1 2 /* $OpenBSD: servconf.c,v 1.367 2020/07/05 23:59:45 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include <sys/types.h> 15 #include <sys/socket.h> 16 #include <sys/queue.h> 17 #include <sys/sysctl.h> 18 #include <sys/stat.h> 19 20 #include <netinet/in.h> 21 #include <netinet/ip.h> 22 #include <net/route.h> 23 24 #include <ctype.h> 25 #include <glob.h> 26 #include <netdb.h> 27 #include <pwd.h> 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <string.h> 31 #include <signal.h> 32 #include <unistd.h> 33 #include <limits.h> 34 #include <stdarg.h> 35 #include <errno.h> 36 #include <util.h> 37 38 #include "xmalloc.h" 39 #include "ssh.h" 40 #include "log.h" 41 #include "sshbuf.h" 42 #include "misc.h" 43 #include "servconf.h" 44 #include "compat.h" 45 #include "pathnames.h" 46 #include "cipher.h" 47 #include "sshkey.h" 48 #include "kex.h" 49 #include "mac.h" 50 #include "match.h" 51 #include "channels.h" 52 #include "groupaccess.h" 53 #include "canohost.h" 54 #include "packet.h" 55 #include "ssherr.h" 56 #include "hostfile.h" 57 #include "auth.h" 58 #include "myproposal.h" 59 #include "digest.h" 60 61 static void add_listen_addr(ServerOptions *, const char *, 62 const char *, int); 63 static void add_one_listen_addr(ServerOptions *, const char *, 64 const char *, int); 65 static void parse_server_config_depth(ServerOptions *options, 66 const char *filename, struct sshbuf *conf, struct include_list *includes, 67 struct connection_info *connectinfo, int flags, int *activep, int depth); 68 69 /* Use of privilege separation or not */ 70 extern int use_privsep; 71 extern struct sshbuf *cfg; 72 73 /* Initializes the server options to their default values. */ 74 75 void 76 initialize_server_options(ServerOptions *options) 77 { 78 memset(options, 0, sizeof(*options)); 79 options->num_ports = 0; 80 options->ports_from_cmdline = 0; 81 options->queued_listen_addrs = NULL; 82 options->num_queued_listens = 0; 83 options->listen_addrs = NULL; 84 options->num_listen_addrs = 0; 85 options->address_family = -1; 86 options->routing_domain = NULL; 87 options->num_host_key_files = 0; 88 options->num_host_cert_files = 0; 89 options->host_key_agent = NULL; 90 options->pid_file = NULL; 91 options->login_grace_time = -1; 92 options->permit_root_login = PERMIT_NOT_SET; 93 options->ignore_rhosts = -1; 94 options->ignore_user_known_hosts = -1; 95 options->print_motd = -1; 96 options->print_lastlog = -1; 97 options->x11_forwarding = -1; 98 options->x11_display_offset = -1; 99 options->x11_use_localhost = -1; 100 options->permit_tty = -1; 101 options->permit_user_rc = -1; 102 options->xauth_location = NULL; 103 options->strict_modes = -1; 104 options->tcp_keep_alive = -1; 105 options->log_facility = SYSLOG_FACILITY_NOT_SET; 106 options->log_level = SYSLOG_LEVEL_NOT_SET; 107 options->hostbased_authentication = -1; 108 options->hostbased_uses_name_from_packet_only = -1; 109 options->hostbased_key_types = NULL; 110 options->hostkeyalgorithms = NULL; 111 options->pubkey_authentication = -1; 112 options->pubkey_auth_options = -1; 113 options->pubkey_key_types = NULL; 114 options->kerberos_authentication = -1; 115 options->kerberos_or_local_passwd = -1; 116 options->kerberos_ticket_cleanup = -1; 117 options->kerberos_get_afs_token = -1; 118 options->gss_authentication=-1; 119 options->gss_cleanup_creds = -1; 120 options->gss_strict_acceptor = -1; 121 options->password_authentication = -1; 122 options->kbd_interactive_authentication = -1; 123 options->challenge_response_authentication = -1; 124 options->permit_empty_passwd = -1; 125 options->permit_user_env = -1; 126 options->permit_user_env_allowlist = NULL; 127 options->compression = -1; 128 options->rekey_limit = -1; 129 options->rekey_interval = -1; 130 options->allow_tcp_forwarding = -1; 131 options->allow_streamlocal_forwarding = -1; 132 options->allow_agent_forwarding = -1; 133 options->num_allow_users = 0; 134 options->num_deny_users = 0; 135 options->num_allow_groups = 0; 136 options->num_deny_groups = 0; 137 options->ciphers = NULL; 138 options->macs = NULL; 139 options->kex_algorithms = NULL; 140 options->ca_sign_algorithms = NULL; 141 options->fwd_opts.gateway_ports = -1; 142 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 143 options->fwd_opts.streamlocal_bind_unlink = -1; 144 options->num_subsystems = 0; 145 options->max_startups_begin = -1; 146 options->max_startups_rate = -1; 147 options->max_startups = -1; 148 options->max_authtries = -1; 149 options->max_sessions = -1; 150 options->banner = NULL; 151 options->use_dns = -1; 152 options->client_alive_interval = -1; 153 options->client_alive_count_max = -1; 154 options->num_authkeys_files = 0; 155 options->num_accept_env = 0; 156 options->num_setenv = 0; 157 options->permit_tun = -1; 158 options->permitted_opens = NULL; 159 options->permitted_listens = NULL; 160 options->adm_forced_command = NULL; 161 options->chroot_directory = NULL; 162 options->authorized_keys_command = NULL; 163 options->authorized_keys_command_user = NULL; 164 options->revoked_keys_file = NULL; 165 options->sk_provider = NULL; 166 options->trusted_user_ca_keys = NULL; 167 options->authorized_principals_file = NULL; 168 options->authorized_principals_command = NULL; 169 options->authorized_principals_command_user = NULL; 170 options->ip_qos_interactive = -1; 171 options->ip_qos_bulk = -1; 172 options->version_addendum = NULL; 173 options->fingerprint_hash = -1; 174 options->disable_forwarding = -1; 175 options->expose_userauth_info = -1; 176 } 177 178 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 179 static int 180 option_clear_or_none(const char *o) 181 { 182 return o == NULL || strcasecmp(o, "none") == 0; 183 } 184 185 static void 186 assemble_algorithms(ServerOptions *o) 187 { 188 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 189 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; 190 int r; 191 192 all_cipher = cipher_alg_list(',', 0); 193 all_mac = mac_alg_list(','); 194 all_kex = kex_alg_list(','); 195 all_key = sshkey_alg_list(0, 0, 1, ','); 196 all_sig = sshkey_alg_list(0, 1, 1, ','); 197 /* remove unsupported algos from default lists */ 198 def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher); 199 def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac); 200 def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex); 201 def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key); 202 def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig); 203 #define ASSEMBLE(what, defaults, all) \ 204 do { \ 205 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ 206 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ 207 } while (0) 208 ASSEMBLE(ciphers, def_cipher, all_cipher); 209 ASSEMBLE(macs, def_mac, all_mac); 210 ASSEMBLE(kex_algorithms, def_kex, all_kex); 211 ASSEMBLE(hostkeyalgorithms, def_key, all_key); 212 ASSEMBLE(hostbased_key_types, def_key, all_key); 213 ASSEMBLE(pubkey_key_types, def_key, all_key); 214 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); 215 #undef ASSEMBLE 216 free(all_cipher); 217 free(all_mac); 218 free(all_kex); 219 free(all_key); 220 free(all_sig); 221 free(def_cipher); 222 free(def_mac); 223 free(def_kex); 224 free(def_key); 225 free(def_sig); 226 } 227 228 static void 229 array_append2(const char *file, const int line, const char *directive, 230 char ***array, int **iarray, u_int *lp, const char *s, int i) 231 { 232 233 if (*lp >= INT_MAX) 234 fatal("%s line %d: Too many %s entries", file, line, directive); 235 236 if (iarray != NULL) { 237 *iarray = xrecallocarray(*iarray, *lp, *lp + 1, 238 sizeof(**iarray)); 239 (*iarray)[*lp] = i; 240 } 241 242 *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array)); 243 (*array)[*lp] = xstrdup(s); 244 (*lp)++; 245 } 246 247 static void 248 array_append(const char *file, const int line, const char *directive, 249 char ***array, u_int *lp, const char *s) 250 { 251 array_append2(file, line, directive, array, NULL, lp, s, 0); 252 } 253 254 void 255 servconf_add_hostkey(const char *file, const int line, 256 ServerOptions *options, const char *path, int userprovided) 257 { 258 char *apath = derelativise_path(path); 259 260 array_append2(file, line, "HostKey", 261 &options->host_key_files, &options->host_key_file_userprovided, 262 &options->num_host_key_files, apath, userprovided); 263 free(apath); 264 } 265 266 void 267 servconf_add_hostcert(const char *file, const int line, 268 ServerOptions *options, const char *path) 269 { 270 char *apath = derelativise_path(path); 271 272 array_append(file, line, "HostCertificate", 273 &options->host_cert_files, &options->num_host_cert_files, apath); 274 free(apath); 275 } 276 277 void 278 fill_default_server_options(ServerOptions *options) 279 { 280 u_int i; 281 282 if (options->num_host_key_files == 0) { 283 /* fill default hostkeys */ 284 servconf_add_hostkey("[default]", 0, options, 285 _PATH_HOST_RSA_KEY_FILE, 0); 286 servconf_add_hostkey("[default]", 0, options, 287 _PATH_HOST_ECDSA_KEY_FILE, 0); 288 servconf_add_hostkey("[default]", 0, options, 289 _PATH_HOST_ED25519_KEY_FILE, 0); 290 #ifdef WITH_XMSS 291 servconf_add_hostkey("[default]", 0, options, 292 _PATH_HOST_XMSS_KEY_FILE, 0); 293 #endif /* WITH_XMSS */ 294 } 295 /* No certificates by default */ 296 if (options->num_ports == 0) 297 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 298 if (options->address_family == -1) 299 options->address_family = AF_UNSPEC; 300 if (options->listen_addrs == NULL) 301 add_listen_addr(options, NULL, NULL, 0); 302 if (options->pid_file == NULL) 303 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 304 if (options->login_grace_time == -1) 305 options->login_grace_time = 120; 306 if (options->permit_root_login == PERMIT_NOT_SET) 307 options->permit_root_login = PERMIT_NO_PASSWD; 308 if (options->ignore_rhosts == -1) 309 options->ignore_rhosts = 1; 310 if (options->ignore_user_known_hosts == -1) 311 options->ignore_user_known_hosts = 0; 312 if (options->print_motd == -1) 313 options->print_motd = 1; 314 if (options->print_lastlog == -1) 315 options->print_lastlog = 1; 316 if (options->x11_forwarding == -1) 317 options->x11_forwarding = 0; 318 if (options->x11_display_offset == -1) 319 options->x11_display_offset = 10; 320 if (options->x11_use_localhost == -1) 321 options->x11_use_localhost = 1; 322 if (options->xauth_location == NULL) 323 options->xauth_location = xstrdup(_PATH_XAUTH); 324 if (options->permit_tty == -1) 325 options->permit_tty = 1; 326 if (options->permit_user_rc == -1) 327 options->permit_user_rc = 1; 328 if (options->strict_modes == -1) 329 options->strict_modes = 1; 330 if (options->tcp_keep_alive == -1) 331 options->tcp_keep_alive = 1; 332 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 333 options->log_facility = SYSLOG_FACILITY_AUTH; 334 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 335 options->log_level = SYSLOG_LEVEL_INFO; 336 if (options->hostbased_authentication == -1) 337 options->hostbased_authentication = 0; 338 if (options->hostbased_uses_name_from_packet_only == -1) 339 options->hostbased_uses_name_from_packet_only = 0; 340 if (options->pubkey_authentication == -1) 341 options->pubkey_authentication = 1; 342 if (options->pubkey_auth_options == -1) 343 options->pubkey_auth_options = 0; 344 if (options->kerberos_authentication == -1) 345 options->kerberos_authentication = 0; 346 if (options->kerberos_or_local_passwd == -1) 347 options->kerberos_or_local_passwd = 1; 348 if (options->kerberos_ticket_cleanup == -1) 349 options->kerberos_ticket_cleanup = 1; 350 if (options->kerberos_get_afs_token == -1) 351 