1 2 /* $OpenBSD: servconf.c,v 1.366 2020/06/24 15:09:53 markus Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include "includes.h" 15 16 #include <sys/types.h> 17 #include <sys/socket.h> 18 #include <sys/stat.h> 19 #ifdef __OpenBSD__ 20 #include <sys/sysctl.h> 21 #endif 22 23 #include <netinet/in.h> 24 #include <netinet/in_systm.h> 25 #include <netinet/ip.h> 26 #ifdef HAVE_NET_ROUTE_H 27 #include <net/route.h> 28 #endif 29 30 #include <ctype.h> 31 #include <netdb.h> 32 #include <pwd.h> 33 #include <stdio.h> 34 #include <stdlib.h> 35 #include <string.h> 36 #include <signal.h> 37 #include <unistd.h> 38 #include <limits.h> 39 #include <stdarg.h> 40 #include <errno.h> 41 #ifdef HAVE_UTIL_H 42 #include <util.h> 43 #endif 44 #ifdef USE_SYSTEM_GLOB 45 # include <glob.h> 46 #else 47 # include "openbsd-compat/glob.h" 48 #endif 49 50 #include "openbsd-compat/sys-queue.h" 51 #include "xmalloc.h" 52 #include "ssh.h" 53 #include "log.h" 54 #include "sshbuf.h" 55 #include "misc.h" 56 #include "servconf.h" 57 #include "compat.h" 58 #include "pathnames.h" 59 #include "cipher.h" 60 #include "sshkey.h" 61 #include "kex.h" 62 #include "mac.h" 63 #include "match.h" 64 #include "channels.h" 65 #include "groupaccess.h" 66 #include "canohost.h" 67 #include "packet.h" 68 #include "ssherr.h" 69 #include "hostfile.h" 70 #include "auth.h" 71 #include "myproposal.h" 72 #include "digest.h" 73 74 static void add_listen_addr(ServerOptions *, const char *, 75 const char *, int); 76 static void add_one_listen_addr(ServerOptions *, const char *, 77 const char *, int); 78 static void parse_server_config_depth(ServerOptions *options, 79 const char *filename, struct sshbuf *conf, struct include_list *includes, 80 struct connection_info *connectinfo, int flags, int *activep, int depth); 81 82 /* Use of privilege separation or not */ 83 extern int use_privsep; 84 extern struct sshbuf *cfg; 85 86 /* Initializes the server options to their default values. */ 87 88 void 89 initialize_server_options(ServerOptions *options) 90 { 91 memset(options, 0, sizeof(*options)); 92 93 /* Portable-specific options */ 94 options->use_pam = -1; 95 96 /* Standard Options */ 97 options->num_ports = 0; 98 options->ports_from_cmdline = 0; 99 options->queued_listen_addrs = NULL; 100 options->num_queued_listens = 0; 101 options->listen_addrs = NULL; 102 options->num_listen_addrs = 0; 103 options->address_family = -1; 104 options->routing_domain = NULL; 105 options->num_host_key_files = 0; 106 options->num_host_cert_files = 0; 107 options->host_key_agent = NULL; 108 options->pid_file = NULL; 109 options->login_grace_time = -1; 110 options->permit_root_login = PERMIT_NOT_SET; 111 options->ignore_rhosts = -1; 112 options->ignore_user_known_hosts = -1; 113 options->print_motd = -1; 114 options->print_lastlog = -1; 115 options->x11_forwarding = -1; 116 options->x11_display_offset = -1; 117 options->x11_use_localhost = -1; 118 options->permit_tty = -1; 119 options->permit_user_rc = -1; 120 options->xauth_location = NULL; 121 options->strict_modes = -1; 122 options->tcp_keep_alive = -1; 123 options->log_facility = SYSLOG_FACILITY_NOT_SET; 124 options->log_level = SYSLOG_LEVEL_NOT_SET; 125 options->hostbased_authentication = -1; 126 options->hostbased_uses_name_from_packet_only = -1; 127 options->hostbased_key_types = NULL; 128 options->hostkeyalgorithms = NULL; 129 options->pubkey_authentication = -1; 130 options->pubkey_auth_options = -1; 131 options->pubkey_key_types = NULL; 132 options->kerberos_authentication = -1; 133 options->kerberos_or_local_passwd = -1; 134 options->kerberos_ticket_cleanup = -1; 135 options->kerberos_get_afs_token = -1; 136 options->gss_authentication=-1; 137 options->gss_cleanup_creds = -1; 138 options->gss_strict_acceptor = -1; 139 options->password_authentication = -1; 140 options->kbd_interactive_authentication = -1; 141 options->challenge_response_authentication = -1; 142 options->permit_empty_passwd = -1; 143 options->permit_user_env = -1; 144 options->permit_user_env_whitelist = NULL; 145 options->compression = -1; 146 options->rekey_limit = -1; 147 options->rekey_interval = -1; 148 options->allow_tcp_forwarding = -1; 149 options->allow_streamlocal_forwarding = -1; 150 options->allow_agent_forwarding = -1; 151 options->num_allow_users = 0; 152 options->num_deny_users = 0; 153 options->num_allow_groups = 0; 154 options->num_deny_groups = 0; 155 options->ciphers = NULL; 156 options->macs = NULL; 157 options->kex_algorithms = NULL; 158 options->ca_sign_algorithms = NULL; 159 options->fwd_opts.gateway_ports = -1; 160 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 161 options->fwd_opts.streamlocal_bind_unlink = -1; 162 options->num_subsystems = 0; 163 options->max_startups_begin = -1; 164 options->max_startups_rate = -1; 165 options->max_startups = -1; 166 options->max_authtries = -1; 167 options->max_sessions = -1; 168 options->banner = NULL; 169 options->use_dns = -1; 170 options->client_alive_interval = -1; 171 options->client_alive_count_max = -1; 172 options->num_authkeys_files = 0; 173 options->num_accept_env = 0; 174 options->num_setenv = 0; 175 options->permit_tun = -1; 176 options->permitted_opens = NULL; 177 options->permitted_listens = NULL; 178 options->adm_forced_command = NULL; 179 options->chroot_directory = NULL; 180 options->authorized_keys_command = NULL; 181 options->authorized_keys_command_user = NULL; 182 options->revoked_keys_file = NULL; 183 options->sk_provider = NULL; 184 options->trusted_user_ca_keys = NULL; 185 options->authorized_principals_file = NULL; 186 options->authorized_principals_command = NULL; 187 options->authorized_principals_command_user = NULL; 188 options->ip_qos_interactive = -1; 189 options->ip_qos_bulk = -1; 190 options->version_addendum = NULL; 191 options->fingerprint_hash = -1; 192 options->disable_forwarding = -1; 193 options->expose_userauth_info = -1; 194 } 195 196 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 197 static int 198 option_clear_or_none(const char *o) 199 { 200 return o == NULL || strcasecmp(o, "none") == 0; 201 } 202 203 static void 204 assemble_algorithms(ServerOptions *o) 205 { 206 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 207 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; 208 int r; 209 210 all_cipher = cipher_alg_list(',', 0); 211 all_mac = mac_alg_list(','); 212 all_kex = kex_alg_list(','); 213 all_key = sshkey_alg_list(0, 0, 1, ','); 214 all_sig = sshkey_alg_list(0, 1, 1, ','); 215 /* remove unsupported algos from default lists */ 216 def_cipher = match_filter_whitelist(KEX_SERVER_ENCRYPT, all_cipher); 217 def_mac = match_filter_whitelist(KEX_SERVER_MAC, all_mac); 218 def_kex = match_filter_whitelist(KEX_SERVER_KEX, all_kex); 219 def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key); 220 def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig); 221 #define ASSEMBLE(what, defaults, all) \ 222 do { \ 223 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ 224 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ 225 } while (0) 226 ASSEMBLE(ciphers, def_cipher, all_cipher); 227 ASSEMBLE(macs, def_mac, all_mac); 228 ASSEMBLE(kex_algorithms, def_kex, all_kex); 229 ASSEMBLE(hostkeyalgorithms, def_key, all_key); 230 ASSEMBLE(hostbased_key_types, def_key, all_key); 231 ASSEMBLE(pubkey_key_types, def_key, all_key); 232 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); 233 #undef ASSEMBLE 234 free(all_cipher); 235 free(all_mac); 236 free(all_kex); 237 free(all_key); 238 free(all_sig); 239 free(def_cipher); 240 free(def_mac); 241 free(def_kex); 242 free(def_key); 243 free(def_sig); 244 } 245 246 static void 247 array_append2(const char *file, const int line, const char *directive, 248 char ***array, int **iarray, u_int *lp, const char *s, int i) 249 { 250 251 if (*lp >= INT_MAX) 252 fatal("%s line %d: Too many %s entries", file, line, directive); 253 254 if (iarray != NULL) { 255 *iarray = xrecallocarray(*iarray, *lp, *lp + 1, 256 sizeof(**iarray)); 257 (*iarray)[*lp] = i; 258 } 259 260 *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array)); 261 (*array)[*lp] = xstrdup(s); 262 (*lp)++; 263 } 264 265 static void 266 array_append(const char *file, const int line, const char *directive, 267 char ***array, u_int *lp, const char *s) 268 { 269 array_append2(file, line, directive, array, NULL, lp, s, 0); 270 } 271 272 void 273 servconf_add_hostkey(const char *file, const int line, 274 ServerOptions *options, const char *path, int userprovided) 275 { 276 char *apath = derelativise_path(path); 277 278 array_append2(file, line, "HostKey", 279 &options->host_key_files, &options->host_key_file_userprovided, 280 &options->num_host_key_files, apath, userprovided); 281 free(apath); 282 } 283 284 void 285 servconf_add_hostcert(const char *file, const int line, 286 ServerOptions *options, const char *path) 287 { 288 char *apath = derelativise_path(path); 289 290 array_append(file, line, "HostCertificate", 291 &options->host_cert_files, &options->num_host_cert_files, apath); 292 free(apath); 293 } 294 295 void 296 fill_default_server_options(ServerOptions *options) 297 { 298 u_int i; 299 300 /* Portable-specific options */ 301 if (options->use_pam == -1) 302 options->use_pam = 0; 303 304 /* Standard Options */ 305 if (options->num_host_key_files == 0) { 306 /* fill default hostkeys for protocols */ 307 servconf_add_hostkey("[default]", 0, options, 308 _PATH_HOST_RSA_KEY_FILE, 0); 309 #ifdef OPENSSL_HAS_ECC 310 servconf_add_hostkey("[default]", 0, options, 311 _PATH_HOST_ECDSA_KEY_FILE, 0); 312 #endif 313 servconf_add_hostkey("[default]", 0, options, 314 _PATH_HOST_ED25519_KEY_FILE, 0); 315 #ifdef WITH_XMSS 316 servconf_add_hostkey("[default]", 0, options, 317 _PATH_HOST_XMSS_KEY_FILE, 0); 318 #endif /* WITH_XMSS */ 319 } 320 /* No certificates by default */ 321 if (options->num_ports == 0) 322 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 323 if (options->address_family == -1) 324 options->address_family = AF_UNSPEC; 325 if (options->listen_addrs == NULL) 326 add_listen_addr(options, NULL, NULL, 0); 327 if (options->pid_file == NULL) 328 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 329 if (options->login_grace_time == -1) 330 options->login_grace_time = 120; 331 if (options->permit_root_login == PERMIT_NOT_SET) 332 options->permit_root_login = PERMIT_NO_PASSWD; 333 if (options->ignore_rhosts == -1) 334 options->ignore_rhosts = 1; 335 if (options->ignore_user_known_hosts == -1) 336 options->ignore_user_known_hosts = 0; 337 if (options->print_motd == -1) 338 options->print_motd = 1; 339 if (options->print_lastlog == -1) 340 options->print_lastlog = 1; 341 if (options->x11_forwarding == -1) 342 options->x11_forwarding = 0; 343 if (options->x11_display_offset == -1) 344 options->x11_display_offset = 10; 345 if (options->x11_use_localhost == -1) 346 options->x11_use_localhost = 1; 347 if (options->xauth_location == NULL) 348 options->xauth_location = xstrdup(_PATH_XAUTH); 349 if (options->permit_tty == -1) 350 options->permit_tty = 1; 351 if (options->permit_user_rc == -1) 352 options->permit_user_rc = 1; 353 if (options->strict_modes == -1) 354 options->strict_modes = 1; 355 if (options->tcp_keep_alive == -1) 356 options->tcp_keep_alive = 1; 357 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 358 options->log_facility = SYSLOG_FACILITY_AUTH; 359 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 360 options->log_level = SYSLOG_LEVEL_INFO; 361 if (options->hostbased_authentication == -1) 362 