1 2 /* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo (at) cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include "includes.h" 15 16 #include <sys/types.h> 17 #include <sys/socket.h> 18 19 #include <netinet/in.h> 20 #include <netinet/in_systm.h> 21 #include <netinet/ip.h> 22 23 #include <ctype.h> 24 #include <netdb.h> 25 #include <pwd.h> 26 #include <stdio.h> 27 #include <stdlib.h> 28 #include <string.h> 29 #include <signal.h> 30 #include <unistd.h> 31 #include <limits.h> 32 #include <stdarg.h> 33 #include <errno.h> 34 #ifdef HAVE_UTIL_H 35 #include <util.h> 36 #endif 37 38 #include "openbsd-compat/sys-queue.h" 39 #include "xmalloc.h" 40 #include "ssh.h" 41 #include "log.h" 42 #include "buffer.h" 43 #include "misc.h" 44 #include "servconf.h" 45 #include "compat.h" 46 #include "pathnames.h" 47 #include "cipher.h" 48 #include "key.h" 49 #include "kex.h" 50 #include "mac.h" 51 #include "match.h" 52 #include "channels.h" 53 #include "groupaccess.h" 54 #include "canohost.h" 55 #include "packet.h" 56 #include "hostfile.h" 57 #include "auth.h" 58 #include "myproposal.h" 59 #include "digest.h" 60 61 #ifdef ANDROID 62 #include <cutils/properties.h> 63 #endif 64 65 static void add_listen_addr(ServerOptions *, char *, int); 66 static void add_one_listen_addr(ServerOptions *, char *, int); 67 68 /* Use of privilege separation or not */ 69 extern int use_privsep; 70 extern Buffer cfg; 71 72 /* Initializes the server options to their default values. */ 73 74 void 75 initialize_server_options(ServerOptions *options) 76 { 77 memset(options, 0, sizeof(*options)); 78 79 /* Portable-specific options */ 80 options->use_pam = -1; 81 82 /* Standard Options */ 83 options->num_ports = 0; 84 options->ports_from_cmdline = 0; 85 options->queued_listen_addrs = NULL; 86 options->num_queued_listens = 0; 87 options->listen_addrs = NULL; 88 options->address_family = -1; 89 options->num_host_key_files = 0; 90 options->num_host_cert_files = 0; 91 options->host_key_agent = NULL; 92 options->pid_file = NULL; 93 options->login_grace_time = -1; 94 options->permit_root_login = PERMIT_NOT_SET; 95 options->ignore_rhosts = -1; 96 options->ignore_user_known_hosts = -1; 97 options->print_motd = -1; 98 options->print_lastlog = -1; 99 options->x11_forwarding = -1; 100 options->x11_display_offset = -1; 101 options->x11_use_localhost = -1; 102 options->permit_tty = -1; 103 options->permit_user_rc = -1; 104 options->xauth_location = NULL; 105 options->strict_modes = -1; 106 options->tcp_keep_alive = -1; 107 options->log_facility = SYSLOG_FACILITY_NOT_SET; 108 options->log_level = SYSLOG_LEVEL_NOT_SET; 109 options->hostbased_authentication = -1; 110 options->hostbased_uses_name_from_packet_only = -1; 111 options->hostbased_key_types = NULL; 112 options->hostkeyalgorithms = NULL; 113 options->pubkey_authentication = -1; 114 options->pubkey_key_types = NULL; 115 options->kerberos_authentication = -1; 116 options->kerberos_or_local_passwd = -1; 117 options->kerberos_ticket_cleanup = -1; 118 options->kerberos_get_afs_token = -1; 119 options->gss_authentication=-1; 120 options->gss_cleanup_creds = -1; 121 options->gss_strict_acceptor = -1; 122 options->password_authentication = -1; 123 options->kbd_interactive_authentication = -1; 124 options->challenge_response_authentication = -1; 125 options->permit_empty_passwd = -1; 126 options->permit_user_env = -1; 127 options->compression = -1; 128 options->rekey_limit = -1; 129 options->rekey_interval = -1; 130 options->allow_tcp_forwarding = -1; 131 options->allow_streamlocal_forwarding = -1; 132 options->allow_agent_forwarding = -1; 133 options->num_allow_users = 0; 134 options->num_deny_users = 0; 135 options->num_allow_groups = 0; 136 options->num_deny_groups = 0; 137 options->ciphers = NULL; 138 options->macs = NULL; 139 options->kex_algorithms = NULL; 140 options->fwd_opts.gateway_ports = -1; 141 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 142 options->fwd_opts.streamlocal_bind_unlink = -1; 143 options->num_subsystems = 0; 144 options->max_startups_begin = -1; 145 options->max_startups_rate = -1; 146 options->max_startups = -1; 147 options->max_authtries = -1; 148 options->max_sessions = -1; 149 options->banner = NULL; 150 options->use_dns = -1; 151 options->client_alive_interval = -1; 152 options->client_alive_count_max = -1; 153 options->num_authkeys_files = 0; 154 options->num_accept_env = 0; 155 options->permit_tun = -1; 156 options->num_permitted_opens = -1; 157 options->adm_forced_command = NULL; 158 options->chroot_directory = NULL; 159 options->authorized_keys_command = NULL; 160 options->authorized_keys_command_user = NULL; 161 options->revoked_keys_file = NULL; 162 options->trusted_user_ca_keys = NULL; 163 options->authorized_principals_file = NULL; 164 options->authorized_principals_command = NULL; 165 options->authorized_principals_command_user = NULL; 166 options->ip_qos_interactive = -1; 167 options->ip_qos_bulk = -1; 168 options->version_addendum = NULL; 169 options->fingerprint_hash = -1; 170 options->disable_forwarding = -1; 171 } 172 173 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 174 static int 175 option_clear_or_none(const char *o) 176 { 177 return o == NULL || strcasecmp(o, "none") == 0; 178 } 179 180 static void 181 assemble_algorithms(ServerOptions *o) 182 { 183 if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || 184 kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || 185 kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || 186 kex_assemble_names(KEX_DEFAULT_PK_ALG, 187 &o->hostkeyalgorithms) != 0 || 188 kex_assemble_names(KEX_DEFAULT_PK_ALG, 189 &o->hostbased_key_types) != 0 || 190 kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) 191 fatal("kex_assemble_names failed"); 192 } 193 194 void 195 fill_default_server_options(ServerOptions *options) 196 { 197 int i; 198 199 /* Portable-specific options */ 200 if (options->use_pam == -1) 201 options->use_pam = 0; 202 203 /* Standard Options */ 204 if (options->num_host_key_files == 0) { 205 /* fill default hostkeys for protocols */ 206 options->host_key_files[options->num_host_key_files++] = 207 _PATH_HOST_RSA_KEY_FILE; 208 options->host_key_files[options->num_host_key_files++] = 209 _PATH_HOST_DSA_KEY_FILE; 210 #ifdef OPENSSL_HAS_ECC 211 options->host_key_files[options->num_host_key_files++] = 212 _PATH_HOST_ECDSA_KEY_FILE; 213 #endif 214 options->host_key_files[options->num_host_key_files++] = 215 _PATH_HOST_ED25519_KEY_FILE; 216 } 217 /* No certificates by default */ 218 if (options->num_ports == 0) 219 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 220 if (options->address_family == -1) 221 options->address_family = AF_UNSPEC; 222 if (options->listen_addrs == NULL) 223 add_listen_addr(options, NULL, 0); 224 if (options->pid_file == NULL) 225 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 226 if (options->login_grace_time == -1) 227 options->login_grace_time = 120; 228 if (options->permit_root_login == PERMIT_NOT_SET) 229 options->permit_root_login = PERMIT_NO_PASSWD; 230 if (options->ignore_rhosts == -1) 231 options->ignore_rhosts = 1; 232 if (options->ignore_user_known_hosts == -1) 233 options->ignore_user_known_hosts = 0; 234 if (options->print_motd == -1) 235 options->print_motd = 1; 236 if (options->print_lastlog == -1) 237 options->print_lastlog = 1; 238 if (options->x11_forwarding == -1) 239 options->x11_forwarding = 0; 240 if (options->x11_display_offset == -1) 241 options->x11_display_offset = 10; 242 if (options->x11_use_localhost == -1) 243 options->x11_use_localhost = 1; 244 if (options->xauth_location == NULL) 245 options->xauth_location = xstrdup(_PATH_XAUTH); 246 if (options->permit_tty == -1) 247 options->permit_tty = 1; 248 if (options->permit_user_rc == -1) 249 options->permit_user_rc = 1; 250 if (options->strict_modes == -1) 251 options->strict_modes = 1; 252 if (options->tcp_keep_alive == -1) 253 options->tcp_keep_alive = 1; 254 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 255 options->log_facility = SYSLOG_FACILITY_AUTH; 256 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 257 options->log_level = SYSLOG_LEVEL_INFO; 258 if (options->hostbased_authentication == -1) 259 options->hostbased_authentication = 0; 260 if (options->hostbased_uses_name_from_packet_only == -1) 261 options->hostbased_uses_name_from_packet_only = 0; 262 if (options->pubkey_authentication == -1) 263 options->pubkey_authentication = 1; 264 if (options->kerberos_authentication == -1) 265 options->kerberos_authentication = 0; 266 if (options->kerberos_or_local_passwd == -1) 267 options->kerberos_or_local_passwd = 1; 268 if (options->kerberos_ticket_cleanup == -1) 269 options->kerberos_ticket_cleanup = 1; 270 if (options->kerberos_get_afs_token == -1) 271 options->kerberos_get_afs_token = 0; 272 if (options->gss_authentication == -1) 273 options->gss_authentication = 0; 274 if (options->gss_cleanup_creds == -1) 275 options->gss_cleanup_creds = 1; 276 if (options->gss_strict_acceptor == -1) 277 options->gss_strict_acceptor = 1; 278 if (options->password_authentication == -1) 279 options->password_authentication = 1; 280 if (options->kbd_interactive_authentication == -1) 281 options->kbd_interactive_authentication = 0; 282 if (options->challenge_response_authentication == -1) 283 options->challenge_response_authentication = 1; 284 if (options->permit_empty_passwd == -1) 285 options->permit_empty_passwd = 0; 286 if (options->permit_user_env == -1) 287 options->permit_user_env = 0; 288 if (options->compression == -1) 289 options->compression = COMP_DELAYED; 290 if (options->rekey_limit == -1) 291 