options->kerberos_get_afs_token = 0; 352 if (options->gss_authentication == -1) 353 options->gss_authentication = 0; 354 if (options->gss_cleanup_creds == -1) 355 options->gss_cleanup_creds = 1; 356 if (options->gss_strict_acceptor == -1) 357 options->gss_strict_acceptor = 1; 358 if (options->password_authentication == -1) 359 options->password_authentication = 1; 360 if (options->kbd_interactive_authentication == -1) 361 options->kbd_interactive_authentication = 0; 362 if (options->challenge_response_authentication == -1) 363 options->challenge_response_authentication = 1; 364 if (options->permit_empty_passwd == -1) 365 options->permit_empty_passwd = 0; 366 if (options->permit_user_env == -1) { 367 options->permit_user_env = 0; 368 options->permit_user_env_allowlist = NULL; 369 } 370 if (options->compression == -1) 371 #ifdef WITH_ZLIB 372 options->compression = COMP_DELAYED; 373 #else 374 options->compression = COMP_NONE; 375 #endif 376 377 if (options->rekey_limit == -1) 378 options->rekey_limit = 0; 379 if (options->rekey_interval == -1) 380 options->rekey_interval = 0; 381 if (options->allow_tcp_forwarding == -1) 382 options->allow_tcp_forwarding = FORWARD_ALLOW; 383 if (options->allow_streamlocal_forwarding == -1) 384 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 385 if (options->allow_agent_forwarding == -1) 386 options->allow_agent_forwarding = 1; 387 if (options->fwd_opts.gateway_ports == -1) 388 options->fwd_opts.gateway_ports = 0; 389 if (options->max_startups == -1) 390 options->max_startups = 100; 391 if (options->max_startups_rate == -1) 392 options->max_startups_rate = 30; /* 30% */ 393 if (options->max_startups_begin == -1) 394 options->max_startups_begin = 10; 395 if (options->max_authtries == -1) 396 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 397 if (options->max_sessions == -1) 398 options->max_sessions = DEFAULT_SESSIONS_MAX; 399 if (options->use_dns == -1) 400 options->use_dns = 0; 401 if (options->client_alive_interval == -1) 402 options->client_alive_interval = 0; 403 if (options->client_alive_count_max == -1) 404 options->client_alive_count_max = 3; 405 if (options->num_authkeys_files == 0) { 406 array_append("[default]", 0, "AuthorizedKeysFiles", 407 &options->authorized_keys_files, 408 &options->num_authkeys_files, 409 _PATH_SSH_USER_PERMITTED_KEYS); 410 array_append("[default]", 0, "AuthorizedKeysFiles", 411 &options->authorized_keys_files, 412 &options->num_authkeys_files, 413 _PATH_SSH_USER_PERMITTED_KEYS2); 414 } 415 if (options->permit_tun == -1) 416 options->permit_tun = SSH_TUNMODE_NO; 417 if (options->ip_qos_interactive == -1) 418 options->ip_qos_interactive = IPTOS_DSCP_AF21; 419 if (options->ip_qos_bulk == -1) 420 options->ip_qos_bulk = IPTOS_DSCP_CS1; 421 if (options->version_addendum == NULL) 422 options->version_addendum = xstrdup(""); 423 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 424 options->fwd_opts.streamlocal_bind_mask = 0177; 425 if (options->fwd_opts.streamlocal_bind_unlink == -1) 426 options->fwd_opts.streamlocal_bind_unlink = 0; 427 if (options->fingerprint_hash == -1) 428 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 429 if (options->disable_forwarding == -1) 430 options->disable_forwarding = 0; 431 if (options->expose_userauth_info == -1) 432 options->expose_userauth_info = 0; 433 if (options->sk_provider == NULL) 434 options->sk_provider = xstrdup("internal"); 435 436 assemble_algorithms(options); 437 438 /* Turn privilege separation and sandboxing on by default */ 439 if (use_privsep == -1) 440 use_privsep = PRIVSEP_ON; 441 442 #define CLEAR_ON_NONE(v) \ 443 do { \ 444 if (option_clear_or_none(v)) { \ 445 free(v); \ 446 v = NULL; \ 447 } \ 448 } while(0) 449 CLEAR_ON_NONE(options->pid_file); 450 CLEAR_ON_NONE(options->xauth_location); 451 CLEAR_ON_NONE(options->banner); 452 CLEAR_ON_NONE(options->trusted_user_ca_keys); 453 CLEAR_ON_NONE(options->revoked_keys_file); 454 CLEAR_ON_NONE(options->sk_provider); 455 CLEAR_ON_NONE(options->authorized_principals_file); 456 CLEAR_ON_NONE(options->adm_forced_command); 457 CLEAR_ON_NONE(options->chroot_directory); 458 CLEAR_ON_NONE(options->routing_domain); 459 CLEAR_ON_NONE(options->host_key_agent); 460 for (i = 0; i < options->num_host_key_files; i++) 461 CLEAR_ON_NONE(options->host_key_files[i]); 462 for (i = 0; i < options->num_host_cert_files; i++) 463 CLEAR_ON_NONE(options->host_cert_files[i]); 464 #undef CLEAR_ON_NONE 465 466 /* Similar handling for AuthenticationMethods=any */ 467 if (options->num_auth_methods == 1 && 468 strcmp(options->auth_methods[0], "any") == 0) { 469 free(options->auth_methods[0]); 470 options->auth_methods[0] = NULL; 471 options->num_auth_methods = 0; 472 } 473 } 474 475 /* Keyword tokens. */ 476 typedef enum { 477 sBadOption, /* == unknown option */ 478 sPort, sHostKeyFile, sLoginGraceTime, 479 sPermitRootLogin, sLogFacility, sLogLevel, 480 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 481 sKerberosGetAFSToken, sChallengeResponseAuthentication, 482 sPasswordAuthentication, sKbdInteractiveAuthentication, 483 sListenAddress, sAddressFamily, 484 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 485 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 486 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 487 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 488 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 489 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, 490 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 491 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 492 sBanner, sUseDNS, sHostbasedAuthentication, 493 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, 494 sHostKeyAlgorithms, 495 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 496 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 497 sAcceptEnv, sSetEnv, sPermitTunnel, 498 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 499 sUsePrivilegeSeparation, sAllowAgentForwarding, 500 sHostCertificate, sInclude, 501 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 502 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 503 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, 504 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 505 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 506 sStreamLocalBindMask, sStreamLocalBindUnlink, 507 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 508 sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, 509 sDeprecated, sIgnore, sUnsupported 510 } ServerOpCodes; 511 512 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */ 513 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 514 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 515 #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ 516 #define SSHCFG_MATCH_ONLY 0x08 /* Match only in conditional blocks; internal only */ 517 518 /* Textual representation of the tokens. */ 519 static struct { 520 const char *name; 521 ServerOpCodes opcode; 522 u_int flags; 523 } keywords[] = { 524 { "port", sPort, SSHCFG_GLOBAL }, 525 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 526 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 527 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 528 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 529 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 530 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 531 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 532 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 533 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 534 { "loglevel", sLogLevel, SSHCFG_ALL }, 535 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 536 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 537 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 538 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 539 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 540 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 541 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 542 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 543 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 544 { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL }, 545 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 546 #ifdef KRB5 547 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 548 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 549 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 550 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 551 #else 552 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 553 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 554 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 555 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 556 #endif 557 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 558 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 559 #ifdef GSSAPI 560 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 561 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 562 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 563 #else 564 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 565 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 566 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 567 #endif 568 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 569 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 570 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 571 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 572 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 573 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 574 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 575 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 576 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 577 { "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL }, 578 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 579 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 580 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 581 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 582 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 583 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 584 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 585 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 586 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 587 { "compression", sCompression, SSHCFG_GLOBAL }, 588 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 589 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 590 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 591 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 592 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 593 { "allowusers", sAllowUsers, SSHCFG_ALL }, 594 { "denyusers", sDenyUsers, SSHCFG_ALL }, 595 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 596 { "denygroups", sDenyGroups, SSHCFG_ALL }, 597 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 598 { "macs", sMacs, SSHCFG_GLOBAL }, 599 { "protocol", sIgnore, SSHCFG_GLOBAL }, 600 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 601 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 602 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 603 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 604 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 605 { "banner", sBanner, SSHCFG_ALL }, 606 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 607 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 608 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 609 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 610 