servconf.c 91 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070
  1. /* $OpenBSD: servconf.c,v 1.369 2020/08/28 03:15:52 dtucker Exp $ */
  2. /*
  3. * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  4. * All rights reserved
  5. *
  6. * As far as I am concerned, the code I have written for this software
  7. * can be used freely for any purpose. Any derived versions of this
  8. * software must be clearly marked as such, and if the derived work is
  9. * incompatible with the protocol description in the RFC file, it must be
  10. * called by a name other than "ssh" or "Secure Shell".
  11. */
  12. #include "includes.h"
  13. #include <sys/types.h>
  14. #include <sys/socket.h>
  15. #include <sys/stat.h>
  16. #ifdef __OpenBSD__
  17. #include <sys/sysctl.h>
  18. #endif
  19. #include <netinet/in.h>
  20. #include <netinet/in_systm.h>
  21. #include <netinet/ip.h>
  22. #ifdef HAVE_NET_ROUTE_H
  23. #include <net/route.h>
  24. #endif
  25. #include <ctype.h>
  26. #include <netdb.h>
  27. #include <pwd.h>
  28. #include <stdio.h>
  29. #include <stdlib.h>
  30. #include <string.h>
  31. #include <signal.h>
  32. #include <unistd.h>
  33. #include <limits.h>
  34. #include <stdarg.h>
  35. #include <errno.h>
  36. #ifdef HAVE_UTIL_H
  37. #include <util.h>
  38. #endif
  39. #ifdef USE_SYSTEM_GLOB
  40. # include <glob.h>
  41. #else
  42. # include "openbsd-compat/glob.h"
  43. #endif
  44. #include "openbsd-compat/sys-queue.h"
  45. #include "xmalloc.h"
  46. #include "ssh.h"
  47. #include "log.h"
  48. #include "sshbuf.h"
  49. #include "misc.h"
  50. #include "servconf.h"
  51. #include "compat.h"
  52. #include "pathnames.h"
  53. #include "cipher.h"
  54. #include "sshkey.h"
  55. #include "kex.h"
  56. #include "mac.h"
  57. #include "match.h"
  58. #include "channels.h"
  59. #include "groupaccess.h"
  60. #include "canohost.h"
  61. #include "packet.h"
  62. #include "ssherr.h"
  63. #include "hostfile.h"
  64. #include "auth.h"
  65. #include "myproposal.h"
  66. #include "digest.h"
  67. #include "sshbuf.h"
  68. static void add_listen_addr(ServerOptions *, const char *,
  69. const char *, int);
  70. static void add_one_listen_addr(ServerOptions *, const char *,
  71. const char *, int);
  72. static void parse_server_config_depth(ServerOptions *options,
  73. const char *filename, struct sshbuf *conf, struct include_list *includes,
  74. struct connection_info *connectinfo, int flags, int *activep, int depth);
  75. /* Use of privilege separation or not */
  76. extern int use_privsep;
  77. extern struct sshbuf *cfg;
  78. /* Initializes the server options to their default values. */
  79. void
  80. initialize_server_options(ServerOptions *options)
  81. {
  82. memset(options, 0, sizeof(*options));
  83. /* Portable-specific options */
  84. options->use_pam = -1;
  85. /* Standard Options */
  86. options->num_ports = 0;
  87. options->ports_from_cmdline = 0;
  88. options->queued_listen_addrs = NULL;
  89. options->num_queued_listens = 0;
  90. options->listen_addrs = NULL;
  91. options->num_listen_addrs = 0;
  92. options->address_family = -1;
  93. options->routing_domain = NULL;
  94. options->num_host_key_files = 0;
  95. options->num_host_cert_files = 0;
  96. options->host_key_agent = NULL;
  97. options->pid_file = NULL;
  98. options->login_grace_time = -1;
  99. options->permit_root_login = PERMIT_NOT_SET;
  100. options->ignore_rhosts = -1;
  101. options->ignore_user_known_hosts = -1;
  102. options->print_motd = -1;
  103. options->print_lastlog = -1;
  104. options->x11_forwarding = -1;
  105. options->x11_display_offset = -1;
  106. options->x11_use_localhost = -1;
  107. options->permit_tty = -1;
  108. options->permit_user_rc = -1;
  109. options->xauth_location = NULL;
  110. options->strict_modes = -1;
  111. options->tcp_keep_alive = -1;
  112. options->log_facility = SYSLOG_FACILITY_NOT_SET;
  113. options->log_level = SYSLOG_LEVEL_NOT_SET;
  114. options->hostbased_authentication = -1;
  115. options->hostbased_uses_name_from_packet_only = -1;
  116. options->hostbased_accepted_algos = NULL;
  117. options->hostkeyalgorithms = NULL;
  118. options->pubkey_authentication = -1;
  119. options->pubkey_auth_options = -1;
  120. options->pubkey_accepted_algos = NULL;
  121. options->kerberos_authentication = -1;
  122. options->kerberos_or_local_passwd = -1;
  123. options->kerberos_ticket_cleanup = -1;
  124. options->kerberos_get_afs_token = -1;
  125. options->gss_authentication=-1;
  126. options->gss_cleanup_creds = -1;
  127. options->gss_strict_acceptor = -1;
  128. options->password_authentication = -1;
  129. options->kbd_interactive_authentication = -1;
  130. options->challenge_response_authentication = -1;
  131. options->permit_empty_passwd = -1;
  132. options->permit_user_env = -1;
  133. options->permit_user_env_allowlist = NULL;
  134. options->compression = -1;
  135. options->rekey_limit = -1;
  136. options->rekey_interval = -1;
  137. options->allow_tcp_forwarding = -1;
  138. options->allow_streamlocal_forwarding = -1;
  139. options->allow_agent_forwarding = -1;
  140. options->num_allow_users = 0;
  141. options->num_deny_users = 0;
  142. options->num_allow_groups = 0;
  143. options->num_deny_groups = 0;
  144. options->ciphers = NULL;
  145. options->macs = NULL;
  146. options->kex_algorithms = NULL;
  147. options->ca_sign_algorithms = NULL;
  148. options->fwd_opts.gateway_ports = -1;
  149. options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
  150. options->fwd_opts.streamlocal_bind_unlink = -1;
  151. options->num_subsystems = 0;
  152. options->max_startups_begin = -1;
  153. options->max_startups_rate = -1;
  154. options->max_startups = -1;
  155. options->per_source_max_startups = -1;
  156. options->per_source_masklen_ipv4 = -1;
  157. options->per_source_masklen_ipv6 = -1;
  158. options->max_authtries = -1;
  159. options->max_sessions = -1;
  160. options->banner = NULL;
  161. options->use_dns = -1;
  162. options->client_alive_interval = -1;
  163. options->client_alive_count_max = -1;
  164. options->num_authkeys_files = 0;
  165. options->num_accept_env = 0;
  166. options->num_setenv = 0;
  167. options->permit_tun = -1;
  168. options->permitted_opens = NULL;
  169. options->permitted_listens = NULL;
  170. options->adm_forced_command = NULL;
  171. options->chroot_directory = NULL;
  172. options->authorized_keys_command = NULL;
  173. options->authorized_keys_command_user = NULL;
  174. options->revoked_keys_file = NULL;
  175. options->sk_provider = NULL;
  176. options->trusted_user_ca_keys = NULL;
  177. options->authorized_principals_file = NULL;
  178. options->authorized_principals_command = NULL;
  179. options->authorized_principals_command_user = NULL;
  180. options->tcp_rcv_buf_poll = -1;
  181. options->hpn_disabled = -1;
  182. options->hpn_buffer_size = -1;
  183. options->none_enabled = -1;
  184. options->nonemac_enabled = -1;
  185. options->disable_multithreaded = -1;
  186. options->ip_qos_interactive = -1;
  187. options->ip_qos_bulk = -1;
  188. options->version_addendum = NULL;
  189. options->fingerprint_hash = -1;
  190. options->disable_forwarding = -1;
  191. options->expose_userauth_info = -1;
  192. }
  193. /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
  194. static int
  195. option_clear_or_none(const char *o)
  196. {
  197. return o == NULL || strcasecmp(o, "none") == 0;
  198. }
  199. static void
  200. assemble_algorithms(ServerOptions *o)
  201. {
  202. char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
  203. char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig;
  204. int r;
  205. all_cipher = cipher_alg_list(',', 0);
  206. all_mac = mac_alg_list(',');
  207. all_kex = kex_alg_list(',');
  208. all_key = sshkey_alg_list(0, 0, 1, ',');
  209. all_sig = sshkey_alg_list(0, 1, 1, ',');
  210. /* remove unsupported algos from default lists */
  211. def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher);
  212. def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac);
  213. def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex);
  214. def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
  215. def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig);
  216. #define ASSEMBLE(what, defaults, all) \
  217. do { \
  218. if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
  219. fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
  220. } while (0)
  221. ASSEMBLE(ciphers, def_cipher, all_cipher);
  222. ASSEMBLE(macs, def_mac, all_mac);
  223. ASSEMBLE(kex_algorithms, def_kex, all_kex);
  224. ASSEMBLE(hostkeyalgorithms, def_key, all_key);
  225. ASSEMBLE(hostbased_accepted_algos, def_key, all_key);
  226. ASSEMBLE(pubkey_accepted_algos, def_key, all_key);
  227. ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
  228. #undef ASSEMBLE
  229. free(all_cipher);
  230. free(all_mac);
  231. free(all_kex);
  232. free(all_key);
  233. free(all_sig);
  234. free(def_cipher);
  235. free(def_mac);
  236. free(def_kex);
  237. free(def_key);
  238. free(def_sig);
  239. }
  240. void
  241. servconf_add_hostkey(const char *file, const int line,
  242. ServerOptions *options, const char *path, int userprovided)
  243. {
  244. char *apath = derelativise_path(path);
  245. opt_array_append2(file, line, "HostKey",
  246. &options->host_key_files, &options->host_key_file_userprovided,
  247. &options->num_host_key_files, apath, userprovided);
  248. free(apath);
  249. }
  250. void
  251. servconf_add_hostcert(const char *file, const int line,
  252. ServerOptions *options, const char *path)
  253. {
  254. char *apath = derelativise_path(path);
  255. opt_array_append(file, line, "HostCertificate",
  256. &options->host_cert_files, &options->num_host_cert_files, apath);
  257. free(apath);
  258. }
  259. void
  260. fill_default_server_options(ServerOptions *options)
  261. {
  262. u_int i;
  263. /* needed for hpn socket tests */
  264. int sock;
  265. int socksize;
  266. int socksizelen = sizeof(int);
  267. /* Portable-specific options */
  268. if (options->use_pam == -1)
  269. options->use_pam = 0;
  270. /* Standard Options */
  271. if (options->num_host_key_files == 0) {
  272. /* fill default hostkeys for protocols */
  273. servconf_add_hostkey("[default]", 0, options,
  274. _PATH_HOST_RSA_KEY_FILE, 0);
  275. #ifdef OPENSSL_HAS_ECC
  276. servconf_add_hostkey("[default]", 0, options,
  277. _PATH_HOST_ECDSA_KEY_FILE, 0);
  278. #endif
  279. servconf_add_hostkey("[default]", 0, options,
  280. _PATH_HOST_ED25519_KEY_FILE, 0);
  281. #ifdef WITH_XMSS
  282. servconf_add_hostkey("[default]", 0, options,
  283. _PATH_HOST_XMSS_KEY_FILE, 0);
  284. #endif /* WITH_XMSS */
  285. }
  286. /* No certificates by default */
  287. if (options->num_ports == 0)
  288. options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
  289. if (options->address_family == -1)
  290. options->address_family = AF_UNSPEC;
  291. if (options->listen_addrs == NULL)
  292. add_listen_addr(options, NULL, NULL, 0);
  293. if (options->pid_file == NULL)
  294. options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
  295. if (options->login_grace_time == -1)
  296. options->login_grace_time = 120;
  297. if (options->permit_root_login == PERMIT_NOT_SET)
  298. options->permit_root_login = PERMIT_NO_PASSWD;
  299. if (options->ignore_rhosts == -1)
  300. options->ignore_rhosts = 1;
  301. if (options->ignore_user_known_hosts == -1)
  302. options->ignore_user_known_hosts = 0;
  303. if (options->print_motd == -1)
  304. options->print_motd = 1;
  305. if (options->print_lastlog == -1)
  306. options->print_lastlog = 1;
  307. if (options->x11_forwarding == -1)
  308. options->x11_forwarding = 0;
  309. if (options->x11_display_offset == -1)
  310. options->x11_display_offset = 10;
  311. if (options->x11_use_localhost == -1)
  312. options->x11_use_localhost = 1;
  313. if (options->xauth_location == NULL)
  314. options->xauth_location = xstrdup(_PATH_XAUTH);
  315. if (options->permit_tty == -1)
  316. options->permit_tty = 1;
  317. if (options->permit_user_rc == -1)
  318. options->permit_user_rc = 1;
  319. if (options->strict_modes == -1)
  320. options->strict_modes = 1;
  321. if (options->tcp_keep_alive == -1)
  322. options->tcp_keep_alive = 1;
  323. if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
  324. options->log_facility = SYSLOG_FACILITY_AUTH;
  325. if (options->log_level == SYSLOG_LEVEL_NOT_SET)
  326. options->log_level = SYSLOG_LEVEL_INFO;
  327. if (options->hostbased_authentication == -1)
  328. options->hostbased_authentication = 0;
  329. if (options->hostbased_uses_name_from_packet_only == -1)
  330. options->hostbased_uses_name_from_packet_only = 0;
  331. if (options->pubkey_authentication == -1)
  332. options->pubkey_authentication = 1;
  333. if (options->pubkey_auth_options == -1)
  334. options->pubkey_auth_options = 0;
  335. if (options->kerberos_authentication == -1)
  336. options->kerberos_authentication = 0;
  337. if (options->kerberos_or_local_passwd == -1)
  338. options->kerberos_or_local_passwd = 1;
  339. if (options->kerberos_ticket_cleanup == -1)
  340. options->kerberos_ticket_cleanup = 1;
  341. if (options->kerberos_get_afs_token == -1)
  342. options->kerberos_get_afs_token = 0;
  343. if (options->gss_authentication == -1)
  344. options->gss_authentication = 0;
  345. if (options->gss_cleanup_creds == -1)
  346. options->gss_cleanup_creds = 1;
  347. if (options->gss_strict_acceptor == -1)
  348. options->gss_strict_acceptor = 1;
  349. if (options->password_authentication == -1)
  350. options->password_authentication = 1;
  351. if (options->kbd_interactive_authentication == -1)
  352. options->kbd_interactive_authentication = 0;
  353. if (options->challenge_response_authentication == -1)
  354. options->challenge_response_authentication = 1;
  355. if (options->permit_empty_passwd == -1)
  356. options->permit_empty_passwd = 0;
  357. if (options->permit_user_env == -1) {
  358. options->permit_user_env = 0;
  359. options->permit_user_env_allowlist = NULL;
  360. }
  361. if (options->compression == -1)
  362. #ifdef WITH_ZLIB
  363. options->compression = COMP_DELAYED;
  364. #else
  365. options->compression = COMP_NONE;
  366. #endif
  367. if (options->rekey_limit == -1)
  368. options->rekey_limit = 0;
  369. if (options->rekey_interval == -1)
  370. options->rekey_interval = 0;
  371. if (options->allow_tcp_forwarding == -1)
  372. options->allow_tcp_forwarding = FORWARD_ALLOW;
  373. if (options->allow_streamlocal_forwarding == -1)
  374. options->allow_streamlocal_forwarding = FORWARD_ALLOW;
  375. if (options->allow_agent_forwarding == -1)
  376. options->allow_agent_forwarding = 1;
  377. if (options->fwd_opts.gateway_ports == -1)
  378. options->fwd_opts.gateway_ports = 0;
  379. if (options->max_startups == -1)
  380. options->max_startups = 100;
  381. if (options->max_startups_rate == -1)
  382. options->max_startups_rate = 30; /* 30% */
  383. if (options->max_startups_begin == -1)
  384. options->max_startups_begin = 10;
  385. if (options->per_source_max_startups == -1)
  386. options->per_source_max_startups = INT_MAX;
  387. if (options->per_source_masklen_ipv4 == -1)
  388. options->per_source_masklen_ipv4 = 32;
  389. if (options->per_source_masklen_ipv6 == -1)
  390. options->per_source_masklen_ipv6 = 128;
  391. if (options->max_authtries == -1)
  392. options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
  393. if (options->max_sessions == -1)
  394. options->max_sessions = DEFAULT_SESSIONS_MAX;
  395. if (options->use_dns == -1)
  396. options->use_dns = 0;
  397. if (options->client_alive_interval == -1)
  398. options->client_alive_interval = 0;
  399. if (options->client_alive_count_max == -1)
  400. options->client_alive_count_max = 3;
  401. if (options->num_authkeys_files == 0) {
  402. opt_array_append("[default]", 0, "AuthorizedKeysFiles",
  403. &options->authorized_keys_files,