options->hostbased_authentication = 0; 363 if (options->hostbased_uses_name_from_packet_only == -1) 364 options->hostbased_uses_name_from_packet_only = 0; 365 if (options->pubkey_authentication == -1) 366 options->pubkey_authentication = 1; 367 if (options->pubkey_auth_options == -1) 368 options->pubkey_auth_options = 0; 369 if (options->kerberos_authentication == -1) 370 options->kerberos_authentication = 0; 371 if (options->kerberos_or_local_passwd == -1) 372 options->kerberos_or_local_passwd = 1; 373 if (options->kerberos_ticket_cleanup == -1) 374 options->kerberos_ticket_cleanup = 1; 375 if (options->kerberos_get_afs_token == -1) 376 options->kerberos_get_afs_token = 0; 377 if (options->gss_authentication == -1) 378 options->gss_authentication = 0; 379 if (options->gss_cleanup_creds == -1) 380 options->gss_cleanup_creds = 1; 381 if (options->gss_strict_acceptor == -1) 382 options->gss_strict_acceptor = 1; 383 if (options->password_authentication == -1) 384 options->password_authentication = 1; 385 if (options->kbd_interactive_authentication == -1) 386 options->kbd_interactive_authentication = 0; 387 if (options->challenge_response_authentication == -1) 388 options->challenge_response_authentication = 1; 389 if (options->permit_empty_passwd == -1) 390 options->permit_empty_passwd = 0; 391 if (options->permit_user_env == -1) { 392 options->permit_user_env = 0; 393 options->permit_user_env_whitelist = NULL; 394 } 395 if (options->compression == -1) 396 #ifdef WITH_ZLIB 397 options->compression = COMP_DELAYED; 398 #else 399 options->compression = COMP_NONE; 400 #endif 401 402 if (options->rekey_limit == -1) 403 options->rekey_limit = 0; 404 if (options->rekey_interval == -1) 405 options->rekey_interval = 0; 406 if (options->allow_tcp_forwarding == -1) 407 options->allow_tcp_forwarding = FORWARD_ALLOW; 408 if (options->allow_streamlocal_forwarding == -1) 409 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 410 if (options->allow_agent_forwarding == -1) 411 options->allow_agent_forwarding = 1; 412 if (options->fwd_opts.gateway_ports == -1) 413 options->fwd_opts.gateway_ports = 0; 414 if (options->max_startups == -1) 415 options->max_startups = 100; 416 if (options->max_startups_rate == -1) 417 options->max_startups_rate = 30; /* 30% */ 418 if (options->max_startups_begin == -1) 419 options->max_startups_begin = 10; 420 if (options->max_authtries == -1) 421 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 422 if (options->max_sessions == -1) 423 options->max_sessions = DEFAULT_SESSIONS_MAX; 424 if (options->use_dns == -1) 425 options->use_dns = 0; 426 if (options->client_alive_interval == -1) 427 options->client_alive_interval = 0; 428 if (options->client_alive_count_max == -1) 429 options->client_alive_count_max = 3; 430 if (options->num_authkeys_files == 0) { 431 array_append("[default]", 0, "AuthorizedKeysFiles", 432 &options->authorized_keys_files, 433 &options->num_authkeys_files, 434 _PATH_SSH_USER_PERMITTED_KEYS); 435 array_append("[default]", 0, "AuthorizedKeysFiles", 436 &options->authorized_keys_files, 437 &options->num_authkeys_files, 438 _PATH_SSH_USER_PERMITTED_KEYS2); 439 } 440 if (options->permit_tun == -1) 441 options->permit_tun = SSH_TUNMODE_NO; 442 if (options->ip_qos_interactive == -1) 443 options->ip_qos_interactive = IPTOS_DSCP_AF21; 444 if (options->ip_qos_bulk == -1) 445 options->ip_qos_bulk = IPTOS_DSCP_CS1; 446 if (options->version_addendum == NULL) 447 options->version_addendum = xstrdup(""); 448 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 449 options->fwd_opts.streamlocal_bind_mask = 0177; 450 if (options->fwd_opts.streamlocal_bind_unlink == -1) 451 options->fwd_opts.streamlocal_bind_unlink = 0; 452 if (options->fingerprint_hash == -1) 453 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 454 if (options->disable_forwarding == -1) 455 options->disable_forwarding = 0; 456 if (options->expose_userauth_info == -1) 457 options->expose_userauth_info = 0; 458 if (options->sk_provider == NULL) 459 options->sk_provider = xstrdup("internal"); 460 461 assemble_algorithms(options); 462 463 /* Turn privilege separation and sandboxing on by default */ 464 if (use_privsep == -1) 465 use_privsep = PRIVSEP_ON; 466 467 #define CLEAR_ON_NONE(v) \ 468 do { \ 469 if (option_clear_or_none(v)) { \ 470 free(v); \ 471 v = NULL; \ 472 } \ 473 } while(0) 474 CLEAR_ON_NONE(options->pid_file); 475 CLEAR_ON_NONE(options->xauth_location); 476 CLEAR_ON_NONE(options->banner); 477 CLEAR_ON_NONE(options->trusted_user_ca_keys); 478 CLEAR_ON_NONE(options->revoked_keys_file); 479 CLEAR_ON_NONE(options->sk_provider); 480 CLEAR_ON_NONE(options->authorized_principals_file); 481 CLEAR_ON_NONE(options->adm_forced_command); 482 CLEAR_ON_NONE(options->chroot_directory); 483 CLEAR_ON_NONE(options->routing_domain); 484 CLEAR_ON_NONE(options->host_key_agent); 485 for (i = 0; i < options->num_host_key_files; i++) 486 CLEAR_ON_NONE(options->host_key_files[i]); 487 for (i = 0; i < options->num_host_cert_files; i++) 488 CLEAR_ON_NONE(options->host_cert_files[i]); 489 #undef CLEAR_ON_NONE 490 491 /* Similar handling for AuthenticationMethods=any */ 492 if (options->num_auth_methods == 1 && 493 strcmp(options->auth_methods[0], "any") == 0) { 494 free(options->auth_methods[0]); 495 options->auth_methods[0] = NULL; 496 options->num_auth_methods = 0; 497 } 498 499 #ifndef HAVE_MMAP 500 if (use_privsep && options->compression == 1) { 501 error("This platform does not support both privilege " 502 "separation and compression"); 503 error("Compression disabled"); 504 options->compression = 0; 505 } 506 #endif 507 } 508 509 /* Keyword tokens. */ 510 typedef enum { 511 sBadOption, /* == unknown option */ 512 /* Portable-specific options */ 513 sUsePAM, 514 /* Standard Options */ 515 sPort, sHostKeyFile, sLoginGraceTime, 516 sPermitRootLogin, sLogFacility, sLogLevel, 517 sRhostsRSAAuthentication, sRSAAuthentication, 518 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 519 sKerberosGetAFSToken, sChallengeResponseAuthentication, 520 sPasswordAuthentication, sKbdInteractiveAuthentication, 521 sListenAddress, sAddressFamily, 522 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 523 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 524 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 525 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 526 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 527 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, 528 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 529 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 530 sBanner, sUseDNS, sHostbasedAuthentication, 531 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, 532 sHostKeyAlgorithms, 533 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 534 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 535 sAcceptEnv, sSetEnv, sPermitTunnel, 536 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 537 sUsePrivilegeSeparation, sAllowAgentForwarding, 538 sHostCertificate, sInclude, 539 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 540 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 541 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, 542 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 543 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 544 sStreamLocalBindMask, sStreamLocalBindUnlink, 545 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 546 sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, 547 sDeprecated, sIgnore, sUnsupported 548 } ServerOpCodes; 549 550 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */ 551 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 552 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 553 #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ 554 #define SSHCFG_MATCH_ONLY 0x08 /* Match only in conditional blocks; internal only */ 555 556 /* Textual representation of the tokens. */ 557 static struct { 558 const char *name; 559 ServerOpCodes opcode; 560 u_int flags; 561 } keywords[] = { 562 /* Portable-specific options */ 563 #ifdef USE_PAM 564 { "usepam", sUsePAM, SSHCFG_GLOBAL }, 565 #else 566 { "usepam", sUnsupported, SSHCFG_GLOBAL }, 567 #endif 568 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, 569 /* Standard Options */ 570 { "port", sPort, SSHCFG_GLOBAL }, 571 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 572 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 573 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 574 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 575 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 576 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 577 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 578 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 579 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 580 { "loglevel", sLogLevel, SSHCFG_ALL }, 581 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 582 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 583 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 584 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 585 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 586 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 587 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 588 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 589 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 590 { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL }, 591 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 592 #ifdef KRB5 593 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 594 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 595 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 596 #ifdef USE_AFS 597 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 598 #else 599 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 600 #endif 601 #else 602 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 603 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 604 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 605 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 606 #endif 607 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 608 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 609 #ifdef GSSAPI 610 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 611 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 612 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 613 #else 614 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 615 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 616 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 617 #endif 618 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 619 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 620 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 621 { "skeyauthentication", sDeprecated, SSHCFG_GLOBAL }, 622 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 623 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 624 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 625 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 626 #ifdef DISABLE_LASTLOG 627 { "printlastlog", sUnsupported, SSHCFG_GLOBAL }, 628 #else 629 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 630 #endif 631 { "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL }, 632 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 633 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 634 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 635 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 