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 611 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 612 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 613 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, 614 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 615 { "setenv", sSetEnv, SSHCFG_ALL }, 616 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 617 { "permittty", sPermitTTY, SSHCFG_ALL }, 618 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 619 { "match", sMatch, SSHCFG_ALL }, 620 { "permitopen", sPermitOpen, SSHCFG_ALL }, 621 { "permitlisten", sPermitListen, SSHCFG_ALL }, 622 { "forcecommand", sForceCommand, SSHCFG_ALL }, 623 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 624 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 625 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 626 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 627 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 628 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 629 { "include", sInclude, SSHCFG_ALL }, 630 { "ipqos", sIPQoS, SSHCFG_ALL }, 631 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 632 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 633 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 634 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 635 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 636 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 637 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 638 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 639 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 640 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 641 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 642 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, 643 { "rdomain", sRDomain, SSHCFG_ALL }, 644 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, 645 { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, 646 { NULL, sBadOption, 0 } 647 }; 648 649 static struct { 650 int val; 651 char *text; 652 } tunmode_desc[] = { 653 { SSH_TUNMODE_NO, "no" }, 654 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 655 { SSH_TUNMODE_ETHERNET, "ethernet" }, 656 { SSH_TUNMODE_YES, "yes" }, 657 { -1, NULL } 658 }; 659 660 /* Returns an opcode name from its number */ 661 662 static const char * 663 lookup_opcode_name(ServerOpCodes code) 664 { 665 u_int i; 666 667 for (i = 0; keywords[i].name != NULL; i++) 668 if (keywords[i].opcode == code) 669 return(keywords[i].name); 670 return "UNKNOWN"; 671 } 672 673 674 /* 675 * Returns the number of the token pointed to by cp or sBadOption. 676 */ 677 678 static ServerOpCodes 679 parse_token(const char *cp, const char *filename, 680 int linenum, u_int *flags) 681 { 682 u_int i; 683 684 for (i = 0; keywords[i].name; i++) 685 if (strcasecmp(cp, keywords[i].name) == 0) { 686 *flags = keywords[i].flags; 687 return keywords[i].opcode; 688 } 689 690 error("%s: line %d: Bad configuration option: %s", 691 filename, linenum, cp); 692 return sBadOption; 693 } 694 695 char * 696 derelativise_path(const char *path) 697 { 698 char *expanded, *ret, cwd[PATH_MAX]; 699 700 if (strcasecmp(path, "none") == 0) 701 return xstrdup("none"); 702 expanded = tilde_expand_filename(path, getuid()); 703 if (path_absolute(expanded)) 704 return expanded; 705 if (getcwd(cwd, sizeof(cwd)) == NULL) 706 fatal("%s: getcwd: %s", __func__, strerror(errno)); 707 xasprintf(&ret, "%s/%s", cwd, expanded); 708 free(expanded); 709 return ret; 710 } 711 712 static void 713 add_listen_addr(ServerOptions *options, const char *addr, 714 const char *rdomain, int port) 715 { 716 u_int i; 717 718 if (port > 0) 719 add_one_listen_addr(options, addr, rdomain, port); 720 else { 721 for (i = 0; i < options->num_ports; i++) { 722 add_one_listen_addr(options, addr, rdomain, 723 options->ports[i]); 724 } 725 } 726 } 727 728 static void 729 add_one_listen_addr(ServerOptions *options, const char *addr, 730 const char *rdomain, int port) 731 { 732 struct addrinfo hints, *ai, *aitop; 733 char strport[NI_MAXSERV]; 734 int gaierr; 735 u_int i; 736 737 /* Find listen_addrs entry for this rdomain */ 738 for (i = 0; i < options->num_listen_addrs; i++) { 739 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL) 740 break; 741 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL) 742 continue; 743 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0) 744 break; 745 } 746 if (i >= options->num_listen_addrs) { 747 /* No entry for this rdomain; allocate one */ 748 if (i >= INT_MAX) 749 fatal("%s: too many listen addresses", __func__); 750 options->listen_addrs = xrecallocarray(options->listen_addrs, 751 options->num_listen_addrs, options->num_listen_addrs + 1, 752 sizeof(*options->listen_addrs)); 753 i = options->num_listen_addrs++; 754 if (rdomain != NULL) 755 options->listen_addrs[i].rdomain = xstrdup(rdomain); 756 } 757 /* options->listen_addrs[i] points to the addresses for this rdomain */ 758 759 memset(&hints, 0, sizeof(hints)); 760 hints.ai_family = options->address_family; 761 hints.ai_socktype = SOCK_STREAM; 762 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 763 snprintf(strport, sizeof strport, "%d", port); 764 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 765 fatal("bad addr or host: %s (%s)", 766 addr ? addr : "<NULL>", 767 ssh_gai_strerror(gaierr)); 768 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 769 ; 770 ai->ai_next = options->listen_addrs[i].addrs; 771 options->listen_addrs[i].addrs = aitop; 772 } 773 774 /* Returns nonzero if the routing domain name is valid */ 775 static int 776 valid_rdomain(const char *name) 777 { 778 const char *errstr; 779 long long num; 780 struct rt_tableinfo info; 781 int mib[6]; 782 size_t miblen = sizeof(mib); 783 784 if (name == NULL) 785 return 1; 786 787 num = strtonum(name, 0, 255, &errstr); 788 if (errstr != NULL) 789 return 0; 790 791 /* Check whether the table actually exists */ 792 memset(mib, 0, sizeof(mib)); 793 mib[0] = CTL_NET; 794 mib[1] = PF_ROUTE; 795 mib[4] = NET_RT_TABLE; 796 mib[5] = (int)num; 797 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1) 798 return 0; 799 800 return 1; 801 } 802 803 /* 804 * Queue a ListenAddress to be processed once we have all of the Ports 805 * and AddressFamily options. 806 */ 807 static void 808 queue_listen_addr(ServerOptions *options, const char *addr, 809 const char *rdomain, int port) 810 { 811 struct queued_listenaddr *qla; 812 813 options->queued_listen_addrs = xrecallocarray( 814 options->queued_listen_addrs, 815 options->num_queued_listens, options->num_queued_listens + 1, 816 sizeof(*options->queued_listen_addrs)); 817 qla = &options->queued_listen_addrs[options->num_queued_listens++]; 818 qla->addr = xstrdup(addr); 819 qla->port = port; 820 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain); 821 } 822 823 /* 824 * Process queued (text) ListenAddress entries. 825 */ 826 static void 827 process_queued_listen_addrs(ServerOptions *options) 828 { 829 u_int i; 830 struct queued_listenaddr *qla; 831 832 if (options->num_ports == 0) 833 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 834 if (options->address_family == -1) 835 options->address_family = AF_UNSPEC; 836 837 for (i = 0; i < options->num_queued_listens; i++) { 838 qla = &options->queued_listen_addrs[i]; 839 add_listen_addr(options, qla->addr, qla->rdomain, qla->port); 840 free(qla->addr); 841 free(qla->rdomain); 842 } 843 free(options->queued_listen_addrs); 844 options->queued_listen_addrs = NULL; 845 options->num_queued_listens = 0; 846 } 847 848 /* 849 * Inform channels layer of permitopen options for a single forwarding 850 * direction (local/remote). 851 */ 852 static void 853 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, 854 char **opens, u_int num_opens) 855 { 856 u_int i; 857 int port; 858 char *host, *arg, *oarg, ch; 859 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE; 860 const char *what = lookup_opcode_name(opcode); 861 862 channel_clear_permission(ssh, FORWARD_ADM, where); 863 if (num_opens == 0) 864 return; /* permit any */ 865 866 /* handle keywords: "any" / "none" */ 867 if (num_opens == 1 && strcmp(opens[0], "any") == 0) 868 return; 869 if (num_opens == 1 && strcmp(opens[0], "none") == 0) { 870 channel_disable_admin(ssh, where); 871 return; 872 } 873 /* Otherwise treat it as a list of permitted host:port */ 874 for (i = 0; i < num_opens; i++) { 875 oarg = arg = xstrdup(opens[i]); 876 ch = '\0'; 877 host = hpdelim2(&arg, &ch); 878 if (host == NULL || ch == '/') 879 fatal("%s: missing host in %s", __func__, what); 880 host = cleanhostname(host); 881 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 882 fatal("%s: bad port number in %s", __func__, what); 883 /* Send it to channels layer */ 884 channel_add_permission(ssh, FORWARD_ADM, 885 where, host, port); 886 free(oarg); 887 } 888 } 889 890 /* 891 * Inform channels layer of permitopen options from configuration. 892 */ 893 void 894 process_permitopen(struct ssh *ssh, ServerOptions *options) 895 { 896 process_permitopen_list(ssh, sPermitOpen, 897 options->permitted_opens, options->num_permitted_opens); 898 process_permitopen_list(ssh, sPermitListen, 899 options->permitted_listens, 900 options->num_permitted_listens); 901 } 902 903 struct connection_info * 904 get_connection_info(struct ssh *ssh, int populate, int use_dns) 905 { 906 static struct connection_info ci; 907 908 if (ssh == NULL || !populate) 909 return &ci; 910 ci.host = auth_get_canonical_hostname(ssh, use_dns); 911 ci.address = ssh_remote_ipaddr(ssh); 912 ci.laddress = ssh_local_ipaddr(ssh); 913 ci.lport = ssh_local_port(ssh); 914 ci.rdomain = ssh_packet_rdomain_in(ssh); 915 return &ci; 916 } 917 918 /* 919 * The strategy for the Match blocks is that the config file is parsed twice. 920 * 921 * The first time is at startup. activep is initialized to 1 and the 922 * directives in the global context are processed and acted on. Hitting a 923 * Match directive unsets activep and the directives inside the block are 924 * checked for syntax only. 925 * 926 * The second time is after a connection has been established but before 927 * authentication. activep is initialized to 2 and global config directives 928 * are ignored since they have already been processed. If the criteria in a 929 * Match block is met, activep is set and the subsequent directives 930 * processed and actioned until EOF or another Match block unsets it. Any 931 * options set are copied into the main server config. 932 * 933 * Potential additions/improvements: 934 * - Add Match support for pre-kex directives, eg. Ciphers. 935 * 936 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 937 * Match Address 192.168.0.* 938 * Tag trusted 939 * Match Group wheel 940 * Tag trusted 941 * Match Tag trusted 942 * AllowTcpForwarding yes 943 * GatewayPorts clientspecified 944 * [...] 945 * 946 * - Add a PermittedChannelRequests directive 947 * Match Group shell 948 * PermittedChannelRequests session,forwarded-tcpip 949 */ 950 951 static int 952 match_cfg_line_group(const char *grps, int line, const char *user) 953 { 954 int result = 0; 955 struct passwd *pw; 956 957 if (user == NULL) 958 goto out; 959 960 if ((pw = getpwnam(user)) == NULL) { 961 debug("Can't match group at line %d because user %.100s does " 962 "not exist", line, user); 963 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 964 debug("Can't Match group because user %.100s not in any group " 965 "at line %d", user, line); 966 } else if (ga_match_pattern_list(grps) != 1) { 967 debug("user %.100s does not match group list %.100s at line %d", 968 user, grps, line); 969 } else { 970 debug("user %.100s matched group list %.100s at line %d", user, 971 grps, line); 972 result = 1; 973 } 974 out: 975 ga_free(); 976 return result; 977 } 978 979 static void 980 match_test_missing_fatal(const char *criteria, const char *attrib) 981 { 982 fatal("'Match %s' in configuration but '%s' not in connection " 983 "test specification.", criteria, attrib); 984 } 985 986 /* 987 * All of the attributes on a single Match line are ANDed together, so we need 988 * to check every attribute and set the result to zero if any attribute does 989 * not match. 