  404. &options->num_authkeys_files,
  405. _PATH_SSH_USER_PERMITTED_KEYS);
  406. opt_array_append("[default]", 0, "AuthorizedKeysFiles",
  407. &options->authorized_keys_files,
  408. &options->num_authkeys_files,
  409. _PATH_SSH_USER_PERMITTED_KEYS2);
  410. }
  411. if (options->permit_tun == -1)
  412. options->permit_tun = SSH_TUNMODE_NO;
  413. if (options->none_enabled == -1)
  414. options->none_enabled = 0;
  415. if (options->nonemac_enabled == -1)
  416. options->nonemac_enabled = 0;
  417. if (options->nonemac_enabled > 0 && options->none_enabled == 0) {
  418. debug ("Attempted to enabled None MAC without setting None Enabled to true. None MAC disabled.");
  419. options->nonemac_enabled = 0;
  420. }
  421. if (options->disable_multithreaded == -1)
  422. options->disable_multithreaded = 0;
  423. if (options->hpn_disabled == -1)
  424. options->hpn_disabled = 0;
  425. if (options->hpn_buffer_size == -1) {
  426. /* option not explicitly set. Now we have to figure out */
  427. /* what value to use */
  428. if (options->hpn_disabled == 1) {
  429. options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
  430. } else {
  431. /* get the current RCV size and set it to that */
  432. /*create a socket but don't connect it */
  433. /* we use that the get the rcv socket size */
  434. sock = socket(AF_INET, SOCK_STREAM, 0);
  435. getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
  436. &socksize, &socksizelen);
  437. close(sock);
  438. options->hpn_buffer_size = socksize;
  439. debug("HPN Buffer Size: %d", options->hpn_buffer_size);
  440. }
  441. } else {
  442. /* we have to do this in case the user sets both values in a contradictory */
  443. /* manner. hpn_disabled overrrides hpn_buffer_size*/
  444. if (options->hpn_disabled <= 0) {
  445. if (options->hpn_buffer_size == 0)
  446. options->hpn_buffer_size = 1;
  447. /* limit the maximum buffer to SSHBUF_SIZE_MAX (currently 256MB) */
  448. if (options->hpn_buffer_size > (SSHBUF_SIZE_MAX / 1024)) {
  449. options->hpn_buffer_size = SSHBUF_SIZE_MAX;
  450. } else {
  451. options->hpn_buffer_size *= 1024;
  452. }
  453. } else
  454. options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
  455. }
  456. if (options->ip_qos_interactive == -1)
  457. options->ip_qos_interactive = IPTOS_LOWDELAY;
  458. if (options->ip_qos_bulk == -1)
  459. options->ip_qos_bulk = IPTOS_THROUGHPUT;
  460. if (options->version_addendum == NULL)
  461. options->version_addendum = xstrdup("");
  462. if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
  463. options->fwd_opts.streamlocal_bind_mask = 0177;
  464. if (options->fwd_opts.streamlocal_bind_unlink == -1)
  465. options->fwd_opts.streamlocal_bind_unlink = 0;
  466. if (options->fingerprint_hash == -1)
  467. options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
  468. if (options->disable_forwarding == -1)
  469. options->disable_forwarding = 0;
  470. if (options->expose_userauth_info == -1)
  471. options->expose_userauth_info = 0;
  472. if (options->sk_provider == NULL)
  473. options->sk_provider = xstrdup("internal");
  474. assemble_algorithms(options);
  475. /* Turn privilege separation and sandboxing on by default */
  476. if (use_privsep == -1)
  477. use_privsep = PRIVSEP_ON;
  478. #define CLEAR_ON_NONE(v) \
  479. do { \
  480. if (option_clear_or_none(v)) { \
  481. free(v); \
  482. v = NULL; \
  483. } \
  484. } while(0)
  485. CLEAR_ON_NONE(options->pid_file);
  486. CLEAR_ON_NONE(options->xauth_location);
  487. CLEAR_ON_NONE(options->banner);
  488. CLEAR_ON_NONE(options->trusted_user_ca_keys);
  489. CLEAR_ON_NONE(options->revoked_keys_file);
  490. CLEAR_ON_NONE(options->sk_provider);
  491. CLEAR_ON_NONE(options->authorized_principals_file);
  492. CLEAR_ON_NONE(options->adm_forced_command);
  493. CLEAR_ON_NONE(options->chroot_directory);
  494. CLEAR_ON_NONE(options->routing_domain);
  495. CLEAR_ON_NONE(options->host_key_agent);
  496. for (i = 0; i < options->num_host_key_files; i++)
  497. CLEAR_ON_NONE(options->host_key_files[i]);
  498. for (i = 0; i < options->num_host_cert_files; i++)
  499. CLEAR_ON_NONE(options->host_cert_files[i]);
  500. #undef CLEAR_ON_NONE
  501. /* Similar handling for AuthenticationMethods=any */
  502. if (options->num_auth_methods == 1 &&
  503. strcmp(options->auth_methods[0], "any") == 0) {
  504. free(options->auth_methods[0]);
  505. options->auth_methods[0] = NULL;
  506. options->num_auth_methods = 0;
  507. }
  508. }
  509. /* Keyword tokens. */
  510. typedef enum {
  511. sBadOption, /* == unknown option */
  512. /* Portable-specific options */
  513. sUsePAM,
  514. /* Standard Options */
  515. sPort, sHostKeyFile, sLoginGraceTime,
  516. sPermitRootLogin, sLogFacility, sLogLevel,
  517. sRhostsRSAAuthentication, sRSAAuthentication,
  518. sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
  519. sKerberosGetAFSToken, sChallengeResponseAuthentication,
  520. sPasswordAuthentication, sKbdInteractiveAuthentication,
  521. sListenAddress, sAddressFamily,
  522. sPrintMotd, sPrintLastLog, sIgnoreRhosts,
  523. sNoneEnabled, sNoneMacEnabled,
  524. sDisableMTAES,
  525. sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
  526. sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
  527. sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
  528. sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
  529. sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
  530. sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
  531. sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms,
  532. sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
  533. sBanner, sUseDNS, sHostbasedAuthentication,
  534. sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms,
  535. sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize,
  536. sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
  537. sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
  538. sAcceptEnv, sSetEnv, sPermitTunnel,
  539. sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
  540. sUsePrivilegeSeparation, sAllowAgentForwarding,
  541. sHostCertificate, sInclude,
  542. sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
  543. sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
  544. sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
  545. sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
  546. sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
  547. sStreamLocalBindMask, sStreamLocalBindUnlink,
  548. sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
  549. sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
  550. sDeprecated, sIgnore, sUnsupported
  551. } ServerOpCodes;
  552. #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */
  553. #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
  554. #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
  555. #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */
  556. #define SSHCFG_MATCH_ONLY 0x08 /* Match only in conditional blocks; internal only */
  557. /* Textual representation of the tokens. */
  558. static struct {
  559. const char *name;
  560. ServerOpCodes opcode;
  561. u_int flags;
  562. } keywords[] = {
  563. /* Portable-specific options */
  564. #ifdef USE_PAM
  565. { "usepam", sUsePAM, SSHCFG_GLOBAL },
  566. #else
  567. { "usepam", sUnsupported, SSHCFG_GLOBAL },
  568. #endif
  569. { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
  570. /* Standard Options */
  571. { "port", sPort, SSHCFG_GLOBAL },
  572. { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
  573. { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
  574. { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
  575. { "pidfile", sPidFile, SSHCFG_GLOBAL },
  576. { "serverkeybits", sDeprecated, SSHCFG_GLOBAL },
  577. { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
  578. { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
  579. { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
  580. { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
  581. { "loglevel", sLogLevel, SSHCFG_ALL },
  582. { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
  583. { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
  584. { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
  585. { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
  586. { "hostbasedacceptedalgorithms", sHostbasedAcceptedAlgorithms, SSHCFG_ALL },
  587. { "hostbasedacceptedkeytypes", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */
  588. { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
  589. { "rsaauthentication", sDeprecated, SSHCFG_ALL },
  590. { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
  591. { "pubkeyacceptedalgorithms", sPubkeyAcceptedAlgorithms, SSHCFG_ALL },
  592. { "pubkeyacceptedkeytypes", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */
  593. { "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL },
  594. { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
  595. #ifdef KRB5
  596. { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
  597. { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
  598. { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
  599. #ifdef USE_AFS
  600. { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
  601. #else
  602. { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
  603. #endif
  604. #else
  605. { "kerberosauthentication", sUnsupported, SSHCFG_ALL },
  606. { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
  607. { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
  608. { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
  609. #endif
  610. { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
  611. { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
  612. #ifdef GSSAPI
  613. { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
  614. { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
  615. { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
  616. #else
  617. { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
  618. { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
  619. { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
  620. #endif
  621. { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
  622. { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
  623. { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
  624. { "skeyauthentication", sDeprecated, SSHCFG_GLOBAL },
  625. { "checkmail", sDeprecated, SSHCFG_GLOBAL },
  626. { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
  627. { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
  628. { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
  629. #ifdef DISABLE_LASTLOG
  630. { "printlastlog", sUnsupported, SSHCFG_GLOBAL },
  631. #else
  632. { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
  633. #endif
  634. { "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL },
  635. { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
  636. { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
  637. { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
  638. { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
  639. { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
  640. { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
  641. { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL },
  642. { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
  643. { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
  644. { "uselogin", sDeprecated, SSHCFG_GLOBAL },
  645. { "compression", sCompression, SSHCFG_GLOBAL },
  646. { "rekeylimit", sRekeyLimit, SSHCFG_ALL },
  647. { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
  648. { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
  649. { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
  650. { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
  651. { "allowusers", sAllowUsers, SSHCFG_ALL },
  652. { "denyusers", sDenyUsers, SSHCFG_ALL },
  653. { "allowgroups", sAllowGroups, SSHCFG_ALL },
  654. { "denygroups", sDenyGroups, SSHCFG_ALL },
  655. { "ciphers", sCiphers, SSHCFG_GLOBAL },
  656. { "macs", sMacs, SSHCFG_GLOBAL },
  657. { "protocol", sIgnore, SSHCFG_GLOBAL },
  658. { "gatewayports", sGatewayPorts, SSHCFG_ALL },
  659. { "subsystem", sSubsystem, SSHCFG_GLOBAL },
  660. { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
  661. { "persourcemaxstartups", sPerSourceMaxStartups, SSHCFG_GLOBAL },
  662. { "persourcenetblocksize", sPerSourceNetBlockSize, SSHCFG_GLOBAL },
  663. { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
  664. { "maxsessions", sMaxSessions, SSHCFG_ALL },
  665. { "banner", sBanner, SSHCFG_ALL },
  666. { "usedns", sUseDNS, SSHCFG_GLOBAL },
  667. { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
  668. { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
  669. { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },
  670. { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
  671. { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
  672. { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
  673. { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
  674. { "acceptenv", sAcceptEnv, SSHCFG_ALL },
  675. { "setenv", sSetEnv, SSHCFG_ALL },
  676. { "permittunnel", sPermitTunnel, SSHCFG_ALL },
  677. { "permittty", sPermitTTY, SSHCFG_ALL },
  678. { "permituserrc", sPermitUserRC, SSHCFG_ALL },
  679. { "match", sMatch, SSHCFG_ALL },
  680. { "permitopen", sPermitOpen, SSHCFG_ALL },
  681. { "permitlisten", sPermitListen, SSHCFG_ALL },
  682. { "forcecommand", sForceCommand, SSHCFG_ALL },
  683. { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
  684. { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
  685. { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
  686. { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
  687. { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
  688. { "hpndisabled", sHPNDisabled, SSHCFG_ALL },
  689. { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
  690. { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
  691. { "noneenabled", sNoneEnabled, SSHCFG_ALL },
  692. { "disableMTAES", sDisableMTAES, SSHCFG_ALL },
  693. { "nonemacenabled", sNoneMacEnabled, SSHCFG_ALL },
  694. { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
  695. { "include", sInclude, SSHCFG_ALL },
  696. { "ipqos", sIPQoS, SSHCFG_ALL },
  697. { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
  698. { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
  699. { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
  700. { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
  701. { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
  702. { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
  703. { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
  704. { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
  705. { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
  706. { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
  707. { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
  708. { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
  709. { "rdomain", sRDomain, SSHCFG_ALL },
  710. { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
  711. { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
  712. { NULL, sBadOption, 0 }
  713. };
  714. static struct {
  715. int val;
  716. char *text;
  717. } tunmode_desc[] = {
  718. { SSH_TUNMODE_NO, "no" },
  719. { SSH_TUNMODE_POINTOPOINT, "point-to-point" },
  720. { SSH_TUNMODE_ETHERNET, "ethernet" },
  721. { SSH_TUNMODE_YES, "yes" },
  722. { -1, NULL }
  723. };
  724. /* Returns an opcode name from its number */
  725. static const char *
  726. lookup_opcode_name(ServerOpCodes code)
  727. {
  728. u_int i;
  729. for (i = 0; keywords[i].name != NULL; i++)
  730. if (keywords[i].opcode == code)
  731. return(keywords[i].name);
  732. return "UNKNOWN";
  733. }
  734. /*
  735. * Returns the number of the token pointed to by cp or sBadOption.
