1 2 /* $OpenBSD: servconf.c,v 1.363 2020/04/17 03:30:05 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include "includes.h" 15 16 #include <sys/types.h> 17 #include <sys/socket.h> 18 #ifdef __OpenBSD__ 19 #include <sys/sysctl.h> 20 #endif 21 22 #include <netinet/in.h> 23 #include <netinet/in_systm.h> 24 #include <netinet/ip.h> 25 #ifdef HAVE_NET_ROUTE_H 26 #include <net/route.h> 27 #endif 28 29 #include <ctype.h> 30 #include <netdb.h> 31 #include <pwd.h> 32 #include <stdio.h> 33 #include <stdlib.h> 34 #include <string.h> 35 #include <signal.h> 36 #include <unistd.h> 37 #include <limits.h> 38 #include <stdarg.h> 39 #include <errno.h> 40 #ifdef HAVE_UTIL_H 41 #include <util.h> 42 #endif 43 #ifdef USE_SYSTEM_GLOB 44 # include <glob.h> 45 #else 46 # include "openbsd-compat/glob.h" 47 #endif 48 49 #include "openbsd-compat/sys-queue.h" 50 #include "xmalloc.h" 51 #include "ssh.h" 52 #include "log.h" 53 #include "sshbuf.h" 54 #include "misc.h" 55 #include "servconf.h" 56 #include "compat.h" 57 #include "pathnames.h" 58 #include "cipher.h" 59 #include "sshkey.h" 60 #include "kex.h" 61 #include "mac.h" 62 #include "match.h" 63 #include "channels.h" 64 #include "groupaccess.h" 65 #include "canohost.h" 66 #include "packet.h" 67 #include "ssherr.h" 68 #include "hostfile.h" 69 #include "auth.h" 70 #include "myproposal.h" 71 #include "digest.h" 72 73 static void add_listen_addr(ServerOptions *, const char *, 74 const char *, int); 75 static void add_one_listen_addr(ServerOptions *, const char *, 76 const char *, int); 77 void parse_server_config_depth(ServerOptions *options, const char *filename, 78 struct sshbuf *conf, struct include_list *includes, 79 struct connection_info *connectinfo, int flags, int *activep, int depth); 80 81 /* Use of privilege separation or not */ 82 extern int use_privsep; 83 extern struct sshbuf *cfg; 84 85 /* Initializes the server options to their default values. */ 86 87 void 88 initialize_server_options(ServerOptions *options) 89 { 90 memset(options, 0, sizeof(*options)); 91 92 /* Portable-specific options */ 93 options->use_pam = -1; 94 95 /* Standard Options */ 96 options->num_ports = 0; 97 options->ports_from_cmdline = 0; 98 options->queued_listen_addrs = NULL; 99 options->num_queued_listens = 0; 100 options->listen_addrs = NULL; 101 options->num_listen_addrs = 0; 102 options->address_family = -1; 103 options->routing_domain = NULL; 104 options->num_host_key_files = 0; 105 options->num_host_cert_files = 0; 106 options->host_key_agent = NULL; 107 options->pid_file = NULL; 108 options->login_grace_time = -1; 109 options->permit_root_login = PERMIT_NOT_SET; 110 options->ignore_rhosts = -1; 111 options->ignore_user_known_hosts = -1; 112 options->print_motd = -1; 113 options->print_lastlog = -1; 114 options->x11_forwarding = -1; 115 options->x11_display_offset = -1; 116 options->x11_use_localhost = -1; 117 options->permit_tty = -1; 118 options->permit_user_rc = -1; 119 options->xauth_location = NULL; 120 options->strict_modes = -1; 121 options->tcp_keep_alive = -1; 122 options->log_facility = SYSLOG_FACILITY_NOT_SET; 123 options->log_level = SYSLOG_LEVEL_NOT_SET; 124 options->hostbased_authentication = -1; 125 options->hostbased_uses_name_from_packet_only = -1; 126 options->hostbased_key_types = NULL; 127 options->hostkeyalgorithms = NULL; 128 options->pubkey_authentication = -1; 129 options->pubkey_auth_options = -1; 130 options->pubkey_key_types = NULL; 131 options->kerberos_authentication = -1; 132 options->kerberos_or_local_passwd = -1; 133 options->kerberos_ticket_cleanup = -1; 134 options->kerberos_get_afs_token = -1; 135 options->gss_authentication=-1; 136 options->gss_cleanup_creds = -1; 137 options->gss_strict_acceptor = -1; 138 options->password_authentication = -1; 139 options->kbd_interactive_authentication = -1; 140 options->challenge_response_authentication = -1; 141 options->permit_empty_passwd = -1; 142 options->permit_user_env = -1; 143 options->permit_user_env_whitelist = NULL; 144 options->compression = -1; 145 options->rekey_limit = -1; 146 options->rekey_interval = -1; 147 options->allow_tcp_forwarding = -1; 148 options->allow_streamlocal_forwarding = -1; 149 options->allow_agent_forwarding = -1; 150 options->num_allow_users = 0; 151 options->num_deny_users = 0; 152 options->num_allow_groups = 0; 153 options->num_deny_groups = 0; 154 options->ciphers = NULL; 155 options->macs = NULL; 156 options->kex_algorithms = NULL; 157 options->ca_sign_algorithms = NULL; 158 options->fwd_opts.gateway_ports = -1; 159 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 160 options->fwd_opts.streamlocal_bind_unlink = -1; 161 options->num_subsystems = 0; 162 options->max_startups_begin = -1; 163 options->max_startups_rate = -1; 164 options->max_startups = -1; 165 options->max_authtries = -1; 166 options->max_sessions = -1; 167 options->banner = NULL; 168 options->use_dns = -1; 169 options->client_alive_interval = -1; 170 options->client_alive_count_max = -1; 171 options->num_authkeys_files = 0; 172 options->num_accept_env = 0; 173 options->num_setenv = 0; 174 options->permit_tun = -1; 175 options->permitted_opens = NULL; 176 options->permitted_listens = NULL; 177 options->adm_forced_command = NULL; 178 options->chroot_directory = NULL; 179 options->authorized_keys_command = NULL; 180 options->authorized_keys_command_user = NULL; 181 options->revoked_keys_file = NULL; 182 options->sk_provider = NULL; 183 options->trusted_user_ca_keys = NULL; 184 options->authorized_principals_file = NULL; 185 options->authorized_principals_command = NULL; 186 options->authorized_principals_command_user = NULL; 187 options->ip_qos_interactive = -1; 188 options->ip_qos_bulk = -1; 189 options->version_addendum = NULL; 190 options->fingerprint_hash = -1; 191 options->disable_forwarding = -1; 192 options->expose_userauth_info = -1; 193 } 194 195 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 196 static int 197 option_clear_or_none(const char *o) 198 { 199 return o == NULL || strcasecmp(o, "none") == 0; 200 } 201 202 static void 203 assemble_algorithms(ServerOptions *o) 204 { 205 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 206 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; 207 int r; 208 209 all_cipher = cipher_alg_list(',', 0); 210 all_mac = mac_alg_list(','); 211 all_kex = kex_alg_list(','); 212 all_key = sshkey_alg_list(0, 0, 1, ','); 213 all_sig = sshkey_alg_list(0, 1, 1, ','); 214 /* remove unsupported algos from default lists */ 215 def_cipher = match_filter_whitelist(KEX_SERVER_ENCRYPT, all_cipher); 216 def_mac = match_filter_whitelist(KEX_SERVER_MAC, all_mac); 217 def_kex = match_filter_whitelist(KEX_SERVER_KEX, all_kex); 218 def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key); 219 def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig); 220 #define ASSEMBLE(what, defaults, all) \ 221 do { \ 222 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ 223 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ 224 } while (0) 225 ASSEMBLE(ciphers, def_cipher, all_cipher); 226 ASSEMBLE(macs, def_mac, all_mac); 227 ASSEMBLE(kex_algorithms, def_kex, all_kex); 228 ASSEMBLE(hostkeyalgorithms, def_key, all_key); 229 ASSEMBLE(hostbased_key_types, def_key, all_key); 230 ASSEMBLE(pubkey_key_types, def_key, all_key); 231 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); 232 #undef ASSEMBLE 233 free(all_cipher); 234 free(all_mac); 235 free(all_kex); 236 free(all_key); 237 free(all_sig); 238 free(def_cipher); 239 free(def_mac); 240 free(def_kex); 241 free(def_key); 242 free(def_sig); 243 } 244 245 static void 246 array_append2(const char *file, const int line, const char *directive, 247 char ***array, int **iarray, u_int *lp, const char *s, int i) 248 { 249 250 if (*lp >= INT_MAX) 251 fatal("%s line %d: Too many %s entries", file, line, directive); 252 253 if (iarray != NULL) { 254 *iarray = xrecallocarray(*iarray, *lp, *lp + 1, 255 sizeof(**iarray)); 256 (*iarray)[*lp] = i; 257 } 258 259 *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array)); 260 (*array)[*lp] = xstrdup(s); 261 (*lp)++; 262 } 263 264 static void 265 array_append(const char *file, const int line, const char *directive, 266 char ***array, u_int *lp, const char *s) 267 { 268 array_append2(file, line, directive, array, NULL, lp, s, 0); 269 } 270 271 void 272 servconf_add_hostkey(const char *file, const int line, 273 ServerOptions *options, const char *path, int userprovided) 274 { 275 char *apath = derelativise_path(path); 276 277 array_append2(file, line, "HostKey", 278 &options->host_key_files, &options->host_key_file_userprovided, 279 &options->num_host_key_files, apath, userprovided); 280 free(apath); 281 } 282 283 void 284 servconf_add_hostcert(const char *file, const int line, 285 ServerOptions *options, const char *path) 286 { 287 char *apath = derelativise_path(path); 288 289 array_append(file, line, "HostCertificate", 290 &options->host_cert_files, &options->num_host_cert_files, apath); 291 free(apath); 292 } 293 294 void 295 fill_default_server_options(ServerOptions *options) 296 { 297 u_int i; 298 299 /* Portable-specific options */ 300 if (options->use_pam == -1) 301 options->use_pam = 0; 302 303 /* Standard Options */ 304 if (options->num_host_key_files == 0) { 305 /* fill default hostkeys for protocols */ 306 servconf_add_hostkey("[default]", 0, options, 307 _PATH_HOST_RSA_KEY_FILE, 0); 308 #ifdef OPENSSL_HAS_ECC 309 servconf_add_hostkey("[default]", 0, options, 310 _PATH_HOST_ECDSA_KEY_FILE, 0); 311 #endif 312 servconf_add_hostkey("[default]", 0, options, 313 _PATH_HOST_ED25519_KEY_FILE, 0); 314 #ifdef WITH_XMSS 315 servconf_add_hostkey("[default]", 0, options, 316 _PATH_HOST_XMSS_KEY_FILE, 0); 317 #endif /* WITH_XMSS */ 318 } 319 /* No certificates by default */ 320 if (options->num_ports == 0) 321 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 322 if (options->address_family == -1) 323 options->address_family = AF_UNSPEC; 324 if (options->listen_addrs == NULL) 325 add_listen_addr(options, NULL, NULL, 0); 326 if (options->pid_file == NULL) 327 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 328 if (options->login_grace_time == -1) 329 options->login_grace_time = 120; 330 if (options->permit_root_login == PERMIT_NOT_SET) 331 options->permit_root_login = PERMIT_NO_PASSWD; 332 if (options->ignore_rhosts == -1) 333 options->ignore_rhosts = 1; 334 if (options->ignore_user_known_hosts == -1) 335 options->ignore_user_known_hosts = 0; 336 if (options->print_motd == -1) 337 options->print_motd = 1; 338 if (options->print_lastlog == -1) 339 options->print_lastlog = 1; 340 if (options->x11_forwarding == -1) 341 options->x11_forwarding = 0; 342 if (options->x11_display_offset == -1) 343 options->x11_display_offset = 10; 344 if (options->x11_use_localhost == -1) 345 options->x11_use_localhost = 1; 346 if (options->xauth_location == NULL) 347 options->xauth_location = xstrdup(_PATH_XAUTH); 348 if (options->permit_tty == -1) 349 options->permit_tty = 1; 350 if (options->permit_user_rc == -1) 351 options->permit_user_rc = 1; 352 if (options->strict_modes == -1) 353 options->strict_modes = 1; 354 if (options->tcp_keep_alive == -1) 355 options->tcp_keep_alive = 1; 356 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 357 options->log_facility = SYSLOG_FACILITY_AUTH; 358 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 359 options->log_level = SYSLOG_LEVEL_INFO; 360 if (options->hostbased_authentication == -1) 361 options->hostbased_authentication = 0; 362 if (options->hostbased_uses_name_from_packet_only == -1) 363 options->hostbased_uses_name_from_packet_only = 0; 364 if (options->pubkey_authentication == -1) 365 options->pubkey_authentication = 1; 366 if (options->pubkey_auth_options == -1) 367 options->pubkey_auth_options = 0; 368 if (options->kerberos_authentication == -1) 369 options->kerberos_authentication = 0; 370 if (options->kerberos_or_local_passwd == -1) 371 options->kerberos_or_local_passwd = 1; 372 if (options->kerberos_ticket_cleanup == -1) 373 options->kerberos_ticket_cleanup = 1; 374 if (options->kerberos_get_afs_token == -1) 375 options->kerberos_get_afs_token = 0; 376 if (options->gss_authentication == -1) 377 options->gss_authentication = 0; 378 if (options->gss_cleanup_creds == -1) 379 options->gss_cleanup_creds = 1; 380 if (options->gss_strict_acceptor == -1) 381 options->gss_strict_acceptor = 1; 382 if (options->password_authentication == -1) 383 options->password_authentication = 1; 384 if (options->kbd_interactive_authentication == -1) 385 options->kbd_interactive_authentication = 0; 386 if (options->challenge_response_authentication == -1) 387 options->challenge_response_authentication = 1; 388 if (options->permit_empty_passwd == -1) 389 options->permit_empty_passwd = 0; 390 if (options->permit_user_env == -1) { 391 options->permit_user_env = 0; 392 options->permit_user_env_whitelist = NULL; 393 } 394 if (options->compression == -1) 395 #ifdef WITH_ZLIB 396 options->compression = COMP_DELAYED; 397 #else 398 options->compression = COMP_NONE; 399 #endif 400 401 if (options->rekey_limit == -1) 402 options->rekey_limit = 0; 403 if (options->rekey_interval == -1) 404 options->rekey_interval = 0; 405 if (options->allow_tcp_forwarding == -1) 406 options->allow_tcp_forwarding = FORWARD_ALLOW; 407 if (options->allow_streamlocal_forwarding == -1) 408 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 409 if (options->allow_agent_forwarding == -1) 410 options->allow_agent_forwarding = 1; 411 if (options->fwd_opts.gateway_ports == -1) 412 options->fwd_opts.gateway_ports = 0; 413 if (options->max_startups == -1) 414 options->max_startups = 100; 415 if (options->max_startups_rate == -1) 416 options->max_startups_rate = 30; /* 30% */ 417 if (options->max_startups_begin == -1) 418 options->max_startups_begin = 10; 419 if (options->max_authtries == -1) 420 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 421 if (options->max_sessions == -1) 422 options->max_sessions = DEFAULT_SESSIONS_MAX; 423 if (options->use_dns == -1) 424 options->use_dns = 0; 425 if (options->client_alive_interval == -1) 426 options->client_alive_interval = 0; 427 if (options->client_alive_count_max == -1) 428 options->client_alive_count_max = 3; 429 if (options->num_authkeys_files == 0) { 430 array_append("[default]", 0, "AuthorizedKeysFiles", 431 &options->authorized_keys_files, 432 &options->num_authkeys_files, 433 _PATH_SSH_USER_PERMITTED_KEYS); 434 array_append("[default]", 0, "AuthorizedKeysFiles", 435 &options->authorized_keys_files, 436 &options->num_authkeys_files, 437 _PATH_SSH_USER_PERMITTED_KEYS2); 438 } 439 if (options->permit_tun == -1) 440 options->permit_tun = SSH_TUNMODE_NO; 441 if (options->ip_qos_interactive == -1) 442 options->ip_qos_interactive = IPTOS_DSCP_AF21; 443 if (options->ip_qos_bulk == -1) 444 options->ip_qos_bulk = IPTOS_DSCP_CS1; 445 if (options->version_addendum == NULL) 446 options->version_addendum = xstrdup(""); 447 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 448 options->fwd_opts.streamlocal_bind_mask = 0177; 449 if (options->fwd_opts.streamlocal_bind_unlink == -1) 450 options->fwd_opts.streamlocal_bind_unlink = 0; 451 if (options->fingerprint_hash == -1) 452 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 453 if (options->disable_forwarding == -1) 454 options->disable_forwarding = 0; 455 if (options->expose_userauth_info == -1) 456 options->expose_userauth_info = 0; 457 if (options->sk_provider == NULL) 458 options->sk_provider = xstrdup("internal"); 459 460 assemble_algorithms(options); 461 462 /* Turn privilege separation and sandboxing on by default */ 463 if (use_privsep == -1) 464 use_privsep = PRIVSEP_ON; 465 466 #define CLEAR_ON_NONE(v) \ 467 do { \ 468 if (option_clear_or_none(v)) { \ 469 free(v); \ 470 v = NULL; \ 471 } \ 472 } while(0) 473 CLEAR_ON_NONE(options->pid_file); 474 CLEAR_ON_NONE(options->xauth_location); 475 CLEAR_ON_NONE(options->banner); 476 CLEAR_ON_NONE(options->trusted_user_ca_keys); 477 CLEAR_ON_NONE(options->revoked_keys_file); 478 CLEAR_ON_NONE(options->sk_provider); 479 CLEAR_ON_NONE(options->authorized_principals_file); 480 CLEAR_ON_NONE(options->adm_forced_command); 481 CLEAR_ON_NONE(options->chroot_directory); 482 CLEAR_ON_NONE(options->routing_domain); 483 CLEAR_ON_NONE(options->host_key_agent); 484 for (i = 0; i < options->num_host_key_files; i++) 485 CLEAR_ON_NONE(options->host_key_files[i]); 486 for (i = 0; i < options->num_host_cert_files; i++) 487 CLEAR_ON_NONE(options->host_cert_files[i]); 488 #undef CLEAR_ON_NONE 489 490 /* Similar handling for AuthenticationMethods=any */ 491 if (options->num_auth_methods == 1 && 492 strcmp(options->auth_methods[0], "any") == 0) { 493 free(options->auth_methods[0]); 494 options->auth_methods[0] = NULL; 495 options->num_auth_methods = 0; 496 } 497 498 #ifndef HAVE_MMAP 499 if (use_privsep && options->compression == 1) { 500 error("This platform does not support both privilege " 501 "separation and compression"); 502 error("Compression disabled"); 503 options->compression = 0; 504 } 505 #endif 506 } 507 508 /* Keyword tokens. */ 509 typedef enum { 510 sBadOption, /* == unknown option */ 511 /* Portable-specific options */ 512 sUsePAM, 513 /* Standard Options */ 514 sPort, sHostKeyFile, sLoginGraceTime, 515 sPermitRootLogin, sLogFacility, sLogLevel, 516 sRhostsRSAAuthentication, sRSAAuthentication, 517 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 518 sKerberosGetAFSToken, sChallengeResponseAuthentication, 519 sPasswordAuthentication, sKbdInteractiveAuthentication, 520 sListenAddress, sAddressFamily, 521 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 522 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 523 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 524 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 525 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 526 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, 527 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 528 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 529 sBanner, sUseDNS, sHostbasedAuthentication, 530 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, 531 sHostKeyAlgorithms, 532 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 533 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 534 sAcceptEnv, sSetEnv, sPermitTunnel, 535 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 536 sUsePrivilegeSeparation, sAllowAgentForwarding, 537 sHostCertificate, sInclude, 538 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 539 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 540 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, 541 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 542 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 543 sStreamLocalBindMask, sStreamLocalBindUnlink, 544 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 545 sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, 546 sDeprecated, sIgnore, sUnsupported 547 } ServerOpCodes; 548 549 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */ 550 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 551 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 552 #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ 553 554 /* Textual representation of the tokens. */ 555 static struct { 556 const char *name; 557 ServerOpCodes opcode; 558 u_int flags; 559 } keywords[] = { 560 /* Portable-specific options */ 561 #ifdef USE_PAM 562 { "usepam", sUsePAM, SSHCFG_GLOBAL }, 563 #else 564 { "usepam", sUnsupported, SSHCFG_GLOBAL }, 565 #endif 566 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, 567 /* Standard Options */ 568 { "port", sPort, SSHCFG_GLOBAL }, 569 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 570 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 571 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 572 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 573 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 574 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 575 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 576 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 577 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 578 { "loglevel", sLogLevel, SSHCFG_ALL }, 579 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 580 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 581 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 582 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 583 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 584 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 585 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 586 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 587 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 588 { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL }, 589 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 590 #ifdef KRB5 591 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 592 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 593 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 594 #ifdef USE_AFS 595 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 596 #else 597 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 598 #endif 599 #else 600 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 601 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 602 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 603 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 604 #endif 605 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 606 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 607 #ifdef GSSAPI 608 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 609 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 610 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 611 #else 612 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 613 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 614 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 615 #endif 616 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 617 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 618 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 619 { "skeyauthentication", sDeprecated, SSHCFG_GLOBAL }, 620 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 621 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 622 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 623 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 624 #ifdef DISABLE_LASTLOG 625 { "printlastlog", sUnsupported, SSHCFG_GLOBAL }, 626 #else 627 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 628 #endif 629 { "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL }, 630 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 631 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 632 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 633 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 634 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 635 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 636 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 637 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 638 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 639 { "compression", sCompression, SSHCFG_GLOBAL }, 640 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 641 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 642 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 643 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 644 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 