636 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 637 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 638 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 639 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 640 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 641 { "compression", sCompression, SSHCFG_GLOBAL }, 642 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 643 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 644 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 645 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 646 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 647 { "allowusers", sAllowUsers, SSHCFG_ALL }, 648 { "denyusers", sDenyUsers, SSHCFG_ALL }, 649 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 650 { "denygroups", sDenyGroups, SSHCFG_ALL }, 651 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 652 { "macs", sMacs, SSHCFG_GLOBAL }, 653 { "protocol", sIgnore, SSHCFG_GLOBAL }, 654 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 655 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 656 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 657 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 658 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 659 { "banner", sBanner, SSHCFG_ALL }, 660 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 661 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 662 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 663 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 664 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 665 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 666 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 667 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, 668 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 669 { "setenv", sSetEnv, SSHCFG_ALL }, 670 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 671 { "permittty", sPermitTTY, SSHCFG_ALL }, 672 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 673 { "match", sMatch, SSHCFG_ALL }, 674 { "permitopen", sPermitOpen, SSHCFG_ALL }, 675 { "permitlisten", sPermitListen, SSHCFG_ALL }, 676 { "forcecommand", sForceCommand, SSHCFG_ALL }, 677 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 678 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 679 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 680 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 681 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 682 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 683 { "include", sInclude, SSHCFG_ALL }, 684 { "ipqos", sIPQoS, SSHCFG_ALL }, 685 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 686 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 687 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 688 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 689 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 690 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 691 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 692 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 693 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 694 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 695 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 696 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, 697 { "rdomain", sRDomain, SSHCFG_ALL }, 698 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, 699 { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, 700 { NULL, sBadOption, 0 } 701 }; 702 703 static struct { 704 int val; 705 char *text; 706 } tunmode_desc[] = { 707 { SSH_TUNMODE_NO, "no" }, 708 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 709 { SSH_TUNMODE_ETHERNET, "ethernet" }, 710 { SSH_TUNMODE_YES, "yes" }, 711 { -1, NULL } 712 }; 713 714 /* Returns an opcode name from its number */ 715 716 static const char * 717 lookup_opcode_name(ServerOpCodes code) 718 { 719 u_int i; 720 721 for (i = 0; keywords[i].name != NULL; i++) 722 if (keywords[i].opcode == code) 723 return(keywords[i].name); 724 return "UNKNOWN"; 725 } 726 727 728 /* 729 * Returns the number of the token pointed to by cp or sBadOption. 730 */ 731 732 static ServerOpCodes 733 parse_token(const char *cp, const char *filename, 734 int linenum, u_int *flags) 735 { 736 u_int i; 737 738 for (i = 0; keywords[i].name; i++) 739 if (strcasecmp(cp, keywords[i].name) == 0) { 740 *flags = keywords[i].flags; 741 return keywords[i].opcode; 742 } 743 744 error("%s: line %d: Bad configuration option: %s", 745 filename, linenum, cp); 746 return sBadOption; 747 } 748 749 char * 750 derelativise_path(const char *path) 751 { 752 char *expanded, *ret, cwd[PATH_MAX]; 753 754 if (strcasecmp(path, "none") == 0) 755 return xstrdup("none"); 756 expanded = tilde_expand_filename(path, getuid()); 757 if (path_absolute(expanded)) 758 return expanded; 759 if (getcwd(cwd, sizeof(cwd)) == NULL) 760 fatal("%s: getcwd: %s", __func__, strerror(errno)); 761 xasprintf(&ret, "%s/%s", cwd, expanded); 762 free(expanded); 763 return ret; 764 } 765 766 static void 767 add_listen_addr(ServerOptions *options, const char *addr, 768 const char *rdomain, int port) 769 { 770 u_int i; 771 772 if (port > 0) 773 add_one_listen_addr(options, addr, rdomain, port); 774 else { 775 for (i = 0; i < options->num_ports; i++) { 776 add_one_listen_addr(options, addr, rdomain, 777 options->ports[i]); 778 } 779 } 780 } 781 782 static void 783 add_one_listen_addr(ServerOptions *options, const char *addr, 784 const char *rdomain, int port) 785 { 786 struct addrinfo hints, *ai, *aitop; 787 char strport[NI_MAXSERV]; 788 int gaierr; 789 u_int i; 790 791 /* Find listen_addrs entry for this rdomain */ 792 for (i = 0; i < options->num_listen_addrs; i++) { 793 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL) 794 break; 795 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL) 796 continue; 797 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0) 798 break; 799 } 800 if (i >= options->num_listen_addrs) { 801 /* No entry for this rdomain; allocate one */ 802 if (i >= INT_MAX) 803 fatal("%s: too many listen addresses", __func__); 804 options->listen_addrs = xrecallocarray(options->listen_addrs, 805 options->num_listen_addrs, options->num_listen_addrs + 1, 806 sizeof(*options->listen_addrs)); 807 i = options->num_listen_addrs++; 808 if (rdomain != NULL) 809 options->listen_addrs[i].rdomain = xstrdup(rdomain); 810 } 811 /* options->listen_addrs[i] points to the addresses for this rdomain */ 812 813 memset(&hints, 0, sizeof(hints)); 814 hints.ai_family = options->address_family; 815 hints.ai_socktype = SOCK_STREAM; 816 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 817 snprintf(strport, sizeof strport, "%d", port); 818 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 819 fatal("bad addr or host: %s (%s)", 820 addr ? addr : "<NULL>", 821 ssh_gai_strerror(gaierr)); 822 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 823 ; 824 ai->ai_next = options->listen_addrs[i].addrs; 825 options->listen_addrs[i].addrs = aitop; 826 } 827 828 /* Returns nonzero if the routing domain name is valid */ 829 static int 830 valid_rdomain(const char *name) 831 { 832 #if defined(HAVE_SYS_VALID_RDOMAIN) 833 return sys_valid_rdomain(name); 834 #elif defined(__OpenBSD__) 835 const char *errstr; 836 long long num; 837 struct rt_tableinfo info; 838 int mib[6]; 839 size_t miblen = sizeof(mib); 840 841 if (name == NULL) 842 return 1; 843 844 num = strtonum(name, 0, 255, &errstr); 845 if (errstr != NULL) 846 return 0; 847 848 /* Check whether the table actually exists */ 849 memset(mib, 0, sizeof(mib)); 850 mib[0] = CTL_NET; 851 mib[1] = PF_ROUTE; 852 mib[4] = NET_RT_TABLE; 853 mib[5] = (int)num; 854 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1) 855 return 0; 856 857 return 1; 858 #else /* defined(__OpenBSD__) */ 859 error("Routing domains are not supported on this platform"); 860 return 0; 861 #endif 862 } 863 864 /* 865 * Queue a ListenAddress to be processed once we have all of the Ports 866 * and AddressFamily options. 867 */ 868 static void 869 queue_listen_addr(ServerOptions *options, const char *addr, 870 const char *rdomain, int port) 871 { 872 struct queued_listenaddr *qla; 873 874 options->queued_listen_addrs = xrecallocarray( 875 options->queued_listen_addrs, 876 options->num_queued_listens, options->num_queued_listens + 1, 877 sizeof(*options->queued_listen_addrs)); 878 qla = &options->queued_listen_addrs[options->num_queued_listens++]; 879 qla->addr = xstrdup(addr); 880 qla->port = port; 881 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain); 882 } 883 884 /* 885 * Process queued (text) ListenAddress entries. 886 */ 887 static void 888 process_queued_listen_addrs(ServerOptions *options) 889 { 890 u_int i; 891 struct queued_listenaddr *qla; 892 893 if (options->num_ports == 0) 894 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 895 if (options->address_family == -1) 896 options->address_family = AF_UNSPEC; 897 898 for (i = 0; i < options->num_queued_listens; i++) { 899 qla = &options->queued_listen_addrs[i]; 900 add_listen_addr(options, qla->addr, qla->rdomain, qla->port); 901 free(qla->addr); 902 free(qla->rdomain); 903 } 904 free(options->queued_listen_addrs); 905 options->queued_listen_addrs = NULL; 906 options->num_queued_listens = 0; 907 } 908 909 /* 910 * Inform channels layer of permitopen options for a single forwarding 911 * direction (local/remote). 912 */ 913 static void 914 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, 915 char **opens, u_int num_opens) 916 { 917 u_int i; 918 int port; 919 char *host, *arg, *oarg, ch; 920 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE; 921 const char *what = lookup_opcode_name(opcode); 922 923 channel_clear_permission(ssh, FORWARD_ADM, where); 924 if (num_opens == 0) 925 return; /* permit any */ 926 927 /* handle keywords: "any" / "none" */ 928 if (num_opens == 1 && strcmp(opens[0], "any") == 0) 929 return; 930 if (num_opens == 1 && strcmp(opens[0], "none") == 0) { 931 channel_disable_admin(ssh, where); 932 return; 933 } 934 /* Otherwise treat it as a list of permitted host:port */ 935 for (i = 0; i < num_opens; i++) { 936 oarg = arg = xstrdup(opens[i]); 937 ch = '\0'; 938 host = hpdelim2(&arg, &ch); 939 if (host == NULL || ch == '/') 940 fatal("%s: missing host in %s", __func__, what); 941 host = cleanhostname(host); 942 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 943 fatal("%s: bad port number in %s", __func__, what); 944 /* Send it to channels layer */ 945 channel_add_permission(ssh, FORWARD_ADM, 946 where, host, port); 947 free(oarg); 948 } 949 } 950 951 /* 952 * Inform channels layer of permitopen options from configuration. 953 */ 954 void 955 process_permitopen(struct ssh *ssh, ServerOptions *options) 956 { 957 process_permitopen_list(ssh, sPermitOpen, 958 options->permitted_opens, options->num_permitted_opens); 959 process_permitopen_list(ssh, sPermitListen, 960 options->permitted_listens, 961 options->num_permitted_listens); 962 } 963 964 struct connection_info * 965 get_connection_info(struct ssh *ssh, int populate, int use_dns) 966 { 967 static struct connection_info ci; 968 969 if (ssh == NULL || !populate) 970 return &ci; 971 ci.host = auth_get_canonical_hostname(ssh, use_dns); 972 ci.address = ssh_remote_ipaddr(ssh); 973 ci.laddress = ssh_local_ipaddr(ssh); 974 ci.lport = ssh_local_port(ssh); 975 ci.rdomain = ssh_packet_rdomain_in(ssh); 976 return &ci; 977 } 978 979 /* 980 * The strategy for the Match blocks is that the config file is parsed twice. 