  736. */
  737. static ServerOpCodes
  738. parse_token(const char *cp, const char *filename,
  739. int linenum, u_int *flags)
  740. {
  741. u_int i;
  742. for (i = 0; keywords[i].name; i++)
  743. if (strcasecmp(cp, keywords[i].name) == 0) {
  744. debug("Config token is %s", keywords[i].name);
  745. *flags = keywords[i].flags;
  746. return keywords[i].opcode;
  747. }
  748. error("%s: line %d: Bad configuration option: %s",
  749. filename, linenum, cp);
  750. return sBadOption;
  751. }
  752. char *
  753. derelativise_path(const char *path)
  754. {
  755. char *expanded, *ret, cwd[PATH_MAX];
  756. if (strcasecmp(path, "none") == 0)
  757. return xstrdup("none");
  758. expanded = tilde_expand_filename(path, getuid());
  759. if (path_absolute(expanded))
  760. return expanded;
  761. if (getcwd(cwd, sizeof(cwd)) == NULL)
  762. fatal("%s: getcwd: %s", __func__, strerror(errno));
  763. xasprintf(&ret, "%s/%s", cwd, expanded);
  764. free(expanded);
  765. return ret;
  766. }
  767. static void
  768. add_listen_addr(ServerOptions *options, const char *addr,
  769. const char *rdomain, int port)
  770. {
  771. u_int i;
  772. if (port > 0)
  773. add_one_listen_addr(options, addr, rdomain, port);
  774. else {
  775. for (i = 0; i < options->num_ports; i++) {
  776. add_one_listen_addr(options, addr, rdomain,
  777. options->ports[i]);
  778. }
  779. }
  780. }
  781. static void
  782. add_one_listen_addr(ServerOptions *options, const char *addr,
  783. const char *rdomain, int port)
  784. {
  785. struct addrinfo hints, *ai, *aitop;
  786. char strport[NI_MAXSERV];
  787. int gaierr;
  788. u_int i;
  789. /* Find listen_addrs entry for this rdomain */
  790. for (i = 0; i < options->num_listen_addrs; i++) {
  791. if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL)
  792. break;
  793. if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL)
  794. continue;
  795. if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0)
  796. break;
  797. }
  798. if (i >= options->num_listen_addrs) {
  799. /* No entry for this rdomain; allocate one */
  800. if (i >= INT_MAX)
  801. fatal("%s: too many listen addresses", __func__);
  802. options->listen_addrs = xrecallocarray(options->listen_addrs,
  803. options->num_listen_addrs, options->num_listen_addrs + 1,
  804. sizeof(*options->listen_addrs));
  805. i = options->num_listen_addrs++;
  806. if (rdomain != NULL)
  807. options->listen_addrs[i].rdomain = xstrdup(rdomain);
  808. }
  809. /* options->listen_addrs[i] points to the addresses for this rdomain */
  810. memset(&hints, 0, sizeof(hints));
  811. hints.ai_family = options->address_family;
  812. hints.ai_socktype = SOCK_STREAM;
  813. hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
  814. snprintf(strport, sizeof strport, "%d", port);
  815. if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
  816. fatal("bad addr or host: %s (%s)",
  817. addr ? addr : "<NULL>",
  818. ssh_gai_strerror(gaierr));
  819. for (ai = aitop; ai->ai_next; ai = ai->ai_next)
  820. ;
  821. ai->ai_next = options->listen_addrs[i].addrs;
  822. options->listen_addrs[i].addrs = aitop;
  823. }
  824. /* Returns nonzero if the routing domain name is valid */
  825. static int
  826. valid_rdomain(const char *name)
  827. {
  828. #if defined(HAVE_SYS_VALID_RDOMAIN)
  829. return sys_valid_rdomain(name);
  830. #elif defined(__OpenBSD__)
  831. const char *errstr;
  832. long long num;
  833. struct rt_tableinfo info;
  834. int mib[6];
  835. size_t miblen = sizeof(mib);
  836. if (name == NULL)
  837. return 1;
  838. num = strtonum(name, 0, 255, &errstr);
  839. if (errstr != NULL)
  840. return 0;
  841. /* Check whether the table actually exists */
  842. memset(mib, 0, sizeof(mib));
  843. mib[0] = CTL_NET;
  844. mib[1] = PF_ROUTE;
  845. mib[4] = NET_RT_TABLE;
  846. mib[5] = (int)num;
  847. if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1)
  848. return 0;
  849. return 1;
  850. #else /* defined(__OpenBSD__) */
  851. error("Routing domains are not supported on this platform");
  852. return 0;
  853. #endif
  854. }
  855. /*
  856. * Queue a ListenAddress to be processed once we have all of the Ports
  857. * and AddressFamily options.
  858. */
  859. static void
  860. queue_listen_addr(ServerOptions *options, const char *addr,
  861. const char *rdomain, int port)
  862. {
  863. struct queued_listenaddr *qla;
  864. options->queued_listen_addrs = xrecallocarray(
  865. options->queued_listen_addrs,
  866. options->num_queued_listens, options->num_queued_listens + 1,
  867. sizeof(*options->queued_listen_addrs));
  868. qla = &options->queued_listen_addrs[options->num_queued_listens++];
  869. qla->addr = xstrdup(addr);
  870. qla->port = port;
  871. qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain);
  872. }
  873. /*
  874. * Process queued (text) ListenAddress entries.
  875. */
  876. static void
  877. process_queued_listen_addrs(ServerOptions *options)
  878. {
  879. u_int i;
  880. struct queued_listenaddr *qla;
  881. if (options->num_ports == 0)
  882. options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
  883. if (options->address_family == -1)
  884. options->address_family = AF_UNSPEC;
  885. for (i = 0; i < options->num_queued_listens; i++) {
  886. qla = &options->queued_listen_addrs[i];
  887. add_listen_addr(options, qla->addr, qla->rdomain, qla->port);
  888. free(qla->addr);
  889. free(qla->rdomain);
  890. }
  891. free(options->queued_listen_addrs);
  892. options->queued_listen_addrs = NULL;
  893. options->num_queued_listens = 0;
  894. }
  895. /*
  896. * Inform channels layer of permitopen options for a single forwarding
  897. * direction (local/remote).
  898. */
  899. static void
  900. process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
  901. char **opens, u_int num_opens)
  902. {
  903. u_int i;
  904. int port;
  905. char *host, *arg, *oarg, ch;
  906. int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
  907. const char *what = lookup_opcode_name(opcode);
  908. channel_clear_permission(ssh, FORWARD_ADM, where);
  909. if (num_opens == 0)
  910. return; /* permit any */
  911. /* handle keywords: "any" / "none" */
  912. if (num_opens == 1 && strcmp(opens[0], "any") == 0)
  913. return;
  914. if (num_opens == 1 && strcmp(opens[0], "none") == 0) {
  915. channel_disable_admin(ssh, where);
  916. return;
  917. }
  918. /* Otherwise treat it as a list of permitted host:port */
  919. for (i = 0; i < num_opens; i++) {
  920. oarg = arg = xstrdup(opens[i]);
  921. ch = '\0';
  922. host = hpdelim2(&arg, &ch);
  923. if (host == NULL || ch == '/')
  924. fatal("%s: missing host in %s", __func__, what);
  925. host = cleanhostname(host);
  926. if (arg == NULL || ((port = permitopen_port(arg)) < 0))
  927. fatal("%s: bad port number in %s", __func__, what);
  928. /* Send it to channels layer */
  929. channel_add_permission(ssh, FORWARD_ADM,
  930. where, host, port);
  931. free(oarg);
  932. }
  933. }
  934. /*
  935. * Inform channels layer of permitopen options from configuration.
  936. */
  937. void
  938. process_permitopen(struct ssh *ssh, ServerOptions *options)
  939. {
  940. process_permitopen_list(ssh, sPermitOpen,
  941. options->permitted_opens, options->num_permitted_opens);
  942. process_permitopen_list(ssh, sPermitListen,
  943. options->permitted_listens,
  944. options->num_permitted_listens);
  945. }
  946. struct connection_info *
  947. get_connection_info(struct ssh *ssh, int populate, int use_dns)
  948. {
  949. static struct connection_info ci;
  950. if (ssh == NULL || !populate)
  951. return &ci;
  952. ci.host = auth_get_canonical_hostname(ssh, use_dns);
  953. ci.address = ssh_remote_ipaddr(ssh);
  954. ci.laddress = ssh_local_ipaddr(ssh);
  955. ci.lport = ssh_local_port(ssh);
  956. ci.rdomain = ssh_packet_rdomain_in(ssh);
  957. return &ci;
  958. }
  959. /*
  960. * The strategy for the Match blocks is that the config file is parsed twice.
  961. *
  962. * The first time is at startup. activep is initialized to 1 and the
  963. * directives in the global context are processed and acted on. Hitting a
  964. * Match directive unsets activep and the directives inside the block are
  965. * checked for syntax only.
  966. *
  967. * The second time is after a connection has been established but before
  968. * authentication. activep is initialized to 2 and global config directives
  969. * are ignored since they have already been processed. If the criteria in a
  970. * Match block is met, activep is set and the subsequent directives
  971. * processed and actioned until EOF or another Match block unsets it. Any
  972. * options set are copied into the main server config.
  973. *
  974. * Potential additions/improvements:
  975. * - Add Match support for pre-kex directives, eg. Ciphers.
  976. *
  977. * - Add a Tag directive (idea from David Leonard) ala pf, eg:
  978. * Match Address 192.168.0.*
  979. * Tag trusted
  980. * Match Group wheel
  981. * Tag trusted
  982. * Match Tag trusted
  983. * AllowTcpForwarding yes
  984. * GatewayPorts clientspecified
  985. * [...]
