1 /* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */ 2 /* 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be 10 * called by a name other than "ssh" or "Secure Shell". 11 */ 12 13 #include "includes.h" 14 15 #include <sys/types.h> 16 #include <sys/socket.h> 17 18 #include <netdb.h> 19 #include <pwd.h> 20 #include <stdio.h> 21 #include <stdlib.h> 22 #include <string.h> 23 #include <signal.h> 24 #include <unistd.h> 25 #include <stdarg.h> 26 #include <errno.h> 27 28 #include "openbsd-compat/sys-queue.h" 29 #include "xmalloc.h" 30 #include "ssh.h" 31 #include "log.h" 32 #include "buffer.h" 33 #include "servconf.h" 34 #include "compat.h" 35 #include "pathnames.h" 36 #include "misc.h" 37 #include "cipher.h" 38 #include "key.h" 39 #include "kex.h" 40 #include "mac.h" 41 #include "match.h" 42 #include "channels.h" 43 #include "groupaccess.h" 44 #include "version.h" 45 46 static void add_listen_addr(ServerOptions *, char *, int); 47 static void add_one_listen_addr(ServerOptions *, char *, int); 48 49 /* Use of privilege separation or not */ 50 extern int use_privsep; 51 extern Buffer cfg; 52 53 /* Initializes the server options to their default values. */ 54 55 void 56 initialize_server_options(ServerOptions *options) 57 { 58 memset(options, 0, sizeof(*options)); 59 60 /* Portable-specific options */ 61 options->use_pam = -1; 62 63 /* Standard Options */ 64 options->num_ports = 0; 65 options->ports_from_cmdline = 0; 66 options->listen_addrs = NULL; 67 options->address_family = -1; 68 options->num_host_key_files = 0; 69 options->num_host_cert_files = 0; 70 options->pid_file = NULL; 71 options->server_key_bits = -1; 72 options->login_grace_time = -1; 73 options->key_regeneration_time = -1; 74 options->permit_root_login = PERMIT_NOT_SET; 75 options->ignore_rhosts = -1; 76 options->ignore_user_known_hosts = -1; 77 options->print_motd = -1; 78 options->print_lastlog = -1; 79 options->x11_forwarding = -1; 80 options->x11_display_offset = -1; 81 options->x11_use_localhost = -1; 82 options->xauth_location = NULL; 83 options->strict_modes = -1; 84 options->tcp_keep_alive = -1; 85 options->log_facility = SYSLOG_FACILITY_NOT_SET; 86 options->log_level = SYSLOG_LEVEL_NOT_SET; 87 options->rhosts_rsa_authentication = -1; 88 options->hostbased_authentication = -1; 89 options->hostbased_uses_name_from_packet_only = -1; 90 options->rsa_authentication = -1; 91 options->pubkey_authentication = -1; 92 options->kerberos_authentication = -1; 93 options->kerberos_or_local_passwd = -1; 94 options->kerberos_ticket_cleanup = -1; 95 options->kerberos_get_afs_token = -1; 96 options->gss_authentication=-1; 97 options->gss_cleanup_creds = -1; 98 options->password_authentication = -1; 99 options->kbd_interactive_authentication = -1; 100 options->challenge_response_authentication = -1; 101 options->permit_blacklisted_keys = -1; 102 options->permit_empty_passwd = -1; 103 options->permit_user_env = -1; 104 options->use_login = -1; 105 options->compression = -1; 106 options->allow_tcp_forwarding = -1; 107 options->allow_agent_forwarding = -1; 108 options->num_allow_users = 0; 109 options->num_deny_users = 0; 110 options->num_allow_groups = 0; 111 options->num_deny_groups = 0; 112 options->ciphers = NULL; 113 options->macs = NULL; 114 options->protocol = SSH_PROTO_UNKNOWN; 115 options->gateway_ports = -1; 116 options->num_subsystems = 0; 117 options->max_startups_begin = -1; 118 options->max_startups_rate = -1; 119 options->max_startups = -1; 120 options->max_authtries = -1; 121 options->max_sessions = -1; 122 options->banner = NULL; 123 options->use_dns = -1; 124 options->client_alive_interval = -1; 125 options->client_alive_count_max = -1; 126 options->authorized_keys_file = NULL; 127 options->authorized_keys_file2 = NULL; 128 options->num_accept_env = 0; 129 options->permit_tun = -1; 130 options->num_permitted_opens = -1; 131 options->adm_forced_command = NULL; 132 options->chroot_directory = NULL; 133 options->zero_knowledge_password_authentication = -1; 134 options->none_enabled = -1; 135 options->tcp_rcv_buf_poll = -1; 136 options->hpn_disabled = -1; 137 options->hpn_buffer_size = -1; 138 options->revoked_keys_file = NULL; 139 options->trusted_user_ca_keys = NULL; 140 options->authorized_principals_file = NULL; 141 } 142 143 void 144 fill_default_server_options(ServerOptions *options) 145 { 146 /* needed for hpn socket tests */ 147 int sock; 148 int socksize; 149 int socksizelen = sizeof(int); 150 151 /* Portable-specific options */ 152 if (options->use_pam == -1) 153 options->use_pam = 0; 154 155 /* Standard Options */ 156 if (options->protocol == SSH_PROTO_UNKNOWN) 157 options->protocol = SSH_PROTO_2; 158 if (options->num_host_key_files == 0) { 159 /* fill default hostkeys for protocols */ 160 if (options->protocol & SSH_PROTO_1) 161 options->host_key_files[options->num_host_key_files++] = 162 _PATH_HOST_KEY_FILE; 163 if (options->protocol & SSH_PROTO_2) { 164 options->host_key_files[options->num_host_key_files++] = 165 _PATH_HOST_RSA_KEY_FILE; 166 options->host_key_files[options->num_host_key_files++] = 167 _PATH_HOST_DSA_KEY_FILE; 168 } 169 } 170 /* No certificates by default */ 171 if (options->num_ports == 0) 172 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 173 if (options->listen_addrs == NULL) 174 add_listen_addr(options, NULL, 0); 175 if (options->pid_file == NULL) 176 options->pid_file = _PATH_SSH_DAEMON_PID_FILE; 177 if (options->server_key_bits == -1) 178 options->server_key_bits = 1024; 179 if (options->login_grace_time == -1) 180 options->login_grace_time = 120; 181 if (options->key_regeneration_time == -1) 182 options->key_regeneration_time = 3600; 183 if (options->permit_root_login == PERMIT_NOT_SET) 184 options->permit_root_login = PERMIT_NO; 185 if (options->ignore_rhosts == -1) 186 options->ignore_rhosts = 1; 187 if (options->ignore_user_known_hosts == -1) 188 options->ignore_user_known_hosts = 0; 189 if (options->print_motd == -1) 190 options->print_motd = 1; 191 if (options->print_lastlog == -1) 192 options->print_lastlog = 1; 193 if (options->x11_forwarding == -1) 194 options->x11_forwarding = 1; 195 if (options->x11_display_offset == -1) 196 options->x11_display_offset = 10; 197 if (options->x11_use_localhost == -1) 198 options->x11_use_localhost = 1; 199 if (options->xauth_location == NULL) 200 options->xauth_location = _PATH_XAUTH; 201 if (options->strict_modes == -1) 202 options->strict_modes = 1; 203 if (options->tcp_keep_alive == -1) 204 options->tcp_keep_alive = 1; 205 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 206 options->log_facility = SYSLOG_FACILITY_AUTH; 207 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 208 options->log_level = SYSLOG_LEVEL_INFO; 209 if (options->rhosts_rsa_authentication == -1) 210 options->rhosts_rsa_authentication = 0; 211 if (options->hostbased_authentication == -1) 212 options->hostbased_authentication = 0; 213 if (options->hostbased_uses_name_from_packet_only == -1) 214 options->hostbased_uses_name_from_packet_only = 0; 215 if (options->rsa_authentication == -1) 216 options->rsa_authentication = 1; 217 if (options->pubkey_authentication == -1) 218 options->pubkey_authentication = 1; 219 if (options->kerberos_authentication == -1) 220 options->kerberos_authentication = 0; 221 if (options->kerberos_or_local_passwd == -1) 222 