1 2 /* $OpenBSD: servconf.c,v 1.363 2020/04/17 03:30:05 djm Exp $ */ 3 /* 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14 #include "includes.h" 15 16 #include <sys/types.h> 17 #include <sys/socket.h> 18 #ifdef __OpenBSD__ 19 #include <sys/sysctl.h> 20 #endif 21 22 #include <netinet/in.h> 23 #include <netinet/in_systm.h> 24 #include <netinet/ip.h> 25 #ifdef HAVE_NET_ROUTE_H 26 #include <net/route.h> 27 #endif 28 29 #include <ctype.h> 30 #include <netdb.h> 31 #include <pwd.h> 32 #include <stdio.h> 33 #include <stdlib.h> 34 #include <string.h> 35 #include <signal.h> 36 #include <unistd.h> 37 #include <limits.h> 38 #include <stdarg.h> 39 #include <errno.h> 40 #ifdef HAVE_UTIL_H 41 #include <util.h> 42 #endif 43 #ifdef USE_SYSTEM_GLOB 44 # include <glob.h> 45 #else 46 # include "openbsd-compat/glob.h" 47 #endif 48 49 #include "openbsd-compat/sys-queue.h" 50 #include "xmalloc.h" 51 #include "ssh.h" 52 #include "log.h" 53 #include "sshbuf.h" 54 #include "misc.h" 55 #include "servconf.h" 56 #include "compat.h" 57 #include "pathnames.h" 58 #include "cipher.h" 59 #include "sshkey.h" 60 #include "kex.h" 61 #include "mac.h" 62 #include "match.h" 63 #include "channels.h" 64 #include "groupaccess.h" 65 #include "canohost.h" 66 #include "packet.h" 67 #include "ssherr.h" 68 #include "hostfile.h" 69 #include "auth.h" 70 #include "myproposal.h" 71 #include "digest.h" 72 73 static void add_listen_addr(ServerOptions *, const char *, 74 const char *, int); 75 static void add_one_listen_addr(ServerOptions *, const char *, 76 const char *, int); 77 void parse_server_config_depth(ServerOptions *options, const char *filename, 78 struct sshbuf *conf, struct include_list *includes, 79 struct connection_info *connectinfo, int flags, int *activep, int depth); 80 81 /* Use of privilege separation or not */ 82 extern int use_privsep; 83 extern struct sshbuf *cfg; 84 85 /* Initializes the server options to their default values. */ 86 87 void 88 initialize_server_options(ServerOptions *options) 89 { 90 memset(options, 0, sizeof(*options)); 91 92 /* Portable-specific options */ 93 options->use_pam = -1; 94 95 /* Standard Options */ 96 options->num_ports = 0; 97 options->ports_from_cmdline = 0; 98 options->queued_listen_addrs = NULL; 99 options->num_queued_listens = 0; 100 options->listen_addrs = NULL; 101 options->num_listen_addrs = 0; 102 options->address_family = -1; 103 options->routing_domain = NULL; 104 options->num_host_key_files = 0; 105 options->num_host_cert_files = 0; 106 options->host_key_agent = NULL; 107 options->pid_file = NULL; 108 options->login_grace_time = -1; 109 options->permit_root_login = PERMIT_NOT_SET; 110 options->ignore_rhosts = -1; 111 options->ignore_user_known_hosts = -1; 112 options->print_motd = -1; 113 options->print_lastlog = -1; 114 options->x11_forwarding = -1; 115 options->x11_display_offset = -1; 116 options->x11_use_localhost = -1; 117 options->permit_tty = -1; 118 options->permit_user_rc = -1; 119 options->xauth_location = NULL; 120 options->strict_modes = -1; 121 options->tcp_keep_alive = -1; 122 options->log_facility = SYSLOG_FACILITY_NOT_SET; 123 options->log_level = SYSLOG_LEVEL_NOT_SET; 124 options->hostbased_authentication = -1; 125 options->hostbased_uses_name_from_packet_only = -1; 126 options->hostbased_key_types = NULL; 127 options->hostkeyalgorithms = NULL; 128 options->pubkey_authentication = -1; 129 options->pubkey_auth_options = -1; 130 options->pubkey_key_types = NULL; 131 options->kerberos_authentication = -1; 132 options->kerberos_or_local_passwd = -1; 133 options->kerberos_ticket_cleanup = -1; 134 options->kerberos_get_afs_token = -1; 135 options->gss_authentication=-1; 136 options->gss_cleanup_creds = -1; 137 options->gss_strict_acceptor = -1; 138 options->password_authentication = -1; 139 options->kbd_interactive_authentication = -1; 140 options->challenge_response_authentication = -1; 141 options->permit_empty_passwd = -1; 142 options->permit_user_env = -1; 143 options->permit_user_env_whitelist = NULL; 144 options->compression = -1; 145 options->rekey_limit = -1; 146 options->rekey_interval = -1; 147 options->allow_tcp_forwarding = -1; 148 options->allow_streamlocal_forwarding = -1; 149 options->allow_agent_forwarding = -1; 150 options->num_allow_users = 0; 151 options->num_deny_users = 0; 152 options->num_allow_groups = 0; 153 options->num_deny_groups = 0; 154 options->ciphers = NULL; 155 options->macs = NULL; 156 options->kex_algorithms = NULL; 157 options->ca_sign_algorithms = NULL; 158 options->fwd_opts.gateway_ports = -1; 159 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 160 options->fwd_opts.streamlocal_bind_unlink = -1; 161 options->num_subsystems = 0; 162 options->max_startups_begin = -1; 163 options->max_startups_rate = -1; 164 options->max_startups = -1; 165 options->max_authtries = -1; 166 options->max_sessions = -1; 167 options->banner = NULL; 168 options->use_dns = -1; 169 options->client_alive_interval = -1; 170 options->client_alive_count_max = -1; 171 options->num_authkeys_files = 0; 172 options->num_accept_env = 0; 173 options->num_setenv = 0; 174 options->permit_tun = -1; 175 options->permitted_opens = NULL; 176 options->permitted_listens = NULL; 177 options->adm_forced_command = NULL; 178 options->chroot_directory = NULL; 179 options->authorized_keys_command = NULL; 180 options->authorized_keys_command_user = NULL; 181 options->revoked_keys_file = NULL; 182 options->sk_provider = NULL; 183 options->trusted_user_ca_keys = NULL; 184 options->authorized_principals_file = NULL; 185 options->authorized_principals_command = NULL; 186 options->authorized_principals_command_user = NULL; 187 options->ip_qos_interactive = -1; 188 options->ip_qos_bulk = -1; 189 options->version_addendum = NULL; 190 options->fingerprint_hash = -1; 191 options->disable_forwarding = -1; 192 options->expose_userauth_info = -1; 193 } 194 195 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ 196 static int 197 option_clear_or_none(const char *o) 198 { 199 return o == NULL || strcasecmp(o, "none") == 0; 200 } 201 202 static void 203 assemble_algorithms(ServerOptions *o) 204 { 205 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; 206 char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; 207 int r; 208 209 all_cipher = cipher_alg_list(',', 0); 210 all_mac = mac_alg_list(','); 211 all_kex = kex_alg_list(','); 212 all_key = sshkey_alg_list(0, 0, 1, ','); 213 all_sig = sshkey_alg_list(0, 1, 1, ','); 214 /* remove unsupported algos from default lists */ 215 def_cipher = match_filter_whitelist(KEX_SERVER_ENCRYPT, all_cipher); 216 def_mac = match_filter_whitelist(KEX_SERVER_MAC, all_mac); 217 def_kex = match_filter_whitelist(KEX_SERVER_KEX, all_kex); 218 def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key); 219 def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig); 220 #define ASSEMBLE(what, defaults, all) \ 221 do { \ 222 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ 223 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ 224 } while (0) 225 ASSEMBLE(ciphers, def_cipher, all_cipher); 226 ASSEMBLE(macs, def_mac, all_mac); 227 ASSEMBLE(kex_algorithms, def_kex, all_kex); 228 ASSEMBLE(hostkeyalgorithms, def_key, all_key); 229 ASSEMBLE(hostbased_key_types, def_key, all_key); 230 ASSEMBLE(pubkey_key_types, def_key, all_key); 231 ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); 232 #undef ASSEMBLE 233 free(all_cipher); 234 free(all_mac); 235 free(all_kex); 236 free(all_key); 237 free(all_sig); 238 free(def_cipher); 239 free(def_mac); 240 free(def_kex); 241 free(def_key); 242 free(def_sig); 243 } 244 245 static void 246 array_append2(const char *file, const int line, const char *directive, 247 char ***array, int **iarray, u_int *lp, const char *s, int i) 248 { 249 250 if (*lp >= INT_MAX) 251 fatal("%s line %d: Too many %s entries", file, line, directive); 252 253 if (iarray != NULL) { 254 *iarray = xrecallocarray(*iarray, *lp, *lp + 1, 255 sizeof(**iarray)); 256 (*iarray)[*lp] = i; 257 } 258 259 *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array)); 260 (*array)[*lp] = xstrdup(s); 261 (*lp)++; 262 } 263 264 static void 265 array_append(const char *file, const int line, const char *directive, 266 char ***array, u_int *lp, const char *s) 267 { 268 array_append2(file, line, directive, array, NULL, lp, s, 0); 269 } 270 271 void 272 servconf_add_hostkey(const char *file, const int line, 273 ServerOptions *options, const char *path, int userprovided) 274 { 275 char *apath = derelativise_path(path); 276 277 array_append2(file, line, "HostKey", 278 &options->host_key_files, &options->host_key_file_userprovided, 279 &options->num_host_key_files, apath, userprovided); 280 free(apath); 281 } 282 283 void 284 servconf_add_hostcert(const char *file, const int line, 285 ServerOptions *options, const char *path) 286 { 287 char *apath = derelativise_path(path); 288 289 array_append(file, line, "HostCertificate", 290 &options->host_cert_files, &options->num_host_cert_files, apath); 291 free(apath); 292 } 293 294 void 295 fill_default_server_options(ServerOptions *options) 296 { 297 u_int i; 298 299 /* 300 * Portable-specific options. 301 * 302 * Please do NOT under any circumstances change the default to 1, 303 * for any reason. The use of PAM is not considered to be secure 304 * by default. 305 */ 306 if (options->use_pam == -1) 307 options->use_pam = 0; 308 309 /* Standard Options */ 310 if (options->num_host_key_files == 0) { 311 /* fill default hostkeys for protocols */ 312 servconf_add_hostkey("[default]", 0, options, 313 _PATH_HOST_RSA_KEY_FILE, 0); 314 #ifdef OPENSSL_HAS_ECC 315 servconf_add_hostkey("[default]", 0, options, 316 _PATH_HOST_ECDSA_KEY_FILE, 0); 317 #endif 318 servconf_add_hostkey("[default]", 0, options, 319 _PATH_HOST_ED25519_KEY_FILE, 0); 320 #ifdef WITH_XMSS 321 servconf_add_hostkey("[default]", 0, options, 322 _PATH_HOST_XMSS_KEY_FILE, 0); 323 #endif /* WITH_XMSS */ 324 } 325 /* No certificates by default */ 326 if (options->num_ports == 0) 327 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 328 if (options->address_family == -1) 329 options->address_family = AF_UNSPEC; 330 if (options->listen_addrs == NULL) 331 add_listen_addr(options, NULL, NULL, 0); 332 if (options->pid_file == NULL) 333 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 334 if (options->login_grace_time == -1) 335 options->login_grace_time = 120; 336 if (options->permit_root_login == PERMIT_NOT_SET) 337 options->permit_root_login = PERMIT_NO_PASSWD; 338 if (options->ignore_rhosts == -1) 339 options->ignore_rhosts = 1; 340 if (options->ignore_user_known_hosts == -1) 341 options->ignore_user_known_hosts = 0; 342 if (options->print_motd == -1) 343 options->print_motd = 1; 344 if (options->print_lastlog == -1) 345 options->print_lastlog = 1; 346 if (options->x11_forwarding == -1) 347 options->x11_forwarding = 0; 348 if (options->x11_display_offset == -1) 349 options->x11_display_offset = 10; 350 if (options->x11_use_localhost == -1) 351 options->x11_use_localhost = 1; 352 if (options->xauth_location == NULL) 353 options->xauth_location = xstrdup(_PATH_XAUTH); 354 if (options->permit_tty == -1) 355 options->permit_tty = 1; 356 if (options->permit_user_rc == -1) 357 options->permit_user_rc = 1; 358 if (options->strict_modes == -1) 359 options->strict_modes = 1; 360 if (options->tcp_keep_alive == -1) 361 options->tcp_keep_alive = 1; 362 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 363 options->log_facility = SYSLOG_FACILITY_AUTH; 364 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 365 options->log_level = SYSLOG_LEVEL_INFO; 366 if (options->hostbased_authentication == -1) 367 options->hostbased_authentication = 0; 368 if (options->hostbased_uses_name_from_packet_only == -1) 369 options->hostbased_uses_name_from_packet_only = 0; 370 if (options->pubkey_authentication == -1) 371 options->pubkey_authentication = 1; 372 if (options->pubkey_auth_options == -1) 373 options->pubkey_auth_options = 0; 374 if (options->kerberos_authentication == -1) 375 options->kerberos_authentication = 0; 376 if (options->kerberos_or_local_passwd == -1) 377 options->kerberos_or_local_passwd = 1; 378 if (options->kerberos_ticket_cleanup == -1) 379 options->kerberos_ticket_cleanup = 1; 380 if (options->kerberos_get_afs_token == -1) 381 options->kerberos_get_afs_token = 0; 382 if (options->gss_authentication == -1) 383 options->gss_authentication = 0; 384 if (options->gss_cleanup_creds == -1) 385 options->gss_cleanup_creds = 1; 386 if (options->gss_strict_acceptor == -1) 387 options->gss_strict_acceptor = 1; 388 /* 389 * Please do NOT under any circumstances change the default to 1, 390 * for any reason. The use of plaintext passwords are not considered 391 * secure by default. 