1
2 /* $OpenBSD: servconf.c,v 1.280 2015/08/06 14:53:21 deraadt Exp $ */
3 /*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
6 *
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
12 */
13
14 #include "includes.h"
15
16 #include <sys/types.h>
17 #include <sys/socket.h>
18
19 #include <netinet/in.h>
20 #include <netinet/in_systm.h>
21 #include <netinet/ip.h>
22
23 #include <ctype.h>
24 #include <netdb.h>
25 #include <pwd.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <signal.h>
30 #include <unistd.h>
31 #include <limits.h>
32 #include <stdarg.h>
33 #include <errno.h>
34 #ifdef HAVE_UTIL_H
35 #include <util.h>
36 #endif
37
38 #include "openbsd-compat/sys-queue.h"
39 #include "xmalloc.h"
40 #include "ssh.h"
41 #include "log.h"
42 #include "buffer.h"
43 #include "misc.h"
44 #include "servconf.h"
45 #include "compat.h"
46 #include "pathnames.h"
47 #include "cipher.h"
48 #include "key.h"
49 #include "kex.h"
50 #include "mac.h"
51 #include "match.h"
52 #include "channels.h"
53 #include "groupaccess.h"
54 #include "canohost.h"
55 #include "packet.h"
56 #include "hostfile.h"
57 #include "auth.h"
58 #include "myproposal.h"
59 #include "digest.h"
60
61 #ifdef ANDROID
62 #include <cutils/properties.h>
63 #endif
64
65 static void add_listen_addr(ServerOptions *, char *, int);
66 static void add_one_listen_addr(ServerOptions *, char *, int);
67
68 /* Use of privilege separation or not */
69 extern int use_privsep;
70 extern Buffer cfg;
71
72 /* Initializes the server options to their default values. */
73
74 void
initialize_server_options(ServerOptions * options)75 initialize_server_options(ServerOptions *options)
76 {
77 memset(options, 0, sizeof(*options));
78
79 /* Portable-specific options */
80 options->use_pam = -1;
81
82 /* Standard Options */
83 options->num_ports = 0;
84 options->ports_from_cmdline = 0;
85 options->queued_listen_addrs = NULL;
86 options->num_queued_listens = 0;
87 options->listen_addrs = NULL;
88 options->address_family = -1;
89 options->num_host_key_files = 0;
90 options->num_host_cert_files = 0;
91 options->host_key_agent = NULL;
92 options->pid_file = NULL;
93 options->server_key_bits = -1;
94 options->login_grace_time = -1;
95 options->key_regeneration_time = -1;
96 options->permit_root_login = PERMIT_NOT_SET;
97 options->ignore_rhosts = -1;
98 options->ignore_user_known_hosts = -1;
99 options->print_motd = -1;
100 options->print_lastlog = -1;
101 options->x11_forwarding = -1;
102 options->x11_display_offset = -1;
103 options->x11_use_localhost = -1;
104 options->permit_tty = -1;
105 options->permit_user_rc = -1;
106 options->xauth_location = NULL;
107 options->strict_modes = -1;
108 options->tcp_keep_alive = -1;
109 options->log_facility = SYSLOG_FACILITY_NOT_SET;
110 options->log_level = SYSLOG_LEVEL_NOT_SET;
111 options->rhosts_rsa_authentication = -1;
112 options->hostbased_authentication = -1;
113 options->hostbased_uses_name_from_packet_only = -1;
114 options->hostbased_key_types = NULL;
115 options->hostkeyalgorithms = NULL;
116 options->rsa_authentication = -1;
117 options->pubkey_authentication = -1;
118 options->pubkey_key_types = NULL;
119 options->kerberos_authentication = -1;
120 options->kerberos_or_local_passwd = -1;
121 options->kerberos_ticket_cleanup = -1;
122 options->kerberos_get_afs_token = -1;
123 options->gss_authentication=-1;
124 options->gss_cleanup_creds = -1;
125 options->gss_strict_acceptor = -1;
126 options->password_authentication = -1;
127 options->kbd_interactive_authentication = -1;
128 options->challenge_response_authentication = -1;
129 options->permit_empty_passwd = -1;
130 options->permit_user_env = -1;
131 options->use_login = -1;
132 options->compression = -1;
133 options->rekey_limit = -1;
134 options->rekey_interval = -1;
135 options->allow_tcp_forwarding = -1;
136 options->allow_streamlocal_forwarding = -1;
137 options->allow_agent_forwarding = -1;
138 options->num_allow_users = 0;
139 options->num_deny_users = 0;
140 options->num_allow_groups = 0;
141 options->num_deny_groups = 0;
142 options->ciphers = NULL;
143 options->macs = NULL;
144 options->kex_algorithms = NULL;
145 options->protocol = SSH_PROTO_UNKNOWN;
146 options->fwd_opts.gateway_ports = -1;
147 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
148 options->fwd_opts.streamlocal_bind_unlink = -1;
149 options->num_subsystems = 0;
150 options->max_startups_begin = -1;
151 options->max_startups_rate = -1;
152 options->max_startups = -1;
153 options->max_authtries = -1;
154 options->max_sessions = -1;
155 options->banner = NULL;
156 options->use_dns = -1;
157 options->client_alive_interval = -1;
158 options->client_alive_count_max = -1;
159 options->num_authkeys_files = 0;
160 options->num_accept_env = 0;
161 options->permit_tun = -1;
162 options->num_permitted_opens = -1;
163 options->adm_forced_command = NULL;
164 options->chroot_directory = NULL;
165 options->authorized_keys_command = NULL;
166 options->authorized_keys_command_user = NULL;
167 options->revoked_keys_file = NULL;
168 options->trusted_user_ca_keys = NULL;
169 options->authorized_principals_file = NULL;
170 options->authorized_principals_command = NULL;
171 options->authorized_principals_command_user = NULL;
172 options->ip_qos_interactive = -1;
173 options->ip_qos_bulk = -1;
174 options->version_addendum = NULL;
175 options->fingerprint_hash = -1;
176 }
177
178 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
179 static int
option_clear_or_none(const char * o)180 option_clear_or_none(const char *o)
181 {
182 return o == NULL || strcasecmp(o, "none") == 0;
183 }
184
185 void
fill_default_server_options(ServerOptions * options)186 fill_default_server_options(ServerOptions *options)
187 {
188 int i;
189
190 /* Portable-specific options */
191 if (options->use_pam == -1)
192 options->use_pam = 0;
193
194 /* Standard Options */
195 if (options->protocol == SSH_PROTO_UNKNOWN)
196 options->protocol = SSH_PROTO_2;
197 if (options->num_host_key_files == 0) {
198 /* fill default hostkeys for protocols */
199 if (options->protocol & SSH_PROTO_1)
200 options->host_key_files[options->num_host_key_files++] =
201 _PATH_HOST_KEY_FILE;
202 if (options->protocol & SSH_PROTO_2) {
203 options->host_key_files[options->num_host_key_files++] =
204 _PATH_HOST_RSA_KEY_FILE;
205 options->host_key_files[options->num_host_key_files++] =
206 _PATH_HOST_DSA_KEY_FILE;
207 #ifdef OPENSSL_HAS_ECC
208 options->host_key_files[options->num_host_key_files++] =
209 _PATH_HOST_ECDSA_KEY_FILE;
210 #endif
211 options->host_key_files[options->num_host_key_files++] =
212 _PATH_HOST_ED25519_KEY_FILE;
213 }
214 }
215 /* No certificates by default */
216 if (options->num_ports == 0)
217 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
218 if (options->address_family == -1)
219 options->address_family = AF_UNSPEC;
220 if (options->listen_addrs == NULL)
221 add_listen_addr(options, NULL, 0);
222 if (options->pid_file == NULL)
223 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
224 if (options->server_key_bits == -1)
225 options->server_key_bits = 1024;
226 if (options->login_grace_time == -1)
227 options->login_grace_time = 120;
228 if (options->key_regeneration_time == -1)
229 options->key_regeneration_time = 3600;
230 if (options->permit_root_login == PERMIT_NOT_SET)
231 options->permit_root_login = PERMIT_NO_PASSWD;
232 if (options->ignore_rhosts == -1)
233 options->ignore_rhosts = 1;
234 if (options->ignore_user_known_hosts == -1)
235 options->ignore_user_known_hosts = 0;
236 if (options->print_motd == -1)
237 options->print_motd = 1;
238 if (options->print_lastlog == -1)
239 options->print_lastlog = 1;
240 if (options->x11_forwarding == -1)
241 options->x11_forwarding = 0;
242 if (options->x11_display_offset == -1)
243 options->x11_display_offset = 10;
244 if (options->x11_use_localhost == -1)
245 options->x11_use_localhost = 1;
246 if (options->xauth_location == NULL)
247 options->xauth_location = xstrdup(_PATH_XAUTH);
248 if (options->permit_tty == -1)
249 options->permit_tty = 1;
250 if (options->permit_user_rc == -1)
251 options->permit_user_rc = 1;
252 if (options->strict_modes == -1)
253 options->strict_modes = 1;
254 if (options->tcp_keep_alive == -1)
255 options->tcp_keep_alive = 1;
256 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
257 options->log_facility = SYSLOG_FACILITY_AUTH;
258 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
259 options->log_level = SYSLOG_LEVEL_INFO;
260 if (options->rhosts_rsa_authentication == -1)
261 options->rhosts_rsa_authentication = 0;
262 if (options->hostbased_authentication == -1)
263 options->hostbased_authentication = 0;
264 if (options->hostbased_uses_name_from_packet_only == -1)
265 options->hostbased_uses_name_from_packet_only = 0;
266 if (options->hostkeyalgorithms == NULL)
267 options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
268 if (options->rsa_authentication == -1)
269 options->rsa_authentication = 1;
270 if (options->pubkey_authentication == -1)
271 options->pubkey_authentication = 1;
272 if (options->kerberos_authentication == -1)
273 options->kerberos_authentication = 0;
274 if (options->kerberos_or_local_passwd == -1)
275 options->kerberos_or_local_passwd = 1;
276 if (options->kerberos_ticket_cleanup == -1)
277 options->kerberos_ticket_cleanup = 1;
278 if (options->kerberos_get_afs_token == -1)
279 options->kerberos_get_afs_token = 0;
280 if (options->gss_authentication == -1)
281 options->gss_authentication = 0;
282 if (options->gss_cleanup_creds == -1)
283 options->gss_cleanup_creds = 1;
284 if (options->gss_strict_acceptor == -1)
285 options->gss_strict_acceptor = 0;
286 if (options->password_authentication == -1)
287 options->password_authentication = 1;
288 if (options->kbd_interactive_authentication == -1)
289 options->kbd_interactive_authentication = 0;
290 if (options->challenge_response_authentication == -1)
291 options->challenge_response_authentication = 1;
292 if (options->permit_empty_passwd == -1)
293 options->permit_empty_passwd = 0;
294 if (options->permit_user_env == -1)
295 options->permit_user_env = 0;
296 if (options->use_login == -1)
297 options->use_login = 0;
298 if (options->compression == -1)
299 options->compression = COMP_DELAYED;
300 if (options->rekey_limit == -1)
301 options->rekey_limit = 0;
302 if (options->rekey_interval == -1)
303 options->rekey_interval = 0;
304 if (options->allow_tcp_forwarding == -1)
305 options->allow_tcp_forwarding = FORWARD_ALLOW;
306 if (options->allow_streamlocal_forwarding == -1)
307 options->allow_streamlocal_forwarding = FORWARD_ALLOW;
308 if (options->allow_agent_forwarding == -1)
309 options->allow_agent_forwarding = 1;
310 if (options->fwd_opts.gateway_ports == -1)
311 options->fwd_opts.gateway_ports = 0;
312 if (options->max_startups == -1)
313 options->max_startups = 100;
314 if (options->max_startups_rate == -1)
315 options->max_startups_rate = 30; /* 30% */
316 if (options->max_startups_begin == -1)
317 options->max_startups_begin = 10;
318 if (options->max_authtries == -1)
319 options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
320 if (options->max_sessions == -1)
321 options->max_sessions = DEFAULT_SESSIONS_MAX;
322 if (options->use_dns == -1)
323 options->use_dns = 0;
324 if (options->client_alive_interval == -1)
325 options->client_alive_interval = 0;
326 if (options->client_alive_count_max == -1)