  986. *
  987. * - Add a PermittedChannelRequests directive
  988. * Match Group shell
  989. * PermittedChannelRequests session,forwarded-tcpip
  990. */
  991. static int
  992. match_cfg_line_group(const char *grps, int line, const char *user)
  993. {
  994. int result = 0;
  995. struct passwd *pw;
  996. if (user == NULL)
  997. goto out;
  998. if ((pw = getpwnam(user)) == NULL) {
  999. debug("Can't match group at line %d because user %.100s does "
  1000. "not exist", line, user);
  1001. } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
  1002. debug("Can't Match group because user %.100s not in any group "
  1003. "at line %d", user, line);
  1004. } else if (ga_match_pattern_list(grps) != 1) {
  1005. debug("user %.100s does not match group list %.100s at line %d",
  1006. user, grps, line);
  1007. } else {
  1008. debug("user %.100s matched group list %.100s at line %d", user,
  1009. grps, line);
  1010. result = 1;
  1011. }
  1012. out:
  1013. ga_free();
  1014. return result;
  1015. }
  1016. static void
  1017. match_test_missing_fatal(const char *criteria, const char *attrib)
  1018. {
  1019. fatal("'Match %s' in configuration but '%s' not in connection "
  1020. "test specification.", criteria, attrib);
  1021. }
  1022. /*
  1023. * All of the attributes on a single Match line are ANDed together, so we need
  1024. * to check every attribute and set the result to zero if any attribute does
  1025. * not match.
  1026. */
  1027. static int
  1028. match_cfg_line(char **condition, int line, struct connection_info *ci)
  1029. {
  1030. int result = 1, attributes = 0, port;
  1031. char *arg, *attrib, *cp = *condition;
  1032. if (ci == NULL)
  1033. debug3("checking syntax for 'Match %s'", cp);
  1034. else
  1035. debug3("checking match for '%s' user %s host %s addr %s "
  1036. "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
  1037. ci->host ? ci->host : "(null)",
  1038. ci->address ? ci->address : "(null)",
  1039. ci->laddress ? ci->laddress : "(null)", ci->lport);
  1040. while ((attrib = strdelim(&cp)) && *attrib != '\0') {
  1041. attributes++;
  1042. if (strcasecmp(attrib, "all") == 0) {
  1043. if (attributes != 1 ||
  1044. ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
  1045. error("'all' cannot be combined with other "
  1046. "Match attributes");
  1047. return -1;
  1048. }
  1049. *condition = cp;
  1050. return 1;
  1051. }
  1052. if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
  1053. error("Missing Match criteria for %s", attrib);
  1054. return -1;
  1055. }
  1056. if (strcasecmp(attrib, "user") == 0) {
  1057. if (ci == NULL || (ci->test && ci->user == NULL)) {
  1058. result = 0;
  1059. continue;
  1060. }
  1061. if (ci->user == NULL)
  1062. match_test_missing_fatal("User", "user");
  1063. if (match_usergroup_pattern_list(ci->user, arg) != 1)
  1064. result = 0;
  1065. else
  1066. debug("user %.100s matched 'User %.100s' at "
  1067. "line %d", ci->user, arg, line);
  1068. } else if (strcasecmp(attrib, "group") == 0) {
  1069. if (ci == NULL || (ci->test && ci->user == NULL)) {
  1070. result = 0;
  1071. continue;
  1072. }
  1073. if (ci->user == NULL)
  1074. match_test_missing_fatal("Group", "user");
  1075. switch (match_cfg_line_group(arg, line, ci->user)) {
  1076. case -1:
  1077. return -1;
  1078. case 0:
  1079. result = 0;
  1080. }
  1081. } else if (strcasecmp(attrib, "host") == 0) {
  1082. if (ci == NULL || (ci->test && ci->host == NULL)) {
  1083. result = 0;
  1084. continue;
  1085. }
  1086. if (ci->host == NULL)
  1087. match_test_missing_fatal("Host", "host");
  1088. if (match_hostname(ci->host, arg) != 1)
  1089. result = 0;
  1090. else
  1091. debug("connection from %.100s matched 'Host "
  1092. "%.100s' at line %d", ci->host, arg, line);
  1093. } else if (strcasecmp(attrib, "address") == 0) {
  1094. if (ci == NULL || (ci->test && ci->address == NULL)) {
  1095. if (addr_match_list(NULL, arg) != 0)
  1096. fatal("Invalid Match address argument "
  1097. "'%s' at line %d", arg, line);
  1098. result = 0;
  1099. continue;
  1100. }
  1101. if (ci->address == NULL)
  1102. match_test_missing_fatal("Address", "addr");
  1103. switch (addr_match_list(ci->address, arg)) {
  1104. case 1:
  1105. debug("connection from %.100s matched 'Address "
  1106. "%.100s' at line %d", ci->address, arg, line);
  1107. break;
  1108. case 0:
  1109. case -1:
  1110. result = 0;
  1111. break;
  1112. case -2:
  1113. return -1;
  1114. }
  1115. } else if (strcasecmp(attrib, "localaddress") == 0){
  1116. if (ci == NULL || (ci->test && ci->laddress == NULL)) {
  1117. if (addr_match_list(NULL, arg) != 0)
  1118. fatal("Invalid Match localaddress "
  1119. "argument '%s' at line %d", arg,
  1120. line);
  1121. result = 0;
  1122. continue;
  1123. }
  1124. if (ci->laddress == NULL)
  1125. match_test_missing_fatal("LocalAddress",
  1126. "laddr");
  1127. switch (addr_match_list(ci->laddress, arg)) {
  1128. case 1:
  1129. debug("connection from %.100s matched "
  1130. "'LocalAddress %.100s' at line %d",
  1131. ci->laddress, arg, line);
  1132. break;
  1133. case 0:
  1134. case -1:
  1135. result = 0;
  1136. break;
  1137. case -2:
  1138. return -1;
  1139. }
  1140. } else if (strcasecmp(attrib, "localport") == 0) {
  1141. if ((port = a2port(arg)) == -1) {
  1142. error("Invalid LocalPort '%s' on Match line",
  1143. arg);
  1144. return -1;
  1145. }
  1146. if (ci == NULL || (ci->test && ci->lport == -1)) {
  1147. result = 0;
  1148. continue;
  1149. }
  1150. if (ci->lport == 0)
  1151. match_test_missing_fatal("LocalPort", "lport");
  1152. /* TODO support port lists */
  1153. if (port == ci->lport)
  1154. debug("connection from %.100s matched "
  1155. "'LocalPort %d' at line %d",
  1156. ci->laddress, port, line);
  1157. else
  1158. result = 0;
  1159. } else if (strcasecmp(attrib, "rdomain") == 0) {
  1160. if (ci == NULL || (ci->test && ci->rdomain == NULL)) {
  1161. result = 0;
  1162. continue;
  1163. }
  1164. if (ci->rdomain == NULL)
  1165. match_test_missing_fatal("RDomain", "rdomain");
  1166. if (match_pattern_list(ci->rdomain, arg, 0) != 1)
  1167. result = 0;
  1168. else
  1169. debug("user %.100s matched 'RDomain %.100s' at "
  1170. "line %d", ci->rdomain, arg, line);
  1171. } else {
  1172. error("Unsupported Match attribute %s", attrib);
  1173. return -1;
  1174. }
  1175. }
  1176. if (attributes == 0) {
  1177. error("One or more attributes required for Match");
  1178. return -1;
  1179. }
  1180. if (ci != NULL)
  1181. debug3("match %sfound", result ? "" : "not ");
  1182. *condition = cp;
  1183. return result;
  1184. }
  1185. #define WHITESPACE " \t\r\n"
  1186. /* Multistate option parsing */
  1187. struct multistate {
  1188. char *key;
  1189. int value;
  1190. };
  1191. static const struct multistate multistate_flag[] = {
  1192. { "yes", 1 },
  1193. { "no", 0 },
  1194. { NULL, -1 }
  1195. };
  1196. static const struct multistate multistate_ignore_rhosts[] = {
  1197. { "yes", IGNORE_RHOSTS_YES },
  1198. { "no", IGNORE_RHOSTS_NO },
  1199. { "shosts-only", IGNORE_RHOSTS_SHOSTS },
  1200. { NULL, -1 }
  1201. };
  1202. static const struct multistate multistate_addressfamily[] = {
  1203. { "inet", AF_INET },
  1204. { "inet6", AF_INET6 },
  1205. { "any", AF_UNSPEC },
  1206. { NULL, -1 }
  1207. };
  1208. static const struct multistate multistate_permitrootlogin[] = {
  1209. { "without-password", PERMIT_NO_PASSWD },
  1210. { "prohibit-password", PERMIT_NO_PASSWD },
  1211. { "forced-commands-only", PERMIT_FORCED_ONLY },
  1212. { "yes", PERMIT_YES },
  1213. { "no", PERMIT_NO },
  1214. { NULL, -1 }
  1215. };
  1216. static const struct multistate multistate_compression[] = {
  1217. #ifdef WITH_ZLIB
  1218. { "yes", COMP_DELAYED },
  1219. { "delayed", COMP_DELAYED },
  1220. #endif
  1221. { "no", COMP_NONE },
  1222. { NULL, -1 }
  1223. };
  1224. static const struct multistate multistate_gatewayports[] = {
  1225. { "clientspecified", 2 },
  1226. { "yes", 1 },
  1227. { "no", 0 },
  1228. { NULL, -1 }
  1229. };
  1230. static const struct multistate multistate_tcpfwd[] = {
  1231. { "yes", FORWARD_ALLOW },
  1232. { "all", FORWARD_ALLOW },
  1233. { "no", FORWARD_DENY },
  1234. { "remote", FORWARD_REMOTE },
  1235. { "local", FORWARD_LOCAL },
  1236. { NULL, -1 }
  1237. };
  1238. static int
  1239. process_server_config_line_depth(ServerOptions *options, char *line,
  1240. const char *filename, int linenum, int *activep,
  1241. struct connection_info *connectinfo, int *inc_flags, int depth,
  1242. struct include_list *includes)
  1243. {
  1244. char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
  1245. int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
  1246. SyslogFacility *log_facility_ptr;
  1247. LogLevel *log_level_ptr;
  1248. ServerOpCodes opcode;
  1249. u_int i, *uintptr, uvalue, flags = 0;
  1250. size_t len;
  1251. long long val64;
  1252. const struct multistate *multistate_ptr;
  1253. const char *errstr;
  1254. struct include_item *item;
  1255. glob_t gbuf;
  1256. /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
  1257. if ((len = strlen(line)) == 0)
  1258. return 0;
  1259. for (len--; len > 0; len--) {
  1260. if (strchr(WHITESPACE "\f", line[len]) == NULL)
  1261. break;
  1262. line[len] = '\0';
  1263. }
  1264. cp = line;
  1265. if ((arg = strdelim(&cp)) == NULL)
  1266. return 0;
  1267. /* Ignore leading whitespace */
  1268. if (*arg == '\0')
  1269. arg = strdelim(&cp);
  1270. if (!arg || !*arg || *arg == '#')
  1271. return 0;
  1272. intptr = NULL;
  1273. charptr = NULL;
  1274. opcode = parse_token(arg, filename, linenum, &flags);
  1275. if (activep == NULL) { /* We are processing a command line directive */
  1276. cmdline = 1;
  1277. activep = &cmdline;
  1278. }
  1279. if (*activep && opcode != sMatch && opcode != sInclude)
  1280. debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
  1281. if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
  1282. if (connectinfo == NULL) {
  1283. fatal("%s line %d: Directive '%s' is not allowed "
  1284. "within a Match block", filename, linenum, arg);
  1285. } else { /* this is a directive we have already processed */
  1286. while (arg)
  1287. arg = strdelim(&cp);
  1288. return 0;
  1289. }
  1290. }
  1291. switch (opcode) {
  1292. /* Portable-specific options */
  1293. case sUsePAM:
  1294. intptr = &options->use_pam;
  1295. goto parse_flag;
  1296. /* Standard Options */
  1297. case sBadOption:
  1298. return -1;
  1299. case sPort:
  1300. /* ignore ports from configfile if cmdline specifies ports */
  1301. if (options->ports_from_cmdline)
  1302. return 0;
  1303. if (options->num_ports >= MAX_PORTS)
  1304. fatal("%s line %d: too many ports.",
  1305. filename, linenum);
  1306. arg = strdelim(&cp);
  1307. if (!arg || *arg == '\0')
  1308. fatal("%s line %d: missing port number.",
  1309. filename, linenum);
  1310. options->ports[options->num_ports++] = a2port(arg);
  1311. if (options->ports[options->num_ports-1] <= 0)
  1312. fatal("%s line %d: Badly formatted port number.",
  1313. filename, linenum);
  1314. break;
  1315. case sLoginGraceTime:
  1316. intptr = &options->login_grace_time;
  1317. parse_time:
  1318. arg = strdelim(&cp);
  1319. if (!arg || *arg == '\0')
  1320. fatal("%s line %d: missing time value.",
  1321. filename, linenum);
  1322. if ((value = convtime(arg)) == -1)
  1323. fatal("%s line %d: invalid time value.",
  1324. filename, linenum);
  1325. if (*activep && *intptr == -1)
  1326. *intptr = value;
  1327. break;
  1328. case sListenAddress:
  1329. arg = strdelim(&cp);
  1330. if (arg == NULL || *arg == '\0')
  1331. fatal("%s line %d: missing address",
  1332. filename, linenum);
  1333. /* check for bare IPv6 address: no "[]" and 2 or more ":" */
  1334. if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
  1335. && strchr(p+1, ':') != NULL) {
  1336. port = 0;
  1337. p = arg;
  1338. } else {
  1339. arg2 = NULL;
  1340. ch = '\0';
  1341. p = hpdelim2(&arg, &ch);
  1342. if (p == NULL || ch == '/')
  1343. fatal("%s line %d: bad address:port usage",
  1344. filename, linenum);
  1345. p = cleanhostname(p);
  1346. if (arg == NULL)
  1347. port = 0;
  1348. else if ((port = a2port(arg)) <= 0)
  1349. fatal("%s line %d: bad port number",
  1350. filename, linenum);
  1351. }
  1352. /* Optional routing table */
  1353. arg2 = NULL;
  1354. if ((arg = strdelim(&cp)) != NULL) {
  1355. if (strcmp(arg, "rdomain") != 0 ||
  1356. (arg2 = strdelim(&cp)) == NULL)
  1357. fatal("%s line %d: bad ListenAddress syntax",
  1358. filename, linenum);
  1359. if (!valid_rdomain(arg2))
  1360. fatal("%s line %d: bad routing domain",
  1361. filename, linenum);
  1362. }
  1363. queue_listen_addr(options, p, arg2, port);
  1364. break;
  1365. case sAddressFamily:
  1366. intptr = &options->address_family;
  1367. multistate_ptr = multistate_addressfamily;
  1368. parse_multistate:
  1369. arg = strdelim(&cp);
  1370. if (!arg || *arg == '\0')
  1371. fatal("%s line %d: missing argument.",