392 */ 393 if (options->password_authentication == -1) 394 options->password_authentication = 0; 395 if (options->kbd_interactive_authentication == -1) 396 options->kbd_interactive_authentication = 0; 397 if (options->challenge_response_authentication == -1) 398 options->challenge_response_authentication = 1; 399 if (options->permit_empty_passwd == -1) 400 options->permit_empty_passwd = 0; 401 if (options->permit_user_env == -1) { 402 options->permit_user_env = 0; 403 options->permit_user_env_whitelist = NULL; 404 } 405 if (options->compression == -1) 406 #ifdef WITH_ZLIB 407 options->compression = COMP_DELAYED; 408 #else 409 options->compression = COMP_NONE; 410 #endif 411 412 if (options->rekey_limit == -1) 413 options->rekey_limit = 0; 414 if (options->rekey_interval == -1) 415 options->rekey_interval = 0; 416 if (options->allow_tcp_forwarding == -1) 417 options->allow_tcp_forwarding = FORWARD_ALLOW; 418 if (options->allow_streamlocal_forwarding == -1) 419 options->allow_streamlocal_forwarding = FORWARD_ALLOW; 420 if (options->allow_agent_forwarding == -1) 421 options->allow_agent_forwarding = 1; 422 if (options->fwd_opts.gateway_ports == -1) 423 options->fwd_opts.gateway_ports = 0; 424 if (options->max_startups == -1) 425 options->max_startups = 100; 426 if (options->max_startups_rate == -1) 427 options->max_startups_rate = 30; /* 30% */ 428 if (options->max_startups_begin == -1) 429 options->max_startups_begin = 10; 430 if (options->max_authtries == -1) 431 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 432 if (options->max_sessions == -1) 433 options->max_sessions = DEFAULT_SESSIONS_MAX; 434 if (options->use_dns == -1) 435 options->use_dns = 0; 436 if (options->client_alive_interval == -1) 437 options->client_alive_interval = 0; 438 if (options->client_alive_count_max == -1) 439 options->client_alive_count_max = 3; 440 if (options->num_authkeys_files == 0) { 441 array_append("[default]", 0, "AuthorizedKeysFiles", 442 &options->authorized_keys_files, 443 &options->num_authkeys_files, 444 _PATH_SSH_USER_PERMITTED_KEYS); 445 array_append("[default]", 0, "AuthorizedKeysFiles", 446 &options->authorized_keys_files, 447 &options->num_authkeys_files, 448 _PATH_SSH_USER_PERMITTED_KEYS2); 449 } 450 if (options->permit_tun == -1) 451 options->permit_tun = SSH_TUNMODE_NO; 452 if (options->ip_qos_interactive == -1) 453 options->ip_qos_interactive = IPTOS_DSCP_AF21; 454 if (options->ip_qos_bulk == -1) 455 options->ip_qos_bulk = IPTOS_DSCP_CS1; 456 if (options->version_addendum == NULL) 457 options->version_addendum = xstrdup(""); 458 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) 459 options->fwd_opts.streamlocal_bind_mask = 0177; 460 if (options->fwd_opts.streamlocal_bind_unlink == -1) 461 options->fwd_opts.streamlocal_bind_unlink = 0; 462 if (options->fingerprint_hash == -1) 463 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 464 if (options->disable_forwarding == -1) 465 options->disable_forwarding = 0; 466 if (options->expose_userauth_info == -1) 467 options->expose_userauth_info = 0; 468 if (options->sk_provider == NULL) 469 options->sk_provider = xstrdup("internal"); 470 471 assemble_algorithms(options); 472 473 /* Turn privilege separation and sandboxing on by default */ 474 if (use_privsep == -1) 475 use_privsep = PRIVSEP_ON; 476 477 #define CLEAR_ON_NONE(v) \ 478 do { \ 479 if (option_clear_or_none(v)) { \ 480 free(v); \ 481 v = NULL; \ 482 } \ 483 } while(0) 484 CLEAR_ON_NONE(options->pid_file); 485 CLEAR_ON_NONE(options->xauth_location); 486 CLEAR_ON_NONE(options->banner); 487 CLEAR_ON_NONE(options->trusted_user_ca_keys); 488 CLEAR_ON_NONE(options->revoked_keys_file); 489 CLEAR_ON_NONE(options->sk_provider); 490 CLEAR_ON_NONE(options->authorized_principals_file); 491 CLEAR_ON_NONE(options->adm_forced_command); 492 CLEAR_ON_NONE(options->chroot_directory); 493 CLEAR_ON_NONE(options->routing_domain); 494 CLEAR_ON_NONE(options->host_key_agent); 495 for (i = 0; i < options->num_host_key_files; i++) 496 CLEAR_ON_NONE(options->host_key_files[i]); 497 for (i = 0; i < options->num_host_cert_files; i++) 498 CLEAR_ON_NONE(options->host_cert_files[i]); 499 #undef CLEAR_ON_NONE 500 501 /* Similar handling for AuthenticationMethods=any */ 502 if (options->num_auth_methods == 1 && 503 strcmp(options->auth_methods[0], "any") == 0) { 504 free(options->auth_methods[0]); 505 options->auth_methods[0] = NULL; 506 options->num_auth_methods = 0; 507 } 508 509 #ifndef HAVE_MMAP 510 if (use_privsep && options->compression == 1) { 511 error("This platform does not support both privilege " 512 "separation and compression"); 513 error("Compression disabled"); 514 options->compression = 0; 515 } 516 #endif 517 } 518 519 /* Keyword tokens. */ 520 typedef enum { 521 sBadOption, /* == unknown option */ 522 /* Portable-specific options */ 523 sUsePAM, 524 /* Standard Options */ 525 sPort, sHostKeyFile, sLoginGraceTime, 526 sPermitRootLogin, sLogFacility, sLogLevel, 527 sRhostsRSAAuthentication, sRSAAuthentication, 528 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 529 sKerberosGetAFSToken, sChallengeResponseAuthentication, 530 sPasswordAuthentication, sKbdInteractiveAuthentication, 531 sListenAddress, sAddressFamily, 532 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 533 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 534 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 535 sPermitUserEnvironment, sAllowTcpForwarding, sCompression, 536 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 537 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, 538 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 539 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 540 sBanner, sUseDNS, sHostbasedAuthentication, 541 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, 542 sHostKeyAlgorithms, 543 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 544 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 545 sAcceptEnv, sSetEnv, sPermitTunnel, 546 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 547 sUsePrivilegeSeparation, sAllowAgentForwarding, 548 sHostCertificate, sInclude, 549 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 550 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 551 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, 552 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 553 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 554 sStreamLocalBindMask, sStreamLocalBindUnlink, 555 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, 556 sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, 557 sDeprecated, sIgnore, sUnsupported 558 } ServerOpCodes; 559 560 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */ 561 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 562 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 563 #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ 564 565 /* Textual representation of the tokens. */ 566 static struct { 567 const char *name; 568 ServerOpCodes opcode; 569 u_int flags; 570 } keywords[] = { 571 /* Portable-specific options */ 572 #ifdef USE_PAM 573 { "usepam", sUsePAM, SSHCFG_GLOBAL }, 574 #else 575 { "usepam", sUnsupported, SSHCFG_GLOBAL }, 576 #endif 577 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, 578 /* Standard Options */ 579 { "port", sPort, SSHCFG_GLOBAL }, 580 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 581 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 582 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 583 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 584 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL }, 585 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 586 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL }, 587 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 588 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 589 { "loglevel", sLogLevel, SSHCFG_ALL }, 590 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 591 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL }, 592 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 593 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 594 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 595 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 596 { "rsaauthentication", sDeprecated, SSHCFG_ALL }, 597 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 598 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 599 { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL }, 600 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 601 #ifdef KRB5 602 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 603 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 604 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 605 #ifdef USE_AFS 606 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 607 #else 608 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 609 #endif 610 #else 611 { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 612 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 613 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 614 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 615 #endif 616 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 617 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 618 #ifdef GSSAPI 619 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 620 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 621 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 622 #else 623 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 624 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 625 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 626 #endif 627 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 628 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 629 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 630 { "skeyauthentication", sDeprecated, SSHCFG_GLOBAL }, 631 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 632 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 633 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 634 { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 635 #ifdef DISABLE_LASTLOG 636 { "printlastlog", sUnsupported, SSHCFG_GLOBAL }, 637 #else 638 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 639 #endif 640 { "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL }, 641 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 642 { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 643 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 644 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 645 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 646 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 647 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 648 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 649 { "uselogin", sDeprecated, SSHCFG_GLOBAL }, 650 { "compression", sCompression, SSHCFG_GLOBAL }, 