327 options->client_alive_count_max = 3;
328 if (options->num_authkeys_files == 0) {
329 options->authorized_keys_files[options->num_authkeys_files++] =
330 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
331 options->authorized_keys_files[options->num_authkeys_files++] =
332 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
333 }
334 if (options->permit_tun == -1)
335 options->permit_tun = SSH_TUNMODE_NO;
336 if (options->ip_qos_interactive == -1)
337 options->ip_qos_interactive = IPTOS_LOWDELAY;
338 if (options->ip_qos_bulk == -1)
339 options->ip_qos_bulk = IPTOS_THROUGHPUT;
340 if (options->version_addendum == NULL)
341 options->version_addendum = xstrdup("");
342 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
343 options->fwd_opts.streamlocal_bind_mask = 0177;
344 if (options->fwd_opts.streamlocal_bind_unlink == -1)
345 options->fwd_opts.streamlocal_bind_unlink = 0;
346 if (options->fingerprint_hash == -1)
347 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
348
349 if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 ||
350 kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 ||
351 kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 ||
352 kex_assemble_names(KEX_DEFAULT_PK_ALG,
353 &options->hostbased_key_types) != 0 ||
354 kex_assemble_names(KEX_DEFAULT_PK_ALG,
355 &options->pubkey_key_types) != 0)
356 fatal("%s: kex_assemble_names failed", __func__);
357
358 /* Turn privilege separation on by default */
359 if (use_privsep == -1)
360 use_privsep = PRIVSEP_NOSANDBOX;
361
362 #define CLEAR_ON_NONE(v) \
363 do { \
364 if (option_clear_or_none(v)) { \
365 free(v); \
366 v = NULL; \
367 } \
368 } while(0)
369 CLEAR_ON_NONE(options->pid_file);
370 CLEAR_ON_NONE(options->xauth_location);
371 CLEAR_ON_NONE(options->banner);
372 CLEAR_ON_NONE(options->trusted_user_ca_keys);
373 CLEAR_ON_NONE(options->revoked_keys_file);
374 CLEAR_ON_NONE(options->authorized_principals_file);
375 for (i = 0; i < options->num_host_key_files; i++)
376 CLEAR_ON_NONE(options->host_key_files[i]);
377 for (i = 0; i < options->num_host_cert_files; i++)
378 CLEAR_ON_NONE(options->host_cert_files[i]);
379 #undef CLEAR_ON_NONE
380
381 #ifndef HAVE_MMAP
382 if (use_privsep && options->compression == 1) {
383 error("This platform does not support both privilege "
384 "separation and compression");
385 error("Compression disabled");
386 options->compression = 0;
387 }
388 #endif
389
390 }
391
392 /* Keyword tokens. */
393 typedef enum {
394 sBadOption, /* == unknown option */
395 /* Portable-specific options */
396 sUsePAM,
397 /* Standard Options */
398 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime,
399 sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel,
400 sRhostsRSAAuthentication, sRSAAuthentication,
401 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
402 sKerberosGetAFSToken,
403 sKerberosTgtPassing, sChallengeResponseAuthentication,
404 sPasswordAuthentication, sKbdInteractiveAuthentication,
405 sListenAddress, sAddressFamily,
406 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
407 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
408 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
409 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
410 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
411 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
412 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
413 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
414 sBanner, sUseDNS, sHostbasedAuthentication,
415 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
416 sHostKeyAlgorithms,
417 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
418 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
419 sAcceptEnv, sPermitTunnel,
420 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
421 sUsePrivilegeSeparation, sAllowAgentForwarding,
422 sHostCertificate,
423 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
424 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
425 sKexAlgorithms, sIPQoS, sVersionAddendum,
426 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
427 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
428 sStreamLocalBindMask, sStreamLocalBindUnlink,
429 sAllowStreamLocalForwarding, sFingerprintHash,
430 sDeprecated, sUnsupported
431 } ServerOpCodes;
432
433 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
434 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
435 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
436
437 /* Textual representation of the tokens. */
438 static struct {
439 const char *name;
440 ServerOpCodes opcode;
441 u_int flags;
442 } keywords[] = {
443 /* Portable-specific options */
444 #ifdef USE_PAM
445 { "usepam", sUsePAM, SSHCFG_GLOBAL },
446 #else
447 { "usepam", sUnsupported, SSHCFG_GLOBAL },
448 #endif
449 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
450 /* Standard Options */
451 { "port", sPort, SSHCFG_GLOBAL },
452 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
453 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
454 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
455 { "pidfile", sPidFile, SSHCFG_GLOBAL },
456 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL },
457 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
458 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL },
459 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
460 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
461 { "loglevel", sLogLevel, SSHCFG_GLOBAL },
462 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
463 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
464 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
465 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
466 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
467 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
468 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
469 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
470 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
471 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
472 #ifdef KRB5
473 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
474 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
475 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
476 #ifdef USE_AFS
477 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
478 #else
479 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
480 #endif
481 #else
482 { "kerberosauthentication", sUnsupported, SSHCFG_ALL },
483 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
484 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
485 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
486 #endif
487 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
488 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
489 #ifdef GSSAPI
490 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
491 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
492 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
493 #else
494 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
495 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
496 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
497 #endif
498 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
499 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
500 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
501 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
502 { "checkmail", sDeprecated, SSHCFG_GLOBAL },
503 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
504 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
505 { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
506 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
507 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
508 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
509 { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
510 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
511 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
512 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
513 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
514 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
515 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
516 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
517 { "compression", sCompression, SSHCFG_GLOBAL },
518 { "rekeylimit", sRekeyLimit, SSHCFG_ALL },
519 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
520 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
521 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
522 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
523 { "allowusers", sAllowUsers, SSHCFG_ALL },
524 { "denyusers", sDenyUsers, SSHCFG_ALL },
525 { "allowgroups", sAllowGroups, SSHCFG_ALL },
526 { "denygroups", sDenyGroups, SSHCFG_ALL },
527 { "ciphers", sCiphers, SSHCFG_GLOBAL },
528 { "macs", sMacs, SSHCFG_GLOBAL },
529 { "protocol", sProtocol, SSHCFG_GLOBAL },
530 { "gatewayports", sGatewayPorts, SSHCFG_ALL },
531 { "subsystem", sSubsystem, SSHCFG_GLOBAL },
532 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
533 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
534 { "maxsessions", sMaxSessions, SSHCFG_ALL },
535 { "banner", sBanner, SSHCFG_ALL },
536 { "usedns", sUseDNS, SSHCFG_GLOBAL },
537 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
538 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
539 { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
540 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
541 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
542 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
543 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
544 { "acceptenv", sAcceptEnv, SSHCFG_ALL },
545 { "permittunnel", sPermitTunnel, SSHCFG_ALL },
546 { "permittty", sPermitTTY, SSHCFG_ALL },
547 { "permituserrc", sPermitUserRC, SSHCFG_ALL },
548 { "match", sMatch, SSHCFG_ALL },
549 { "permitopen", sPermitOpen, SSHCFG_ALL },
550 { "forcecommand", sForceCommand, SSHCFG_ALL },
551 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
552 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
553 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
554 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
555 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
556 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
557 { "ipqos", sIPQoS, SSHCFG_ALL },
558 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
559 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
560 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
561 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
562 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
563 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
564 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
565 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
566 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
567 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
568 { NULL, sBadOption, 0 }
569 };
570
571 static struct {
572 int val;
573 char *text;
574 } tunmode_desc[] = {
575 { SSH_TUNMODE_NO, "no" },
576 { SSH_TUNMODE_POINTOPOINT, "point-to-point" },
577 { SSH_TUNMODE_ETHERNET, "ethernet" },
578 { SSH_TUNMODE_YES, "yes" },
579 { -1, NULL }
580 };
581
582 /*
583 * Returns the number of the token pointed to by cp or sBadOption.