options->rekey_limit = 0; 292 if (options->rekey_interval == -1) 293 options->rekey_interval = 0; 294 if (options->allow_tcp_forwarding == -1) 295 options->allow_tcp_forwarding = FORWARD_ALLOW; 296 if (options->allow_streamlocal_forwarding == -1) 297 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 298 if (options->allow_agent_forwarding == -1) 299 options->allow_agent_forwarding = 1; 300 if (options->fwd_opts.gateway_ports == -1) 301 options->fwd_opts.gateway_ports = 0; 302 if (options->max_startups == -1) 303 options->max_startups = 100; 304 if (options->max_startups_rate == -1) 305 options->max_startups_rate = 30; /* 30% */ 306 if (options->max_startups_begin == -1) 307 options->max_startups_begin = 10; 308 if (options->max_authtries == -1) 309 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 310 if (options->max_sessions == -1) 311 options->max_sessions = DEFAULT_SESSIONS_MAX; 312 if (options->use_dns == -1) 313 options->use_dns = 0; 314 if (options->client_alive_interval == -1) 315 options->client_alive_interval = 0; 316 if (options->client_alive_count_max == -1) 317 options->client_alive_count_max = 3; 318 if (options->num_authkeys_files == 0) { 319 options->authorized_keys_files[options->num_authkeys_files++] = 320 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); 321 options->authorized_keys_files[options->num_authkeys_files++] = 322 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); 323 } 324 if (options->permit_tun == -1) 325 options->permit_tun = SSH_TUNMODE_NO; 326 if (options->ip_qos_interactive == -1) 327 options->ip_qos_interactive = IPTOS_LOWDELAY; 328 if (options->ip_qos_bulk == -1) 329 options->ip_qos_bulk = IPTOS_THROUGHPUT; 330 if (options->version_addendum == NULL) 331 options->version_addendum = xstrdup(""); 332 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 333 options->fwd_opts.streamlocal_bind_mask = 0177; 334 if (options->fwd_opts.streamlocal_bind_unlink == -1) 335 options->fwd_opts.streamlocal_bind_unlink = 0; 336 if (options->fingerprint_hash == -1) 337 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 338 if (options->disable_forwarding == -1) 339 options->disable_forwarding = 0; 340 341 assemble_algorithms(options); 342 343 /* Turn privilege separation and sandboxing on by default */ 344 if (use_privsep == -1) 345 use_privsep = PRIVSEP_ON; 346 347 #define CLEAR_ON_NONE(v) \ 348 do { \ 349 if (option_clear_or_none(v)) { \ 350 free(v); \ 351 v = NULL; \ 352 } \ 353 } while(0) 354 CLEAR_ON_NONE(options->pid_file); 355 CLEAR_ON_NONE(options->xauth_location); 356 CLEAR_ON_NONE(options->banner); 357 CLEAR_ON_NONE(options->trusted_user_ca_keys); 358 CLEAR_ON_NONE(options->revoked_keys_file); 359 CLEAR_ON_NONE(options->authorized_principals_file); 360 CLEAR_ON_NONE(options->adm_forced_command); 361 CLEAR_ON_NONE(options->chroot_directory); 362 for (i = 0; i < options->num_host_key_files; i++) 363 CLEAR_ON_NONE(options->host_key_files[i]); 364 for (i = 0; i < options->num_host_cert_files; i++) 365 CLEAR_ON_NONE(options->host_cert_files[i]); 366 #undef CLEAR_ON_NONE 367 368 /* Similar handling for AuthenticationMethods=any */ 369 if (options->num_auth_methods == 1 && 370 strcmp(options->auth_methods[0], "any") == 0) { 371 free(options->auth_methods[0]); 372 options->auth_methods[0] = NULL; 373 options->num_auth_methods = 0; 374 } 375 376 #ifndef HAVE_MMAP 377 if (use_privsep && options->compression == 1) { 378 error("This platform does not support both privilege " 379 "separation and compression"); 380 error("Compression disabled"); 381 options->compression = 0; 382 } 383 #endif 384 385 } 386 387 /* Keyword tokens. */ 388 typedef enum { 389 sBadOption, /* == unknown option */ 390 /* Portable-specific options */ 391 sUsePAM, 392 /* Standard Options */ 393 sPort, sHostKeyFile, sLoginGraceTime, 394 sPermitRootLogin, sLogFacility, sLogLevel, 395 sRhostsRSAAuthentication, sRSAAuthentication, 396 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 397 sKerberosGetAFSToken, 398 sKerberosTgtPassing, sChallengeResponseAuthentication, 399 sPasswordAuthentication, sKbdInteractiveAuthentication, 400 sListenAddress, sAddressFamily, 401 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 402 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 403 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 404 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 405 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 406 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, 407 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 408 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 409 sBanner, sUseDNS, sHostbasedAuthentication, 410 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, 411 sHostKeyAlgorithms, 412 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 413 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 414 sAcceptEnv, sPermitTunnel, 415 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 416 sUsePrivilegeSeparation, sAllowAgentForwarding, 417 sHostCertificate, 418 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 419 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 420 sKexAlgorithms, sIPQoS, sVersionAddendum, 421 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 422 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 423 sStreamLocalBindMask, sStreamLocalBindUnlink, 424 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 425 sDeprecated, sIgnore, sUnsupported 426 } ServerOpCodes; 427 428 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 429 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 430 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 431 432 /* Textual representation of the tokens. */ 433 static struct { 434 const char *name; 435 ServerOpCodes opcode; 436 u_int flags; 437 } keywords[] = { 438 /* Portable-specific options */ 439 #ifdef USE_PAM 440 { "usepam", sUsePAM, SSHCFG_GLOBAL }, 441 #else 442 { "usepam", sUnsupported, SSHCFG_GLOBAL }, 443 #endif 444 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, 445 /* Standard Options */ 446 { "port", sPort, SSHCFG_GLOBAL }, 447 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 448 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 449 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 450 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 451 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 452 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 453 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 454 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 455 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 456 { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 457 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 458 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 459 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 460 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 461 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 462 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 463 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 464 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 465 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 466 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 467 #ifdef KRB5 468 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 469 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 470 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 471 #ifdef USE_AFS 472 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 473 #else 474 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 475 #endif 476 #else 477 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 478 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 479 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 480 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 481 #endif 482 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 483 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 484 #ifdef GSSAPI 485 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 486 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 487 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 488 #else 489 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 490 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 491 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 492 #endif 493 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 494 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 495 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 496 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 497 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 498 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 499 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 500 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 501 #ifdef DISABLE_LASTLOG 502 { "printlastlog", sUnsupported, SSHCFG_GLOBAL }, 503 #else 504 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 505 #endif 506 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 507 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 508 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 509 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 510 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 511 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 512 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 513 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 514 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 515 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 516 { "compression", sCompression, SSHCFG_GLOBAL }, 517 