651 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 652 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 653 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 654 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 655 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 656 { "allowusers", sAllowUsers, SSHCFG_ALL }, 657 { "denyusers", sDenyUsers, SSHCFG_ALL }, 658 { "allowgroups", sAllowGroups, SSHCFG_ALL }, 659 { "denygroups", sDenyGroups, SSHCFG_ALL }, 660 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 661 { "macs", sMacs, SSHCFG_GLOBAL }, 662 { "protocol", sIgnore, SSHCFG_GLOBAL }, 663 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 664 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 665 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 666 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 667 { "maxsessions", sMaxSessions, SSHCFG_ALL }, 668 { "banner", sBanner, SSHCFG_ALL }, 669 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 670 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 671 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 672 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, 673 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 674 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 675 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 676 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, 677 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 678 { "setenv", sSetEnv, SSHCFG_ALL }, 679 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 680 { "permittty", sPermitTTY, SSHCFG_ALL }, 681 { "permituserrc", sPermitUserRC, SSHCFG_ALL }, 682 { "match", sMatch, SSHCFG_ALL }, 683 { "permitopen", sPermitOpen, SSHCFG_ALL }, 684 { "permitlisten", sPermitListen, SSHCFG_ALL }, 685 { "forcecommand", sForceCommand, SSHCFG_ALL }, 686 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 687 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 688 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 689 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 690 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 691 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 692 { "include", sInclude, SSHCFG_ALL }, 693 { "ipqos", sIPQoS, SSHCFG_ALL }, 694 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 695 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 696 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, 697 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, 698 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 699 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 700 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 701 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 702 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 703 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 704 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 705 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, 706 { "rdomain", sRDomain, SSHCFG_ALL }, 707 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, 708 { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, 709 { NULL, sBadOption, 0 } 710 }; 711 712 static struct { 713 int val; 714 char *text; 715 } tunmode_desc[] = { 716 { SSH_TUNMODE_NO, "no" }, 717 { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 718 { SSH_TUNMODE_ETHERNET, "ethernet" }, 719 { SSH_TUNMODE_YES, "yes" }, 720 { -1, NULL } 721 }; 722 723 /* Returns an opcode name from its number */ 724 725 static const char * 726 lookup_opcode_name(ServerOpCodes code) 727 { 728 u_int i; 729 730 for (i = 0; keywords[i].name != NULL; i++) 731 if (keywords[i].opcode == code) 732 return(keywords[i].name); 733 return "UNKNOWN"; 734 } 735 736 737 /* 738 * Returns the number of the token pointed to by cp or sBadOption. 739 */ 740 741 static ServerOpCodes 742 parse_token(const char *cp, const char *filename, 743 int linenum, u_int *flags) 744 { 745 u_int i; 746 747 for (i = 0; keywords[i].name; i++) 748 if (strcasecmp(cp, keywords[i].name) == 0) { 749 *flags = keywords[i].flags; 750 return keywords[i].opcode; 751 } 752 753 error("%s: line %d: Bad configuration option: %s", 754 filename, linenum, cp); 755 return sBadOption; 756 } 757 758 char * 759 derelativise_path(const char *path) 760 { 761 char *expanded, *ret, cwd[PATH_MAX]; 762 763 if (strcasecmp(path, "none") == 0) 764 return xstrdup("none"); 765 expanded = tilde_expand_filename(path, getuid()); 766 if (path_absolute(expanded)) 767 return expanded; 768 if (getcwd(cwd, sizeof(cwd)) == NULL) 769 fatal("%s: getcwd: %s", __func__, strerror(errno)); 770 xasprintf(&ret, "%s/%s", cwd, expanded); 771 free(expanded); 772 return ret; 773 } 774 775 static void 776 add_listen_addr(ServerOptions *options, const char *addr, 777 const char *rdomain, int port) 778 { 779 u_int i; 780 781 if (port > 0) 782 add_one_listen_addr(options, addr, rdomain, port); 783 else { 784 for (i = 0; i < options->num_ports; i++) { 785 add_one_listen_addr(options, addr, rdomain, 786 options->ports[i]); 787 } 788 } 789 } 790 791 static void 792 add_one_listen_addr(ServerOptions *options, const char *addr, 793 const char *rdomain, int port) 794 { 795 struct addrinfo hints, *ai, *aitop; 796 char strport[NI_MAXSERV]; 797 int gaierr; 798 u_int i; 799 800 /* Find listen_addrs entry for this rdomain */ 801 for (i = 0; i < options->num_listen_addrs; i++) { 802 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL) 803 break; 804 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL) 805 continue; 806 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0) 807 break; 808 } 809 if (i >= options->num_listen_addrs) { 810 /* No entry for this rdomain; allocate one */ 811 if (i >= INT_MAX) 812 fatal("%s: too many listen addresses", __func__); 813 options->listen_addrs = xrecallocarray(options->listen_addrs, 814 options->num_listen_addrs, options->num_listen_addrs + 1, 815 sizeof(*options->listen_addrs)); 816 i = options->num_listen_addrs++; 817 if (rdomain != NULL) 818 options->listen_addrs[i].rdomain = xstrdup(rdomain); 819 } 820 /* options->listen_addrs[i] points to the addresses for this rdomain */ 821 822 memset(&hints, 0, sizeof(hints)); 823 hints.ai_family = options->address_family; 824 hints.ai_socktype = SOCK_STREAM; 825 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 826 snprintf(strport, sizeof strport, "%d", port); 827 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 828 fatal("bad addr or host: %s (%s)", 829 addr ? addr : "<NULL>", 830 ssh_gai_strerror(gaierr)); 831 for (ai = aitop; ai->ai_next; ai = ai->ai_next) 832 ; 833 ai->ai_next = options->listen_addrs[i].addrs; 834 options->listen_addrs[i].addrs = aitop; 835 } 836 837 /* Returns nonzero if the routing domain name is valid */ 838 static int 839 valid_rdomain(const char *name) 840 { 841 #if defined(HAVE_SYS_VALID_RDOMAIN) 842 return sys_valid_rdomain(name); 843 #elif defined(__OpenBSD__) 844 const char *errstr; 845 long long num; 846 struct rt_tableinfo info; 847 int mib[6]; 848 size_t miblen = sizeof(mib); 849 850 if (name == NULL) 851 return 1; 852 853 num = strtonum(name, 0, 255, &errstr); 854 if (errstr != NULL) 855 return 0; 856 857 /* Check whether the table actually exists */ 858 memset(mib, 0, sizeof(mib)); 859 mib[0] = CTL_NET; 860 mib[1] = PF_ROUTE; 861 mib[4] = NET_RT_TABLE; 862 mib[5] = (int)num; 863 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1) 864 return 0; 865 866 return 1; 867 #else /* defined(__OpenBSD__) */ 868 error("Routing domains are not supported on this platform"); 869 return 0; 870 #endif 871 } 872 873 /* 874 * Queue a ListenAddress to be processed once we have all of the Ports 875 * and AddressFamily options. 876 */ 877 static void 878 queue_listen_addr(ServerOptions *options, const char *addr, 879 const char *rdomain, int port) 880 { 881 struct queued_listenaddr *qla; 882 883 options->queued_listen_addrs = xrecallocarray( 884 options->queued_listen_addrs, 885 options->num_queued_listens, options->num_queued_listens + 1, 886 sizeof(*options->queued_listen_addrs)); 887 qla = &options->queued_listen_addrs[options->num_queued_listens++]; 888 qla->addr = xstrdup(addr); 889 qla->port = port; 890 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain); 891 } 892 893 /* 894 * Process queued (text) ListenAddress entries. 895 */ 896 static void 897 process_queued_listen_addrs(ServerOptions *options) 898 { 899 u_int i; 900 struct queued_listenaddr *qla; 901 902 if (options->num_ports == 0) 903 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 904 if (options->address_family == -1) 905 options->address_family = AF_UNSPEC; 906 907 for (i = 0; i < options->num_queued_listens; i++) { 908 qla = &options->queued_listen_addrs[i]; 909 add_listen_addr(options, qla->addr, qla->rdomain, qla->port); 910 free(qla->addr); 911 free(qla->rdomain); 912 } 913 free(options->queued_listen_addrs); 914 options->queued_listen_addrs = NULL; 915 options->num_queued_listens = 0; 916 } 917 918 /* 919 * Inform channels layer of permitopen options for a single forwarding 920 * direction (local/remote). 921 */ 922 static void 923 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, 924 char **opens, u_int num_opens) 925 { 926 u_int i; 927 int port; 928 char *host, *arg, *oarg, ch; 929 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE; 930 const char *what = lookup_opcode_name(opcode); 931 932 channel_clear_permission(ssh, FORWARD_ADM, where); 933 if (num_opens == 0) 934 return; /* permit any */ 935 936 /* handle keywords: "any" / "none" */ 937 if (num_opens == 1 && strcmp(opens[0], "any") == 0) 938 return; 939 if (num_opens == 1 && strcmp(opens[0], "none") == 0) { 940 channel_disable_admin(ssh, where); 941 return; 942 } 943 /* Otherwise treat it as a list of permitted host:port */ 944 for (i = 0; i < num_opens; i++) { 945 oarg = arg = xstrdup(opens[i]); 946 ch = '\0'; 947 host = hpdelim2(&arg, &ch); 948 if (host == NULL || ch == '/') 949 fatal("%s: missing host in %s", __func__, what); 950 host = cleanhostname(host); 951 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 952 fatal("%s: bad port number in %s", __func__, what); 953 /* Send it to channels layer */ 954 channel_add_permission(ssh, FORWARD_ADM, 955 where, host, port); 956 free(oarg); 957 } 958 } 959 960 /* 961 * Inform channels layer of permitopen options from configuration. 962 */ 963 void 964 process_permitopen(struct ssh *ssh, ServerOptions *options) 965 { 966 process_permitopen_list(ssh, sPermitOpen, 967 options->permitted_opens, options->num_permitted_opens); 968 process_permitopen_list(ssh, sPermitListen, 969 options->permitted_listens, 970 options->num_permitted_listens); 971 } 972 973 struct connection_info * 974 get_connection_info(struct ssh *ssh, int populate, int use_dns) 975 { 976 static struct connection_info ci; 977 978 if (ssh == NULL || !populate) 979 return &ci; 980 ci.host = auth_get_canonical_hostname(ssh, use_dns); 981 ci.address = ssh_remote_ipaddr(ssh); 982 ci.laddress = ssh_local_ipaddr(ssh); 983 ci.lport = ssh_local_port(ssh); 984 ci.rdomain = ssh_packet_rdomain_in(ssh); 985 return &ci; 986 } 987 988 /* 989 * The strategy for the Match blocks is that the config file is parsed twice. 990 * 991 * The first time is at startup. activep is initialized to 1 and the 992 * directives in the global context are processed and acted on. Hitting a 993 * Match directive unsets activep and the directives inside the block are 994 * checked for syntax only. 995 * 996 * The second time is after a connection has been established but before 997 * authentication. activep is initialized to 2 and global config directives 998 * are ignored since they have already been processed. If the criteria in a 999 * Match block is met, activep is set and the subsequent directives 1000 * processed and actioned until EOF or another Match block unsets it. Any 1001 * options set are copied into the main server config. 