env;
876 		goto parse_flag;
877 
878 	case sUseLogin:
879 		intptr = &options->use_login;
880 		goto parse_flag;
881 
882 	case sCompression:
883 		intptr = &options->compression;
884 		goto parse_flag;
885 
886 	case sGatewayPorts:
887 		arg = strdelim(&cp);
888 		if (get_yes_no_flag(&options->gateway_ports, arg, filename,
889 		    linenum, 1) == 1)
890 			break;
891 
892 		if (strcmp(arg, "clientspecified") == 0)
893 			options->gateway_ports = 2;
894 		else
895 			fatal("%.200s line %d: Bad yes/no/clientspecified "
896 			    "argument.", filename, linenum);
897 		break;
898 
899 	case sVerifyReverseMapping:
900 		intptr = &options->verify_reverse_mapping;
901 		goto parse_flag;
902 
903 	case sLogFacility:
904 		intptr = (int *) &options->log_facility;
905 		arg = strdelim(&cp);
906 		value = log_facility_number(arg);
907 		if (value == SYSLOG_FACILITY_NOT_SET)
908 			fatal("%.200s line %d: unsupported log facility '%s'",
909 			    filename, linenum, arg ? arg : "<NONE>");
910 		if (*intptr == -1)
911 			*intptr = (SyslogFacility) value;
912 		break;
913 
914 	case sLogLevel:
915 		intptr = (int *) &options->log_level;
916 		arg = strdelim(&cp);
917 		value = log_level_number(arg);
918 		if (value == SYSLOG_LEVEL_NOT_SET)
919 			fatal("%.200s line %d: unsupported log level '%s'",
920 			    filename, linenum, arg ? arg : "<NONE>");
921 		if (*intptr == -1)
922 			*intptr = (LogLevel) value;
923 		break;
924 
925 	case sAllowTcpForwarding:
926 		intptr = &options->allow_tcp_forwarding;
927 		goto parse_flag;
928 
929 	case sUsePrivilegeSeparation:
930 		log("%s line %d: ignoring UsePrivilegeSeparation option value."
931 		    " This option is always on.", filename, linenum);
932 		while (arg)
933 		    arg = strdelim(&cp);
934 		break;
935 
936 	case sAllowUsers:
937 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
938 			if (options->num_allow_users >= MAX_ALLOW_USERS)
939 				fatal("%s line %d: too many allow users.",
940 				    filename, linenum);
941 			options->allow_users[options->num_allow_users++] =
942 			    xstrdup(arg);
943 		}
944 		break;
945 
946 	case sDenyUsers:
947 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
948 			if (options->num_deny_users >= MAX_DENY_USERS)
949 				fatal( "%s line %d: too many deny users.",
950 				    filename, linenum);
951 			options->deny_users[options->num_deny_users++] =
952 			    xstrdup(arg);
953 		}
954 		break;
955 
956 	case sAllowGroups:
957 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
958 			if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
959 				fatal("%s line %d: too many allow groups.",
960 				    filename, linenum);
961 			options->allow_groups[options->num_allow_groups++] =
962 			    xstrdup(arg);
963 		}
964 		break;
965 
966 	case sDenyGroups:
967 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
968 			if (options->num_deny_groups >= MAX_DENY_GROUPS)
969 				fatal("%s line %d: too many deny groups.",
970 				    filename, linenum);
971 			options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
972 		}
973 		break;
974 
975 	case sCiphers:
976 		arg = strdelim(&cp);
977 		if (!arg || *arg == '\0')
978 			fatal("%s line %d: Missing argument.", filename, linenum);
979 		if (!ciphers_valid(arg))
980 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
981 			    filename, linenum, arg ? arg : "<NONE>");
982 		if (options->ciphers == NULL)
983 			options->ciphers = xstrdup(arg);
984 		break;
985 
986 	case sMacs:
987 		arg = strdelim(&cp);
988 		if (!arg || *arg == '\0')
989 			fatal("%s line %d: Missing argument.", filename, linenum);
990 		if (!mac_valid(arg))
991 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
992 			    filename, linenum, arg ? arg : "<NONE>");
993 		if (options->macs == NULL)
994 			options->macs = xstrdup(arg);
995 		break;
996 
997 	case sProtocol:
998 		intptr = &options->protocol;
999 		arg = strdelim(&cp);
1000 		if (!arg || *arg == '\0')
1001 			fatal("%s line %d: Missing argument.", filename, linenum);
1002 		value = proto_spec(arg);
1003 		if (value == SSH_PROTO_UNKNOWN)
1004 			fatal("%s line %d: Bad protocol spec '%s'.",
1005 			    filename, linenum, arg ? arg : "<NONE>");
1006 		if (*intptr == SSH_PROTO_UNKNOWN)
1007 			*intptr = value;
1008 		break;
1009 
1010 	case sSubsystem:
1011 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1012 			fatal("%s line %d: too many subsystems defined.",
1013 			    filename, linenum);
1014 		}
1015 		arg = strdelim(&cp);
1016 		if (!arg || *arg == '\0')
1017 			fatal("%s line %d: Missing subsystem name.",
1018 			    filename, linenum);
1019 		for (i = 0; i < options->num_subsystems; i++)
1020 			if (strcmp(arg, options->subsystem_name[i]) == 0)
1021 				fatal("%s line %d: Subsystem '%s' already defined.",
1022 				    filename, linenum, arg);
1023 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1024 		arg = strdelim(&cp);
1025 		if (!arg || *arg == '\0')
1026 			fatal("%s line %d: Missing subsystem command.",
1027 			    filename, linenum);
1028 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1029 
1030 		/*
1031 		 * Collect arguments (separate to executable), including the
1032 		 * name of the executable, in a way that is easier to parse
1033 		 * later.