options->kerberos_or_local_passwd = 1; 223 if (options->kerberos_ticket_cleanup == -1) 224 options->kerberos_ticket_cleanup = 1; 225 if (options->kerberos_get_afs_token == -1) 226 options->kerberos_get_afs_token = 0; 227 if (options->gss_authentication == -1) 228 options->gss_authentication = 0; 229 if (options->gss_cleanup_creds == -1) 230 options->gss_cleanup_creds = 1; 231 if (options->password_authentication == -1) 232 options->password_authentication = 1; 233 if (options->kbd_interactive_authentication == -1) 234 options->kbd_interactive_authentication = 0; 235 if (options->challenge_response_authentication == -1) 236 options->challenge_response_authentication = 1; 237 if (options->permit_blacklisted_keys == -1) 238 options->permit_blacklisted_keys = 0; 239 if (options->permit_empty_passwd == -1) 240 options->permit_empty_passwd = 0; 241 if (options->permit_user_env == -1) 242 options->permit_user_env = 0; 243 if (options->use_login == -1) 244 options->use_login = 0; 245 if (options->compression == -1) 246 options->compression = COMP_DELAYED; 247 if (options->allow_tcp_forwarding == -1) 248 options->allow_tcp_forwarding = 1; 249 if (options->allow_agent_forwarding == -1) 250 options->allow_agent_forwarding = 1; 251 if (options->gateway_ports == -1) 252 options->gateway_ports = 0; 253 if (options->max_startups == -1) 254 options->max_startups = 10; 255 if (options->max_startups_rate == -1) 256 options->max_startups_rate = 100; /* 100% */ 257 if (options->max_startups_begin == -1) 258 options->max_startups_begin = options->max_startups; 259 if (options->max_authtries == -1) 260 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 261 if (options->max_sessions == -1) 262 options->max_sessions = DEFAULT_SESSIONS_MAX; 263 if (options->use_dns == -1) 264 options->use_dns = 1; 265 if (options->client_alive_interval == -1) 266 options->client_alive_interval = 0; 267 if (options->client_alive_count_max == -1) 268 options->client_alive_count_max = 3; 269 if (options->authorized_keys_file2 == NULL) { 270 /* authorized_keys_file2 falls back to authorized_keys_file */ 271 if (options->authorized_keys_file != NULL) 272 options->authorized_keys_file2 = options->authorized_keys_file; 273 else 274 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; 275 } 276 if (options->authorized_keys_file == NULL) 277 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; 278 if (options->permit_tun == -1) 279 options->permit_tun = SSH_TUNMODE_NO; 280 if (options->zero_knowledge_password_authentication == -1) 281 options->zero_knowledge_password_authentication = 0; 282 283 if (options->hpn_disabled == -1) 284 options->hpn_disabled = 0; 285 286 if (options->hpn_buffer_size == -1) { 287 /* option not explicitly set. Now we have to figure out */ 288 /* what value to use */ 289 if (options->hpn_disabled == 1) { 290 options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT; 291 } else { 292 /* get the current RCV size and set it to that */ 293 /*create a socket but don't connect it */ 294 /* we use that the get the rcv socket size */ 295 sock = socket(AF_INET, SOCK_STREAM, 0); 296 getsockopt(sock, SOL_SOCKET, SO_RCVBUF, 297 &socksize, &socksizelen); 298 close(sock); 299 options->hpn_buffer_size = socksize; 300 debug ("HPN Buffer Size: %d", options->hpn_buffer_size); 301 302 } 303 } else { 304 /* we have to do this incase the user sets both values in a contradictory */ 305 /* manner. hpn_disabled overrrides hpn_buffer_size*/ 306 if (options->hpn_disabled <= 0) { 307 if (options->hpn_buffer_size == 0) 308 options->hpn_buffer_size = 1; 309 /* limit the maximum buffer to 64MB */ 310 if (options->hpn_buffer_size > 64*1024) { 311 options->hpn_buffer_size = 64*1024*1024; 312 } else { 313 options->hpn_buffer_size *= 1024; 314 } 315 } else 316 options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; 317 } 318 319 /* Turn privilege separation on by default */ 320 if (use_privsep == -1) 321 use_privsep = 1; 322 323 #ifndef HAVE_MMAP 324 if (use_privsep && options->compression == 1) { 325 error("This platform does not support both privilege " 326 "separation and compression"); 327 error("Compression disabled"); 328 options->compression = 0; 329 } 330 #endif 331 332 } 333 334 /* Keyword tokens. */ 335 typedef enum { 336 sBadOption, /* == unknown option */ 337 /* Portable-specific options */ 338 sUsePAM, 339 /* Standard Options */ 340 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, 341 sPermitRootLogin, sLogFacility, sLogLevel, 342 sRhostsRSAAuthentication, sRSAAuthentication, 343 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 344 sKerberosGetAFSToken, 345 sKerberosTgtPassing, sChallengeResponseAuthentication, 346 sPasswordAuthentication, sKbdInteractiveAuthentication, 347 sListenAddress, sAddressFamily, 348 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 349 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 350 sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive, 351 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 352 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 353 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 354 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, 355 sMaxStartups, sMaxAuthTries, sMaxSessions, 356 sBanner, sUseDNS, sHostbasedAuthentication, 357 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 358 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, 359 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, 360 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 361 sUsePrivilegeSeparation, sAllowAgentForwarding, 362 sZeroKnowledgePasswordAuthentication, sHostCertificate, 363 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 364 sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, 365 sVersionAddendum, 366 sDeprecated, sUnsupported 367 } ServerOpCodes; 368 369 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 370 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 371 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 372 373 /* Textual representation of the tokens. */ 374 static struct { 375 const char *name; 376 ServerOpCodes opcode; 377 u_int flags; 378 } keywords[] = { 379 /* Portable-specific options */ 380 #ifdef USE_PAM 381 { "usepam", sUsePAM, SSHCFG_GLOBAL }, 382 #else 383 { "usepam", sUnsupported, SSHCFG_GLOBAL }, 384 #endif 385 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, 386 /* Standard Options */ 387 { "port", sPort, SSHCFG_GLOBAL }, 388 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 389 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 390 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 391 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, 392 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 393 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, 394 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 395 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 396 { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 397 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 398 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, 399 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 400 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 401 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, 402 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 403 