1002 * 1003 * Potential additions/improvements: 1004 * - Add Match support for pre-kex directives, eg. Ciphers. 1005 * 1006 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 1007 * Match Address 192.168.0.* 1008 * Tag trusted 1009 * Match Group wheel 1010 * Tag trusted 1011 * Match Tag trusted 1012 * AllowTcpForwarding yes 1013 * GatewayPorts clientspecified 1014 * [...] 1015 * 1016 * - Add a PermittedChannelRequests directive 1017 * Match Group shell 1018 * PermittedChannelRequests session,forwarded-tcpip 1019 */ 1020 1021 static int 1022 match_cfg_line_group(const char *grps, int line, const char *user) 1023 { 1024 int result = 0; 1025 struct passwd *pw; 1026 1027 if (user == NULL) 1028 goto out; 1029 1030 if ((pw = getpwnam(user)) == NULL) { 1031 debug("Can't match group at line %d because user %.100s does " 1032 "not exist", line, user); 1033 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 1034 debug("Can't Match group because user %.100s not in any group " 1035 "at line %d", user, line); 1036 } else if (ga_match_pattern_list(grps) != 1) { 1037 debug("user %.100s does not match group list %.100s at line %d", 1038 user, grps, line); 1039 } else { 1040 debug("user %.100s matched group list %.100s at line %d", user, 1041 grps, line); 1042 result = 1; 1043 } 1044 out: 1045 ga_free(); 1046 return result; 1047 } 1048 1049 static void 1050 match_test_missing_fatal(const char *criteria, const char *attrib) 1051 { 1052 fatal("'Match %s' in configuration but '%s' not in connection " 1053 "test specification.", criteria, attrib); 1054 } 1055 1056 /* 1057 * All of the attributes on a single Match line are ANDed together, so we need 1058 * to check every attribute and set the result to zero if any attribute does 1059 * not match. 1060 */ 1061 static int 1062 match_cfg_line(char **condition, int line, struct connection_info *ci) 1063 { 1064 int result = 1, attributes = 0, port; 1065 char *arg, *attrib, *cp = *condition; 1066 1067 if (ci == NULL) 1068 debug3("checking syntax for 'Match %s'", cp); 1069 else 1070 debug3("checking match for '%s' user %s host %s addr %s " 1071 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", 1072 ci->host ? ci->host : "(null)", 1073 ci->address ? ci->address : "(null)", 1074 ci->laddress ? ci->laddress : "(null)", ci->lport); 1075 1076 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 1077 attributes++; 1078 if (strcasecmp(attrib, "all") == 0) { 1079 if (attributes != 1 || 1080 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { 1081 error("'all' cannot be combined with other " 1082 "Match attributes"); 1083 return -1; 1084 } 1085 *condition = cp; 1086 return 1; 1087 } 1088 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 1089 error("Missing Match criteria for %s", attrib); 1090 return -1; 1091 } 1092 if (strcasecmp(attrib, "user") == 0) { 1093 if (ci == NULL || (ci->test && ci->user == NULL)) { 1094 result = 0; 1095 continue; 1096 } 1097 if (ci->user == NULL) 1098 match_test_missing_fatal("User", "user"); 1099 if (match_usergroup_pattern_list(ci->user, arg) != 1) 1100 result = 0; 1101 else 1102 debug("user %.100s matched 'User %.100s' at " 1103 "line %d", ci->user, arg, line); 1104 } else if (strcasecmp(attrib, "group") == 0) { 1105 if (ci == NULL || (ci->test && ci->user == NULL)) { 1106 result = 0; 1107 continue; 1108 } 1109 if (ci->user == NULL) 1110 match_test_missing_fatal("Group", "user"); 1111 switch (match_cfg_line_group(arg, line, ci->user)) { 1112 case -1: 1113 return -1; 1114 case 0: 1115 result = 0; 1116 } 1117 } else if (strcasecmp(attrib, "host") == 0) { 1118 if (ci == NULL || (ci->test && ci->host == NULL)) { 1119 result = 0; 1120 continue; 1121 } 1122 if (ci->host == NULL) 1123 match_test_missing_fatal("Host", "host"); 1124 if (match_hostname(ci->host, arg) != 1) 1125 result = 0; 1126 else 1127 debug("connection from %.100s matched 'Host " 1128 "%.100s' at line %d", ci->host, arg, line); 1129 } else if (strcasecmp(attrib, "address") == 0) { 1130 if (ci == NULL || (ci->test && ci->address == NULL)) { 1131 result = 0; 1132 continue; 1133 } 1134 if (ci->address == NULL) 1135 match_test_missing_fatal("Address", "addr"); 1136 switch (addr_match_list(ci->address, arg)) { 1137 case 1: 1138 debug("connection from %.100s matched 'Address " 1139 "%.100s' at line %d", ci->address, arg, line); 1140 break; 1141 case 0: 1142 case -1: 1143 result = 0; 1144 break; 1145 case -2: 1146 return -1; 1147 } 1148 } else if (strcasecmp(attrib, "localaddress") == 0){ 1149 if (ci == NULL || (ci->test && ci->laddress == NULL)) { 1150 result = 0; 1151 continue; 1152 } 1153 if (ci->laddress == NULL) 1154 match_test_missing_fatal("LocalAddress", 1155 "laddr"); 1156 switch (addr_match_list(ci->laddress, arg)) { 1157 case 1: 1158 debug("connection from %.100s matched " 1159 "'LocalAddress %.100s' at line %d", 1160 ci->laddress, arg, line); 1161 break; 1162 case 0: 1163 case -1: 1164 result = 0; 1165 break; 1166 case -2: 1167 return -1; 1168 } 1169 } else if (strcasecmp(attrib, "localport") == 0) { 1170 if ((port = a2port(arg)) == -1) { 1171 error("Invalid LocalPort '%s' on Match line", 1172 arg); 1173 return -1; 1174 } 1175 if (ci == NULL || (ci->test && ci->lport == -1)) { 1176 result = 0; 1177 continue; 1178 } 1179 if (ci->lport == 0) 1180 match_test_missing_fatal("LocalPort", "lport"); 1181 /* TODO support port lists */ 1182 if (port == ci->lport) 1183 debug("connection from %.100s matched " 1184 "'LocalPort %d' at line %d", 1185 ci->laddress, port, line); 1186 else 1187 result = 0; 1188 } else if (strcasecmp(attrib, "rdomain") == 0) { 1189 if (ci == NULL || (ci->test && ci->rdomain == NULL)) { 1190 result = 0; 1191 continue; 1192 } 1193 if (ci->rdomain == NULL) 1194 match_test_missing_fatal("RDomain", "rdomain"); 1195 if (match_pattern_list(ci->rdomain, arg, 0) != 1) 1196 result = 0; 1197 else 1198 debug("user %.100s matched 'RDomain %.100s' at " 1199 "line %d", ci->rdomain, arg, line); 1200 } else { 1201 error("Unsupported Match attribute %s", attrib); 1202 return -1; 1203 } 1204 } 1205 if (attributes == 0) { 1206 error("One or more attributes required for Match"); 1207 return -1; 1208 } 1209 if (ci != NULL) 1210 debug3("match %sfound", result ? "" : "not "); 1211 *condition = cp; 1212 return result; 1213 } 1214 1215 #define WHITESPACE " \t\r\n" 1216 1217 /* Multistate option parsing */ 1218 struct multistate { 1219 char *key; 1220 int value; 1221 }; 1222 static const struct multistate multistate_flag[] = { 1223 { "yes", 1 }, 1224 { "no", 0 }, 1225 { NULL, -1 } 1226 }; 1227 static const struct multistate multistate_ignore_rhosts[] = { 1228 { "yes", IGNORE_RHOSTS_YES }, 1229 { "no", IGNORE_RHOSTS_NO }, 1230 { "shosts-only", IGNORE_RHOSTS_SHOSTS }, 1231 { NULL, -1 } 1232 }; 1233 static const struct multistate multistate_addressfamily[] = { 1234 { "inet", AF_INET }, 1235 { "inet6", AF_INET6 }, 1236 { "any", AF_UNSPEC }, 1237 { NULL, -1 } 1238 }; 1239 static const struct multistate multistate_permitrootlogin[] = { 1240 { "without-password", PERMIT_NO_PASSWD }, 1241 { "prohibit-password", PERMIT_NO_PASSWD }, 1242 { "forced-commands-only", PERMIT_FORCED_ONLY }, 1243 { "yes", PERMIT_YES }, 1244 { "no", PERMIT_NO }, 1245 { NULL, -1 } 1246 }; 1247 static const struct multistate multistate_compression[] = { 1248 #ifdef WITH_ZLIB 1249 { "yes", COMP_DELAYED }, 1250 { "delayed", COMP_DELAYED }, 1251 #endif 1252 { "no", COMP_NONE }, 1253 { NULL, -1 } 1254 }; 1255 static const struct multistate multistate_gatewayports[] = { 1256 { "clientspecified", 2 }, 1257 { "yes", 1 }, 1258 { "no", 0 }, 1259 { NULL, -1 } 1260 }; 1261 static const struct multistate multistate_tcpfwd[] = { 1262 { "yes", FORWARD_ALLOW }, 1263 { "all", FORWARD_ALLOW }, 1264 { "no", FORWARD_DENY }, 1265 { "remote", FORWARD_REMOTE }, 1266 { "local", FORWARD_LOCAL }, 1267 { NULL, -1 } 1268 }; 1269 1270 static int 1271 process_server_config_line_depth(ServerOptions *options, char *line, 1272 const char *filename, int linenum, int *activep, 1273 struct connection_info *connectinfo, int inc_flags, int depth, 1274 struct include_list *includes) 1275 { 1276 char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; 1277 int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; 1278 SyslogFacility *log_facility_ptr; 1279 LogLevel *log_level_ptr; 1280 ServerOpCodes opcode; 1281 u_int i, *uintptr, uvalue, flags = 0; 1282 size_t len; 1283 long long val64; 1284 const struct multistate *multistate_ptr; 1285 const char *errstr; 1286 struct include_item *item; 1287 glob_t gbuf; 1288 1289 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ 1290 if ((len = strlen(line)) == 0) 1291 return 0; 1292 for (len--; len > 0; len--) { 1293 if (strchr(WHITESPACE "\f", line[len]) == NULL) 1294 break; 1295 line[len] = '\0'; 1296 } 1297 1298 cp = line; 1299 if ((arg = strdelim(&cp)) == NULL) 1300 return 0; 1301 /* Ignore leading whitespace */ 1302 if (*arg == '\0') 1303 arg = strdelim(&cp); 1304 if (!arg || !*arg || *arg == '#') 1305 return 0; 1306 intptr = NULL; 1307 charptr = NULL; 1308 opcode = parse_token(arg, filename, linenum, &flags); 1309 1310 if (activep == NULL) { /* We are processing a command line directive */ 1311 cmdline = 1; 1312 activep = &cmdline; 1313 } 1314 if (*activep && opcode != sMatch && opcode != sInclude) 1315 debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 1316 if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 1317 if (connectinfo == NULL) { 1318 fatal("%s line %d: Directive '%s' is not allowed " 1319 "within a Match block", filename, linenum, arg); 1320 } else { /* this is a directive we have already processed */ 1321 while (arg) 1322 arg = strdelim(&cp); 1323 return 0; 1324 } 1325 } 1326 1327 switch (opcode) { 1328 /* Portable-specific options */ 1329 case sUsePAM: 1330 intptr = &options->use_pam; 1331 goto parse_flag; 1332 1333 /* Standard Options */ 1334 case sBadOption: 1335 return -1; 1336 case sPort: 1337 /* ignore ports from configfile if cmdline specifies ports */ 1338 if (options->ports_from_cmdline) 1339 return 0; 1340 if (options->num_ports >= MAX_PORTS) 1341 fatal("%s line %d: too many ports.", 1342 filename, linenum); 1343 arg = strdelim(&cp); 1344 if (!arg || *arg == '\0') 1345 fatal("%s line %d: missing port number.", 1346 filename, linenum); 1347 options->ports[options->num_ports++] = a2port(arg); 1348 if (options->ports[options->num_ports-1] <= 0) 1349 fatal("%s line %d: Badly formatted port number.", 1350 filename, linenum); 1351 break; 1352 1353 case sLoginGraceTime: 1354 intptr = &options->login_grace_time; 1355 parse_time: 1356 arg = strdelim(&cp); 1357 if (!arg || *arg == '\0') 1358 fatal("%s line %d: missing time value.", 1359 filename, linenum); 1360 if ((value = convtime(arg)) == -1) 1361 fatal("%s line %d: invalid time value.", 1362 filename, linenum); 1363 if (*activep && *intptr == -1) 1364 *intptr = value; 1365 break; 1366 1367 case sListenAddress: 1368 arg = strdelim(&cp); 1369 if (arg == NULL || *arg == '\0') 1370 fatal("%s line %d: missing address", 1371 filename, linenum); 1372 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1373 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1374 && strchr(p+1, ':') != NULL) { 1375 port = 0; 1376 p = arg; 1377 } else { 1378 arg2 = NULL; 1379 ch = '\0'; 1380 p = hpdelim2(&arg, &ch); 1381 if (p == NULL || ch == '/') 1382 fatal("%s line %d: bad address:port usage", 1383 filename, linenum); 1384 p = cleanhostname(p); 1385 if (arg == NULL) 1386 port = 0; 1387 else if ((port = a2port(arg)) <= 0) 1388 fatal("%s line %d: bad port number", 1389 filename, linenum); 1390 } 1391 /* Optional routing table */ 1392 arg2 = NULL; 1393 if ((arg = strdelim(&cp)) != NULL) { 1394 if (strcmp(arg, "rdomain") != 0 || 1395 (arg2 = strdelim(&cp)) == NULL) 1396 fatal("%s line %d: bad ListenAddress syntax", 1397 filename, linenum); 1398 if (!valid_rdomain(arg2)) 1399 fatal("%s line %d: bad routing domain", 1400 filename, linenum); 1401 } 1402 1403 queue_listen_addr(options, p, arg2, port); 1404 1405 break; 1406 1407 case sAddressFamily: 1408 intptr = &options->address_family; 1409 multistate_ptr = multistate_addressfamily; 1410 parse_multistate: 1411 arg = strdelim(&cp); 1412 if (!arg || *arg == '\0') 1413 fatal("%s line %d: missing argument.", 1414 filename, linenum); 1415 value = -1; 1416 for (i = 0; multistate_ptr[i].key != NULL; i++) { 1417 if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 1418 value = multistate_ptr[i].value; 1419 break; 1420 } 1421 } 1422 if (value == -1) 1423 fatal("%s line %d: unsupported option \"%s\".", 1424 filename, linenum, arg); 1425 if (*activep && *intptr == -1) 1426 *intptr = value; 1427 break; 1428 1429 case sHostKeyFile: 1430 arg = strdelim(&cp); 1431 if (!arg || *arg == '\0') 1432 fatal("%s line %d: missing file name.", 1433 filename, linenum); 1434 if (*activep) { 1435 servconf_add_hostkey(filename, linenum, 1436 options, arg, 1); 1437 } 1438 break; 1439 1440 case sHostKeyAgent: 1441 charptr = &options->host_key_agent; 1442 arg = strdelim(&cp); 1443 if (!arg || *arg == '\0') 1444 fatal("%s line %d: missing socket name.", 1445 filename, linenum); 1446 if (*activep && *charptr == NULL) 1447 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? 