xref: /titanic_50/usr/src/cmd/ssh/sshd/servconf.c (revision e7da395a007eee67416a7380ecc1fb2141ef39d1)
1 /*
2  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3  *                    All rights reserved
4  *
5  * As far as I am concerned, the code I have written for this software
6  * can be used freely for any purpose.  Any derived versions of this
7  * software must be clearly marked as such, and if the derived work is
8  * incompatible with the protocol description in the RFC file, it must be
9  * called by a name other than "ssh" or "Secure Shell".
10  */
11 /*
12  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
13  * Use is subject to license terms.
14  */
15 
16 #include "includes.h"
17 RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
18 
19 #ifdef HAVE_DEFOPEN
20 #include <deflt.h>
21 #endif /* HAVE_DEFOPEN */
22 
23 #if defined(KRB4)
24 #include <krb.h>
25 #endif
26 #if defined(KRB5)
27 #ifdef HEIMDAL
28 #include <krb.h>
29 #else
30 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
31  * keytab */
32 #define KEYFILE "/etc/krb5.keytab"
33 #endif
34 #endif
35 #ifdef AFS
36 #include <kafs.h>
37 #endif
38 
39 #include "ssh.h"
40 #include "log.h"
41 #include "servconf.h"
42 #include "xmalloc.h"
43 #include "compat.h"
44 #include "pathnames.h"
45 #include "tildexpand.h"
46 #include "misc.h"
47 #include "cipher.h"
48 #include "kex.h"
49 #include "mac.h"
50 #include "auth.h"
51 
52 static void add_listen_addr(ServerOptions *, char *, u_short);
53 static void add_one_listen_addr(ServerOptions *, char *, u_short);
54 
55 /* AF_UNSPEC or AF_INET or AF_INET6 */
56 extern int IPv4or6;
57 
58 /*
59  * Initializes the server options to their initial (unset) values. Some of those
60  * that stay unset after the command line options and configuration files are
61  * read are set to their default values in fill_default_server_options().
62  */
63 void
64 initialize_server_options(ServerOptions *options)
65 {
66 	(void) memset(options, 0, sizeof(*options));
67 
68 	/* Portable-specific options */
69 	options->pam_authentication_via_kbd_int = -1;
70 
71 	/* Standard Options */
72 	options->num_ports = 0;
73 	options->ports_from_cmdline = 0;
74 	options->listen_addrs = NULL;
75 	options->num_host_key_files = 0;
76 	options->pid_file = NULL;
77 	options->server_key_bits = -1;
78 	options->login_grace_time = -1;
79 	options->key_regeneration_time = -1;
80 	options->permit_root_login = PERMIT_NOT_SET;
81 	options->ignore_rhosts = -1;
82 	options->ignore_user_known_hosts = -1;
83 	options->print_motd = -1;
84 	options->print_lastlog = -1;
85 	options->x11_forwarding = -1;
86 	options->x11_display_offset = -1;
87 	options->x11_use_localhost = -1;
88 	options->xauth_location = NULL;
89 	options->strict_modes = -1;
90 	options->keepalives = -1;
91 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
92 	options->log_level = SYSLOG_LEVEL_NOT_SET;
93 	options->rhosts_authentication = -1;
94 	options->rhosts_rsa_authentication = -1;
95 	options->hostbased_authentication = -1;
96 	options->hostbased_uses_name_from_packet_only = -1;
97 	options->rsa_authentication = -1;
98 	options->pubkey_authentication = -1;
99 #ifdef GSSAPI
100 	options->gss_authentication = -1;
101 	options->gss_keyex = -1;
102 	options->gss_store_creds = -1;
103 	options->gss_use_session_ccache = -1;
104 	options->gss_cleanup_creds = -1;
105 #endif
106 #if defined(KRB4) || defined(KRB5)
107 	options->kerberos_authentication = -1;
108 	options->kerberos_or_local_passwd = -1;
109 	options->kerberos_ticket_cleanup = -1;
110 #endif
111 #if defined(AFS) || defined(KRB5)
112 	options->kerberos_tgt_passing = -1;
113 #endif
114 #ifdef AFS
115 	options->afs_token_passing = -1;
116 #endif
117 	options->password_authentication = -1;
118 	options->kbd_interactive_authentication = -1;
119 	options->challenge_response_authentication = -1;
120 	options->permit_empty_passwd = -1;
121 	options->permit_user_env = -1;
122 	options->compression = -1;
123 	options->allow_tcp_forwarding = -1;
124 	options->num_allow_users = 0;
125 	options->num_deny_users = 0;
126 	options->num_allow_groups = 0;
127 	options->num_deny_groups = 0;
128 	options->ciphers = NULL;
129 	options->macs = NULL;
130 	options->protocol = SSH_PROTO_UNKNOWN;
131 	options->gateway_ports = -1;
132 	options->num_subsystems = 0;
133 	options->max_startups_begin = -1;
134 	options->max_startups_rate = -1;
135 	options->max_startups = -1;
136 	options->banner = NULL;
137 	options->verify_reverse_mapping = -1;
138 	options->client_alive_interval = -1;
139 	options->client_alive_count_max = -1;
140 	options->authorized_keys_file = NULL;
141 	options->authorized_keys_file2 = NULL;
142 
143 	options->max_auth_tries = -1;
144 	options->max_auth_tries_log = -1;
145 
146 	options->max_init_auth_tries = -1;