584 */
585
586 static ServerOpCodes
parse_token(const char * cp,const char * filename,int linenum,u_int * flags)587 parse_token(const char *cp, const char *filename,
588 int linenum, u_int *flags)
589 {
590 u_int i;
591
592 for (i = 0; keywords[i].name; i++)
593 if (strcasecmp(cp, keywords[i].name) == 0) {
594 *flags = keywords[i].flags;
595 return keywords[i].opcode;
596 }
597
598 error("%s: line %d: Bad configuration option: %s",
599 filename, linenum, cp);
600 return sBadOption;
601 }
602
603 char *
derelativise_path(const char * path)604 derelativise_path(const char *path)
605 {
606 char *expanded, *ret, cwd[PATH_MAX];
607
608 if (strcasecmp(path, "none") == 0)
609 return xstrdup("none");
610 expanded = tilde_expand_filename(path, getuid());
611 if (*expanded == '/')
612 return expanded;
613 if (getcwd(cwd, sizeof(cwd)) == NULL)
614 fatal("%s: getcwd: %s", __func__, strerror(errno));
615 xasprintf(&ret, "%s/%s", cwd, expanded);
616 free(expanded);
617 return ret;
618 }
619
620 static void
add_listen_addr(ServerOptions * options,char * addr,int port)621 add_listen_addr(ServerOptions *options, char *addr, int port)
622 {
623 u_int i;
624
625 if (port == 0)
626 for (i = 0; i < options->num_ports; i++)
627 add_one_listen_addr(options, addr, options->ports[i]);
628 else
629 add_one_listen_addr(options, addr, port);
630 }
631
632 static void
add_one_listen_addr(ServerOptions * options,char * addr,int port)633 add_one_listen_addr(ServerOptions *options, char *addr, int port)
634 {
635 struct addrinfo hints, *ai, *aitop;
636 char strport[NI_MAXSERV];
637 int gaierr;
638
639 memset(&hints, 0, sizeof(hints));
640 hints.ai_family = options->address_family;
641 hints.ai_socktype = SOCK_STREAM;
642 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
643 snprintf(strport, sizeof strport, "%d", port);
644 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
645 fatal("bad addr or host: %s (%s)",
646 addr ? addr : "<NULL>",
647 ssh_gai_strerror(gaierr));
648 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
649 ;
650 ai->ai_next = options->listen_addrs;
651 options->listen_addrs = aitop;
652 }
653
654 /*
655 * Queue a ListenAddress to be processed once we have all of the Ports
656 * and AddressFamily options.
657 */
658 static void
queue_listen_addr(ServerOptions * options,char * addr,int port)659 queue_listen_addr(ServerOptions *options, char *addr, int port)
660 {
661 options->queued_listen_addrs = xreallocarray(
662 options->queued_listen_addrs, options->num_queued_listens + 1,
663 sizeof(addr));
664 options->queued_listen_ports = xreallocarray(
665 options->queued_listen_ports, options->num_queued_listens + 1,
666 sizeof(port));
667 options->queued_listen_addrs[options->num_queued_listens] =
668 xstrdup(addr);
669 options->queued_listen_ports[options->num_queued_listens] = port;
670 options->num_queued_listens++;
671 }
672
673 /*
674 * Process queued (text) ListenAddress entries.
675 */
676 static void
process_queued_listen_addrs(ServerOptions * options)677 process_queued_listen_addrs(ServerOptions *options)
678 {
679 u_int i;
680
681 if (options->num_ports == 0)
682 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
683 if (options->address_family == -1)
684 options->address_family = AF_UNSPEC;
685
686 for (i = 0; i < options->num_queued_listens; i++) {
687 add_listen_addr(options, options->queued_listen_addrs[i],
688 options->queued_listen_ports[i]);
689 free(options->queued_listen_addrs[i]);
690 options->queued_listen_addrs[i] = NULL;
691 }
692 free(options->queued_listen_addrs);
693 options->queued_listen_addrs = NULL;
694 free(options->queued_listen_ports);
695 options->queued_listen_ports = NULL;
696 options->num_queued_listens = 0;
697 }
698
699 struct connection_info *
get_connection_info(int populate,int use_dns)700 get_connection_info(int populate, int use_dns)
701 {
702 static struct connection_info ci;
703
704 if (!populate)
705 return &ci;
706 ci.host = get_canonical_hostname(use_dns);
707 ci.address = get_remote_ipaddr();
708 ci.laddress = get_local_ipaddr(packet_get_connection_in());
709 ci.lport = get_local_port();
710 return &ci;
711 }
712
713 /*
714 * The strategy for the Match blocks is that the config file is parsed twice.
715 *
716 * The first time is at startup. activep is initialized to 1 and the
717 * directives in the global context are processed and acted on. Hitting a
718 * Match directive unsets activep and the directives inside the block are
719 * checked for syntax only.
720 *
721 * The second time is after a connection has been established but before
722 * authentication. activep is initialized to 2 and global config directives
723 * are ignored since they have already been processed. If the criteria in a
724 * Match block is met, activep is set and the subsequent directives
725 * processed and actioned until EOF or another Match block unsets it. Any
726 * options set are copied into the main server config.
727 *
728 * Potential additions/improvements:
729 * - Add Match support for pre-kex directives, eg Protocol, Ciphers.
730 *
731 * - Add a Tag directive (idea from David Leonard) ala pf, eg:
732 * Match Address 192.168.0.*
733 * Tag trusted
734 * Match Group wheel
735 * Tag trusted
736 * Match Tag trusted
737 * AllowTcpForwarding yes
738 * GatewayPorts clientspecified
739 * [...]
740 *
741 * - Add a PermittedChannelRequests directive
742 * Match Group shell
743 * PermittedChannelRequests session,forwarded-tcpip
744 */
745
746 static int
match_cfg_line_group(const char * grps,int line,const char * user)747 match_cfg_line_group(const char *grps, int line, const char *user)
748 {
749 int result = 0;
750 struct passwd *pw;
751
752 if (user == NULL)
753 goto out;
754
755 if ((pw = getpwnam(user)) == NULL) {
756 debug("Can't match group at line %d because user %.100s does "
757 "not exist", line, user);
758 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
759 debug("Can't Match group because user %.100s not in any group "
760 "at line %d", user, line);
761 } else if (ga_match_pattern_list(grps) != 1) {
762 debug("user %.100s does not match group list %.100s at line %d",
763 user, grps, line);
764 } else {
765 debug("user %.100s matched group list %.100s at line %d", user,
766 grps, line);
767 result = 1;
768 }
769 out:
770 ga_free();
771 return result;
772 }
773
774 /*
775 * All of the attributes on a single Match line are ANDed together, so we need
776 * to check every attribute and set the result to zero if any attribute does
777 * not match.
778 */
779 static int
match_cfg_line(char ** condition,int line,struct connection_info * ci)780 match_cfg_line(char **condition, int line, struct connection_info *ci)
781 {
782 int result = 1, attributes = 0, port;
783 char *arg, *attrib, *cp = *condition;
784
785 if (ci == NULL)
786 debug3("checking syntax for 'Match %s'", cp);
787 else
788 debug3("checking match for '%s' user %s host %s addr %s "
789 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
790 ci->host ? ci->host : "(null)",
791 ci->address ? ci->address : "(null)",
792 ci->laddress ? ci->laddress : "(null)", ci->lport);
793
794 while ((attrib = strdelim(&cp)) && *attrib != '\0') {
795 attributes++;
796 if (strcasecmp(attrib, "all") == 0) {
797 if (attributes != 1 ||
798 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
799 error("'all' cannot be combined with other "
800 "Match attributes");
801 return -1;
802 }
803 *condition = cp;
804 return 1;
805 }
806 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
807 error("Missing Match criteria for %s", attrib);
808 return -1;
809 }
810 if (strcasecmp(attrib, "user") == 0) {
811 if (ci == NULL || ci->user == NULL) {
812 result = 0;
813 continue;
814 }
815 if (match_pattern_list(ci->user, arg, 0) != 1)
816 result = 0;
817 else
818 debug("user %.100s matched 'User %.100s' at "
819 "line %d", ci->user, arg, line);
820 } else if (strcasecmp(attrib, "group") == 0) {
821 if (ci == NULL || ci->user == NULL) {
822 result = 0;
823 continue;
824 }
825 switch (match_cfg_line_group(arg, line, ci->user)) {
826 case -1:
827 return -1;
828 case 0:
829 result = 0;
830 }
831 } else if (strcasecmp(attrib, "host") == 0) {
832 if (ci == NULL || ci->host == NULL) {
833 result = 0;
834 continue;
835 }
836 if (match_hostname(ci->host, arg) != 1)
837 result = 0;
838 else
839 debug("connection from %.100s matched 'Host "
840 "%.100s' at line %d", ci->host, arg, line);
841 } else if (strcasecmp(attrib, "address") == 0) {
842 if (ci == NULL || ci->address == NULL) {
843 result = 0;
844 continue;
845 }
846 switch (addr_match_list(ci->address, arg)) {
847 case 1:
848 debug("connection from %.100s matched 'Address "
849 "%.100s' at line %d", ci->address, arg, line);
850 break;
851 case 0:
852 case -1:
853 result = 0;
854 break;
855 case -2:
856 return -1;