645 { "allowusers", sAllowUsers, SSHCFG_ALL }, 646 { "denyusers", sDenyUsers, SSHCFG_ALL }, 647 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 648 { "denygroups", sDenyGroups, SSHCFG_ALL }, 649 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 650 { "macs", sMacs, SSHCFG_GLOBAL }, 651 { "protocol", sIgnore, SSHCFG_GLOBAL }, 652 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 653 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 654 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 655 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 656 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 657 { "banner", sBanner, SSHCFG_ALL }, 658 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 659 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 660 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 661 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 662 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 663 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 664 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 665 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, 666 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 667 { "setenv", sSetEnv, SSHCFG_ALL }, 668 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 669 { "permittty", sPermitTTY, SSHCFG_ALL }, 670 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 671 { "match", sMatch, SSHCFG_ALL }, 672 { "permitopen", sPermitOpen, SSHCFG_ALL }, 673 { "permitlisten", sPermitListen, SSHCFG_ALL }, 674 { "forcecommand", sForceCommand, SSHCFG_ALL }, 675 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 676 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 677 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 678 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 679 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 680 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 681 { "include", sInclude, SSHCFG_ALL }, 682 { "ipqos", sIPQoS, SSHCFG_ALL }, 683 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 684 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 685 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 686 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 687 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 688 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 689 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 690 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 691 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 692 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 693 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 694 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, 695 { "rdomain", sRDomain, SSHCFG_ALL }, 696 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, 697 { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, 698 { NULL, sBadOption, 0 } 699 }; 700 701 static struct { 702 int val; 703 char *text; 704 } tunmode_desc[] = { 705 { SSH_TUNMODE_NO, "no" }, 706 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 707 { SSH_TUNMODE_ETHERNET, "ethernet" }, 708 { SSH_TUNMODE_YES, "yes" }, 709 { -1, NULL } 710 }; 711 712 /* Returns an opcode name from its number */ 713 714 static const char * 715 lookup_opcode_name(ServerOpCodes code) 716 { 717 u_int i; 718 719 for (i = 0; keywords[i].name != NULL; i++) 720 if (keywords[i].opcode == code) 721 return(keywords[i].name); 722 return "UNKNOWN"; 723 } 724 725 726 /* 727 * Returns the number of the token pointed to by cp or sBadOption. 728 */ 729 730 static ServerOpCodes 731 parse_token(const char *cp, const char *filename, 732 int linenum, u_int *flags) 733 { 734 u_int i; 735 736 for (i = 0; keywords[i].name; i++) 737 if (strcasecmp(cp, keywords[i].name) == 0) { 738 *flags = keywords[i].flags; 739 return keywords[i].opcode; 740 } 741 742 error("%s: line %d: Bad configuration option: %s", 743 filename, linenum, cp); 744 return sBadOption; 745 } 746 747 char * 748 derelativise_path(const char *path) 749 { 750 char *expanded, *ret, cwd[PATH_MAX]; 751 752 if (strcasecmp(path, "none") == 0) 753 return xstrdup("none"); 754 expanded = tilde_expand_filename(path, getuid()); 755 if (path_absolute(expanded)) 756 return expanded; 757 if (getcwd(cwd, sizeof(cwd)) == NULL) 758 fatal("%s: getcwd: %s", __func__, strerror(errno)); 759 xasprintf(&ret, "%s/%s", cwd, expanded); 760 free(expanded); 761 return ret; 762 } 763 764 static void 765 add_listen_addr(ServerOptions *options, const char *addr, 766 const char *rdomain, int port) 767 { 768 u_int i; 769 770 if (port > 0) 771 add_one_listen_addr(options, addr, rdomain, port); 772 else { 773 for (i = 0; i < options->num_ports; i++) { 774 add_one_listen_addr(options, addr, rdomain, 775 options->ports[i]); 776 } 777 } 778 } 779 780 static void 781 add_one_listen_addr(ServerOptions *options, const char *addr, 782 const char *rdomain, int port) 783 { 784 struct addrinfo hints, *ai, *aitop; 785 char strport[NI_MAXSERV]; 786 int gaierr; 787 u_int i; 788 789 /* Find listen_addrs entry for this rdomain */ 790 for (i = 0; i < options->num_listen_addrs; i++) { 791 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL) 792 break; 793 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL) 794 continue; 795 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0) 796 break; 797 } 798 if (i >= options->num_listen_addrs) { 799 /* No entry for this rdomain; allocate one */ 800 if (i >= INT_MAX) 801 fatal("%s: too many listen addresses", __func__); 802 options->listen_addrs = xrecallocarray(options->listen_addrs, 803 options->num_listen_addrs, options->num_listen_addrs + 1, 804 sizeof(*options->listen_addrs)); 805 i = options->num_listen_addrs++; 806 if (rdomain != NULL) 807 options->listen_addrs[i].rdomain = xstrdup(rdomain); 808 } 809 /* options->listen_addrs[i] points to the addresses for this rdomain */ 810 811 memset(&hints, 0, sizeof(hints)); 812 hints.ai_family = options->address_family; 813 hints.ai_socktype = SOCK_STREAM; 814 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 815 snprintf(strport, sizeof strport, "%d", port); 816 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 817 fatal("bad addr or host: %s (%s)", 818 addr ? addr : "<NULL>", 819 ssh_gai_strerror(gaierr)); 820 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 821 ; 822 ai->ai_next = options->listen_addrs[i].addrs; 823 options->listen_addrs[i].addrs = aitop; 824 } 825 826 /* Returns nonzero if the routing domain name is valid */ 827 static int 828 valid_rdomain(const char *name) 829 { 830 #if defined(HAVE_SYS_VALID_RDOMAIN) 831 return sys_valid_rdomain(name); 832 #elif defined(__OpenBSD__) 833 const char *errstr; 834 long long num; 835 struct rt_tableinfo info; 836 int mib[6]; 837 size_t miblen = sizeof(mib); 838 839 if (name == NULL) 840 return 1; 841 842 num = strtonum(name, 0, 255, &errstr); 843 if (errstr != NULL) 844 return 0; 845 846 /* Check whether the table actually exists */ 847 memset(mib, 0, sizeof(mib)); 848 mib[0] = CTL_NET; 849 mib[1] = PF_ROUTE; 850 mib[4] = NET_RT_TABLE; 851 mib[5] = (int)num; 852 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1) 853 return 0; 854 855 return 1; 856 #else /* defined(__OpenBSD__) */ 857 error("Routing domains are not supported on this platform"); 858 return 0; 859 #endif 860 } 861 862 /* 863 * Queue a ListenAddress to be processed once we have all of the Ports 864 * and AddressFamily options. 865 */ 866 static void 867 queue_listen_addr(ServerOptions *options, const char *addr, 868 const char *rdomain, int port) 869 { 870 struct queued_listenaddr *qla; 871 872 options->queued_listen_addrs = xrecallocarray( 873 options->queued_listen_addrs, 874 options->num_queued_listens, options->num_queued_listens + 1, 875 sizeof(*options->queued_listen_addrs)); 876 qla = &options->queued_listen_addrs[options->num_queued_listens++]; 877 qla->addr = xstrdup(addr); 878 qla->port = port; 879 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain); 880 } 881 882 /* 883 * Process queued (text) ListenAddress entries. 884 */ 885 static void 886 process_queued_listen_addrs(ServerOptions *options) 887 { 888 u_int i; 889 struct queued_listenaddr *qla; 890 891 if (options->num_ports == 0) 892 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 893 if (options->address_family == -1) 894 options->address_family = AF_UNSPEC; 895 896 for (i = 0; i < options->num_queued_listens; i++) { 897 qla = &options->queued_listen_addrs[i]; 898 add_listen_addr(options, qla->addr, qla->rdomain, qla->port); 899 free(qla->addr); 900 free(qla->rdomain); 901 } 902 free(options->queued_listen_addrs); 903 options->queued_listen_addrs = NULL; 904 options->num_queued_listens = 0; 905 } 906 907 /* 908 * Inform channels layer of permitopen options for a single forwarding 909 * direction (local/remote). 910 */ 911 static void 912 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, 913 char **opens, u_int num_opens) 914 { 915 u_int i; 916 int port; 917 char *host, *arg, *oarg, ch; 918 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE; 919 const char *what = lookup_opcode_name(opcode); 920 921 channel_clear_permission(ssh, FORWARD_ADM, where); 922 if (num_opens == 0) 923 return; /* permit any */ 924 925 /* handle keywords: "any" / "none" */ 926 if (num_opens == 1 && strcmp(opens[0], "any") == 0) 927 return; 928 if (num_opens == 1 && strcmp(opens[0], "none") == 0) { 929 channel_disable_admin(ssh, where); 930 return; 931 } 932 /* Otherwise treat it as a list of permitted host:port */ 933 for (i = 0; i < num_opens; i++) { 934 oarg = arg = xstrdup(opens[i]); 935 ch = '\0'; 936 host = hpdelim2(&arg, &ch); 937 if (host == NULL || ch == '/') 938 fatal("%s: missing host in %s", __func__, what); 939 host = cleanhostname(host); 940 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 941 fatal("%s: bad port number in %s", __func__, what); 942 /* Send it to channels layer */ 943 channel_add_permission(ssh, FORWARD_ADM, 944 where, host, port); 945 free(oarg); 946 } 947 } 948 949 /* 950 * Inform channels layer of permitopen options from configuration. 951 */ 952 void 953 process_permitopen(struct ssh *ssh, ServerOptions *options) 954 { 955 process_permitopen_list(ssh, sPermitOpen, 956 options->permitted_opens, options->num_permitted_opens); 957 process_permitopen_list(ssh, sPermitListen, 958 options->permitted_listens, 959 options->num_permitted_listens); 960 } 961 962 struct connection_info * 963 get_connection_info(struct ssh *ssh, int populate, int use_dns) 964 { 965 static struct connection_info ci; 966 967 if (ssh == NULL || !populate) 968 return &ci; 969 ci.host = auth_get_canonical_hostname(ssh, use_dns); 970 ci.address = ssh_remote_ipaddr(ssh); 971 ci.laddress = ssh_local_ipaddr(ssh); 972 ci.lport = ssh_local_port(ssh); 973 ci.rdomain = ssh_packet_rdomain_in(ssh); 974 return &ci; 975 } 976 977 /* 978 * The strategy for the Match blocks is that the config file is parsed twice. 979 * 980 * The first time is at startup. activep is initialized to 1 and the 981 * directives in the global context are processed and acted on. Hitting a 982 * Match directive unsets activep and the directives inside the block are 983 * checked for syntax only. 984 * 985 * The second time is after a connection has been established but before 986 * authentication. activep is initialized to 2 and global config directives 987 * are ignored since they have already been processed. If the criteria in a 988 * Match block is met, activep is set and the subsequent directives 989 * processed and actioned until EOF or another Match block unsets it. Any 990 * options set are copied into the main server config. 991 * 992 * Potential additions/improvements: 993 * - Add Match support for pre-kex directives, eg. Ciphers. 