147 	options->max_init_auth_tries_log = -1;
148 
149 	options->lookup_client_hostnames = -1;
150 	options->use_openssl_engine = -1;
151 	options->chroot_directory = NULL;
152 }
153 
154 #ifdef HAVE_DEFOPEN
155 /*
156  * Reads /etc/default/login and defaults several ServerOptions:
157  *
158  * PermitRootLogin
159  * PermitEmptyPasswords
160  * LoginGraceTime
161  *
162  * CONSOLE=*      -> PermitRootLogin=without-password
163  * #CONSOLE=*     -> PermitRootLogin=yes
164  *
165  * PASSREQ=YES    -> PermitEmptyPasswords=no
166  * PASSREQ=NO     -> PermitEmptyPasswords=yes
167  * #PASSREQ=*     -> PermitEmptyPasswords=no
168  *
169  * TIMEOUT=<secs> -> LoginGraceTime=<secs>
170  * #TIMEOUT=<secs> -> LoginGraceTime=300
171  */
172 static
173 void
174 deflt_fill_default_server_options(ServerOptions *options)
175 {
176 	int	flags;
177 	char	*ptr;
178 
179 	if (defopen(_PATH_DEFAULT_LOGIN))
180 		return;
181 
182 	/* Ignore case */
183 	flags = defcntl(DC_GETFLAGS, 0);
184 	TURNOFF(flags, DC_CASE);
185 	(void) defcntl(DC_SETFLAGS, flags);
186 
187 	if (options->permit_root_login == PERMIT_NOT_SET &&
188 	    (ptr = defread("CONSOLE=")) != NULL)
189 		options->permit_root_login = PERMIT_NO_PASSWD;
190 
191 	if (options->permit_empty_passwd == -1 &&
192 	    (ptr = defread("PASSREQ=")) != NULL) {
193 		if (strcasecmp("YES", ptr) == 0)
194 			options->permit_empty_passwd = 0;
195 		else if (strcasecmp("NO", ptr) == 0)
196 			options->permit_empty_passwd = 1;
197 	}
198 
199 	if (options->max_init_auth_tries == -1 &&
200 	    (ptr = defread("RETRIES=")) != NULL) {
201 		options->max_init_auth_tries = atoi(ptr);
202 	}
203 
204 	if (options->max_init_auth_tries_log == -1 &&
205 	    (ptr = defread("SYSLOG_FAILED_LOGINS=")) != NULL) {
206 		options->max_init_auth_tries_log = atoi(ptr);
207 	}
208 
209 	if (options->login_grace_time == -1) {
210 		if ((ptr = defread("TIMEOUT=")) != NULL)
211 			options->login_grace_time = (unsigned)atoi(ptr);
212 		else
213 			options->login_grace_time = 300;
214 	}
215 
216 	(void) defopen((char *)NULL);
217 }
218 #endif /* HAVE_DEFOPEN */
219 
220 void
221 fill_default_server_options(ServerOptions *options)
222 {
223 
224 #ifdef HAVE_DEFOPEN
225 	deflt_fill_default_server_options(options);
226 #endif /* HAVE_DEFOPEN */
227 
228 	/* Portable-specific options */
229 	if (options->pam_authentication_via_kbd_int == -1)
230 		options->pam_authentication_via_kbd_int = 0;
231 
232 	/* Standard Options */
233 	if (options->protocol == SSH_PROTO_UNKNOWN)
234 		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
235 	if (options->num_host_key_files == 0) {
236 		/* fill default hostkeys for protocols */
237 		if (options->protocol & SSH_PROTO_1)
238 			options->host_key_files[options->num_host_key_files++] =
239 			    _PATH_HOST_KEY_FILE;
240 #ifndef GSSAPI
241 		/* With GSS keyex we can run v2 w/ no host keys */
242 		if (options->protocol & SSH_PROTO_2) {
243 			options->host_key_files[options->num_host_key_files++] =
244 			    _PATH_HOST_RSA_KEY_FILE;
245 			options->host_key_files[options->num_host_key_files++] =
246 			    _PATH_HOST_DSA_KEY_FILE;
247 		}
248 #endif /* GSSAPI */
249 	}
250 	if (options->num_ports == 0)
251 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
252 	if (options->listen_addrs == NULL)
253 		add_listen_addr(options, NULL, 0);
254 	if (options->pid_file == NULL)
255 		options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
256 	if (options->server_key_bits == -1)
257 		options->server_key_bits = 768;
258 	if (options->login_grace_time == -1)
259 		options->login_grace_time = 120;
260 	if (options->key_regeneration_time == -1)
261 		options->key_regeneration_time = 3600;
262 	if (options->permit_root_login == PERMIT_NOT_SET)
263 		options->permit_root_login = PERMIT_YES;
264 	if (options->ignore_rhosts == -1)
265 		options->ignore_rhosts = 1;
266 	if (options->ignore_user_known_hosts == -1)
267 		options->ignore_user_known_hosts = 0;
268 	if (options->print_motd == -1)
269 		options->print_motd = 1;
270 	if (options->print_lastlog == -1)
271 		options->print_lastlog = 1;
272 	if (options->x11_forwarding == -1)
273 		options->x11_forwarding = 1;
274 	if (options->x11_display_offset == -1)
275 		options->x11_display_offset = 10;
276 	if (options->x11_use_localhost == -1)
277 		options->x11_use_localhost = 1;
278 	if (options->xauth_location == NULL)
279 		options->xauth_location = _PATH_XAUTH;
280 	if (options->strict_modes == -1)
281 		options->strict_modes = 1;
282 	if (options->keepalives == -1)
283 		options->keepalives = 1;
284 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
285 		options->log_facility = SYSLOG_FACILITY_AUTH;
286 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
287 		options->log_level = SYSLOG_LEVEL_INFO;