857 }
858 } else if (strcasecmp(attrib, "localaddress") == 0){
859 if (ci == NULL || ci->laddress == NULL) {
860 result = 0;
861 continue;
862 }
863 switch (addr_match_list(ci->laddress, arg)) {
864 case 1:
865 debug("connection from %.100s matched "
866 "'LocalAddress %.100s' at line %d",
867 ci->laddress, arg, line);
868 break;
869 case 0:
870 case -1:
871 result = 0;
872 break;
873 case -2:
874 return -1;
875 }
876 } else if (strcasecmp(attrib, "localport") == 0) {
877 if ((port = a2port(arg)) == -1) {
878 error("Invalid LocalPort '%s' on Match line",
879 arg);
880 return -1;
881 }
882 if (ci == NULL || ci->lport == 0) {
883 result = 0;
884 continue;
885 }
886 /* TODO support port lists */
887 if (port == ci->lport)
888 debug("connection from %.100s matched "
889 "'LocalPort %d' at line %d",
890 ci->laddress, port, line);
891 else
892 result = 0;
893 } else {
894 error("Unsupported Match attribute %s", attrib);
895 return -1;
896 }
897 }
898 if (attributes == 0) {
899 error("One or more attributes required for Match");
900 return -1;
901 }
902 if (ci != NULL)
903 debug3("match %sfound", result ? "" : "not ");
904 *condition = cp;
905 return result;
906 }
907
908 #define WHITESPACE " \t\r\n"
909
910 /* Multistate option parsing */
911 struct multistate {
912 char *key;
913 int value;
914 };
915 static const struct multistate multistate_addressfamily[] = {
916 { "inet", AF_INET },
917 { "inet6", AF_INET6 },
918 { "any", AF_UNSPEC },
919 { NULL, -1 }
920 };
921 static const struct multistate multistate_permitrootlogin[] = {
922 { "without-password", PERMIT_NO_PASSWD },
923 { "prohibit-password", PERMIT_NO_PASSWD },
924 { "forced-commands-only", PERMIT_FORCED_ONLY },
925 { "yes", PERMIT_YES },
926 { "no", PERMIT_NO },
927 { NULL, -1 }
928 };
929 static const struct multistate multistate_compression[] = {
930 { "delayed", COMP_DELAYED },
931 { "yes", COMP_ZLIB },
932 { "no", COMP_NONE },
933 { NULL, -1 }
934 };
935 static const struct multistate multistate_gatewayports[] = {
936 { "clientspecified", 2 },
937 { "yes", 1 },
938 { "no", 0 },
939 { NULL, -1 }
940 };
941 static const struct multistate multistate_privsep[] = {
942 { "yes", PRIVSEP_NOSANDBOX },
943 { "sandbox", PRIVSEP_ON },
944 { "nosandbox", PRIVSEP_NOSANDBOX },
945 { "no", PRIVSEP_OFF },
946 { NULL, -1 }
947 };
948 static const struct multistate multistate_tcpfwd[] = {
949 { "yes", FORWARD_ALLOW },
950 { "all", FORWARD_ALLOW },
951 { "no", FORWARD_DENY },
952 { "remote", FORWARD_REMOTE },
953 { "local", FORWARD_LOCAL },
954 { NULL, -1 }
955 };
956
957 int
process_server_config_line(ServerOptions * options,char * line,const char * filename,int linenum,int * activep,struct connection_info * connectinfo)958 process_server_config_line(ServerOptions *options, char *line,
959 const char *filename, int linenum, int *activep,
960 struct connection_info *connectinfo)
961 {
962 char *cp, **charptr, *arg, *p;
963 int cmdline = 0, *intptr, value, value2, n, port;
964 SyslogFacility *log_facility_ptr;
965 LogLevel *log_level_ptr;
966 ServerOpCodes opcode;
967 u_int i, flags = 0;
968 size_t len;
969 long long val64;
970 const struct multistate *multistate_ptr;
971
972 cp = line;
973 if ((arg = strdelim(&cp)) == NULL)
974 return 0;
975 /* Ignore leading whitespace */
976 if (*arg == '\0')
977 arg = strdelim(&cp);
978 if (!arg || !*arg || *arg == '#')
979 return 0;
980 intptr = NULL;
981 charptr = NULL;
982 opcode = parse_token(arg, filename, linenum, &flags);
983
984 if (activep == NULL) { /* We are processing a command line directive */
985 cmdline = 1;
986 activep = &cmdline;
987 }
988 if (*activep && opcode != sMatch)
989 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
990 if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
991 if (connectinfo == NULL) {
992 fatal("%s line %d: Directive '%s' is not allowed "
993 "within a Match block", filename, linenum, arg);
994 } else { /* this is a directive we have already processed */
995 while (arg)
996 arg = strdelim(&cp);
997 return 0;
998 }
999 }
1000
1001 switch (opcode) {
1002 /* Portable-specific options */
1003 case sUsePAM:
1004 intptr = &options->use_pam;
1005 goto parse_flag;
1006
1007 /* Standard Options */
1008 case sBadOption:
1009 return -1;
1010 case sPort:
1011 /* ignore ports from configfile if cmdline specifies ports */
1012 if (options->ports_from_cmdline)
1013 return 0;
1014 if (options->num_ports >= MAX_PORTS)
1015 fatal("%s line %d: too many ports.",
1016 filename, linenum);
1017 arg = strdelim(&cp);
1018 if (!arg || *arg == '\0')
1019 fatal("%s line %d: missing port number.",
1020 filename, linenum);
1021 options->ports[options->num_ports++] = a2port(arg);
1022 if (options->ports[options->num_ports-1] <= 0)
1023 fatal("%s line %d: Badly formatted port number.",
1024 filename, linenum);
1025 break;
1026
1027 case sServerKeyBits:
1028 intptr = &options->server_key_bits;
1029 parse_int:
1030 arg = strdelim(&cp);
1031 if (!arg || *arg == '\0')
1032 fatal("%s line %d: missing integer value.",
1033 filename, linenum);
1034 value = atoi(arg);
1035 if (*activep && *intptr == -1)
1036 *intptr = value;
1037 break;
1038
1039 case sLoginGraceTime:
1040 intptr = &options->login_grace_time;
1041 parse_time:
1042 arg = strdelim(&cp);
1043 if (!arg || *arg == '\0')
1044 fatal("%s line %d: missing time value.",
1045 filename, linenum);
1046 if ((value = convtime(arg)) == -1)
1047 fatal("%s line %d: invalid time value.",
1048 filename, linenum);
1049 if (*activep && *intptr == -1)
1050 *intptr = value;
1051 break;
1052
1053 case sKeyRegenerationTime:
1054 intptr = &options->key_regeneration_time;
1055 goto parse_time;
1056
1057 case sListenAddress:
1058 arg = strdelim(&cp);
1059 if (arg == NULL || *arg == '\0')
1060 fatal("%s line %d: missing address",
1061 filename, linenum);
1062 /* check for bare IPv6 address: no "[]" and 2 or more ":" */
1063 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
1064 && strchr(p+1, ':') != NULL) {
1065 queue_listen_addr(options, arg, 0);
1066 break;
1067 }
1068 p = hpdelim(&arg);
1069 if (p == NULL)
1070 fatal("%s line %d: bad address:port usage",
1071 filename, linenum);
1072 p = cleanhostname(p);
1073 if (arg == NULL)
1074 port = 0;
1075 else if ((port = a2port(arg)) <= 0)
1076 fatal("%s line %d: bad port number", filename, linenum);
1077
1078 queue_listen_addr(options, p, port);
1079
1080 break;
1081
1082 case sAddressFamily:
1083 intptr = &options->address_family;
1084 multistate_ptr = multistate_addressfamily;
1085 parse_multistate:
1086 arg = strdelim(&cp);
1087 if (!arg || *arg == '\0')
1088 fatal("%s line %d: missing argument.",
1089 filename, linenum);
1090 value = -1;
1091 for (i = 0; multistate_ptr[i].key != NULL; i++) {
1092 if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
1093 value = multistate_ptr[i].value;
1094 break;
1095 }
1096 }
1097 if (value == -1)
1098 fatal("%s line %d: unsupported option \"%s\".",
1099 filename, linenum, arg);
1100 if (*activep && *intptr == -1)
1101 *intptr = value;
1102 break;
1103
1104 case sHostKeyFile:
1105 intptr = &options->num_host_key_files;
1106 if (*intptr >= MAX_HOSTKEYS)
1107 fatal("%s line %d: too many host keys specified (max %d).",
1108 filename, linenum, MAX_HOSTKEYS);
1109 charptr = &options->host_key_files[*intptr];
1110 parse_filename:
1111 arg = strdelim(&cp);
1112 if (!arg || *arg == '\0')
1113 fatal("%s line %d: missing file name.",
1114 filename, linenum);
1115 if (*activep && *charptr == NULL) {
1116 *charptr = derelativise_path(arg);
1117 /* increase optional counter */
1118 if (intptr != NULL)
1119 *intptr = *intptr + 1;
1120 }
1121 break;
1122
1123 case sHostKeyAgent:
1124 charptr = &options->host_key_agent;
1125 arg = strdelim(&cp);
1126 if (!arg || *arg == '\0')
1127 fatal("%s line %d: missing socket name.",
1128 filename, linenum);
1129 if (*activep && *charptr == NULL)
1130 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
1131 xstrdup(arg) : derelativise_path(arg);
1132 break;
1133
1134 case sHostCertificate:
1135 intptr = &options->num_host_cert_files;
1136 if (*intptr >= MAX_HOSTKEYS)
1137 fatal("%s line %d: too many host certificates "
1138 "specified (max %d).", filename, linenum,
1139 MAX_HOSTCERTS);
1140 charptr = &options->host_cert_files[*intptr];
1141 goto parse_filename;
1142 break;
1143
1144 case sPidFile:
1145 charptr = &options->pid_file;
1146 goto parse_filename;
1147
1148 case sPermitRootLogin:
1149 intptr = &options->permit_root_login;
1150 multistate_ptr = multistate_permitrootlogin;
1151 goto parse_multistate;
1152
1153 case sIgnoreRhosts:
1154 intptr = &options->ignore_rhosts;
1155 parse_flag:
1156 arg = strdelim(&cp);
1157 if (!arg || *arg == '\0')
1158 fatal("%s line %d: missing yes/no argument.",
1159 filename, linenum);
1160 value = 0; /* silence compiler */