994 * 995 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 996 * Match Address 192.168.0.* 997 * Tag trusted 998 * Match Group wheel 999 * Tag trusted 1000 * Match Tag trusted 1001 * AllowTcpForwarding yes 1002 * GatewayPorts clientspecified 1003 * [...] 1004 * 1005 * - Add a PermittedChannelRequests directive 1006 * Match Group shell 1007 * PermittedChannelRequests session,forwarded-tcpip 1008 */ 1009 1010 static int 1011 match_cfg_line_group(const char *grps, int line, const char *user) 1012 { 1013 int result = 0; 1014 struct passwd *pw; 1015 1016 if (user == NULL) 1017 goto out; 1018 1019 if ((pw = getpwnam(user)) == NULL) { 1020 debug("Can't match group at line %d because user %.100s does " 1021 "not exist", line, user); 1022 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 1023 debug("Can't Match group because user %.100s not in any group " 1024 "at line %d", user, line); 1025 } else if (ga_match_pattern_list(grps) != 1) { 1026 debug("user %.100s does not match group list %.100s at line %d", 1027 user, grps, line); 1028 } else { 1029 debug("user %.100s matched group list %.100s at line %d", user, 1030 grps, line); 1031 result = 1; 1032 } 1033 out: 1034 ga_free(); 1035 return result; 1036 } 1037 1038 static void 1039 match_test_missing_fatal(const char *criteria, const char *attrib) 1040 { 1041 fatal("'Match %s' in configuration but '%s' not in connection " 1042 "test specification.", criteria, attrib); 1043 } 1044 1045 /* 1046 * All of the attributes on a single Match line are ANDed together, so we need 1047 * to check every attribute and set the result to zero if any attribute does 1048 * not match. 1049 */ 1050 static int 1051 match_cfg_line(char **condition, int line, struct connection_info *ci) 1052 { 1053 int result = 1, attributes = 0, port; 1054 char *arg, *attrib, *cp = *condition; 1055 1056 if (ci == NULL) 1057 debug3("checking syntax for 'Match %s'", cp); 1058 else 1059 debug3("checking match for '%s' user %s host %s addr %s " 1060 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 1061 ci->host ? ci->host : "(null)", 1062 ci->address ? ci->address : "(null)", 1063 ci->laddress ? ci->laddress : "(null)", ci->lport); 1064 1065 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 1066 attributes++; 1067 if (strcasecmp(attrib, "all") == 0) { 1068 if (attributes != 1 || 1069 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 1070 error("'all' cannot be combined with other " 1071 "Match attributes"); 1072 return -1; 1073 } 1074 *condition = cp; 1075 return 1; 1076 } 1077 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 1078 error("Missing Match criteria for %s", attrib); 1079 return -1; 1080 } 1081 if (strcasecmp(attrib, "user") == 0) { 1082 if (ci == NULL || (ci->test && ci->user == NULL)) { 1083 result = 0; 1084 continue; 1085 } 1086 if (ci->user == NULL) 1087 match_test_missing_fatal("User", "user"); 1088 if (match_usergroup_pattern_list(ci->user, arg) != 1) 1089 result = 0; 1090 else 1091 debug("user %.100s matched 'User %.100s' at " 1092 "line %d", ci->user, arg, line); 1093 } else if (strcasecmp(attrib, "group") == 0) { 1094 if (ci == NULL || (ci->test && ci->user == NULL)) { 1095 result = 0; 1096 continue; 1097 } 1098 if (ci->user == NULL) 1099 match_test_missing_fatal("Group", "user"); 1100 switch (match_cfg_line_group(arg, line, ci->user)) { 1101 case -1: 1102 return -1; 1103 case 0: 1104 result = 0; 1105 } 1106 } else if (strcasecmp(attrib, "host") == 0) { 1107 if (ci == NULL || (ci->test && ci->host == NULL)) { 1108 result = 0; 1109 continue; 1110 } 1111 if (ci->host == NULL) 1112 match_test_missing_fatal("Host", "host"); 1113 if (match_hostname(ci->host, arg) != 1) 1114 result = 0; 1115 else 1116 debug("connection from %.100s matched 'Host " 1117 "%.100s' at line %d", ci->host, arg, line); 1118 } else if (strcasecmp(attrib, "address") == 0) { 1119 if (ci == NULL || (ci->test && ci->address == NULL)) { 1120 result = 0; 1121 continue; 1122 } 1123 if (ci->address == NULL) 1124 match_test_missing_fatal("Address", "addr"); 1125 switch (addr_match_list(ci->address, arg)) { 1126 case 1: 1127 debug("connection from %.100s matched 'Address " 1128 "%.100s' at line %d", ci->address, arg, line); 1129 break; 1130 case 0: 1131 case -1: 1132 result = 0; 1133 break; 1134 case -2: 1135 return -1; 1136 } 1137 } else if (strcasecmp(attrib, "localaddress") == 0){ 1138 if (ci == NULL || (ci->test && ci->laddress == NULL)) { 1139 result = 0; 1140 continue; 1141 } 1142 if (ci->laddress == NULL) 1143 match_test_missing_fatal("LocalAddress", 1144 "laddr"); 1145 switch (addr_match_list(ci->laddress, arg)) { 1146 case 1: 1147 debug("connection from %.100s matched " 1148 "'LocalAddress %.100s' at line %d", 1149 ci->laddress, arg, line); 1150 break; 1151 case 0: 1152 case -1: 1153 result = 0; 1154 break; 1155 case -2: 1156 return -1; 1157 } 1158 } else if (strcasecmp(attrib, "localport") == 0) { 1159 if ((port = a2port(arg)) == -1) { 1160 error("Invalid LocalPort '%s' on Match line", 1161 arg); 1162 return -1; 1163 } 1164 if (ci == NULL || (ci->test && ci->lport == -1)) { 1165 result = 0; 1166 continue; 1167 } 1168 if (ci->lport == 0) 1169 match_test_missing_fatal("LocalPort", "lport"); 1170 /* TODO support port lists */ 1171 if (port == ci->lport) 1172 debug("connection from %.100s matched " 1173 "'LocalPort %d' at line %d", 1174 ci->laddress, port, line); 1175 else 1176 result = 0; 1177 } else if (strcasecmp(attrib, "rdomain") == 0) { 1178 if (ci == NULL || (ci->test && ci->rdomain == NULL)) { 1179 result = 0; 1180 continue; 1181 } 1182 if (ci->rdomain == NULL) 1183 match_test_missing_fatal("RDomain", "rdomain"); 1184 if (match_pattern_list(ci->rdomain, arg, 0) != 1) 1185 result = 0; 1186 else 1187 debug("user %.100s matched 'RDomain %.100s' at " 1188 "line %d", ci->rdomain, arg, line); 1189 } else { 1190 error("Unsupported Match attribute %s", attrib); 1191 return -1; 1192 } 1193 } 1194 if (attributes == 0) { 1195 error("One or more attributes required for Match"); 1196 return -1; 1197 } 1198 if (ci != NULL) 1199 debug3("match %sfound", result ? "" : "not "); 1200 *condition = cp; 1201 return result; 1202 } 1203 1204 #define WHITESPACE " \t\r\n" 1205 1206 /* Multistate option parsing */ 1207 struct multistate { 1208 char *key; 1209 int value; 1210 }; 1211 static const struct multistate multistate_flag[] = { 1212 { "yes", 1 }, 1213 { "no", 0 }, 1214 { NULL, -1 } 1215 }; 1216 static const struct multistate multistate_ignore_rhosts[] = { 1217 { "yes", IGNORE_RHOSTS_YES }, 1218 { "no", IGNORE_RHOSTS_NO }, 1219 { "shosts-only", IGNORE_RHOSTS_SHOSTS }, 1220 { NULL, -1 } 1221 }; 1222 static const struct multistate multistate_addressfamily[] = { 1223 { "inet", AF_INET }, 1224 { "inet6", AF_INET6 }, 1225 { "any", AF_UNSPEC }, 1226 { NULL, -1 } 1227 }; 1228 static const struct multistate multistate_permitrootlogin[] = { 1229 { "without-password", PERMIT_NO_PASSWD }, 1230 { "prohibit-password", PERMIT_NO_PASSWD }, 1231 { "forced-commands-only", PERMIT_FORCED_ONLY }, 1232 { "yes", PERMIT_YES }, 1233 { "no", PERMIT_NO }, 1234 { NULL, -1 } 1235 }; 1236 static const struct multistate multistate_compression[] = { 1237 #ifdef WITH_ZLIB 1238 { "yes", COMP_DELAYED }, 1239 { "delayed", COMP_DELAYED }, 1240 #endif 1241 { "no", COMP_NONE }, 1242 { NULL, -1 } 1243 }; 1244 static const struct multistate multistate_gatewayports[] = { 1245 { "clientspecified", 2 }, 1246 { "yes", 1 }, 1247 { "no", 0 }, 1248 { NULL, -1 } 1249 }; 1250 static const struct multistate multistate_tcpfwd[] = { 1251 { "yes", FORWARD_ALLOW }, 1252 { "all", FORWARD_ALLOW }, 1253 { "no", FORWARD_DENY }, 1254 { "remote", FORWARD_REMOTE }, 1255 { "local", FORWARD_LOCAL }, 1256 { NULL, -1 } 1257 }; 1258 1259 static int 1260 process_server_config_line_depth(ServerOptions *options, char *line, 1261 const char *filename, int linenum, int *activep, 1262 struct connection_info *connectinfo, int inc_flags, int depth, 1263 struct include_list *includes) 1264 { 1265 char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; 1266 int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; 1267 SyslogFacility *log_facility_ptr; 1268 LogLevel *log_level_ptr; 1269 ServerOpCodes opcode; 1270 u_int i, *uintptr, uvalue, flags = 0; 1271 size_t len; 1272 long long val64; 1273 const struct multistate *multistate_ptr; 1274 const char *errstr; 1275 struct include_item *item; 1276 glob_t gbuf; 1277 1278 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 1279 if ((len = strlen(line)) == 0) 1280 return 0; 1281 for (len--; len > 0; len--) { 1282 if (strchr(WHITESPACE "\f", line[len]) == NULL) 1283 break; 1284 line[len] = '\0'; 1285 } 1286 1287 cp = line; 1288 if ((arg = strdelim(&cp)) == NULL) 1289 return 0; 1290 /* Ignore leading whitespace */ 1291 if (*arg == '\0') 1292 arg = strdelim(&cp); 1293 if (!arg || !*arg || *arg == '#') 1294 return 0; 1295 intptr = NULL; 1296 charptr = NULL; 1297 opcode = parse_token(arg, filename, linenum, &flags); 1298 1299 if (activep == NULL) { /* We are processing a command line directive */ 1300 cmdline = 1; 1301 activep = &cmdline; 1302 } 1303 if (*activep && opcode != sMatch && opcode != sInclude) 1304 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 1305 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1306 if (connectinfo == NULL) { 1307 fatal("%s line %d: Directive '%s' is not allowed " 1308 "within a Match block", filename, linenum, arg); 1309 } else { /* this is a directive we have already processed */ 1310 while (arg) 1311 arg = strdelim(&cp); 1312 return 0; 1313 } 1314 } 1315 1316 switch (opcode) { 1317 /* Portable-specific options */ 1318 case sUsePAM: 1319 intptr = &options->use_pam; 1320 goto parse_flag; 1321 1322 /* Standard Options */ 1323 case sBadOption: 1324 return -1; 1325 case sPort: 1326 /* ignore ports from configfile if cmdline specifies ports */ 1327 if (options->ports_from_cmdline) 1328 return 0; 1329 if (options->num_ports >= MAX_PORTS) 1330 fatal("%s line %d: too many ports.", 1331 filename, linenum); 1332 arg = strdelim(&cp); 1333 if (!arg || *arg == '\0') 1334 fatal("%s line %d: missing port number.", 1335 filename, linenum); 1336 options->ports[options->num_ports++] = a2port(arg); 1337 if (options->ports[options->num_ports-1] <= 0) 1338 fatal("%s line %d: Badly formatted port number.", 1339 filename, linenum); 1340 break; 1341 1342 case sLoginGraceTime: 1343 intptr = &options->login_grace_time; 1344 parse_time: 1345 arg = strdelim(&cp); 1346 if (!arg || *arg == '\0') 1347 fatal("%s line %d: missing time value.", 1348 filename, linenum); 1349 if ((value = convtime(arg)) == -1) 1350 fatal("%s line %d: invalid time value.", 1351 filename, linenum); 1352 if (*activep && *intptr == -1) 1353 *intptr = value; 1354 break; 1355 1356 case sListenAddress: 1357 arg = strdelim(&cp); 1358 if (arg == NULL || *arg == '\0') 1359 fatal("%s line %d: missing address", 1360 filename, linenum); 1361 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1362 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1363 && strchr(p+1, ':') != NULL) { 1364 port = 0; 1365 p = arg; 1366 } else { 1367 arg2 = NULL; 1368 ch = '\0'; 1369 p = hpdelim2(&arg, &ch); 1370 if (p == NULL || ch == '/') 1371 fatal("%s line %d: bad address:port usage", 1372 filename, linenum); 1373 p = cleanhostname(p); 1374 if (arg == NULL) 1375 port = 0; 1376 else if ((port = a2port(arg)) <= 0) 1377 fatal("%s line %d: bad port number", 1378 filename, linenum); 1379 } 1380 /* Optional routing table */ 1381 arg2 = NULL; 1382 if ((arg = strdelim(&cp)) != NULL) { 1383 if (strcmp(arg, "rdomain") != 0 || 1384 (arg2 = strdelim(&cp)) == NULL) 1385 fatal("%s line %d: bad ListenAddress syntax", 1386 filename, linenum); 1387 if (!valid_rdomain(arg2)) 1388 fatal("%s line %d: bad routing domain", 1389 filename, linenum); 1390 } 1391 1392 