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 518 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 519 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 520 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 521 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 522 { "allowusers", sAllowUsers, SSHCFG_ALL }, 523 { "denyusers", sDenyUsers, SSHCFG_ALL }, 524 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 525 { "denygroups", sDenyGroups, SSHCFG_ALL }, 526 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 527 { "macs", sMacs, SSHCFG_GLOBAL }, 528 { "protocol", sIgnore, SSHCFG_GLOBAL }, 529 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 530 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 531 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 532 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 533 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 534 { "banner", sBanner, SSHCFG_ALL }, 535 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 536 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 537 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 538 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 539 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 540 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 541 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 542 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, 543 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 544 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 545 { "permittty", sPermitTTY, SSHCFG_ALL }, 546 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 547 { "match", sMatch, SSHCFG_ALL }, 548 { "permitopen", sPermitOpen, SSHCFG_ALL }, 549 { "forcecommand", sForceCommand, SSHCFG_ALL }, 550 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 551 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 552 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 553 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 554 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 555 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 556 { "ipqos", sIPQoS, SSHCFG_ALL }, 557 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 558 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 559 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 560 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 561 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 562 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 563 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 564 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 565 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 566 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 567 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 568 { NULL, sBadOption, 0 } 569 }; 570 571 static struct { 572 int val; 573 char *text; 574 } tunmode_desc[] = { 575 { SSH_TUNMODE_NO, "no" }, 576 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 577 { SSH_TUNMODE_ETHERNET, "ethernet" }, 578 { SSH_TUNMODE_YES, "yes" }, 579 { -1, NULL } 580 }; 581 582 /* 583 * Returns the number of the token pointed to by cp or sBadOption. 584 */ 585 586 static ServerOpCodes 587 parse_token(const char *cp, const char *filename, 588 int linenum, u_int *flags) 589 { 590 u_int i; 591 592 for (i = 0; keywords[i].name; i++) 593 if (strcasecmp(cp, keywords[i].name) == 0) { 594 *flags = keywords[i].flags; 595 return keywords[i].opcode; 596 } 597 598 error("%s: line %d: Bad configuration option: %s", 599 filename, linenum, cp); 600 return sBadOption; 601 } 602 603 char * 604 derelativise_path(const char *path) 605 { 606 char *expanded, *ret, cwd[PATH_MAX]; 607 608 if (strcasecmp(path, "none") == 0) 609 return xstrdup("none"); 610 expanded = tilde_expand_filename(path, getuid()); 611 if (*expanded == '/') 612 return expanded; 613 if (getcwd(cwd, sizeof(cwd)) == NULL) 614 fatal("%s: getcwd: %s", __func__, strerror(errno)); 615 xasprintf(&ret, "%s/%s", cwd, expanded); 616 free(expanded); 617 return ret; 618 } 619 620 static void 621 add_listen_addr(ServerOptions *options, char *addr, int port) 622 { 623 u_int i; 624 625 if (port == 0) 626 for (i = 0; i < options->num_ports; i++) 627 add_one_listen_addr(options, addr, options->ports[i]); 628 else 629 add_one_listen_addr(options, addr, port); 630 } 631 632 static void 633 add_one_listen_addr(ServerOptions *options, char *addr, int port) 634 { 635 struct addrinfo hints, *ai, *aitop; 636 char strport[NI_MAXSERV]; 637 int gaierr; 638 639 memset(&hints, 0, sizeof(hints)); 640 hints.ai_family = options->address_family; 641 hints.ai_socktype = SOCK_STREAM; 642 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 643 snprintf(strport, sizeof strport, "%d", port); 644 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 645 fatal("bad addr or host: %s (%s)", 646 addr ? addr : "<NULL>", 647 ssh_gai_strerror(gaierr)); 648 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 649 ; 650 ai->ai_next = options->listen_addrs; 651 options->listen_addrs = aitop; 652 } 653 654 /* 655 * Queue a ListenAddress to be processed once we have all of the Ports 656 * and AddressFamily options. 657 */ 658 static void 659 queue_listen_addr(ServerOptions *options, char *addr, int port) 660 { 661 options->queued_listen_addrs = xreallocarray( 662 options->queued_listen_addrs, options->num_queued_listens + 1, 663 sizeof(addr)); 664 options->queued_listen_ports = xreallocarray( 665 options->queued_listen_ports, options->num_queued_listens + 1, 666 sizeof(port)); 667 options->queued_listen_addrs[options->num_queued_listens] = 668 xstrdup(addr); 669 options->queued_listen_ports[options->num_queued_listens] = port; 670 options->num_queued_listens++; 671 } 672 673 /* 674 * Process queued (text) ListenAddress entries. 675 */ 676 static void 677 process_queued_listen_addrs(ServerOptions *options) 678 { 679 u_int i; 680 681 if (options->num_ports == 0) 682 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 683 if (options->address_family == -1) 684 options->address_family = AF_UNSPEC; 685 686 for (i = 0; i < options->num_queued_listens; i++) { 687 add_listen_addr(options, options->queued_listen_addrs[i], 688 options->queued_listen_ports[i]); 689 free(options->queued_listen_addrs[i]); 690 options->queued_listen_addrs[i] = NULL; 691 } 692 free(options->queued_listen_addrs); 693 options->queued_listen_addrs = NULL; 694 free(options->queued_listen_ports); 695 options->queued_listen_ports = NULL; 696 options->num_queued_listens = 0; 697 } 698 699 struct connection_info * 700 get_connection_info(int populate, int use_dns) 701 { 702 struct ssh *ssh = active_state; /* XXX */ 703 static struct connection_info ci; 704 705 if (!populate) 706 return &ci; 707 ci.host = auth_get_canonical_hostname(ssh, use_dns); 708 ci.address = ssh_remote_ipaddr(ssh); 709 ci.laddress = ssh_local_ipaddr(ssh); 710 ci.lport = ssh_local_port(ssh); 711 return &ci; 712 } 713 714 /* 715 * The strategy for the Match blocks is that the config file is parsed twice. 716 * 717 * The first time is at startup. activep is initialized to 1 and the 718 * directives in the global context are processed and acted on. Hitting a 719 * Match directive unsets activep and the directives inside the block are 720 * checked for syntax only. 721 * 722 * The second time is after a connection has been established but before 723 * authentication. activep is initialized to 2 and global config directives 724 * are ignored since they have already been processed. If the criteria in a 725 * Match block is met, activep is set and the subsequent directives 726 * processed and actioned until EOF or another Match block unsets it. Any 727 * options set are copied into the main server config. 728 * 729 * Potential additions/improvements: 730 * - Add Match support for pre-kex directives, eg. Ciphers. 731 * 732 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 733 * Match Address 192.168.0.* 734 * Tag trusted 735 * Match Group wheel 736 * Tag trusted 737 * Match Tag trusted 738 * AllowTcpForwarding yes 739 * GatewayPorts clientspecified 740 * [...] 741 * 742 * - Add a PermittedChannelRequests directive 743 * Match Group shell 744 * PermittedChannelRequests session,forwarded-tcpip 745 */ 746 747 static int 748 match_cfg_line_group(const char *grps, int line, const char *user) 749 { 750 int result = 0; 751 struct passwd *pw; 752 753 if (user == NULL) 754 goto out; 755 756 if ((pw = getpwnam(user)) == NULL) { 757 debug("Can't match group at line %d because user %.100s does " 758 "not exist", line, user); 759 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 760 debug("Can't Match group because user %.100s not in any group " 761 "at line %d", user, line); 762 } else if (ga_match_pattern_list(grps) != 1) { 763 debug("user %.100s does not match group list %.100s at line %d", 764 user, grps, line); 765 } else { 766 debug("user %.100s matched group list %.100s at line %d", user, 767 grps, line); 768 result = 1; 769 } 770 out: 771 ga_free(); 772 return result; 773 } 774 775 /* 776 * All of the attributes on a single Match line are ANDed together, so we need 777 * to check every attribute and set the result to zero if any attribute does 778 * not match. 