981 * 982 * The first time is at startup. activep is initialized to 1 and the 983 * directives in the global context are processed and acted on. Hitting a 984 * Match directive unsets activep and the directives inside the block are 985 * checked for syntax only. 986 * 987 * The second time is after a connection has been established but before 988 * authentication. activep is initialized to 2 and global config directives 989 * are ignored since they have already been processed. If the criteria in a 990 * Match block is met, activep is set and the subsequent directives 991 * processed and actioned until EOF or another Match block unsets it. Any 992 * options set are copied into the main server config. 993 * 994 * Potential additions/improvements: 995 * - Add Match support for pre-kex directives, eg. Ciphers. 996 * 997 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 998 * Match Address 192.168.0.* 999 * Tag trusted 1000 * Match Group wheel 1001 * Tag trusted 1002 * Match Tag trusted 1003 * AllowTcpForwarding yes 1004 * GatewayPorts clientspecified 1005 * [...] 1006 * 1007 * - Add a PermittedChannelRequests directive 1008 * Match Group shell 1009 * PermittedChannelRequests session,forwarded-tcpip 1010 */ 1011 1012 static int 1013 match_cfg_line_group(const char *grps, int line, const char *user) 1014 { 1015 int result = 0; 1016 struct passwd *pw; 1017 1018 if (user == NULL) 1019 goto out; 1020 1021 if ((pw = getpwnam(user)) == NULL) { 1022 debug("Can't match group at line %d because user %.100s does " 1023 "not exist", line, user); 1024 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 1025 debug("Can't Match group because user %.100s not in any group " 1026 "at line %d", user, line); 1027 } else if (ga_match_pattern_list(grps) != 1) { 1028 debug("user %.100s does not match group list %.100s at line %d", 1029 user, grps, line); 1030 } else { 1031 debug("user %.100s matched group list %.100s at line %d", user, 1032 grps, line); 1033 result = 1; 1034 } 1035 out: 1036 ga_free(); 1037 return result; 1038 } 1039 1040 static void 1041 match_test_missing_fatal(const char *criteria, const char *attrib) 1042 { 1043 fatal("'Match %s' in configuration but '%s' not in connection " 1044 "test specification.", criteria, attrib); 1045 } 1046 1047 /* 1048 * All of the attributes on a single Match line are ANDed together, so we need 1049 * to check every attribute and set the result to zero if any attribute does 1050 * not match. 1051 */ 1052 static int 1053 match_cfg_line(char **condition, int line, struct connection_info *ci) 1054 { 1055 int result = 1, attributes = 0, port; 1056 char *arg, *attrib, *cp = *condition; 1057 1058 if (ci == NULL) 1059 debug3("checking syntax for 'Match %s'", cp); 1060 else 1061 debug3("checking match for '%s' user %s host %s addr %s " 1062 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 1063 ci->host ? ci->host : "(null)", 1064 ci->address ? ci->address : "(null)", 1065 ci->laddress ? ci->laddress : "(null)", ci->lport); 1066 1067 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 1068 attributes++; 1069 if (strcasecmp(attrib, "all") == 0) { 1070 if (attributes != 1 || 1071 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 1072 error("'all' cannot be combined with other " 1073 "Match attributes"); 1074 return -1; 1075 } 1076 *condition = cp; 1077 return 1; 1078 } 1079 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 1080 error("Missing Match criteria for %s", attrib); 1081 return -1; 1082 } 1083 if (strcasecmp(attrib, "user") == 0) { 1084 if (ci == NULL || (ci->test && ci->user == NULL)) { 1085 result = 0; 1086 continue; 1087 } 1088 if (ci->user == NULL) 1089 match_test_missing_fatal("User", "user"); 1090 if (match_usergroup_pattern_list(ci->user, arg) != 1) 1091 result = 0; 1092 else 1093 debug("user %.100s matched 'User %.100s' at " 1094 "line %d", ci->user, arg, line); 1095 } else if (strcasecmp(attrib, "group") == 0) { 1096 if (ci == NULL || (ci->test && ci->user == NULL)) { 1097 result = 0; 1098 continue; 1099 } 1100 if (ci->user == NULL) 1101 match_test_missing_fatal("Group", "user"); 1102 switch (match_cfg_line_group(arg, line, ci->user)) { 1103 case -1: 1104 return -1; 1105 case 0: 1106 result = 0; 1107 } 1108 } else if (strcasecmp(attrib, "host") == 0) { 1109 if (ci == NULL || (ci->test && ci->host == NULL)) { 1110 result = 0; 1111 continue; 1112 } 1113 if (ci->host == NULL) 1114 match_test_missing_fatal("Host", "host"); 1115 if (match_hostname(ci->host, arg) != 1) 1116 result = 0; 1117 else 1118 debug("connection from %.100s matched 'Host " 1119 "%.100s' at line %d", ci->host, arg, line); 1120 } else if (strcasecmp(attrib, "address") == 0) { 1121 if (ci == NULL || (ci->test && ci->address == NULL)) { 1122 result = 0; 1123 continue; 1124 } 1125 if (ci->address == NULL) 1126 match_test_missing_fatal("Address", "addr"); 1127 switch (addr_match_list(ci->address, arg)) { 1128 case 1: 1129 debug("connection from %.100s matched 'Address " 1130 "%.100s' at line %d", ci->address, arg, line); 1131 break; 1132 case 0: 1133 case -1: 1134 result = 0; 1135 break; 1136 case -2: 1137 return -1; 1138 } 1139 } else if (strcasecmp(attrib, "localaddress") == 0){ 1140 if (ci == NULL || (ci->test && ci->laddress == NULL)) { 1141 result = 0; 1142 continue; 1143 } 1144 if (ci->laddress == NULL) 1145 match_test_missing_fatal("LocalAddress", 1146 "laddr"); 1147 switch (addr_match_list(ci->laddress, arg)) { 1148 case 1: 1149 debug("connection from %.100s matched " 1150 "'LocalAddress %.100s' at line %d", 1151 ci->laddress, arg, line); 1152 break; 1153 case 0: 1154 case -1: 1155 result = 0; 1156 break; 1157 case -2: 1158 return -1; 1159 } 1160 } else if (strcasecmp(attrib, "localport") == 0) { 1161 if ((port = a2port(arg)) == -1) { 1162 error("Invalid LocalPort '%s' on Match line", 1163 arg); 1164 return -1; 1165 } 1166 if (ci == NULL || (ci->test && ci->lport == -1)) { 1167 result = 0; 1168 continue; 1169 } 1170 if (ci->lport == 0) 1171 match_test_missing_fatal("LocalPort", "lport"); 1172 /* TODO support port lists */ 1173 if (port == ci->lport) 1174 debug("connection from %.100s matched " 1175 "'LocalPort %d' at line %d", 1176 ci->laddress, port, line); 1177 else 1178 result = 0; 1179 } else if (strcasecmp(attrib, "rdomain") == 0) { 1180 if (ci == NULL || (ci->test && ci->rdomain == NULL)) { 1181 result = 0; 1182 continue; 1183 } 1184 if (ci->rdomain == NULL) 1185 match_test_missing_fatal("RDomain", "rdomain"); 1186 if (match_pattern_list(ci->rdomain, arg, 0) != 1) 1187 result = 0; 1188 else 1189 debug("user %.100s matched 'RDomain %.100s' at " 1190 "line %d", ci->rdomain, arg, line); 1191 } else { 1192 error("Unsupported Match attribute %s", attrib); 1193 return -1; 1194 } 1195 } 1196 if (attributes == 0) { 1197 error("One or more attributes required for Match"); 1198 return -1; 1199 } 1200 if (ci != NULL) 1201 debug3("match %sfound", result ? "" : "not "); 1202 *condition = cp; 1203 return result; 1204 } 1205 1206 #define WHITESPACE " \t\r\n" 1207 1208 /* Multistate option parsing */ 1209 struct multistate { 1210 char *key; 1211 int value; 1212 }; 1213 static const struct multistate multistate_flag[] = { 1214 { "yes", 1 }, 1215 { "no", 0 }, 1216 { NULL, -1 } 1217 }; 1218 static const struct multistate multistate_ignore_rhosts[] = { 1219 { "yes", IGNORE_RHOSTS_YES }, 1220 { "no", IGNORE_RHOSTS_NO }, 1221 { "shosts-only", IGNORE_RHOSTS_SHOSTS }, 1222 { NULL, -1 } 1223 }; 1224 static const struct multistate multistate_addressfamily[] = { 1225 { "inet", AF_INET }, 1226 { "inet6", AF_INET6 }, 1227 { "any", AF_UNSPEC }, 1228 { NULL, -1 } 1229 }; 1230 static const struct multistate multistate_permitrootlogin[] = { 1231 { "without-password", PERMIT_NO_PASSWD }, 1232 { "prohibit-password", PERMIT_NO_PASSWD }, 1233 { "forced-commands-only", PERMIT_FORCED_ONLY }, 1234 { "yes", PERMIT_YES }, 1235 { "no", PERMIT_NO }, 1236 { NULL, -1 } 1237 }; 1238 static const struct multistate multistate_compression[] = { 1239 #ifdef WITH_ZLIB 1240 { "yes", COMP_DELAYED }, 1241 { "delayed", COMP_DELAYED }, 1242 #endif 1243 { "no", COMP_NONE }, 1244 { NULL, -1 } 1245 }; 1246 static const struct multistate multistate_gatewayports[] = { 1247 { "clientspecified", 2 }, 1248 { "yes", 1 }, 1249 { "no", 0 }, 1250 { NULL, -1 } 1251 }; 1252 static const struct multistate multistate_tcpfwd[] = { 1253 { "yes", FORWARD_ALLOW }, 1254 { "all", FORWARD_ALLOW }, 1255 { "no", FORWARD_DENY }, 1256 { "remote", FORWARD_REMOTE }, 1257 { "local", FORWARD_LOCAL }, 1258 { NULL, -1 } 1259 }; 1260 1261 static int 1262 process_server_config_line_depth(ServerOptions *options, char *line, 1263 const char *filename, int linenum, int *activep, 1264 struct connection_info *connectinfo, int *inc_flags, int depth, 1265 struct include_list *includes) 1266 { 1267 char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; 1268 int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; 1269 SyslogFacility *log_facility_ptr; 1270 LogLevel *log_level_ptr; 1271 ServerOpCodes opcode; 1272 u_int i, *uintptr, uvalue, flags = 0; 1273 size_t len; 1274 long long val64; 1275 const struct multistate *multistate_ptr; 1276 const char *errstr; 1277 struct include_item *item; 1278 glob_t gbuf; 1279 1280 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 1281 if ((len = strlen(line)) == 0) 1282 return 0; 1283 for (len--; len > 0; len--) { 1284 if (strchr(WHITESPACE "\f", line[len]) == NULL) 1285 break; 1286 line[len] = '\0'; 1287 } 1288 1289 cp = line; 1290 if ((arg = strdelim(&cp)) == NULL) 1291 return 0; 1292 /* Ignore leading whitespace */ 1293 if (*arg == '\0') 1294 arg = strdelim(&cp); 1295 if (!arg || !*arg || *arg == '#') 1296 return 0; 1297 intptr = NULL; 1298 charptr = NULL; 1299 opcode = parse_token(arg, filename, linenum, &flags); 1300 1301 if (activep == NULL) { /* We are processing a command line directive */ 1302 cmdline = 1; 1303 activep = &cmdline; 1304 } 1305 if (*activep && opcode != sMatch && opcode != sInclude) 1306 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 1307 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1308 if (connectinfo == NULL) { 1309 fatal("%s line %d: Directive '%s' is not allowed " 1310 "within a Match block", filename, linenum, arg); 1311 } else { /* this is a directive we have already processed */ 1312 while (arg) 1313 arg = strdelim(&cp); 1314 return 0; 1315 } 1316 } 1317 1318 switch (opcode) { 1319 /* Portable-specific options */ 1320 case sUsePAM: 1321 intptr = &options->use_pam; 1322 goto parse_flag; 1323 1324 /* Standard Options */ 1325 case sBadOption: 1326 return -1; 1327 case sPort: 1328 /* ignore ports from configfile if cmdline specifies ports */ 1329 if (options->ports_from_cmdline) 1330 return 0; 1331 if (options->num_ports >= MAX_PORTS) 1332 fatal("%s line %d: too many ports.", 1333 filename, linenum); 1334 arg = strdelim(&cp); 1335 if (!arg || *arg == '\0') 1336 fatal("%s line %d: missing port number.", 1337 filename, linenum); 1338 options->ports[options->num_ports++] = a2port(arg); 1339 if (options->ports[options->num_ports-1] <= 0) 1340 fatal("%s line %d: Badly formatted port number.", 1341 filename, linenum); 1342 break; 1343 1344 case sLoginGraceTime: 1345 intptr = &options->login_grace_time; 1346 parse_time: 1347 arg = strdelim(&cp); 1348 if (!arg || *arg == '\0') 1349 fatal("%s line %d: missing time value.", 1350 filename, linenum); 1351 if ((value = convtime(arg)) == -1) 1352 fatal("%s line %d: invalid time