queue_listen_addr(options, p, arg2, port); 1393 1394 break; 1395 1396 case sAddressFamily: 1397 intptr = &options->address_family; 1398 multistate_ptr = multistate_addressfamily; 1399 parse_multistate: 1400 arg = strdelim(&cp); 1401 if (!arg || *arg == '\0') 1402 fatal("%s line %d: missing argument.", 1403 filename, linenum); 1404 value = -1; 1405 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1406 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1407 value = multistate_ptr[i].value; 1408 break; 1409 } 1410 } 1411 if (value == -1) 1412 fatal("%s line %d: unsupported option \"%s\".", 1413 filename, linenum, arg); 1414 if (*activep && *intptr == -1) 1415 *intptr = value; 1416 break; 1417 1418 case sHostKeyFile: 1419 arg = strdelim(&cp); 1420 if (!arg || *arg == '\0') 1421 fatal("%s line %d: missing file name.", 1422 filename, linenum); 1423 if (*activep) { 1424 servconf_add_hostkey(filename, linenum, 1425 options, arg, 1); 1426 } 1427 break; 1428 1429 case sHostKeyAgent: 1430 charptr = &options->host_key_agent; 1431 arg = strdelim(&cp); 1432 if (!arg || *arg == '\0') 1433 fatal("%s line %d: missing socket name.", 1434 filename, linenum); 1435 if (*activep && *charptr == NULL) 1436 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1437 xstrdup(arg) : derelativise_path(arg); 1438 break; 1439 1440 case sHostCertificate: 1441 arg = strdelim(&cp); 1442 if (!arg || *arg == '\0') 1443 fatal("%s line %d: missing file name.", 1444 filename, linenum); 1445 if (*activep) 1446 servconf_add_hostcert(filename, linenum, options, arg); 1447 break; 1448 1449 case sPidFile: 1450 charptr = &options->pid_file; 1451 parse_filename: 1452 arg = strdelim(&cp); 1453 if (!arg || *arg == '\0') 1454 fatal("%s line %d: missing file name.", 1455 filename, linenum); 1456 if (*activep && *charptr == NULL) { 1457 *charptr = derelativise_path(arg); 1458 /* increase optional counter */ 1459 if (intptr != NULL) 1460 *intptr = *intptr + 1; 1461 } 1462 break; 1463 1464 case sPermitRootLogin: 1465 intptr = &options->permit_root_login; 1466 multistate_ptr = multistate_permitrootlogin; 1467 goto parse_multistate; 1468 1469 case sIgnoreRhosts: 1470 intptr = &options->ignore_rhosts; 1471 multistate_ptr = multistate_ignore_rhosts; 1472 goto parse_multistate; 1473 1474 case sIgnoreUserKnownHosts: 1475 intptr = &options->ignore_user_known_hosts; 1476 parse_flag: 1477 multistate_ptr = multistate_flag; 1478 goto parse_multistate; 1479 1480 case sHostbasedAuthentication: 1481 intptr = &options->hostbased_authentication; 1482 goto parse_flag; 1483 1484 case sHostbasedUsesNameFromPacketOnly: 1485 intptr = &options->hostbased_uses_name_from_packet_only; 1486 goto parse_flag; 1487 1488 case sHostbasedAcceptedKeyTypes: 1489 charptr = &options->hostbased_key_types; 1490 parse_keytypes: 1491 arg = strdelim(&cp); 1492 if (!arg || *arg == '\0') 1493 fatal("%s line %d: Missing argument.", 1494 filename, linenum); 1495 if (*arg != '-' && 1496 !sshkey_names_valid2(*arg == '+' || *arg == '^' ? 1497 arg + 1 : arg, 1)) 1498 fatal("%s line %d: Bad key types '%s'.", 1499 filename, linenum, arg ? arg : "<NONE>"); 1500 if (*activep && *charptr == NULL) 1501 *charptr = xstrdup(arg); 1502 break; 1503 1504 case sHostKeyAlgorithms: 1505 charptr = &options->hostkeyalgorithms; 1506 goto parse_keytypes; 1507 1508 case sCASignatureAlgorithms: 1509 charptr = &options->ca_sign_algorithms; 1510 goto parse_keytypes; 1511 1512 case sPubkeyAuthentication: 1513 intptr = &options->pubkey_authentication; 1514 goto parse_flag; 1515 1516 case sPubkeyAcceptedKeyTypes: 1517 charptr = &options->pubkey_key_types; 1518 goto parse_keytypes; 1519 1520 case sPubkeyAuthOptions: 1521 intptr = &options->pubkey_auth_options; 1522 value = 0; 1523 while ((arg = strdelim(&cp)) && *arg != '\0') { 1524 if (strcasecmp(arg, "none") == 0) 1525 continue; 1526 if (strcasecmp(arg, "touch-required") == 0) 1527 value |= PUBKEYAUTH_TOUCH_REQUIRED; 1528 else { 1529 fatal("%s line %d: unsupported " 1530 "PubkeyAuthOptions option %s", 1531 filename, linenum, arg); 1532 } 1533 } 1534 if (*activep && *intptr == -1) 1535 *intptr = value; 1536 break; 1537 1538 case sKerberosAuthentication: 1539 intptr = &options->kerberos_authentication; 1540 goto parse_flag; 1541 1542 case sKerberosOrLocalPasswd: 1543 intptr = &options->kerberos_or_local_passwd; 1544 goto parse_flag; 1545 1546 case sKerberosTicketCleanup: 1547 intptr = &options->kerberos_ticket_cleanup; 1548 goto parse_flag; 1549 1550 case sKerberosGetAFSToken: 1551 intptr = &options->kerberos_get_afs_token; 1552 goto parse_flag; 1553 1554 case sGssAuthentication: 1555 intptr = &options->gss_authentication; 1556 goto parse_flag; 1557 1558 case sGssCleanupCreds: 1559 intptr = &options->gss_cleanup_creds; 1560 goto parse_flag; 1561 1562 case sGssStrictAcceptor: 1563 intptr = &options->gss_strict_acceptor; 1564 goto parse_flag; 1565 1566 case sPasswordAuthentication: 1567 intptr = &options->password_authentication; 1568 goto parse_flag; 1569 1570 case sKbdInteractiveAuthentication: 1571 intptr = &options->kbd_interactive_authentication; 1572 goto parse_flag; 1573 1574 case sChallengeResponseAuthentication: 1575 intptr = &options->challenge_response_authentication; 1576 goto parse_flag; 1577 1578 case sPrintMotd: 1579 intptr = &options->print_motd; 1580 goto parse_flag; 1581 1582 case sPrintLastLog: 1583 intptr = &options->print_lastlog; 1584 goto parse_flag; 1585 1586 case sX11Forwarding: 1587 intptr = &options->x11_forwarding; 1588 goto parse_flag; 1589 1590 case sX11DisplayOffset: 1591 intptr = &options->x11_display_offset; 1592 parse_int: 1593 arg = strdelim(&cp); 1594 if ((errstr = atoi_err(arg, &value)) != NULL) 1595 fatal("%s line %d: integer value %s.", 1596 filename, linenum, errstr); 1597 if (*activep && *intptr == -1) 1598 *intptr = value; 1599 break; 1600 1601 case sX11UseLocalhost: 1602 intptr = &options->x11_use_localhost; 1603 goto parse_flag; 1604 1605 case sXAuthLocation: 1606 charptr = &options->xauth_location; 1607 goto parse_filename; 1608 1609 case sPermitTTY: 1610 intptr = &options->permit_tty; 1611 goto parse_flag; 1612 1613 case sPermitUserRC: 1614 intptr = &options->permit_user_rc; 1615 goto parse_flag; 1616 1617 case sStrictModes: 1618 intptr = &options->strict_modes; 1619 goto parse_flag; 1620 1621 case sTCPKeepAlive: 1622 intptr = &options->tcp_keep_alive; 1623 goto parse_flag; 1624 1625 case sEmptyPasswd: 1626 intptr = &options->permit_empty_passwd; 1627 goto parse_flag; 1628 1629 case sPermitUserEnvironment: 1630 intptr = &options->permit_user_env; 1631 charptr = &options->permit_user_env_whitelist; 1632 arg = strdelim(&cp); 1633 if (!arg || *arg == '\0') 1634 fatal("%s line %d: missing argument.", 1635 filename, linenum); 1636 value = 0; 1637 p = NULL; 1638 if (strcmp(arg, "yes") == 0) 1639 value = 1; 1640 else if (strcmp(arg, "no") == 0) 1641 value = 0; 1642 else { 1643 /* Pattern-list specified */ 1644 value = 1; 1645 p = xstrdup(arg); 1646 } 1647 if (*activep && *intptr == -1) { 1648 *intptr = value; 1649 *charptr = p; 1650 p = NULL; 1651 } 1652 free(p); 1653 break; 1654 1655 case sCompression: 1656 intptr = &options->compression; 1657 multistate_ptr = multistate_compression; 1658 goto parse_multistate; 1659 1660 case sRekeyLimit: 1661 arg = strdelim(&cp); 1662 if (!arg || *arg == '\0') 1663 fatal("%.200s line %d: Missing argument.", filename, 1664 linenum); 1665 if (strcmp(arg, "default") == 0) { 1666 val64 = 0; 1667 } else { 1668 if (scan_scaled(arg, &val64) == -1) 1669 fatal("%.200s line %d: Bad number '%s': %s", 1670 filename, linenum, arg, strerror(errno)); 1671 if (val64 != 0 && val64 < 16) 1672 fatal("%.200s line %d: RekeyLimit too small", 1673 filename, linenum); 1674 } 1675 if (*activep && options->rekey_limit == -1) 1676 options->rekey_limit = val64; 1677 if (cp != NULL) { /* optional rekey interval present */ 1678 if (strcmp(cp, "none") == 0) { 1679 (void)strdelim(&cp); /* discard */ 1680 break; 1681 } 1682 intptr = &options->rekey_interval; 1683 goto parse_time; 1684 } 1685 break; 1686 1687 case sGatewayPorts: 1688 intptr = &options->fwd_opts.gateway_ports; 1689 multistate_ptr = multistate_gatewayports; 1690 goto parse_multistate; 1691 1692 case sUseDNS: 1693 intptr = &options->use_dns; 1694 goto parse_flag; 1695 1696 case sLogFacility: 1697 log_facility_ptr = &options->log_facility; 1698 arg = strdelim(&cp); 1699 value = log_facility_number(arg); 1700 if (value == SYSLOG_FACILITY_NOT_SET) 1701 fatal("%.200s line %d: unsupported log facility '%s'", 1702 filename, linenum, arg ? arg : "<NONE>"); 1703 if (*log_facility_ptr == -1) 1704 *log_facility_ptr = (SyslogFacility) value; 1705 break; 1706 1707 case sLogLevel: 1708 log_level_ptr = &options->log_level; 1709 arg = strdelim(&cp); 1710 value = log_level_number(arg); 1711 if (value == SYSLOG_LEVEL_NOT_SET) 1712 fatal("%.200s line %d: unsupported log level '%s'", 1713 filename, linenum, arg ? arg : "<NONE>"); 1714 if (*activep && *log_level_ptr == -1) 1715 *log_level_ptr = (LogLevel) value; 1716 break; 1717 1718 case sAllowTcpForwarding: 1719 intptr = &options->allow_tcp_forwarding; 1720 multistate_ptr = multistate_tcpfwd; 1721 goto parse_multistate; 1722 1723 case sAllowStreamLocalForwarding: 1724 intptr = &options->allow_streamlocal_forwarding; 1725 multistate_ptr = multistate_tcpfwd; 1726 goto parse_multistate; 1727 1728 case sAllowAgentForwarding: 1729 intptr = &options->allow_agent_forwarding; 1730 goto parse_flag; 1731 1732 case sDisableForwarding: 1733 intptr = &options->disable_forwarding; 1734 goto parse_flag; 1735 1736 case sAllowUsers: 1737 while ((arg = strdelim(&cp)) && *arg != '\0') { 1738 if (match_user(NULL, NULL, NULL, arg) == -1) 1739 fatal("%s line %d: invalid AllowUsers pattern: " 1740 "\"%.100s\"", filename, linenum, arg); 1741 if (!*activep) 1742 continue; 1743 array_append(filename, linenum, "AllowUsers", 1744 &options->allow_users, &options->num_allow_users, 1745 arg); 1746 } 1747 break; 1748 1749 case sDenyUsers: 1750 while ((arg = strdelim(&cp)) && *arg != '\0') { 1751 if (match_user(NULL, NULL, NULL, arg) == -1) 1752 fatal("%s line %d: invalid DenyUsers pattern: " 1753 "\"%.100s\"", filename, linenum, arg); 1754 if (!*activep) 1755 continue; 1756 array_append(filename, linenum, "DenyUsers", 1757 &options->deny_users, &options->num_deny_users, 1758 arg); 1759 } 1760 break; 1761 1762 case sAllowGroups: 1763 while ((arg = strdelim(&cp)) && *arg != '\0') { 1764 if (!*activep) 1765 continue; 1766 array_append(filename, linenum, "AllowGroups", 1767 &options->allow_groups, &options->num_allow_groups, 1768 arg); 1769 } 1770 break; 1771 1772 case sDenyGroups: 1773 while ((arg = strdelim(&cp)) && *arg != '\0') { 1774 if (!*activep) 1775 continue; 1776 array_append(filename, linenum, "DenyGroups", 1777 &options->deny_groups, &options->num_deny_groups, 1778 arg); 1779 } 1780 break; 1781 1782 case sCiphers: 1783 arg = strdelim(&cp); 1784 if (!arg || *arg == '\0') 1785 fatal("%s line %d: Missing argument.", filename, linenum); 1786 if (*arg != '-' && 1787 !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1788 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1789 filename, linenum, arg ? arg : "<NONE>"); 1790 if (options->ciphers == NULL) 1791 options->ciphers = xstrdup(arg); 1792 break; 1793 1794 case sMacs: 1795 arg = strdelim(&cp); 1796 if (!arg || *arg == '\0') 1797 fatal("%s line %d: Missing argument.", filename, linenum); 1798 if (*arg != '-' && 1799 !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1800 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1801 filename, linenum, arg ? arg : "<NONE>"); 1802 if (options->macs == NULL) 1803 options->macs = xstrdup(arg); 1804 break; 1805 1806 case sKexAlgorithms: 1807 arg = strdelim(&cp); 1808 if (!arg || *arg == '\0') 1809 fatal("%s line %d: Missing argument.", 1810 filename, linenum); 1811 if (*arg != '-' && 1812 !kex_names_valid(*arg == '+' || *arg == '^' ? 