288 	if (options->rhosts_authentication == -1)
289 		options->rhosts_authentication = 0;
290 	if (options->rhosts_rsa_authentication == -1)
291 		options->rhosts_rsa_authentication = 0;
292 	if (options->hostbased_authentication == -1)
293 		options->hostbased_authentication = 0;
294 	if (options->hostbased_uses_name_from_packet_only == -1)
295 		options->hostbased_uses_name_from_packet_only = 0;
296 	if (options->rsa_authentication == -1)
297 		options->rsa_authentication = 1;
298 	if (options->pubkey_authentication == -1)
299 		options->pubkey_authentication = 1;
300 #ifdef GSSAPI
301 	if (options->gss_authentication == -1)
302 		options->gss_authentication = 1;
303 	if (options->gss_keyex == -1)
304 		options->gss_keyex = 1;
305 	if (options->gss_store_creds == -1)
306 		options->gss_store_creds = 1;
307 	if (options->gss_use_session_ccache == -1)
308 		options->gss_use_session_ccache = 1;
309 	if (options->gss_cleanup_creds == -1)
310 		options->gss_cleanup_creds = 1;
311 #endif
312 #if defined(KRB4) || defined(KRB5)
313 	if (options->kerberos_authentication == -1)
314 		options->kerberos_authentication = 0;
315 	if (options->kerberos_or_local_passwd == -1)
316 		options->kerberos_or_local_passwd = 1;
317 	if (options->kerberos_ticket_cleanup == -1)
318 		options->kerberos_ticket_cleanup = 1;
319 #endif
320 #if defined(AFS) || defined(KRB5)
321 	if (options->kerberos_tgt_passing == -1)
322 		options->kerberos_tgt_passing = 0;
323 #endif
324 #ifdef AFS
325 	if (options->afs_token_passing == -1)
326 		options->afs_token_passing = 0;
327 #endif
328 	if (options->password_authentication == -1)
329 		options->password_authentication = 1;
330 	if (options->kbd_interactive_authentication == -1)
331 		options->kbd_interactive_authentication = 0;
332 	if (options->challenge_response_authentication == -1)
333 		options->challenge_response_authentication = 1;
334 	if (options->permit_empty_passwd == -1)
335 		options->permit_empty_passwd = 0;
336 	if (options->permit_user_env == -1)
337 		options->permit_user_env = 0;
338 	if (options->compression == -1)
339 		options->compression = 1;
340 	if (options->allow_tcp_forwarding == -1)
341 		options->allow_tcp_forwarding = 1;
342 	if (options->gateway_ports == -1)
343 		options->gateway_ports = 0;
344 	if (options->max_startups == -1)
345 		options->max_startups = 10;
346 	if (options->max_startups_rate == -1)
347 		options->max_startups_rate = 100;		/* 100% */
348 	if (options->max_startups_begin == -1)
349 		options->max_startups_begin = options->max_startups;
350 	if (options->verify_reverse_mapping == -1)
351 		options->verify_reverse_mapping = 0;
352 	if (options->client_alive_interval == -1)
353 		options->client_alive_interval = 0;
354 	if (options->client_alive_count_max == -1)
355 		options->client_alive_count_max = 3;
356 	if (options->authorized_keys_file2 == NULL) {
357 		/* authorized_keys_file2 falls back to authorized_keys_file */
358 		if (options->authorized_keys_file != NULL)
359 			options->authorized_keys_file2 = options->authorized_keys_file;
360 		else
361 			options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
362 	}
363 	if (options->authorized_keys_file == NULL)
364 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
365 
366 	if (options->max_auth_tries == -1)
367 		options->max_auth_tries = AUTH_FAIL_MAX;
368 	if (options->max_auth_tries_log == -1)
369 		options->max_auth_tries_log = options->max_auth_tries / 2;
370 
371 	if (options->max_init_auth_tries == -1)
372 		options->max_init_auth_tries = AUTH_FAIL_MAX;
373 	if (options->max_init_auth_tries_log == -1)
374 		options->max_init_auth_tries_log = options->max_init_auth_tries / 2;
375 
376 	if (options->lookup_client_hostnames == -1)
377 		options->lookup_client_hostnames = 1;
378 	if (options->use_openssl_engine == -1)
379 		options->use_openssl_engine = 1;
380 }
381 
382 /* Keyword tokens. */
383 typedef enum {
384 	sBadOption,		/* == unknown option */
385 	/* Portable-specific options */
386 	sPAMAuthenticationViaKbdInt,
387 	/* Standard Options */
388 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
389 	sPermitRootLogin, sLogFacility, sLogLevel,
390 	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
391 #ifdef GSSAPI
392 	sGssAuthentication, sGssKeyEx, sGssStoreDelegCreds,
393 	sGssUseSessionCredCache, sGssCleanupCreds,
394 #endif /* GSSAPI */
395 #if defined(KRB4) || defined(KRB5)
396 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
397 #endif
398 #if defined(AFS) || defined(KRB5)
399 	sKerberosTgtPassing,
400 #endif
401 #ifdef AFS
402 	sAFSTokenPassing,
403 #endif
404 	sChallengeResponseAuthentication,
405 	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
406 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
407 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