value.", 1353 filename, linenum); 1354 if (*activep && *intptr == -1) 1355 *intptr = value; 1356 break; 1357 1358 case sListenAddress: 1359 arg = strdelim(&cp); 1360 if (arg == NULL || *arg == '\0') 1361 fatal("%s line %d: missing address", 1362 filename, linenum); 1363 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1364 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1365 && strchr(p+1, ':') != NULL) { 1366 port = 0; 1367 p = arg; 1368 } else { 1369 arg2 = NULL; 1370 ch = '\0'; 1371 p = hpdelim2(&arg, &ch); 1372 if (p == NULL || ch == '/') 1373 fatal("%s line %d: bad address:port usage", 1374 filename, linenum); 1375 p = cleanhostname(p); 1376 if (arg == NULL) 1377 port = 0; 1378 else if ((port = a2port(arg)) <= 0) 1379 fatal("%s line %d: bad port number", 1380 filename, linenum); 1381 } 1382 /* Optional routing table */ 1383 arg2 = NULL; 1384 if ((arg = strdelim(&cp)) != NULL) { 1385 if (strcmp(arg, "rdomain") != 0 || 1386 (arg2 = strdelim(&cp)) == NULL) 1387 fatal("%s line %d: bad ListenAddress syntax", 1388 filename, linenum); 1389 if (!valid_rdomain(arg2)) 1390 fatal("%s line %d: bad routing domain", 1391 filename, linenum); 1392 } 1393 1394 queue_listen_addr(options, p, arg2, port); 1395 1396 break; 1397 1398 case sAddressFamily: 1399 intptr = &options->address_family; 1400 multistate_ptr = multistate_addressfamily; 1401 parse_multistate: 1402 arg = strdelim(&cp); 1403 if (!arg || *arg == '\0') 1404 fatal("%s line %d: missing argument.", 1405 filename, linenum); 1406 value = -1; 1407 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1408 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1409 value = multistate_ptr[i].value; 1410 break; 1411 } 1412 } 1413 if (value == -1) 1414 fatal("%s line %d: unsupported option \"%s\".", 1415 filename, linenum, arg); 1416 if (*activep && *intptr == -1) 1417 *intptr = value; 1418 break; 1419 1420 case sHostKeyFile: 1421 arg = strdelim(&cp); 1422 if (!arg || *arg == '\0') 1423 fatal("%s line %d: missing file name.", 1424 filename, linenum); 1425 if (*activep) { 1426 servconf_add_hostkey(filename, linenum, 1427 options, arg, 1); 1428 } 1429 break; 1430 1431 case sHostKeyAgent: 1432 charptr = &options->host_key_agent; 1433 arg = strdelim(&cp); 1434 if (!arg || *arg == '\0') 1435 fatal("%s line %d: missing socket name.", 1436 filename, linenum); 1437 if (*activep && *charptr == NULL) 1438 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1439 xstrdup(arg) : derelativise_path(arg); 1440 break; 1441 1442 case sHostCertificate: 1443 arg = strdelim(&cp); 1444 if (!arg || *arg == '\0') 1445 fatal("%s line %d: missing file name.", 1446 filename, linenum); 1447 if (*activep) 1448 servconf_add_hostcert(filename, linenum, options, arg); 1449 break; 1450 1451 case sPidFile: 1452 charptr = &options->pid_file; 1453 parse_filename: 1454 arg = strdelim(&cp); 1455 if (!arg || *arg == '\0') 1456 fatal("%s line %d: missing file name.", 1457 filename, linenum); 1458 if (*activep && *charptr == NULL) { 1459 *charptr = derelativise_path(arg); 1460 /* increase optional counter */ 1461 if (intptr != NULL) 1462 *intptr = *intptr + 1; 1463 } 1464 break; 1465 1466 case sPermitRootLogin: 1467 intptr = &options->permit_root_login; 1468 multistate_ptr = multistate_permitrootlogin; 1469 goto parse_multistate; 1470 1471 case sIgnoreRhosts: 1472 intptr = &options->ignore_rhosts; 1473 multistate_ptr = multistate_ignore_rhosts; 1474 goto parse_multistate; 1475 1476 case sIgnoreUserKnownHosts: 1477 intptr = &options->ignore_user_known_hosts; 1478 parse_flag: 1479 multistate_ptr = multistate_flag; 1480 goto parse_multistate; 1481 1482 case sHostbasedAuthentication: 1483 intptr = &options->hostbased_authentication; 1484 goto parse_flag; 1485 1486 case sHostbasedUsesNameFromPacketOnly: 1487 intptr = &options->hostbased_uses_name_from_packet_only; 1488 goto parse_flag; 1489 1490 case sHostbasedAcceptedKeyTypes: 1491 charptr = &options->hostbased_key_types; 1492 parse_keytypes: 1493 arg = strdelim(&cp); 1494 if (!arg || *arg == '\0') 1495 fatal("%s line %d: Missing argument.", 1496 filename, linenum); 1497 if (*arg != '-' && 1498 !sshkey_names_valid2(*arg == '+' || *arg == '^' ? 1499 arg + 1 : arg, 1)) 1500 fatal("%s line %d: Bad key types '%s'.", 1501 filename, linenum, arg ? arg : "<NONE>"); 1502 if (*activep && *charptr == NULL) 1503 *charptr = xstrdup(arg); 1504 break; 1505 1506 case sHostKeyAlgorithms: 1507 charptr = &options->hostkeyalgorithms; 1508 goto parse_keytypes; 1509 1510 case sCASignatureAlgorithms: 1511 charptr = &options->ca_sign_algorithms; 1512 goto parse_keytypes; 1513 1514 case sPubkeyAuthentication: 1515 intptr = &options->pubkey_authentication; 1516 goto parse_flag; 1517 1518 case sPubkeyAcceptedKeyTypes: 1519 charptr = &options->pubkey_key_types; 1520 goto parse_keytypes; 1521 1522 case sPubkeyAuthOptions: 1523 intptr = &options->pubkey_auth_options; 1524 value = 0; 1525 while ((arg = strdelim(&cp)) && *arg != '\0') { 1526 if (strcasecmp(arg, "none") == 0) 1527 continue; 1528 if (strcasecmp(arg, "touch-required") == 0) 1529 value |= PUBKEYAUTH_TOUCH_REQUIRED; 1530 else { 1531 fatal("%s line %d: unsupported " 1532 "PubkeyAuthOptions option %s", 1533 filename, linenum, arg); 1534 } 1535 } 1536 if (*activep && *intptr == -1) 1537 *intptr = value; 1538 break; 1539 1540 case sKerberosAuthentication: 1541 intptr = &options->kerberos_authentication; 1542 goto parse_flag; 1543 1544 case sKerberosOrLocalPasswd: 1545 intptr = &options->kerberos_or_local_passwd; 1546 goto parse_flag; 1547 1548 case sKerberosTicketCleanup: 1549 intptr = &options->kerberos_ticket_cleanup; 1550 goto parse_flag; 1551 1552 case sKerberosGetAFSToken: 1553 intptr = &options->kerberos_get_afs_token; 1554 goto parse_flag; 1555 1556 case sGssAuthentication: 1557 intptr = &options->gss_authentication; 1558 goto parse_flag; 1559 1560 case sGssCleanupCreds: 1561 intptr = &options->gss_cleanup_creds; 1562 goto parse_flag; 1563 1564 case sGssStrictAcceptor: 1565 intptr = &options->gss_strict_acceptor; 1566 goto parse_flag; 1567 1568 case sPasswordAuthentication: 1569 intptr = &options->password_authentication; 1570 goto parse_flag; 1571 1572 case sKbdInteractiveAuthentication: 1573 intptr = &options->kbd_interactive_authentication; 1574 goto parse_flag; 1575 1576 case sChallengeResponseAuthentication: 1577 intptr = &options->challenge_response_authentication; 1578 goto parse_flag; 1579 1580 case sPrintMotd: 1581 intptr = &options->print_motd; 1582 goto parse_flag; 1583 1584 case sPrintLastLog: 1585 intptr = &options->print_lastlog; 1586 goto parse_flag; 1587 1588 case sX11Forwarding: 1589 intptr = &options->x11_forwarding; 1590 goto parse_flag; 1591 1592 case sX11DisplayOffset: 1593 intptr = &options->x11_display_offset; 1594 parse_int: 1595 arg = strdelim(&cp); 1596 if ((errstr = atoi_err(arg, &value)) != NULL) 1597 fatal("%s line %d: integer value %s.", 1598 filename, linenum, errstr); 1599 if (*activep && *intptr == -1) 1600 *intptr = value; 1601 break; 1602 1603 case sX11UseLocalhost: 1604 intptr = &options->x11_use_localhost; 1605 goto parse_flag; 1606 1607 case sXAuthLocation: 1608 charptr = &options->xauth_location; 1609 goto parse_filename; 1610 1611 case sPermitTTY: 1612 intptr = &options->permit_tty; 1613 goto parse_flag; 1614 1615 case sPermitUserRC: 1616 intptr = &options->permit_user_rc; 1617 goto parse_flag; 1618 1619 case sStrictModes: 1620 intptr = &options->strict_modes; 1621 goto parse_flag; 1622 1623 case sTCPKeepAlive: 1624 intptr = &options->tcp_keep_alive; 1625 goto parse_flag; 1626 1627 case sEmptyPasswd: 1628 intptr = &options->permit_empty_passwd; 1629 goto parse_flag; 1630 1631 case sPermitUserEnvironment: 1632 intptr = &options->permit_user_env; 1633 charptr = &options->permit_user_env_whitelist; 1634 arg = strdelim(&cp); 1635 if (!arg || *arg == '\0') 1636 fatal("%s line %d: missing argument.", 1637 filename, linenum); 1638 value = 0; 1639 p = NULL; 1640 if (strcmp(arg, "yes") == 0) 1641 value = 1; 1642 else if (strcmp(arg, "no") == 0) 1643 value = 0; 1644 else { 1645 /* Pattern-list specified */ 1646 value = 1; 1647 p = xstrdup(arg); 1648 } 1649 if (*activep && *intptr == -1) { 1650 *intptr = value; 1651 *charptr = p; 1652 p = NULL; 1653 } 1654 free(p); 1655 break; 1656 1657 case sCompression: 1658 intptr = &options->compression; 1659 multistate_ptr = multistate_compression; 1660 goto parse_multistate; 1661 1662 case sRekeyLimit: 1663 arg = strdelim(&cp); 1664 if (!arg || *arg == '\0') 1665 fatal("%.200s line %d: Missing argument.", filename, 1666 linenum); 1667 if (strcmp(arg, "default") == 0) { 1668 val64 = 0; 1669 } else { 1670 if (scan_scaled(arg, &val64) == -1) 1671 fatal("%.200s line %d: Bad number '%s': %s", 1672 filename, linenum, arg, strerror(errno)); 1673 if (val64 != 0 && val64 < 16) 1674 fatal("%.200s line %d: RekeyLimit too small", 1675 filename, linenum); 1676 } 1677 if (*activep && options->rekey_limit == -1) 1678 options->rekey_limit = val64; 1679 if (cp != NULL) { /* optional rekey interval present */ 1680 if (strcmp(cp, "none") == 0) { 1681 (void)strdelim(&cp); /* discard */ 1682 break; 1683 } 1684 intptr = &options->rekey_interval; 1685 goto parse_time; 1686 } 1687 break; 1688 1689 case sGatewayPorts: 1690 intptr = &options->fwd_opts.gateway_ports; 1691 multistate_ptr = multistate_gatewayports; 1692 goto parse_multistate; 1693 1694 case sUseDNS: 1695 intptr = &options->use_dns; 1696 goto parse_flag; 1697 1698 case sLogFacility: 1699 log_facility_ptr = &options->log_facility; 1700 arg = strdelim(&cp); 1701 value = log_facility_number(arg); 1702 if (value == SYSLOG_FACILITY_NOT_SET) 1703 fatal("%.200s line %d: unsupported log facility '%s'", 1704 filename, linenum, arg ? arg : "<NONE>"); 1705 if (*log_facility_ptr == -1) 1706 *log_facility_ptr = (SyslogFacility) value; 1707 break; 1708 1709 case sLogLevel: 1710 log_level_ptr = &options->log_level; 1711 arg = strdelim(&cp); 1712 value = log_level_number(arg); 1713 if (value == SYSLOG_LEVEL_NOT_SET) 1714 fatal("%.200s line %d: unsupported log level '%s'", 1715 filename, linenum, arg ? arg : "<NONE>"); 1716 if (*activep && *log_level_ptr == -1) 1717 *log_level_ptr = (LogLevel) value; 1718 break; 1719 1720 case sAllowTcpForwarding: 1721 intptr = &options->allow_tcp_forwarding; 1722 multistate_ptr = multistate_tcpfwd; 1723 goto parse_multistate; 1724 1725 case sAllowStreamLocalForwarding: 1726 intptr = &options->allow_streamlocal_forwarding; 1727 multistate_ptr = multistate_tcpfwd; 1728 goto parse_multistate; 1729 1730 case sAllowAgentForwarding: 1731 intptr = &options->allow_agent_forwarding; 1732 goto parse_flag; 1733 1734 case sDisableForwarding: 1735 intptr = &options->disable_forwarding; 1736 goto parse_flag; 1737 1738 case sAllowUsers: 1739 while ((arg = strdelim(&cp)) && *arg != '\0') { 1740 if (match_user(NULL, NULL, NULL, arg) == -1) 1741 fatal("%s line %d: invalid AllowUsers pattern: " 1742 "\"%.100s\"", filename, linenum, arg); 1743 if (!*activep) 1744 continue; 1745 array_append(filename, linenum, "AllowUsers", 1746 &options->allow_users, &options->num_allow_users, 1747 arg); 1748 } 1749 break; 1750 1751 case sDenyUsers: 1752 while ((arg = strdelim(&cp)) && *arg != '\0') { 1753 if (match_user(NULL, NULL, NULL, arg) == -1) 1754 fatal("%s line %d: invalid DenyUsers pattern: " 1755 "\"%.100s\"", filename, linenum, arg); 1756 if (!*activep) 1757 continue; 1758 array_append(filename, linenum, "DenyUsers", 1759 &options->deny_users, &options->num_deny_users, 1760 arg); 1761 } 1762 break; 1763 1764 case sAllowGroups: 1765 while ((arg = strdelim(&cp)) && *arg != '\0') { 1766 if (!