1813 arg + 1 : arg)) 1814 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1815 filename, linenum, arg ? arg : "<NONE>"); 1816 if (options->kex_algorithms == NULL) 1817 options->kex_algorithms = xstrdup(arg); 1818 break; 1819 1820 case sSubsystem: 1821 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1822 fatal("%s line %d: too many subsystems defined.", 1823 filename, linenum); 1824 } 1825 arg = strdelim(&cp); 1826 if (!arg || *arg == '\0') 1827 fatal("%s line %d: Missing subsystem name.", 1828 filename, linenum); 1829 if (!*activep) { 1830 arg = strdelim(&cp); 1831 break; 1832 } 1833 for (i = 0; i < options->num_subsystems; i++) 1834 if (strcmp(arg, options->subsystem_name[i]) == 0) 1835 fatal("%s line %d: Subsystem '%s' already defined.", 1836 filename, linenum, arg); 1837 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1838 arg = strdelim(&cp); 1839 if (!arg || *arg == '\0') 1840 fatal("%s line %d: Missing subsystem command.", 1841 filename, linenum); 1842 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1843 1844 /* Collect arguments (separate to executable) */ 1845 p = xstrdup(arg); 1846 len = strlen(p) + 1; 1847 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1848 len += 1 + strlen(arg); 1849 p = xreallocarray(p, 1, len); 1850 strlcat(p, " ", len); 1851 strlcat(p, arg, len); 1852 } 1853 options->subsystem_args[options->num_subsystems] = p; 1854 options->num_subsystems++; 1855 break; 1856 1857 case sMaxStartups: 1858 arg = strdelim(&cp); 1859 if (!arg || *arg == '\0') 1860 fatal("%s line %d: Missing MaxStartups spec.", 1861 filename, linenum); 1862 if ((n = sscanf(arg, "%d:%d:%d", 1863 &options->max_startups_begin, 1864 &options->max_startups_rate, 1865 &options->max_startups)) == 3) { 1866 if (options->max_startups_begin > 1867 options->max_startups || 1868 options->max_startups_rate > 100 || 1869 options->max_startups_rate < 1) 1870 fatal("%s line %d: Illegal MaxStartups spec.", 1871 filename, linenum); 1872 } else if (n != 1) 1873 fatal("%s line %d: Illegal MaxStartups spec.", 1874 filename, linenum); 1875 else 1876 options->max_startups = options->max_startups_begin; 1877 break; 1878 1879 case sMaxAuthTries: 1880 intptr = &options->max_authtries; 1881 goto parse_int; 1882 1883 case sMaxSessions: 1884 intptr = &options->max_sessions; 1885 goto parse_int; 1886 1887 case sBanner: 1888 charptr = &options->banner; 1889 goto parse_filename; 1890 1891 /* 1892 * These options can contain %X options expanded at 1893 * connect time, so that you can specify paths like: 1894 * 1895 * AuthorizedKeysFile /etc/ssh_keys/%u 1896 */ 1897 case sAuthorizedKeysFile: 1898 if (*activep && options->num_authkeys_files == 0) { 1899 while ((arg = strdelim(&cp)) && *arg != '\0') { 1900 arg = tilde_expand_filename(arg, getuid()); 1901 array_append(filename, linenum, 1902 "AuthorizedKeysFile", 1903 &options->authorized_keys_files, 1904 &options->num_authkeys_files, arg); 1905 free(arg); 1906 } 1907 } 1908 return 0; 1909 1910 case sAuthorizedPrincipalsFile: 1911 charptr = &options->authorized_principals_file; 1912 arg = strdelim(&cp); 1913 if (!arg || *arg == '\0') 1914 fatal("%s line %d: missing file name.", 1915 filename, linenum); 1916 if (*activep && *charptr == NULL) { 1917 *charptr = tilde_expand_filename(arg, getuid()); 1918 /* increase optional counter */ 1919 if (intptr != NULL) 1920 *intptr = *intptr + 1; 1921 } 1922 break; 1923 1924 case sClientAliveInterval: 1925 intptr = &options->client_alive_interval; 1926 goto parse_time; 1927 1928 case sClientAliveCountMax: 1929 intptr = &options->client_alive_count_max; 1930 goto parse_int; 1931 1932 case sAcceptEnv: 1933 while ((arg = strdelim(&cp)) && *arg != '\0') { 1934 if (strchr(arg, '=') != NULL) 1935 fatal("%s line %d: Invalid environment name.", 1936 filename, linenum); 1937 if (!*activep) 1938 continue; 1939 array_append(filename, linenum, "AcceptEnv", 1940 &options->accept_env, &options->num_accept_env, 1941 arg); 1942 } 1943 break; 1944 1945 case sSetEnv: 1946 uvalue = options->num_setenv; 1947 while ((arg = strdelimw(&cp)) && *arg != '\0') { 1948 if (strchr(arg, '=') == NULL) 1949 fatal("%s line %d: Invalid environment.", 1950 filename, linenum); 1951 if (!*activep || uvalue != 0) 1952 continue; 1953 array_append(filename, linenum, "SetEnv", 1954 &options->setenv, &options->num_setenv, arg); 1955 } 1956 break; 1957 1958 case sPermitTunnel: 1959 intptr = &options->permit_tun; 1960 arg = strdelim(&cp); 1961 if (!arg || *arg == '\0') 1962 fatal("%s line %d: Missing yes/point-to-point/" 1963 "ethernet/no argument.", filename, linenum); 1964 value = -1; 1965 for (i = 0; tunmode_desc[i].val != -1; i++) 1966 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1967 value = tunmode_desc[i].val; 1968 break; 1969 } 1970 if (value == -1) 1971 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1972 "no argument: %s", filename, linenum, arg); 1973 if (*activep && *intptr == -1) 1974 *intptr = value; 1975 break; 1976 1977 case sInclude: 1978 if (cmdline) { 1979 fatal("Include directive not supported as a " 1980 "command-line option"); 1981 } 1982 value = 0; 1983 while ((arg2 = strdelim(&cp)) != NULL && *arg2 != '\0') { 1984 value++; 1985 found = 0; 1986 if (*arg2 != '/' && *arg2 != '~') { 1987 xasprintf(&arg, "%s/%s", SSHDIR, arg2); 1988 } else 1989 arg = xstrdup(arg2); 1990 1991 /* 1992 * Don't let included files clobber the containing 1993 * file's Match state. 1994 */ 1995 oactive = *activep; 1996 1997 /* consult cache of include files */ 1998 TAILQ_FOREACH(item, includes, entry) { 1999 if (strcmp(item->selector, arg) != 0) 2000 continue; 2001 if (item->filename != NULL) { 2002 parse_server_config_depth(options, 2003 item->filename, item->contents, 2004 includes, connectinfo, 2005 (oactive ? 0 : SSHCFG_NEVERMATCH), 2006 activep, depth + 1); 2007 } 2008 found = 1; 2009 *activep = oactive; 2010 } 2011 if (found != 0) { 2012 free(arg); 2013 continue; 2014 } 2015 2016 /* requested glob was not in cache */ 2017 debug2("%s line %d: new include %s", 2018 filename, linenum, arg); 2019 if ((r = glob(arg, 0, NULL, &gbuf)) != 0) { 2020 if (r != GLOB_NOMATCH) { 2021 fatal("%s line %d: include \"%s\" " 2022 "glob failed", filename, 2023 linenum, arg); 2024 } 2025 /* 2026 * If no entry matched then record a 2027 * placeholder to skip later glob calls. 2028 */ 2029 debug2("%s line %d: no match for %s", 2030 filename, linenum, arg); 2031 item = xcalloc(1, sizeof(*item)); 2032 item->selector = strdup(arg); 2033 TAILQ_INSERT_TAIL(includes, 2034 item, entry); 2035 } 2036 if (gbuf.gl_pathc > INT_MAX) 2037 fatal("%s: too many glob results", __func__); 2038 for (n = 0; n < (int)gbuf.gl_pathc; n++) { 2039 debug2("%s line %d: including %s", 2040 filename, linenum, gbuf.gl_pathv[n]); 2041 item = xcalloc(1, sizeof(*item)); 2042 item->selector = strdup(arg); 2043 item->filename = strdup(gbuf.gl_pathv[n]); 2044 if ((item->contents = sshbuf_new()) == NULL) { 2045 fatal("%s: sshbuf_new failed", 2046 __func__); 2047 } 2048 load_server_config(item->filename, 2049 item->contents); 2050 parse_server_config_depth(options, 2051 item->filename, item->contents, 2052 includes, connectinfo, 2053 (oactive ? 0 : SSHCFG_NEVERMATCH), 2054 activep, depth + 1); 2055 *activep = oactive; 2056 TAILQ_INSERT_TAIL(includes, item, entry); 2057 } 2058 globfree(&gbuf); 2059 free(arg); 2060 } 2061 if (value == 0) { 2062 fatal("%s line %d: Include missing filename argument", 2063 filename, linenum); 2064 } 2065 break; 2066 2067 case sMatch: 2068 if (cmdline) 2069 fatal("Match directive not supported as a command-line " 2070 "option"); 2071 value = match_cfg_line(&cp, linenum, connectinfo); 2072 if (value < 0) 2073 fatal("%s line %d: Bad Match condition", filename, 2074 linenum); 2075 *activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; 2076 break; 2077 2078 case sPermitListen: 2079 case sPermitOpen: 2080 if (opcode == sPermitListen) { 2081 uintptr = &options->num_permitted_listens; 2082 chararrayptr = &options->permitted_listens; 2083 } else { 2084 uintptr = &options->num_permitted_opens; 2085 chararrayptr = &options->permitted_opens; 2086 } 2087 arg = strdelim(&cp); 2088 if (!arg || *arg == '\0') 2089 fatal("%s line %d: missing %s specification", 2090 filename, linenum, lookup_opcode_name(opcode)); 2091 uvalue = *uintptr; /* modified later */ 2092 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { 2093 if (*activep && uvalue == 0) { 2094 *uintptr = 1; 2095 *chararrayptr = xcalloc(1, 2096 sizeof(**chararrayptr)); 2097 (*chararrayptr)[0] = xstrdup(arg); 2098 } 2099 break; 2100 } 2101 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 2102 if (opcode == sPermitListen && 2103 strchr(arg, ':') == NULL) { 2104 /* 2105 * Allow bare port number for PermitListen 2106 * to indicate a wildcard listen host. 2107 */ 2108 xasprintf(&arg2, "*:%s", arg); 2109 } else { 2110 arg2 = xstrdup(arg); 2111 ch = '\0'; 2112 p = hpdelim2(&arg, &ch); 2113 if (p == NULL || ch == '/') { 2114 fatal("%s line %d: missing host in %s", 2115 filename, linenum, 2116 lookup_opcode_name(opcode)); 2117 } 2118 p = cleanhostname(p); 2119 } 2120 if (arg == NULL || 2121 ((port = permitopen_port(arg)) < 0)) { 2122 fatal("%s line %d: bad port number in %s", 2123 filename, linenum, 2124 lookup_opcode_name(opcode)); 2125 } 2126 if (*activep && uvalue == 0) { 2127 array_append(filename, linenum, 2128 lookup_opcode_name(opcode), 2129 chararrayptr, uintptr, arg2); 2130 } 2131 free(arg2); 2132 } 2133 break; 2134 2135 case sForceCommand: 2136 if (cp == NULL || *cp == '\0') 2137 fatal("%.200s line %d: Missing argument.", filename, 2138 linenum); 2139 len = strspn(cp, WHITESPACE); 2140 if (*activep && options->adm_forced_command == NULL) 2141 options->adm_forced_command = xstrdup(cp + len); 2142 return 0; 2143 2144 case sChrootDirectory: 2145 charptr = &options->chroot_directory; 2146 2147 arg = strdelim(&cp); 2148 if (!arg || *arg == '\0') 2149 fatal("%s line %d: missing file name.", 2150 filename, linenum); 2151 if (*activep && *charptr == NULL) 2152 *charptr = xstrdup(arg); 2153 break; 2154 2155 case sTrustedUserCAKeys: 2156 charptr = &options->trusted_user_ca_keys; 2157 goto parse_filename; 2158 2159 case sRevokedKeys: 2160 charptr = &options->revoked_keys_file; 2161 goto parse_filename; 2162 2163 case sSecurityKeyProvider: 2164 charptr = &options->sk_provider; 2165 arg = strdelim(&cp); 2166 if (!arg || *arg == '\0') 2167 fatal("%s line %d: missing file name.", 2168 filename, linenum); 2169 if (*activep && *charptr == NULL) { 2170 *charptr = strcasecmp(arg, "internal") == 0 ? 