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 404 #ifdef KRB5 405 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 406 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 407 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 408 #ifdef USE_AFS 409 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 410 #else 411 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 412 #endif 413 #else 414 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 415 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 416 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 417 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 418 #endif 419 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 420 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 421 #ifdef GSSAPI 422 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 423 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 424 #else 425 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 426 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 427 #endif 428 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 429 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 430 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 431 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 432 #ifdef JPAKE 433 { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL }, 434 #else 435 { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL }, 436 #endif 437 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 438 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 439 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 440 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 441 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 442 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 443 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 444 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 445 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 446 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 447 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 448 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 449 { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL }, 450 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 451 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 452 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 453 { "compression", sCompression, SSHCFG_GLOBAL }, 454 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 455 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 456 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 457 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 458 { "allowusers", sAllowUsers, SSHCFG_GLOBAL }, 459 { "denyusers", sDenyUsers, SSHCFG_GLOBAL }, 460 { "allowgroups", sAllowGroups, SSHCFG_GLOBAL }, 461 { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, 462 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 463 { "macs", sMacs, SSHCFG_GLOBAL }, 464 { "protocol", sProtocol, SSHCFG_GLOBAL }, 465 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 466 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 467 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 468 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 469 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 470 { "banner", sBanner, SSHCFG_ALL }, 471 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 472 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 473 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 474 { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, 475 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, 476 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 477 { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, 478 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 479 { "versionaddendum", sVersionAddendum , SSHCFG_GLOBAL }, 480 { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, 481 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 482 { "match", sMatch, SSHCFG_ALL }, 483 { "permitopen", sPermitOpen, SSHCFG_ALL }, 484 { "forcecommand", sForceCommand, SSHCFG_ALL }, 485 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 486 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 487 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 488 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 489 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 490 { "noneenabled", sNoneEnabled }, 491 { "hpndisabled", sHPNDisabled }, 492 { "hpnbuffersize", sHPNBufferSize }, 493 { "tcprcvbufpoll", sTcpRcvBufPoll }, 494 { NULL, sBadOption, 0 } 495 }; 496 497 static struct { 498 int val; 499 char *text; 500 } tunmode_desc[] = { 501 { SSH_TUNMODE_NO, "no" }, 502 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 503 { SSH_TUNMODE_ETHERNET, "ethernet" }, 504 { SSH_TUNMODE_YES, "yes" }, 505 { -1, NULL } 506 }; 507 508 /* 509 * Returns the number of the token pointed to by cp or sBadOption. 510 */ 511 512 static ServerOpCodes 513 parse_token(const char *cp, const char *filename, 514 int linenum, u_int *flags) 515 { 516 u_int i; 517 518 for (i = 0; keywords[i].name; i++) 519 if (strcasecmp(cp, keywords[i].name) == 0) { 520 debug ("Config token is %s", keywords[i].name); 521 *flags = keywords[i].flags; 522 return keywords[i].opcode; 523 } 524 525 error("%s: line %d: Bad configuration option: %s", 526 filename, linenum, cp); 527 return sBadOption; 528 } 529 530 char * 531 derelativise_path(const char *path) 532 { 533 char *expanded, *ret, cwd[MAXPATHLEN]; 534 535 expanded = tilde_expand_filename(path, getuid()); 536 if (*expanded == '/') 537 return expanded; 538 if (getcwd(cwd, sizeof(cwd)) == NULL) 539 fatal("%s: getcwd: %s", __func__, strerror(errno)); 540 xasprintf(&ret, "%s/%s", cwd, expanded); 541 xfree(expanded); 542 return ret; 543 } 544 545 static void 546 add_listen_addr(ServerOptions *options, char *addr, int port) 547 { 548 u_int i; 549 550 if (options->num_ports == 0) 551 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 552 if (options->address_family == -1) 553 options->address_family = AF_UNSPEC; 554 if (port == 0) 555 for (i = 0; i < options->num_ports; i++) 556 add_one_listen_addr(options, addr, options->ports[i]); 557 else 558 add_one_listen_addr(options, addr, port); 559 } 560 561 static void 562 add_one_listen_addr(ServerOptions *options, char *addr, int port) 563 { 564 struct addrinfo hints, *ai, *aitop; 565 char strport[NI_MAXSERV]; 566 int gaierr; 567 568 memset(&hints, 0, sizeof(hints)); 569 hints.ai_family = options->address_family; 570 hints.ai_socktype = SOCK_STREAM; 571 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 572 snprintf(strport, sizeof strport, "%d", port); 573 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 574 fatal("bad addr or host: %s (%s)", 575 addr ? addr : "<NULL>", 576 ssh_gai_strerror(gaierr)); 577 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 578 ; 579 ai->ai_next = options->listen_addrs; 580 options->listen_addrs = aitop; 581 } 582 583 /* 584 * The strategy for the Match blocks is that the config file is parsed twice. 