1448 xstrdup(arg) : derelativise_path(arg); 1449 break; 1450 1451 case sHostCertificate: 1452 arg = strdelim(&cp); 1453 if (!arg || *arg == '\0') 1454 fatal("%s line %d: missing file name.", 1455 filename, linenum); 1456 if (*activep) 1457 servconf_add_hostcert(filename, linenum, options, arg); 1458 break; 1459 1460 case sPidFile: 1461 charptr = &options->pid_file; 1462 parse_filename: 1463 arg = strdelim(&cp); 1464 if (!arg || *arg == '\0') 1465 fatal("%s line %d: missing file name.", 1466 filename, linenum); 1467 if (*activep && *charptr == NULL) { 1468 *charptr = derelativise_path(arg); 1469 /* increase optional counter */ 1470 if (intptr != NULL) 1471 *intptr = *intptr + 1; 1472 } 1473 break; 1474 1475 case sPermitRootLogin: 1476 intptr = &options->permit_root_login; 1477 multistate_ptr = multistate_permitrootlogin; 1478 goto parse_multistate; 1479 1480 case sIgnoreRhosts: 1481 intptr = &options->ignore_rhosts; 1482 multistate_ptr = multistate_ignore_rhosts; 1483 goto parse_multistate; 1484 1485 case sIgnoreUserKnownHosts: 1486 intptr = &options->ignore_user_known_hosts; 1487 parse_flag: 1488 multistate_ptr = multistate_flag; 1489 goto parse_multistate; 1490 1491 case sHostbasedAuthentication: 1492 intptr = &options->hostbased_authentication; 1493 goto parse_flag; 1494 1495 case sHostbasedUsesNameFromPacketOnly: 1496 intptr = &options->hostbased_uses_name_from_packet_only; 1497 goto parse_flag; 1498 1499 case sHostbasedAcceptedKeyTypes: 1500 charptr = &options->hostbased_key_types; 1501 parse_keytypes: 1502 arg = strdelim(&cp); 1503 if (!arg || *arg == '\0') 1504 fatal("%s line %d: Missing argument.", 1505 filename, linenum); 1506 if (*arg != '-' && 1507 !sshkey_names_valid2(*arg == '+' || *arg == '^' ? 1508 arg + 1 : arg, 1)) 1509 fatal("%s line %d: Bad key types '%s'.", 1510 filename, linenum, arg ? arg : "<NONE>"); 1511 if (*activep && *charptr == NULL) 1512 *charptr = xstrdup(arg); 1513 break; 1514 1515 case sHostKeyAlgorithms: 1516 charptr = &options->hostkeyalgorithms; 1517 goto parse_keytypes; 1518 1519 case sCASignatureAlgorithms: 1520 charptr = &options->ca_sign_algorithms; 1521 goto parse_keytypes; 1522 1523 case sPubkeyAuthentication: 1524 intptr = &options->pubkey_authentication; 1525 goto parse_flag; 1526 1527 case sPubkeyAcceptedKeyTypes: 1528 charptr = &options->pubkey_key_types; 1529 goto parse_keytypes; 1530 1531 case sPubkeyAuthOptions: 1532 intptr = &options->pubkey_auth_options; 1533 value = 0; 1534 while ((arg = strdelim(&cp)) && *arg != '\0') { 1535 if (strcasecmp(arg, "none") == 0) 1536 continue; 1537 if (strcasecmp(arg, "touch-required") == 0) 1538 value |= PUBKEYAUTH_TOUCH_REQUIRED; 1539 else { 1540 fatal("%s line %d: unsupported " 1541 "PubkeyAuthOptions option %s", 1542 filename, linenum, arg); 1543 } 1544 } 1545 if (*activep && *intptr == -1) 1546 *intptr = value; 1547 break; 1548 1549 case sKerberosAuthentication: 1550 intptr = &options->kerberos_authentication; 1551 goto parse_flag; 1552 1553 case sKerberosOrLocalPasswd: 1554 intptr = &options->kerberos_or_local_passwd; 1555 goto parse_flag; 1556 1557 case sKerberosTicketCleanup: 1558 intptr = &options->kerberos_ticket_cleanup; 1559 goto parse_flag; 1560 1561 case sKerberosGetAFSToken: 1562 intptr = &options->kerberos_get_afs_token; 1563 goto parse_flag; 1564 1565 case sGssAuthentication: 1566 intptr = &options->gss_authentication; 1567 goto parse_flag; 1568 1569 case sGssCleanupCreds: 1570 intptr = &options->gss_cleanup_creds; 1571 goto parse_flag; 1572 1573 case sGssStrictAcceptor: 1574 intptr = &options->gss_strict_acceptor; 1575 goto parse_flag; 1576 1577 case sPasswordAuthentication: 1578 intptr = &options->password_authentication; 1579 goto parse_flag; 1580 1581 case sKbdInteractiveAuthentication: 1582 intptr = &options->kbd_interactive_authentication; 1583 goto parse_flag; 1584 1585 case sChallengeResponseAuthentication: 1586 intptr = &options->challenge_response_authentication; 1587 goto parse_flag; 1588 1589 case sPrintMotd: 1590 intptr = &options->print_motd; 1591 goto parse_flag; 1592 1593 case sPrintLastLog: 1594 intptr = &options->print_lastlog; 1595 goto parse_flag; 1596 1597 case sX11Forwarding: 1598 intptr = &options->x11_forwarding; 1599 goto parse_flag; 1600 1601 case sX11DisplayOffset: 1602 intptr = &options->x11_display_offset; 1603 parse_int: 1604 arg = strdelim(&cp); 1605 if ((errstr = atoi_err(arg, &value)) != NULL) 1606 fatal("%s line %d: integer value %s.", 1607 filename, linenum, errstr); 1608 if (*activep && *intptr == -1) 1609 *intptr = value; 1610 break; 1611 1612 case sX11UseLocalhost: 1613 intptr = &options->x11_use_localhost; 1614 goto parse_flag; 1615 1616 case sXAuthLocation: 1617 charptr = &options->xauth_location; 1618 goto parse_filename; 1619 1620 case sPermitTTY: 1621 intptr = &options->permit_tty; 1622 goto parse_flag; 1623 1624 case sPermitUserRC: 1625 intptr = &options->permit_user_rc; 1626 goto parse_flag; 1627 1628 case sStrictModes: 1629 intptr = &options->strict_modes; 1630 goto parse_flag; 1631 1632 case sTCPKeepAlive: 1633 intptr = &options->tcp_keep_alive; 1634 goto parse_flag; 1635 1636 case sEmptyPasswd: 1637 intptr = &options->permit_empty_passwd; 1638 goto parse_flag; 1639 1640 case sPermitUserEnvironment: 1641 intptr = &options->permit_user_env; 1642 charptr = &options->permit_user_env_whitelist; 1643 arg = strdelim(&cp); 1644 if (!arg || *arg == '\0') 1645 fatal("%s line %d: missing argument.", 1646 filename, linenum); 1647 value = 0; 1648 p = NULL; 1649 if (strcmp(arg, "yes") == 0) 1650 value = 1; 1651 else if (strcmp(arg, "no") == 0) 1652 value = 0; 1653 else { 1654 /* Pattern-list specified */ 1655 value = 1; 1656 p = xstrdup(arg); 1657 } 1658 if (*activep && *intptr == -1) { 1659 *intptr = value; 1660 *charptr = p; 1661 p = NULL; 1662 } 1663 free(p); 1664 break; 1665 1666 case sCompression: 1667 intptr = &options->compression; 1668 multistate_ptr = multistate_compression; 1669 goto parse_multistate; 1670 1671 case sRekeyLimit: 1672 arg = strdelim(&cp); 1673 if (!arg || *arg == '\0') 1674 fatal("%.200s line %d: Missing argument.", filename, 1675 linenum); 1676 if (strcmp(arg, "default") == 0) { 1677 val64 = 0; 1678 } else { 1679 if (scan_scaled(arg, &val64) == -1) 1680 fatal("%.200s line %d: Bad number '%s': %s", 1681 filename, linenum, arg, strerror(errno)); 1682 if (val64 != 0 && val64 < 16) 1683 fatal("%.200s line %d: RekeyLimit too small", 1684 filename, linenum); 1685 } 1686 if (*activep && options->rekey_limit == -1) 1687 options->rekey_limit = val64; 1688 if (cp != NULL) { /* optional rekey interval present */ 1689 if (strcmp(cp, "none") == 0) { 1690 (void)strdelim(&cp); /* discard */ 1691 break; 1692 } 1693 intptr = &options->rekey_interval; 1694 goto parse_time; 1695 } 1696 break; 1697 1698 case sGatewayPorts: 1699 intptr = &options->fwd_opts.gateway_ports; 1700 multistate_ptr = multistate_gatewayports; 1701 goto parse_multistate; 1702 1703 case sUseDNS: 1704 intptr = &options->use_dns; 1705 goto parse_flag; 1706 1707 case sLogFacility: 1708 log_facility_ptr = &options->log_facility; 1709 arg = strdelim(&cp); 1710 value = log_facility_number(arg); 1711 if (value == SYSLOG_FACILITY_NOT_SET) 1712 fatal("%.200s line %d: unsupported log facility '%s'", 1713 filename, linenum, arg ? arg : "<NONE>"); 1714 if (*log_facility_ptr == -1) 1715 *log_facility_ptr = (SyslogFacility) value; 1716 break; 1717 1718 case sLogLevel: 1719 log_level_ptr = &options->log_level; 1720 arg = strdelim(&cp); 1721 value = log_level_number(arg); 1722 if (value == SYSLOG_LEVEL_NOT_SET) 1723 fatal("%.200s line %d: unsupported log level '%s'", 1724 filename, linenum, arg ? arg : "<NONE>"); 1725 if (*activep && *log_level_ptr == -1) 1726 *log_level_ptr = (LogLevel) value; 1727 break; 1728 1729 case sAllowTcpForwarding: 1730 intptr = &options->allow_tcp_forwarding; 1731 multistate_ptr = multistate_tcpfwd; 1732 goto parse_multistate; 1733 1734 case sAllowStreamLocalForwarding: 1735 intptr = &options->allow_streamlocal_forwarding; 1736 multistate_ptr = multistate_tcpfwd; 1737 goto parse_multistate; 1738 1739 case sAllowAgentForwarding: 1740 intptr = &options->allow_agent_forwarding; 1741 goto parse_flag; 1742 1743 case sDisableForwarding: 1744 intptr = &options->disable_forwarding; 1745 goto parse_flag; 1746 1747 case sAllowUsers: 1748 while ((arg = strdelim(&cp)) && *arg != '\0') { 1749 if (match_user(NULL, NULL, NULL, arg) == -1) 1750 fatal("%s line %d: invalid AllowUsers pattern: " 1751 "\"%.100s\"", filename, linenum, arg); 1752 if (!*activep) 1753 continue; 1754 array_append(filename, linenum, "AllowUsers", 1755 &options->allow_users, &options->num_allow_users, 1756 arg); 1757 } 1758 break; 1759 1760 case sDenyUsers: 1761 while ((arg = strdelim(&cp)) && *arg != '\0') { 1762 if (match_user(NULL, NULL, NULL, arg) == -1) 1763 fatal("%s line %d: invalid DenyUsers pattern: " 1764 "\"%.100s\"", filename, linenum, arg); 1765 if (!*activep) 1766 continue; 1767 array_append(filename, linenum, "DenyUsers", 1768 &options->deny_users, &options->num_deny_users, 1769 arg); 1770 } 1771 break; 1772 1773 case sAllowGroups: 1774 while ((arg = strdelim(&cp)) && *arg != '\0') { 1775 if (!*activep) 1776 continue; 1777 array_append(filename, linenum, "AllowGroups", 1778 &options->allow_groups, &options->num_allow_groups, 1779 arg); 1780 } 1781 break; 1782 1783 case sDenyGroups: 1784 while ((arg = strdelim(&cp)) && *arg != '\0') { 1785 if (!*activep) 1786 continue; 1787 array_append(filename, linenum, "DenyGroups", 1788 &options->deny_groups, &options->num_deny_groups, 1789 arg); 1790 } 1791 break; 1792 1793 case sCiphers: 1794 arg = strdelim(&cp); 1795 if (!arg || *arg == '\0') 1796 fatal("%s line %d: Missing argument.", filename, linenum); 1797 if (*arg != '-' && 1798 !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1799 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1800 filename, linenum, arg ? arg : "<NONE>"); 1801 if (options->ciphers == NULL) 1802 options->ciphers = xstrdup(arg); 1803 break; 1804 1805 case sMacs: 1806 arg = strdelim(&cp); 1807 if (!arg || *arg == '\0') 1808 fatal("%s line %d: Missing argument.", filename, linenum); 1809 if (*arg != '-' && 1810 !