1034 		 */
1035 		p = xstrdup(arg);
1036 		len = strlen(p) + 1;
1037 		while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1038 			len += 1 + strlen(arg);
1039 			p = xrealloc(p, len);
1040 			strlcat(p, " ", len);
1041 			strlcat(p, arg, len);
1042 		}
1043 		options->subsystem_args[options->num_subsystems] = p;
1044 		options->num_subsystems++;
1045 		break;
1046 
1047 	case sMaxStartups:
1048 		arg = strdelim(&cp);
1049 		if (!arg || *arg == '\0')
1050 			fatal("%s line %d: Missing MaxStartups spec.",
1051 			    filename, linenum);
1052 		if ((n = sscanf(arg, "%d:%d:%d",
1053 		    &options->max_startups_begin,
1054 		    &options->max_startups_rate,
1055 		    &options->max_startups)) == 3) {
1056 			if (options->max_startups_begin >
1057 			    options->max_startups ||
1058 			    options->max_startups_rate > 100 ||
1059 			    options->max_startups_rate < 1)
1060 				fatal("%s line %d: Illegal MaxStartups spec.",
1061 				    filename, linenum);
1062 		} else if (n != 1)
1063 			fatal("%s line %d: Illegal MaxStartups spec.",
1064 			    filename, linenum);
1065 		else
1066 			options->max_startups = options->max_startups_begin;
1067 		break;
1068 
1069 	case sBanner:
1070 		charptr = &options->banner;
1071 		goto parse_filename;
1072 	/*
1073 	 * These options can contain %X options expanded at
1074 	 * connect time, so that you can specify paths like:
1075 	 *
1076 	 * AuthorizedKeysFile	/etc/ssh_keys/%u
1077 	 */
1078 	case sAuthorizedKeysFile:
1079 	case sAuthorizedKeysFile2:
1080 		charptr = (opcode == sAuthorizedKeysFile) ?
1081 		    &options->authorized_keys_file :
1082 		    &options->authorized_keys_file2;
1083 		goto parse_filename;
1084 
1085 	case sClientAliveInterval:
1086 		intptr = &options->client_alive_interval;
1087 		goto parse_time;
1088 
1089 	case sClientAliveCountMax:
1090 		intptr = &options->client_alive_count_max;
1091 		goto parse_int;
1092 
1093 	case sMaxAuthTries:
1094 		intptr = &options->max_auth_tries;
1095 		goto parse_int;
1096 
1097 	case sMaxAuthTriesLog:
1098 		intptr = &options->max_auth_tries_log;
1099 		goto parse_int;
1100 
1101 	case sLookupClientHostnames:
1102 		intptr = &options->lookup_client_hostnames;
1103 		goto parse_flag;
1104 
1105 	case sUseOpenSSLEngine:
1106 		intptr = &options->use_openssl_engine;
1107 		goto parse_flag;
1108 
1109 	case sChrootDirectory:
1110 		charptr = &options->chroot_directory;
1111 
1112 		arg = strdelim(&cp);
1113 		if (arg == NULL || *arg == '\0')
1114 			fatal("%s line %d: missing directory name for "
1115 			    "ChrootDirectory.", filename, linenum);
1116 		if (*charptr == NULL)
1117 			*charptr = xstrdup(arg);
1118 		break;
1119 
1120 	case sDeprecated:
1121 		log("%s line %d: Deprecated option %s",
1122 		    filename, linenum, arg);
1123 		while (arg)
1124 		    arg = strdelim(&cp);
1125 		break;
1126 
1127 	default:
1128 		fatal("%s line %d: Missing handler for opcode %s (%d)",
1129 		    filename, linenum, arg, opcode);
1130 	}
1131 	if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1132 		fatal("%s line %d: garbage at end of line; \"%.200s\".",
1133 		    filename, linenum, arg);
1134 	return 0;
1135 }
1136 
1137 /* Reads the server configuration file. */
1138 
1139 void
1140 read_server_config(ServerOptions *options, const char *filename)
1141 {
1142 	int linenum, bad_options = 0;
1143 	char line[1024];
1144 	FILE *f;
1145 
1146 	f = fopen(filename, "r");
1147 	if (!f) {
1148 		perror(filename);
1149 		exit(1);
1150 	}
1151 	linenum = 0;
1152 	while (fgets(line, sizeof(line), f)) {
1153 		/* Update line number counter. */
1154 		linenum++;
1155 		if (process_server_config_line(options, line, filename, linenum) != 0)
1156 			bad_options++;
1157 	}
1158 	(void) fclose(f);
1159 	if (bad_options > 0)
1160 		fatal("%s: terminating, %d bad configuration options",
1161 		    filename, bad_options);
1162 }
1163 
1164 /*
1165  * Note that "none" is a special path having the same affect on sshd
1166  * configuration as not specifying ChrootDirectory at all.
1167  */
1168 int
1169 chroot_requested(char *chroot_directory)
1170 {
1171 	return (chroot_directory != NULL &&
1172 	    strcasecmp(chroot_directory, "none") != 0);
1173 }
1174