779 */ 780 static int 781 match_cfg_line(char **condition, int line, struct connection_info *ci) 782 { 783 int result = 1, attributes = 0, port; 784 char *arg, *attrib, *cp = *condition; 785 786 if (ci == NULL) 787 debug3("checking syntax for 'Match %s'", cp); 788 else 789 debug3("checking match for '%s' user %s host %s addr %s " 790 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 791 ci->host ? ci->host : "(null)", 792 ci->address ? ci->address : "(null)", 793 ci->laddress ? ci->laddress : "(null)", ci->lport); 794 795 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 796 attributes++; 797 if (strcasecmp(attrib, "all") == 0) { 798 if (attributes != 1 || 799 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 800 error("'all' cannot be combined with other " 801 "Match attributes"); 802 return -1; 803 } 804 *condition = cp; 805 return 1; 806 } 807 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 808 error("Missing Match criteria for %s", attrib); 809 return -1; 810 } 811 if (strcasecmp(attrib, "user") == 0) { 812 if (ci == NULL || ci->user == NULL) { 813 result = 0; 814 continue; 815 } 816 if (match_pattern_list(ci->user, arg, 0) != 1) 817 result = 0; 818 else 819 debug("user %.100s matched 'User %.100s' at " 820 "line %d", ci->user, arg, line); 821 } else if (strcasecmp(attrib, "group") == 0) { 822 if (ci == NULL || ci->user == NULL) { 823 result = 0; 824 continue; 825 } 826 switch (match_cfg_line_group(arg, line, ci->user)) { 827 case -1: 828 return -1; 829 case 0: 830 result = 0; 831 } 832 } else if (strcasecmp(attrib, "host") == 0) { 833 if (ci == NULL || ci->host == NULL) { 834 result = 0; 835 continue; 836 } 837 if (match_hostname(ci->host, arg) != 1) 838 result = 0; 839 else 840 debug("connection from %.100s matched 'Host " 841 "%.100s' at line %d", ci->host, arg, line); 842 } else if (strcasecmp(attrib, "address") == 0) { 843 if (ci == NULL || ci->address == NULL) { 844 result = 0; 845 continue; 846 } 847 switch (addr_match_list(ci->address, arg)) { 848 case 1: 849 debug("connection from %.100s matched 'Address " 850 "%.100s' at line %d", ci->address, arg, line); 851 break; 852 case 0: 853 case -1: 854 result = 0; 855 break; 856 case -2: 857 return -1; 858 } 859 } else if (strcasecmp(attrib, "localaddress") == 0){ 860 if (ci == NULL || ci->laddress == NULL) { 861 result = 0; 862 continue; 863 } 864 switch (addr_match_list(ci->laddress, arg)) { 865 case 1: 866 debug("connection from %.100s matched " 867 "'LocalAddress %.100s' at line %d", 868 ci->laddress, arg, line); 869 break; 870 case 0: 871 case -1: 872 result = 0; 873 break; 874 case -2: 875 return -1; 876 } 877 } else if (strcasecmp(attrib, "localport") == 0) { 878 if ((port = a2port(arg)) == -1) { 879 error("Invalid LocalPort '%s' on Match line", 880 arg); 881 return -1; 882 } 883 if (ci == NULL || ci->lport == 0) { 884 result = 0; 885 continue; 886 } 887 /* TODO support port lists */ 888 if (port == ci->lport) 889 debug("connection from %.100s matched " 890 "'LocalPort %d' at line %d", 891 ci->laddress, port, line); 892 else 893 result = 0; 894 } else { 895 error("Unsupported Match attribute %s", attrib); 896 return -1; 897 } 898 } 899 if (attributes == 0) { 900 error("One or more attributes required for Match"); 901 return -1; 902 } 903 if (ci != NULL) 904 debug3("match %sfound", result ? "" : "not "); 905 *condition = cp; 906 return result; 907 } 908 909 #define WHITESPACE " \t\r\n" 910 911 /* Multistate option parsing */ 912 struct multistate { 913 char *key; 914 int value; 915 }; 916 static const struct multistate multistate_addressfamily[] = { 917 { "inet", AF_INET }, 918 { "inet6", AF_INET6 }, 919 { "any", AF_UNSPEC }, 920 { NULL, -1 } 921 }; 922 static const struct multistate multistate_permitrootlogin[] = { 923 { "without-password", PERMIT_NO_PASSWD }, 924 { "prohibit-password", PERMIT_NO_PASSWD }, 925 { "forced-commands-only", PERMIT_FORCED_ONLY }, 926 { "yes", PERMIT_YES }, 927 { "no", PERMIT_NO }, 928 { NULL, -1 } 929 }; 930 static const struct multistate multistate_compression[] = { 931 { "yes", COMP_DELAYED }, 932 { "delayed", COMP_DELAYED }, 933 { "no", COMP_NONE }, 934 { NULL, -1 } 935 }; 936 static const struct multistate multistate_gatewayports[] = { 937 { "clientspecified", 2 }, 938 { "yes", 1 }, 939 { "no", 0 }, 940 { NULL, -1 } 941 }; 942 static const struct multistate multistate_privsep[] = { 943 { "yes", PRIVSEP_NOSANDBOX }, 944 { "sandbox", PRIVSEP_ON }, 945 { "nosandbox", PRIVSEP_NOSANDBOX }, 946 { "no", PRIVSEP_OFF }, 947 { NULL, -1 } 948 }; 949 static const struct multistate multistate_tcpfwd[] = { 950 { "yes", FORWARD_ALLOW }, 951 { "all", FORWARD_ALLOW }, 952 { "no", FORWARD_DENY }, 953 { "remote", FORWARD_REMOTE }, 954 { "local", FORWARD_LOCAL }, 955 { NULL, -1 } 956 }; 957 958 int 959 process_server_config_line(ServerOptions *options, char *line, 960 const char *filename, int linenum, int *activep, 961 struct connection_info *connectinfo) 962 { 963 char *cp, **charptr, *arg, *p; 964 int cmdline = 0, *intptr, value, value2, n, port; 965 SyslogFacility *log_facility_ptr; 966 LogLevel *log_level_ptr; 967 ServerOpCodes opcode; 968 u_int i, flags = 0; 969 size_t len; 970 long long val64; 971 const struct multistate *multistate_ptr; 972 973 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 974 if ((len = strlen(line)) == 0) 975 return 0; 976 for (len--; len > 0; len--) { 977 if (strchr(WHITESPACE "\f", line[len]) == NULL) 978 break; 979 line[len] = '\0'; 980 } 981 982 cp = line; 983 if ((arg = strdelim(&cp)) == NULL) 984 return 0; 985 /* Ignore leading whitespace */ 986 if (*arg == '\0') 987 arg = strdelim(&cp); 988 if (!arg || !*arg || *arg == '#') 989 return 0; 990 intptr = NULL; 991 charptr = NULL; 992 opcode = parse_token(arg, filename, linenum, &flags); 993 994 if (activep == NULL) { /* We are processing a command line directive */ 995 cmdline = 1; 996 activep = &cmdline; 997 } 998 if (*activep && opcode != sMatch) 999 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 1000 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1001 if (connectinfo == NULL) { 1002 fatal("%s line %d: Directive '%s' is not allowed " 1003 "within a Match block", filename, linenum, arg); 1004 } else { /* this is a directive we have already processed */ 1005 while (arg) 1006 arg = strdelim(&cp); 1007 return 0; 1008 } 1009 } 1010 1011 switch (opcode) { 1012 /* Portable-specific options */ 1013 case sUsePAM: 1014 intptr = &options->use_pam; 1015 goto parse_flag; 1016 1017 /* Standard Options */ 1018 case sBadOption: 1019 return -1; 1020 case sPort: 1021 /* ignore ports from configfile if cmdline specifies ports */ 1022 if (options->ports_from_cmdline) 1023 return 0; 1024 if (options->num_ports >= MAX_PORTS) 1025 fatal("%s line %d: too many ports.", 1026 filename, linenum); 1027 arg = strdelim(&cp); 1028 if (!arg || *arg == '\0') 1029 fatal("%s line %d: missing port number.", 1030 filename, linenum); 1031 options->ports[options->num_ports++] = a2port(arg); 1032 if (options->ports[options->num_ports-1] <= 0) 1033 fatal("%s line %d: Badly formatted port number.", 1034 filename, linenum); 1035 break; 1036 1037 case sLoginGraceTime: 1038 intptr = &options->login_grace_time; 1039 parse_time: 1040 arg = strdelim(&cp); 1041 if (!arg || *arg == '\0') 1042 fatal("%s line %d: missing time value.", 1043 filename, linenum); 1044 if ((value = convtime(arg)) == -1) 1045 fatal("%s line %d: invalid time value.", 1046 filename, linenum); 1047 if (*activep && *intptr == -1) 1048 *intptr = value; 1049 break; 1050 1051 case sListenAddress: 1052 arg = strdelim(&cp); 1053 if (arg == NULL || *arg == '\0') 1054 fatal("%s line %d: missing address", 1055 filename, linenum); 1056 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1057 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1058 && strchr(p+1, ':') != NULL) { 1059 queue_listen_addr(options, arg, 0); 1060 break; 1061 } 1062 p = hpdelim(&arg); 1063 if (p == NULL) 1064 fatal("%s line %d: bad address:port usage", 1065 filename, linenum); 1066 p = cleanhostname(p); 1067 if (arg == NULL) 1068 port = 0; 1069 else if ((port = a2port(arg)) <= 0) 1070 fatal("%s line %d: bad port number", filename, linenum); 1071 1072 queue_listen_addr(options, p, port); 1073 1074 break; 1075 1076 case sAddressFamily: 1077 intptr = &options->address_family; 1078 multistate_ptr = multistate_addressfamily; 1079 parse_multistate: 1080 arg = strdelim(&cp); 1081 if (!arg || *arg == '\0') 1082 fatal("%s line %d: missing argument.", 1083 filename, linenum); 1084 value = -1; 1085 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1086 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1087 value = multistate_ptr[i].value; 1088 break; 1089 } 1090 } 1091 if (value == -1) 1092 fatal("%s line %d: unsupported option \"%s\".", 1093 filename, linenum, arg); 1094 if (*activep && *intptr == -1) 1095 *intptr = value; 1096 break; 1097 1098 case sHostKeyFile: 1099 intptr = &options->num_host_key_files; 1100 if (*intptr >= MAX_HOSTKEYS) 1101 fatal("%s line %d: too many host keys specified (max %d).", 1102 filename, linenum, MAX_HOSTKEYS); 1103 charptr = &options->host_key_files[*intptr]; 1104 parse_filename: 1105 arg = strdelim(&cp); 1106 if (!arg || *arg == '\0') 1107 fatal("%s line %d: missing file name.", 1108 filename, linenum); 1109 if (*activep && *charptr == NULL) { 1110 *charptr = derelativise_path(arg); 1111 /* increase optional counter */ 1112 if (intptr != NULL) 1113 *intptr = *intptr + 1; 1114 } 1115 break; 1116 1117 case sHostKeyAgent: 1118 charptr = &options->host_key_agent; 1119 arg = strdelim(&cp); 1120 if (!arg || *arg == '\0') 1121 fatal("%s line %d: missing socket name.", 1122 filename, linenum); 1123 if (*activep && *charptr == NULL) 1124 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1125 xstrdup(arg) : derelativise_path(arg); 1126 break; 1127 1128 case sHostCertificate: 1129 intptr = &options->num_host_cert_files; 1130 if (*intptr >= MAX_HOSTKEYS) 1131 fatal("%s line %d: too many host certificates " 1132 "specified (max %d).", filename, linenum, 1133 MAX_HOSTCERTS); 1134 charptr = &options->host_cert_files[*intptr]; 1135 goto parse_filename; 1136 1137 case sPidFile: 1138 charptr = &options->pid_file; 1139 goto parse_filename; 1140 1141 case sPermitRootLogin: 1142 intptr = &options->permit_root_login; 1143 multistate_ptr = multistate_permitrootlogin; 1144 goto parse_multistate; 1145 1146 case sIgnoreRhosts: 1147 intptr = &options->ignore_rhosts; 1148 parse_flag: 1149 arg = strdelim(&cp); 1150 if (!arg || *arg == '\0') 1151 fatal("%s line %d: missing yes/no argument.", 1152 filename, linenum); 1153 value = 0; /* silence compiler */ 1154 if (strcmp(arg, "yes") == 0) 1155 value = 1; 1156 else if (strcmp(arg, "no") == 0) 1157 value = 0; 1158 else 1159 fatal("%s line %d: Bad yes/no argument: %s", 1160 filename, linenum, arg); 1161 if (*activep && *intptr == -1) 1162 *intptr = value; 1163 break; 1164 1165 case sIgnoreUserKnownHosts: 1166 intptr = &options->ignore_user_known_hosts; 1167 goto parse_flag; 1168 1169 case sHostbasedAuthentication: 1170 intptr = &options->hostbased_authentication; 1171 goto parse_flag; 1172 1173 case sHostbasedUsesNameFromPacketOnly: 1174 intptr = &options->hostbased_uses_name_from_packet_only; 1175 goto parse_flag; 1176 1177 case sHostbasedAcceptedKeyTypes: 1178 charptr = &options->hostbased_key_types; 1179 parse_keytypes: 1180 arg = strdelim(&cp); 1181 if (!arg || *arg == '\0') 1182 fatal("%s line %d: Missing argument.", 1183 filename, linenum); 1184 if (*arg != '-' && 1185 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) 1186 fatal("%s line %d: Bad key types '%s'.", 1187 filename, linenum, arg ? arg : "<NONE>"); 1188 if (*activep && *charptr == NULL) 1189 *charptr = xstrdup(arg); 1190 break; 1191 1192 case sHostKeyAlgorithms: 1193 charptr = &options->hostkeyalgorithms; 1194 goto parse_keytypes; 1195 1196 case sPubkeyAuthentication: 1197 intptr = &options->pubkey_authentication; 1198 goto parse_flag; 1199 1200 case sPubkeyAcceptedKeyTypes: 1201 charptr = &options->pubkey_key_types; 1202 goto parse_keytypes; 1203 1204 case sKerberosAuthentication: 1205 intptr = &options->kerberos_authentication; 1206 goto parse_flag; 1207 1208 case sKerberosOrLocalPasswd: 1209 intptr = &options->kerberos_or_local_passwd; 1210 goto parse_flag; 1211 1212 case sKerberosTicketCleanup: 1213 intptr = &options->kerberos_ticket_cleanup; 1214 goto parse_flag; 1215 1216 case sKerberosGetAFSToken: 1217 intptr = &options->kerberos_get_afs_token; 1218 goto parse_flag; 1219 1220 case sGssAuthentication: 1221 intptr = &options->gss_authentication; 1222 goto parse_flag; 1223 1224 case sGssCleanupCreds: 1225 intptr = &options->gss_cleanup_creds; 1226 goto parse_flag; 1227 1228 case sGssStrictAcceptor: 1229 intptr = &options->gss_strict_acceptor; 1230 goto parse_flag; 1231 1232 case sPasswordAuthentication: 1233 intptr = &options->password_authentication; 1234 goto parse_flag; 1235 1236 case sKbdInteractiveAuthentication: 1237 intptr = &options->kbd_interactive_authentication; 1238 goto parse_flag; 1239 1240 case sChallengeResponseAuthentication: 1241 intptr = &options->challenge_response_authentication; 1242 goto parse_flag; 1243 1244 case sPrintMotd: 1245 intptr = &options->print_motd; 1246 goto parse_flag; 1247 1248 case sPrintLastLog: 1249 intptr = &options->print_lastlog; 1250 goto parse_flag; 1251 1252 case sX11Forwarding: 1253 intptr = &options->x11_forwarding; 1254 goto parse_flag; 1255 1256 case sX11DisplayOffset: 1257 intptr = &options->x11_display_offset; 1258 parse_int: 1259 arg = strdelim(&cp); 1260 if (!arg || *arg == '\0') 1261 fatal("%s line %d: missing integer value.", 1262 filename, linenum); 1263 value = atoi(arg); 1264 if (*activep && *intptr == -1) 1265 *intptr = value; 1266 break; 1267 1268 case sX11UseLocalhost: 1269 intptr = &options->x11_use_localhost; 1270 goto parse_flag; 1271 1272 case sXAuthLocation: 1273 charptr = &options->xauth_location; 1274 goto parse_filename; 1275 1276 case sPermitTTY: 1277 intptr = &options->permit_tty; 1278 goto parse_flag; 1279 1280 case sPermitUserRC: 1281 intptr = &options->permit_user_rc; 1282 goto parse_flag; 1283 1284 case sStrictModes: 1285 intptr = &options->strict_modes; 1286 goto parse_flag; 1287 1288 case sTCPKeepAlive: 1289 intptr = &options->tcp_keep_alive; 1290 goto parse_flag; 1291 1292 case sEmptyPasswd: 1293 intptr = &options->permit_empty_passwd; 1294 goto parse_flag; 1295 1296 case sPermitUserEnvironment: 1297 intptr = &options->permit_user_env; 1298 goto parse_flag; 1299 1300 case sCompression: 1301 intptr = &options->compression; 1302 multistate_ptr = multistate_compression; 1303 goto parse_multistate; 1304 1305 case sRekeyLimit: 1306 arg = strdelim(&cp); 1307 if (!arg || *arg == '\0') 1308 fatal("%.200s line %d: Missing argument.", filename, 1309 linenum); 1310 if (strcmp(arg, "default") == 0) { 1311 val64 = 0; 1312 } else { 1313 if (scan_scaled(arg, &val64) == -1) 1314 fatal("%.200s line %d: Bad number '%s': %s", 1315 filename, linenum, arg, strerror(errno)); 1316 if (val64 != 0 && val64 < 16) 1317 fatal("%.200s line %d: RekeyLimit too small", 1318 filename, linenum); 1319 } 1320 if (*activep && options->rekey_limit == -1) 1321 options->rekey_limit = val64; 1322 if (cp != NULL) { /* optional rekey interval present */ 1323 if (strcmp(cp, "none") == 0) { 1324 (void)strdelim(&cp); /* discard */ 1325 break; 1326 } 1327 intptr = &options->rekey_interval; 1328 goto parse_time; 1329 } 1330 break; 1331 1332 case sGatewayPorts: 1333 intptr = &options->fwd_opts.gateway_ports; 1334 multistate_ptr = multistate_gatewayports; 1335 goto parse_multistate; 1336 1337 case sUseDNS: 1338 intptr = &options->use_dns; 1339 goto parse_flag; 1340 1341 case sLogFacility: 1342 log_facility_ptr = &options->log_facility; 1343 arg = strdelim(&cp); 1344 value = log_facility_number(arg); 1345 if (value == SYSLOG_FACILITY_NOT_SET) 1346 fatal("%.200s line %d: unsupported log facility '%s'", 1347 filename, linenum, arg ? arg : "<NONE>"); 1348 if (*log_facility_ptr == -1) 1349 *log_facility_ptr = (SyslogFacility) value; 1350 break; 1351 1352 case sLogLevel: 1353 log_level_ptr = &options->log_level; 1354 arg = strdelim(&cp); 1355 value = log_level_number(arg); 1356 if (value == SYSLOG_LEVEL_NOT_SET) 1357 fatal("%.200s line %d: unsupported log level '%s'", 1358 filename, linenum, arg ? arg : "<NONE>"); 1359 if (*log_level_ptr == -1) 1360 *log_level_ptr = (LogLevel) value; 1361 break; 1362 1363 case sAllowTcpForwarding: 1364 intptr = &options->allow_tcp_forwarding; 1365 multistate_ptr = multistate_tcpfwd; 1366 goto parse_multistate; 1367 1368 case sAllowStreamLocalForwarding: 1369 intptr = &options->allow_streamlocal_forwarding; 1370 multistate_ptr = multistate_tcpfwd; 1371 goto parse_multistate; 1372 1373 case sAllowAgentForwarding: 1374 intptr = &options->allow_agent_forwarding; 1375 goto parse_flag; 1376 1377 case sDisableForwarding: 1378 intptr = &options->disable_forwarding; 1379 goto parse_flag; 1380 1381 case sAllowUsers: 1382 while ((arg = strdelim(&cp)) && *arg != '\0') { 1383 if (options->num_allow_users >= MAX_ALLOW_USERS) 1384 fatal("%s line %d: too many allow users.", 1385 filename, linenum); 1386 if (match_user(NULL, NULL, NULL, arg) == -1) 1387 fatal("%s line %d: invalid AllowUsers pattern: " 1388 "\"%.100s\"", filename, linenum, arg); 1389 if (!*activep) 1390 continue; 1391 options->allow_users[options->num_allow_users++] = 1392 xstrdup(arg); 1393 } 1394 break; 1395 1396 case sDenyUsers: 1397 while ((arg = strdelim(&cp)) && *arg != '\0') { 1398 if (options->num_deny_users >= MAX_DENY_USERS) 1399 fatal("%s line %d: too many deny users.", 1400 filename, linenum); 1401 if (match_user(NULL, NULL, NULL, arg) == -1) 1402 fatal("%s line %d: invalid DenyUsers pattern: " 1403 "\"%.100s\"", filename, linenum, arg); 1404 if (!*activep) 1405 continue; 1406 options->deny_users[options->num_deny_users++] = 1407 xstrdup(arg); 1408 } 1409 break; 1410 1411 case sAllowGroups: 1412 while ((arg = strdelim(&cp)) && *arg != '\0') { 1413 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 1414 fatal("%s line %d: too many allow groups.", 1415 filename, linenum); 1416 if (!*activep) 1417 continue; 1418 options->allow_groups[options->num_allow_groups++] = 1419 xstrdup(arg); 1420 } 1421 break; 1422 1423 case sDenyGroups: 1424 while ((arg = strdelim(&cp)) && *arg != '\0') { 1425 if (options->num_deny_groups >= MAX_DENY_GROUPS) 1426 fatal("%s line %d: too many deny groups.", 1427 filename, linenum); 1428 if (!*activep) 1429 continue; 1430 options->deny_groups[options->num_deny_groups++] = 1431 xstrdup(arg); 1432 } 1433 break; 1434 1435 case sCiphers: 1436 arg = strdelim(&cp); 1437 if (!arg || *arg == '\0') 1438 fatal("%s line %d: Missing argument.", filename, linenum); 1439 if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) 1440 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1441 filename, linenum, arg ? arg : "<NONE>"); 1442 if (options->ciphers == NULL) 1443 options->ciphers = xstrdup(arg); 1444 break; 1445 1446 case sMacs: 1447 arg = strdelim(&cp); 1448 if (!arg || *arg == '\0') 1449 fatal("%s line %d: Missing argument.", filename, linenum); 1450 if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) 1451 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1452 filename, linenum, arg ? arg : "<NONE>"); 1453 if (options->macs == NULL) 1454 options->macs = xstrdup(arg); 1455 break; 1456 1457 case sKexAlgorithms: 1458 arg = strdelim(&cp); 1459 if (!arg || *arg == '\0') 1460 fatal("%s line %d: Missing argument.", 1461 filename, linenum); 1462 if (*arg != '-' && 1463 !kex_names_valid(*arg == '+' ? arg + 1 : arg)) 1464 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1465 filename, linenum, arg ? arg : "<NONE>"); 1466 if (options->kex_algorithms == NULL) 1467 options->kex_algorithms = xstrdup(arg); 1468 break; 1469 1470 case sSubsystem: 1471 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1472 fatal("%s line %d: too many subsystems defined.", 1473 filename, linenum); 1474 } 1475 arg = strdelim(&cp); 1476 if (!arg || *arg == '\0') 1477 fatal("%s line %d: Missing subsystem name.", 1478 filename, linenum); 1479 if (!