1161 if (strcmp(arg, "yes") == 0)
1162 value = 1;
1163 else if (strcmp(arg, "no") == 0)
1164 value = 0;
1165 else
1166 fatal("%s line %d: Bad yes/no argument: %s",
1167 filename, linenum, arg);
1168 if (*activep && *intptr == -1)
1169 *intptr = value;
1170 break;
1171
1172 case sIgnoreUserKnownHosts:
1173 intptr = &options->ignore_user_known_hosts;
1174 goto parse_flag;
1175
1176 case sRhostsRSAAuthentication:
1177 intptr = &options->rhosts_rsa_authentication;
1178 goto parse_flag;
1179
1180 case sHostbasedAuthentication:
1181 intptr = &options->hostbased_authentication;
1182 goto parse_flag;
1183
1184 case sHostbasedUsesNameFromPacketOnly:
1185 intptr = &options->hostbased_uses_name_from_packet_only;
1186 goto parse_flag;
1187
1188 case sHostbasedAcceptedKeyTypes:
1189 charptr = &options->hostbased_key_types;
1190 parse_keytypes:
1191 arg = strdelim(&cp);
1192 if (!arg || *arg == '\0')
1193 fatal("%s line %d: Missing argument.",
1194 filename, linenum);
1195 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1196 fatal("%s line %d: Bad key types '%s'.",
1197 filename, linenum, arg ? arg : "<NONE>");
1198 if (*activep && *charptr == NULL)
1199 *charptr = xstrdup(arg);
1200 break;
1201
1202 case sHostKeyAlgorithms:
1203 charptr = &options->hostkeyalgorithms;
1204 goto parse_keytypes;
1205
1206 case sRSAAuthentication:
1207 intptr = &options->rsa_authentication;
1208 goto parse_flag;
1209
1210 case sPubkeyAuthentication:
1211 intptr = &options->pubkey_authentication;
1212 goto parse_flag;
1213
1214 case sPubkeyAcceptedKeyTypes:
1215 charptr = &options->pubkey_key_types;
1216 goto parse_keytypes;
1217
1218 case sKerberosAuthentication:
1219 intptr = &options->kerberos_authentication;
1220 goto parse_flag;
1221
1222 case sKerberosOrLocalPasswd:
1223 intptr = &options->kerberos_or_local_passwd;
1224 goto parse_flag;
1225
1226 case sKerberosTicketCleanup:
1227 intptr = &options->kerberos_ticket_cleanup;
1228 goto parse_flag;
1229
1230 case sKerberosGetAFSToken:
1231 intptr = &options->kerberos_get_afs_token;
1232 goto parse_flag;
1233
1234 case sGssAuthentication:
1235 intptr = &options->gss_authentication;
1236 goto parse_flag;
1237
1238 case sGssCleanupCreds:
1239 intptr = &options->gss_cleanup_creds;
1240 goto parse_flag;
1241
1242 case sGssStrictAcceptor:
1243 intptr = &options->gss_strict_acceptor;
1244 goto parse_flag;
1245
1246 case sPasswordAuthentication:
1247 intptr = &options->password_authentication;
1248 goto parse_flag;
1249
1250 case sKbdInteractiveAuthentication:
1251 intptr = &options->kbd_interactive_authentication;
1252 goto parse_flag;
1253
1254 case sChallengeResponseAuthentication:
1255 intptr = &options->challenge_response_authentication;
1256 goto parse_flag;
1257
1258 case sPrintMotd:
1259 intptr = &options->print_motd;
1260 goto parse_flag;
1261
1262 case sPrintLastLog:
1263 intptr = &options->print_lastlog;
1264 goto parse_flag;
1265
1266 case sX11Forwarding:
1267 intptr = &options->x11_forwarding;
1268 goto parse_flag;
1269
1270 case sX11DisplayOffset:
1271 intptr = &options->x11_display_offset;
1272 goto parse_int;
1273
1274 case sX11UseLocalhost:
1275 intptr = &options->x11_use_localhost;
1276 goto parse_flag;
1277
1278 case sXAuthLocation:
1279 charptr = &options->xauth_location;
1280 goto parse_filename;
1281
1282 case sPermitTTY:
1283 intptr = &options->permit_tty;
1284 goto parse_flag;
1285
1286 case sPermitUserRC:
1287 intptr = &options->permit_user_rc;
1288 goto parse_flag;
1289
1290 case sStrictModes:
1291 intptr = &options->strict_modes;
1292 goto parse_flag;
1293
1294 case sTCPKeepAlive:
1295 intptr = &options->tcp_keep_alive;
1296 goto parse_flag;
1297
1298 case sEmptyPasswd:
1299 intptr = &options->permit_empty_passwd;
1300 goto parse_flag;
1301
1302 case sPermitUserEnvironment:
1303 intptr = &options->permit_user_env;
1304 goto parse_flag;
1305
1306 case sUseLogin:
1307 intptr = &options->use_login;
1308 goto parse_flag;
1309
1310 case sCompression:
1311 intptr = &options->compression;
1312 multistate_ptr = multistate_compression;
1313 goto parse_multistate;
1314
1315 case sRekeyLimit:
1316 arg = strdelim(&cp);
1317 if (!arg || *arg == '\0')
1318 fatal("%.200s line %d: Missing argument.", filename,
1319 linenum);
1320 if (strcmp(arg, "default") == 0) {
1321 val64 = 0;
1322 } else {
1323 if (scan_scaled(arg, &val64) == -1)
1324 fatal("%.200s line %d: Bad number '%s': %s",
1325 filename, linenum, arg, strerror(errno));
1326 /* check for too-large or too-small limits */
1327 if (val64 > UINT_MAX)
1328 fatal("%.200s line %d: RekeyLimit too large",
1329 filename, linenum);
1330 if (val64 != 0 && val64 < 16)
1331 fatal("%.200s line %d: RekeyLimit too small",
1332 filename, linenum);
1333 }
1334 if (*activep && options->rekey_limit == -1)
1335 options->rekey_limit = (u_int32_t)val64;
1336 if (cp != NULL) { /* optional rekey interval present */
1337 if (strcmp(cp, "none") == 0) {
1338 (void)strdelim(&cp); /* discard */
1339 break;
1340 }
1341 intptr = &options->rekey_interval;
1342 goto parse_time;
1343 }
1344 break;
1345
1346 case sGatewayPorts:
1347 intptr = &options->fwd_opts.gateway_ports;
1348 multistate_ptr = multistate_gatewayports;
1349 goto parse_multistate;
1350
1351 case sUseDNS:
1352 intptr = &options->use_dns;
1353 goto parse_flag;
1354
1355 case sLogFacility:
1356 log_facility_ptr = &options->log_facility;
1357 arg = strdelim(&cp);
1358 value = log_facility_number(arg);
1359 if (value == SYSLOG_FACILITY_NOT_SET)
1360 fatal("%.200s line %d: unsupported log facility '%s'",
1361 filename, linenum, arg ? arg : "<NONE>");
1362 if (*log_facility_ptr == -1)
1363 *log_facility_ptr = (SyslogFacility) value;
1364 break;
1365
1366 case sLogLevel:
1367 log_level_ptr = &options->log_level;
1368 arg = strdelim(&cp);
1369 value = log_level_number(arg);
1370 if (value == SYSLOG_LEVEL_NOT_SET)
1371 fatal("%.200s line %d: unsupported log level '%s'",
1372 filename, linenum, arg ? arg : "<NONE>");
1373 if (*log_level_ptr == -1)
1374 *log_level_ptr = (LogLevel) value;
1375 break;
1376
1377 case sAllowTcpForwarding:
1378 intptr = &options->allow_tcp_forwarding;
1379 multistate_ptr = multistate_tcpfwd;
1380 goto parse_multistate;
1381
1382 case sAllowStreamLocalForwarding:
1383 intptr = &options->allow_streamlocal_forwarding;
1384 multistate_ptr = multistate_tcpfwd;
1385 goto parse_multistate;
1386
1387 case sAllowAgentForwarding:
1388 intptr = &options->allow_agent_forwarding;
1389 goto parse_flag;
1390
1391 case sUsePrivilegeSeparation:
1392 intptr = &use_privsep;
1393 multistate_ptr = multistate_privsep;
1394 goto parse_multistate;
1395
1396 case sAllowUsers:
1397 while ((arg = strdelim(&cp)) && *arg != '\0') {
1398 if (options->num_allow_users >= MAX_ALLOW_USERS)
1399 fatal("%s line %d: too many allow users.",
1400 filename, linenum);
1401 if (!*activep)
1402 continue;
1403 options->allow_users[options->num_allow_users++] =
1404 xstrdup(arg);
1405 }
1406 break;
1407
1408 case sDenyUsers:
1409 while ((arg = strdelim(&cp)) && *arg != '\0') {
1410 if (options->num_deny_users >= MAX_DENY_USERS)
1411 fatal("%s line %d: too many deny users.",
1412 filename, linenum);
1413 if (!*activep)
1414 continue;
1415 options->deny_users[options->num_deny_users++] =
1416 xstrdup(arg);
1417 }
1418 break;
1419
1420 case sAllowGroups:
1421 while ((arg = strdelim(&cp)) && *arg != '\0') {
1422 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
1423 fatal("%s line %d: too many allow groups.",
1424 filename, linenum);
1425 if (!*activep)
1426 continue;
1427 options->allow_groups[options->num_allow_groups++] =
1428 xstrdup(arg);
1429 }
1430 break;
1431
1432 case sDenyGroups:
1433 while ((arg = strdelim(&cp)) && *arg != '\0') {
1434 if (options->num_deny_groups >= MAX_DENY_GROUPS)
1435 fatal("%s line %d: too many deny groups.",
1436 filename, linenum);
1437 if (!*activep)
1438 continue;
1439 options->deny_groups[options->num_deny_groups++] =
1440 xstrdup(arg);
1441 }
1442 break;
1443
1444 case sCiphers:
1445 arg = strdelim(&cp);
1446 if (!arg || *arg == '\0')
1447 fatal("%s line %d: Missing argument.", filename, linenum);
1448 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
1449 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1450 filename, linenum, arg ? arg : "<NONE>");
1451 if (options->ciphers == NULL)
1452 options->ciphers = xstrdup(arg);
1453 break;
1454
1455 case sMacs:
1456 arg = strdelim(&cp);
1457 if (!arg || *arg == '\0')
1458 fatal("%s line %d: Missing argument.", filename, linenum);
1459 if (!mac_valid(*arg == '+' ? arg + 1 : arg))
1460 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1461 filename, linenum, arg ? arg : "<NONE>");
1462 if (options->macs == NULL)
1463 options->macs = xstrdup(arg);
1464 break;
1465
1466 case sKexAlgorithms:
1467 arg = strdelim(&cp);
1468 if (!arg || *arg == '\0')