  1372. filename, linenum);
  1373. value = -1;
  1374. for (i = 0; multistate_ptr[i].key != NULL; i++) {
  1375. if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
  1376. value = multistate_ptr[i].value;
  1377. break;
  1378. }
  1379. }
  1380. if (value == -1)
  1381. fatal("%s line %d: unsupported option \"%s\".",
  1382. filename, linenum, arg);
  1383. if (*activep && *intptr == -1)
  1384. *intptr = value;
  1385. break;
  1386. case sHostKeyFile:
  1387. arg = strdelim(&cp);
  1388. if (!arg || *arg == '\0')
  1389. fatal("%s line %d: missing file name.",
  1390. filename, linenum);
  1391. if (*activep) {
  1392. servconf_add_hostkey(filename, linenum,
  1393. options, arg, 1);
  1394. }
  1395. break;
  1396. case sHostKeyAgent:
  1397. charptr = &options->host_key_agent;
  1398. arg = strdelim(&cp);
  1399. if (!arg || *arg == '\0')
  1400. fatal("%s line %d: missing socket name.",
  1401. filename, linenum);
  1402. if (*activep && *charptr == NULL)
  1403. *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
  1404. xstrdup(arg) : derelativise_path(arg);
  1405. break;
  1406. case sHostCertificate:
  1407. arg = strdelim(&cp);
  1408. if (!arg || *arg == '\0')
  1409. fatal("%s line %d: missing file name.",
  1410. filename, linenum);
  1411. if (*activep)
  1412. servconf_add_hostcert(filename, linenum, options, arg);
  1413. break;
  1414. case sPidFile:
  1415. charptr = &options->pid_file;
  1416. parse_filename:
  1417. arg = strdelim(&cp);
  1418. if (!arg || *arg == '\0')
  1419. fatal("%s line %d: missing file name.",
  1420. filename, linenum);
  1421. if (*activep && *charptr == NULL) {
  1422. *charptr = derelativise_path(arg);
  1423. /* increase optional counter */
  1424. if (intptr != NULL)
  1425. *intptr = *intptr + 1;
  1426. }
  1427. break;
  1428. case sPermitRootLogin:
  1429. intptr = &options->permit_root_login;
  1430. multistate_ptr = multistate_permitrootlogin;
  1431. goto parse_multistate;
  1432. case sIgnoreRhosts:
  1433. intptr = &options->ignore_rhosts;
  1434. multistate_ptr = multistate_ignore_rhosts;
  1435. goto parse_multistate;
  1436. case sTcpRcvBufPoll:
  1437. intptr = &options->tcp_rcv_buf_poll;
  1438. goto parse_flag;
  1439. case sHPNDisabled:
  1440. intptr = &options->hpn_disabled;
  1441. goto parse_flag;
  1442. case sHPNBufferSize:
  1443. intptr = &options->hpn_buffer_size;
  1444. goto parse_int;
  1445. case sIgnoreUserKnownHosts:
  1446. intptr = &options->ignore_user_known_hosts;
  1447. parse_flag:
  1448. multistate_ptr = multistate_flag;
  1449. goto parse_multistate;
  1450. case sNoneEnabled:
  1451. intptr = &options->none_enabled;
  1452. goto parse_flag;
  1453. case sNoneMacEnabled:
  1454. intptr = &options->nonemac_enabled;
  1455. goto parse_flag;
  1456. case sDisableMTAES:
  1457. intptr = &options->disable_multithreaded;
  1458. goto parse_flag;
  1459. case sHostbasedAuthentication:
  1460. intptr = &options->hostbased_authentication;
  1461. goto parse_flag;
  1462. case sHostbasedUsesNameFromPacketOnly:
  1463. intptr = &options->hostbased_uses_name_from_packet_only;
  1464. goto parse_flag;
  1465. case sHostbasedAcceptedAlgorithms:
  1466. charptr = &options->hostbased_accepted_algos;
  1467. parse_pubkey_algos:
  1468. arg = strdelim(&cp);
  1469. if (!arg || *arg == '\0')
  1470. fatal("%s line %d: Missing argument.",
  1471. filename, linenum);
  1472. if (*arg != '-' &&
  1473. !sshkey_names_valid2(*arg == '+' || *arg == '^' ?
  1474. arg + 1 : arg, 1))
  1475. fatal("%s line %d: Bad key types '%s'.",
  1476. filename, linenum, arg ? arg : "<NONE>");
  1477. if (*activep && *charptr == NULL)
  1478. *charptr = xstrdup(arg);
  1479. break;
  1480. case sHostKeyAlgorithms:
  1481. charptr = &options->hostkeyalgorithms;
  1482. goto parse_pubkey_algos;
  1483. case sCASignatureAlgorithms:
  1484. charptr = &options->ca_sign_algorithms;
  1485. goto parse_pubkey_algos;
  1486. case sPubkeyAuthentication:
  1487. intptr = &options->pubkey_authentication;
  1488. goto parse_flag;
  1489. case sPubkeyAcceptedAlgorithms:
  1490. charptr = &options->pubkey_accepted_algos;
  1491. goto parse_pubkey_algos;
  1492. case sPubkeyAuthOptions:
  1493. intptr = &options->pubkey_auth_options;
  1494. value = 0;
  1495. while ((arg = strdelim(&cp)) && *arg != '\0') {
  1496. if (strcasecmp(arg, "none") == 0)
  1497. continue;
  1498. if (strcasecmp(arg, "touch-required") == 0)
  1499. value |= PUBKEYAUTH_TOUCH_REQUIRED;
  1500. else if (strcasecmp(arg, "verify-required") == 0)
  1501. value |= PUBKEYAUTH_VERIFY_REQUIRED;
  1502. else {
  1503. fatal("%s line %d: unsupported "
  1504. "PubkeyAuthOptions option %s",
  1505. filename, linenum, arg);
  1506. }
  1507. }
  1508. if (*activep && *intptr == -1)
  1509. *intptr = value;
  1510. break;
  1511. case sKerberosAuthentication:
  1512. intptr = &options->kerberos_authentication;
  1513. goto parse_flag;
  1514. case sKerberosOrLocalPasswd:
  1515. intptr = &options->kerberos_or_local_passwd;
  1516. goto parse_flag;
  1517. case sKerberosTicketCleanup:
  1518. intptr = &options->kerberos_ticket_cleanup;
  1519. goto parse_flag;
  1520. case sKerberosGetAFSToken:
  1521. intptr = &options->kerberos_get_afs_token;
  1522. goto parse_flag;
  1523. case sGssAuthentication:
  1524. intptr = &options->gss_authentication;
  1525. goto parse_flag;
  1526. case sGssCleanupCreds:
  1527. intptr = &options->gss_cleanup_creds;
  1528. goto parse_flag;
  1529. case sGssStrictAcceptor:
  1530. intptr = &options->gss_strict_acceptor;
  1531. goto parse_flag;
  1532. case sPasswordAuthentication:
  1533. intptr = &options->password_authentication;
  1534. goto parse_flag;
  1535. case sKbdInteractiveAuthentication:
  1536. intptr = &options->kbd_interactive_authentication;
  1537. goto parse_flag;
  1538. case sChallengeResponseAuthentication:
  1539. intptr = &options->challenge_response_authentication;
  1540. goto parse_flag;
  1541. case sPrintMotd:
  1542. intptr = &options->print_motd;
  1543. goto parse_flag;
  1544. case sPrintLastLog:
  1545. intptr = &options->print_lastlog;
  1546. goto parse_flag;
  1547. case sX11Forwarding:
  1548. intptr = &options->x11_forwarding;
  1549. goto parse_flag;
  1550. case sX11DisplayOffset:
  1551. intptr = &options->x11_display_offset;
  1552. parse_int:
  1553. arg = strdelim(&cp);
  1554. if ((errstr = atoi_err(arg, &value)) != NULL)
  1555. fatal("%s line %d: integer value %s.",
  1556. filename, linenum, errstr);
  1557. if (*activep && *intptr == -1)
  1558. *intptr = value;
  1559. break;
  1560. case sX11UseLocalhost:
  1561. intptr = &options->x11_use_localhost;
  1562. goto parse_flag;
  1563. case sXAuthLocation:
  1564. charptr = &options->xauth_location;
  1565. goto parse_filename;
  1566. case sPermitTTY:
  1567. intptr = &options->permit_tty;
  1568. goto parse_flag;
  1569. case sPermitUserRC:
  1570. intptr = &options->permit_user_rc;
  1571. goto parse_flag;
  1572. case sStrictModes:
  1573. intptr = &options->strict_modes;
  1574. goto parse_flag;
  1575. case sTCPKeepAlive:
  1576. intptr = &options->tcp_keep_alive;
  1577. goto parse_flag;
  1578. case sEmptyPasswd:
  1579. intptr = &options->permit_empty_passwd;
  1580. goto parse_flag;
  1581. case sPermitUserEnvironment:
  1582. intptr = &options->permit_user_env;
  1583. charptr = &options->permit_user_env_allowlist;
  1584. arg = strdelim(&cp);
  1585. if (!arg || *arg == '\0')
  1586. fatal("%s line %d: missing argument.",
  1587. filename, linenum);
  1588. value = 0;
  1589. p = NULL;
  1590. if (strcmp(arg, "yes") == 0)
  1591. value = 1;
  1592. else if (strcmp(arg, "no") == 0)
  1593. value = 0;
  1594. else {
  1595. /* Pattern-list specified */
  1596. value = 1;
  1597. p = xstrdup(arg);
  1598. }
  1599. if (*activep && *intptr == -1) {
  1600. *intptr = value;
  1601. *charptr = p;
  1602. p = NULL;
  1603. }
  1604. free(p);
  1605. break;
  1606. case sCompression:
  1607. intptr = &options->compression;
  1608. multistate_ptr = multistate_compression;
  1609. goto parse_multistate;
  1610. case sRekeyLimit:
  1611. arg = strdelim(&cp);
  1612. if (!arg || *arg == '\0')
  1613. fatal("%.200s line %d: Missing argument.", filename,
  1614. linenum);
  1615. if (strcmp(arg, "default") == 0) {
  1616. val64 = 0;
  1617. } else {
  1618. if (scan_scaled(arg, &val64) == -1)
  1619. fatal("%.200s line %d: Bad number '%s': %s",
  1620. filename, linenum, arg, strerror(errno));
  1621. if (val64 != 0 && val64 < 16)
  1622. fatal("%.200s line %d: RekeyLimit too small",
  1623. filename, linenum);
  1624. }
  1625. if (*activep && options->rekey_limit == -1)
  1626. options->rekey_limit = val64;
  1627. if (cp != NULL) { /* optional rekey interval present */
  1628. if (strcmp(cp, "none") == 0) {
  1629. (void)strdelim(&cp); /* discard */
  1630. break;
  1631. }
  1632. intptr = &options->rekey_interval;
  1633. goto parse_time;
  1634. }
  1635. break;
  1636. case sGatewayPorts:
  1637. intptr = &options->fwd_opts.gateway_ports;
  1638. multistate_ptr = multistate_gatewayports;
  1639. goto parse_multistate;
  1640. case sUseDNS:
  1641. intptr = &options->use_dns;
  1642. goto parse_flag;
  1643. case sLogFacility:
  1644. log_facility_ptr = &options->log_facility;
  1645. arg = strdelim(&cp);
  1646. value = log_facility_number(arg);
  1647. if (value == SYSLOG_FACILITY_NOT_SET)
  1648. fatal("%.200s line %d: unsupported log facility '%s'",
  1649. filename, linenum, arg ? arg : "<NONE>");
  1650. if (*log_facility_ptr == -1)
  1651. *log_facility_ptr = (SyslogFacility) value;
  1652. break;
  1653. case sLogLevel:
  1654. log_level_ptr = &options->log_level;
  1655. arg = strdelim(&cp);
  1656. value = log_level_number(arg);
  1657. if (value == SYSLOG_LEVEL_NOT_SET)
  1658. fatal("%.200s line %d: unsupported log level '%s'",
  1659. filename, linenum, arg ? arg : "<NONE>");
  1660. if (*activep && *log_level_ptr == -1)
  1661. *log_level_ptr = (LogLevel) value;
  1662. break;
  1663. case sAllowTcpForwarding:
  1664. intptr = &options->allow_tcp_forwarding;
  1665. multistate_ptr = multistate_tcpfwd;
  1666. goto parse_multistate;
  1667. case sAllowStreamLocalForwarding:
  1668. intptr = &options->allow_streamlocal_forwarding;
  1669. multistate_ptr = multistate_tcpfwd;
  1670. goto parse_multistate;
  1671. case sAllowAgentForwarding:
  1672. intptr = &options->allow_agent_forwarding;
  1673. goto parse_flag;
  1674. case sDisableForwarding:
  1675. intptr = &options->disable_forwarding;
  1676. goto parse_flag;
  1677. case sAllowUsers:
  1678. while ((arg = strdelim(&cp)) && *arg != '\0') {
  1679. if (match_user(NULL, NULL, NULL, arg) == -1)
  1680. fatal("%s line %d: invalid AllowUsers pattern: "
  1681. "\"%.100s\"", filename, linenum, arg);
  1682. if (!*activep)
  1683. continue;
  1684. opt_array_append(filename, linenum, "AllowUsers",
  1685. &options->allow_users, &options->num_allow_users,
  1686. arg);
  1687. }
  1688. break;
  1689. case sDenyUsers:
  1690. while ((arg = strdelim(&cp)) && *arg != '\0') {
  1691. if (match_user(NULL, NULL, NULL, arg) == -1)
  1692. fatal("%s line %d: invalid DenyUsers pattern: "
  1693. "\"%.100s\"", filename, linenum, arg);
  1694. if (!*activep)
  1695. continue;
  1696. opt_array_append(filename, linenum, "DenyUsers",
  1697. &options->deny_users, &options->num_deny_users,
  1698. arg);
  1699. }
  1700. break;
  1701. case sAllowGroups:
  1702. while ((arg = strdelim(&cp)) && *arg != '\0') {
  1703. if (!*activep)
  1704. continue;
  1705. opt_array_append(filename, linenum, "AllowGroups",
  1706. &options->allow_groups, &options->num_allow_groups,
  1707. arg);
  1708. }
  1709. break;
  1710. case sDenyGroups:
  1711. while ((arg = strdelim(&cp)) && *arg != '\0') {
  1712. if (!*activep)
  1713. continue;
  1714. opt_array_append(filename, linenum, "DenyGroups",
  1715. &options->deny_groups, &options->num_deny_groups,
  1716. arg);
  1717. }
  1718. break;
  1719. case sCiphers:
  1720. arg = strdelim(&cp);
  1721. if (!arg || *arg == '\0')
  1722. fatal("%s line %d: Missing argument.", filename, linenum);
  1723. if (*arg != '-' &&
  1724. !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
  1725. fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
  1726. filename, linenum, arg ? arg : "<NONE>");
  1727. if (options->ciphers == NULL)
  1728. options->ciphers = xstrdup(arg);
  1729. break;
  1730. case sMacs:
  1731. arg = strdelim(&cp);
  1732. if (!arg || *arg == '\0')
  1733. fatal("%s line %d: Missing argument.", filename, linenum);
  1734. if (*arg != '-' &&
  1735. !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
  1736. fatal("%s line %d: Bad SSH2 mac spec '%s'.",
  1737. filename, linenum, arg ? arg : "<NONE>");
  1738. if (options->macs == NULL)
  1739. options->macs = xstrdup(arg);
  1740. break;
  1741. case sKexAlgorithms:
  1742. arg = strdelim(&cp);
  1743. if (!arg || *arg == '\0')
  1744. fatal("%s line %d: Missing argument.",
  1745. filename, linenum);
  1746. if (*arg != '-' &&
  1747. !kex_names_valid(*arg == '+' || *arg == '^' ?