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) 1811 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1812 filename, linenum, arg ? arg : "<NONE>"); 1813 if (options->macs == NULL) 1814 options->macs = xstrdup(arg); 1815 break; 1816 1817 case sKexAlgorithms: 1818 arg = strdelim(&cp); 1819 if (!arg || *arg == '\0') 1820 fatal("%s line %d: Missing argument.", 1821 filename, linenum); 1822 if (*arg != '-' && 1823 !kex_names_valid(*arg == '+' || *arg == '^' ? 1824 arg + 1 : arg)) 1825 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1826 filename, linenum, arg ? arg : "<NONE>"); 1827 if (options->kex_algorithms == NULL) 1828 options->kex_algorithms = xstrdup(arg); 1829 break; 1830 1831 case sSubsystem: 1832 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1833 fatal("%s line %d: too many subsystems defined.", 1834 filename, linenum); 1835 } 1836 arg = strdelim(&cp); 1837 if (!arg || *arg == '\0') 1838 fatal("%s line %d: Missing subsystem name.", 1839 filename, linenum); 1840 if (!*activep) { 1841 arg = strdelim(&cp); 1842 break; 1843 } 1844 for (i = 0; i < options->num_subsystems; i++) 1845 if (strcmp(arg, options->subsystem_name[i]) == 0) 1846 fatal("%s line %d: Subsystem '%s' already defined.", 1847 filename, linenum, arg); 1848 options->subsystem_name[options->num_subsystems] = xstrdup(arg); 1849 arg = strdelim(&cp); 1850 if (!arg || *arg == '\0') 1851 fatal("%s line %d: Missing subsystem command.", 1852 filename, linenum); 1853 options->subsystem_command[options->num_subsystems] = xstrdup(arg); 1854 1855 /* Collect arguments (separate to executable) */ 1856 p = xstrdup(arg); 1857 len = strlen(p) + 1; 1858 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1859 len += 1 + strlen(arg); 1860 p = xreallocarray(p, 1, len); 1861 strlcat(p, " ", len); 1862 strlcat(p, arg, len); 1863 } 1864 options->subsystem_args[options->num_subsystems] = p; 1865 options->num_subsystems++; 1866 break; 1867 1868 case sMaxStartups: 1869 arg = strdelim(&cp); 1870 if (!arg || *arg == '\0') 1871 fatal("%s line %d: Missing MaxStartups spec.", 1872 filename, linenum); 1873 if ((n = sscanf(arg, "%d:%d:%d", 1874 &options->max_startups_begin, 1875 &options->max_startups_rate, 1876 &options->max_startups)) == 3) { 1877 if (options->max_startups_begin > 1878 options->max_startups || 1879 options->max_startups_rate > 100 || 1880 options->max_startups_rate < 1) 1881 fatal("%s line %d: Illegal MaxStartups spec.", 1882 filename, linenum); 1883 } else if (n != 1) 1884 fatal("%s line %d: Illegal MaxStartups spec.", 1885 filename, linenum); 1886 else 1887 options->max_startups = options->max_startups_begin; 1888 break; 1889 1890 case sMaxAuthTries: 1891 intptr = &options->max_authtries; 1892 goto parse_int; 1893 1894 case sMaxSessions: 1895 intptr = &options->max_sessions; 1896 goto parse_int; 1897 1898 case sBanner: 1899 charptr = &options->banner; 1900 goto parse_filename; 1901 1902 /* 1903 * These options can contain %X options expanded at 1904 * connect time, so that you can specify paths like: 1905 * 1906 * AuthorizedKeysFile /etc/ssh_keys/%u 1907 */ 1908 case sAuthorizedKeysFile: 1909 if (*activep && options->num_authkeys_files == 0) { 1910 while ((arg = strdelim(&cp)) && *arg != '\0') { 1911 arg = tilde_expand_filename(arg, getuid()); 1912 array_append(filename, linenum, 1913 "AuthorizedKeysFile", 1914 &options->authorized_keys_files, 1915 &options->num_authkeys_files, arg); 1916 free(arg); 1917 } 1918 } 1919 return 0; 1920 1921 case sAuthorizedPrincipalsFile: 1922 charptr = &options->authorized_principals_file; 1923 arg = strdelim(&cp); 1924 if (!arg || *arg == '\0') 1925 fatal("%s line %d: missing file name.", 1926 filename, linenum); 1927 if (*activep && *charptr == NULL) { 1928 *charptr = tilde_expand_filename(arg, getuid()); 1929 /* increase optional counter */ 1930 if (intptr != NULL) 1931 *intptr = *intptr + 1; 1932 } 1933 break; 1934 1935 case sClientAliveInterval: 1936 intptr = &options->client_alive_interval; 1937 goto parse_time; 1938 1939 case sClientAliveCountMax: 1940 intptr = &options->client_alive_count_max; 1941 goto parse_int; 1942 1943 case sAcceptEnv: 1944 while ((arg = strdelim(&cp)) && *arg != '\0') { 1945 if (strchr(arg, '=') != NULL) 1946 fatal("%s line %d: Invalid environment name.", 1947 filename, linenum); 1948 if (!*activep) 1949 continue; 1950 array_append(filename, linenum, "AcceptEnv", 1951 &options->accept_env, &options->num_accept_env, 1952 arg); 1953 } 1954 break; 1955 1956 case sSetEnv: 1957 uvalue = options->num_setenv; 1958 while ((arg = strdelimw(&cp)) && *arg != '\0') { 1959 if (strchr(arg, '=') == NULL) 1960 fatal("%s line %d: Invalid environment.", 1961 filename, linenum); 1962 if (!*activep || uvalue != 0) 1963 continue; 1964 array_append(filename, linenum, "SetEnv", 1965 &options->setenv, &options->num_setenv, arg); 1966 } 1967 break; 1968 1969 case sPermitTunnel: 1970 intptr = &options->permit_tun; 1971 arg = strdelim(&cp); 1972 if (!arg || *arg == '\0') 1973 fatal("%s line %d: Missing yes/point-to-point/" 1974 "ethernet/no argument.", filename, linenum); 1975 value = -1; 1976 for (i = 0; tunmode_desc[i].val != -1; i++) 1977 if (strcmp(tunmode_desc[i].text, arg) == 0) { 1978 value = tunmode_desc[i].val; 1979 break; 1980 } 1981 if (value == -1) 1982 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1983 "no argument: %s", filename, linenum, arg); 1984 if (*activep && *intptr == -1) 1985 *intptr = value; 1986 break; 1987 1988 case sInclude: 1989 if (cmdline) { 1990 fatal("Include directive not supported as a " 1991 "command-line option"); 1992 } 1993 value = 0; 1994 while ((arg2 = strdelim(&cp)) != NULL && *arg2 != '\0') { 1995 value++; 1996 found = 0; 1997 if (*arg2 != '/' && *arg2 != '~') { 1998 xasprintf(&arg, "%s/%s", SSHDIR, arg2); 1999 } else 2000 arg = xstrdup(arg2); 2001 2002 /* 2003 * Don't let included files clobber the containing 2004 * file's Match state. 2005 */ 2006 oactive = *activep; 2007 2008 /* consult cache of include files */ 2009 TAILQ_FOREACH(item, includes, entry) { 2010 if (strcmp(item->selector, arg) != 0) 2011 continue; 2012 if (item->filename != NULL) { 2013 parse_server_config_depth(options, 2014 item->filename, item->contents, 2015 includes, connectinfo, 2016 (oactive ? 0 : SSHCFG_NEVERMATCH), 2017 activep, depth + 1); 2018 } 2019 found = 1; 2020 *activep = oactive; 2021 } 2022 if (found != 0) { 2023 free(arg); 2024 continue; 2025 } 2026 2027 /* requested glob was not in cache */ 2028 debug2("%s line %d: new include %s", 2029 filename, linenum, arg); 2030 if ((r = glob(arg, 0, NULL, &gbuf)) != 0) { 2031 if (r != GLOB_NOMATCH) { 2032 fatal("%s line %d: include \"%s\" " 2033 "glob failed", filename, 2034 linenum, arg); 2035 } 2036 /* 2037 * If no entry matched then record a 2038 * placeholder to skip later glob calls. 2039 */ 2040 debug2("%s line %d: no match for %s", 2041 filename, linenum, arg); 2042 item = xcalloc(1, sizeof(*item)); 2043 item->selector = strdup(arg); 2044 TAILQ_INSERT_TAIL(includes, 2045 item, entry); 2046 } 2047 if (gbuf.gl_pathc > INT_MAX) 2048 fatal("%s: too many glob results", __func__); 2049 for (n = 0; n < (int)gbuf.gl_pathc; n++) { 2050 debug2("%s line %d: including %s", 2051 filename, linenum, gbuf.gl_pathv[n]); 2052 item = xcalloc(1, sizeof(*item)); 2053 item->selector = strdup(arg); 2054 item->filename = strdup(gbuf.gl_pathv[n]); 2055 if ((item->contents = sshbuf_new()) == NULL) { 2056 fatal("%s: sshbuf_new failed", 2057 __func__); 2058 } 2059 load_server_config(item->filename, 2060 item->contents); 2061 parse_server_config_depth(options, 2062 item->filename, item->contents, 2063 includes, connectinfo, 2064 (oactive ? 0 : SSHCFG_NEVERMATCH), 2065 activep, depth + 1); 2066 *activep = oactive; 2067 TAILQ_INSERT_TAIL(includes, item, entry); 2068 } 2069 globfree(&gbuf); 2070 free(arg); 2071 } 2072 if (value == 0) { 2073 fatal("%s line %d: Include missing filename argument", 2074 filename, linenum); 2075 } 2076 break; 2077 2078 case sMatch: 2079 if (cmdline) 2080 fatal("Match directive not supported as a command-line " 2081 "option"); 2082 value = match_cfg_line(&cp, linenum, connectinfo); 2083 if (value < 0) 2084 fatal("%s line %d: Bad Match condition", filename, 2085 linenum); 2086 *activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; 2087 break; 2088 2089 case sPermitListen: 2090 case sPermitOpen: 2091 if (opcode == sPermitListen) { 2092 uintptr = &options->num_permitted_listens; 2093 chararrayptr = &options->permitted_listens; 2094 } else { 2095 uintptr = &options->num_permitted_opens; 2096 chararrayptr = &options->permitted_opens; 2097 } 2098 arg = strdelim(&cp); 2099 if (!arg || *arg == '\0') 2100 fatal("%s line %d: missing %s specification", 2101 filename, linenum, lookup_opcode_name(opcode)); 2102 uvalue = *uintptr; /* modified later */ 2103 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { 2104 if (*activep && uvalue == 0) { 2105 *uintptr = 1; 2106 *chararrayptr = xcalloc(1, 2107 sizeof(**chararrayptr)); 2108 (*chararrayptr)[0] = xstrdup(arg); 2109 } 2110 break; 2111 } 2112 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 2113 if (opcode == sPermitListen && 2114 strchr(arg, ':') == NULL) { 2115 /* 2116 * Allow bare port number for PermitListen 2117 * to indicate a wildcard listen host. 2118 */ 2119 xasprintf(&arg2, "*:%s", arg); 2120 } else { 2121 arg2 = xstrdup(arg); 2122 ch = '\0'; 2123 p = hpdelim2(&arg, &ch); 2124 if (p == NULL || ch == '/') { 2125 fatal("%s line %d: missing host in %s", 2126 filename, linenum, 2127 lookup_opcode_name(opcode)); 2128 } 2129 p = cleanhostname(p); 2130 } 2131 if (arg == NULL || 2132 ((port = permitopen_port(arg)) < 0)) { 2133 fatal("%s line %d: bad port number in %s", 2134 filename, linenum, 2135 lookup_opcode_name(opcode)); 2136 } 2137 if (*activep && uvalue == 0) { 2138 array_append(filename, linenum, 2139 lookup_opcode_name(opcode), 2140 chararrayptr, uintptr, arg2); 2141 } 2142 free(arg2); 2143 } 2144 break; 2145 2146 case sForceCommand: 2147 if (cp == NULL || *cp == '\0') 2148 fatal("%.200s line %d: Missing argument.", filename, 2149 linenum); 2150 len = strspn(cp, WHITESPACE); 2151 if (*activep && options->adm_forced_command == NULL) 2152 options->adm_forced_command = xstrdup(cp + len); 2153 return 0; 2154 2155 case sChrootDirectory: 2156 charptr = &options->chroot_directory; 2157 2158 arg = strdelim(&cp); 2159 if (!arg || *arg == '\0') 2160 fatal("%s line %d: missing file name.", 2161 filename, linenum); 2162 if (*activep && *charptr == NULL) 2163 *charptr = xstrdup(arg); 2164 break; 2165 2166 case sTrustedUserCAKeys: 2167 charptr = &options->trusted_user_ca_keys; 2168 goto parse_filename; 2169 2170 case sRevokedKeys: 2171 charptr = &options->revoked_keys_file; 2172 goto parse_filename; 2173 2174 case sSecurityKeyProvider: 2175 charptr = &options->sk_provider; 2176 arg = strdelim(&cp); 2177 if (!arg || *arg == '\0') 2178 fatal("%s line %d: missing file name.", 2179 filename, linenum); 2180 if (*activep && *charptr == NULL) { 2181 *charptr = strcasecmp(arg, "internal") == 0 ? 