1469 fatal("%s line %d: Missing argument.",
1470 filename, linenum);
1471 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
1472 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1473 filename, linenum, arg ? arg : "<NONE>");
1474 if (options->kex_algorithms == NULL)
1475 options->kex_algorithms = xstrdup(arg);
1476 break;
1477
1478 case sProtocol:
1479 intptr = &options->protocol;
1480 arg = strdelim(&cp);
1481 if (!arg || *arg == '\0')
1482 fatal("%s line %d: Missing argument.", filename, linenum);
1483 value = proto_spec(arg);
1484 if (value == SSH_PROTO_UNKNOWN)
1485 fatal("%s line %d: Bad protocol spec '%s'.",
1486 filename, linenum, arg ? arg : "<NONE>");
1487 if (*intptr == SSH_PROTO_UNKNOWN)
1488 *intptr = value;
1489 break;
1490
1491 case sSubsystem:
1492 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1493 fatal("%s line %d: too many subsystems defined.",
1494 filename, linenum);
1495 }
1496 arg = strdelim(&cp);
1497 if (!arg || *arg == '\0')
1498 fatal("%s line %d: Missing subsystem name.",
1499 filename, linenum);
1500 if (!*activep) {
1501 arg = strdelim(&cp);
1502 break;
1503 }
1504 for (i = 0; i < options->num_subsystems; i++)
1505 if (strcmp(arg, options->subsystem_name[i]) == 0)
1506 fatal("%s line %d: Subsystem '%s' already defined.",
1507 filename, linenum, arg);
1508 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1509 arg = strdelim(&cp);
1510 if (!arg || *arg == '\0')
1511 fatal("%s line %d: Missing subsystem command.",
1512 filename, linenum);
1513 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1514
1515 /* Collect arguments (separate to executable) */
1516 p = xstrdup(arg);
1517 len = strlen(p) + 1;
1518 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1519 len += 1 + strlen(arg);
1520 p = xreallocarray(p, 1, len);
1521 strlcat(p, " ", len);
1522 strlcat(p, arg, len);
1523 }
1524 options->subsystem_args[options->num_subsystems] = p;
1525 options->num_subsystems++;
1526 break;
1527
1528 case sMaxStartups:
1529 arg = strdelim(&cp);
1530 if (!arg || *arg == '\0')
1531 fatal("%s line %d: Missing MaxStartups spec.",
1532 filename, linenum);
1533 if ((n = sscanf(arg, "%d:%d:%d",
1534 &options->max_startups_begin,
1535 &options->max_startups_rate,
1536 &options->max_startups)) == 3) {
1537 if (options->max_startups_begin >
1538 options->max_startups ||
1539 options->max_startups_rate > 100 ||
1540 options->max_startups_rate < 1)
1541 fatal("%s line %d: Illegal MaxStartups spec.",
1542 filename, linenum);
1543 } else if (n != 1)
1544 fatal("%s line %d: Illegal MaxStartups spec.",
1545 filename, linenum);
1546 else
1547 options->max_startups = options->max_startups_begin;
1548 break;
1549
1550 case sMaxAuthTries:
1551 intptr = &options->max_authtries;
1552 goto parse_int;
1553
1554 case sMaxSessions:
1555 intptr = &options->max_sessions;
1556 goto parse_int;
1557
1558 case sBanner:
1559 charptr = &options->banner;
1560 goto parse_filename;
1561
1562 /*
1563 * These options can contain %X options expanded at
1564 * connect time, so that you can specify paths like:
1565 *
1566 * AuthorizedKeysFile /etc/ssh_keys/%u
1567 */
1568 case sAuthorizedKeysFile:
1569 if (*activep && options->num_authkeys_files == 0) {
1570 while ((arg = strdelim(&cp)) && *arg != '\0') {
1571 if (options->num_authkeys_files >=
1572 MAX_AUTHKEYS_FILES)
1573 fatal("%s line %d: "
1574 "too many authorized keys files.",
1575 filename, linenum);
1576 options->authorized_keys_files[
1577 options->num_authkeys_files++] =
1578 tilde_expand_filename(arg, getuid());
1579 }
1580 }
1581 return 0;
1582
1583 case sAuthorizedPrincipalsFile:
1584 charptr = &options->authorized_principals_file;
1585 arg = strdelim(&cp);
1586 if (!arg || *arg == '\0')
1587 fatal("%s line %d: missing file name.",
1588 filename, linenum);
1589 if (*activep && *charptr == NULL) {
1590 *charptr = tilde_expand_filename(arg, getuid());
1591 /* increase optional counter */
1592 if (intptr != NULL)
1593 *intptr = *intptr + 1;
1594 }
1595 break;
1596
1597 case sClientAliveInterval:
1598 intptr = &options->client_alive_interval;
1599 goto parse_time;
1600
1601 case sClientAliveCountMax:
1602 intptr = &options->client_alive_count_max;
1603 goto parse_int;
1604
1605 case sAcceptEnv:
1606 while ((arg = strdelim(&cp)) && *arg != '\0') {
1607 if (strchr(arg, '=') != NULL)
1608 fatal("%s line %d: Invalid environment name.",
1609 filename, linenum);
1610 if (options->num_accept_env >= MAX_ACCEPT_ENV)
1611 fatal("%s line %d: too many allow env.",
1612 filename, linenum);
1613 if (!*activep)
1614 continue;
1615 options->accept_env[options->num_accept_env++] =
1616 xstrdup(arg);
1617 }
1618 break;
1619
1620 case sPermitTunnel:
1621 intptr = &options->permit_tun;
1622 arg = strdelim(&cp);
1623 if (!arg || *arg == '\0')
1624 fatal("%s line %d: Missing yes/point-to-point/"
1625 "ethernet/no argument.", filename, linenum);
1626 value = -1;
1627 for (i = 0; tunmode_desc[i].val != -1; i++)
1628 if (strcmp(tunmode_desc[i].text, arg) == 0) {
1629 value = tunmode_desc[i].val;
1630 break;
1631 }
1632 if (value == -1)
1633 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
1634 "no argument: %s", filename, linenum, arg);
1635 if (*activep && *intptr == -1)
1636 *intptr = value;
1637 break;
1638
1639 case sMatch:
1640 if (cmdline)
1641 fatal("Match directive not supported as a command-line "
1642 "option");
1643 value = match_cfg_line(&cp, linenum, connectinfo);
1644 if (value < 0)
1645 fatal("%s line %d: Bad Match condition", filename,
1646 linenum);
1647 *activep = value;
1648 break;
1649
1650 case sPermitOpen:
1651 arg = strdelim(&cp);
1652 if (!arg || *arg == '\0')
1653 fatal("%s line %d: missing PermitOpen specification",
1654 filename, linenum);
1655 n = options->num_permitted_opens; /* modified later */
1656 if (strcmp(arg, "any") == 0) {
1657 if (*activep && n == -1) {
1658 channel_clear_adm_permitted_opens();
1659 options->num_permitted_opens = 0;
1660 }
1661 break;
1662 }
1663 if (strcmp(arg, "none") == 0) {
1664 if (*activep && n == -1) {
1665 options->num_permitted_opens = 1;
1666 channel_disable_adm_local_opens();
1667 }
1668 break;
1669 }
1670 if (*activep && n == -1)
1671 channel_clear_adm_permitted_opens();
1672 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
1673 p = hpdelim(&arg);
1674 if (p == NULL)
1675 fatal("%s line %d: missing host in PermitOpen",
1676 filename, linenum);
1677 p = cleanhostname(p);
1678 if (arg == NULL || ((port = permitopen_port(arg)) < 0))
1679 fatal("%s line %d: bad port number in "
1680 "PermitOpen", filename, linenum);
1681 if (*activep && n == -1)
1682 options->num_permitted_opens =
1683 channel_add_adm_permitted_opens(p, port);
1684 }
1685 break;
1686
1687 case sForceCommand:
1688 if (cp == NULL || *cp == '\0')
1689 fatal("%.200s line %d: Missing argument.", filename,
1690 linenum);
1691 len = strspn(cp, WHITESPACE);
1692 if (*activep && options->adm_forced_command == NULL)
1693 options->adm_forced_command = xstrdup(cp + len);
1694 return 0;
1695
1696 case sChrootDirectory:
1697 charptr = &options->chroot_directory;
1698
1699 arg = strdelim(&cp);
1700 if (!arg || *arg == '\0')
1701 fatal("%s line %d: missing file name.",
1702 filename, linenum);
1703 if (*activep && *charptr == NULL)
1704 *charptr = xstrdup(arg);
1705 break;
1706
1707 case sTrustedUserCAKeys:
1708 charptr = &options->trusted_user_ca_keys;
1709 goto parse_filename;
1710
1711 case sRevokedKeys:
1712 charptr = &options->revoked_keys_file;
1713 goto parse_filename;
1714
1715 case sIPQoS:
1716 arg = strdelim(&cp);
1717 if ((value = parse_ipqos(arg)) == -1)
1718 fatal("%s line %d: Bad IPQoS value: %s",
1719 filename, linenum, arg);
1720 arg = strdelim(&cp);
1721 if (arg == NULL)
1722 value2 = value;
1723 else if ((value2 = parse_ipqos(arg)) == -1)
1724 fatal("%s line %d: Bad IPQoS value: %s",
1725 filename, linenum, arg);
1726 if (*activep) {
1727 options->ip_qos_interactive = value;
1728 options->ip_qos_bulk = value2;
1729 }
1730 break;
1731
1732 case sVersionAddendum:
1733 if (cp == NULL || *cp == '\0')
1734 fatal("%.200s line %d: Missing argument.", filename,
1735 linenum);
1736 len = strspn(cp, WHITESPACE);
1737 if (*activep && options->version_addendum == NULL) {
1738 if (strcasecmp(cp + len, "none") == 0)
1739 options->version_addendum = xstrdup("");
1740 else if (strchr(cp + len, '\r') != NULL)
1741 fatal("%.200s line %d: Invalid argument",
1742 filename, linenum);
1743 else
1744 options->version_addendum = xstrdup(cp + len);
1745 }
1746 return 0;
1747
1748 case sAuthorizedKeysCommand:
1749 if (cp == NULL)
1750 fatal("%.200s line %d: Missing argument.", filename,
1751 linenum);
1752 len = strspn(cp, WHITESPACE);
1753 if (*activep && options->authorized_keys_command == NULL) {
1754 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
1755 fatal("%.200s line %d: AuthorizedKeysCommand "