990 */ 991 static int 992 match_cfg_line(char **condition, int line, struct connection_info *ci) 993 { 994 int result = 1, attributes = 0, port; 995 char *arg, *attrib, *cp = *condition; 996 997 if (ci == NULL) 998 debug3("checking syntax for 'Match %s'", cp); 999 else 1000 debug3("checking match for '%s' user %s host %s addr %s " 1001 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 1002 ci->host ? ci->host : "(null)", 1003 ci->address ? ci->address : "(null)", 1004 ci->laddress ? ci->laddress : "(null)", ci->lport); 1005 1006 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 1007 attributes++; 1008 if (strcasecmp(attrib, "all") == 0) { 1009 if (attributes != 1 || 1010 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 1011 error("'all' cannot be combined with other " 1012 "Match attributes"); 1013 return -1; 1014 } 1015 *condition = cp; 1016 return 1; 1017 } 1018 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 1019 error("Missing Match criteria for %s", attrib); 1020 return -1; 1021 } 1022 if (strcasecmp(attrib, "user") == 0) { 1023 if (ci == NULL || (ci->test && ci->user == NULL)) { 1024 result = 0; 1025 continue; 1026 } 1027 if (ci->user == NULL) 1028 match_test_missing_fatal("User", "user"); 1029 if (match_usergroup_pattern_list(ci->user, arg) != 1) 1030 result = 0; 1031 else 1032 debug("user %.100s matched 'User %.100s' at " 1033 "line %d", ci->user, arg, line); 1034 } else if (strcasecmp(attrib, "group") == 0) { 1035 if (ci == NULL || (ci->test && ci->user == NULL)) { 1036 result = 0; 1037 continue; 1038 } 1039 if (ci->user == NULL) 1040 match_test_missing_fatal("Group", "user"); 1041 switch (match_cfg_line_group(arg, line, ci->user)) { 1042 case -1: 1043 return -1; 1044 case 0: 1045 result = 0; 1046 } 1047 } else if (strcasecmp(attrib, "host") == 0) { 1048 if (ci == NULL || (ci->test && ci->host == NULL)) { 1049 result = 0; 1050 continue; 1051 } 1052 if (ci->host == NULL) 1053 match_test_missing_fatal("Host", "host"); 1054 if (match_hostname(ci->host, arg) != 1) 1055 result = 0; 1056 else 1057 debug("connection from %.100s matched 'Host " 1058 "%.100s' at line %d", ci->host, arg, line); 1059 } else if (strcasecmp(attrib, "address") == 0) { 1060 if (ci == NULL || (ci->test && ci->address == NULL)) { 1061 result = 0; 1062 continue; 1063 } 1064 if (ci->address == NULL) 1065 match_test_missing_fatal("Address", "addr"); 1066 switch (addr_match_list(ci->address, arg)) { 1067 case 1: 1068 debug("connection from %.100s matched 'Address " 1069 "%.100s' at line %d", ci->address, arg, line); 1070 break; 1071 case 0: 1072 case -1: 1073 result = 0; 1074 break; 1075 case -2: 1076 return -1; 1077 } 1078 } else if (strcasecmp(attrib, "localaddress") == 0){ 1079 if (ci == NULL || (ci->test && ci->laddress == NULL)) { 1080 result = 0; 1081 continue; 1082 } 1083 if (ci->laddress == NULL) 1084 match_test_missing_fatal("LocalAddress", 1085 "laddr"); 1086 switch (addr_match_list(ci->laddress, arg)) { 1087 case 1: 1088 debug("connection from %.100s matched " 1089 "'LocalAddress %.100s' at line %d", 1090 ci->laddress, arg, line); 1091 break; 1092 case 0: 1093 case -1: 1094 result = 0; 1095 break; 1096 case -2: 1097 return -1; 1098 } 1099 } else if (strcasecmp(attrib, "localport") == 0) { 1100 if ((port = a2port(arg)) == -1) { 1101 error("Invalid LocalPort '%s' on Match line", 1102 arg); 1103 return -1; 1104 } 1105 if (ci == NULL || (ci->test && ci->lport == -1)) { 1106 result = 0; 1107 continue; 1108 } 1109 if (ci->lport == 0) 1110 match_test_missing_fatal("LocalPort", "lport"); 1111 /* TODO support port lists */ 1112 if (port == ci->lport) 1113 debug("connection from %.100s matched " 1114 "'LocalPort %d' at line %d", 1115 ci->laddress, port, line); 1116 else 1117 result = 0; 1118 } else if (strcasecmp(attrib, "rdomain") == 0) { 1119 if (ci == NULL || (ci->test && ci->rdomain == NULL)) { 1120 result = 0; 1121 continue; 1122 } 1123 if (ci->rdomain == NULL) 1124 match_test_missing_fatal("RDomain", "rdomain"); 1125 if (match_pattern_list(ci->rdomain, arg, 0) != 1) 1126 result = 0; 1127 else 1128 debug("user %.100s matched 'RDomain %.100s' at " 1129 "line %d", ci->rdomain, arg, line); 1130 } else { 1131 error("Unsupported Match attribute %s", attrib); 1132 return -1; 1133 } 1134 } 1135 if (attributes == 0) { 1136 error("One or more attributes required for Match"); 1137 return -1; 1138 } 1139 if (ci != NULL) 1140 debug3("match %sfound", result ? "" : "not "); 1141 *condition = cp; 1142 return result; 1143 } 1144 1145 #define WHITESPACE " \t\r\n" 1146 1147 /* Multistate option parsing */ 1148 struct multistate { 1149 char *key; 1150 int value; 1151 }; 1152 static const struct multistate multistate_flag[] = { 1153 { "yes", 1 }, 1154 { "no", 0 }, 1155 { NULL, -1 } 1156 }; 1157 static const struct multistate multistate_ignore_rhosts[] = { 1158 { "yes", IGNORE_RHOSTS_YES }, 1159 { "no", IGNORE_RHOSTS_NO }, 1160 { "shosts-only", IGNORE_RHOSTS_SHOSTS }, 1161 { NULL, -1 } 1162 }; 1163 static const struct multistate multistate_addressfamily[] = { 1164 { "inet", AF_INET }, 1165 { "inet6", AF_INET6 }, 1166 { "any", AF_UNSPEC }, 1167 { NULL, -1 } 1168 }; 1169 static const struct multistate multistate_permitrootlogin[] = { 1170 { "without-password", PERMIT_NO_PASSWD }, 1171 { "prohibit-password", PERMIT_NO_PASSWD }, 1172 { "forced-commands-only", PERMIT_FORCED_ONLY }, 1173 { "yes", PERMIT_YES }, 1174 { "no", PERMIT_NO }, 1175 { NULL, -1 } 1176 }; 1177 static const struct multistate multistate_compression[] = { 1178 #ifdef WITH_ZLIB 1179 { "yes", COMP_DELAYED }, 1180 { "delayed", COMP_DELAYED }, 1181 #endif 1182 { "no", COMP_NONE }, 1183 { NULL, -1 } 1184 }; 1185 static const struct multistate multistate_gatewayports[] = { 1186 { "clientspecified", 2 }, 1187 { "yes", 1 }, 1188 { "no", 0 }, 1189 { NULL, -1 } 1190 }; 1191 static const struct multistate multistate_tcpfwd[] = { 1192 { "yes", FORWARD_ALLOW }, 1193 { "all", FORWARD_ALLOW }, 1194 { "no", FORWARD_DENY }, 1195 { "remote", FORWARD_REMOTE }, 1196 { "local", FORWARD_LOCAL }, 1197 { NULL, -1 } 1198 }; 1199 1200 static int 1201 process_server_config_line_depth(ServerOptions *options, char *line, 1202 const char *filename, int linenum, int *activep, 1203 struct connection_info *connectinfo, int *inc_flags, int depth, 1204 struct include_list *includes) 1205 { 1206 char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; 1207 int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; 1208 SyslogFacility *log_facility_ptr; 1209 LogLevel *log_level_ptr; 1210 ServerOpCodes opcode; 1211 u_int i, *uintptr, uvalue, flags = 0; 1212 size_t len; 1213 long long val64; 1214 const struct multistate *multistate_ptr; 1215 const char *errstr; 1216 struct include_item *item; 1217 glob_t gbuf; 1218 1219 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 1220 if ((len = strlen(line)) == 0) 1221 return 0; 1222 for (len--; len > 0; len--) { 1223 if (strchr(WHITESPACE "\f", line[len]) == NULL) 1224 break; 1225 line[len] = '\0'; 1226 } 1227 1228 cp = line; 1229 if ((arg = strdelim(&cp)) == NULL) 1230 return 0; 1231 /* Ignore leading whitespace */ 1232 if (*arg == '\0') 1233 arg = strdelim(&cp); 1234 if (!arg || !*arg || *arg == '#') 1235 return 0; 1236 intptr = NULL; 1237 charptr = NULL; 1238 opcode = parse_token(arg, filename, linenum, &flags); 1239 1240 if (activep == NULL) { /* We are processing a command line directive */ 1241 cmdline = 1; 1242 activep = &cmdline; 1243 } 1244 if (*activep && opcode != sMatch && opcode != sInclude) 1245 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 1246 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1247 if (connectinfo == NULL) { 1248 fatal("%s line %d: Directive '%s' is not allowed " 1249 "within a Match block", filename, linenum, arg); 1250 } else { /* this is a directive we have already processed */ 1251 while (arg) 1252 arg = strdelim(&cp); 1253 return 0; 1254 } 1255 } 1256 1257 switch (opcode) { 1258 case sBadOption: 1259 return -1; 1260 case sPort: 1261 /* ignore ports from configfile if cmdline specifies ports */ 1262 if (options->ports_from_cmdline) 1263 return 0; 1264 if (options->num_ports >= MAX_PORTS) 1265 fatal("%s line %d: too many ports.", 1266 filename, linenum); 1267 arg = strdelim(&cp); 1268 if (!arg || *arg == '\0') 1269 fatal("%s line %d: missing port number.", 1270 filename, linenum); 1271 options->ports[options->num_ports++] = a2port(arg); 1272 if (options->ports[options->num_ports-1] <= 0) 1273 fatal("%s line %d: Badly formatted port number.", 1274 filename, linenum); 1275 break; 1276 1277 case sLoginGraceTime: 1278 intptr = &options->login_grace_time; 1279 parse_time: 1280 arg = strdelim(&cp); 1281 if (!arg || *arg == '\0') 1282 fatal("%s line %d: missing time value.", 1283 filename, linenum); 1284 if ((value = convtime(arg)) == -1) 1285 fatal("%s line %d: invalid time value.", 1286 filename, linenum); 1287 if (*activep && *intptr == -1) 1288 *intptr = value; 1289 break; 1290 1291 case sListenAddress: 1292 arg = strdelim(&cp); 1293 if (arg == NULL || *arg == '\0') 1294 fatal("%s line %d: missing address", 1295 filename, linenum); 1296 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1297 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1298 && strchr(p+1, ':') != NULL) { 1299 port = 0; 1300 p = arg; 1301 } else { 1302 arg2 = NULL; 1303 ch = '\0'; 1304 p = hpdelim2(&arg, &ch); 1305 if (p == NULL || ch == '/') 1306 fatal("%s line %d: bad address:port usage", 1307 filename, linenum); 1308 p = cleanhostname(p); 1309 if (arg == NULL) 1310 port = 0; 1311 else if ((port = a2port(arg)) <= 0) 1312 fatal("%s line %d: bad port number", 1313 filename, linenum); 1314 } 1315 /* Optional routing table */ 1316 arg2 = NULL; 1317 if ((arg = strdelim(&cp)) != NULL) { 1318 if (strcmp(arg, "rdomain") != 0 || 1319 (arg2 = strdelim(&cp)) == NULL) 1320 fatal("%s line %d: bad ListenAddress syntax", 1321 filename, linenum); 1322 if (!valid_rdomain(arg2)) 1323 fatal("%s line %d: bad routing domain", 1324 filename, linenum); 1325 } 1326 1327 queue_listen_addr(options, p, arg2, port); 1328 1329 break; 1330 1331 case sAddressFamily: 1332 intptr = &options->address_family; 1333 multistate_ptr = multistate_addressfamily; 1334 parse_multistate: 1335 arg = strdelim(&cp); 1336 if (!arg || *arg == '\0') 1337 fatal("%s line %d: missing argument.", 1338 filename, linenum); 1339 value = -1; 1340 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1341 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1342 value = multistate_ptr[i].value; 1343 break; 1344 } 1345 } 1346 if (value == -1) 1347 fatal("%s line %d: unsupported option \"%s\".", 1348 filename, linenum, arg); 1349 if (*activep && *intptr == -1) 1350 *intptr = value; 1351 break; 1352 1353 case sHostKeyFile: 1354 arg = strdelim(&cp); 1355 if (!arg || *arg == '\0') 1356 fatal("%s line %d: missing file name.", 1357 filename, linenum); 1358 if (*activep) { 1359 servconf_add_hostkey(filename, linenum, 1360 options, arg, 1); 1361 } 1362 break; 1363 1364 case sHostKeyAgent: 