585 * 586 * The first time is at startup. activep is initialized to 1 and the 587 * directives in the global context are processed and acted on. Hitting a 588 * Match directive unsets activep and the directives inside the block are 589 * checked for syntax only. 590 * 591 * The second time is after a connection has been established but before 592 * authentication. activep is initialized to 2 and global config directives 593 * are ignored since they have already been processed. If the criteria in a 594 * Match block is met, activep is set and the subsequent directives 595 * processed and actioned until EOF or another Match block unsets it. Any 596 * options set are copied into the main server config. 597 * 598 * Potential additions/improvements: 599 * - Add Match support for pre-kex directives, eg Protocol, Ciphers. 600 * 601 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 602 * Match Address 192.168.0.* 603 * Tag trusted 604 * Match Group wheel 605 * Tag trusted 606 * Match Tag trusted 607 * AllowTcpForwarding yes 608 * GatewayPorts clientspecified 609 * [...] 610 * 611 * - Add a PermittedChannelRequests directive 612 * Match Group shell 613 * PermittedChannelRequests session,forwarded-tcpip 614 */ 615 616 static int 617 match_cfg_line_group(const char *grps, int line, const char *user) 618 { 619 int result = 0; 620 struct passwd *pw; 621 622 if (user == NULL) 623 goto out; 624 625 if ((pw = getpwnam(user)) == NULL) { 626 debug("Can't match group at line %d because user %.100s does " 627 "not exist", line, user); 628 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 629 debug("Can't Match group because user %.100s not in any group " 630 "at line %d", user, line); 631 } else if (ga_match_pattern_list(grps) != 1) { 632 debug("user %.100s does not match group list %.100s at line %d", 633 user, grps, line); 634 } else { 635 debug("user %.100s matched group list %.100s at line %d", user, 636 grps, line); 637 result = 1; 638 } 639 out: 640 ga_free(); 641 return result; 642 } 643 644 static int 645 match_cfg_line(char **condition, int line, const char *user, const char *host, 646 const char *address) 647 { 648 int result = 1; 649 char *arg, *attrib, *cp = *condition; 650 size_t len; 651 652 if (user == NULL) 653 debug3("checking syntax for 'Match %s'", cp); 654 else 655 debug3("checking match for '%s' user %s host %s addr %s", cp, 656 user ? user : "(null)", host ? host : "(null)", 657 address ? address : "(null)"); 658 659 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 660 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 661 error("Missing Match criteria for %s", attrib); 662 return -1; 663 } 664 len = strlen(arg); 665 if (strcasecmp(attrib, "user") == 0) { 666 if (!user) { 667 result = 0; 668 continue; 669 } 670 if (match_pattern_list(user, arg, len, 0) != 1) 671 result = 0; 672 else 673 debug("user %.100s matched 'User %.100s' at " 674 "line %d", user, arg, line); 675 } else if (strcasecmp(attrib, "group") == 0) { 676 switch (match_cfg_line_group(arg, line, user)) { 677 case -1: 678 return -1; 679 case 0: 680 result = 0; 681 } 682 } else if (strcasecmp(attrib, "host") == 0) { 683 if (!host) { 684 result = 0; 685 continue; 686 } 687 if (match_hostname(host, arg, len) != 1) 688 result = 0; 689 else 690 debug("connection from %.100s matched 'Host " 691 "%.100s' at line %d", host, arg, line); 692 } else if (strcasecmp(attrib, "address") == 0) { 693 switch (addr_match_list(address, arg)) { 694 case 1: 695 debug("connection from %.100s matched 'Address " 696 "%.100s' at line %d", address, arg, line); 697 break; 698 case 0: 699 case -1: 700 result = 0; 701 break; 702 case -2: 703 return -1; 704 } 705 } else { 706 error("Unsupported Match attribute %s", attrib); 707 return -1; 708 } 709 } 710 if (user != NULL) 711 debug3("match %sfound", result ? "" : "not "); 712 *condition = cp; 713 return result; 714 } 715 716 #define WHITESPACE " \t\r\n" 717 718 int 719 process_server_config_line(ServerOptions *options, char *line, 720 const char *filename, int linenum, int *activep, const char *user, 721 const char *host, const char *address) 722 { 723 char *cp, **charptr, *arg, *p; 724 int cmdline = 0, *intptr, value, n; 725 SyslogFacility *log_facility_ptr; 726 LogLevel *log_level_ptr; 727 ServerOpCodes opcode; 728 int port; 729 u_int i, flags = 0; 730 size_t len; 731 732 cp = line; 733 if ((arg = strdelim(&cp)) == NULL) 734 return 0; 735 /* Ignore leading whitespace */ 736 if (*arg == '\0') 737 arg = strdelim(&cp); 738 if (!arg || !*arg || *arg == '#') 739 return 0; 740 intptr = NULL; 741 charptr = NULL; 742 opcode = parse_token(arg, filename, linenum, &flags); 743 744 if (activep == NULL) { /* We are processing a command line directive */ 745 cmdline = 1; 746 activep = &cmdline; 747 } 748 if (*activep && opcode != sMatch) 749 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 750 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 751 if (user == NULL) { 752 fatal("%s line %d: Directive '%s' is not allowed " 753 "within a Match block", filename, linenum, arg); 754 } else { /* this is a directive we have already processed */ 755 while (arg) 756 arg = strdelim(&cp); 757 return 0; 758 } 759 } 760 761 switch (opcode) { 762 /* Portable-specific options */ 763 case sUsePAM: 764 intptr = &options->use_pam; 765 goto parse_flag; 766 767 /* Standard Options */ 768 case sBadOption: 769 return -1; 770 case sPort: 771 /* ignore ports from configfile if cmdline specifies ports */ 772 if (options->ports_from_cmdline) 773 return 0; 774 if (options->listen_addrs != NULL) 775 fatal("%s line %d: ports must be specified before " 776 "ListenAddress.", filename, linenum); 777 if (options->num_ports >= MAX_PORTS) 778 fatal("%s line %d: too many ports.", 779 filename, linenum); 780 arg = strdelim(&cp); 781 if (!arg || *arg == '\0') 782 fatal("%s line %d: missing port number.", 783 filename, linenum); 784 options->ports[options->num_ports++] = a2port(arg); 785 if (options->ports[options->num_ports-1] <= 0) 786 fatal("%s line %d: Badly formatted port number.", 787 filename, linenum); 788 break; 789 790 case sServerKeyBits: 791 intptr = &options->server_key_bits; 792 parse_int: 793 arg = strdelim(&cp); 794 if (!arg || *arg == '\0') 795 fatal("%s line %d: missing integer value.", 796 filename, linenum); 797 value = atoi(arg); 798 if (*activep && *intptr == -1) 799 *intptr = value; 800 break; 801 802 case sLoginGraceTime: 803 intptr = &options->login_grace_time; 804 parse_time: 805 arg = strdelim(&cp); 806 if (!arg || *arg == '\0') 807 fatal("%s line %d: missing time value.", 808 filename, linenum); 809 if ((value = convtime(arg)) == -1) 810 fatal("%s line %d: invalid time value.", 811 filename, linenum); 812 if (*intptr == -1) 813 *intptr = value; 814 break; 815 816 case sKeyRegenerationTime: 817 intptr = &options->key_regeneration_time; 818 goto parse_time; 819 820 case sListenAddress: 821 arg = strdelim(&cp); 822 if (arg == NULL || *arg == '\0') 823 fatal("%s line %d: missing address", 824 filename, linenum); 825 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 826 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 827 && strchr(p+1, ':') != NULL) { 828 add_listen_addr(options, arg, 0); 829 break; 830 } 831 p = hpdelim(&arg); 832 if (p == NULL) 833 fatal("%s line %d: bad address:port usage", 834 filename, linenum); 835 p = cleanhostname(p); 836 if (arg == NULL) 837 port = 0; 838 else if ((port = a2port(arg)) <= 0) 839 fatal("%s line %d: bad port number", filename, linenum); 840 841 add_listen_addr(options, p, port); 842 843 break; 844 845 case sAddressFamily: 846 arg = strdelim(&cp); 847 if (!arg || *arg == '\0') 848 fatal("%s line %d: missing address family.", 849 filename, linenum); 850 intptr = &options->address_family; 851 if (options->listen_addrs != NULL) 852 fatal("%s line %d: address family must be specified before " 853 "ListenAddress.", filename, linenum); 854 if (strcasecmp(arg, "inet") == 0) 855 value = AF_INET; 856 else if (strcasecmp(arg, "inet6") == 0) 857 value = AF_INET6; 858 else if (strcasecmp(arg, "any") == 0) 859 value = AF_UNSPEC; 860 else 861 fatal("%s line %d: unsupported address family \"%s\".", 862 filename, linenum, arg); 863 if (*intptr == -1) 864 *intptr = value; 865 break; 866 867 case sHostKeyFile: 868 intptr = &options->num_host_key_files; 869 if (*intptr >= MAX_HOSTKEYS) 870 fatal("%s line %d: too many host keys specified (max %d).", 871 filename, linenum, MAX_HOSTKEYS); 872 charptr = &options->host_key_files[*intptr]; 873 parse_filename: 874 arg = strdelim(&cp); 875 if (!arg || *arg == '\0') 876 fatal("%s line %d: missing file name.", 877 filename, linenum); 878 if (*activep && *charptr == NULL) { 879 *charptr = derelativise_path(arg); 880 /* increase optional counter */ 881 if (intptr != NULL) 882 *intptr = *intptr + 1; 883 } 884 break; 885 886 case sHostCertificate: 887 intptr = &options->num_host_cert_files; 888 if (*intptr >= MAX_HOSTKEYS) 889 fatal("%s line %d: too many host certificates " 890 "specified (max %d).", filename, linenum, 891 MAX_HOSTCERTS); 892 charptr = &options->host_cert_files[*intptr]; 893 goto parse_filename; 894 break; 895 896 case sPidFile: 897 charptr = &options->pid_file; 898 goto parse_filename; 899 900 case sPermitRootLogin: 901 intptr = &options->permit_root_login; 902 arg = strdelim(&cp); 903 if (!arg || *arg == '\0') 904 fatal("%s line %d: missing yes/" 905 "without-password/forced-commands-only/no " 906 "argument.", filename, linenum); 907 value = 0; /* silence compiler */ 908 if (strcmp(arg, "without-password") == 0) 909 value = PERMIT_NO_PASSWD; 910 else if (strcmp(arg, "forced-commands-only") == 0) 911 value = PERMIT_FORCED_ONLY; 912 else if (strcmp(arg, "yes") == 0) 913 value = PERMIT_YES; 914 else if (strcmp(arg, "no") == 0) 915 value = PERMIT_NO; 916 else 917 fatal("%s line %d: Bad yes/" 918 "without-password/forced-commands-only/no " 919 "argument: %s", filename, linenum, arg); 920 if (*activep && *intptr == -1) 921 *intptr = value; 922 break; 923 924 case sIgnoreRhosts: 925 intptr = &options->ignore_rhosts; 926 parse_flag: 927 arg = strdelim(&cp); 928 if (!arg || *arg == '\0') 929 fatal("%s line %d: missing yes/no argument.", 930 filename, linenum); 931 value = 0; /* silence compiler */ 932 if (strcmp(arg, "yes") == 0) 933 value = 1; 934 else if (strcmp(arg, "no") == 0) 935 value = 0; 936 else 937 fatal("%s line %d: Bad yes/no argument: %s", 938 filename, linenum, arg); 939 if (*activep && *intptr == -1) 940 *intptr = value; 941 break; 942 943 case sNoneEnabled: 944 intptr = &options->none_enabled; 945 goto parse_flag; 946 947 case sTcpRcvBufPoll: 948 intptr = &options->tcp_rcv_buf_poll; 949 goto parse_flag; 950 951 case sHPNDisabled: 952 intptr = &options->hpn_disabled; 953 goto parse_flag; 954 955 case sHPNBufferSize: 956 intptr = &options->hpn_buffer_size; 957 goto parse_int; 958 959 case sIgnoreUserKnownHosts: 960 intptr = &options->ignore_user_known_hosts; 961 goto parse_flag; 962 963 case sRhostsRSAAuthentication: 964 intptr = &options->rhosts_rsa_authentication; 965 goto parse_flag; 966 967 case sHostbasedAuthentication: 968 intptr = &options->hostbased_authentication; 969 goto parse_flag; 970 971 case sHostbasedUsesNameFromPacketOnly: 972 intptr = &options->hostbased_uses_name_from_packet_only; 973 goto parse_flag; 974 975 case sRSAAuthentication: 976 intptr = &options->rsa_authentication; 977 goto parse_flag; 978 979 case sPubkeyAuthentication: 980 intptr = &options->pubkey_authentication; 981 goto parse_flag; 982 983 case sKerberosAuthentication: 984 intptr = &options->kerberos_authentication; 985 goto parse_flag; 986 987 case sKerberosOrLocalPasswd: 988 intptr = &options->kerberos_or_local_passwd; 989 goto parse_flag; 990 991 case sKerberosTicketCleanup: 992 intptr = &options->kerberos_ticket_cleanup; 993 goto parse_flag; 994 995 case sKerberosGetAFSToken: 996 intptr = &options->kerberos_get_afs_token; 997 goto parse_flag; 998 999 case sGssAuthentication: 1000 intptr = &options->gss_authentication; 1001 goto parse_flag; 1002 1003 case sGssCleanupCreds: 1004 intptr = &options->gss_cleanup_creds; 1005 goto parse_flag; 1006 1007 case sPasswordAuthentication: 1008 intptr = &options->password_authentication; 1009 goto parse_flag; 1010 1011 case sZeroKnowledgePasswordAuthentication: 1012 intptr = &options->zero_knowledge_password_authentication; 1013 goto parse_flag; 1014 1015 case sKbdInteractiveAuthentication: 1016 intptr = &options->kbd_interactive_authentication; 1017 goto parse_flag; 1018 1019 case sChallengeResponseAuthentication: 1020 intptr = &options->challenge_response_authentication; 1021 goto parse_flag; 1022 1023 case sPrintMotd: 1024 intptr = &options->print_motd; 1025 goto parse_flag; 1026 1027 case sPrintLastLog: 1028 intptr = &options->print_lastlog; 1029 goto parse_flag; 1030 1031 case sX11Forwarding: 1032 intptr = &options->x11_forwarding; 1033 goto parse_flag; 1034 1035 case sX11DisplayOffset: 1036 intptr = &options->x11_display_offset; 1037 goto parse_int; 1038 1039 case sX11UseLocalhost: 1040 intptr = &options->x11_use_localhost; 1041 goto parse_flag; 1042 1043 case sXAuthLocation: 1044 charptr = &options->xauth_location; 1045 goto parse_filename; 1046 1047 case sStrictModes: 1048 intptr = &options->strict_modes; 1049 goto parse_flag; 1050 1051 case sTCPKeepAlive: 1052 intptr = &options->tcp_keep_alive; 1053 goto parse_flag; 1054 1055 case sPermitBlacklistedKeys: 1056 intptr = &options->permit_blacklisted_keys; 1057 goto parse_flag; 1058 1059 case sEmptyPasswd: 1060 intptr = &options->permit_empty_passwd; 1061 goto parse_flag; 1062 1063 case sPermitUserEnvironment: 1064 intptr = &options->permit_user_env; 1065 goto parse_flag; 1066 1067 case sUseLogin: 1068 intptr = &options->use_login; 1069 goto parse_flag; 1070 1071 case sCompression: 1072 intptr = &options->compression; 1073 arg = strdelim(&cp); 1074 if (!arg || *arg == '\0') 1075 fatal("%s line %d: missing yes/no/delayed " 1076 "argument.", filename, linenum); 1077 value = 0; /* silence compiler */ 1078 if (strcmp(arg, "delayed") == 0) 1079 value = COMP_DELAYED; 1080 else if (strcmp(arg, "yes") == 0) 1081 value = COMP_ZLIB; 1082 else if (strcmp(arg, "no") == 0) 1083 value = COMP_NONE; 1084 else 1085 fatal("%s line %d: Bad yes/no/delayed " 1086 "argument: %s", filename, linenum, arg); 1087 if (*intptr == -1) 1088 *intptr = value; 1089 break; 1090 1091 case sGatewayPorts: 1092 intptr = &options->gateway_ports; 1093 arg = strdelim(&cp); 1094 if (!arg || *arg == '\0') 1095 fatal("%s line %d: missing yes/no/clientspecified " 1096 "argument.", filename, linenum); 1097 value = 0; /* silence compiler */ 1098 if (strcmp(arg, "clientspecified") == 0) 1099 value = 2; 1100 else if (strcmp(arg, "yes") == 0) 1101 value = 1; 1102 else if (strcmp(arg, "no") == 0) 1103 value = 0; 1104 else 1105 fatal("%s line %d: Bad yes/no/clientspecified " 1106 "argument: %s", filename, linenum, arg); 1107 if (*activep && *intptr == -1) 1108 *intptr = value; 1109 break; 1110 1111 case sUseDNS: 1112 intptr = &options->use_dns; 1113 goto parse_flag; 1114 1115 case sLogFacility: 1116 log_facility_ptr = &options->log_facility; 1117 arg = strdelim(&cp); 1118 value = log_facility_number(arg); 1119 if (value == SYSLOG_FACILITY_NOT_SET) 1120 fatal("%.200s line %d: unsupported log facility '%s'", 1121 filename, linenum, arg ? arg : "<NONE>"); 1122 if (*log_facility_ptr == -1) 1123 *log_facility_ptr = (SyslogFacility) value; 1124 break; 1125 1126 case sLogLevel: 1127 log_level_ptr = &options->log_level; 1128 arg = strdelim(&cp); 1129 value = log_level_number(arg); 1130 if (value == SYSLOG_LEVEL_NOT_SET) 1131 fatal("%.200s line %d: unsupported log level '%s'", 1132 filename, linenum, arg ? arg : "<NONE>"); 1133 if (*log_level_ptr == -1) 1134 *log_level_ptr = (LogLevel) value; 1135 break; 1136 1137 case sAllowTcpForwarding: 1138 intptr = &options->allow_tcp_forwarding; 1139 goto parse_flag; 1140 1141 case sAllowAgentForwarding: 1142 intptr = &options->allow_agent_forwarding; 1143 goto parse_flag; 1144 1145 case sUsePrivilegeSeparation: 1146 intptr = &use_privsep; 1147 goto parse_flag; 1148 1149 case sAllowUsers: 1150 while ((arg = strdelim(&cp)) && *arg != '\0') { 1151 if (options->num_allow_users >= MAX_ALLOW_USERS) 1152 fatal("%s line %d: too many allow users.", 1153 filename, linenum); 1154 options->allow_users[options->num_allow_users++] = 1155 xstrdup(arg); 1156 } 1157 break; 1158 1159 case sDenyUsers: 1160 while ((arg = strdelim(&cp)) && *arg != '\0') { 1161 if (options->num_deny_users >= MAX_DENY_USERS) 1162 fatal("%s line %d: too many deny users.", 1163 filename, linenum); 1164 options->deny_users[options->num_deny_users++] = 1165 xstrdup(arg); 1166 } 1167 break; 1168 1169 case sAllowGroups: 1170 while ((arg = strdelim(&cp)) && *arg != '\0') { 1171 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 1172 fatal("%s line %d: too many allow groups.", 1173 filename, linenum); 1174 options->allow_groups[options->num_allow_groups++] = 1175 xstrdup(arg); 1176 } 1177 break; 1178 1179 case sDenyGroups: 1180 while ((arg = strdelim(&cp)) && *arg != '\0') { 1181 if (options->num_deny_groups >= MAX_DENY_GROUPS) 1182 fatal("%s line %d: too many deny groups.", 1183 filename, linenum); 1184 options->deny_groups[options->num_deny_groups++] = xstrdup(arg); 1185 } 1186 break; 1187 1188 case sCiphers: 1189 arg = strdelim(&cp); 1190 if (!arg || *arg == '\0') 1191 fatal("%s line %d: Missing argument.", filename, linenum); 1192 if (!ciphers_valid(arg)) 1193 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1194 filename, linenum, arg ? arg : "<NONE>"); 1195 if (options->ciphers == NULL) 1196 options->ciphers = xstrdup(arg); 1197 break; 1198 1199 case sMacs: 1200 arg = strdelim(&cp); 1201 if (!arg || *arg == '\0') 1202 fatal("%s line %d: Missing argument.", filename, linenum); 1203 if (!mac_valid(arg)) 1204 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1205 filename, linenum, arg ? arg : "<NONE>"); 1206 if (options->macs == NULL) 1207 options->macs = xstrdup(arg); 1208 break; 1209 1210 case sProtocol: 1211 intptr = &options->protocol; 1212 arg = strdelim(&cp); 1213 if (!arg || *arg == '\0') 1214 fatal("%s line %d: Missing argument.", filename, linenum); 1215 value = proto_spec(arg); 1216 if (value == SSH_PROTO_UNKNOWN) 1217 fatal("%s line %d: Bad protocol spec '%s'.", 1218 filename, linenum, arg ? arg : "<NONE>"); 1219 if (*intptr == SSH_PROTO_UNKNOWN) 1220 *intptr = value; 1221 break; 1222 1223 case sSubsystem: 1224 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1225 fatal("%s line %d: too many subsystems defined.", 1226 filename, linenum); 1227 } 1228 arg = strdelim(&cp); 1229 if (!arg || *arg == '\0') 1230 fatal("%s line %d: Missing subsystem name.", 1231 filename, linenum); 1232 if (!*activep) { 1233 arg = strdelim(&cp); 1234 break; 1235 } 1236 for (i = 0; i < options->num_subsystems; i++) 1237 if (strcmp(arg, options->subsystem_name[i]) == 0) 1238 fatal("%s line %d: Subsystem '%s' already defined.", 1239 filename, linenum, arg); 1240 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1241 arg = strdelim(&cp); 1242 if (!arg || *arg == '\0') 1243 fatal("%s line %d: Missing subsystem command.", 1244 filename, linenum); 1245 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1246 1247 /* Collect arguments (separate to executable) */ 1248 p = xstrdup(arg); 1249 len = strlen(p) + 1; 1250 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1251 len += 1 + strlen(arg); 1252 p = xrealloc(p, 1, len); 1253 strlcat(p, " ", len); 1254 strlcat(p, arg, len); 1255 } 1256 options->subsystem_args[options->num_subsystems] = p; 1257 options->num_subsystems++; 1258 break; 1259 1260 case sMaxStartups: 1261 arg = strdelim(&cp); 1262 if (!arg || *arg == '\0') 1263 fatal("%s line %d: Missing MaxStartups spec.", 1264 filename, linenum); 1265 if ((n = sscanf(arg, "%d:%d:%d", 1266 &options->max_startups_begin, 1267 &options->max_startups_rate, 1268 &options->max_startups)) == 3) { 1269 if (options->max_startups_begin > 1270 options->max_startups || 1271 options->max_startups_rate > 100 || 1272 options->max_startups_rate < 1) 1273 fatal("%s line %d: Illegal MaxStartups spec.", 1274 filename, linenum); 1275 } else if (n != 1) 1276 fatal("%s line %d: Illegal MaxStartups spec.", 1277 filename, linenum); 1278 else 1279 options->max_startups = options->max_startups_begin; 1280 break; 1281 1282 case sMaxAuthTries: 1283 intptr = &options->max_authtries; 1284 goto parse_int; 1285 1286 case sMaxSessions: 1287 intptr = &options->max_sessions; 1288 goto parse_int; 1289 1290 case sBanner: 1291 charptr = &options->banner; 1292 goto parse_filename; 1293 1294 /* 1295 * These options can contain %X options expanded at 1296 * connect time, so that you can specify paths like: 1297 * 1298 * AuthorizedKeysFile /etc/ssh_keys/%u 1299 */ 1300 case sAuthorizedKeysFile: 1301 charptr = &options->authorized_keys_file; 1302 goto parse_tilde_filename; 1303 case sAuthorizedKeysFile2: 1304 charptr = &options->authorized_keys_file2; 1305 goto parse_tilde_filename; 1306 case sAuthorizedPrincipalsFile: 1307 charptr = &options->authorized_principals_file; 1308 parse_tilde_filename: 1309 arg = strdelim(&cp); 1310 if (!arg || *arg == '\0') 1311 fatal("%s line %d: missing file name.", 1312 filename, linenum); 1313 if (*activep && *charptr == NULL) { 1314 *charptr = tilde_expand_filename(arg, getuid()); 1315 /* increase optional counter */ 1316 if (intptr != NULL) 1317 *intptr = *intptr + 1; 1318 } 1319 break; 1320 1321 case sClientAliveInterval: 1322 intptr = &options->client_alive_interval; 1323 goto parse_time; 1324 1325 case sClientAliveCountMax: 1326 intptr = &options->client_alive_count_max; 1327 goto parse_int; 1328 1329 case sAcceptEnv: 1330 while ((arg = strdelim(&cp)) && *arg != '\0') { 1331 if (strchr(arg, '=') != NULL) 1332 fatal("%s line %d: Invalid environment name.", 1333 filename, linenum); 1334 if (options->num_accept_env >= MAX_ACCEPT_ENV) 1335 fatal("%s line %d: too many allow env.", 1336 filename, linenum); 1337 if (!