  1748. arg + 1 : arg))
  1749. fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
  1750. filename, linenum, arg ? arg : "<NONE>");
  1751. if (options->kex_algorithms == NULL)
  1752. options->kex_algorithms = xstrdup(arg);
  1753. break;
  1754. case sSubsystem:
  1755. if (options->num_subsystems >= MAX_SUBSYSTEMS) {
  1756. fatal("%s line %d: too many subsystems defined.",
  1757. filename, linenum);
  1758. }
  1759. arg = strdelim(&cp);
  1760. if (!arg || *arg == '\0')
  1761. fatal("%s line %d: Missing subsystem name.",
  1762. filename, linenum);
  1763. if (!*activep) {
  1764. /*arg =*/ (void) strdelim(&cp);
  1765. break;
  1766. }
  1767. for (i = 0; i < options->num_subsystems; i++)
  1768. if (strcmp(arg, options->subsystem_name[i]) == 0)
  1769. fatal("%s line %d: Subsystem '%s' already defined.",
  1770. filename, linenum, arg);
  1771. options->subsystem_name[options->num_subsystems] = xstrdup(arg);
  1772. arg = strdelim(&cp);
  1773. if (!arg || *arg == '\0')
  1774. fatal("%s line %d: Missing subsystem command.",
  1775. filename, linenum);
  1776. options->subsystem_command[options->num_subsystems] = xstrdup(arg);
  1777. /* Collect arguments (separate to executable) */
  1778. p = xstrdup(arg);
  1779. len = strlen(p) + 1;
  1780. while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
  1781. len += 1 + strlen(arg);
  1782. p = xreallocarray(p, 1, len);
  1783. strlcat(p, " ", len);
  1784. strlcat(p, arg, len);
  1785. }
  1786. options->subsystem_args[options->num_subsystems] = p;
  1787. options->num_subsystems++;
  1788. break;
  1789. case sMaxStartups:
  1790. arg = strdelim(&cp);
  1791. if (!arg || *arg == '\0')
  1792. fatal("%s line %d: Missing MaxStartups spec.",
  1793. filename, linenum);
  1794. if ((n = sscanf(arg, "%d:%d:%d",
  1795. &options->max_startups_begin,
  1796. &options->max_startups_rate,
  1797. &options->max_startups)) == 3) {
  1798. if (options->max_startups_begin >
  1799. options->max_startups ||
  1800. options->max_startups_rate > 100 ||
  1801. options->max_startups_rate < 1)
  1802. fatal("%s line %d: Illegal MaxStartups spec.",
  1803. filename, linenum);
  1804. } else if (n != 1)
  1805. fatal("%s line %d: Illegal MaxStartups spec.",
  1806. filename, linenum);
  1807. else
  1808. options->max_startups = options->max_startups_begin;
  1809. break;
  1810. case sPerSourceNetBlockSize:
  1811. arg = strdelim(&cp);
  1812. if (!arg || *arg == '\0')
  1813. fatal("%s line %d: Missing PerSourceNetBlockSize spec.",
  1814. filename, linenum);
  1815. switch (n = sscanf(arg, "%d:%d", &value, &value2)) {
  1816. case 2:
  1817. if (value2 < 0 || value2 > 128)
  1818. n = -1;
  1819. /* FALLTHROUGH */
  1820. case 1:
  1821. if (value < 0 || value > 32)
  1822. n = -1;
  1823. }
  1824. if (n != 1 && n != 2)
  1825. fatal("%s line %d: Invalid PerSourceNetBlockSize"
  1826. " spec.", filename, linenum);
  1827. if (*activep) {
  1828. options->per_source_masklen_ipv4 = value;
  1829. options->per_source_masklen_ipv6 = value2;
  1830. }
  1831. break;
  1832. case sPerSourceMaxStartups:
  1833. arg = strdelim(&cp);
  1834. if (!arg || *arg == '\0')
  1835. fatal("%s line %d: Missing PerSourceMaxStartups spec.",
  1836. filename, linenum);
  1837. if (strcmp(arg, "none") == 0) { /* no limit */
  1838. value = INT_MAX;
  1839. } else {
  1840. if ((errstr = atoi_err(arg, &value)) != NULL)
  1841. fatal("%s line %d: integer value %s.",
  1842. filename, linenum, errstr);
  1843. }
  1844. if (*activep)
  1845. options->per_source_max_startups = value;
  1846. break;
  1847. case sMaxAuthTries:
  1848. intptr = &options->max_authtries;
  1849. goto parse_int;
  1850. case sMaxSessions:
  1851. intptr = &options->max_sessions;
  1852. goto parse_int;
  1853. case sBanner:
  1854. charptr = &options->banner;
  1855. goto parse_filename;
  1856. /*
  1857. * These options can contain %X options expanded at
  1858. * connect time, so that you can specify paths like:
  1859. *
  1860. * AuthorizedKeysFile /etc/ssh_keys/%u
  1861. */
  1862. case sAuthorizedKeysFile:
  1863. if (*activep && options->num_authkeys_files == 0) {
  1864. while ((arg = strdelim(&cp)) && *arg != '\0') {
  1865. arg = tilde_expand_filename(arg, getuid());
  1866. opt_array_append(filename, linenum,
  1867. "AuthorizedKeysFile",
  1868. &options->authorized_keys_files,
  1869. &options->num_authkeys_files, arg);
  1870. free(arg);
  1871. }
  1872. }
  1873. return 0;
  1874. case sAuthorizedPrincipalsFile:
  1875. charptr = &options->authorized_principals_file;
  1876. arg = strdelim(&cp);
  1877. if (!arg || *arg == '\0')
  1878. fatal("%s line %d: missing file name.",
  1879. filename, linenum);
  1880. if (*activep && *charptr == NULL) {
  1881. *charptr = tilde_expand_filename(arg, getuid());
  1882. /* increase optional counter */
  1883. /* DEAD CODE intptr is still NULL ;)
  1884. if (intptr != NULL)
  1885. *intptr = *intptr + 1; */
  1886. }
  1887. break;
  1888. case sClientAliveInterval:
  1889. intptr = &options->client_alive_interval;
  1890. goto parse_time;
  1891. case sClientAliveCountMax:
  1892. intptr = &options->client_alive_count_max;
  1893. goto parse_int;
  1894. case sAcceptEnv:
  1895. while ((arg = strdelim(&cp)) && *arg != '\0') {
  1896. if (strchr(arg, '=') != NULL)
  1897. fatal("%s line %d: Invalid environment name.",
  1898. filename, linenum);
  1899. if (!*activep)
  1900. continue;
  1901. opt_array_append(filename, linenum, "AcceptEnv",
  1902. &options->accept_env, &options->num_accept_env,
  1903. arg);
  1904. }
  1905. break;
  1906. case sSetEnv:
  1907. uvalue = options->num_setenv;
  1908. while ((arg = strdelimw(&cp)) && *arg != '\0') {
  1909. if (strchr(arg, '=') == NULL)
  1910. fatal("%s line %d: Invalid environment.",
  1911. filename, linenum);
  1912. if (!*activep || uvalue != 0)
  1913. continue;
  1914. opt_array_append(filename, linenum, "SetEnv",
  1915. &options->setenv, &options->num_setenv, arg);
  1916. }
  1917. break;
  1918. case sPermitTunnel:
  1919. intptr = &options->permit_tun;
  1920. arg = strdelim(&cp);
  1921. if (!arg || *arg == '\0')
  1922. fatal("%s line %d: Missing yes/point-to-point/"
  1923. "ethernet/no argument.", filename, linenum);
  1924. value = -1;
  1925. for (i = 0; tunmode_desc[i].val != -1; i++)
  1926. if (strcmp(tunmode_desc[i].text, arg) == 0) {
  1927. value = tunmode_desc[i].val;
  1928. break;
  1929. }
  1930. if (value == -1)
  1931. fatal("%s line %d: Bad yes/point-to-point/ethernet/"
  1932. "no argument: %s", filename, linenum, arg);
  1933. if (*activep && *intptr == -1)
  1934. *intptr = value;
  1935. break;
  1936. case sInclude:
  1937. if (cmdline) {
  1938. fatal("Include directive not supported as a "
  1939. "command-line option");
  1940. }
  1941. value = 0;
  1942. while ((arg2 = strdelim(&cp)) != NULL && *arg2 != '\0') {
  1943. value++;
  1944. found = 0;
  1945. if (*arg2 != '/' && *arg2 != '~') {
  1946. xasprintf(&arg, "%s/%s", SSHDIR, arg2);
  1947. } else
  1948. arg = xstrdup(arg2);
  1949. /*
  1950. * Don't let included files clobber the containing
  1951. * file's Match state.
  1952. */
  1953. oactive = *activep;
  1954. /* consult cache of include files */
  1955. TAILQ_FOREACH(item, includes, entry) {
  1956. if (strcmp(item->selector, arg) != 0)
  1957. continue;
  1958. if (item->filename != NULL) {
  1959. parse_server_config_depth(options,
  1960. item->filename, item->contents,
  1961. includes, connectinfo,
  1962. (*inc_flags & SSHCFG_MATCH_ONLY
  1963. ? SSHCFG_MATCH_ONLY : (oactive
  1964. ? 0 : SSHCFG_NEVERMATCH)),
  1965. activep, depth + 1);
  1966. }
  1967. found = 1;
  1968. *activep = oactive;
  1969. }
  1970. if (found != 0) {
  1971. free(arg);
  1972. continue;
  1973. }
  1974. /* requested glob was not in cache */
  1975. debug2("%s line %d: new include %s",
  1976. filename, linenum, arg);
  1977. if ((r = glob(arg, 0, NULL, &gbuf)) != 0) {
  1978. if (r != GLOB_NOMATCH) {
  1979. fatal("%s line %d: include \"%s\" "
  1980. "glob failed", filename,
  1981. linenum, arg);
  1982. }
  1983. /*
  1984. * If no entry matched then record a
  1985. * placeholder to skip later glob calls.