*activep) 1767 continue; 1768 array_append(filename, linenum, "AllowGroups", 1769 &options->allow_groups, &options->num_allow_groups, 1770 arg); 1771 } 1772 break; 1773 1774 case sDenyGroups: 1775 while ((arg = strdelim(&cp)) && *arg != '\0') { 1776 if (!*activep) 1777 continue; 1778 array_append(filename, linenum, "DenyGroups", 1779 &options->deny_groups, &options->num_deny_groups, 1780 arg); 1781 } 1782 break; 1783 1784 case sCiphers: 1785 arg = strdelim(&cp); 1786 if (!arg || *arg == '\0') 1787 fatal("%s line %d: Missing argument.", filename, linenum); 1788 if (*arg != '-' && 1789 !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1790 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1791 filename, linenum, arg ? arg : "<NONE>"); 1792 if (options->ciphers == NULL) 1793 options->ciphers = xstrdup(arg); 1794 break; 1795 1796 case sMacs: 1797 arg = strdelim(&cp); 1798 if (!arg || *arg == '\0') 1799 fatal("%s line %d: Missing argument.", filename, linenum); 1800 if (*arg != '-' && 1801 !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1802 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1803 filename, linenum, arg ? arg : "<NONE>"); 1804 if (options->macs == NULL) 1805 options->macs = xstrdup(arg); 1806 break; 1807 1808 case sKexAlgorithms: 1809 arg = strdelim(&cp); 1810 if (!arg || *arg == '\0') 1811 fatal("%s line %d: Missing argument.", 1812 filename, linenum); 1813 if (*arg != '-' && 1814 !kex_names_valid(*arg == '+' || *arg == '^' ? 1815 arg + 1 : arg)) 1816 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1817 filename, linenum, arg ? arg : "<NONE>"); 1818 if (options->kex_algorithms == NULL) 1819 options->kex_algorithms = xstrdup(arg); 1820 break; 1821 1822 case sSubsystem: 1823 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1824 fatal("%s line %d: too many subsystems defined.", 1825 filename, linenum); 1826 } 1827 arg = strdelim(&cp); 1828 if (!arg || *arg == '\0') 1829 fatal("%s line %d: Missing subsystem name.", 1830 filename, linenum); 1831 if (!*activep) { 1832 arg = strdelim(&cp); 1833 break; 1834 } 1835 for (i = 0; i < options->num_subsystems; i++) 1836 if (strcmp(arg, options->subsystem_name[i]) == 0) 1837 fatal("%s line %d: Subsystem '%s' already defined.", 1838 filename, linenum, arg); 1839 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1840 arg = strdelim(&cp); 1841 if (!arg || *arg == '\0') 1842 fatal("%s line %d: Missing subsystem command.", 1843 filename, linenum); 1844 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1845 1846 /* Collect arguments (separate to executable) */ 1847 p = xstrdup(arg); 1848 len = strlen(p) + 1; 1849 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1850 len += 1 + strlen(arg); 1851 p = xreallocarray(p, 1, len); 1852 strlcat(p, " ", len); 1853 strlcat(p, arg, len); 1854 } 1855 options->subsystem_args[options->num_subsystems] = p; 1856 options->num_subsystems++; 1857 break; 1858 1859 case sMaxStartups: 1860 arg = strdelim(&cp); 1861 if (!arg || *arg == '\0') 1862 fatal("%s line %d: Missing MaxStartups spec.", 1863 filename, linenum); 1864 if ((n = sscanf(arg, "%d:%d:%d", 1865 &options->max_startups_begin, 1866 &options->max_startups_rate, 1867 &options->max_startups)) == 3) { 1868 if (options->max_startups_begin > 1869 options->max_startups || 1870 options->max_startups_rate > 100 || 1871 options->max_startups_rate < 1) 1872 fatal("%s line %d: Illegal MaxStartups spec.", 1873 filename, linenum); 1874 } else if (n != 1) 1875 fatal("%s line %d: Illegal MaxStartups spec.", 1876 filename, linenum); 1877 else 1878 options->max_startups = options->max_startups_begin; 1879 break; 1880 1881 case sMaxAuthTries: 1882 intptr = &options->max_authtries; 1883 goto parse_int; 1884 1885 case sMaxSessions: 1886 intptr = &options->max_sessions; 1887 goto parse_int; 1888 1889 case sBanner: 1890 charptr = &options->banner; 1891 goto parse_filename; 1892 1893 /* 1894 * These options can contain %X options expanded at 1895 * connect time, so that you can specify paths like: 1896 * 1897 * AuthorizedKeysFile /etc/ssh_keys/%u 1898 */ 1899 case sAuthorizedKeysFile: 1900 if (*activep && options->num_authkeys_files == 0) { 1901 while ((arg = strdelim(&cp)) && *arg != '\0') { 1902 arg = tilde_expand_filename(arg, getuid()); 1903 array_append(filename, linenum, 1904 "AuthorizedKeysFile", 1905 &options->authorized_keys_files, 1906 &options->num_authkeys_files, arg); 1907 free(arg); 1908 } 1909 } 1910 return 0; 1911 1912 case sAuthorizedPrincipalsFile: 1913 charptr = &options->authorized_principals_file; 1914 arg = strdelim(&cp); 1915 if (!arg || *arg == '\0') 1916 fatal("%s line %d: missing file name.", 1917 filename, linenum); 1918 if (*activep && *charptr == NULL) { 1919 *charptr = tilde_expand_filename(arg, getuid()); 1920 /* increase optional counter */ 1921 if (intptr != NULL) 1922 *intptr = *intptr + 1; 1923 } 1924 break; 1925 1926 case sClientAliveInterval: 1927 intptr = &options->client_alive_interval; 1928 goto parse_time; 1929 1930 case sClientAliveCountMax: 1931 intptr = &options->client_alive_count_max; 1932 goto parse_int; 1933 1934 case sAcceptEnv: 1935 while ((arg = strdelim(&cp)) && *arg != '\0') { 1936 if (strchr(arg, '=') != NULL) 1937 fatal("%s line %d: Invalid environment name.", 1938 filename, linenum); 1939 if (!*activep) 1940 continue; 1941 array_append(filename, linenum, "AcceptEnv", 1942 &options->accept_env, &options->num_accept_env, 1943 arg); 1944 } 1945 break; 1946 1947 case sSetEnv: 1948 uvalue = options->num_setenv; 1949 while ((arg = strdelimw(&cp)) && *arg != '\0') { 1950 if (strchr(arg, '=') == NULL) 1951 fatal("%s line %d: Invalid environment.", 1952 filename, linenum); 1953 if (!*activep || uvalue != 0) 1954 continue; 1955 array_append(filename, linenum, "SetEnv", 1956 &options->setenv, &options->num_setenv, arg); 1957 } 1958 break; 1959 1960 case sPermitTunnel: 1961 intptr = &options->permit_tun; 1962 arg = strdelim(&cp); 1963 if (!arg || *arg == '\0') 1964 fatal("%s line %d: Missing yes/point-to-point/" 1965 "ethernet/no argument.", filename, linenum); 1966 value = -1; 1967 for (i = 0; tunmode_desc[i].val != -1; i++) 1968 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1969 value = tunmode_desc[i].val; 1970 break; 1971 } 1972 if (value == -1) 1973 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1974 "no argument: %s", filename, linenum, arg); 1975 if (*activep && *intptr == -1) 1976 *intptr = value; 1977 break; 1978 1979 case sInclude: 1980 if (cmdline) { 1981 fatal("Include directive not supported as a " 1982 "command-line option"); 1983 } 1984 value = 0; 1985 while ((arg2 = strdelim(&cp)) != NULL && *arg2 != '\0') { 1986 value++; 1987 found = 0; 1988 if (*arg2 != '/' && *arg2 != '~') { 1989 xasprintf(&arg, "%s/%s", SSHDIR, arg2); 1990 } else 1991 arg = xstrdup(arg2); 1992 1993 /* 1994 * Don't let included files clobber the containing 1995 * file's Match state. 1996 */ 1997 oactive = *activep; 1998 1999 /* consult cache of include files */ 2000 TAILQ_FOREACH(item, includes, entry) { 2001 if (strcmp(item->selector, arg) != 0) 2002 continue; 2003 if (item->filename != NULL) { 2004 parse_server_config_depth(options, 2005 item->filename, item->contents, 2006 includes, connectinfo, 2007 (*inc_flags & SSHCFG_MATCH_ONLY 2008 ? SSHCFG_MATCH_ONLY : (oactive 2009 ? 0 : SSHCFG_NEVERMATCH)), 2010 activep, depth + 1); 2011 } 2012 found = 1; 2013 *activep = oactive; 2014 } 2015 if (found != 0) { 2016 free(arg); 2017 continue; 2018 } 2019 2020 /* requested glob was not in cache */ 2021 debug2("%s line %d: new include %s", 2022 filename, linenum, arg); 2023 if ((r = glob(arg, 0, NULL, &gbuf)) != 0) { 2024 if (r != GLOB_NOMATCH) { 2025 fatal("%s line %d: include \"%s\" " 2026 "glob failed", filename, 2027 linenum, arg); 2028 } 2029 /* 2030 * If no entry matched then record a 2031 * placeholder to skip later glob calls. 2032 */ 2033 debug2("%s line %d: no match for %s", 2034 filename, linenum, arg); 2035 item = xcalloc(1, sizeof(*item)); 2036 item->selector = strdup(arg); 2037 TAILQ_INSERT_TAIL(includes, 2038 item, entry); 2039 } 2040 if (gbuf.gl_pathc > INT_MAX) 2041 fatal("%s: too many glob results", __func__); 2042 for (n = 0; n < (int)gbuf.gl_pathc; n++) { 2043 debug2("%s line %d: including %s", 2044 filename, linenum, gbuf.gl_pathv[n]); 2045 item = xcalloc(1, sizeof(*item)); 2046 item->selector = strdup(arg); 2047 item->filename = strdup(gbuf.gl_pathv[n]); 2048 if ((item->contents = sshbuf_new()) == NULL) { 2049 fatal("%s: sshbuf_new failed", 2050 __func__); 2051 } 2052 load_server_config(item->filename, 2053 item->contents); 2054 parse_server_config_depth(options, 2055 item->filename, item->contents, 2056 includes, connectinfo, 2057 (*inc_flags & SSHCFG_MATCH_ONLY 2058 ? SSHCFG_MATCH_ONLY : (oactive 2059 ? 0 : SSHCFG_NEVERMATCH)), 2060 activep, depth + 1); 2061 *activep = oactive; 2062 TAILQ_INSERT_TAIL(includes, item, entry); 2063 } 2064 globfree(&gbuf); 2065 free(arg); 2066 } 2067 if (value == 0) { 2068 fatal("%s line %d: Include missing filename argument", 2069 filename, linenum); 2070 } 2071 break; 2072 2073 case sMatch: 2074 if (cmdline) 2075 fatal("Match directive not supported as a command-line " 2076 "option"); 2077 value = match_cfg_line(&cp, linenum, 2078 (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo)); 2079 if (value < 0) 2080 fatal("%s line %d: Bad Match condition", filename, 2081 linenum); 2082 *activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; 2083 /* The MATCH_ONLY is applicable only until the first match block */ 2084 *inc_flags &= ~SSHCFG_MATCH_ONLY; 2085 break; 2086 2087 case sPermitListen: 2088 case sPermitOpen: 2089 if (opcode == sPermitListen) { 2090 uintptr = &options->num_permitted_listens; 2091 chararrayptr = &options->permitted_listens; 2092 } else { 2093 uintptr = &options->num_permitted_opens; 2094 chararrayptr = &options->permitted_opens; 2095 } 2096 arg = strdelim(&cp); 2097 if (!arg || *arg == '\0') 2098 fatal("%s line %d: missing %s specification", 2099 filename, linenum, lookup_opcode_name(opcode)); 2100 uvalue = *uintptr; /* modified later */ 2101 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { 2102 if (*activep && uvalue == 0) { 2103 *uintptr = 1; 2104 *chararrayptr = xcalloc(1, 2105 sizeof(**chararrayptr)); 2106 (*chararrayptr)[0] = xstrdup(arg); 2107 } 2108 break; 2109 } 2110 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 2111 if (opcode == sPermitListen && 2112 strchr(arg, ':') == NULL) { 2113 /* 2114 * Allow bare port number for PermitListen 2115 * to indicate a wildcard listen host. 2116 */ 2117 xasprintf(&arg2, "*:%s", arg); 2118 } else { 2119 arg2 = xstrdup(arg); 2120 ch = '\0'; 2121 p = hpdelim2(&arg, &ch); 2122 if (p == NULL || ch == '/') { 2123 fatal("%s line %d: missing host in %s", 2124 filename, linenum, 2125 lookup_opcode_name(opcode)); 2126 } 2127 p = cleanhostname(p); 2128 } 2129 if (arg == NULL || 2130 ((port = permitopen_port(arg)) < 0)) { 2131 fatal("%s line %d: bad port number in %s", 2132 filename, linenum, 2133 lookup_opcode_name(opcode)); 2134 } 2135 if (*activep && uvalue == 0) { 2136 array_append(filename, linenum, 2137 lookup_opcode_name(opcode), 2138 chararrayptr, uintptr, arg2); 2139 } 2140 free(arg2); 2141 } 2142 break; 2143 2144 case sForceCommand: 2145 if (cp == NULL || *cp == '\0') 2146 fatal("%.200s line %d: Missing argument.", filename, 2147 linenum); 2148 len = strspn(cp, WHITESPACE); 2149 if (*activep && options->adm_forced_command == NULL) 2150 options->adm_forced_command = xstrdup(cp + len); 2151 return 0; 2152 2153 case sChrootDirectory: 2154 charptr = &options->chroot_directory; 2155 2156 arg = strdelim(&cp); 2157 if (!arg || *arg == '\0') 2158 fatal("%s line %d: missing file name.", 2159 filename, linenum); 2160 if (*activep && *charptr == NULL) 2161 *charptr = xstrdup(arg); 2162 break; 2163 2164 case sTrustedUserCAKeys: 2165 charptr = &options->trusted_user_ca_keys; 2166 goto parse_filename; 2167 2168 case sRevokedKeys: 2169 charptr = &options->revoked_keys_file; 2170 goto parse_filename; 2171 2172 case sSecurityKeyProvider: 2173 charptr = &options->sk_provider; 2174 arg = strdelim(&cp); 2175 if (!arg || *arg == '\0') 2176 fatal("%s line %d: missing file name.", 2177 filename, linenum); 2178 if (*activep && *charptr == NULL) { 2179 *charptr = strcasecmp(arg, "internal") == 0 ? 