*activep) 1338 break; 1339 options->accept_env[options->num_accept_env++] = 1340 xstrdup(arg); 1341 } 1342 break; 1343 1344 case sPermitTunnel: 1345 intptr = &options->permit_tun; 1346 arg = strdelim(&cp); 1347 if (!arg || *arg == '\0') 1348 fatal("%s line %d: Missing yes/point-to-point/" 1349 "ethernet/no argument.", filename, linenum); 1350 value = -1; 1351 for (i = 0; tunmode_desc[i].val != -1; i++) 1352 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1353 value = tunmode_desc[i].val; 1354 break; 1355 } 1356 if (value == -1) 1357 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1358 "no argument: %s", filename, linenum, arg); 1359 if (*intptr == -1) 1360 *intptr = value; 1361 break; 1362 1363 case sMatch: 1364 if (cmdline) 1365 fatal("Match directive not supported as a command-line " 1366 "option"); 1367 value = match_cfg_line(&cp, linenum, user, host, address); 1368 if (value < 0) 1369 fatal("%s line %d: Bad Match condition", filename, 1370 linenum); 1371 *activep = value; 1372 break; 1373 1374 case sPermitOpen: 1375 arg = strdelim(&cp); 1376 if (!arg || *arg == '\0') 1377 fatal("%s line %d: missing PermitOpen specification", 1378 filename, linenum); 1379 n = options->num_permitted_opens; /* modified later */ 1380 if (strcmp(arg, "any") == 0) { 1381 if (*activep && n == -1) { 1382 channel_clear_adm_permitted_opens(); 1383 options->num_permitted_opens = 0; 1384 } 1385 break; 1386 } 1387 if (*activep && n == -1) 1388 channel_clear_adm_permitted_opens(); 1389 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 1390 p = hpdelim(&arg); 1391 if (p == NULL) 1392 fatal("%s line %d: missing host in PermitOpen", 1393 filename, linenum); 1394 p = cleanhostname(p); 1395 if (arg == NULL || (port = a2port(arg)) <= 0) 1396 fatal("%s line %d: bad port number in " 1397 "PermitOpen", filename, linenum); 1398 if (*activep && n == -1) 1399 options->num_permitted_opens = 1400 channel_add_adm_permitted_opens(p, port); 1401 } 1402 break; 1403 1404 case sForceCommand: 1405 if (cp == NULL) 1406 fatal("%.200s line %d: Missing argument.", filename, 1407 linenum); 1408 len = strspn(cp, WHITESPACE); 1409 if (*activep && options->adm_forced_command == NULL) 1410 options->adm_forced_command = xstrdup(cp + len); 1411 return 0; 1412 1413 case sChrootDirectory: 1414 charptr = &options->chroot_directory; 1415 1416 arg = strdelim(&cp); 1417 if (!arg || *arg == '\0') 1418 fatal("%s line %d: missing file name.", 1419 filename, linenum); 1420 if (*activep && *charptr == NULL) 1421 *charptr = xstrdup(arg); 1422 break; 1423 1424 case sVersionAddendum: 1425 ssh_version_set_addendum(strtok(cp, "\n")); 1426 do { 1427 arg = strdelim(&cp); 1428 } while (arg != NULL && *arg != '\0'); 1429 break; 1430 case sTrustedUserCAKeys: 1431 charptr = &options->trusted_user_ca_keys; 1432 goto parse_filename; 1433 1434 case sRevokedKeys: 1435 charptr = &options->revoked_keys_file; 1436 goto parse_filename; 1437 1438 case sDeprecated: 1439 logit("%s line %d: Deprecated option %s", 1440 filename, linenum, arg); 1441 while (arg) 1442 arg = strdelim(&cp); 1443 break; 1444 1445 case sUnsupported: 1446 logit("%s line %d: Unsupported option %s", 1447 filename, linenum, arg); 1448 while (arg) 1449 arg = strdelim(&cp); 1450 break; 1451 1452 default: 1453 fatal("%s line %d: Missing handler for opcode %s (%d)", 1454 filename, linenum, arg, opcode); 1455 } 1456 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 1457 fatal("%s line %d: garbage at end of line; \"%.200s\".", 1458 filename, linenum, arg); 1459 return 0; 1460 } 1461 1462 /* Reads the server configuration file. */ 1463 1464 void 1465 load_server_config(const char *filename, Buffer *conf) 1466 { 1467 char line[1024], *cp; 1468 FILE *f; 1469 1470 debug2("%s: filename %s", __func__, filename); 1471 if ((f = fopen(filename, "r")) == NULL) { 1472 perror(filename); 1473 exit(1); 1474 } 1475 buffer_clear(conf); 1476 while (fgets(line, sizeof(line), f)) { 1477 /* 1478 * Trim out comments and strip whitespace 1479 * NB - preserve newlines, they are needed to reproduce 1480 * line numbers later for error messages 1481 */ 1482 if ((cp = strchr(line, '#')) != NULL) 1483 memcpy(cp, "\n", 2); 1484 cp = line + strspn(line, " \t\r"); 1485 1486 buffer_append(conf, cp, strlen(cp)); 1487 } 1488 buffer_append(conf, "\0", 1); 1489 fclose(f); 1490 debug2("%s: done config len = %d", __func__, buffer_len(conf)); 1491 } 1492 1493 void 1494 parse_server_match_config(ServerOptions *options, const char *user, 1495 const char *host, const char *address) 1496 { 1497 ServerOptions mo; 1498 1499 initialize_server_options(&mo); 1500 parse_server_config(&mo, "reprocess config", &cfg, user, host, address); 1501 copy_set_server_options(options, &mo, 0); 1502 } 1503 1504 /* Helper macros */ 1505 #define M_CP_INTOPT(n) do {\ 1506 if (src->n != -1) \ 1507 dst->n = src->n; \ 1508 } while (0) 1509 #define M_CP_STROPT(n) do {\ 1510 if (src->n != NULL) { \ 1511 if (dst->n != NULL) \ 1512 xfree(dst->n); \ 1513 dst->n = src->n; \ 1514 } \ 1515 } while(0) 1516 1517 /* 1518 * Copy any supported values that are set. 1519 * 1520 * If the preauth flag is set, we do not bother copying the string or 1521 * array values that are not used pre-authentication, because any that we 1522 * do use must be explictly sent in mm_getpwnamallow(). 1523 */ 1524 void 1525 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 1526 { 1527 M_CP_INTOPT(password_authentication); 1528 M_CP_INTOPT(gss_authentication); 1529 M_CP_INTOPT(rsa_authentication); 1530 M_CP_INTOPT(pubkey_authentication); 1531 M_CP_INTOPT(kerberos_authentication); 1532 M_CP_INTOPT(hostbased_authentication); 1533 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 1534 M_CP_INTOPT(kbd_interactive_authentication); 1535 M_CP_INTOPT(zero_knowledge_password_authentication); 1536 M_CP_INTOPT(permit_root_login); 1537 M_CP_INTOPT(permit_empty_passwd); 1538 1539 M_CP_INTOPT(allow_tcp_forwarding); 1540 M_CP_INTOPT(allow_agent_forwarding); 1541 M_CP_INTOPT(permit_tun); 1542 M_CP_INTOPT(gateway_ports); 1543 M_CP_INTOPT(x11_display_offset); 1544 M_CP_INTOPT(x11_forwarding); 1545 M_CP_INTOPT(x11_use_localhost); 1546 M_CP_INTOPT(max_sessions); 1547 M_CP_INTOPT(max_authtries); 1548 1549 M_CP_STROPT(banner); 1550 if (preauth) 1551 return; 1552 M_CP_STROPT(adm_forced_command); 1553 M_CP_STROPT(chroot_directory); 1554 M_CP_STROPT(trusted_user_ca_keys); 1555 M_CP_STROPT(revoked_keys_file); 1556 M_CP_STROPT(authorized_keys_file); 1557 M_CP_STROPT(authorized_keys_file2); 1558 M_CP_STROPT(authorized_principals_file); 1559 } 1560 1561 #undef M_CP_INTOPT 1562 #undef M_CP_STROPT 1563 1564 void 1565 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 1566 const char *user, const char *host, const char *address) 1567 { 1568 int active, linenum, bad_options = 0; 1569 char *cp, *obuf, *cbuf; 1570 1571 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 1572 1573 obuf = cbuf = xstrdup(buffer_ptr(conf)); 1574 active = user ? 