408 	sStrictModes, sEmptyPasswd, sKeepAlives,
409 	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
410 	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
411 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
412 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
413 	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
414 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
415 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
416 	sMaxAuthTries, sMaxAuthTriesLog, sUsePrivilegeSeparation,
417 	sLookupClientHostnames, sUseOpenSSLEngine, sChrootDirectory,
418 	sDeprecated
419 } ServerOpCodes;
420 
421 /* Textual representation of the tokens. */
422 static struct {
423 	const char *name;
424 	ServerOpCodes opcode;
425 } keywords[] = {
426 	/* Portable-specific options */
427 	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
428 	/* Standard Options */
429 	{ "port", sPort },
430 	{ "hostkey", sHostKeyFile },
431 	{ "hostdsakey", sHostKeyFile },					/* alias */
432 	{ "pidfile", sPidFile },
433 	{ "serverkeybits", sServerKeyBits },
434 	{ "logingracetime", sLoginGraceTime },
435 	{ "keyregenerationinterval", sKeyRegenerationTime },
436 	{ "permitrootlogin", sPermitRootLogin },
437 	{ "syslogfacility", sLogFacility },
438 	{ "loglevel", sLogLevel },
439 	{ "rhostsauthentication", sRhostsAuthentication },
440 	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
441 	{ "hostbasedauthentication", sHostbasedAuthentication },
442 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
443 	{ "rsaauthentication", sRSAAuthentication },
444 	{ "pubkeyauthentication", sPubkeyAuthentication },
445 	{ "dsaauthentication", sPubkeyAuthentication },			/* alias */
446 #ifdef GSSAPI
447 	{ "gssapiauthentication", sGssAuthentication },
448 	{ "gssapikeyexchange", sGssKeyEx },
449 	{ "gssapistoredelegatedcredentials", sGssStoreDelegCreds },
450 	{ "gssauthentication", sGssAuthentication },			/* alias */
451 	{ "gsskeyex", sGssKeyEx },					/* alias */
452 	{ "gssstoredelegcreds", sGssStoreDelegCreds },			/* alias */
453 #ifndef SUNW_GSSAPI
454 	{ "gssusesessionccache", sGssUseSessionCredCache },
455 	{ "gssusesessioncredcache", sGssUseSessionCredCache },
456 	{ "gsscleanupcreds", sGssCleanupCreds },
457 #endif /* SUNW_GSSAPI */
458 #endif
459 #if defined(KRB4) || defined(KRB5)
460 	{ "kerberosauthentication", sKerberosAuthentication },
461 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
462 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
463 #endif
464 #if defined(AFS) || defined(KRB5)
465 	{ "kerberostgtpassing", sKerberosTgtPassing },
466 #endif
467 #ifdef AFS
468 	{ "afstokenpassing", sAFSTokenPassing },
469 #endif
470 	{ "passwordauthentication", sPasswordAuthentication },
471 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
472 	{ "challengeresponseauthentication", sChallengeResponseAuthentication },
473 	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
474 	{ "checkmail", sDeprecated },
475 	{ "listenaddress", sListenAddress },
476 	{ "printmotd", sPrintMotd },
477 	{ "printlastlog", sPrintLastLog },
478 	{ "ignorerhosts", sIgnoreRhosts },
479 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
480 	{ "x11forwarding", sX11Forwarding },
481 	{ "x11displayoffset", sX11DisplayOffset },
482 	{ "x11uselocalhost", sX11UseLocalhost },
483 	{ "xauthlocation", sXAuthLocation },
484 	{ "strictmodes", sStrictModes },
485 	{ "permitemptypasswords", sEmptyPasswd },
486 	{ "permituserenvironment", sPermitUserEnvironment },
487 	{ "uselogin", sUseLogin },
488 	{ "compression", sCompression },
489 	{ "keepalive", sKeepAlives },
490 	{ "allowtcpforwarding", sAllowTcpForwarding },
491 	{ "allowusers", sAllowUsers },
492 	{ "denyusers", sDenyUsers },
493 	{ "allowgroups", sAllowGroups },
494 	{ "denygroups", sDenyGroups },
495 	{ "ciphers", sCiphers },
496 	{ "macs", sMacs },
497 	{ "protocol", sProtocol },
498 	{ "gatewayports", sGatewayPorts },
499 	{ "subsystem", sSubsystem },
500 	{ "maxstartups", sMaxStartups },
501 	{ "banner", sBanner },
502 	{ "verifyreversemapping", sVerifyReverseMapping },
503 	{ "reversemappingcheck", sVerifyReverseMapping },
504 	{ "clientaliveinterval", sClientAliveInterval },
505 	{ "clientalivecountmax", sClientAliveCountMax },
506 	{ "authorizedkeysfile", sAuthorizedKeysFile },
507 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
508 	{ "maxauthtries", sMaxAuthTries },
509 	{ "maxauthtrieslog", sMaxAuthTriesLog },
510 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
511 	{ "lookupclienthostnames", sLookupClientHostnames},
512 	{ "useopensslengine", sUseOpenSSLEngine},
513 	{ "chrootdirectory", sChrootDirectory},
514 	{ NULL, sBadOption }
515 };
516 
517 /*
518  * Returns the number of the token pointed to by cp or sBadOption.