2182 xstrdup(arg) : derelativise_path(arg); 2183 /* increase optional counter */ 2184 if (intptr != NULL) 2185 *intptr = *intptr + 1; 2186 } 2187 break; 2188 2189 case sIPQoS: 2190 arg = strdelim(&cp); 2191 if ((value = parse_ipqos(arg)) == -1) 2192 fatal("%s line %d: Bad IPQoS value: %s", 2193 filename, linenum, arg); 2194 arg = strdelim(&cp); 2195 if (arg == NULL) 2196 value2 = value; 2197 else if ((value2 = parse_ipqos(arg)) == -1) 2198 fatal("%s line %d: Bad IPQoS value: %s", 2199 filename, linenum, arg); 2200 if (*activep) { 2201 options->ip_qos_interactive = value; 2202 options->ip_qos_bulk = value2; 2203 } 2204 break; 2205 2206 case sVersionAddendum: 2207 if (cp == NULL || *cp == '\0') 2208 fatal("%.200s line %d: Missing argument.", filename, 2209 linenum); 2210 len = strspn(cp, WHITESPACE); 2211 if (*activep && options->version_addendum == NULL) { 2212 if (strcasecmp(cp + len, "none") == 0) 2213 options->version_addendum = xstrdup(""); 2214 else if (strchr(cp + len, '\r') != NULL) 2215 fatal("%.200s line %d: Invalid argument", 2216 filename, linenum); 2217 else 2218 options->version_addendum = xstrdup(cp + len); 2219 } 2220 return 0; 2221 2222 case sAuthorizedKeysCommand: 2223 if (cp == NULL) 2224 fatal("%.200s line %d: Missing argument.", filename, 2225 linenum); 2226 len = strspn(cp, WHITESPACE); 2227 if (*activep && options->authorized_keys_command == NULL) { 2228 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2229 fatal("%.200s line %d: AuthorizedKeysCommand " 2230 "must be an absolute path", 2231 filename, linenum); 2232 options->authorized_keys_command = xstrdup(cp + len); 2233 } 2234 return 0; 2235 2236 case sAuthorizedKeysCommandUser: 2237 charptr = &options->authorized_keys_command_user; 2238 2239 arg = strdelim(&cp); 2240 if (!arg || *arg == '\0') 2241 fatal("%s line %d: missing AuthorizedKeysCommandUser " 2242 "argument.", filename, linenum); 2243 if (*activep && *charptr == NULL) 2244 *charptr = xstrdup(arg); 2245 break; 2246 2247 case sAuthorizedPrincipalsCommand: 2248 if (cp == NULL) 2249 fatal("%.200s line %d: Missing argument.", filename, 2250 linenum); 2251 len = strspn(cp, WHITESPACE); 2252 if (*activep && 2253 options->authorized_principals_command == NULL) { 2254 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) 2255 fatal("%.200s line %d: " 2256 "AuthorizedPrincipalsCommand must be " 2257 "an absolute path", filename, linenum); 2258 options->authorized_principals_command = 2259 xstrdup(cp + len); 2260 } 2261 return 0; 2262 2263 case sAuthorizedPrincipalsCommandUser: 2264 charptr = &options->authorized_principals_command_user; 2265 2266 arg = strdelim(&cp); 2267 if (!arg || *arg == '\0') 2268 fatal("%s line %d: missing " 2269 "AuthorizedPrincipalsCommandUser argument.", 2270 filename, linenum); 2271 if (*activep && *charptr == NULL) 2272 *charptr = xstrdup(arg); 2273 break; 2274 2275 case sAuthenticationMethods: 2276 if (options->num_auth_methods == 0) { 2277 value = 0; /* seen "any" pseudo-method */ 2278 value2 = 0; /* successfully parsed any method */ 2279 while ((arg = strdelim(&cp)) && *arg != '\0') { 2280 if (strcmp(arg, "any") == 0) { 2281 if (options->num_auth_methods > 0) { 2282 fatal("%s line %d: \"any\" " 2283 "must appear alone in " 2284 "AuthenticationMethods", 2285 filename, linenum); 2286 } 2287 value = 1; 2288 } else if (value) { 2289 fatal("%s line %d: \"any\" must appear " 2290 "alone in AuthenticationMethods", 2291 filename, linenum); 2292 } else if (auth2_methods_valid(arg, 0) != 0) { 2293 fatal("%s line %d: invalid " 2294 "authentication method list.", 2295 filename, linenum); 2296 } 2297 value2 = 1; 2298 if (!*activep) 2299 continue; 2300 array_append(filename, linenum, 2301 "AuthenticationMethods", 2302 &options->auth_methods, 2303 &options->num_auth_methods, arg); 2304 } 2305 if (value2 == 0) { 2306 fatal("%s line %d: no AuthenticationMethods " 2307 "specified", filename, linenum); 2308 } 2309 } 2310 return 0; 2311 2312 case sStreamLocalBindMask: 2313 arg = strdelim(&cp); 2314 if (!arg || *arg == '\0') 2315 fatal("%s line %d: missing StreamLocalBindMask " 2316 "argument.", filename, linenum); 2317 /* Parse mode in octal format */ 2318 value = strtol(arg, &p, 8); 2319 if (arg == p || value < 0 || value > 0777) 2320 fatal("%s line %d: Bad mask.", filename, linenum); 2321 if (*activep) 2322 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 2323 break; 2324 2325 case sStreamLocalBindUnlink: 2326 intptr = &options->fwd_opts.streamlocal_bind_unlink; 2327 goto parse_flag; 2328 2329 case sFingerprintHash: 2330 arg = strdelim(&cp); 2331 if (!arg || *arg == '\0') 2332 fatal("%.200s line %d: Missing argument.", 2333 filename, linenum); 2334 if ((value = ssh_digest_alg_by_name(arg)) == -1) 2335 fatal("%.200s line %d: Invalid hash algorithm \"%s\".", 2336 filename, linenum, arg); 2337 if (*activep) 2338 options->fingerprint_hash = value; 2339 break; 2340 2341 case sExposeAuthInfo: 2342 intptr = &options->expose_userauth_info; 2343 goto parse_flag; 2344 2345 case sRDomain: 2346 #if !defined(__OpenBSD__) && !defined(HAVE_SYS_SET_PROCESS_RDOMAIN) 2347 fatal("%s line %d: setting RDomain not supported on this " 2348 "platform.", filename, linenum); 2349 #endif 2350 charptr = &options->routing_domain; 2351 arg = strdelim(&cp); 2352 if (!arg || *arg == '\0') 2353 fatal("%.200s line %d: Missing argument.", 2354 filename, linenum); 2355 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && 2356 !valid_rdomain(arg)) 2357 fatal("%s line %d: bad routing domain", 2358 filename, linenum); 2359 if (*activep && *charptr == NULL) 2360 *charptr = xstrdup(arg); 2361 break; 2362 2363 case sDeprecated: 2364 case sIgnore: 2365 case sUnsupported: 2366 do_log2(opcode == sIgnore ? 2367 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO, 2368 "%s line %d: %s option %s", filename, linenum, 2369 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg); 2370 while (arg) 2371 arg = strdelim(&cp); 2372 break; 2373 2374 default: 2375 fatal("%s line %d: Missing handler for opcode %s (%d)", 2376 filename, linenum, arg, opcode); 2377 } 2378 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 2379 fatal("%s line %d: garbage at end of line; \"%.200s\".", 2380 filename, linenum, arg); 2381 return 0; 2382 } 2383 2384 int 2385 process_server_config_line(ServerOptions *options, char *line, 2386 const char *filename, int linenum, int *activep, 2387 struct connection_info *connectinfo, struct include_list *includes) 2388 { 2389 return process_server_config_line_depth(options, line, filename, 2390 linenum, activep, connectinfo, 0, 0, includes); 2391 } 2392 2393 2394 /* Reads the server configuration file. */ 2395 2396 void 2397 load_server_config(const char *filename, struct sshbuf *conf) 2398 { 2399 char *line = NULL, *cp; 2400 size_t linesize = 0; 2401 FILE *f; 2402 int r, lineno = 0; 2403 2404 debug2("%s: filename %s", __func__, filename); 2405 if ((f = fopen(filename, "r")) == NULL) { 2406 perror(filename); 2407 exit(1); 2408 } 2409 sshbuf_reset(conf); 2410 while (getline(&line, &linesize, f) != -1) { 2411 lineno++; 2412 /* 2413 * Trim out comments and strip whitespace 2414 * NB - preserve newlines, they are needed to reproduce 2415 * line numbers later for error messages 2416 */ 2417 if ((cp = strchr(line, '#')) != NULL) 2418 memcpy(cp, "\n", 2); 2419 cp = line + strspn(line, " \t\r"); 2420 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) 2421 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2422 } 2423 free(line); 2424 if ((r = sshbuf_put_u8(conf, 0)) != 0) 2425 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2426 fclose(f); 2427 debug2("%s: done config len = %zu", __func__, sshbuf_len(conf)); 2428 } 2429 2430 void 2431 parse_server_match_config(ServerOptions *options, 2432 struct include_list *includes, struct connection_info *connectinfo) 2433 { 2434 ServerOptions mo; 2435 2436 initialize_server_options(&mo); 2437 parse_server_config(&mo, "reprocess config", cfg, includes, 2438 connectinfo); 2439 copy_set_server_options(options, &mo, 0); 2440 } 2441 2442 int parse_server_match_testspec(struct connection_info *ci, char *spec) 2443 { 2444 char *p; 2445 2446 while ((p = strsep(&spec, ",")) && *p != '\0') { 2447 if (strncmp(p, "addr=", 5) == 0) { 2448 ci->address = xstrdup(p + 5); 2449 } else if (strncmp(p, "host=", 5) == 0) { 2450 ci->host = xstrdup(p + 5); 2451 } else if (strncmp(p, "user=", 5) == 0) { 2452 ci->user = xstrdup(p + 5); 2453 } else if (strncmp(p, "laddr=", 6) == 0) { 2454 ci->laddress = xstrdup(p + 6); 2455 } else if (strncmp(p, "rdomain=", 8) == 0) { 2456 ci->rdomain = xstrdup(p + 8); 2457 } else if (strncmp(p, "lport=", 6) == 0) { 2458 ci->lport = a2port(p + 6); 2459 if (ci->lport == -1) { 2460 fprintf(stderr, "Invalid port '%s' in test mode" 2461 " specification %s\n", p+6, p); 2462 return -1; 2463 } 2464 } else { 2465 fprintf(stderr, "Invalid test mode specification %s\n", 2466 p); 2467 return -1; 2468 } 2469 } 2470 return 0; 2471 } 2472 2473 /* 2474 * Copy any supported values that are set. 2475 * 2476 * If the preauth flag is set, we do not bother copying the string or 2477 * array values that are not used pre-authentication, because any that we 2478 * do use must be explicitly sent in mm_getpwnamallow(). 2479 */ 2480 void 2481 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 2482 { 2483 #define M_CP_INTOPT(n) do {\ 2484 if (src->n != -1) \ 2485 dst->n = src->n; \ 2486 } while (0) 2487 2488 M_CP_INTOPT(password_authentication); 2489 M_CP_INTOPT(gss_authentication); 2490 M_CP_INTOPT(pubkey_authentication); 2491 M_CP_INTOPT(pubkey_auth_options); 2492 M_CP_INTOPT(kerberos_authentication); 2493 M_CP_INTOPT(hostbased_authentication); 2494 M_CP_INTOPT(hostbased_uses_name_from_packet_only); 2495 M_CP_INTOPT(kbd_interactive_authentication); 2496 M_CP_INTOPT(permit_root_login); 2497 M_CP_INTOPT(permit_empty_passwd); 2498 M_CP_INTOPT(ignore_rhosts); 2499 2500 M_CP_INTOPT(allow_tcp_forwarding); 2501 M_CP_INTOPT(allow_streamlocal_forwarding); 2502 M_CP_INTOPT(allow_agent_forwarding); 2503 M_CP_INTOPT(disable_forwarding); 2504 M_CP_INTOPT(expose_userauth_info); 2505 M_CP_INTOPT(permit_tun); 2506 M_CP_INTOPT(fwd_opts.gateway_ports); 2507 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2508 M_CP_INTOPT(x11_display_offset); 2509 M_CP_INTOPT(x11_forwarding); 2510 M_CP_INTOPT(x11_use_localhost); 2511 M_CP_INTOPT(permit_tty); 2512 M_CP_INTOPT(permit_user_rc); 2513 M_CP_INTOPT(max_sessions); 2514 M_CP_INTOPT(max_authtries); 2515 M_CP_INTOPT(client_alive_count_max); 2516 M_CP_INTOPT(client_alive_interval); 2517 M_CP_INTOPT(ip_qos_interactive); 2518 M_CP_INTOPT(ip_qos_bulk); 2519 M_CP_INTOPT(rekey_limit); 2520 M_CP_INTOPT(rekey_interval); 2521 M_CP_INTOPT(log_level); 2522 2523 /* 2524 * The bind_mask is a mode_t that may be unsigned, so we can't use 2525 * M_CP_INTOPT - it does a signed comparison that causes compiler 2526 * warnings. 2527 */ 2528 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { 2529 dst->fwd_opts.streamlocal_bind_mask = 2530 src->fwd_opts.streamlocal_bind_mask; 2531 } 2532 2533 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ 2534 #define M_CP_STROPT(n) do {\ 2535 if (src->n != NULL && dst->n != src->n) { \ 2536 free(dst->n); \ 2537 dst->n = src->n; \ 2538 } \ 2539 } while(0) 2540 #define M_CP_STRARRAYOPT(s, num_s) do {\ 2541 u_int i; \ 2542 if (src->num_s != 0) { \ 2543 for (i = 0; i < dst->num_s; i++) \ 2544 free(dst->s[i]); \ 2545 free(dst->s); \ 2546 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \ 2547 for (i = 0; i < src->num_s; i++) \ 2548 dst->s[i] = xstrdup(src->s[i]); \ 2549 dst->num_s = src->num_s; \ 2550 } \ 2551 } while(0) 2552 2553 /* See comment in servconf.h */ 2554 COPY_MATCH_STRING_OPTS(); 2555 2556 /* Arguments that accept '+...' need to be expanded */ 2557 assemble_algorithms(dst); 2558 2559 /* 2560 * The only things that should be below this point are string options 2561 * which are only used after authentication. 