1365 charptr = &options->host_key_agent; 1366 arg = strdelim(&cp); 1367 if (!arg || *arg == '\0') 1368 fatal("%s line %d: missing socket name.", 1369 filename, linenum); 1370 if (*activep && *charptr == NULL) 1371 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1372 xstrdup(arg) : derelativise_path(arg); 1373 break; 1374 1375 case sHostCertificate: 1376 arg = strdelim(&cp); 1377 if (!arg || *arg == '\0') 1378 fatal("%s line %d: missing file name.", 1379 filename, linenum); 1380 if (*activep) 1381 servconf_add_hostcert(filename, linenum, options, arg); 1382 break; 1383 1384 case sPidFile: 1385 charptr = &options->pid_file; 1386 parse_filename: 1387 arg = strdelim(&cp); 1388 if (!arg || *arg == '\0') 1389 fatal("%s line %d: missing file name.", 1390 filename, linenum); 1391 if (*activep && *charptr == NULL) { 1392 *charptr = derelativise_path(arg); 1393 /* increase optional counter */ 1394 if (intptr != NULL) 1395 *intptr = *intptr + 1; 1396 } 1397 break; 1398 1399 case sPermitRootLogin: 1400 intptr = &options->permit_root_login; 1401 multistate_ptr = multistate_permitrootlogin; 1402 goto parse_multistate; 1403 1404 case sIgnoreRhosts: 1405 intptr = &options->ignore_rhosts; 1406 multistate_ptr = multistate_ignore_rhosts; 1407 goto parse_multistate; 1408 1409 case sIgnoreUserKnownHosts: 1410 intptr = &options->ignore_user_known_hosts; 1411 parse_flag: 1412 multistate_ptr = multistate_flag; 1413 goto parse_multistate; 1414 1415 case sHostbasedAuthentication: 1416 intptr = &options->hostbased_authentication; 1417 goto parse_flag; 1418 1419 case sHostbasedUsesNameFromPacketOnly: 1420 intptr = &options->hostbased_uses_name_from_packet_only; 1421 goto parse_flag; 1422 1423 case sHostbasedAcceptedKeyTypes: 1424 charptr = &options->hostbased_key_types; 1425 parse_keytypes: 1426 arg = strdelim(&cp); 1427 if (!arg || *arg == '\0') 1428 fatal("%s line %d: Missing argument.", 1429 filename, linenum); 1430 if (*arg != '-' && 1431 !sshkey_names_valid2(*arg == '+' || *arg == '^' ? 1432 arg + 1 : arg, 1)) 1433 fatal("%s line %d: Bad key types '%s'.", 1434 filename, linenum, arg ? arg : "<NONE>"); 1435 if (*activep && *charptr == NULL) 1436 *charptr = xstrdup(arg); 1437 break; 1438 1439 case sHostKeyAlgorithms: 1440 charptr = &options->hostkeyalgorithms; 1441 goto parse_keytypes; 1442 1443 case sCASignatureAlgorithms: 1444 charptr = &options->ca_sign_algorithms; 1445 goto parse_keytypes; 1446 1447 case sPubkeyAuthentication: 1448 intptr = &options->pubkey_authentication; 1449 goto parse_flag; 1450 1451 case sPubkeyAcceptedKeyTypes: 1452 charptr = &options->pubkey_key_types; 1453 goto parse_keytypes; 1454 1455 case sPubkeyAuthOptions: 1456 intptr = &options->pubkey_auth_options; 1457 value = 0; 1458 while ((arg = strdelim(&cp)) && *arg != '\0') { 1459 if (strcasecmp(arg, "none") == 0) 1460 continue; 1461 if (strcasecmp(arg, "touch-required") == 0) 1462 value |= PUBKEYAUTH_TOUCH_REQUIRED; 1463 else { 1464 fatal("%s line %d: unsupported " 1465 "PubkeyAuthOptions option %s", 1466 filename, linenum, arg); 1467 } 1468 } 1469 if (*activep && *intptr == -1) 1470 *intptr = value; 1471 break; 1472 1473 case sKerberosAuthentication: 1474 intptr = &options->kerberos_authentication; 1475 goto parse_flag; 1476 1477 case sKerberosOrLocalPasswd: 1478 intptr = &options->kerberos_or_local_passwd; 1479 goto parse_flag; 1480 1481 case sKerberosTicketCleanup: 1482 intptr = &options->kerberos_ticket_cleanup; 1483 goto parse_flag; 1484 1485 case sKerberosGetAFSToken: 1486 intptr = &options->kerberos_get_afs_token; 1487 goto parse_flag; 1488 1489 case sGssAuthentication: 1490 intptr = &options->gss_authentication; 1491 goto parse_flag; 1492 1493 case sGssCleanupCreds: 1494 intptr = &options->gss_cleanup_creds; 1495 goto parse_flag; 1496 1497 case sGssStrictAcceptor: 1498 intptr = &options->gss_strict_acceptor; 1499 goto parse_flag; 1500 1501 case sPasswordAuthentication: 1502 intptr = &options->password_authentication; 1503 goto parse_flag; 1504 1505 case sKbdInteractiveAuthentication: 1506 intptr = &options->kbd_interactive_authentication; 1507 goto parse_flag; 1508 1509 case sChallengeResponseAuthentication: 1510 intptr = &options->challenge_response_authentication; 1511 goto parse_flag; 1512 1513 case sPrintMotd: 1514 intptr = &options->print_motd; 1515 goto parse_flag; 1516 1517 case sPrintLastLog: 1518 intptr = &options->print_lastlog; 1519 goto parse_flag; 1520 1521 case sX11Forwarding: 1522 intptr = &options->x11_forwarding; 1523 goto parse_flag; 1524 1525 case sX11DisplayOffset: 1526 intptr = &options->x11_display_offset; 1527 parse_int: 1528 arg = strdelim(&cp); 1529 if ((errstr = atoi_err(arg, &value)) != NULL) 1530 fatal("%s line %d: integer value %s.", 1531 filename, linenum, errstr); 1532 if (*activep && *intptr == -1) 1533 *intptr = value; 1534 break; 1535 1536 case sX11UseLocalhost: 1537 intptr = &options->x11_use_localhost; 1538 goto parse_flag; 1539 1540 case sXAuthLocation: 1541 charptr = &options->xauth_location; 1542 goto parse_filename; 1543 1544 case sPermitTTY: 1545 intptr = &options->permit_tty; 1546 goto parse_flag; 1547 1548 case sPermitUserRC: 1549 intptr = &options->permit_user_rc; 1550 goto parse_flag; 1551 1552 case sStrictModes: 1553 intptr = &options->strict_modes; 1554 goto parse_flag; 1555 1556 case sTCPKeepAlive: 1557 intptr = &options->tcp_keep_alive; 1558 goto parse_flag; 1559 1560 case sEmptyPasswd: 1561 intptr = &options->permit_empty_passwd; 1562 goto parse_flag; 1563 1564 case sPermitUserEnvironment: 1565 intptr = &options->permit_user_env; 1566 charptr = &options->permit_user_env_allowlist; 1567 arg = strdelim(&cp); 1568 if (!arg || *arg == '\0') 1569 fatal("%s line %d: missing argument.", 1570 filename, linenum); 1571 value = 0; 1572 p = NULL; 1573 if (strcmp(arg, "yes") == 0) 1574 value = 1; 1575 else if (strcmp(arg, "no") == 0) 1576 value = 0; 1577 else { 1578 /* Pattern-list specified */ 1579 value = 1; 1580 p = xstrdup(arg); 1581 } 1582 if (*activep && *intptr == -1) { 1583 *intptr = value; 1584 *charptr = p; 1585 p = NULL; 1586 } 1587 free(p); 1588 break; 1589 1590 case sCompression: 1591 intptr = &options->compression; 1592 multistate_ptr = multistate_compression; 1593 goto parse_multistate; 1594 1595 case sRekeyLimit: 1596 arg = strdelim(&cp); 1597 if (!arg || *arg == '\0') 1598 fatal("%.200s line %d: Missing argument.", filename, 1599 linenum); 1600 if (strcmp(arg, "default") == 0) { 1601 val64 = 0; 1602 } else { 1603 if (scan_scaled(arg, &val64) == -1) 1604 fatal("%.200s line %d: Bad number '%s': %s", 1605 filename, linenum, arg, strerror(errno)); 1606 if (val64 != 0 && val64 < 16) 1607 fatal("%.200s line %d: RekeyLimit too small", 1608 filename, linenum); 1609 } 1610 if (*activep && options->rekey_limit == -1) 1611 options->rekey_limit = val64; 1612 if (cp != NULL) { /* optional rekey interval present */ 1613 if (strcmp(cp, "none") == 0) { 1614 (void)strdelim(&cp); /* discard */ 1615 break; 1616 } 1617 intptr = &options->rekey_interval; 1618 goto parse_time; 1619 } 1620 break; 1621 1622 case sGatewayPorts: 1623 intptr = &options->fwd_opts.gateway_ports; 1624 multistate_ptr = multistate_gatewayports; 1625 goto parse_multistate; 1626 1627 case sUseDNS: 1628 intptr = &options->use_dns; 1629 goto parse_flag; 1630 1631 case sLogFacility: 1632 log_facility_ptr = &options->log_facility; 1633 arg = strdelim(&cp); 1634 value = log_facility_number(arg); 1635 if (value == SYSLOG_FACILITY_NOT_SET) 1636 fatal("%.200s line %d: unsupported log facility '%s'", 1637 filename, linenum, arg ? arg : "<NONE>"); 1638 if (*log_facility_ptr == -1) 1639 *log_facility_ptr = (SyslogFacility) value; 1640 break; 1641 1642 case sLogLevel: 1643 log_level_ptr = &options->log_level; 1644 arg = strdelim(&cp); 1645 value = log_level_number(arg); 1646 if (value == SYSLOG_LEVEL_NOT_SET) 1647 fatal("%.200s line %d: unsupported log level '%s'", 1648 filename, linenum, arg ? arg : "<NONE>"); 1649 if (*activep && *log_level_ptr == -1) 1650 *log_level_ptr = (LogLevel) value; 1651 break; 1652 1653 case sAllowTcpForwarding: 1654 intptr = &options->allow_tcp_forwarding; 1655 multistate_ptr = multistate_tcpfwd; 1656 goto parse_multistate; 1657 1658 case sAllowStreamLocalForwarding: 1659 intptr = &options->allow_streamlocal_forwarding; 1660 multistate_ptr = multistate_tcpfwd; 1661 goto parse_multistate; 1662 1663 case sAllowAgentForwarding: 1664 intptr = &options->allow_agent_forwarding; 1665 goto parse_flag; 1666 1667 case sDisableForwarding: 1668 intptr = &options->disable_forwarding; 1669 goto parse_flag; 1670 1671 case sAllowUsers: 1672 while ((arg = strdelim(&cp)) && *arg != '\0') { 1673 if (match_user(NULL, NULL, NULL, arg) == -1) 1674 fatal("%s line %d: invalid AllowUsers pattern: " 1675 "\"%.100s\"", filename, linenum, arg); 1676 if (!*activep) 1677 continue; 1678 array_append(filename, linenum, "AllowUsers", 1679 &options->allow_users, &options->num_allow_users, 1680 arg); 1681 } 1682 break; 1683 1684 case sDenyUsers: 1685 while ((arg = strdelim(&cp)) && *arg != '\0') { 1686 if (match_user(NULL, NULL, NULL, arg) == -1) 1687 fatal("%s line %d: invalid DenyUsers pattern: " 1688 "\"%.100s\"", filename, linenum, arg); 1689 if (!*activep) 1690 continue; 1691 array_append(filename, linenum, "DenyUsers", 1692 &options->deny_users, &options->num_deny_users, 1693 arg); 1694 } 1695 break; 1696 1697 case sAllowGroups: 1698 while ((arg = strdelim(&cp)) && *arg != '\0') { 1699 if (!*activep) 1700 continue; 1701 array_append(filename, linenum, "AllowGroups", 1702 &options->allow_groups, &options->num_allow_groups, 1703 arg); 1704 } 1705 break; 1706 1707 case sDenyGroups: 1708 while ((arg = strdelim(&cp)) && *arg != '\0') { 1709 if (!*activep) 1710 continue; 1711 array_append(filename, linenum, "DenyGroups", 1712 &options->deny_groups, &options->num_deny_groups, 1713 arg); 1714 } 1715 break; 1716 1717 case sCiphers: 1718 arg = strdelim(&cp); 1719 if (!arg || *arg == '\0') 1720 fatal("%s line %d: Missing argument.", filename, linenum); 1721 if (*arg != '-' && 1722 !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1723 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1724 filename, linenum, arg ? arg : "<NONE>"); 1725 if (options->ciphers == NULL) 1726 options->ciphers = xstrdup(arg); 1727 break; 1728 1729 case sMacs: 1730 arg = strdelim(&cp); 1731 if (!arg || *arg == '\0') 1732 fatal("%s line %d: Missing argument.", filename, linenum); 1733 if (*arg != '-' && 1734 !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1735 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1736 filename, linenum, arg ? arg : "<NONE>"); 1737 if (options->macs == NULL) 1738 options->macs = xstrdup(arg); 1739 break; 1740 1741 case sKexAlgorithms: 1742 arg = strdelim(&cp); 1743 if (!arg || *arg == '\0') 1744 fatal("%s line %d: Missing argument.", 1745 filename, linenum); 1746 if (*arg != '-' && 1747 !kex_names_valid(*arg == '+' || *arg == '^' ? 1748 arg + 1 : arg)) 1749 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1750 filename, linenum, arg ? arg : "<NONE>"); 1751 if (options->kex_algorithms == NULL) 1752 options->kex_algorithms = xstrdup(arg); 1753 break; 1754 1755 case sSubsystem: 1756 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1757 fatal("%s line %d: too many subsystems defined.", 1758 filename, linenum); 1759 } 1760 arg = strdelim(&cp); 1761 if (!arg || *arg == '\0') 1762 fatal("%s line %d: Missing subsystem name.", 1763 filename, linenum); 1764 if (!