519  */
520 
521 static ServerOpCodes
522 parse_token(const char *cp, const char *filename,
523 	    int linenum)
524 {
525 	u_int i;
526 
527 	for (i = 0; keywords[i].name; i++)
528 		if (strcasecmp(cp, keywords[i].name) == 0)
529 			return keywords[i].opcode;
530 
531 	error("%s: line %d: Bad configuration option: %s",
532 	    filename, linenum, cp);
533 	return sBadOption;
534 }
535 
536 static void
537 add_listen_addr(ServerOptions *options, char *addr, u_short port)
538 {
539 	int i;
540 
541 	if (options->num_ports == 0)
542 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
543 	if (port == 0)
544 		for (i = 0; i < options->num_ports; i++)
545 			add_one_listen_addr(options, addr, options->ports[i]);
546 	else
547 		add_one_listen_addr(options, addr, port);
548 }
549 
550 static void
551 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
552 {
553 	struct addrinfo hints, *ai, *aitop;
554 	char strport[NI_MAXSERV];
555 	int gaierr;
556 
557 	(void) memset(&hints, 0, sizeof(hints));
558 	hints.ai_family = IPv4or6;
559 	hints.ai_socktype = SOCK_STREAM;
560 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
561 	(void) snprintf(strport, sizeof strport, "%u", port);
562 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
563 		fatal("bad addr or host: %s (%s)",
564 		    addr ? addr : "<NULL>",
565 		    gai_strerror(gaierr));
566 	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
567 		;
568 	ai->ai_next = options->listen_addrs;
569 	options->listen_addrs = aitop;
570 }
571 
572 int
573 process_server_config_line(ServerOptions *options, char *line,
574     const char *filename, int linenum)
575 {
576 	char *cp, **charptr, *arg, *p;
577 	int *intptr, value, i, n;
578 	ServerOpCodes opcode;
579 	size_t len;
580 
581 	cp = line;
582 	arg = strdelim(&cp);
583 	/* Ignore leading whitespace */
584 	if (*arg == '\0')
585 		arg = strdelim(&cp);
586 	if (!arg || !*arg || *arg == '#')
587 		return 0;
588 	intptr = NULL;
589 	charptr = NULL;
590 	opcode = parse_token(arg, filename, linenum);
591 	switch (opcode) {
592 	/* Portable-specific options */
593 	case sPAMAuthenticationViaKbdInt:
594 		intptr = &options->pam_authentication_via_kbd_int;
595 		goto parse_flag;
596 
597 	/* Standard Options */
598 	case sBadOption:
599 		return -1;
600 	case sPort:
601 		/* ignore ports from configfile if cmdline specifies ports */
602 		if (options->ports_from_cmdline)
603 			return 0;
604 		if (options->listen_addrs != NULL)
605 			fatal("%s line %d: ports must be specified before "
606 			    "ListenAddress.", filename, linenum);
607 		if (options->num_ports >= MAX_PORTS)
608 			fatal("%s line %d: too many ports.",
609 			    filename, linenum);
610 		arg = strdelim(&cp);
611 		if (!arg || *arg == '\0')
612 			fatal("%s line %d: missing port number.",
613 			    filename, linenum);
614 		options->ports[options->num_ports++] = a2port(arg);
615 		if (options->ports[options->num_ports-1] == 0)
616 			fatal("%s line %d: Badly formatted port number.",
617 			    filename, linenum);
618 		break;
619 
620 	case sServerKeyBits:
621 		intptr = &options->server_key_bits;
622 parse_int:
623 		arg = strdelim(&cp);
624 		if (!arg || *arg == '\0')
625 			fatal("%s line %d: missing integer value.",
626 			    filename, linenum);
627 		value = atoi(arg);
628 		if (*intptr == -1)
629 			*intptr = value;
630 		break;
631 
632 	case sLoginGraceTime:
633 		intptr = &options->login_grace_time;
634 parse_time:
635 		arg = strdelim(&cp);
636 		if (!arg || *arg == '\0')
637 			fatal("%s line %d: missing time value.",
638 			    filename, linenum);
639 		if ((value = convtime(arg)) == -1)
640 			fatal("%s line %d: invalid time value.",
641 			    filename, linenum);
642 		if (*intptr == -1)
643 			*intptr = value;
644 		break;
645 
646 	case sKeyRegenerationTime:
647 		intptr = &options->key_regeneration_time;
648 		goto parse_time;
649 
650 	case sListenAddress:
651 		arg = strdelim(&cp);
652 		if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
653 			fatal("%s line %d: missing inet addr.",
654 			    filename, linenum);
655 		if (*arg == '[') {
656 			if ((p = strchr(arg, ']')) == NULL)
657 				fatal("%s line %d: bad ipv6 inet addr usage.",
658 				    filename, linenum);
659 			arg++;
660 			(void) memmove(p, p+1, strlen(p+1)+1);
661 		} else if (((p = strchr(arg, ':')) == NULL) ||
662 			    (strchr(p+1, ':') != NULL)) {
663 			add_listen_addr(options, arg, 0);
664 			break;
665 		}
666 		if (*p == ':') {
667 			u_short port;
668 
669 			p++;
670 			if (*p == '\0')
671 				fatal("%s line %d: bad inet addr:port usage.",
672 				    filename, linenum);
673 			else {
674 				*(p-1) = '\0';
675 				if ((port = a2port(p)) == 0)
676 					fatal("%s line %d: bad port number.",
677 					    filename, linenum);
678 				add_listen_addr(options, arg, port);
679 			}
680 		} else if (*p == '\0')
681 			add_listen_addr(options, arg, 0);
682 		else
683 			fatal("%s line %d: bad inet addr usage.",
684 			    filename, linenum);
685 		break;
686 
687 	case sHostKeyFile:
688 		intptr = &options->num_host_key_files;
689 		if (*intptr >= MAX_HOSTKEYS)
690 			fatal("%s line %d: too many host keys specified (max %d).",
691 			    filename, linenum, MAX_HOSTKEYS);
692 		charptr = &options->host_key_files[*intptr];