  1986. */
  1987. debug2("%s line %d: no match for %s",
  1988. filename, linenum, arg);
  1989. item = xcalloc(1, sizeof(*item));
  1990. item->selector = strdup(arg);
  1991. TAILQ_INSERT_TAIL(includes,
  1992. item, entry);
  1993. }
  1994. if (gbuf.gl_pathc > INT_MAX)
  1995. fatal("%s: too many glob results", __func__);
  1996. for (n = 0; n < (int)gbuf.gl_pathc; n++) {
  1997. debug2("%s line %d: including %s",
  1998. filename, linenum, gbuf.gl_pathv[n]);
  1999. item = xcalloc(1, sizeof(*item));
  2000. item->selector = strdup(arg);
  2001. item->filename = strdup(gbuf.gl_pathv[n]);
  2002. if ((item->contents = sshbuf_new()) == NULL) {
  2003. fatal("%s: sshbuf_new failed",
  2004. __func__);
  2005. }
  2006. load_server_config(item->filename,
  2007. item->contents);
  2008. parse_server_config_depth(options,
  2009. item->filename, item->contents,
  2010. includes, connectinfo,
  2011. (*inc_flags & SSHCFG_MATCH_ONLY
  2012. ? SSHCFG_MATCH_ONLY : (oactive
  2013. ? 0 : SSHCFG_NEVERMATCH)),
  2014. activep, depth + 1);
  2015. *activep = oactive;
  2016. TAILQ_INSERT_TAIL(includes, item, entry);
  2017. }
  2018. globfree(&gbuf);
  2019. free(arg);
  2020. }
  2021. if (value == 0) {
  2022. fatal("%s line %d: Include missing filename argument",
  2023. filename, linenum);
  2024. }
  2025. break;
  2026. case sMatch:
  2027. if (cmdline)
  2028. fatal("Match directive not supported as a command-line "
  2029. "option");
  2030. value = match_cfg_line(&cp, linenum,
  2031. (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo));
  2032. if (value < 0)
  2033. fatal("%s line %d: Bad Match condition", filename,
  2034. linenum);
  2035. *activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
  2036. /* The MATCH_ONLY is applicable only until the first match block */
  2037. *inc_flags &= ~SSHCFG_MATCH_ONLY;
  2038. break;
  2039. case sPermitListen:
  2040. case sPermitOpen:
  2041. if (opcode == sPermitListen) {
  2042. uintptr = &options->num_permitted_listens;
  2043. chararrayptr = &options->permitted_listens;
  2044. } else {
  2045. uintptr = &options->num_permitted_opens;
  2046. chararrayptr = &options->permitted_opens;
  2047. }
  2048. arg = strdelim(&cp);
  2049. if (!arg || *arg == '\0')
  2050. fatal("%s line %d: missing %s specification",
  2051. filename, linenum, lookup_opcode_name(opcode));
  2052. uvalue = *uintptr; /* modified later */
  2053. if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
  2054. if (*activep && uvalue == 0) {
  2055. *uintptr = 1;
  2056. *chararrayptr = xcalloc(1,
  2057. sizeof(**chararrayptr));
  2058. (*chararrayptr)[0] = xstrdup(arg);
  2059. }
  2060. break;
  2061. }
  2062. for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
  2063. if (opcode == sPermitListen &&
  2064. strchr(arg, ':') == NULL) {
  2065. /*
  2066. * Allow bare port number for PermitListen
  2067. * to indicate a wildcard listen host.
  2068. */
  2069. xasprintf(&arg2, "*:%s", arg);
  2070. } else {
  2071. arg2 = xstrdup(arg);
  2072. ch = '\0';
  2073. p = hpdelim2(&arg, &ch);
  2074. if (p == NULL || ch == '/') {
  2075. fatal("%s line %d: missing host in %s",
  2076. filename, linenum,
  2077. lookup_opcode_name(opcode));
  2078. }
  2079. p = cleanhostname(p);
  2080. }
  2081. if (arg == NULL ||
  2082. ((port = permitopen_port(arg)) < 0)) {
  2083. fatal("%s line %d: bad port number in %s",
  2084. filename, linenum,
  2085. lookup_opcode_name(opcode));
  2086. }
  2087. if (*activep && uvalue == 0) {
  2088. opt_array_append(filename, linenum,
  2089. lookup_opcode_name(opcode),
  2090. chararrayptr, uintptr, arg2);
  2091. }
  2092. free(arg2);
  2093. }
  2094. break;
  2095. case sForceCommand:
  2096. if (cp == NULL || *cp == '\0')
  2097. fatal("%.200s line %d: Missing argument.", filename,
  2098. linenum);
  2099. len = strspn(cp, WHITESPACE);
  2100. if (*activep && options->adm_forced_command == NULL)
  2101. options->adm_forced_command = xstrdup(cp + len);
  2102. return 0;
  2103. case sChrootDirectory:
  2104. charptr = &options->chroot_directory;
  2105. arg = strdelim(&cp);
  2106. if (!arg || *arg == '\0')
  2107. fatal("%s line %d: missing file name.",
  2108. filename, linenum);
  2109. if (*activep && *charptr == NULL)
  2110. *charptr = xstrdup(arg);
  2111. break;
  2112. case sTrustedUserCAKeys:
  2113. charptr = &options->trusted_user_ca_keys;
  2114. goto parse_filename;
  2115. case sRevokedKeys:
  2116. charptr = &options->revoked_keys_file;
  2117. goto parse_filename;
  2118. case sSecurityKeyProvider:
  2119. charptr = &options->sk_provider;
  2120. arg = strdelim(&cp);
  2121. if (!arg || *arg == '\0')
  2122. fatal("%s line %d: missing file name.",
  2123. filename, linenum);
  2124. if (*activep && *charptr == NULL) {
  2125. *charptr = strcasecmp(arg, "internal") == 0 ?
  2126. xstrdup(arg) : derelativise_path(arg);
  2127. /* increase optional counter */
  2128. if (intptr != NULL)
  2129. *intptr = *intptr + 1;
  2130. }
  2131. break;
  2132. case sIPQoS:
  2133. arg = strdelim(&cp);
  2134. if ((value = parse_ipqos(arg)) == -1)
  2135. fatal("%s line %d: Bad IPQoS value: %s",
  2136. filename, linenum, arg);
  2137. arg = strdelim(&cp);
  2138. if (arg == NULL)
  2139. value2 = value;
  2140. else if ((value2 = parse_ipqos(arg)) == -1)
  2141. fatal("%s line %d: Bad IPQoS value: %s",
  2142. filename, linenum, arg);
  2143. if (*activep) {
  2144. options->ip_qos_interactive = value;
  2145. options->ip_qos_bulk = value2;
  2146. }
  2147. break;
  2148. case sVersionAddendum:
  2149. if (cp == NULL || *cp == '\0')
  2150. fatal("%.200s line %d: Missing argument.", filename,
  2151. linenum);
  2152. len = strspn(cp, WHITESPACE);
  2153. if (*activep && options->version_addendum == NULL) {
  2154. if (strcasecmp(cp + len, "none") == 0)
  2155. options->version_addendum = xstrdup("");
  2156. else if (strchr(cp + len, '\r') != NULL)
  2157. fatal("%.200s line %d: Invalid argument",
  2158. filename, linenum);
  2159. else
  2160. options->version_addendum = xstrdup(cp + len);
  2161. }
  2162. return 0;
  2163. case sAuthorizedKeysCommand:
  2164. if (cp == NULL)
  2165. fatal("%.200s line %d: Missing argument.", filename,
  2166. linenum);
  2167. len = strspn(cp, WHITESPACE);
  2168. if (*activep && options->authorized_keys_command == NULL) {
  2169. if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
  2170. fatal("%.200s line %d: AuthorizedKeysCommand "
  2171. "must be an absolute path",
  2172. filename, linenum);
  2173. options->authorized_keys_command = xstrdup(cp + len);
  2174. }
  2175. return 0;
  2176. case sAuthorizedKeysCommandUser:
  2177. charptr = &options->authorized_keys_command_user;
  2178. arg = strdelim(&cp);
  2179. if (!arg || *arg == '\0')
  2180. fatal("%s line %d: missing AuthorizedKeysCommandUser "
  2181. "argument.", filename, linenum);
  2182. if (*activep && *charptr == NULL)
  2183. *charptr = xstrdup(arg);
  2184. break;
  2185. case sAuthorizedPrincipalsCommand:
  2186. if (cp == NULL)
  2187. fatal("%.200s line %d: Missing argument.", filename,
  2188. linenum);
  2189. len = strspn(cp, WHITESPACE);
  2190. if (*activep &&
  2191. options->authorized_principals_command == NULL) {
  2192. if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
  2193. fatal("%.200s line %d: "
  2194. "AuthorizedPrincipalsCommand must be "
  2195. "an absolute path", filename, linenum);
  2196. options->authorized_principals_command =
  2197. xstrdup(cp + len);
  2198. }
  2199. return 0;
  2200. case sAuthorizedPrincipalsCommandUser:
  2201. charptr = &options->authorized_principals_command_user;
  2202. arg = strdelim(&cp);
  2203. if (!arg || *arg == '\0')
  2204. fatal("%s line %d: missing "
  2205. "AuthorizedPrincipalsCommandUser argument.",
  2206. filename, linenum);
  2207. if (*activep && *charptr == NULL)
  2208. *charptr = xstrdup(arg);
  2209. break;
  2210. case sAuthenticationMethods:
  2211. if (options->num_auth_methods == 0) {
  2212. value = 0; /* seen "any" pseudo-method */
  2213. value2 = 0; /* successfully parsed any method */
  2214. while ((arg = strdelim(&cp)) && *arg != '\0') {
  2215. if (strcmp(arg, "any") == 0) {
  2216. if (options->num_auth_methods > 0) {
  2217. fatal("%s line %d: \"any\" "
  2218. "must appear alone in "
  2219. "AuthenticationMethods",
  2220. filename, linenum);
  2221. }
  2222. value = 1;
  2223. } else if (value) {
  2224. fatal("%s line %d: \"any\" must appear "
  2225. "alone in AuthenticationMethods",
  2226. filename, linenum);
  2227. } else if (auth2_methods_valid(arg, 0) != 0) {
  2228. fatal("%s line %d: invalid "
  2229. "authentication method list.",
  2230. filename, linenum);
  2231. }
  2232. value2 = 1;
  2233. if (!*activep)
  2234. continue;
  2235. opt_array_append(filename, linenum,
  2236. "AuthenticationMethods",
  2237. &options->auth_methods,
  2238. &options->num_auth_methods, arg);
  2239. }
  2240. if (value2 == 0) {
  2241. fatal("%s line %d: no AuthenticationMethods "
  2242. "specified", filename, linenum);
  2243. }
  2244. }
  2245. return 0;
  2246. case sStreamLocalBindMask:
  2247. arg = strdelim(&cp);
  2248. if (!arg || *arg == '\0')
  2249. fatal("%s line %d: missing StreamLocalBindMask "
  2250. "argument.", filename, linenum);
  2251. /* Parse mode in octal format */
  2252. value = strtol(arg, &p, 8);
  2253. if (arg == p || value < 0 || value > 0777)
  2254. fatal("%s line %d: Bad mask.", filename, linenum);
  2255. if (*activep)
  2256. options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
  2257. break;
  2258. case sStreamLocalBindUnlink:
  2259. intptr = &options->fwd_opts.streamlocal_bind_unlink;
  2260. goto parse_flag;
  2261. case sFingerprintHash:
  2262. arg = strdelim(&cp);
  2263. if (!arg || *arg == '\0')
  2264. fatal("%.200s line %d: Missing argument.",
  2265. filename, linenum);
  2266. if ((value = ssh_digest_alg_by_name(arg)) == -1)
  2267. fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
  2268. filename, linenum, arg);
  2269. if (*activep)
  2270. options->fingerprint_hash = value;
  2271. break;
  2272. case sExposeAuthInfo:
  2273. intptr = &options->expose_userauth_info;
  2274. goto parse_flag;
  2275. case sRDomain:
  2276. #if !defined(__OpenBSD__) && !defined(HAVE_SYS_SET_PROCESS_RDOMAIN)
  2277. fatal("%s line %d: setting RDomain not supported on this "
  2278. "platform.", filename, linenum);
  2279. #endif
  2280. charptr = &options->routing_domain;
  2281. arg = strdelim(&cp);
  2282. if (!arg || *arg == '\0')
  2283. fatal("%.200s line %d: Missing argument.",
  2284. filename, linenum);
  2285. if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
  2286. !valid_rdomain(arg))
  2287. fatal("%s line %d: bad routing domain",
  2288. filename, linenum);
  2289. if (*activep && *charptr == NULL)
  2290. *charptr = xstrdup(arg);
  2291. break;
  2292. case sDeprecated:
  2293. case sIgnore:
  2294. case sUnsupported:
  2295. do_log2(opcode == sIgnore ?