*activep) { 1765 arg = strdelim(&cp); 1766 break; 1767 } 1768 for (i = 0; i < options->num_subsystems; i++) 1769 if (strcmp(arg, options->subsystem_name[i]) == 0) 1770 fatal("%s line %d: Subsystem '%s' already defined.", 1771 filename, linenum, arg); 1772 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1773 arg = strdelim(&cp); 1774 if (!arg || *arg == '\0') 1775 fatal("%s line %d: Missing subsystem command.", 1776 filename, linenum); 1777 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1778 1779 /* Collect arguments (separate to executable) */ 1780 p = xstrdup(arg); 1781 len = strlen(p) + 1; 1782 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1783 len += 1 + strlen(arg); 1784 p = xreallocarray(p, 1, len); 1785 strlcat(p, " ", len); 1786 strlcat(p, arg, len); 1787 } 1788 options->subsystem_args[options->num_subsystems] = p; 1789 options->num_subsystems++; 1790 break; 1791 1792 case sMaxStartups: 1793 arg = strdelim(&cp); 1794 if (!arg || *arg == '\0') 1795 fatal("%s line %d: Missing MaxStartups spec.", 1796 filename, linenum); 1797 if ((n = sscanf(arg, "%d:%d:%d", 1798 &options->max_startups_begin, 1799 &options->max_startups_rate, 1800 &options->max_startups)) == 3) { 1801 if (options->max_startups_begin > 1802 options->max_startups || 1803 options->max_startups_rate > 100 || 1804 options->max_startups_rate < 1) 1805 fatal("%s line %d: Illegal MaxStartups spec.", 1806 filename, linenum); 1807 } else if (n != 1) 1808 fatal("%s line %d: Illegal MaxStartups spec.", 1809 filename, linenum); 1810 else 1811 options->max_startups = options->max_startups_begin; 1812 break; 1813 1814 case sMaxAuthTries: 1815 intptr = &options->max_authtries; 1816 goto parse_int; 1817 1818 case sMaxSessions: 1819 intptr = &options->max_sessions; 1820 goto parse_int; 1821 1822 case sBanner: 1823 charptr = &options->banner; 1824 goto parse_filename; 1825 1826 /* 1827 * These options can contain %X options expanded at 1828 * connect time, so that you can specify paths like: 1829 * 1830 * AuthorizedKeysFile /etc/ssh_keys/%u 1831 */ 1832 case sAuthorizedKeysFile: 1833 if (*activep && options->num_authkeys_files == 0) { 1834 while ((arg = strdelim(&cp)) && *arg != '\0') { 1835 arg = tilde_expand_filename(arg, getuid()); 1836 array_append(filename, linenum, 1837 "AuthorizedKeysFile", 1838 &options->authorized_keys_files, 1839 &options->num_authkeys_files, arg); 1840 free(arg); 1841 } 1842 } 1843 return 0; 1844 1845 case sAuthorizedPrincipalsFile: 1846 charptr = &options->authorized_principals_file; 1847 arg = strdelim(&cp); 1848 if (!arg || *arg == '\0') 1849 fatal("%s line %d: missing file name.", 1850 filename, linenum); 1851 if (*activep && *charptr == NULL) { 1852 *charptr = tilde_expand_filename(arg, getuid()); 1853 /* increase optional counter */ 1854 if (intptr != NULL) 1855 *intptr = *intptr + 1; 1856 } 1857 break; 1858 1859 case sClientAliveInterval: 1860 intptr = &options->client_alive_interval; 1861 goto parse_time; 1862 1863 case sClientAliveCountMax: 1864 intptr = &options->client_alive_count_max; 1865 goto parse_int; 1866 1867 case sAcceptEnv: 1868 while ((arg = strdelim(&cp)) && *arg != '\0') { 1869 if (strchr(arg, '=') != NULL) 1870 fatal("%s line %d: Invalid environment name.", 1871 filename, linenum); 1872 if (!*activep) 1873 continue; 1874 array_append(filename, linenum, "AcceptEnv", 1875 &options->accept_env, &options->num_accept_env, 1876 arg); 1877 } 1878 break; 1879 1880 case sSetEnv: 1881 uvalue = options->num_setenv; 1882 while ((arg = strdelimw(&cp)) && *arg != '\0') { 1883 if (strchr(arg, '=') == NULL) 1884 fatal("%s line %d: Invalid environment.", 1885 filename, linenum); 1886 if (!*activep || uvalue != 0) 1887 continue; 1888 array_append(filename, linenum, "SetEnv", 1889 &options->setenv, &options->num_setenv, arg); 1890 } 1891 break; 1892 1893 case sPermitTunnel: 1894 intptr = &options->permit_tun; 1895 arg = strdelim(&cp); 1896 if (!arg || *arg == '\0') 1897 fatal("%s line %d: Missing yes/point-to-point/" 1898 "ethernet/no argument.", filename, linenum); 1899 value = -1; 1900 for (i = 0; tunmode_desc[i].val != -1; i++) 1901 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1902 value = tunmode_desc[i].val; 1903 break; 1904 } 1905 if (value == -1) 1906 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1907 "no argument: %s", filename, linenum, arg); 1908 if (*activep && *intptr == -1) 1909 *intptr = value; 1910 break; 1911 1912 case sInclude: 1913 if (cmdline) { 1914 fatal("Include directive not supported as a " 1915 "command-line option"); 1916 } 1917 value = 0; 1918 while ((arg2 = strdelim(&cp)) != NULL && *arg2 != '\0') { 1919 value++; 1920 found = 0; 1921 if (*arg2 != '/' && *arg2 != '~') { 1922 xasprintf(&arg, "%s/%s", SSHDIR, arg2); 1923 } else 1924 arg = xstrdup(arg2); 1925 1926 /* 1927 * Don't let included files clobber the containing 1928 * file's Match state. 1929 */ 1930 oactive = *activep; 1931 1932 /* consult cache of include files */ 1933 TAILQ_FOREACH(item, includes, entry) { 1934 if (strcmp(item->selector, arg) != 0) 1935 continue; 1936 if (item->filename != NULL) { 1937 parse_server_config_depth(options, 1938 item->filename, item->contents, 1939 includes, connectinfo, 1940 (*inc_flags & SSHCFG_MATCH_ONLY 1941 ? SSHCFG_MATCH_ONLY : (oactive 1942 ? 0 : SSHCFG_NEVERMATCH)), 1943 activep, depth + 1); 1944 } 1945 found = 1; 1946 *activep = oactive; 1947 } 1948 if (found != 0) { 1949 free(arg); 1950 continue; 1951 } 1952 1953 /* requested glob was not in cache */ 1954 debug2("%s line %d: new include %s", 1955 filename, linenum, arg); 1956 if ((r = glob(arg, 0, NULL, &gbuf)) != 0) { 1957 if (r != GLOB_NOMATCH) { 1958 fatal("%s line %d: include \"%s\" " 1959 "glob failed", filename, 1960 linenum, arg); 1961 } 1962 /* 1963 * If no entry matched then record a 1964 * placeholder to skip later glob calls. 1965 */ 1966 debug2("%s line %d: no match for %s", 1967 filename, linenum, arg); 1968 item = xcalloc(1, sizeof(*item)); 1969 item->selector = strdup(arg); 1970 TAILQ_INSERT_TAIL(includes, 1971 item, entry); 1972 } 1973 if (gbuf.gl_pathc > INT_MAX) 1974 fatal("%s: too many glob results", __func__); 1975 for (n = 0; n < (int)gbuf.gl_pathc; n++) { 1976 debug2("%s line %d: including %s", 1977 filename, linenum, gbuf.gl_pathv[n]); 1978 item = xcalloc(1, sizeof(*item)); 1979 item->selector = strdup(arg); 1980 item->filename = strdup(gbuf.gl_pathv[n]); 1981 if ((item->contents = sshbuf_new()) == NULL) { 1982 fatal("%s: sshbuf_new failed", 1983 __func__); 1984 } 1985 load_server_config(item->filename, 1986 item->contents); 1987 parse_server_config_depth(options, 1988 item->filename, item->contents, 1989 includes, connectinfo, 1990 (*inc_flags & SSHCFG_MATCH_ONLY 1991 ? SSHCFG_MATCH_ONLY : (oactive 1992 ? 0 : SSHCFG_NEVERMATCH)), 1993 activep, depth + 1); 1994 *activep = oactive; 1995 TAILQ_INSERT_TAIL(includes, item, entry); 1996 } 1997 globfree(&gbuf); 1998 free(arg); 1999 } 2000 if (value == 0) { 2001 fatal("%s line %d: Include missing filename argument", 2002 filename, linenum); 2003 } 2004 break; 2005 2006 case sMatch: 2007 if (cmdline) 2008 fatal("Match directive not supported as a command-line " 2009 "option"); 2010 value = match_cfg_line(&cp, linenum, 2011 (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo)); 2012 if (value < 0) 2013 fatal("%s line %d: Bad Match condition", filename, 2014 linenum); 2015 *activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; 2016 /* The MATCH_ONLY is applicable only until the first match block */ 2017 *inc_flags &= ~SSHCFG_MATCH_ONLY; 2018 break; 2019 2020 case sPermitListen: 2021 case sPermitOpen: 2022 if (opcode == sPermitListen) { 2023 uintptr = &options->num_permitted_listens; 2024 chararrayptr = &options->permitted_listens; 2025 } else { 2026 uintptr = &options->num_permitted_opens; 2027 chararrayptr = &options->permitted_opens; 2028 } 2029 arg = strdelim(&cp); 2030 if (!arg || *arg == '\0') 2031 fatal("%s line %d: missing %s specification", 2032 filename, linenum, lookup_opcode_name(opcode)); 2033 uvalue = *uintptr; /* modified later */ 2034 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { 2035 if (*activep && uvalue == 0) { 2036 *uintptr = 1; 2037 *chararrayptr = xcalloc(1, 2038 sizeof(**chararrayptr)); 2039 (*chararrayptr)[0] = xstrdup(arg); 2040 } 2041 break; 2042 } 2043 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 2044 if (opcode == sPermitListen && 2045 strchr(arg, ':') == NULL) { 2046 /* 2047 * Allow bare port number for PermitListen 2048 * to indicate a wildcard listen host. 2049 */ 2050 xasprintf(&arg2, "*:%s", arg); 2051 } else { 2052 arg2 = xstrdup(arg); 2053 ch = '\0'; 2054 p = hpdelim2(&arg, &ch); 2055 if (p == NULL || ch == '/') { 2056 fatal("%s line %d: missing host in %s", 2057 filename, linenum, 2058 lookup_opcode_name(opcode)); 2059 } 2060 p = cleanhostname(p); 2061 } 2062 if (arg == NULL || 2063 ((port = permitopen_port(arg)) < 0)) { 2064 fatal("%s line %d: bad port number in %s", 2065 filename, linenum, 2066 lookup_opcode_name(opcode)); 2067 } 2068 if (*activep && uvalue == 0) { 2069 array_append(filename, linenum, 2070 lookup_opcode_name(opcode), 2071 chararrayptr, uintptr, arg2); 2072 } 2073 free(arg2); 2074 } 2075 break; 2076 2077 case sForceCommand: 2078 if (cp == NULL || *cp == '\0') 2079 fatal("%.200s line %d: Missing argument.", filename, 2080 linenum); 2081 len = strspn(cp, WHITESPACE); 2082 if (*activep && options->adm_forced_command == NULL) 2083 options->adm_forced_command = xstrdup(cp + len); 2084 return 0; 2085 2086 case sChrootDirectory: 2087 charptr = &options->chroot_directory; 2088 2089 arg = strdelim(&cp); 2090 if (!arg || *arg == '\0') 2091 fatal("%s line %d: missing file name.", 2092 filename, linenum); 2093 if (*activep && *charptr == NULL) 2094 *charptr = xstrdup(arg); 2095 break; 2096 2097 case sTrustedUserCAKeys: 2098 charptr = &options->trusted_user_ca_keys; 2099 goto parse_filename; 2100 2101 case sRevokedKeys: 2102 charptr = &options->revoked_keys_file; 2103 goto parse_filename; 2104 2105 case sSecurityKeyProvider: 2106 charptr = &options->sk_provider; 2107 arg = strdelim(&cp); 2108 if (!arg || *arg == '\0') 2109 fatal("%s line %d: missing file name.", 2110 filename, linenum); 2111 if (*activep && *charptr == NULL) { 2112 *charptr = strcasecmp(arg, "internal") == 0 ? 