693 parse_filename:
694 		arg = strdelim(&cp);
695 		if (!arg || *arg == '\0')
696 			fatal("%s line %d: missing file name.",
697 			    filename, linenum);
698 		if (*charptr == NULL) {
699 			*charptr = tilde_expand_filename(arg, getuid());
700 			/* increase optional counter */
701 			if (intptr != NULL)
702 				*intptr = *intptr + 1;
703 		}
704 		break;
705 
706 	case sPidFile:
707 		charptr = &options->pid_file;
708 		goto parse_filename;
709 
710 	case sPermitRootLogin:
711 		intptr = &options->permit_root_login;
712 		arg = strdelim(&cp);
713 		if (!arg || *arg == '\0')
714 			fatal("%s line %d: missing yes/"
715 			    "without-password/forced-commands-only/no "
716 			    "argument.", filename, linenum);
717 		value = 0;	/* silence compiler */
718 		if (strcmp(arg, "without-password") == 0)
719 			value = PERMIT_NO_PASSWD;
720 		else if (strcmp(arg, "forced-commands-only") == 0)
721 			value = PERMIT_FORCED_ONLY;
722 		else if (strcmp(arg, "yes") == 0)
723 			value = PERMIT_YES;
724 		else if (strcmp(arg, "no") == 0)
725 			value = PERMIT_NO;
726 		else
727 			fatal("%s line %d: Bad yes/"
728 			    "without-password/forced-commands-only/no "
729 			    "argument: %s", filename, linenum, arg);
730 		if (*intptr == -1)
731 			*intptr = value;
732 		break;
733 
734 	case sIgnoreRhosts:
735 		intptr = &options->ignore_rhosts;
736 parse_flag:
737 		arg = strdelim(&cp);
738 		if (!arg || *arg == '\0')
739 			fatal("%s line %d: missing yes/no argument.",
740 			    filename, linenum);
741 		value = 0;	/* silence compiler */
742 		if (strcmp(arg, "yes") == 0)
743 			value = 1;
744 		else if (strcmp(arg, "no") == 0)
745 			value = 0;
746 		else
747 			fatal("%s line %d: Bad yes/no argument: %s",
748 				filename, linenum, arg);
749 		if (*intptr == -1)
750 			*intptr = value;
751 		break;
752 
753 	case sIgnoreUserKnownHosts:
754 		intptr = &options->ignore_user_known_hosts;
755 		goto parse_flag;
756 
757 	case sRhostsAuthentication:
758 		intptr = &options->rhosts_authentication;
759 		goto parse_flag;
760 
761 	case sRhostsRSAAuthentication:
762 		intptr = &options->rhosts_rsa_authentication;
763 		goto parse_flag;
764 
765 	case sHostbasedAuthentication:
766 		intptr = &options->hostbased_authentication;
767 		goto parse_flag;
768 
769 	case sHostbasedUsesNameFromPacketOnly:
770 		intptr = &options->hostbased_uses_name_from_packet_only;
771 		goto parse_flag;
772 
773 	case sRSAAuthentication:
774 		intptr = &options->rsa_authentication;
775 		goto parse_flag;
776 
777 	case sPubkeyAuthentication:
778 		intptr = &options->pubkey_authentication;
779 		goto parse_flag;
780 #ifdef GSSAPI
781 	case sGssAuthentication:
782 		intptr = &options->gss_authentication;
783 		goto parse_flag;
784 	case sGssKeyEx:
785 		intptr = &options->gss_keyex;
786 		goto parse_flag;
787 	case sGssStoreDelegCreds:
788 		intptr = &options->gss_keyex;
789 		goto parse_flag;
790 #ifndef SUNW_GSSAPI
791 	case sGssUseSessionCredCache:
792 		intptr = &options->gss_use_session_ccache;
793 		goto parse_flag;
794 	case sGssCleanupCreds:
795 		intptr = &options->gss_cleanup_creds;
796 		goto parse_flag;
797 #endif /* SUNW_GSSAPI */
798 #endif /* GSSAPI */
799 #if defined(KRB4) || defined(KRB5)
800 	case sKerberosAuthentication:
801 		intptr = &options->kerberos_authentication;
802 		goto parse_flag;
803 
804 	case sKerberosOrLocalPasswd:
805 		intptr = &options->kerberos_or_local_passwd;
806 		goto parse_flag;
807 
808 	case sKerberosTicketCleanup:
809 		intptr = &options->kerberos_ticket_cleanup;
810 		goto parse_flag;
811 #endif
812 #if defined(AFS) || defined(KRB5)
813 	case sKerberosTgtPassing:
814 		intptr = &options->kerberos_tgt_passing;
815 		goto parse_flag;
816 #endif
817 #ifdef AFS
818 	case sAFSTokenPassing:
819 		intptr = &options->afs_token_passing;
820 		goto parse_flag;
821 #endif
822 
823 	case sPasswordAuthentication:
824 		intptr = &options->password_authentication;
825 		goto parse_flag;
826 
827 	case sKbdInteractiveAuthentication:
828 		intptr = &options->kbd_interactive_authentication;
829 		goto parse_flag;
830 
831 	case sChallengeResponseAuthentication:
832 		intptr = &options->challenge_response_authentication;
833 		goto parse_flag;
834 
835 	case sPrintMotd:
836 		intptr = &options->print_motd;
837 		goto parse_flag;
838 
839 	case sPrintLastLog:
840 		intptr = &options->print_lastlog;
841 		goto parse_flag;
842 
843 	case sX11Forwarding:
844 		intptr = &options->x11_forwarding;
845 		goto parse_flag;
846 
847 	case sX11DisplayOffset:
848 		intptr = &options->x11_display_offset;
849 		goto parse_int;
850 
851 	case sX11UseLocalhost:
852 		intptr = &options->x11_use_localhost;
853 		goto parse_flag;
854 
855 	case sXAuthLocation:
856 		charptr = &options->xauth_location;
857 		goto parse_filename;
858 
859 	case sStrictModes:
860 		intptr = &options->strict_modes;
861 		goto parse_flag;
862 
863 	case sKeepAlives:
864 		intptr = &options->keepalives;
865 		goto parse_flag;
866 
867 	case sEmptyPasswd:
868 		intptr = &options->permit_empty_passwd;
869 		goto parse_flag;
870 
871 	case sPermitUserEnvironment:
872 		intptr = &options->permit_user_env;
873 		goto parse_flag;
874 
875 	case sUseLogin:
876 		log("%s line %d: ignoring UseLogin option value."