2171 xstrdup(arg) : derelativise_path(arg); 2172 /* increase optional counter */ 2173 if (intptr != NULL) 2174 *intptr = *intptr + 1; 2175 } 2176 break; 2177 2178 case sIPQoS: 2179 arg = strdelim(&cp); 2180 if ((value = parse_ipqos(arg)) == -1) 2181 fatal("%s line %d: Bad IPQoS value: %s", 2182 filename, linenum, arg); 2183 arg = strdelim(&cp); 2184 if (arg == NULL) 2185 value2 = value; 2186 else if ((value2 = parse_ipqos(arg)) == -1) 2187 fatal("%s line %d: Bad IPQoS value: %s", 2188 filename, linenum, arg); 2189 if (*activep) { 2190 options->ip_qos_interactive = value; 2191 options->ip_qos_bulk = value2; 2192 } 2193 break; 2194 2195 case sVersionAddendum: 2196 if (cp == NULL || *cp == '\0') 2197 fatal("%.200s line %d: Missing argument.", filename, 2198 linenum); 2199 len = strspn(cp, WHITESPACE); 2200 if (*activep && options->version_addendum == NULL) { 2201 if (strcasecmp(cp + len, "none") == 0) 2202 options->version_addendum = xstrdup(""); 2203 else if (strchr(cp + len, '\r') != NULL) 2204 fatal("%.200s line %d: Invalid argument", 2205 filename, linenum); 2206 else 2207 options->version_addendum = xstrdup(cp + len); 2208 } 2209 return 0; 2210 2211 case sAuthorizedKeysCommand: 2212 if (cp == NULL) 2213 fatal("%.200s line %d: Missing argument.", filename, 2214 linenum); 2215 len = strspn(cp, WHITESPACE); 2216 if (*activep && options->authorized_keys_command == NULL) { 2217 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2218 fatal("%.200s line %d: AuthorizedKeysCommand " 2219 "must be an absolute path", 2220 filename, linenum); 2221 options->authorized_keys_command = xstrdup(cp + len); 2222 } 2223 return 0; 2224 2225 case sAuthorizedKeysCommandUser: 2226 charptr = &options->authorized_keys_command_user; 2227 2228 arg = strdelim(&cp); 2229 if (!arg || *arg == '\0') 2230 fatal("%s line %d: missing AuthorizedKeysCommandUser " 2231 "argument.", filename, linenum); 2232 if (*activep && *charptr == NULL) 2233 *charptr = xstrdup(arg); 2234 break; 2235 2236 case sAuthorizedPrincipalsCommand: 2237 if (cp == NULL) 2238 fatal("%.200s line %d: Missing argument.", filename, 2239 linenum); 2240 len = strspn(cp, WHITESPACE); 2241 if (*activep && 2242 options->authorized_principals_command == NULL) { 2243 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2244 fatal("%.200s line %d: " 2245 "AuthorizedPrincipalsCommand must be " 2246 "an absolute path", filename, linenum); 2247 options->authorized_principals_command = 2248 xstrdup(cp + len); 2249 } 2250 return 0; 2251 2252 case sAuthorizedPrincipalsCommandUser: 2253 charptr = &options->authorized_principals_command_user; 2254 2255 arg = strdelim(&cp); 2256 if (!arg || *arg == '\0') 2257 fatal("%s line %d: missing " 2258 "AuthorizedPrincipalsCommandUser argument.", 2259 filename, linenum); 2260 if (*activep && *charptr == NULL) 2261 *charptr = xstrdup(arg); 2262 break; 2263 2264 case sAuthenticationMethods: 2265 if (options->num_auth_methods == 0) { 2266 value = 0; /* seen "any" pseudo-method */ 2267 value2 = 0; /* successfully parsed any method */ 2268 while ((arg = strdelim(&cp)) && *arg != '\0') { 2269 if (strcmp(arg, "any") == 0) { 2270 if (options->num_auth_methods > 0) { 2271 fatal("%s line %d: \"any\" " 2272 "must appear alone in " 2273 "AuthenticationMethods", 2274 filename, linenum); 2275 } 2276 value = 1; 2277 } else if (value) { 2278 fatal("%s line %d: \"any\" must appear " 2279 "alone in AuthenticationMethods", 2280 filename, linenum); 2281 } else if (auth2_methods_valid(arg, 0) != 0) { 2282 fatal("%s line %d: invalid " 2283 "authentication method list.", 2284 filename, linenum); 2285 } 2286 value2 = 1; 2287 if (!*activep) 2288 continue; 2289 array_append(filename, linenum, 2290 "AuthenticationMethods", 2291 &options->auth_methods, 2292 &options->num_auth_methods, arg); 2293 } 2294 if (value2 == 0) { 2295 fatal("%s line %d: no AuthenticationMethods " 2296 "specified", filename, linenum); 2297 } 2298 } 2299 return 0; 2300 2301 case sStreamLocalBindMask: 2302 arg = strdelim(&cp); 2303 if (!arg || *arg == '\0') 2304 fatal("%s line %d: missing StreamLocalBindMask " 2305 "argument.", filename, linenum); 2306 /* Parse mode in octal format */ 2307 value = strtol(arg, &p, 8); 2308 if (arg == p || value < 0 || value > 0777) 2309 fatal("%s line %d: Bad mask.", filename, linenum); 2310 if (*activep) 2311 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 2312 break; 2313 2314 case sStreamLocalBindUnlink: 2315 intptr = &options->fwd_opts.streamlocal_bind_unlink; 2316 goto parse_flag; 2317 2318 case sFingerprintHash: 2319 arg = strdelim(&cp); 2320 if (!arg || *arg == '\0') 2321 fatal("%.200s line %d: Missing argument.", 2322 filename, linenum); 2323 if ((value = ssh_digest_alg_by_name(arg)) == -1) 2324 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 2325 filename, linenum, arg); 2326 if (*activep) 2327 options->fingerprint_hash = value; 2328 break; 2329 2330 case sExposeAuthInfo: 2331 intptr = &options->expose_userauth_info; 2332 goto parse_flag; 2333 2334 case sRDomain: 2335 #if !defined(__OpenBSD__) && !defined(HAVE_SYS_SET_PROCESS_RDOMAIN) 2336 fatal("%s line %d: setting RDomain not supported on this " 2337 "platform.", filename, linenum); 2338 #endif 2339 charptr = &options->routing_domain; 2340 arg = strdelim(&cp); 2341 if (!arg || *arg == '\0') 2342 fatal("%.200s line %d: Missing argument.", 2343 filename, linenum); 2344 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && 2345 !valid_rdomain(arg)) 2346 fatal("%s line %d: bad routing domain", 2347 filename, linenum); 2348 if (*activep && *charptr == NULL) 2349 *charptr = xstrdup(arg); 2350 break; 2351 2352 case sDeprecated: 2353 case sIgnore: 2354 case sUnsupported: 2355 do_log2(opcode == sIgnore ? 2356 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 2357 "%s line %d: %s option %s", filename, linenum, 2358 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); 2359 while (arg) 2360 arg = strdelim(&cp); 2361 break; 2362 2363 default: 2364 fatal("%s line %d: Missing handler for opcode %s (%d)", 2365 filename, linenum, arg, opcode); 2366 } 2367 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 2368 fatal("%s line %d: garbage at end of line; \"%.200s\".", 2369 filename, linenum, arg); 2370 return 0; 2371 } 2372 2373 int 2374 process_server_config_line(ServerOptions *options, char *line, 2375 const char *filename, int linenum, int *activep, 2376 struct connection_info *connectinfo, struct include_list *includes) 2377 { 2378 return process_server_config_line_depth(options, line, filename, 2379 linenum, activep, connectinfo, 0, 0, includes); 2380 } 2381 2382 2383 /* Reads the server configuration file. */ 2384 2385 void 2386 load_server_config(const char *filename, struct sshbuf *conf) 2387 { 2388 char *line = NULL, *cp; 2389 size_t linesize = 0; 2390 FILE *f; 2391 int r, lineno = 0; 2392 2393 debug2("%s: filename %s", __func__, filename); 2394 if ((f = fopen(filename, "r")) == NULL) { 2395 perror(filename); 2396 exit(1); 2397 } 2398 sshbuf_reset(conf); 2399 while (getline(&line, &linesize, f) != -1) { 2400 lineno++; 2401 /* 2402 * Trim out comments and strip whitespace 2403 * NB - preserve newlines, they are needed to reproduce 2404 * line numbers later for error messages 2405 */ 2406 if ((cp = strchr(line, '#')) != NULL) 2407 memcpy(cp, "\n", 2); 2408 cp = line + strspn(line, " \t\r"); 2409 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) 2410 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2411 } 2412 free(line); 2413 if ((r = sshbuf_put_u8(conf, 0)) != 0) 2414 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2415 fclose(f); 2416 debug2("%s: done config len = %zu", __func__, sshbuf_len(conf)); 2417 } 2418 2419 void 2420 parse_server_match_config(ServerOptions *options, 2421 struct include_list *includes, struct connection_info *connectinfo) 2422 { 2423 ServerOptions mo; 2424 2425 initialize_server_options(&mo); 2426 parse_server_config(&mo, "reprocess config", cfg, includes, 2427 connectinfo); 2428 copy_set_server_options(options, &mo, 0); 2429 } 2430 2431 int parse_server_match_testspec(struct connection_info *ci, char *spec) 2432 { 2433 char *p; 2434 2435 while ((p = strsep(&spec, ",")) && *p != '\0') { 2436 if (strncmp(p, "addr=", 5) == 0) { 2437 ci->address = xstrdup(p + 5); 2438 } else if (strncmp(p, "host=", 5) == 0) { 2439 ci->host = xstrdup(p + 5); 2440 } else if (strncmp(p, "user=", 5) == 0) { 2441 ci->user = xstrdup(p + 5); 2442 } else if (strncmp(p, "laddr=", 6) == 0) { 2443 ci->laddress = xstrdup(p + 6); 2444 } else if (strncmp(p, "rdomain=", 8) == 0) { 2445 ci->rdomain = xstrdup(p + 8); 2446 } else if (strncmp(p, "lport=", 6) == 0) { 2447 ci->lport = a2port(p + 6); 2448 if (ci->lport == -1) { 2449 fprintf(stderr, "Invalid port '%s' in test mode" 2450 " specification %s\n", p+6, p); 2451 return -1; 2452 } 2453 } else { 2454 fprintf(stderr, "Invalid test mode specification %s\n", 2455 p); 2456 return -1; 2457 } 2458 } 2459 return 0; 2460 } 2461 2462 /* 2463 * Copy any supported values that are set. 2464 * 2465 * If the preauth flag is set, we do not bother copying the string or 2466 * array values that are not used pre-authentication, because any that we 2467 * do use must be explicitly sent in mm_getpwnamallow(). 2468 */ 2469 void 2470 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 2471 { 2472 #define M_CP_INTOPT(n) do {\ 2473 if (src->n != -1) \ 2474 dst->n = src->n; \ 2475 } while (0) 2476 2477 M_CP_INTOPT(password_authentication); 2478 M_CP_INTOPT(gss_authentication); 2479 M_CP_INTOPT(pubkey_authentication); 2480 M_CP_INTOPT(pubkey_auth_options); 2481 M_CP_INTOPT(kerberos_authentication); 2482 M_CP_INTOPT(hostbased_authentication); 2483 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 2484 M_CP_INTOPT(kbd_interactive_authentication); 2485 M_CP_INTOPT(permit_root_login); 2486 M_CP_INTOPT(permit_empty_passwd); 2487 M_CP_INTOPT(ignore_rhosts); 2488 2489 M_CP_INTOPT(allow_tcp_forwarding); 2490 M_CP_INTOPT(allow_streamlocal_forwarding); 2491 M_CP_INTOPT(allow_agent_forwarding); 2492 M_CP_INTOPT(disable_forwarding); 2493 M_CP_INTOPT(expose_userauth_info); 2494 M_CP_INTOPT(permit_tun); 2495 M_CP_INTOPT(fwd_opts.gateway_ports); 2496 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2497 M_CP_INTOPT(x11_display_offset); 2498 M_CP_INTOPT(x11_forwarding); 2499 M_CP_INTOPT(x11_use_localhost); 2500 M_CP_INTOPT(permit_tty); 2501 M_CP_INTOPT(permit_user_rc); 2502 M_CP_INTOPT(max_sessions); 2503 M_CP_INTOPT(max_authtries); 2504 M_CP_INTOPT(client_alive_count_max); 2505 M_CP_INTOPT(client_alive_interval); 2506 M_CP_INTOPT(ip_qos_interactive); 2507 M_CP_INTOPT(ip_qos_bulk); 2508 M_CP_INTOPT(rekey_limit); 2509 M_CP_INTOPT(rekey_interval); 2510 M_CP_INTOPT(log_level); 2511 2512 /* 2513 * The bind_mask is a mode_t that may be unsigned, so we can't use 2514 * M_CP_INTOPT - it does a signed comparison that causes compiler 2515 * warnings. 2516 */ 2517 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 2518 dst->fwd_opts.streamlocal_bind_mask = 2519 src->fwd_opts.streamlocal_bind_mask; 2520 } 2521 2522 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2523 #define M_CP_STROPT(n) do {\ 2524 if (src->n != NULL && dst->n != src->n) { \ 2525 free(dst->n); \ 2526 dst->n = src->n; \ 2527 } \ 2528 } while(0) 2529 #define M_CP_STRARRAYOPT(s, num_s) do {\ 2530 u_int i; \ 2531 if (src->num_s != 0) { \ 2532 for (i = 0; i < dst->num_s; i++) \ 2533 free(dst->s[i]); \ 2534 free(dst->s); \ 2535 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \ 2536 for (i = 0; i < src->num_s; i++) \ 2537 dst->s[i] = xstrdup(src->s[i]); \ 2538 dst->num_s = src->num_s; \ 2539 } \ 2540 } while(0) 2541 2542 /* See comment in servconf.h */ 2543 COPY_MATCH_STRING_OPTS(); 2544 2545 /* Arguments that accept '+...' need to be expanded */ 2546 assemble_algorithms(dst); 2547 2548 /* 2549 * The only things that should be below this point are string options 2550 * which are only used after authentication. 2551 */ 2552 if (preauth) 2553 return; 2554 2555 /* These options may be "none" to clear a global setting */ 2556 M_CP_STROPT(adm_forced_command); 2557 if (option_clear_or_none(dst->adm_forced_command)) { 2558 free(dst->adm_forced_command); 2559 dst->adm_forced_command = NULL; 2560 } 2561 M_CP_STROPT(chroot_directory); 2562 if (option_clear_or_none(dst->chroot_directory)) { 2563 free(dst->chroot_directory); 2564 dst->chroot_directory = NULL; 2565 } 2566 } 2567 2568 #undef M_CP_INTOPT 2569 #undef M_CP_STROPT 2570 #undef M_CP_STRARRAYOPT 2571 2572 #define SERVCONF_MAX_DEPTH 16 2573 void 2574 parse_server_config_depth(ServerOptions *options, const char *filename, 2575 struct sshbuf *conf, struct include_list *includes, 2576 struct connection_info *connectinfo, int flags, int *activep, int depth) 2577 { 2578 int linenum, bad_options = 0; 2579 char *cp, *obuf, *cbuf; 2580 2581 if (depth < 0 || depth > SERVCONF_MAX_DEPTH) 2582 fatal("Too many recursive configuration includes"); 2583 2584 debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf)); 2585 2586 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2587 fatal("%s: sshbuf_dup_string failed", __func__); 2588 linenum = 1; 2589 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2590 if (process_server_config_line_depth(options, cp, 2591 filename, linenum++, activep, connectinfo, flags, 2592 depth, includes) != 0) 2593 bad_options++; 2594 } 2595 free(obuf); 2596 if (bad_options > 0) 2597 fatal("%s: terminating, %d bad configuration options", 2598 filename, bad_options); 2599 process_queued_listen_addrs(options); 2600 } 2601 2602 void 2603 parse_server_config(ServerOptions *options, const char *filename, 2604 struct sshbuf *conf, struct include_list *includes, 2605 struct connection_info *connectinfo) 2606 { 2607 int active = connectinfo ? 