*activep) { 1480 arg = strdelim(&cp); 1481 break; 1482 } 1483 for (i = 0; i < options->num_subsystems; i++) 1484 if (strcmp(arg, options->subsystem_name[i]) == 0) 1485 fatal("%s line %d: Subsystem '%s' already defined.", 1486 filename, linenum, arg); 1487 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1488 arg = strdelim(&cp); 1489 if (!arg || *arg == '\0') 1490 fatal("%s line %d: Missing subsystem command.", 1491 filename, linenum); 1492 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1493 1494 /* Collect arguments (separate to executable) */ 1495 p = xstrdup(arg); 1496 len = strlen(p) + 1; 1497 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1498 len += 1 + strlen(arg); 1499 p = xreallocarray(p, 1, len); 1500 strlcat(p, " ", len); 1501 strlcat(p, arg, len); 1502 } 1503 options->subsystem_args[options->num_subsystems] = p; 1504 options->num_subsystems++; 1505 break; 1506 1507 case sMaxStartups: 1508 arg = strdelim(&cp); 1509 if (!arg || *arg == '\0') 1510 fatal("%s line %d: Missing MaxStartups spec.", 1511 filename, linenum); 1512 if ((n = sscanf(arg, "%d:%d:%d", 1513 &options->max_startups_begin, 1514 &options->max_startups_rate, 1515 &options->max_startups)) == 3) { 1516 if (options->max_startups_begin > 1517 options->max_startups || 1518 options->max_startups_rate > 100 || 1519 options->max_startups_rate < 1) 1520 fatal("%s line %d: Illegal MaxStartups spec.", 1521 filename, linenum); 1522 } else if (n != 1) 1523 fatal("%s line %d: Illegal MaxStartups spec.", 1524 filename, linenum); 1525 else 1526 options->max_startups = options->max_startups_begin; 1527 break; 1528 1529 case sMaxAuthTries: 1530 intptr = &options->max_authtries; 1531 goto parse_int; 1532 1533 case sMaxSessions: 1534 intptr = &options->max_sessions; 1535 goto parse_int; 1536 1537 case sBanner: 1538 charptr = &options->banner; 1539 goto parse_filename; 1540 1541 /* 1542 * These options can contain %X options expanded at 1543 * connect time, so that you can specify paths like: 1544 * 1545 * AuthorizedKeysFile /etc/ssh_keys/%u 1546 */ 1547 case sAuthorizedKeysFile: 1548 if (*activep && options->num_authkeys_files == 0) { 1549 while ((arg = strdelim(&cp)) && *arg != '\0') { 1550 if (options->num_authkeys_files >= 1551 MAX_AUTHKEYS_FILES) 1552 fatal("%s line %d: " 1553 "too many authorized keys files.", 1554 filename, linenum); 1555 options->authorized_keys_files[ 1556 options->num_authkeys_files++] = 1557 tilde_expand_filename(arg, getuid()); 1558 } 1559 } 1560 return 0; 1561 1562 case sAuthorizedPrincipalsFile: 1563 charptr = &options->authorized_principals_file; 1564 arg = strdelim(&cp); 1565 if (!arg || *arg == '\0') 1566 fatal("%s line %d: missing file name.", 1567 filename, linenum); 1568 if (*activep && *charptr == NULL) { 1569 *charptr = tilde_expand_filename(arg, getuid()); 1570 /* increase optional counter */ 1571 if (intptr != NULL) 1572 *intptr = *intptr + 1; 1573 } 1574 break; 1575 1576 case sClientAliveInterval: 1577 intptr = &options->client_alive_interval; 1578 goto parse_time; 1579 1580 case sClientAliveCountMax: 1581 intptr = &options->client_alive_count_max; 1582 goto parse_int; 1583 1584 case sAcceptEnv: 1585 while ((arg = strdelim(&cp)) && *arg != '\0') { 1586 if (strchr(arg, '=') != NULL) 1587 fatal("%s line %d: Invalid environment name.", 1588 filename, linenum); 1589 if (options->num_accept_env >= MAX_ACCEPT_ENV) 1590 fatal("%s line %d: too many allow env.", 1591 filename, linenum); 1592 if (!*activep) 1593 continue; 1594 options->accept_env[options->num_accept_env++] = 1595 xstrdup(arg); 1596 } 1597 break; 1598 1599 case sPermitTunnel: 1600 intptr = &options->permit_tun; 1601 arg = strdelim(&cp); 1602 if (!arg || *arg == '\0') 1603 fatal("%s line %d: Missing yes/point-to-point/" 1604 "ethernet/no argument.", filename, linenum); 1605 value = -1; 1606 for (i = 0; tunmode_desc[i].val != -1; i++) 1607 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1608 value = tunmode_desc[i].val; 1609 break; 1610 } 1611 if (value == -1) 1612 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1613 "no argument: %s", filename, linenum, arg); 1614 if (*activep && *intptr == -1) 1615 *intptr = value; 1616 break; 1617 1618 case sMatch: 1619 if (cmdline) 1620 fatal("Match directive not supported as a command-line " 1621 "option"); 1622 value = match_cfg_line(&cp, linenum, connectinfo); 1623 if (value < 0) 1624 fatal("%s line %d: Bad Match condition", filename, 1625 linenum); 1626 *activep = value; 1627 break; 1628 1629 case sPermitOpen: 1630 arg = strdelim(&cp); 1631 if (!arg || *arg == '\0') 1632 fatal("%s line %d: missing PermitOpen specification", 1633 filename, linenum); 1634 n = options->num_permitted_opens; /* modified later */ 1635 if (strcmp(arg, "any") == 0) { 1636 if (*activep && n == -1) { 1637 channel_clear_adm_permitted_opens(); 1638 options->num_permitted_opens = 0; 1639 } 1640 break; 1641 } 1642 if (strcmp(arg, "none") == 0) { 1643 if (*activep && n == -1) { 1644 options->num_permitted_opens = 1; 1645 channel_disable_adm_local_opens(); 1646 } 1647 break; 1648 } 1649 if (*activep && n == -1) 1650 channel_clear_adm_permitted_opens(); 1651 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 1652 p = hpdelim(&arg); 1653 if (p == NULL) 1654 fatal("%s line %d: missing host in PermitOpen", 1655 filename, linenum); 1656 p = cleanhostname(p); 1657 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 1658 fatal("%s line %d: bad port number in " 1659 "PermitOpen", filename, linenum); 1660 if (*activep && n == -1) 1661 options->num_permitted_opens = 1662 channel_add_adm_permitted_opens(p, port); 1663 } 1664 break; 1665 1666 case sForceCommand: 1667 if (cp == NULL || *cp == '\0') 1668 fatal("%.200s line %d: Missing argument.", filename, 1669 linenum); 1670 len = strspn(cp, WHITESPACE); 1671 if (*activep && options->adm_forced_command == NULL) 1672 options->adm_forced_command = xstrdup(cp + len); 1673 return 0; 1674 1675 case sChrootDirectory: 1676 charptr = &options->chroot_directory; 1677 1678 arg = strdelim(&cp); 1679 if (!arg || *arg == '\0') 1680 fatal("%s line %d: missing file name.", 1681 filename, linenum); 1682 if (*activep && *charptr == NULL) 1683 *charptr = xstrdup(arg); 1684 break; 1685 1686 case sTrustedUserCAKeys: 1687 charptr = &options->trusted_user_ca_keys; 1688 goto parse_filename; 1689 1690 case sRevokedKeys: 1691 charptr = &options->revoked_keys_file; 1692 goto parse_filename; 1693 1694 case sIPQoS: 1695 arg = strdelim(&cp); 1696 if ((value = parse_ipqos(arg)) == -1) 1697 fatal("%s line %d: Bad IPQoS value: %s", 1698 filename, linenum, arg); 1699 arg = strdelim(&cp); 1700 if (arg == NULL) 1701 value2 = value; 1702 else if ((value2 = parse_ipqos(arg)) == -1) 1703 fatal("%s line %d: Bad IPQoS value: %s", 1704 filename, linenum, arg); 1705 if (*activep) { 1706 options->ip_qos_interactive = value; 1707 options->ip_qos_bulk = value2; 1708 } 1709 break; 1710 1711 case sVersionAddendum: 1712 if (cp == NULL || *cp == '\0') 1713 fatal("%.200s line %d: Missing argument.", filename, 1714 linenum); 1715 len = strspn(cp, WHITESPACE); 1716 if (*activep && options->version_addendum == NULL) { 1717 if (strcasecmp(cp + len, "none") == 0) 1718 options->version_addendum = xstrdup(""); 1719 else if (strchr(cp + len, '\r') != NULL) 1720 fatal("%.200s line %d: Invalid argument", 1721 filename, linenum); 1722 else 1723 options->version_addendum = xstrdup(cp + len); 1724 } 1725 return 0; 1726 1727 case sAuthorizedKeysCommand: 1728 if (cp == NULL) 1729 fatal("%.200s line %d: Missing argument.", filename, 1730 linenum); 1731 len = strspn(cp, WHITESPACE); 1732 if (*activep && options->authorized_keys_command == NULL) { 1733 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 1734 fatal("%.200s line %d: AuthorizedKeysCommand " 1735 "must be an absolute path", 1736 filename, linenum); 1737 options->authorized_keys_command = xstrdup(cp + len); 1738 } 1739 return 0; 1740 1741 case sAuthorizedKeysCommandUser: 1742 charptr = &options->authorized_keys_command_user; 1743 1744 arg = strdelim(&cp); 1745 if (!arg || *arg == '\0') 1746 fatal("%s line %d: missing AuthorizedKeysCommandUser " 1747 "argument.", filename, linenum); 1748 if (*activep && *charptr == NULL) 1749 *charptr = xstrdup(arg); 1750 break; 1751 1752 case sAuthorizedPrincipalsCommand: 1753 if (cp == NULL) 1754 fatal("%.200s line %d: Missing argument.", filename, 1755 linenum); 1756 len = strspn(cp, WHITESPACE); 1757 if (*activep && 1758 options->authorized_principals_command == NULL) { 1759 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 1760 fatal("%.200s line %d: " 1761 "AuthorizedPrincipalsCommand must be " 1762 "an absolute path", filename, linenum); 1763 options->authorized_principals_command = 1764 xstrdup(cp + len); 1765 } 1766 return 0; 1767 1768 case sAuthorizedPrincipalsCommandUser: 1769 charptr = &options->authorized_principals_command_user; 1770 1771 arg = strdelim(&cp); 1772 if (!arg || *arg == '\0') 1773 fatal("%s line %d: missing " 1774 "AuthorizedPrincipalsCommandUser argument.", 1775 filename, linenum); 1776 if (*activep && *charptr == NULL) 1777 *charptr = xstrdup(arg); 1778 break; 1779 1780 case sAuthenticationMethods: 1781 if (options->num_auth_methods == 0) { 1782 value = 0; /* seen "any" pseudo-method */ 1783 value2 = 0; /* sucessfully parsed any method */ 1784 while ((arg = strdelim(&cp)) && *arg != '\0') { 1785 if (options->num_auth_methods >= 1786 MAX_AUTH_METHODS) 1787 fatal("%s line %d: " 1788 "too many authentication methods.", 1789 filename, linenum); 1790 if (strcmp(arg, "any") == 0) { 1791 if (options->num_auth_methods > 0) { 1792 fatal("%s line %d: \"any\" " 1793 "must appear alone in " 1794 "AuthenticationMethods", 1795 filename, linenum); 1796 } 1797 value = 1; 1798 } else if (value) { 1799 fatal("%s line %d: \"any\" must appear " 1800 "alone in AuthenticationMethods", 1801 filename, linenum); 1802 } else if (auth2_methods_valid(arg, 0) != 0) { 1803 fatal("%s line %d: invalid " 1804 "authentication method list.", 1805 filename, linenum); 1806 } 1807 value2 = 1; 1808 if (!