877 		    " This option is always off.", filename, linenum);
878 		while (arg)
879 			arg = strdelim(&cp);
880 		break;
881 
882 	case sCompression:
883 		intptr = &options->compression;
884 		goto parse_flag;
885 
886 	case sGatewayPorts:
887 		arg = strdelim(&cp);
888 		if (get_yes_no_flag(&options->gateway_ports, arg, filename,
889 		    linenum, 1) == 1)
890 			break;
891 
892 		if (strcmp(arg, "clientspecified") == 0)
893 			options->gateway_ports = 2;
894 		else
895 			fatal("%.200s line %d: Bad yes/no/clientspecified "
896 			    "argument.", filename, linenum);
897 		break;
898 
899 	case sVerifyReverseMapping:
900 		intptr = &options->verify_reverse_mapping;
901 		goto parse_flag;
902 
903 	case sLogFacility:
904 		intptr = (int *) &options->log_facility;
905 		arg = strdelim(&cp);
906 		value = log_facility_number(arg);
907 		if (value == SYSLOG_FACILITY_NOT_SET)
908 			fatal("%.200s line %d: unsupported log facility '%s'",
909 			    filename, linenum, arg ? arg : "<NONE>");
910 		if (*intptr == -1)
911 			*intptr = (SyslogFacility) value;
912 		break;
913 
914 	case sLogLevel:
915 		intptr = (int *) &options->log_level;
916 		arg = strdelim(&cp);
917 		value = log_level_number(arg);
918 		if (value == SYSLOG_LEVEL_NOT_SET)
919 			fatal("%.200s line %d: unsupported log level '%s'",
920 			    filename, linenum, arg ? arg : "<NONE>");
921 		if (*intptr == -1)
922 			*intptr = (LogLevel) value;
923 		break;
924 
925 	case sAllowTcpForwarding:
926 		intptr = &options->allow_tcp_forwarding;
927 		goto parse_flag;
928 
929 	case sUsePrivilegeSeparation:
930 		log("%s line %d: ignoring UsePrivilegeSeparation option value."
931 		    " This option is always on.", filename, linenum);
932 		while (arg)
933 			arg = strdelim(&cp);
934 		break;
935 
936 	case sAllowUsers:
937 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
938 			if (options->num_allow_users >= MAX_ALLOW_USERS)
939 				fatal("%s line %d: too many allow users.",
940 				    filename, linenum);
941 			options->allow_users[options->num_allow_users++] =
942 			    xstrdup(arg);
943 		}
944 		break;
945 
946 	case sDenyUsers:
947 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
948 			if (options->num_deny_users >= MAX_DENY_USERS)
949 				fatal( "%s line %d: too many deny users.",
950 				    filename, linenum);
951 			options->deny_users[options->num_deny_users++] =
952 			    xstrdup(arg);
953 		}
954 		break;
955 
956 	case sAllowGroups:
957 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
958 			if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
959 				fatal("%s line %d: too many allow groups.",
960 				    filename, linenum);
961 			options->allow_groups[options->num_allow_groups++] =
962 			    xstrdup(arg);
963 		}
964 		break;
965 
966 	case sDenyGroups:
967 		while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
968 			if (options->num_deny_groups >= MAX_DENY_GROUPS)
969 				fatal("%s line %d: too many deny groups.",
970 				    filename, linenum);
971 			options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
972 		}
973 		break;
974 
975 	case sCiphers:
976 		arg = strdelim(&cp);
977 		if (!arg || *arg == '\0')
978 			fatal("%s line %d: Missing argument.", filename, linenum);
979 		if (!ciphers_valid(arg))
980 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
981 			    filename, linenum, arg ? arg : "<NONE>");
982 		if (options->ciphers == NULL)
983 			options->ciphers = xstrdup(arg);
984 		break;
985 
986 	case sMacs:
987 		arg = strdelim(&cp);
988 		if (!arg || *arg == '\0')
989 			fatal("%s line %d: Missing argument.", filename, linenum);
990 		if (!mac_valid(arg))
991 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
992 			    filename, linenum, arg ? arg : "<NONE>");
993 		if (options->macs == NULL)
994 			options->macs = xstrdup(arg);
995 		break;
996 
997 	case sProtocol:
998 		intptr = &options->protocol;
999 		arg = strdelim(&cp);
1000 		if (!arg || *arg == '\0')
1001 			fatal("%s line %d: Missing argument.", filename, linenum);
1002 		value = proto_spec(arg);
1003 		if (value == SSH_PROTO_UNKNOWN)
1004 			fatal("%s line %d: Bad protocol spec '%s'.",
1005 			    filename, linenum, arg ? arg : "<NONE>");
1006 		if (*intptr == SSH_PROTO_UNKNOWN)
1007 			*intptr = value;
1008 		break;
1009 
1010 	case sSubsystem:
1011 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1012 			fatal("%s line %d: too many subsystems defined.",
1013 			    filename, linenum);
1014 		}
1015 		arg = strdelim(&cp);
1016 		if (!arg || *arg == '\0')
1017 			fatal("%s line %d: Missing subsystem name.",
1018 			    filename, linenum);
1019 		for (i = 0; i < options->num_subsystems; i++)
1020 			if (strcmp(arg, options->subsystem_name[i]) == 0)
1021 				fatal("%s line %d: Subsystem '%s' already defined.",
1022 				    filename, linenum, arg);
1023 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1024 		arg = strdelim(&cp);
1025 		if (!arg || *arg == '\0')
1026 			fatal("%s line %d: Missing subsystem command.",
1027 			    filename, linenum);
1028 		options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1029 
1030 		/*
1031 		 * Collect arguments (separate to executable), including the
1032 		 * name of the executable, in a way that is easier to parse
1033 		 * later.