1756 "must be an absolute path",
1757 filename, linenum);
1758 options->authorized_keys_command = xstrdup(cp + len);
1759 }
1760 return 0;
1761
1762 case sAuthorizedKeysCommandUser:
1763 charptr = &options->authorized_keys_command_user;
1764
1765 arg = strdelim(&cp);
1766 if (!arg || *arg == '\0')
1767 fatal("%s line %d: missing AuthorizedKeysCommandUser "
1768 "argument.", filename, linenum);
1769 if (*activep && *charptr == NULL)
1770 *charptr = xstrdup(arg);
1771 break;
1772
1773 case sAuthorizedPrincipalsCommand:
1774 if (cp == NULL)
1775 fatal("%.200s line %d: Missing argument.", filename,
1776 linenum);
1777 len = strspn(cp, WHITESPACE);
1778 if (*activep &&
1779 options->authorized_principals_command == NULL) {
1780 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
1781 fatal("%.200s line %d: "
1782 "AuthorizedPrincipalsCommand must be "
1783 "an absolute path", filename, linenum);
1784 options->authorized_principals_command =
1785 xstrdup(cp + len);
1786 }
1787 return 0;
1788
1789 case sAuthorizedPrincipalsCommandUser:
1790 charptr = &options->authorized_principals_command_user;
1791
1792 arg = strdelim(&cp);
1793 if (!arg || *arg == '\0')
1794 fatal("%s line %d: missing "
1795 "AuthorizedPrincipalsCommandUser argument.",
1796 filename, linenum);
1797 if (*activep && *charptr == NULL)
1798 *charptr = xstrdup(arg);
1799 break;
1800
1801 case sAuthenticationMethods:
1802 if (options->num_auth_methods == 0) {
1803 while ((arg = strdelim(&cp)) && *arg != '\0') {
1804 if (options->num_auth_methods >=
1805 MAX_AUTH_METHODS)
1806 fatal("%s line %d: "
1807 "too many authentication methods.",
1808 filename, linenum);
1809 if (auth2_methods_valid(arg, 0) != 0)
1810 fatal("%s line %d: invalid "
1811 "authentication method list.",
1812 filename, linenum);
1813 if (!*activep)
1814 continue;
1815 options->auth_methods[
1816 options->num_auth_methods++] = xstrdup(arg);
1817 }
1818 }
1819 return 0;
1820
1821 case sStreamLocalBindMask:
1822 arg = strdelim(&cp);
1823 if (!arg || *arg == '\0')
1824 fatal("%s line %d: missing StreamLocalBindMask "
1825 "argument.", filename, linenum);
1826 /* Parse mode in octal format */
1827 value = strtol(arg, &p, 8);
1828 if (arg == p || value < 0 || value > 0777)
1829 fatal("%s line %d: Bad mask.", filename, linenum);
1830 if (*activep)
1831 options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
1832 break;
1833
1834 case sStreamLocalBindUnlink:
1835 intptr = &options->fwd_opts.streamlocal_bind_unlink;
1836 goto parse_flag;
1837
1838 case sFingerprintHash:
1839 arg = strdelim(&cp);
1840 if (!arg || *arg == '\0')
1841 fatal("%.200s line %d: Missing argument.",
1842 filename, linenum);
1843 if ((value = ssh_digest_alg_by_name(arg)) == -1)
1844 fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
1845 filename, linenum, arg);
1846 if (*activep)
1847 options->fingerprint_hash = value;
1848 break;
1849
1850 case sDeprecated:
1851 logit("%s line %d: Deprecated option %s",
1852 filename, linenum, arg);
1853 while (arg)
1854 arg = strdelim(&cp);
1855 break;
1856
1857 case sUnsupported:
1858 logit("%s line %d: Unsupported option %s",
1859 filename, linenum, arg);
1860 while (arg)
1861 arg = strdelim(&cp);
1862 break;
1863
1864 default:
1865 fatal("%s line %d: Missing handler for opcode %s (%d)",
1866 filename, linenum, arg, opcode);
1867 }
1868 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1869 fatal("%s line %d: garbage at end of line; \"%.200s\".",
1870 filename, linenum, arg);
1871 return 0;
1872 }
1873
1874 /* Reads the server configuration file. */
1875
1876 void
load_server_config(const char * filename,Buffer * conf)1877 load_server_config(const char *filename, Buffer *conf)
1878 {
1879 char line[4096], *cp;
1880 FILE *f;
1881 int lineno = 0;
1882
1883 debug2("%s: filename %s", __func__, filename);
1884 if ((f = fopen(filename, "r")) == NULL) {
1885 perror(filename);
1886 exit(1);
1887 }
1888 buffer_clear(conf);
1889 while (fgets(line, sizeof(line), f)) {
1890 lineno++;
1891 if (strlen(line) == sizeof(line) - 1)
1892 fatal("%s line %d too long", filename, lineno);
1893 /*
1894 * Trim out comments and strip whitespace
1895 * NB - preserve newlines, they are needed to reproduce
1896 * line numbers later for error messages
1897 */
1898 if ((cp = strchr(line, '#')) != NULL)
1899 memcpy(cp, "\n", 2);
1900 cp = line + strspn(line, " \t\r");
1901
1902 buffer_append(conf, cp, strlen(cp));
1903 }
1904 buffer_append(conf, "\0", 1);
1905 fclose(f);
1906 debug2("%s: done config len = %d", __func__, buffer_len(conf));
1907 }
1908
1909 void
parse_server_match_config(ServerOptions * options,struct connection_info * connectinfo)1910 parse_server_match_config(ServerOptions *options,
1911 struct connection_info *connectinfo)
1912 {
1913 ServerOptions mo;
1914 #if defined(ANDROID)
1915 char value[PROPERTY_VALUE_MAX];
1916 #endif
1917
1918 initialize_server_options(&mo);
1919 parse_server_config(&mo, "reprocess config", &cfg, connectinfo);
1920 #if defined(ANDROID)
1921 /* Allow root login if ro.debuggable is set. */
1922 property_get("ro.debuggable", value, "");
1923 if (strcmp(value, "1") == 0) {
1924 mo.permit_root_login = PERMIT_YES;
1925 }
1926 #endif
1927 copy_set_server_options(options, &mo, 0);
1928 }
1929
parse_server_match_testspec(struct connection_info * ci,char * spec)1930 int parse_server_match_testspec(struct connection_info *ci, char *spec)
1931 {
1932 char *p;
1933
1934 while ((p = strsep(&spec, ",")) && *p != '\0') {
1935 if (strncmp(p, "addr=", 5) == 0) {
1936 ci->address = xstrdup(p + 5);
1937 } else if (strncmp(p, "host=", 5) == 0) {
1938 ci->host = xstrdup(p + 5);
1939 } else if (strncmp(p, "user=", 5) == 0) {
1940 ci->user = xstrdup(p + 5);
1941 } else if (strncmp(p, "laddr=", 6) == 0) {
1942 ci->laddress = xstrdup(p + 6);
1943 } else if (strncmp(p, "lport=", 6) == 0) {
1944 ci->lport = a2port(p + 6);
1945 if (ci->lport == -1) {
1946 fprintf(stderr, "Invalid port '%s' in test mode"
1947 " specification %s\n", p+6, p);
1948 return -1;
1949 }
1950 } else {
1951 fprintf(stderr, "Invalid test mode specification %s\n",
1952 p);
1953 return -1;
1954 }
1955 }
1956 return 0;
1957 }
1958
1959 /*
1960 * returns 1 for a complete spec, 0 for partial spec and -1 for an
1961 * empty spec.
1962 */
server_match_spec_complete(struct connection_info * ci)1963 int server_match_spec_complete(struct connection_info *ci)
1964 {
1965 if (ci->user && ci->host && ci->address)
1966 return 1; /* complete */
1967 if (!ci->user && !ci->host && !ci->address)
1968 return -1; /* empty */
1969 return 0; /* partial */
1970 }
1971
1972 /*
1973 * Copy any supported values that are set.
1974 *
1975 * If the preauth flag is set, we do not bother copying the string or
1976 * array values that are not used pre-authentication, because any that we
1977 * do use must be explictly sent in mm_getpwnamallow().
1978 */
1979 void
copy_set_server_options(ServerOptions * dst,ServerOptions * src,int preauth)1980 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1981 {
1982 #define M_CP_INTOPT(n) do {\
1983 if (src->n != -1) \
1984 dst->n = src->n; \
1985 } while (0)
1986
1987 M_CP_INTOPT(password_authentication);
1988 M_CP_INTOPT(gss_authentication);
1989 M_CP_INTOPT(rsa_authentication);
1990 M_CP_INTOPT(pubkey_authentication);
1991 M_CP_INTOPT(kerberos_authentication);
1992 M_CP_INTOPT(hostbased_authentication);
1993 M_CP_INTOPT(hostbased_uses_name_from_packet_only);
1994 M_CP_INTOPT(kbd_interactive_authentication);
1995 M_CP_INTOPT(permit_root_login);
1996 M_CP_INTOPT(permit_empty_passwd);
1997
1998 M_CP_INTOPT(allow_tcp_forwarding);
1999 M_CP_INTOPT(allow_streamlocal_forwarding);
2000 M_CP_INTOPT(allow_agent_forwarding);
2001 M_CP_INTOPT(permit_tun);
2002 M_CP_INTOPT(fwd_opts.gateway_ports);
2003 M_CP_INTOPT(x11_display_offset);
2004 M_CP_INTOPT(x11_forwarding);
2005 M_CP_INTOPT(x11_use_localhost);
2006 M_CP_INTOPT(permit_tty);
2007 M_CP_INTOPT(permit_user_rc);
2008 M_CP_INTOPT(max_sessions);
2009 M_CP_INTOPT(max_authtries);
2010 M_CP_INTOPT(ip_qos_interactive);
2011 M_CP_INTOPT(ip_qos_bulk);
2012 M_CP_INTOPT(rekey_limit);
2013 M_CP_INTOPT(rekey_interval);
2014
2015 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
2016 #define M_CP_STROPT(n) do {\
2017 if (src->n != NULL && dst->n != src->n) { \
2018 free(dst->n); \
2019 dst->n = src->n; \
2020 } \
2021 } while(0)
2022 #define M_CP_STRARRAYOPT(n, num_n) do {\
2023 if (src->num_n != 0) { \
2024 for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
2025 dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
2026 } \
2027 } while(0)
2028
2029 /* See comment in servconf.h */
2030 COPY_MATCH_STRING_OPTS();
2031
2032 /*
2033 * The only things that should be below this point are string options
2034 * which are only used after authentication.