2180 xstrdup(arg) : derelativise_path(arg); 2181 /* increase optional counter */ 2182 if (intptr != NULL) 2183 *intptr = *intptr + 1; 2184 } 2185 break; 2186 2187 case sIPQoS: 2188 arg = strdelim(&cp); 2189 if ((value = parse_ipqos(arg)) == -1) 2190 fatal("%s line %d: Bad IPQoS value: %s", 2191 filename, linenum, arg); 2192 arg = strdelim(&cp); 2193 if (arg == NULL) 2194 value2 = value; 2195 else if ((value2 = parse_ipqos(arg)) == -1) 2196 fatal("%s line %d: Bad IPQoS value: %s", 2197 filename, linenum, arg); 2198 if (*activep) { 2199 options->ip_qos_interactive = value; 2200 options->ip_qos_bulk = value2; 2201 } 2202 break; 2203 2204 case sVersionAddendum: 2205 if (cp == NULL || *cp == '\0') 2206 fatal("%.200s line %d: Missing argument.", filename, 2207 linenum); 2208 len = strspn(cp, WHITESPACE); 2209 if (*activep && options->version_addendum == NULL) { 2210 if (strcasecmp(cp + len, "none") == 0) 2211 options->version_addendum = xstrdup(""); 2212 else if (strchr(cp + len, '\r') != NULL) 2213 fatal("%.200s line %d: Invalid argument", 2214 filename, linenum); 2215 else 2216 options->version_addendum = xstrdup(cp + len); 2217 } 2218 return 0; 2219 2220 case sAuthorizedKeysCommand: 2221 if (cp == NULL) 2222 fatal("%.200s line %d: Missing argument.", filename, 2223 linenum); 2224 len = strspn(cp, WHITESPACE); 2225 if (*activep && options->authorized_keys_command == NULL) { 2226 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2227 fatal("%.200s line %d: AuthorizedKeysCommand " 2228 "must be an absolute path", 2229 filename, linenum); 2230 options->authorized_keys_command = xstrdup(cp + len); 2231 } 2232 return 0; 2233 2234 case sAuthorizedKeysCommandUser: 2235 charptr = &options->authorized_keys_command_user; 2236 2237 arg = strdelim(&cp); 2238 if (!arg || *arg == '\0') 2239 fatal("%s line %d: missing AuthorizedKeysCommandUser " 2240 "argument.", filename, linenum); 2241 if (*activep && *charptr == NULL) 2242 *charptr = xstrdup(arg); 2243 break; 2244 2245 case sAuthorizedPrincipalsCommand: 2246 if (cp == NULL) 2247 fatal("%.200s line %d: Missing argument.", filename, 2248 linenum); 2249 len = strspn(cp, WHITESPACE); 2250 if (*activep && 2251 options->authorized_principals_command == NULL) { 2252 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2253 fatal("%.200s line %d: " 2254 "AuthorizedPrincipalsCommand must be " 2255 "an absolute path", filename, linenum); 2256 options->authorized_principals_command = 2257 xstrdup(cp + len); 2258 } 2259 return 0; 2260 2261 case sAuthorizedPrincipalsCommandUser: 2262 charptr = &options->authorized_principals_command_user; 2263 2264 arg = strdelim(&cp); 2265 if (!arg || *arg == '\0') 2266 fatal("%s line %d: missing " 2267 "AuthorizedPrincipalsCommandUser argument.", 2268 filename, linenum); 2269 if (*activep && *charptr == NULL) 2270 *charptr = xstrdup(arg); 2271 break; 2272 2273 case sAuthenticationMethods: 2274 if (options->num_auth_methods == 0) { 2275 value = 0; /* seen "any" pseudo-method */ 2276 value2 = 0; /* successfully parsed any method */ 2277 while ((arg = strdelim(&cp)) && *arg != '\0') { 2278 if (strcmp(arg, "any") == 0) { 2279 if (options->num_auth_methods > 0) { 2280 fatal("%s line %d: \"any\" " 2281 "must appear alone in " 2282 "AuthenticationMethods", 2283 filename, linenum); 2284 } 2285 value = 1; 2286 } else if (value) { 2287 fatal("%s line %d: \"any\" must appear " 2288 "alone in AuthenticationMethods", 2289 filename, linenum); 2290 } else if (auth2_methods_valid(arg, 0) != 0) { 2291 fatal("%s line %d: invalid " 2292 "authentication method list.", 2293 filename, linenum); 2294 } 2295 value2 = 1; 2296 if (!*activep) 2297 continue; 2298 array_append(filename, linenum, 2299 "AuthenticationMethods", 2300 &options->auth_methods, 2301 &options->num_auth_methods, arg); 2302 } 2303 if (value2 == 0) { 2304 fatal("%s line %d: no AuthenticationMethods " 2305 "specified", filename, linenum); 2306 } 2307 } 2308 return 0; 2309 2310 case sStreamLocalBindMask: 2311 arg = strdelim(&cp); 2312 if (!arg || *arg == '\0') 2313 fatal("%s line %d: missing StreamLocalBindMask " 2314 "argument.", filename, linenum); 2315 /* Parse mode in octal format */ 2316 value = strtol(arg, &p, 8); 2317 if (arg == p || value < 0 || value > 0777) 2318 fatal("%s line %d: Bad mask.", filename, linenum); 2319 if (*activep) 2320 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 2321 break; 2322 2323 case sStreamLocalBindUnlink: 2324 intptr = &options->fwd_opts.streamlocal_bind_unlink; 2325 goto parse_flag; 2326 2327 case sFingerprintHash: 2328 arg = strdelim(&cp); 2329 if (!arg || *arg == '\0') 2330 fatal("%.200s line %d: Missing argument.", 2331 filename, linenum); 2332 if ((value = ssh_digest_alg_by_name(arg)) == -1) 2333 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 2334 filename, linenum, arg); 2335 if (*activep) 2336 options->fingerprint_hash = value; 2337 break; 2338 2339 case sExposeAuthInfo: 2340 intptr = &options->expose_userauth_info; 2341 goto parse_flag; 2342 2343 case sRDomain: 2344 #if !defined(__OpenBSD__) && !defined(HAVE_SYS_SET_PROCESS_RDOMAIN) 2345 fatal("%s line %d: setting RDomain not supported on this " 2346 "platform.", filename, linenum); 2347 #endif 2348 charptr = &options->routing_domain; 2349 arg = strdelim(&cp); 2350 if (!arg || *arg == '\0') 2351 fatal("%.200s line %d: Missing argument.", 2352 filename, linenum); 2353 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && 2354 !valid_rdomain(arg)) 2355 fatal("%s line %d: bad routing domain", 2356 filename, linenum); 2357 if (*activep && *charptr == NULL) 2358 *charptr = xstrdup(arg); 2359 break; 2360 2361 case sDeprecated: 2362 case sIgnore: 2363 case sUnsupported: 2364 do_log2(opcode == sIgnore ? 2365 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 2366 "%s line %d: %s option %s", filename, linenum, 2367 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); 2368 while (arg) 2369 arg = strdelim(&cp); 2370 break; 2371 2372 default: 2373 fatal("%s line %d: Missing handler for opcode %s (%d)", 2374 filename, linenum, arg, opcode); 2375 } 2376 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 2377 fatal("%s line %d: garbage at end of line; \"%.200s\".", 2378 filename, linenum, arg); 2379 return 0; 2380 } 2381 2382 int 2383 process_server_config_line(ServerOptions *options, char *line, 2384 const char *filename, int linenum, int *activep, 2385 struct connection_info *connectinfo, struct include_list *includes) 2386 { 2387 int inc_flags = 0; 2388 2389 return process_server_config_line_depth(options, line, filename, 2390 linenum, activep, connectinfo, &inc_flags, 0, includes); 2391 } 2392 2393 2394 /* Reads the server configuration file. */ 2395 2396 void 2397 load_server_config(const char *filename, struct sshbuf *conf) 2398 { 2399 struct stat st; 2400 char *line = NULL, *cp; 2401 size_t linesize = 0; 2402 FILE *f; 2403 int r, lineno = 0; 2404 2405 debug2("%s: filename %s", __func__, filename); 2406 if ((f = fopen(filename, "r")) == NULL) { 2407 perror(filename); 2408 exit(1); 2409 } 2410 sshbuf_reset(conf); 2411 /* grow buffer, so realloc is avoided for large config files */ 2412 if (fstat(fileno(f), &st) == 0 && st.st_size > 0 && 2413 (r = sshbuf_allocate(conf, st.st_size)) != 0) 2414 fatal("%s: allocate failed: %s", __func__, ssh_err(r)); 2415 while (getline(&line, &linesize, f) != -1) { 2416 lineno++; 2417 /* 2418 * Trim out comments and strip whitespace 2419 * NB - preserve newlines, they are needed to reproduce 2420 * line numbers later for error messages 2421 */ 2422 if ((cp = strchr(line, '#')) != NULL) 2423 memcpy(cp, "\n", 2); 2424 cp = line + strspn(line, " \t\r"); 2425 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) 2426 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2427 } 2428 free(line); 2429 if ((r = sshbuf_put_u8(conf, 0)) != 0) 2430 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2431 fclose(f); 2432 debug2("%s: done config len = %zu", __func__, sshbuf_len(conf)); 2433 } 2434 2435 void 2436 parse_server_match_config(ServerOptions *options, 2437 struct include_list *includes, struct connection_info *connectinfo) 2438 { 2439 ServerOptions mo; 2440 2441 initialize_server_options(&mo); 2442 parse_server_config(&mo, "reprocess config", cfg, includes, 2443 connectinfo); 2444 copy_set_server_options(options, &mo, 0); 2445 } 2446 2447 int parse_server_match_testspec(struct connection_info *ci, char *spec) 2448 { 2449 char *p; 2450 2451 while ((p = strsep(&spec, ",")) && *p != '\0') { 2452 if (strncmp(p, "addr=", 5) == 0) { 2453 ci->address = xstrdup(p + 5); 2454 } else if (strncmp(p, "host=", 5) == 0) { 2455 ci->host = xstrdup(p + 5); 2456 } else if (strncmp(p, "user=", 5) == 0) { 2457 ci->user = xstrdup(p + 5); 2458 } else if (strncmp(p, "laddr=", 6) == 0) { 2459 ci->laddress = xstrdup(p + 6); 2460 } else if (strncmp(p, "rdomain=", 8) == 0) { 2461 ci->rdomain = xstrdup(p + 8); 2462 } else if (strncmp(p, "lport=", 6) == 0) { 2463 ci->lport = a2port(p + 6); 2464 if (ci->lport == -1) { 2465 fprintf(stderr, "Invalid port '%s' in test mode" 2466 " specification %s\n", p+6, p); 2467 return -1; 2468 } 2469 } else { 2470 fprintf(stderr, "Invalid test mode specification %s\n", 2471 p); 2472 return -1; 2473 } 2474 } 2475 return 0; 2476 } 2477 2478 /* 2479 * Copy any supported values that are set. 2480 * 2481 * If the preauth flag is set, we do not bother copying the string or 2482 * array values that are not used pre-authentication, because any that we 2483 * do use must be explicitly sent in mm_getpwnamallow(). 2484 */ 2485 void 2486 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 2487 { 2488 #define M_CP_INTOPT(n) do {\ 2489 if (src->n != -1) \ 2490 dst->n = src->n; \ 2491 } while (0) 2492 2493 M_CP_INTOPT(password_authentication); 2494 M_CP_INTOPT(gss_authentication); 2495 M_CP_INTOPT(pubkey_authentication); 2496 M_CP_INTOPT(pubkey_auth_options); 2497 M_CP_INTOPT(kerberos_authentication); 2498 M_CP_INTOPT(hostbased_authentication); 2499 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 2500 M_CP_INTOPT(kbd_interactive_authentication); 2501 M_CP_INTOPT(permit_root_login); 2502 M_CP_INTOPT(permit_empty_passwd); 2503 M_CP_INTOPT(ignore_rhosts); 2504 2505 M_CP_INTOPT(allow_tcp_forwarding); 2506 M_CP_INTOPT(allow_streamlocal_forwarding); 2507 M_CP_INTOPT(allow_agent_forwarding); 2508 M_CP_INTOPT(disable_forwarding); 2509 M_CP_INTOPT(expose_userauth_info); 2510 M_CP_INTOPT(permit_tun); 2511 M_CP_INTOPT(fwd_opts.gateway_ports); 2512 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2513 M_CP_INTOPT(x11_display_offset); 2514 M_CP_INTOPT(x11_forwarding); 2515 M_CP_INTOPT(x11_use_localhost); 2516 M_CP_INTOPT(permit_tty); 2517 M_CP_INTOPT(permit_user_rc); 2518 M_CP_INTOPT(max_sessions); 2519 M_CP_INTOPT(max_authtries); 2520 M_CP_INTOPT(client_alive_count_max); 2521 M_CP_INTOPT(client_alive_interval); 2522 M_CP_INTOPT(ip_qos_interactive); 2523 M_CP_INTOPT(ip_qos_bulk); 2524 M_CP_INTOPT(rekey_limit); 2525 M_CP_INTOPT(rekey_interval); 2526 M_CP_INTOPT(log_level); 2527 2528 /* 2529 * The bind_mask is a mode_t that may be unsigned, so we can't use 2530 * M_CP_INTOPT - it does a signed comparison that causes compiler 2531 * warnings. 