1034 		 */
1035 		p = xstrdup(arg);
1036 		len = strlen(p) + 1;
1037 		while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1038 			len += 1 + strlen(arg);
1039 			p = xrealloc(p, len);
1040 			strlcat(p, " ", len);
1041 			strlcat(p, arg, len);
1042 		}
1043 		options->subsystem_args[options->num_subsystems] = p;
1044 		options->num_subsystems++;
1045 		break;
1046 
1047 	case sMaxStartups:
1048 		arg = strdelim(&cp);
1049 		if (!arg || *arg == '\0')
1050 			fatal("%s line %d: Missing MaxStartups spec.",
1051 			    filename, linenum);
1052 		if ((n = sscanf(arg, "%d:%d:%d",
1053 		    &options->max_startups_begin,
1054 		    &options->max_startups_rate,
1055 		    &options->max_startups)) == 3) {
1056 			if (options->max_startups_begin >
1057 			    options->max_startups ||
1058 			    options->max_startups_rate > 100 ||
1059 			    options->max_startups_rate < 1)
1060 				fatal("%s line %d: Illegal MaxStartups spec.",
1061 				    filename, linenum);
1062 		} else if (n != 1)
1063 			fatal("%s line %d: Illegal MaxStartups spec.",
1064 			    filename, linenum);
1065 		else
1066 			options->max_startups = options->max_startups_begin;
1067 		break;
1068 
1069 	case sBanner:
1070 		charptr = &options->banner;
1071 		goto parse_filename;
1072 	/*
1073 	 * These options can contain %X options expanded at
1074 	 * connect time, so that you can specify paths like:
1075 	 *
1076 	 * AuthorizedKeysFile	/etc/ssh_keys/%u
1077 	 */
1078 	case sAuthorizedKeysFile:
1079 	case sAuthorizedKeysFile2:
1080 		charptr = (opcode == sAuthorizedKeysFile) ?
1081 		    &options->authorized_keys_file :
1082 		    &options->authorized_keys_file2;
1083 		goto parse_filename;
1084 
1085 	case sClientAliveInterval:
1086 		intptr = &options->client_alive_interval;
1087 		goto parse_time;
1088 
1089 	case sClientAliveCountMax:
1090 		intptr = &options->client_alive_count_max;
1091 		goto parse_int;
1092 
1093 	case sMaxAuthTries:
1094 		intptr = &options->max_auth_tries;
1095 		goto parse_int;
1096 
1097 	case sMaxAuthTriesLog:
1098 		intptr = &options->max_auth_tries_log;
1099 		goto parse_int;
1100 
1101 	case sLookupClientHostnames:
1102 		intptr = &options->lookup_client_hostnames;
1103 		goto parse_flag;
1104 
1105 	case sUseOpenSSLEngine:
1106 		intptr = &options->use_openssl_engine;
1107 		goto parse_flag;
1108 
1109 	case sChrootDirectory:
1110 		charptr = &options->chroot_directory;
1111 
1112 		arg = strdelim(&cp);
1113 		if (arg == NULL || *arg == '\0')
1114 			fatal("%s line %d: missing directory name for "
1115 			    "ChrootDirectory.", filename, linenum);
1116 		if (*charptr == NULL)
1117 			*charptr = xstrdup(arg);
1118 		break;
1119 
1120 	case sDeprecated:
1121 		log("%s line %d: Deprecated option %s",
1122 		    filename, linenum, arg);
1123 		while (arg)
1124 		    arg = strdelim(&cp);
1125 		break;
1126 
1127 	default:
1128 		fatal("%s line %d: Missing handler for opcode %s (%d)",
1129 		    filename, linenum, arg, opcode);
1130 	}
1131 	if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1132 		fatal("%s line %d: garbage at end of line; \"%.200s\".",
1133 		    filename, linenum, arg);
1134 	return 0;
1135 }
1136 
1137 /* Reads the server configuration file. */
1138 
1139 void
1140 read_server_config(ServerOptions *options, const char *filename)
1141 {
1142 	int linenum, bad_options = 0;
1143 	char line[1024];
1144 	FILE *f;
1145 
1146 	f = fopen(filename, "r");
1147 	if (!f) {
1148 		perror(filename);
1149 		exit(1);
1150 	}
1151 	linenum = 0;
1152 	while (fgets(line, sizeof(line), f)) {
1153 		/* Update line number counter. */
1154 		linenum++;
1155 		if (process_server_config_line(options, line, filename, linenum) != 0)
1156 			bad_options++;
1157 	}
1158 	(void) fclose(f);
1159 	if (bad_options > 0)
1160 		fatal("%s: terminating, %d bad configuration options",
1161 		    filename, bad_options);
1162 }
1163 
1164 /*
1165  * Note that "none" is a special path having the same affect on sshd
1166  * configuration as not specifying ChrootDirectory at all.
1167  */
1168 int
1169 chroot_requested(char *chroot_directory)
1170 {
1171 	return (chroot_directory != NULL &&
1172 	    strcasecmp(chroot_directory, "none") != 0);
1173 }
1174