2562 */ 2563 if (preauth) 2564 return; 2565 2566 /* These options may be "none" to clear a global setting */ 2567 M_CP_STROPT(adm_forced_command); 2568 if (option_clear_or_none(dst->adm_forced_command)) { 2569 free(dst->adm_forced_command); 2570 dst->adm_forced_command = NULL; 2571 } 2572 M_CP_STROPT(chroot_directory); 2573 if (option_clear_or_none(dst->chroot_directory)) { 2574 free(dst->chroot_directory); 2575 dst->chroot_directory = NULL; 2576 } 2577 } 2578 2579 #undef M_CP_INTOPT 2580 #undef M_CP_STROPT 2581 #undef M_CP_STRARRAYOPT 2582 2583 #define SERVCONF_MAX_DEPTH 16 2584 void 2585 parse_server_config_depth(ServerOptions *options, const char *filename, 2586 struct sshbuf *conf, struct include_list *includes, 2587 struct connection_info *connectinfo, int flags, int *activep, int depth) 2588 { 2589 int linenum, bad_options = 0; 2590 char *cp, *obuf, *cbuf; 2591 2592 if (depth < 0 || depth > SERVCONF_MAX_DEPTH) 2593 fatal("Too many recursive configuration includes"); 2594 2595 debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf)); 2596 2597 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) 2598 fatal("%s: sshbuf_dup_string failed", __func__); 2599 linenum = 1; 2600 while ((cp = strsep(&cbuf, "\n")) != NULL) { 2601 if (process_server_config_line_depth(options, cp, 2602 filename, linenum++, activep, connectinfo, flags, 2603 depth, includes) != 0) 2604 bad_options++; 2605 } 2606 free(obuf); 2607 if (bad_options > 0) 2608 fatal("%s: terminating, %d bad configuration options", 2609 filename, bad_options); 2610 process_queued_listen_addrs(options); 2611 } 2612 2613 void 2614 parse_server_config(ServerOptions *options, const char *filename, 2615 struct sshbuf *conf, struct include_list *includes, 2616 struct connection_info *connectinfo) 2617 { 2618 int active = connectinfo ? 0 : 1; 2619 parse_server_config_depth(options, filename, conf, includes, 2620 connectinfo, 0, &active, 0); 2621 } 2622 2623 static const char * 2624 fmt_multistate_int(int val, const struct multistate *m) 2625 { 2626 u_int i; 2627 2628 for (i = 0; m[i].key != NULL; i++) { 2629 if (m[i].value == val) 2630 return m[i].key; 2631 } 2632 return "UNKNOWN"; 2633 } 2634 2635 static const char * 2636 fmt_intarg(ServerOpCodes code, int val) 2637 { 2638 if (val == -1) 2639 return "unset"; 2640 switch (code) { 2641 case sAddressFamily: 2642 return fmt_multistate_int(val, multistate_addressfamily); 2643 case sPermitRootLogin: 2644 return fmt_multistate_int(val, multistate_permitrootlogin); 2645 case sGatewayPorts: 2646 return fmt_multistate_int(val, multistate_gatewayports); 2647 case sCompression: 2648 return fmt_multistate_int(val, multistate_compression); 2649 case sAllowTcpForwarding: 2650 return fmt_multistate_int(val, multistate_tcpfwd); 2651 case sAllowStreamLocalForwarding: 2652 return fmt_multistate_int(val, multistate_tcpfwd); 2653 case sIgnoreRhosts: 2654 return fmt_multistate_int(val, multistate_ignore_rhosts); 2655 case sFingerprintHash: 2656 return ssh_digest_alg_name(val); 2657 default: 2658 switch (val) { 2659 case 0: 2660 return "no"; 2661 case 1: 2662 return "yes"; 2663 default: 2664 return "UNKNOWN"; 2665 } 2666 } 2667 } 2668 2669 static void 2670 dump_cfg_int(ServerOpCodes code, int val) 2671 { 2672 printf("%s %d\n", lookup_opcode_name(code), val); 2673 } 2674 2675 static void 2676 dump_cfg_oct(ServerOpCodes code, int val) 2677 { 2678 printf("%s 0%o\n", lookup_opcode_name(code), val); 2679 } 2680 2681 static void 2682 dump_cfg_fmtint(ServerOpCodes code, int val) 2683 { 2684 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2685 } 2686 2687 static void 2688 dump_cfg_string(ServerOpCodes code, const char *val) 2689 { 2690 printf("%s %s\n", lookup_opcode_name(code), 2691 val == NULL ? "none" : val); 2692 } 2693 2694 static void 2695 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 2696 { 2697 u_int i; 2698 2699 for (i = 0; i < count; i++) 2700 printf("%s %s\n", lookup_opcode_name(code), vals[i]); 2701 } 2702 2703 static void 2704 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 2705 { 2706 u_int i; 2707 2708 if (count <= 0 && code != sAuthenticationMethods) 2709 return; 2710 printf("%s", lookup_opcode_name(code)); 2711 for (i = 0; i < count; i++) 2712 printf(" %s", vals[i]); 2713 if (code == sAuthenticationMethods && count == 0) 2714 printf(" any"); 2715 printf("\n"); 2716 } 2717 2718 static char * 2719 format_listen_addrs(struct listenaddr *la) 2720 { 2721 int r; 2722 struct addrinfo *ai; 2723 char addr[NI_MAXHOST], port[NI_MAXSERV]; 2724 char *laddr1 = xstrdup(""), *laddr2 = NULL; 2725 2726 /* 2727 * ListenAddress must be after Port. add_one_listen_addr pushes 2728 * addresses onto a stack, so to maintain ordering we need to 2729 * print these in reverse order. 2730 */ 2731 for (ai = la->addrs; ai; ai = ai->ai_next) { 2732 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2733 sizeof(addr), port, sizeof(port), 2734 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 2735 error("getnameinfo: %.100s", ssh_gai_strerror(r)); 2736 continue; 2737 } 2738 laddr2 = laddr1; 2739 if (ai->ai_family == AF_INET6) { 2740 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s", 2741 addr, port, 2742 la->rdomain == NULL ? "" : " rdomain ", 2743 la->rdomain == NULL ? "" : la->rdomain, 2744 laddr2); 2745 } else { 2746 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s", 2747 addr, port, 2748 la->rdomain == NULL ? "" : " rdomain ", 2749 la->rdomain == NULL ? "" : la->rdomain, 2750 laddr2); 2751 } 2752 free(laddr2); 2753 } 2754 return laddr1; 2755 } 2756 2757 void 2758 dump_config(ServerOptions *o) 2759 { 2760 char *s; 2761 u_int i; 2762 2763 /* these are usually at the top of the config */ 2764 for (i = 0; i < o->num_ports; i++) 2765 printf("port %d\n", o->ports[i]); 2766 dump_cfg_fmtint(sAddressFamily, o->address_family); 2767 2768 for (i = 0; i < o->num_listen_addrs; i++) { 2769 s = format_listen_addrs(&o->listen_addrs[i]); 2770 printf("%s", s); 2771 free(s); 2772 } 2773 2774 /* integer arguments */ 2775 #ifdef USE_PAM 2776 dump_cfg_fmtint(sUsePAM, o->use_pam); 2777 #endif 2778 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2779 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2780 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2781 dump_cfg_int(sMaxSessions, o->max_sessions); 2782 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2783 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2784 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); 2785 2786 /* formatted integer arguments */ 2787 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2788 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2789 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2790 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2791 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2792 o->hostbased_uses_name_from_packet_only); 2793 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2794 #ifdef KRB5 2795 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2796 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 2797 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 2798 # ifdef USE_AFS 2799 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 2800 # endif 2801 #endif 2802 #ifdef GSSAPI 2803 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2804 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 2805 #endif 2806 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 2807 dump_cfg_fmtint(sKbdInteractiveAuthentication, 2808 o->kbd_interactive_authentication); 2809 dump_cfg_fmtint(sChallengeResponseAuthentication, 2810 o->challenge_response_authentication); 2811 dump_cfg_fmtint(sPrintMotd, o->print_motd); 2812 #ifndef DISABLE_LASTLOG 2813 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 2814 #endif 2815 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 2816 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 2817 dump_cfg_fmtint(sPermitTTY, o->permit_tty); 2818 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); 2819 dump_cfg_fmtint(sStrictModes, o->strict_modes); 2820 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2821 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2822 dump_cfg_fmtint(sCompression, o->compression); 2823 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2824 dump_cfg_fmtint(sUseDNS, o->use_dns); 2825 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2826 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2827 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2828 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2829 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2830 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2831 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); 2832 2833 /* string arguments */ 2834 dump_cfg_string(sPidFile, o->pid_file); 2835 dump_cfg_string(sXAuthLocation, o->xauth_location); 2836 dump_cfg_string(sCiphers, o->ciphers); 2837 dump_cfg_string(sMacs, o->macs); 2838 dump_cfg_string(sBanner, o->banner); 2839 dump_cfg_string(sForceCommand, o->adm_forced_command); 2840 dump_cfg_string(sChrootDirectory, o->chroot_directory); 2841 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 2842 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2843 dump_cfg_string(sSecurityKeyProvider, o->sk_provider); 2844 dump_cfg_string(sAuthorizedPrincipalsFile, 2845 o->authorized_principals_file); 2846 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' 2847 ? "none" : o->version_addendum); 2848 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2849 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2850 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); 2851 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); 2852 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2853 dump_cfg_string(sKexAlgorithms, o->kex_algorithms); 2854 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms); 2855 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types); 2856 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms); 2857 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types); 2858 #if defined(__OpenBSD__) || defined(HAVE_SYS_SET_PROCESS_RDOMAIN) 2859 dump_cfg_string(sRDomain, o->routing_domain); 2860 #endif 2861 2862 /* string arguments requiring a lookup */ 2863 dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 2864 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 2865 2866 /* string array arguments */ 2867 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 2868 o->authorized_keys_files); 2869 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2870 o->host_key_files); 2871 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, 2872 o->host_cert_files); 2873 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2874 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2875 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 2876 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 2877 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 2878 dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv); 2879 dump_cfg_strarray_oneline(sAuthenticationMethods, 2880 o->num_auth_methods, o->auth_methods); 2881 2882 /* other arguments */ 2883 for (i = 0; i < o->num_subsystems; i++) 2884 printf("subsystem %s %s\n", o->subsystem_name[i], 2885 o->subsystem_args[i]); 2886 2887 printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 2888 o->max_startups_rate, o->max_startups); 2889 2890 s = NULL; 2891 for (i = 0; tunmode_desc[i].val != -1; i++) { 2892 if (tunmode_desc[i].val == o->permit_tun) { 2893 s = tunmode_desc[i].text; 2894 break; 2895 } 2896 } 2897 dump_cfg_string(sPermitTunnel, s); 2898 2899 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 2900 printf("%s\n", iptos2str(o->ip_qos_bulk)); 2901 2902 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, 2903 o->rekey_interval); 2904 2905 printf("permitopen"); 2906 if (o->num_permitted_opens == 0) 2907 printf(" any"); 2908 else { 2909 for (i = 0; i < o->num_permitted_opens; i++) 2910 printf(" %s", o->permitted_opens[i]); 2911 } 2912 printf("\n"); 2913 printf("permitlisten"); 2914 if (o->num_permitted_listens == 0) 2915 printf(" any"); 2916 else { 2917 for (i = 0; i < o->num_permitted_listens; i++) 2918 printf(" %s", o->permitted_listens[i]); 2919 } 2920 printf("\n"); 2921 2922 if (o->permit_user_env_whitelist == NULL) { 2923 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2924 } else { 2925 printf("permituserenvironment %s\n", 2926 o->permit_user_env_whitelist); 2927 } 2928 2929 printf("pubkeyauthoptions"); 2930 if (o->pubkey_auth_options == 0) 2931 printf(" none"); 2932 if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED) 2933 printf(" touch-required"); 2934 printf("\n"); 2935 } 2936