0 : 1; 1575 linenum = 1; 1576 while ((cp = strsep(&cbuf, "\n")) != NULL) { 1577 if (process_server_config_line(options, cp, filename, 1578 linenum++, &active, user, host, address) != 0) 1579 bad_options++; 1580 } 1581 xfree(obuf); 1582 if (bad_options > 0) 1583 fatal("%s: terminating, %d bad configuration options", 1584 filename, bad_options); 1585 } 1586 1587 static const char * 1588 fmt_intarg(ServerOpCodes code, int val) 1589 { 1590 if (code == sAddressFamily) { 1591 switch (val) { 1592 case AF_INET: 1593 return "inet"; 1594 case AF_INET6: 1595 return "inet6"; 1596 case AF_UNSPEC: 1597 return "any"; 1598 default: 1599 return "UNKNOWN"; 1600 } 1601 } 1602 if (code == sPermitRootLogin) { 1603 switch (val) { 1604 case PERMIT_NO_PASSWD: 1605 return "without-password"; 1606 case PERMIT_FORCED_ONLY: 1607 return "forced-commands-only"; 1608 case PERMIT_YES: 1609 return "yes"; 1610 } 1611 } 1612 if (code == sProtocol) { 1613 switch (val) { 1614 case SSH_PROTO_1: 1615 return "1"; 1616 case SSH_PROTO_2: 1617 return "2"; 1618 case (SSH_PROTO_1|SSH_PROTO_2): 1619 return "2,1"; 1620 default: 1621 return "UNKNOWN"; 1622 } 1623 } 1624 if (code == sGatewayPorts && val == 2) 1625 return "clientspecified"; 1626 if (code == sCompression && val == COMP_DELAYED) 1627 return "delayed"; 1628 switch (val) { 1629 case -1: 1630 return "unset"; 1631 case 0: 1632 return "no"; 1633 case 1: 1634 return "yes"; 1635 } 1636 return "UNKNOWN"; 1637 } 1638 1639 static const char * 1640 lookup_opcode_name(ServerOpCodes code) 1641 { 1642 u_int i; 1643 1644 for (i = 0; keywords[i].name != NULL; i++) 1645 if (keywords[i].opcode == code) 1646 return(keywords[i].name); 1647 return "UNKNOWN"; 1648 } 1649 1650 static void 1651 dump_cfg_int(ServerOpCodes code, int val) 1652 { 1653 printf("%s %d\n", lookup_opcode_name(code), val); 1654 } 1655 1656 static void 1657 dump_cfg_fmtint(ServerOpCodes code, int val) 1658 { 1659 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 1660 } 1661 1662 static void 1663 dump_cfg_string(ServerOpCodes code, const char *val) 1664 { 1665 if (val == NULL) 1666 return; 1667 printf("%s %s\n", lookup_opcode_name(code), val); 1668 } 1669 1670 static void 1671 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 1672 { 1673 u_int i; 1674 1675 for (i = 0; i < count; i++) 1676 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 1677 } 1678 1679 void 1680 dump_config(ServerOptions *o) 1681 { 1682 u_int i; 1683 int ret; 1684 struct addrinfo *ai; 1685 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 1686 1687 /* these are usually at the top of the config */ 1688 for (i = 0; i < o->num_ports; i++) 1689 printf("port %d\n", o->ports[i]); 1690 dump_cfg_fmtint(sProtocol, o->protocol); 1691 dump_cfg_fmtint(sAddressFamily, o->address_family); 1692 1693 /* ListenAddress must be after Port */ 1694 for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 1695 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 1696 sizeof(addr), port, sizeof(port), 1697 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 1698 error("getnameinfo failed: %.100s", 1699 (ret != EAI_SYSTEM) ? gai_strerror(ret) : 1700 strerror(errno)); 1701 } else { 1702 if (ai->ai_family == AF_INET6) 1703 printf("listenaddress [%s]:%s\n", addr, port); 1704 else 1705 printf("listenaddress %s:%s\n", addr, port); 1706 } 1707 } 1708 1709 /* integer arguments */ 1710 #ifdef USE_PAM 1711 dump_cfg_int(sUsePAM, o->use_pam); 1712 #endif 1713 dump_cfg_int(sServerKeyBits, o->server_key_bits); 1714 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 1715 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); 1716 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 1717 dump_cfg_int(sMaxAuthTries, o->max_authtries); 1718 dump_cfg_int(sMaxSessions, o->max_sessions); 1719 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 1720 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 1721 1722 /* formatted integer arguments */ 1723 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 1724 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 1725 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 1726 dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication); 1727 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 1728 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 1729 o->hostbased_uses_name_from_packet_only); 1730 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication); 1731 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 1732 #ifdef KRB5 1733 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 1734 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 1735 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 1736 # ifdef USE_AFS 1737 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 1738 # endif 1739 #endif 1740 #ifdef GSSAPI 1741 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 1742 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 1743 #endif 1744 #ifdef JPAKE 1745 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, 1746 o->zero_knowledge_password_authentication); 1747 #endif 1748 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 1749 dump_cfg_fmtint(sKbdInteractiveAuthentication, 1750 o->kbd_interactive_authentication); 1751 dump_cfg_fmtint(sChallengeResponseAuthentication, 1752 o->challenge_response_authentication); 1753 dump_cfg_fmtint(sPrintMotd, o->print_motd); 1754 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 1755 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 1756 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 1757 dump_cfg_fmtint(sStrictModes, o->strict_modes); 1758 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 1759 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 1760 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 1761 dump_cfg_fmtint(sUseLogin, o->use_login); 1762 dump_cfg_fmtint(sCompression, o->compression); 1763 dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); 1764 dump_cfg_fmtint(sUseDNS, o->use_dns); 1765 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 1766 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 1767 1768 /* string arguments */ 1769 dump_cfg_string(sPidFile, o->pid_file); 1770 dump_cfg_string(sXAuthLocation, o->xauth_location); 1771 dump_cfg_string(sCiphers, o->ciphers); 1772 dump_cfg_string(sMacs, o->macs); 1773 dump_cfg_string(sBanner, o->banner); 1774 dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file); 1775 dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2); 1776 dump_cfg_string(sForceCommand, o->adm_forced_command); 1777 dump_cfg_string(sChrootDirectory, o->chroot_directory); 1778 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 1779 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 1780 dump_cfg_string(sAuthorizedPrincipalsFile, 1781 o->authorized_principals_file); 1782 1783 /* string arguments requiring a lookup */ 1784 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 1785 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 1786 1787 /* string array arguments */ 1788 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 1789 o->host_key_files); 1790 dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, 1791 o->host_cert_files); 1792 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 1793 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 1794 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 1795 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 1796 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 1797 1798 /* other arguments */ 1799 for (i = 0; i < o->num_subsystems; i++) 1800 printf("subsystem %s %s\n", o->subsystem_name[i], 1801 o->subsystem_args[i]); 1802 1803 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 1804 o->max_startups_rate, o->max_startups); 1805 1806 for (i = 0; tunmode_desc[i].val != -1; i++) 1807 if (tunmode_desc[i].val == o->permit_tun) { 1808 s = tunmode_desc[i].text; 1809 break; 1810 } 1811 dump_cfg_string(sPermitTunnel, s); 1812 1813 channel_print_adm_permitted_opens(); 1814 } 1815