2113 xstrdup(arg) : derelativise_path(arg); 2114 /* increase optional counter */ 2115 if (intptr != NULL) 2116 *intptr = *intptr + 1; 2117 } 2118 break; 2119 2120 case sIPQoS: 2121 arg = strdelim(&cp); 2122 if ((value = parse_ipqos(arg)) == -1) 2123 fatal("%s line %d: Bad IPQoS value: %s", 2124 filename, linenum, arg); 2125 arg = strdelim(&cp); 2126 if (arg == NULL) 2127 value2 = value; 2128 else if ((value2 = parse_ipqos(arg)) == -1) 2129 fatal("%s line %d: Bad IPQoS value: %s", 2130 filename, linenum, arg); 2131 if (*activep) { 2132 options->ip_qos_interactive = value; 2133 options->ip_qos_bulk = value2; 2134 } 2135 break; 2136 2137 case sVersionAddendum: 2138 if (cp == NULL || *cp == '\0') 2139 fatal("%.200s line %d: Missing argument.", filename, 2140 linenum); 2141 len = strspn(cp, WHITESPACE); 2142 if (*activep && options->version_addendum == NULL) { 2143 if (strcasecmp(cp + len, "none") == 0) 2144 options->version_addendum = xstrdup(""); 2145 else if (strchr(cp + len, '\r') != NULL) 2146 fatal("%.200s line %d: Invalid argument", 2147 filename, linenum); 2148 else 2149 options->version_addendum = xstrdup(cp + len); 2150 } 2151 return 0; 2152 2153 case sAuthorizedKeysCommand: 2154 if (cp == NULL) 2155 fatal("%.200s line %d: Missing argument.", filename, 2156 linenum); 2157 len = strspn(cp, WHITESPACE); 2158 if (*activep && options->authorized_keys_command == NULL) { 2159 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2160 fatal("%.200s line %d: AuthorizedKeysCommand " 2161 "must be an absolute path", 2162 filename, linenum); 2163 options->authorized_keys_command = xstrdup(cp + len); 2164 } 2165 return 0; 2166 2167 case sAuthorizedKeysCommandUser: 2168 charptr = &options->authorized_keys_command_user; 2169 2170 arg = strdelim(&cp); 2171 if (!arg || *arg == '\0') 2172 fatal("%s line %d: missing AuthorizedKeysCommandUser " 2173 "argument.", filename, linenum); 2174 if (*activep && *charptr == NULL) 2175 *charptr = xstrdup(arg); 2176 break; 2177 2178 case sAuthorizedPrincipalsCommand: 2179 if (cp == NULL) 2180 fatal("%.200s line %d: Missing argument.", filename, 2181 linenum); 2182 len = strspn(cp, WHITESPACE); 2183 if (*activep && 2184 options->authorized_principals_command == NULL) { 2185 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2186 fatal("%.200s line %d: " 2187 "AuthorizedPrincipalsCommand must be " 2188 "an absolute path", filename, linenum); 2189 options->authorized_principals_command = 2190 xstrdup(cp + len); 2191 } 2192 return 0; 2193 2194 case sAuthorizedPrincipalsCommandUser: 2195 charptr = &options->authorized_principals_command_user; 2196 2197 arg = strdelim(&cp); 2198 if (!arg || *arg == '\0') 2199 fatal("%s line %d: missing " 2200 "AuthorizedPrincipalsCommandUser argument.", 2201 filename, linenum); 2202 if (*activep && *charptr == NULL) 2203 *charptr = xstrdup(arg); 2204 break; 2205 2206 case sAuthenticationMethods: 2207 if (options->num_auth_methods == 0) { 2208 value = 0; /* seen "any" pseudo-method */ 2209 value2 = 0; /* successfully parsed any method */ 2210 while ((arg = strdelim(&cp)) && *arg != '\0') { 2211 if (strcmp(arg, "any") == 0) { 2212 if (options->num_auth_methods > 0) { 2213 fatal("%s line %d: \"any\" " 2214 "must appear alone in " 2215 "AuthenticationMethods", 2216 filename, linenum); 2217 } 2218 value = 1; 2219 } else if (value) { 2220 fatal("%s line %d: \"any\" must appear " 2221 "alone in AuthenticationMethods", 2222 filename, linenum); 2223 } else if (auth2_methods_valid(arg, 0) != 0) { 2224 fatal("%s line %d: invalid " 2225 "authentication method list.", 2226 filename, linenum); 2227 } 2228 value2 = 1; 2229 if (!*activep) 2230 continue; 2231 array_append(filename, linenum, 2232 "AuthenticationMethods", 2233 &options->auth_methods, 2234 &options->num_auth_methods, arg); 2235 } 2236 if (value2 == 0) { 2237 fatal("%s line %d: no AuthenticationMethods " 2238 "specified", filename, linenum); 2239 } 2240 } 2241 return 0; 2242 2243 case sStreamLocalBindMask: 2244 arg = strdelim(&cp); 2245 if (!arg || *arg == '\0') 2246 fatal("%s line %d: missing StreamLocalBindMask " 2247 "argument.", filename, linenum); 2248 /* Parse mode in octal format */ 2249 value = strtol(arg, &p, 8); 2250 if (arg == p || value < 0 || value > 0777) 2251 fatal("%s line %d: Bad mask.", filename, linenum); 2252 if (*activep) 2253 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 2254 break; 2255 2256 case sStreamLocalBindUnlink: 2257 intptr = &options->fwd_opts.streamlocal_bind_unlink; 2258 goto parse_flag; 2259 2260 case sFingerprintHash: 2261 arg = strdelim(&cp); 2262 if (!arg || *arg == '\0') 2263 fatal("%.200s line %d: Missing argument.", 2264 filename, linenum); 2265 if ((value = ssh_digest_alg_by_name(arg)) == -1) 2266 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 2267 filename, linenum, arg); 2268 if (*activep) 2269 options->fingerprint_hash = value; 2270 break; 2271 2272 case sExposeAuthInfo: 2273 intptr = &options->expose_userauth_info; 2274 goto parse_flag; 2275 2276 case sRDomain: 2277 charptr = &options->routing_domain; 2278 arg = strdelim(&cp); 2279 if (!arg || *arg == '\0') 2280 fatal("%.200s line %d: Missing argument.", 2281 filename, linenum); 2282 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && 2283 !valid_rdomain(arg)) 2284 fatal("%s line %d: bad routing domain", 2285 filename, linenum); 2286 if (*activep && *charptr == NULL) 2287 *charptr = xstrdup(arg); 2288 break; 2289 2290 case sDeprecated: 2291 case sIgnore: 2292 case sUnsupported: 2293 do_log2(opcode == sIgnore ? 2294 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 2295 "%s line %d: %s option %s", filename, linenum, 2296 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); 2297 while (arg) 2298 arg = strdelim(&cp); 2299 break; 2300 2301 default: 2302 fatal("%s line %d: Missing handler for opcode %s (%d)", 2303 filename, linenum, arg, opcode); 2304 } 2305 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 2306 fatal("%s line %d: garbage at end of line; \"%.200s\".", 2307 filename, linenum, arg); 2308 return 0; 2309 } 2310 2311 int 2312 process_server_config_line(ServerOptions *options, char *line, 2313 const char *filename, int linenum, int *activep, 2314 struct connection_info *connectinfo, struct include_list *includes) 2315 { 2316 int inc_flags = 0; 2317 2318 return process_server_config_line_depth(options, line, filename, 2319 linenum, activep, connectinfo, &inc_flags, 0, includes); 2320 } 2321 2322 2323 /* Reads the server configuration file. */ 2324 2325 void 2326 load_server_config(const char *filename, struct sshbuf *conf) 2327 { 2328 struct stat st; 2329 char *line = NULL, *cp; 2330 size_t linesize = 0; 2331 FILE *f; 2332 int r, lineno = 0; 2333 2334 debug2("%s: filename %s", __func__, filename); 2335 if ((f = fopen(filename, "r")) == NULL) { 2336 perror(filename); 2337 exit(1); 2338 } 2339 sshbuf_reset(conf); 2340 /* grow buffer, so realloc is avoided for large config files */ 2341 if (fstat(fileno(f), &st) == 0 && st.st_size > 0 && 2342 (r = sshbuf_allocate(conf, st.st_size)) != 0) 2343 fatal("%s: allocate failed: %s", __func__, ssh_err(r)); 2344 while (getline(&line, &linesize, f) != -1) { 2345 lineno++; 2346 /* 2347 * Trim out comments and strip whitespace 2348 * NB - preserve newlines, they are needed to reproduce 2349 * line numbers later for error messages 2350 */ 2351 if ((cp = strchr(line, '#')) != NULL) 2352 memcpy(cp, "\n", 2); 2353 cp = line + strspn(line, " \t\r"); 2354 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) 2355 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2356 } 2357 free(line); 2358 if ((r = sshbuf_put_u8(conf, 0)) != 0) 2359 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2360 fclose(f); 2361 debug2("%s: done config len = %zu", __func__, sshbuf_len(conf)); 2362 } 2363 2364 void 2365 parse_server_match_config(ServerOptions *options, 2366 struct include_list *includes, struct connection_info *connectinfo) 2367 { 2368 ServerOptions mo; 2369 2370 initialize_server_options(&mo); 2371 parse_server_config(&mo, "reprocess config", cfg, includes, 2372 connectinfo); 2373 copy_set_server_options(options, &mo, 0); 2374 } 2375 2376 int parse_server_match_testspec(struct connection_info *ci, char *spec) 2377 { 2378 char *p; 2379 2380 while ((p = strsep(&spec, ",")) && *p != '\0') { 2381 if (strncmp(p, "addr=", 5) == 0) { 2382 ci->address = xstrdup(p + 5); 2383 } else if (strncmp(p, "host=", 5) == 0) { 2384 ci->host = xstrdup(p + 5); 2385 } else if (strncmp(p, "user=", 5) == 0) { 2386 ci->user = xstrdup(p + 5); 2387 } else if (strncmp(p, "laddr=", 6) == 0) { 2388 ci->laddress = xstrdup(p + 6); 2389 } else if (strncmp(p, "rdomain=", 8) == 0) { 2390 ci->rdomain = xstrdup(p + 8); 2391 } else if (strncmp(p, "lport=", 6) == 0) { 2392 ci->lport = a2port(p + 6); 2393 if (ci->lport == -1) { 2394 fprintf(stderr, "Invalid port '%s' in test mode" 2395 " specification %s\n", p+6, p); 2396 return -1; 2397 } 2398 } else { 2399 fprintf(stderr, "Invalid test mode specification %s\n", 2400 p); 2401 return -1; 2402 } 2403 } 2404 return 0; 2405 } 2406 2407 /* 2408 * Copy any supported values that are set. 2409 * 2410 * If the preauth flag is set, we do not bother copying the string or 2411 * array values that are not used pre-authentication, because any that we 2412 * do use must be explicitly sent in mm_getpwnamallow(). 2413 */ 2414 void 2415 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 2416 { 2417 #define M_CP_INTOPT(n) do {\ 2418 if (src->n != -1) \ 2419 dst->n = src->n; \ 2420 } while (0) 2421 2422 M_CP_INTOPT(password_authentication); 2423 M_CP_INTOPT(gss_authentication); 2424 M_CP_INTOPT(pubkey_authentication); 2425 M_CP_INTOPT(pubkey_auth_options); 2426 M_CP_INTOPT(kerberos_authentication); 2427 M_CP_INTOPT(hostbased_authentication); 2428 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 2429 M_CP_INTOPT(kbd_interactive_authentication); 2430 M_CP_INTOPT(permit_root_login); 2431 M_CP_INTOPT(permit_empty_passwd); 2432 M_CP_INTOPT(ignore_rhosts); 2433 2434 M_CP_INTOPT(allow_tcp_forwarding); 2435 M_CP_INTOPT(allow_streamlocal_forwarding); 2436 M_CP_INTOPT(allow_agent_forwarding); 2437 M_CP_INTOPT(disable_forwarding); 2438 M_CP_INTOPT(expose_userauth_info); 2439 M_CP_INTOPT(permit_tun); 2440 M_CP_INTOPT(fwd_opts.gateway_ports); 2441 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2442 M_CP_INTOPT(x11_display_offset); 2443 M_CP_INTOPT(x11_forwarding); 2444 M_CP_INTOPT(x11_use_localhost); 2445 M_CP_INTOPT(permit_tty); 2446 M_CP_INTOPT(permit_user_rc); 2447 M_CP_INTOPT(max_sessions); 2448 M_CP_INTOPT(max_authtries); 2449 M_CP_INTOPT(client_alive_count_max); 2450 M_CP_INTOPT(client_alive_interval); 2451 M_CP_INTOPT(ip_qos_interactive); 2452 M_CP_INTOPT(ip_qos_bulk); 2453 M_CP_INTOPT(rekey_limit); 2454 M_CP_INTOPT(rekey_interval); 2455 M_CP_INTOPT(log_level); 2456 2457 /* 2458 * The bind_mask is a mode_t that may be unsigned, so we can't use 2459 * M_CP_INTOPT - it does a signed comparison that causes compiler 2460 * warnings. 2461 */ 2462 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 2463 dst->fwd_opts.streamlocal_bind_mask = 2464 src->fwd_opts.streamlocal_bind_mask; 2465 } 2466 2467 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2468 #define M_CP_STROPT(n) do {\ 2469 if (src->n != NULL && dst->n != src->n) { \ 2470 free(dst->n); \ 2471 dst->n = src->n; \ 2472 } \ 2473 } while(0) 2474 #define M_CP_STRARRAYOPT(s, num_s) do {\ 2475 u_int i; \ 2476 if (src->num_s != 0) { \ 2477 for (i = 0; i < dst->num_s; i++) \ 2478 free(dst->s[i]); \ 2479 free(dst->s); \ 2480 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \ 2481 for (i = 0; i < src->num_s; i++) \ 2482 dst->s[i] = xstrdup(src->s[i]); \ 2483 dst->num_s = src->num_s; \ 2484 } \ 2485 } while(0) 2486 2487 /* See comment in servconf.h */ 2488 COPY_MATCH_STRING_OPTS(); 2489 2490 /* Arguments that accept '+...' need to be expanded */ 2491 assemble_algorithms(dst); 2492 2493 /* 2494 * The only things that should be below this point are string options 2495 * which are only used after authentication. 2496 */ 2497 if (preauth) 2498 return; 2499 2500 /* These options may be "none" to clear a global setting */ 2501 M_CP_STROPT(adm_forced_command); 2502 if (option_clear_or_none(dst->adm_forced_command)) { 2503 free(dst->adm_forced_command); 2504 dst->adm_forced_command = NULL; 2505 } 2506 M_CP_STROPT(chroot_directory); 2507 if (option_clear_or_none(dst->chroot_directory)) { 2508 free(dst->chroot_directory); 2509 dst->chroot_directory = NULL; 2510 } 2511 } 2512 2513 #undef M_CP_INTOPT 2514 #undef M_CP_STROPT 2515 #undef M_CP_STRARRAYOPT 2516 2517 #define SERVCONF_MAX_DEPTH 16 2518 static void 2519 parse_server_config_depth(ServerOptions *options, const char *filename, 2520 struct sshbuf *conf, struct include_list *includes, 2521 struct connection_info *connectinfo, int flags, int *activep, int depth) 2522 { 2523 int linenum, bad_options = 0; 2524 char *cp, *obuf, *cbuf; 2525 2526 if (depth < 0 || depth > SERVCONF_MAX_DEPTH) 2527 fatal("Too many recursive configuration includes"); 2528 2529 debug2("%s: config %s len %zu%s", __func__, filename, sshbuf_len(conf), 2530 (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : "")); 2531 2532 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2533 fatal("%s: sshbuf_dup_string failed", __func__); 2534 linenum = 1; 2535 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2536 if (process_server_config_line_depth(options, cp, 2537 filename, linenum++, activep, connectinfo, &flags, 2538 depth, includes) != 0) 2539 bad_options++; 2540 } 2541 free(obuf); 2542 if (bad_options > 0) 2543 fatal("%s: terminating, %d bad configuration options", 2544 filename, bad_options); 2545 } 2546 2547 void 2548 parse_server_config(ServerOptions *options, const char *filename, 2549 struct sshbuf *conf, struct include_list *includes, 2550 struct connection_info *connectinfo) 2551 { 2552 int active = connectinfo ? 