*activep) 1809 continue; 1810 options->auth_methods[ 1811 options->num_auth_methods++] = xstrdup(arg); 1812 } 1813 if (value2 == 0) { 1814 fatal("%s line %d: no AuthenticationMethods " 1815 "specified", filename, linenum); 1816 } 1817 } 1818 return 0; 1819 1820 case sStreamLocalBindMask: 1821 arg = strdelim(&cp); 1822 if (!arg || *arg == '\0') 1823 fatal("%s line %d: missing StreamLocalBindMask " 1824 "argument.", filename, linenum); 1825 /* Parse mode in octal format */ 1826 value = strtol(arg, &p, 8); 1827 if (arg == p || value < 0 || value > 0777) 1828 fatal("%s line %d: Bad mask.", filename, linenum); 1829 if (*activep) 1830 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 1831 break; 1832 1833 case sStreamLocalBindUnlink: 1834 intptr = &options->fwd_opts.streamlocal_bind_unlink; 1835 goto parse_flag; 1836 1837 case sFingerprintHash: 1838 arg = strdelim(&cp); 1839 if (!arg || *arg == '\0') 1840 fatal("%.200s line %d: Missing argument.", 1841 filename, linenum); 1842 if ((value = ssh_digest_alg_by_name(arg)) == -1) 1843 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 1844 filename, linenum, arg); 1845 if (*activep) 1846 options->fingerprint_hash = value; 1847 break; 1848 1849 case sDeprecated: 1850 case sIgnore: 1851 case sUnsupported: 1852 do_log2(opcode == sIgnore ? 1853 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 1854 "%s line %d: %s option %s", filename, linenum, 1855 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); 1856 while (arg) 1857 arg = strdelim(&cp); 1858 break; 1859 1860 default: 1861 fatal("%s line %d: Missing handler for opcode %s (%d)", 1862 filename, linenum, arg, opcode); 1863 } 1864 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 1865 fatal("%s line %d: garbage at end of line; \"%.200s\".", 1866 filename, linenum, arg); 1867 return 0; 1868 } 1869 1870 /* Reads the server configuration file. */ 1871 1872 void 1873 load_server_config(const char *filename, Buffer *conf) 1874 { 1875 char line[4096], *cp; 1876 FILE *f; 1877 int lineno = 0; 1878 1879 debug2("%s: filename %s", __func__, filename); 1880 if ((f = fopen(filename, "r")) == NULL) { 1881 perror(filename); 1882 exit(1); 1883 } 1884 buffer_clear(conf); 1885 while (fgets(line, sizeof(line), f)) { 1886 lineno++; 1887 if (strlen(line) == sizeof(line) - 1) 1888 fatal("%s line %d too long", filename, lineno); 1889 /* 1890 * Trim out comments and strip whitespace 1891 * NB - preserve newlines, they are needed to reproduce 1892 * line numbers later for error messages 1893 */ 1894 if ((cp = strchr(line, '#')) != NULL) 1895 memcpy(cp, "\n", 2); 1896 cp = line + strspn(line, " \t\r"); 1897 1898 buffer_append(conf, cp, strlen(cp)); 1899 } 1900 buffer_append(conf, "\0", 1); 1901 fclose(f); 1902 debug2("%s: done config len = %d", __func__, buffer_len(conf)); 1903 } 1904 1905 void 1906 parse_server_match_config(ServerOptions *options, 1907 struct connection_info *connectinfo) 1908 { 1909 ServerOptions mo; 1910 #if defined(ANDROID) 1911 char value[PROPERTY_VALUE_MAX]; 1912 #endif 1913 1914 initialize_server_options(&mo); 1915 parse_server_config(&mo, "reprocess config", &cfg, connectinfo); 1916 #if defined(ANDROID) 1917 /* Allow root login if ro.debuggable is set. */ 1918 property_get("ro.debuggable", value, ""); 1919 if (strcmp(value, "1") == 0) { 1920 mo.permit_root_login = PERMIT_YES; 1921 } 1922 #endif 1923 copy_set_server_options(options, &mo, 0); 1924 } 1925 1926 int parse_server_match_testspec(struct connection_info *ci, char *spec) 1927 { 1928 char *p; 1929 1930 while ((p = strsep(&spec, ",")) && *p != '\0') { 1931 if (strncmp(p, "addr=", 5) == 0) { 1932 ci->address = xstrdup(p + 5); 1933 } else if (strncmp(p, "host=", 5) == 0) { 1934 ci->host = xstrdup(p + 5); 1935 } else if (strncmp(p, "user=", 5) == 0) { 1936 ci->user = xstrdup(p + 5); 1937 } else if (strncmp(p, "laddr=", 6) == 0) { 1938 ci->laddress = xstrdup(p + 6); 1939 } else if (strncmp(p, "lport=", 6) == 0) { 1940 ci->lport = a2port(p + 6); 1941 if (ci->lport == -1) { 1942 fprintf(stderr, "Invalid port '%s' in test mode" 1943 " specification %s\n", p+6, p); 1944 return -1; 1945 } 1946 } else { 1947 fprintf(stderr, "Invalid test mode specification %s\n", 1948 p); 1949 return -1; 1950 } 1951 } 1952 return 0; 1953 } 1954 1955 /* 1956 * returns 1 for a complete spec, 0 for partial spec and -1 for an 1957 * empty spec. 1958 */ 1959 int server_match_spec_complete(struct connection_info *ci) 1960 { 1961 if (ci->user && ci->host && ci->address) 1962 return 1; /* complete */ 1963 if (!ci->user && !ci->host && !ci->address) 1964 return -1; /* empty */ 1965 return 0; /* partial */ 1966 } 1967 1968 /* 1969 * Copy any supported values that are set. 1970 * 1971 * If the preauth flag is set, we do not bother copying the string or 1972 * array values that are not used pre-authentication, because any that we 1973 * do use must be explictly sent in mm_getpwnamallow(). 1974 */ 1975 void 1976 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 1977 { 1978 #define M_CP_INTOPT(n) do {\ 1979 if (src->n != -1) \ 1980 dst->n = src->n; \ 1981 } while (0) 1982 1983 M_CP_INTOPT(password_authentication); 1984 M_CP_INTOPT(gss_authentication); 1985 M_CP_INTOPT(pubkey_authentication); 1986 M_CP_INTOPT(kerberos_authentication); 1987 M_CP_INTOPT(hostbased_authentication); 1988 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 1989 M_CP_INTOPT(kbd_interactive_authentication); 1990 M_CP_INTOPT(permit_root_login); 1991 M_CP_INTOPT(permit_empty_passwd); 1992 1993 M_CP_INTOPT(allow_tcp_forwarding); 1994 M_CP_INTOPT(allow_streamlocal_forwarding); 1995 M_CP_INTOPT(allow_agent_forwarding); 1996 M_CP_INTOPT(disable_forwarding); 1997 M_CP_INTOPT(permit_tun); 1998 M_CP_INTOPT(fwd_opts.gateway_ports); 1999 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2000 M_CP_INTOPT(x11_display_offset); 2001 M_CP_INTOPT(x11_forwarding); 2002 M_CP_INTOPT(x11_use_localhost); 2003 M_CP_INTOPT(permit_tty); 2004 M_CP_INTOPT(permit_user_rc); 2005 M_CP_INTOPT(max_sessions); 2006 M_CP_INTOPT(max_authtries); 2007 M_CP_INTOPT(client_alive_count_max); 2008 M_CP_INTOPT(client_alive_interval); 2009 M_CP_INTOPT(ip_qos_interactive); 2010 M_CP_INTOPT(ip_qos_bulk); 2011 M_CP_INTOPT(rekey_limit); 2012 M_CP_INTOPT(rekey_interval); 2013 2014 /* 2015 * The bind_mask is a mode_t that may be unsigned, so we can't use 2016 * M_CP_INTOPT - it does a signed comparison that causes compiler 2017 * warnings. 2018 */ 2019 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 2020 dst->fwd_opts.streamlocal_bind_mask = 2021 src->fwd_opts.streamlocal_bind_mask; 2022 } 2023 2024 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2025 #define M_CP_STROPT(n) do {\ 2026 if (src->n != NULL && dst->n != src->n) { \ 2027 free(dst->n); \ 2028 dst->n = src->n; \ 2029 } \ 2030 } while(0) 2031 #define M_CP_STRARRAYOPT(n, num_n) do {\ 2032 if (src->num_n != 0) { \ 2033 for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ 2034 dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ 2035 } \ 2036 } while(0) 2037 2038 /* See comment in servconf.h */ 2039 COPY_MATCH_STRING_OPTS(); 2040 2041 /* Arguments that accept '+...' need to be expanded */ 2042 assemble_algorithms(dst); 2043 2044 /* 2045 * The only things that should be below this point are string options 2046 * which are only used after authentication. 2047 */ 2048 if (preauth) 2049 return; 2050 2051 /* These options may be "none" to clear a global setting */ 2052 M_CP_STROPT(adm_forced_command); 2053 if (option_clear_or_none(dst->adm_forced_command)) { 2054 free(dst->adm_forced_command); 2055 dst->adm_forced_command = NULL; 2056 } 2057 M_CP_STROPT(chroot_directory); 2058 if (option_clear_or_none(dst->chroot_directory)) { 2059 free(dst->chroot_directory); 2060 dst->chroot_directory = NULL; 2061 } 2062 } 2063 2064 #undef M_CP_INTOPT 2065 #undef M_CP_STROPT 2066 #undef M_CP_STRARRAYOPT 2067 2068 void 2069 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 2070 struct connection_info *connectinfo) 2071 { 2072 int active, linenum, bad_options = 0; 2073 char *cp, *obuf, *cbuf; 2074 2075 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 2076 2077 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2078 fatal("%s: sshbuf_dup_string failed", __func__); 2079 active = connectinfo ? 