2035 */
2036 if (preauth)
2037 return;
2038
2039 M_CP_STROPT(adm_forced_command);
2040 M_CP_STROPT(chroot_directory);
2041 }
2042
2043 #undef M_CP_INTOPT
2044 #undef M_CP_STROPT
2045 #undef M_CP_STRARRAYOPT
2046
2047 void
parse_server_config(ServerOptions * options,const char * filename,Buffer * conf,struct connection_info * connectinfo)2048 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
2049 struct connection_info *connectinfo)
2050 {
2051 int active, linenum, bad_options = 0;
2052 char *cp, *obuf, *cbuf;
2053
2054 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf));
2055
2056 obuf = cbuf = xstrdup(buffer_ptr(conf));
2057 active = connectinfo ? 0 : 1;
2058 linenum = 1;
2059 while ((cp = strsep(&cbuf, "\n")) != NULL) {
2060 if (process_server_config_line(options, cp, filename,
2061 linenum++, &active, connectinfo) != 0)
2062 bad_options++;
2063 }
2064 free(obuf);
2065 if (bad_options > 0)
2066 fatal("%s: terminating, %d bad configuration options",
2067 filename, bad_options);
2068 process_queued_listen_addrs(options);
2069 }
2070
2071 static const char *
fmt_multistate_int(int val,const struct multistate * m)2072 fmt_multistate_int(int val, const struct multistate *m)
2073 {
2074 u_int i;
2075
2076 for (i = 0; m[i].key != NULL; i++) {
2077 if (m[i].value == val)
2078 return m[i].key;
2079 }
2080 return "UNKNOWN";
2081 }
2082
2083 static const char *
fmt_intarg(ServerOpCodes code,int val)2084 fmt_intarg(ServerOpCodes code, int val)
2085 {
2086 if (val == -1)
2087 return "unset";
2088 switch (code) {
2089 case sAddressFamily:
2090 return fmt_multistate_int(val, multistate_addressfamily);
2091 case sPermitRootLogin:
2092 return fmt_multistate_int(val, multistate_permitrootlogin);
2093 case sGatewayPorts:
2094 return fmt_multistate_int(val, multistate_gatewayports);
2095 case sCompression:
2096 return fmt_multistate_int(val, multistate_compression);
2097 case sUsePrivilegeSeparation:
2098 return fmt_multistate_int(val, multistate_privsep);
2099 case sAllowTcpForwarding:
2100 return fmt_multistate_int(val, multistate_tcpfwd);
2101 case sAllowStreamLocalForwarding:
2102 return fmt_multistate_int(val, multistate_tcpfwd);
2103 case sFingerprintHash:
2104 return ssh_digest_alg_name(val);
2105 case sProtocol:
2106 switch (val) {
2107 case SSH_PROTO_1:
2108 return "1";
2109 case SSH_PROTO_2:
2110 return "2";
2111 case (SSH_PROTO_1|SSH_PROTO_2):
2112 return "2,1";
2113 default:
2114 return "UNKNOWN";
2115 }
2116 default:
2117 switch (val) {
2118 case 0:
2119 return "no";
2120 case 1:
2121 return "yes";
2122 default:
2123 return "UNKNOWN";
2124 }
2125 }
2126 }
2127
2128 static const char *
lookup_opcode_name(ServerOpCodes code)2129 lookup_opcode_name(ServerOpCodes code)
2130 {
2131 u_int i;
2132
2133 for (i = 0; keywords[i].name != NULL; i++)
2134 if (keywords[i].opcode == code)
2135 return(keywords[i].name);
2136 return "UNKNOWN";
2137 }
2138
2139 static void
dump_cfg_int(ServerOpCodes code,int val)2140 dump_cfg_int(ServerOpCodes code, int val)
2141 {
2142 printf("%s %d\n", lookup_opcode_name(code), val);
2143 }
2144
2145 static void
dump_cfg_oct(ServerOpCodes code,int val)2146 dump_cfg_oct(ServerOpCodes code, int val)
2147 {
2148 printf("%s 0%o\n", lookup_opcode_name(code), val);
2149 }
2150
2151 static void
dump_cfg_fmtint(ServerOpCodes code,int val)2152 dump_cfg_fmtint(ServerOpCodes code, int val)
2153 {
2154 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
2155 }
2156
2157 static void
dump_cfg_string(ServerOpCodes code,const char * val)2158 dump_cfg_string(ServerOpCodes code, const char *val)
2159 {
2160 if (val == NULL)
2161 return;
2162 printf("%s %s\n", lookup_opcode_name(code),
2163 val == NULL ? "none" : val);
2164 }
2165
2166 static void
dump_cfg_strarray(ServerOpCodes code,u_int count,char ** vals)2167 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
2168 {
2169 u_int i;
2170
2171 for (i = 0; i < count; i++)
2172 printf("%s %s\n", lookup_opcode_name(code), vals[i]);
2173 }
2174
2175 static void
dump_cfg_strarray_oneline(ServerOpCodes code,u_int count,char ** vals)2176 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
2177 {
2178 u_int i;
2179
2180 if (count <= 0)
2181 return;
2182 printf("%s", lookup_opcode_name(code));
2183 for (i = 0; i < count; i++)
2184 printf(" %s", vals[i]);
2185 printf("\n");
2186 }
2187
2188 void
dump_config(ServerOptions * o)2189 dump_config(ServerOptions *o)
2190 {
2191 u_int i;
2192 int ret;
2193 struct addrinfo *ai;
2194 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL;
2195 char *laddr1 = xstrdup(""), *laddr2 = NULL;
2196
2197 /* these are usually at the top of the config */
2198 for (i = 0; i < o->num_ports; i++)
2199 printf("port %d\n", o->ports[i]);
2200 dump_cfg_fmtint(sProtocol, o->protocol);
2201 dump_cfg_fmtint(sAddressFamily, o->address_family);
2202
2203 /*
2204 * ListenAddress must be after Port. add_one_listen_addr pushes
2205 * addresses onto a stack, so to maintain ordering we need to
2206 * print these in reverse order.
2207 */
2208 for (ai = o->listen_addrs; ai; ai = ai->ai_next) {
2209 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
2210 sizeof(addr), port, sizeof(port),
2211 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
2212 error("getnameinfo failed: %.100s",
2213 (ret != EAI_SYSTEM) ? gai_strerror(ret) :
2214 strerror(errno));
2215 } else {
2216 laddr2 = laddr1;
2217 if (ai->ai_family == AF_INET6)
2218 xasprintf(&laddr1, "listenaddress [%s]:%s\n%s",
2219 addr, port, laddr2);
2220 else
2221 xasprintf(&laddr1, "listenaddress %s:%s\n%s",
2222 addr, port, laddr2);
2223 free(laddr2);
2224 }
2225 }
2226 printf("%s", laddr1);
2227 free(laddr1);
2228
2229 /* integer arguments */
2230 #ifdef USE_PAM
2231 dump_cfg_fmtint(sUsePAM, o->use_pam);
2232 #endif
2233 dump_cfg_int(sServerKeyBits, o->server_key_bits);
2234 dump_cfg_int(sLoginGraceTime, o->login_grace_time);
2235 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
2236 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
2237 dump_cfg_int(sMaxAuthTries, o->max_authtries);
2238 dump_cfg_int(sMaxSessions, o->max_sessions);
2239 dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
2240 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
2241 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
2242
2243 /* formatted integer arguments */
2244 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
2245 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
2246 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
2247 dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication);
2248 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
2249 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
2250 o->hostbased_uses_name_from_packet_only);
2251 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication);
2252 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
2253 #ifdef KRB5
2254 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
2255 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
2256 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
2257 # ifdef USE_AFS
2258 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
2259 # endif
2260 #endif
2261 #ifdef GSSAPI
2262 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
2263 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
2264 #endif
2265 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
2266 dump_cfg_fmtint(sKbdInteractiveAuthentication,
2267 o->kbd_interactive_authentication);
2268 dump_cfg_fmtint(sChallengeResponseAuthentication,
2269 o->challenge_response_authentication);
2270 dump_cfg_fmtint(sPrintMotd, o->print_motd);
2271 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
2272 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
2273 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
2274 dump_cfg_fmtint(sPermitTTY, o->permit_tty);
2275 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
2276 dump_cfg_fmtint(sStrictModes, o->strict_modes);
2277 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
2278 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
2279 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2280 dump_cfg_fmtint(sUseLogin, o->use_login);
2281 dump_cfg_fmtint(sCompression, o->compression);
2282 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2283 dump_cfg_fmtint(sUseDNS, o->use_dns);
2284 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2285 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
2286 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2287 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
2288 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2289
2290 /* string arguments */
2291 dump_cfg_string(sPidFile, o->pid_file);
2292 dump_cfg_string(sXAuthLocation, o->xauth_location);
2293 dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT);
2294 dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC);
2295 dump_cfg_string(sBanner, o->banner);
2296 dump_cfg_string(sForceCommand, o->adm_forced_command);
2297 dump_cfg_string(sChrootDirectory, o->chroot_directory);
2298 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
2299 dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
2300 dump_cfg_string(sAuthorizedPrincipalsFile,
2301 o->authorized_principals_file);
2302 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
2303 ? "none" : o->version_addendum);
2304 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
2305 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
2306 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
2307 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
2308 dump_cfg_string(sHostKeyAgent, o->host_key_agent);
2309 dump_cfg_string(sKexAlgorithms,
2310 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
2311 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
2312 o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
2313 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?
2314 o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
2315 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
2316 o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
2317
2318 /* string arguments requiring a lookup */
2319 dump_cfg_string(sLogLevel, log_level_name(o->log_level));
2320 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
2321
2322 /* string array arguments */
2323 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
2324 o->authorized_keys_files);
2325 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
2326 o->host_key_files);
2327 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
2328 o->host_cert_files);
2329 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
2330 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
2331 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
2332 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
2333 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
2334 dump_cfg_strarray_oneline(sAuthenticationMethods,
2335 o->num_auth_methods, o->auth_methods);
2336
2337 /* other arguments */
2338 for (i = 0; i < o->num_subsystems; i++)
2339 printf("subsystem %s %s\n", o->subsystem_name[i],
2340 o->subsystem_args[i]);
2341
2342 printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
2343 o->max_startups_rate, o->max_startups);
2344
2345 for (i = 0; tunmode_desc[i].val != -1; i++)
2346 if (tunmode_desc[i].val == o->permit_tun) {
2347 s = tunmode_desc[i].text;
2348 break;
2349 }
2350 dump_cfg_string(sPermitTunnel, s);
2351
2352 printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
2353 printf("%s\n", iptos2str(o->ip_qos_bulk));
2354
2355 printf("rekeylimit %lld %d\n", (long long)o->rekey_limit,
2356 o->rekey_interval);
2357
2358 channel_print_adm_permitted_opens();
2359 }
2360