0 : 1; 2608 parse_server_config_depth(options, filename, conf, includes, 2609 connectinfo, 0, &active, 0); 2610 } 2611 2612 static const char * 2613 fmt_multistate_int(int val, const struct multistate *m) 2614 { 2615 u_int i; 2616 2617 for (i = 0; m[i].key != NULL; i++) { 2618 if (m[i].value == val) 2619 return m[i].key; 2620 } 2621 return "UNKNOWN"; 2622 } 2623 2624 static const char * 2625 fmt_intarg(ServerOpCodes code, int val) 2626 { 2627 if (val == -1) 2628 return "unset"; 2629 switch (code) { 2630 case sAddressFamily: 2631 return fmt_multistate_int(val, multistate_addressfamily); 2632 case sPermitRootLogin: 2633 return fmt_multistate_int(val, multistate_permitrootlogin); 2634 case sGatewayPorts: 2635 return fmt_multistate_int(val, multistate_gatewayports); 2636 case sCompression: 2637 return fmt_multistate_int(val, multistate_compression); 2638 case sAllowTcpForwarding: 2639 return fmt_multistate_int(val, multistate_tcpfwd); 2640 case sAllowStreamLocalForwarding: 2641 return fmt_multistate_int(val, multistate_tcpfwd); 2642 case sIgnoreRhosts: 2643 return fmt_multistate_int(val, multistate_ignore_rhosts); 2644 case sFingerprintHash: 2645 return ssh_digest_alg_name(val); 2646 default: 2647 switch (val) { 2648 case 0: 2649 return "no"; 2650 case 1: 2651 return "yes"; 2652 default: 2653 return "UNKNOWN"; 2654 } 2655 } 2656 } 2657 2658 static void 2659 dump_cfg_int(ServerOpCodes code, int val) 2660 { 2661 printf("%s %d\n", lookup_opcode_name(code), val); 2662 } 2663 2664 static void 2665 dump_cfg_oct(ServerOpCodes code, int val) 2666 { 2667 printf("%s 0%o\n", lookup_opcode_name(code), val); 2668 } 2669 2670 static void 2671 dump_cfg_fmtint(ServerOpCodes code, int val) 2672 { 2673 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2674 } 2675 2676 static void 2677 dump_cfg_string(ServerOpCodes code, const char *val) 2678 { 2679 printf("%s %s\n", lookup_opcode_name(code), 2680 val == NULL ? "none" : val); 2681 } 2682 2683 static void 2684 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2685 { 2686 u_int i; 2687 2688 for (i = 0; i < count; i++) 2689 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2690 } 2691 2692 static void 2693 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2694 { 2695 u_int i; 2696 2697 if (count <= 0 && code != sAuthenticationMethods) 2698 return; 2699 printf("%s", lookup_opcode_name(code)); 2700 for (i = 0; i < count; i++) 2701 printf(" %s", vals[i]); 2702 if (code == sAuthenticationMethods && count == 0) 2703 printf(" any"); 2704 printf("\n"); 2705 } 2706 2707 static char * 2708 format_listen_addrs(struct listenaddr *la) 2709 { 2710 int r; 2711 struct addrinfo *ai; 2712 char addr[NI_MAXHOST], port[NI_MAXSERV]; 2713 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2714 2715 /* 2716 * ListenAddress must be after Port. add_one_listen_addr pushes 2717 * addresses onto a stack, so to maintain ordering we need to 2718 * print these in reverse order. 2719 */ 2720 for (ai = la->addrs; ai; ai = ai->ai_next) { 2721 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2722 sizeof(addr), port, sizeof(port), 2723 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2724 error("getnameinfo: %.100s", ssh_gai_strerror(r)); 2725 continue; 2726 } 2727 laddr2 = laddr1; 2728 if (ai->ai_family == AF_INET6) { 2729 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s", 2730 addr, port, 2731 la->rdomain == NULL ? "" : " rdomain ", 2732 la->rdomain == NULL ? "" : la->rdomain, 2733 laddr2); 2734 } else { 2735 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s", 2736 addr, port, 2737 la->rdomain == NULL ? "" : " rdomain ", 2738 la->rdomain == NULL ? "" : la->rdomain, 2739 laddr2); 2740 } 2741 free(laddr2); 2742 } 2743 return laddr1; 2744 } 2745 2746 void 2747 dump_config(ServerOptions *o) 2748 { 2749 char *s; 2750 u_int i; 2751 2752 /* these are usually at the top of the config */ 2753 for (i = 0; i < o->num_ports; i++) 2754 printf("port %d\n", o->ports[i]); 2755 dump_cfg_fmtint(sAddressFamily, o->address_family); 2756 2757 for (i = 0; i < o->num_listen_addrs; i++) { 2758 s = format_listen_addrs(&o->listen_addrs[i]); 2759 printf("%s", s); 2760 free(s); 2761 } 2762 2763 /* integer arguments */ 2764 #ifdef USE_PAM 2765 dump_cfg_fmtint(sUsePAM, o->use_pam); 2766 #endif 2767 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2768 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2769 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2770 dump_cfg_int(sMaxSessions, o->max_sessions); 2771 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2772 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2773 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2774 2775 /* formatted integer arguments */ 2776 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2777 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2778 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2779 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2780 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2781 o->hostbased_uses_name_from_packet_only); 2782 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2783 #ifdef KRB5 2784 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2785 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2786 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2787 # ifdef USE_AFS 2788 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2789 # endif 2790 #endif 2791 #ifdef GSSAPI 2792 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2793 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2794 #endif 2795 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2796 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2797 o->kbd_interactive_authentication); 2798 dump_cfg_fmtint(sChallengeResponseAuthentication, 2799 o->challenge_response_authentication); 2800 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2801 #ifndef DISABLE_LASTLOG 2802 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2803 #endif 2804 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2805 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2806 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2807 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2808 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2809 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2810 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2811 dump_cfg_fmtint(sCompression, o->compression); 2812 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2813 dump_cfg_fmtint(sUseDNS, o->use_dns); 2814 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2815 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2816 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2817 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2818 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2819 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2820 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); 2821 2822 /* string arguments */ 2823 dump_cfg_string(sPidFile, o->pid_file); 2824 dump_cfg_string(sXAuthLocation, o->xauth_location); 2825 dump_cfg_string(sCiphers, o->ciphers); 2826 dump_cfg_string(sMacs, o->macs); 2827 dump_cfg_string(sBanner, o->banner); 2828 dump_cfg_string(sForceCommand, o->adm_forced_command); 2829 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2830 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2831 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2832 dump_cfg_string(sSecurityKeyProvider, o->sk_provider); 2833 dump_cfg_string(sAuthorizedPrincipalsFile, 2834 o->authorized_principals_file); 2835 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2836 ? "none" : o->version_addendum); 2837 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2838 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2839 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2840 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2841 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2842 dump_cfg_string(sKexAlgorithms, o->kex_algorithms); 2843 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms); 2844 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types); 2845 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms); 2846 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types); 2847 #if defined(__OpenBSD__) || defined(HAVE_SYS_SET_PROCESS_RDOMAIN) 2848 dump_cfg_string(sRDomain, o->routing_domain); 2849 #endif 2850 2851 /* string arguments requiring a lookup */ 2852 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2853 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2854 2855 /* string array arguments */ 2856 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2857 o->authorized_keys_files); 2858 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2859 o->host_key_files); 2860 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2861 o->host_cert_files); 2862 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2863 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2864 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2865 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2866 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2867 dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv); 2868 dump_cfg_strarray_oneline(sAuthenticationMethods, 2869 o->num_auth_methods, o->auth_methods); 2870 2871 /* other arguments */ 2872 for (i = 0; i < o->num_subsystems; i++) 2873 printf("subsystem %s %s\n", o->subsystem_name[i], 2874 o->subsystem_args[i]); 2875 2876 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2877 o->max_startups_rate, o->max_startups); 2878 2879 s = NULL; 2880 for (i = 0; tunmode_desc[i].val != -1; i++) { 2881 if (tunmode_desc[i].val == o->permit_tun) { 2882 s = tunmode_desc[i].text; 2883 break; 2884 } 2885 } 2886 dump_cfg_string(sPermitTunnel, s); 2887 2888 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2889 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2890 2891 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2892 o->rekey_interval); 2893 2894 printf("permitopen"); 2895 if (o->num_permitted_opens == 0) 2896 printf(" any"); 2897 else { 2898 for (i = 0; i < o->num_permitted_opens; i++) 2899 printf(" %s", o->permitted_opens[i]); 2900 } 2901 printf("\n"); 2902 printf("permitlisten"); 2903 if (o->num_permitted_listens == 0) 2904 printf(" any"); 2905 else { 2906 for (i = 0; i < o->num_permitted_listens; i++) 2907 printf(" %s", o->permitted_listens[i]); 2908 } 2909 printf("\n"); 2910 2911 if (o->permit_user_env_whitelist == NULL) { 2912 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2913 } else { 2914 printf("permituserenvironment %s\n", 2915 o->permit_user_env_whitelist); 2916 } 2917 2918 printf("pubkeyauthoptions"); 2919 if (o->pubkey_auth_options == 0) 2920 printf(" none"); 2921 if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED) 2922 printf(" touch-required"); 2923 printf("\n"); 2924 } 2925