0 : 1; 2553 parse_server_config_depth(options, filename, conf, includes, 2554 connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0); 2555 process_queued_listen_addrs(options); 2556 } 2557 2558 static const char * 2559 fmt_multistate_int(int val, const struct multistate *m) 2560 { 2561 u_int i; 2562 2563 for (i = 0; m[i].key != NULL; i++) { 2564 if (m[i].value == val) 2565 return m[i].key; 2566 } 2567 return "UNKNOWN"; 2568 } 2569 2570 static const char * 2571 fmt_intarg(ServerOpCodes code, int val) 2572 { 2573 if (val == -1) 2574 return "unset"; 2575 switch (code) { 2576 case sAddressFamily: 2577 return fmt_multistate_int(val, multistate_addressfamily); 2578 case sPermitRootLogin: 2579 return fmt_multistate_int(val, multistate_permitrootlogin); 2580 case sGatewayPorts: 2581 return fmt_multistate_int(val, multistate_gatewayports); 2582 case sCompression: 2583 return fmt_multistate_int(val, multistate_compression); 2584 case sAllowTcpForwarding: 2585 return fmt_multistate_int(val, multistate_tcpfwd); 2586 case sAllowStreamLocalForwarding: 2587 return fmt_multistate_int(val, multistate_tcpfwd); 2588 case sIgnoreRhosts: 2589 return fmt_multistate_int(val, multistate_ignore_rhosts); 2590 case sFingerprintHash: 2591 return ssh_digest_alg_name(val); 2592 default: 2593 switch (val) { 2594 case 0: 2595 return "no"; 2596 case 1: 2597 return "yes"; 2598 default: 2599 return "UNKNOWN"; 2600 } 2601 } 2602 } 2603 2604 static void 2605 dump_cfg_int(ServerOpCodes code, int val) 2606 { 2607 printf("%s %d\n", lookup_opcode_name(code), val); 2608 } 2609 2610 static void 2611 dump_cfg_oct(ServerOpCodes code, int val) 2612 { 2613 printf("%s 0%o\n", lookup_opcode_name(code), val); 2614 } 2615 2616 static void 2617 dump_cfg_fmtint(ServerOpCodes code, int val) 2618 { 2619 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2620 } 2621 2622 static void 2623 dump_cfg_string(ServerOpCodes code, const char *val) 2624 { 2625 printf("%s %s\n", lookup_opcode_name(code), 2626 val == NULL ? "none" : val); 2627 } 2628 2629 static void 2630 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2631 { 2632 u_int i; 2633 2634 for (i = 0; i < count; i++) 2635 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2636 } 2637 2638 static void 2639 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2640 { 2641 u_int i; 2642 2643 if (count <= 0 && code != sAuthenticationMethods) 2644 return; 2645 printf("%s", lookup_opcode_name(code)); 2646 for (i = 0; i < count; i++) 2647 printf(" %s", vals[i]); 2648 if (code == sAuthenticationMethods && count == 0) 2649 printf(" any"); 2650 printf("\n"); 2651 } 2652 2653 static char * 2654 format_listen_addrs(struct listenaddr *la) 2655 { 2656 int r; 2657 struct addrinfo *ai; 2658 char addr[NI_MAXHOST], port[NI_MAXSERV]; 2659 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2660 2661 /* 2662 * ListenAddress must be after Port. add_one_listen_addr pushes 2663 * addresses onto a stack, so to maintain ordering we need to 2664 * print these in reverse order. 2665 */ 2666 for (ai = la->addrs; ai; ai = ai->ai_next) { 2667 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2668 sizeof(addr), port, sizeof(port), 2669 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2670 error("getnameinfo: %.100s", ssh_gai_strerror(r)); 2671 continue; 2672 } 2673 laddr2 = laddr1; 2674 if (ai->ai_family == AF_INET6) { 2675 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s", 2676 addr, port, 2677 la->rdomain == NULL ? "" : " rdomain ", 2678 la->rdomain == NULL ? "" : la->rdomain, 2679 laddr2); 2680 } else { 2681 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s", 2682 addr, port, 2683 la->rdomain == NULL ? "" : " rdomain ", 2684 la->rdomain == NULL ? "" : la->rdomain, 2685 laddr2); 2686 } 2687 free(laddr2); 2688 } 2689 return laddr1; 2690 } 2691 2692 void 2693 dump_config(ServerOptions *o) 2694 { 2695 char *s; 2696 u_int i; 2697 2698 /* these are usually at the top of the config */ 2699 for (i = 0; i < o->num_ports; i++) 2700 printf("port %d\n", o->ports[i]); 2701 dump_cfg_fmtint(sAddressFamily, o->address_family); 2702 2703 for (i = 0; i < o->num_listen_addrs; i++) { 2704 s = format_listen_addrs(&o->listen_addrs[i]); 2705 printf("%s", s); 2706 free(s); 2707 } 2708 2709 /* integer arguments */ 2710 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2711 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2712 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2713 dump_cfg_int(sMaxSessions, o->max_sessions); 2714 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2715 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2716 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2717 2718 /* formatted integer arguments */ 2719 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2720 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2721 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2722 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2723 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2724 o->hostbased_uses_name_from_packet_only); 2725 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2726 #ifdef KRB5 2727 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2728 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2729 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2730 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2731 #endif 2732 #ifdef GSSAPI 2733 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2734 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2735 #endif 2736 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2737 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2738 o->kbd_interactive_authentication); 2739 dump_cfg_fmtint(sChallengeResponseAuthentication, 2740 o->challenge_response_authentication); 2741 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2742 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2743 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2744 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2745 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2746 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2747 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2748 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2749 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2750 dump_cfg_fmtint(sCompression, o->compression); 2751 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2752 dump_cfg_fmtint(sUseDNS, o->use_dns); 2753 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2754 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2755 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2756 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2757 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2758 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2759 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); 2760 2761 /* string arguments */ 2762 dump_cfg_string(sPidFile, o->pid_file); 2763 dump_cfg_string(sXAuthLocation, o->xauth_location); 2764 dump_cfg_string(sCiphers, o->ciphers); 2765 dump_cfg_string(sMacs, o->macs); 2766 dump_cfg_string(sBanner, o->banner); 2767 dump_cfg_string(sForceCommand, o->adm_forced_command); 2768 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2769 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2770 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2771 dump_cfg_string(sSecurityKeyProvider, o->sk_provider); 2772 dump_cfg_string(sAuthorizedPrincipalsFile, 2773 o->authorized_principals_file); 2774 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2775 ? "none" : o->version_addendum); 2776 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2777 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2778 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2779 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2780 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2781 dump_cfg_string(sKexAlgorithms, o->kex_algorithms); 2782 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms); 2783 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types); 2784 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms); 2785 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types); 2786 dump_cfg_string(sRDomain, o->routing_domain); 2787 2788 /* string arguments requiring a lookup */ 2789 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2790 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2791 2792 /* string array arguments */ 2793 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2794 o->authorized_keys_files); 2795 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2796 o->host_key_files); 2797 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2798 o->host_cert_files); 2799 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2800 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2801 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2802 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2803 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2804 dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv); 2805 dump_cfg_strarray_oneline(sAuthenticationMethods, 2806 o->num_auth_methods, o->auth_methods); 2807 2808 /* other arguments */ 2809 for (i = 0; i < o->num_subsystems; i++) 2810 printf("subsystem %s %s\n", o->subsystem_name[i], 2811 o->subsystem_args[i]); 2812 2813 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2814 o->max_startups_rate, o->max_startups); 2815 2816 s = NULL; 2817 for (i = 0; tunmode_desc[i].val != -1; i++) { 2818 if (tunmode_desc[i].val == o->permit_tun) { 2819 s = tunmode_desc[i].text; 2820 break; 2821 } 2822 } 2823 dump_cfg_string(sPermitTunnel, s); 2824 2825 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2826 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2827 2828 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2829 o->rekey_interval); 2830 2831 printf("permitopen"); 2832 if (o->num_permitted_opens == 0) 2833 printf(" any"); 2834 else { 2835 for (i = 0; i < o->num_permitted_opens; i++) 2836 printf(" %s", o->permitted_opens[i]); 2837 } 2838 printf("\n"); 2839 printf("permitlisten"); 2840 if (o->num_permitted_listens == 0) 2841 printf(" any"); 2842 else { 2843 for (i = 0; i < o->num_permitted_listens; i++) 2844 printf(" %s", o->permitted_listens[i]); 2845 } 2846 printf("\n"); 2847 2848 if (o->permit_user_env_allowlist == NULL) { 2849 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2850 } else { 2851 printf("permituserenvironment %s\n", 2852 o->permit_user_env_allowlist); 2853 } 2854 2855 printf("pubkeyauthoptions"); 2856 if (o->pubkey_auth_options == 0) 2857 printf(" none"); 2858 if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED) 2859 printf(" touch-required"); 2860 printf("\n"); 2861 } 2862