0 : 1; 2080 linenum = 1; 2081 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2082 if (process_server_config_line(options, cp, filename, 2083 linenum++, &active, connectinfo) != 0) 2084 bad_options++; 2085 } 2086 free(obuf); 2087 if (bad_options > 0) 2088 fatal("%s: terminating, %d bad configuration options", 2089 filename, bad_options); 2090 process_queued_listen_addrs(options); 2091 } 2092 2093 static const char * 2094 fmt_multistate_int(int val, const struct multistate *m) 2095 { 2096 u_int i; 2097 2098 for (i = 0; m[i].key != NULL; i++) { 2099 if (m[i].value == val) 2100 return m[i].key; 2101 } 2102 return "UNKNOWN"; 2103 } 2104 2105 static const char * 2106 fmt_intarg(ServerOpCodes code, int val) 2107 { 2108 if (val == -1) 2109 return "unset"; 2110 switch (code) { 2111 case sAddressFamily: 2112 return fmt_multistate_int(val, multistate_addressfamily); 2113 case sPermitRootLogin: 2114 return fmt_multistate_int(val, multistate_permitrootlogin); 2115 case sGatewayPorts: 2116 return fmt_multistate_int(val, multistate_gatewayports); 2117 case sCompression: 2118 return fmt_multistate_int(val, multistate_compression); 2119 case sAllowTcpForwarding: 2120 return fmt_multistate_int(val, multistate_tcpfwd); 2121 case sAllowStreamLocalForwarding: 2122 return fmt_multistate_int(val, multistate_tcpfwd); 2123 case sFingerprintHash: 2124 return ssh_digest_alg_name(val); 2125 default: 2126 switch (val) { 2127 case 0: 2128 return "no"; 2129 case 1: 2130 return "yes"; 2131 default: 2132 return "UNKNOWN"; 2133 } 2134 } 2135 } 2136 2137 static const char * 2138 lookup_opcode_name(ServerOpCodes code) 2139 { 2140 u_int i; 2141 2142 for (i = 0; keywords[i].name != NULL; i++) 2143 if (keywords[i].opcode == code) 2144 return(keywords[i].name); 2145 return "UNKNOWN"; 2146 } 2147 2148 static void 2149 dump_cfg_int(ServerOpCodes code, int val) 2150 { 2151 printf("%s %d\n", lookup_opcode_name(code), val); 2152 } 2153 2154 static void 2155 dump_cfg_oct(ServerOpCodes code, int val) 2156 { 2157 printf("%s 0%o\n", lookup_opcode_name(code), val); 2158 } 2159 2160 static void 2161 dump_cfg_fmtint(ServerOpCodes code, int val) 2162 { 2163 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2164 } 2165 2166 static void 2167 dump_cfg_string(ServerOpCodes code, const char *val) 2168 { 2169 printf("%s %s\n", lookup_opcode_name(code), 2170 val == NULL ? "none" : val); 2171 } 2172 2173 static void 2174 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2175 { 2176 u_int i; 2177 2178 for (i = 0; i < count; i++) 2179 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2180 } 2181 2182 static void 2183 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2184 { 2185 u_int i; 2186 2187 if (count <= 0 && code != sAuthenticationMethods) 2188 return; 2189 printf("%s", lookup_opcode_name(code)); 2190 for (i = 0; i < count; i++) 2191 printf(" %s", vals[i]); 2192 if (code == sAuthenticationMethods && count == 0) 2193 printf(" any"); 2194 printf("\n"); 2195 } 2196 2197 void 2198 dump_config(ServerOptions *o) 2199 { 2200 u_int i; 2201 int ret; 2202 struct addrinfo *ai; 2203 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 2204 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2205 2206 /* these are usually at the top of the config */ 2207 for (i = 0; i < o->num_ports; i++) 2208 printf("port %d\n", o->ports[i]); 2209 dump_cfg_fmtint(sAddressFamily, o->address_family); 2210 2211 /* 2212 * ListenAddress must be after Port. add_one_listen_addr pushes 2213 * addresses onto a stack, so to maintain ordering we need to 2214 * print these in reverse order. 2215 */ 2216 for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 2217 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2218 sizeof(addr), port, sizeof(port), 2219 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2220 error("getnameinfo failed: %.100s", 2221 (ret != EAI_SYSTEM) ? gai_strerror(ret) : 2222 strerror(errno)); 2223 } else { 2224 laddr2 = laddr1; 2225 if (ai->ai_family == AF_INET6) 2226 xasprintf(&laddr1, "listenaddress [%s]:%s\n%s", 2227 addr, port, laddr2); 2228 else 2229 xasprintf(&laddr1, "listenaddress %s:%s\n%s", 2230 addr, port, laddr2); 2231 free(laddr2); 2232 } 2233 } 2234 printf("%s", laddr1); 2235 free(laddr1); 2236 2237 /* integer arguments */ 2238 #ifdef USE_PAM 2239 dump_cfg_fmtint(sUsePAM, o->use_pam); 2240 #endif 2241 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2242 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2243 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2244 dump_cfg_int(sMaxSessions, o->max_sessions); 2245 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2246 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2247 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2248 2249 /* formatted integer arguments */ 2250 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2251 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2252 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2253 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2254 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2255 o->hostbased_uses_name_from_packet_only); 2256 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2257 #ifdef KRB5 2258 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2259 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2260 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2261 # ifdef USE_AFS 2262 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2263 # endif 2264 #endif 2265 #ifdef GSSAPI 2266 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2267 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2268 #endif 2269 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2270 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2271 o->kbd_interactive_authentication); 2272 dump_cfg_fmtint(sChallengeResponseAuthentication, 2273 o->challenge_response_authentication); 2274 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2275 #ifndef DISABLE_LASTLOG 2276 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2277 #endif 2278 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2279 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2280 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2281 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2282 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2283 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2284 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2285 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2286 dump_cfg_fmtint(sCompression, o->compression); 2287 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2288 dump_cfg_fmtint(sUseDNS, o->use_dns); 2289 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2290 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2291 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2292 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2293 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2294 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2295 2296 /* string arguments */ 2297 dump_cfg_string(sPidFile, o->pid_file); 2298 dump_cfg_string(sXAuthLocation, o->xauth_location); 2299 dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); 2300 dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); 2301 dump_cfg_string(sBanner, o->banner); 2302 dump_cfg_string(sForceCommand, o->adm_forced_command); 2303 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2304 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2305 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2306 dump_cfg_string(sAuthorizedPrincipalsFile, 2307 o->authorized_principals_file); 2308 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2309 ? "none" : o->version_addendum); 2310 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2311 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2312 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2313 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2314 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2315 dump_cfg_string(sKexAlgorithms, 2316 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); 2317 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? 2318 o->hostbased_key_types : KEX_DEFAULT_PK_ALG); 2319 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? 2320 o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); 2321 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? 2322 o->pubkey_key_types : KEX_DEFAULT_PK_ALG); 2323 2324 /* string arguments requiring a lookup */ 2325 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2326 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2327 2328 /* string array arguments */ 2329 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2330 o->authorized_keys_files); 2331 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2332 o->host_key_files); 2333 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2334 o->host_cert_files); 2335 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2336 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2337 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2338 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2339 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2340 dump_cfg_strarray_oneline(sAuthenticationMethods, 2341 o->num_auth_methods, o->auth_methods); 2342 2343 /* other arguments */ 2344 for (i = 0; i < o->num_subsystems; i++) 2345 printf("subsystem %s %s\n", o->subsystem_name[i], 2346 o->subsystem_args[i]); 2347 2348 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2349 o->max_startups_rate, o->max_startups); 2350 2351 for (i = 0; tunmode_desc[i].val != -1; i++) 2352 if (tunmode_desc[i].val == o->permit_tun) { 2353 s = tunmode_desc[i].text; 2354 break; 2355 } 2356 dump_cfg_string(sPermitTunnel, s); 2357 2358 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2359 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2360 2361 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2362 o->rekey_interval); 2363 2364 channel_print_adm_permitted_opens(); 2365 } 2366