2532 */ 2533 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 2534 dst->fwd_opts.streamlocal_bind_mask = 2535 src->fwd_opts.streamlocal_bind_mask; 2536 } 2537 2538 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2539 #define M_CP_STROPT(n) do {\ 2540 if (src->n != NULL && dst->n != src->n) { \ 2541 free(dst->n); \ 2542 dst->n = src->n; \ 2543 } \ 2544 } while(0) 2545 #define M_CP_STRARRAYOPT(s, num_s) do {\ 2546 u_int i; \ 2547 if (src->num_s != 0) { \ 2548 for (i = 0; i < dst->num_s; i++) \ 2549 free(dst->s[i]); \ 2550 free(dst->s); \ 2551 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \ 2552 for (i = 0; i < src->num_s; i++) \ 2553 dst->s[i] = xstrdup(src->s[i]); \ 2554 dst->num_s = src->num_s; \ 2555 } \ 2556 } while(0) 2557 2558 /* See comment in servconf.h */ 2559 COPY_MATCH_STRING_OPTS(); 2560 2561 /* Arguments that accept '+...' need to be expanded */ 2562 assemble_algorithms(dst); 2563 2564 /* 2565 * The only things that should be below this point are string options 2566 * which are only used after authentication. 2567 */ 2568 if (preauth) 2569 return; 2570 2571 /* These options may be "none" to clear a global setting */ 2572 M_CP_STROPT(adm_forced_command); 2573 if (option_clear_or_none(dst->adm_forced_command)) { 2574 free(dst->adm_forced_command); 2575 dst->adm_forced_command = NULL; 2576 } 2577 M_CP_STROPT(chroot_directory); 2578 if (option_clear_or_none(dst->chroot_directory)) { 2579 free(dst->chroot_directory); 2580 dst->chroot_directory = NULL; 2581 } 2582 } 2583 2584 #undef M_CP_INTOPT 2585 #undef M_CP_STROPT 2586 #undef M_CP_STRARRAYOPT 2587 2588 #define SERVCONF_MAX_DEPTH 16 2589 static void 2590 parse_server_config_depth(ServerOptions *options, const char *filename, 2591 struct sshbuf *conf, struct include_list *includes, 2592 struct connection_info *connectinfo, int flags, int *activep, int depth) 2593 { 2594 int linenum, bad_options = 0; 2595 char *cp, *obuf, *cbuf; 2596 2597 if (depth < 0 || depth > SERVCONF_MAX_DEPTH) 2598 fatal("Too many recursive configuration includes"); 2599 2600 debug2("%s: config %s len %zu%s", __func__, filename, sshbuf_len(conf), 2601 (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : "")); 2602 2603 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2604 fatal("%s: sshbuf_dup_string failed", __func__); 2605 linenum = 1; 2606 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2607 if (process_server_config_line_depth(options, cp, 2608 filename, linenum++, activep, connectinfo, &flags, 2609 depth, includes) != 0) 2610 bad_options++; 2611 } 2612 free(obuf); 2613 if (bad_options > 0) 2614 fatal("%s: terminating, %d bad configuration options", 2615 filename, bad_options); 2616 } 2617 2618 void 2619 parse_server_config(ServerOptions *options, const char *filename, 2620 struct sshbuf *conf, struct include_list *includes, 2621 struct connection_info *connectinfo) 2622 { 2623 int active = connectinfo ? 0 : 1; 2624 parse_server_config_depth(options, filename, conf, includes, 2625 connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0); 2626 process_queued_listen_addrs(options); 2627 } 2628 2629 static const char * 2630 fmt_multistate_int(int val, const struct multistate *m) 2631 { 2632 u_int i; 2633 2634 for (i = 0; m[i].key != NULL; i++) { 2635 if (m[i].value == val) 2636 return m[i].key; 2637 } 2638 return "UNKNOWN"; 2639 } 2640 2641 static const char * 2642 fmt_intarg(ServerOpCodes code, int val) 2643 { 2644 if (val == -1) 2645 return "unset"; 2646 switch (code) { 2647 case sAddressFamily: 2648 return fmt_multistate_int(val, multistate_addressfamily); 2649 case sPermitRootLogin: 2650 return fmt_multistate_int(val, multistate_permitrootlogin); 2651 case sGatewayPorts: 2652 return fmt_multistate_int(val, multistate_gatewayports); 2653 case sCompression: 2654 return fmt_multistate_int(val, multistate_compression); 2655 case sAllowTcpForwarding: 2656 return fmt_multistate_int(val, multistate_tcpfwd); 2657 case sAllowStreamLocalForwarding: 2658 return fmt_multistate_int(val, multistate_tcpfwd); 2659 case sIgnoreRhosts: 2660 return fmt_multistate_int(val, multistate_ignore_rhosts); 2661 case sFingerprintHash: 2662 return ssh_digest_alg_name(val); 2663 default: 2664 switch (val) { 2665 case 0: 2666 return "no"; 2667 case 1: 2668 return "yes"; 2669 default: 2670 return "UNKNOWN"; 2671 } 2672 } 2673 } 2674 2675 static void 2676 dump_cfg_int(ServerOpCodes code, int val) 2677 { 2678 printf("%s %d\n", lookup_opcode_name(code), val); 2679 } 2680 2681 static void 2682 dump_cfg_oct(ServerOpCodes code, int val) 2683 { 2684 printf("%s 0%o\n", lookup_opcode_name(code), val); 2685 } 2686 2687 static void 2688 dump_cfg_fmtint(ServerOpCodes code, int val) 2689 { 2690 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2691 } 2692 2693 static void 2694 dump_cfg_string(ServerOpCodes code, const char *val) 2695 { 2696 printf("%s %s\n", lookup_opcode_name(code), 2697 val == NULL ? "none" : val); 2698 } 2699 2700 static void 2701 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2702 { 2703 u_int i; 2704 2705 for (i = 0; i < count; i++) 2706 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2707 } 2708 2709 static void 2710 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2711 { 2712 u_int i; 2713 2714 if (count <= 0 && code != sAuthenticationMethods) 2715 return; 2716 printf("%s", lookup_opcode_name(code)); 2717 for (i = 0; i < count; i++) 2718 printf(" %s", vals[i]); 2719 if (code == sAuthenticationMethods && count == 0) 2720 printf(" any"); 2721 printf("\n"); 2722 } 2723 2724 static char * 2725 format_listen_addrs(struct listenaddr *la) 2726 { 2727 int r; 2728 struct addrinfo *ai; 2729 char addr[NI_MAXHOST], port[NI_MAXSERV]; 2730 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2731 2732 /* 2733 * ListenAddress must be after Port. add_one_listen_addr pushes 2734 * addresses onto a stack, so to maintain ordering we need to 2735 * print these in reverse order. 2736 */ 2737 for (ai = la->addrs; ai; ai = ai->ai_next) { 2738 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2739 sizeof(addr), port, sizeof(port), 2740 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2741 error("getnameinfo: %.100s", ssh_gai_strerror(r)); 2742 continue; 2743 } 2744 laddr2 = laddr1; 2745 if (ai->ai_family == AF_INET6) { 2746 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s", 2747 addr, port, 2748 la->rdomain == NULL ? "" : " rdomain ", 2749 la->rdomain == NULL ? "" : la->rdomain, 2750 laddr2); 2751 } else { 2752 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s", 2753 addr, port, 2754 la->rdomain == NULL ? "" : " rdomain ", 2755 la->rdomain == NULL ? "" : la->rdomain, 2756 laddr2); 2757 } 2758 free(laddr2); 2759 } 2760 return laddr1; 2761 } 2762 2763 void 2764 dump_config(ServerOptions *o) 2765 { 2766 char *s; 2767 u_int i; 2768 2769 /* these are usually at the top of the config */ 2770 for (i = 0; i < o->num_ports; i++) 2771 printf("port %d\n", o->ports[i]); 2772 dump_cfg_fmtint(sAddressFamily, o->address_family); 2773 2774 for (i = 0; i < o->num_listen_addrs; i++) { 2775 s = format_listen_addrs(&o->listen_addrs[i]); 2776 printf("%s", s); 2777 free(s); 2778 } 2779 2780 /* integer arguments */ 2781 #ifdef USE_PAM 2782 dump_cfg_fmtint(sUsePAM, o->use_pam); 2783 #endif 2784 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2785 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2786 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2787 dump_cfg_int(sMaxSessions, o->max_sessions); 2788 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2789 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2790 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2791 2792 /* formatted integer arguments */ 2793 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2794 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2795 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2796 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2797 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2798 o->hostbased_uses_name_from_packet_only); 2799 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2800 #ifdef KRB5 2801 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2802 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2803 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2804 # ifdef USE_AFS 2805 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2806 # endif 2807 #endif 2808 #ifdef GSSAPI 2809 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2810 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2811 #endif 2812 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2813 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2814 o->kbd_interactive_authentication); 2815 dump_cfg_fmtint(sChallengeResponseAuthentication, 2816 o->challenge_response_authentication); 2817 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2818 #ifndef DISABLE_LASTLOG 2819 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2820 #endif 2821 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2822 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2823 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2824 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2825 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2826 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2827 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2828 dump_cfg_fmtint(sCompression, o->compression); 2829 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2830 dump_cfg_fmtint(sUseDNS, o->use_dns); 2831 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2832 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2833 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2834 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2835 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2836 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2837 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); 2838 2839 /* string arguments */ 2840 dump_cfg_string(sPidFile, o->pid_file); 2841 dump_cfg_string(sXAuthLocation, o->xauth_location); 2842 dump_cfg_string(sCiphers, o->ciphers); 2843 dump_cfg_string(sMacs, o->macs); 2844 dump_cfg_string(sBanner, o->banner); 2845 dump_cfg_string(sForceCommand, o->adm_forced_command); 2846 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2847 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2848 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2849 dump_cfg_string(sSecurityKeyProvider, o->sk_provider); 2850 dump_cfg_string(sAuthorizedPrincipalsFile, 2851 o->authorized_principals_file); 2852 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2853 ? "none" : o->version_addendum); 2854 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2855 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2856 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2857 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2858 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2859 dump_cfg_string