  2296. SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO,
  2297. "%s line %d: %s option %s", filename, linenum,
  2298. opcode == sUnsupported ? "Unsupported" : "Deprecated", arg);
  2299. while (arg)
  2300. arg = strdelim(&cp);
  2301. break;
  2302. default:
  2303. fatal("%s line %d: Missing handler for opcode %s (%d)",
  2304. filename, linenum, arg, opcode);
  2305. }
  2306. if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
  2307. fatal("%s line %d: garbage at end of line; \"%.200s\".",
  2308. filename, linenum, arg);
  2309. return 0;
  2310. }
  2311. int
  2312. process_server_config_line(ServerOptions *options, char *line,
  2313. const char *filename, int linenum, int *activep,
  2314. struct connection_info *connectinfo, struct include_list *includes)
  2315. {
  2316. int inc_flags = 0;
  2317. return process_server_config_line_depth(options, line, filename,
  2318. linenum, activep, connectinfo, &inc_flags, 0, includes);
  2319. }
  2320. /* Reads the server configuration file. */
  2321. void
  2322. load_server_config(const char *filename, struct sshbuf *conf)
  2323. {
  2324. struct stat st;
  2325. char *line = NULL, *cp;
  2326. size_t linesize = 0;
  2327. FILE *f;
  2328. int r, lineno = 0;
  2329. debug2("%s: filename %s", __func__, filename);
  2330. if ((f = fopen(filename, "r")) == NULL) {
  2331. perror(filename);
  2332. exit(1);
  2333. }
  2334. sshbuf_reset(conf);
  2335. /* grow buffer, so realloc is avoided for large config files */
  2336. if (fstat(fileno(f), &st) == 0 && st.st_size > 0 &&
  2337. (r = sshbuf_allocate(conf, st.st_size)) != 0)
  2338. fatal("%s: allocate failed: %s", __func__, ssh_err(r));
  2339. while (getline(&line, &linesize, f) != -1) {
  2340. lineno++;
  2341. /*
  2342. * Trim out comments and strip whitespace
  2343. * NB - preserve newlines, they are needed to reproduce
  2344. * line numbers later for error messages
  2345. */
  2346. if ((cp = strchr(line, '#')) != NULL)
  2347. memcpy(cp, "\n", 2);
  2348. cp = line + strspn(line, " \t\r");
  2349. if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
  2350. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  2351. }
  2352. free(line);
  2353. if ((r = sshbuf_put_u8(conf, 0)) != 0)
  2354. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  2355. fclose(f);
  2356. debug2("%s: done config len = %zu", __func__, sshbuf_len(conf));
  2357. }
  2358. void
  2359. parse_server_match_config(ServerOptions *options,
  2360. struct include_list *includes, struct connection_info *connectinfo)
  2361. {
  2362. ServerOptions mo;
  2363. initialize_server_options(&mo);
  2364. parse_server_config(&mo, "reprocess config", cfg, includes,
  2365. connectinfo);
  2366. copy_set_server_options(options, &mo, 0);
  2367. }
  2368. int parse_server_match_testspec(struct connection_info *ci, char *spec)
  2369. {
  2370. char *p;
  2371. while ((p = strsep(&spec, ",")) && *p != '\0') {
  2372. if (strncmp(p, "addr=", 5) == 0) {
  2373. ci->address = xstrdup(p + 5);
  2374. } else if (strncmp(p, "host=", 5) == 0) {
  2375. ci->host = xstrdup(p + 5);
  2376. } else if (strncmp(p, "user=", 5) == 0) {
  2377. ci->user = xstrdup(p + 5);
  2378. } else if (strncmp(p, "laddr=", 6) == 0) {
  2379. ci->laddress = xstrdup(p + 6);
  2380. } else if (strncmp(p, "rdomain=", 8) == 0) {
  2381. ci->rdomain = xstrdup(p + 8);
  2382. } else if (strncmp(p, "lport=", 6) == 0) {
  2383. ci->lport = a2port(p + 6);
  2384. if (ci->lport == -1) {
  2385. fprintf(stderr, "Invalid port '%s' in test mode"
  2386. " specification %s\n", p+6, p);
  2387. return -1;
  2388. }
  2389. } else {
  2390. fprintf(stderr, "Invalid test mode specification %s\n",
  2391. p);
  2392. return -1;
  2393. }
  2394. }
  2395. return 0;
  2396. }
  2397. /*
  2398. * Copy any supported values that are set.
  2399. *
  2400. * If the preauth flag is set, we do not bother copying the string or
  2401. * array values that are not used pre-authentication, because any that we
  2402. * do use must be explicitly sent in mm_getpwnamallow().
  2403. */
  2404. void
  2405. copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
  2406. {
  2407. #define M_CP_INTOPT(n) do {\
  2408. if (src->n != -1) \
  2409. dst->n = src->n; \
  2410. } while (0)
  2411. M_CP_INTOPT(password_authentication);
  2412. M_CP_INTOPT(gss_authentication);
  2413. M_CP_INTOPT(pubkey_authentication);
  2414. M_CP_INTOPT(pubkey_auth_options);
  2415. M_CP_INTOPT(kerberos_authentication);
  2416. M_CP_INTOPT(hostbased_authentication);
  2417. M_CP_INTOPT(hostbased_uses_name_from_packet_only);
  2418. M_CP_INTOPT(kbd_interactive_authentication);
  2419. M_CP_INTOPT(permit_root_login);
  2420. M_CP_INTOPT(permit_empty_passwd);
  2421. M_CP_INTOPT(ignore_rhosts);
  2422. M_CP_INTOPT(allow_tcp_forwarding);
  2423. M_CP_INTOPT(allow_streamlocal_forwarding);
  2424. M_CP_INTOPT(allow_agent_forwarding);
  2425. M_CP_INTOPT(disable_forwarding);
  2426. M_CP_INTOPT(expose_userauth_info);
  2427. M_CP_INTOPT(permit_tun);
  2428. M_CP_INTOPT(fwd_opts.gateway_ports);
  2429. M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
  2430. M_CP_INTOPT(x11_display_offset);
  2431. M_CP_INTOPT(x11_forwarding);
  2432. M_CP_INTOPT(x11_use_localhost);
  2433. M_CP_INTOPT(permit_tty);
  2434. M_CP_INTOPT(permit_user_rc);
  2435. M_CP_INTOPT(max_sessions);
  2436. M_CP_INTOPT(max_authtries);
  2437. M_CP_INTOPT(client_alive_count_max);
  2438. M_CP_INTOPT(client_alive_interval);
  2439. M_CP_INTOPT(ip_qos_interactive);
  2440. M_CP_INTOPT(ip_qos_bulk);
  2441. M_CP_INTOPT(rekey_limit);
  2442. M_CP_INTOPT(rekey_interval);
  2443. M_CP_INTOPT(log_level);
  2444. /*
  2445. * The bind_mask is a mode_t that may be unsigned, so we can't use
  2446. * M_CP_INTOPT - it does a signed comparison that causes compiler
  2447. * warnings.
  2448. */
  2449. if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) {
  2450. dst->fwd_opts.streamlocal_bind_mask =
  2451. src->fwd_opts.streamlocal_bind_mask;
  2452. }
  2453. /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
  2454. #define M_CP_STROPT(n) do {\
  2455. if (src->n != NULL && dst->n != src->n) { \
  2456. free(dst->n); \
  2457. dst->n = src->n; \
  2458. } \
  2459. } while(0)
  2460. #define M_CP_STRARRAYOPT(s, num_s) do {\
  2461. u_int i; \
  2462. if (src->num_s != 0) { \
  2463. for (i = 0; i < dst->num_s; i++) \
  2464. free(dst->s[i]); \
  2465. free(dst->s); \
  2466. dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \
  2467. for (i = 0; i < src->num_s; i++) \
  2468. dst->s[i] = xstrdup(src->s[i]); \
  2469. dst->num_s = src->num_s; \
  2470. } \
  2471. } while(0)
  2472. /* See comment in servconf.h */
  2473. COPY_MATCH_STRING_OPTS();
  2474. /* Arguments that accept '+...' need to be expanded */
  2475. assemble_algorithms(dst);
  2476. /*
  2477. * The only things that should be below this point are string options
  2478. * which are only used after authentication.
  2479. */
  2480. if (preauth)
  2481. return;
  2482. /* These options may be "none" to clear a global setting */
  2483. M_CP_STROPT(adm_forced_command);
  2484. if (option_clear_or_none(dst->adm_forced_command)) {
  2485. free(dst->adm_forced_command);
  2486. dst->adm_forced_command = NULL;
  2487. }
  2488. M_CP_STROPT(chroot_directory);
  2489. if (option_clear_or_none(dst->chroot_directory)) {
  2490. free(dst->chroot_directory);
  2491. dst->chroot_directory = NULL;
  2492. }
  2493. }
  2494. #undef M_CP_INTOPT
  2495. #undef M_CP_STROPT
  2496. #undef M_CP_STRARRAYOPT
  2497. #define SERVCONF_MAX_DEPTH 16
  2498. static void
  2499. parse_server_config_depth(ServerOptions *options, const char *filename,
  2500. struct sshbuf *conf, struct include_list *includes,
  2501. struct connection_info *connectinfo, int flags, int *activep, int depth)
  2502. {
  2503. int linenum, bad_options = 0;
  2504. char *cp, *obuf, *cbuf;
  2505. if (depth < 0 || depth > SERVCONF_MAX_DEPTH)
  2506. fatal("Too many recursive configuration includes");
  2507. debug2("%s: config %s len %zu%s", __func__, filename, sshbuf_len(conf),
  2508. (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : ""));
  2509. if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
  2510. fatal("%s: sshbuf_dup_string failed", __func__);
  2511. linenum = 1;
  2512. while ((cp = strsep(&cbuf, "\n")) != NULL) {
  2513. if (process_server_config_line_depth(options, cp,
  2514. filename, linenum++, activep, connectinfo, &flags,
  2515. depth, includes) != 0)
  2516. bad_options++;
  2517. }
  2518. free(obuf);
  2519. if (bad_options > 0)
  2520. fatal("%s: terminating, %d bad configuration options",
  2521. filename, bad_options);
  2522. }
  2523. void
  2524. parse_server_config(ServerOptions *options, const char *filename,
  2525. struct sshbuf *conf, struct include_list *includes,
  2526. struct connection_info *connectinfo)
  2527. {
  2528. int active = connectinfo ? 0 : 1;
  2529. parse_server_config_depth(options, filename, conf, includes,
  2530. connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0);
  2531. process_queued_listen_addrs(options);
  2532. }
  2533. static const char *
  2534. fmt_multistate_int(int val, const struct multistate *m)
  2535. {
  2536. u_int i;
  2537. for (i = 0; m[i].key != NULL; i++) {
  2538. if (m[i].value == val)
  2539. return m[i].key;
  2540. }
  2541. return "UNKNOWN";
  2542. }
  2543. static const char *
  2544. fmt_intarg(ServerOpCodes code, int val)
  2545. {
  2546. if (val == -1)
  2547. return "unset";
  2548. switch (code) {
  2549. case sAddressFamily:
  2550. return fmt_multistate_int(val, multistate_addressfamily);
  2551. case sPermitRootLogin:
  2552. return fmt_multistate_int(val, multistate_permitrootlogin);
  2553. case sGatewayPorts:
  2554. return fmt_multistate_int(val, multistate_gatewayports);
  2555. case sCompression:
  2556. return fmt_multistate_int(val, multistate_compression);
  2557. case sAllowTcpForwarding:
  2558. return fmt_multistate_int(val, multistate_tcpfwd);
  2559. case sAllowStreamLocalForwarding:
  2560. return fmt_multistate_int(val, multistate_tcpfwd);
  2561. case sIgnoreRhosts:
  2562. return fmt_multistate_int(val, multistate_ignore_rhosts);
  2563. case sFingerprintHash:
  2564. return ssh_digest_alg_name(val);
  2565. default:
  2566. switch (val) {
  2567. case 0:
  2568. return "no";
  2569. case 1:
  2570. return "yes";
  2571. default:
  2572. return "UNKNOWN";
  2573. }
  2574. }
  2575. }
  2576. static void
  2577. dump_cfg_int(ServerOpCodes code, int val)
  2578. {
  2579. printf("%s %d\n", lookup_opcode_name(code), val);
  2580. }
  2581. static void
  2582. dump_cfg_oct(ServerOpCodes code, int val)
  2583. {
  2584. printf("%s 0%o\n", lookup_opcode_name(code), val);
  2585. }
  2586. static void
  2587. dump_cfg_fmtint(ServerOpCodes code, int val)
  2588. {
  2589. printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
  2590. }
  2591. static void
  2592. dump_cfg_string(ServerOpCodes code, const char *val)
  2593. {
  2594. printf("%s %s\n", lookup_opcode_name(code),
  2595. val == NULL ? "none" : val);
  2596. }
  2597. static void
  2598. dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
  2599. {
  2600. u_int i;
  2601. for (i = 0; i < count; i++)
  2602. printf("%s %s\n", lookup_opcode_name(code), vals[i]);
  2603. }
  2604. static void
  2605. dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
  2606. {
  2607. u_int i;
  2608. if (count <= 0 && code != sAuthenticationMethods)
  2609. return;
  2610. printf("%s", lookup_opcode_name(code));
  2611. for (i = 0; i < count; i++)
  2612. printf(" %s", vals[i]);
  2613. if (code == sAuthenticationMethods && count == 0)
  2614. printf(" any");
  2615. printf("\n");
  2616. }
  2617. static char *
  2618. format_listen_addrs(struct listenaddr *la)
  2619. {
  2620. int r;
  2621. struct addrinfo *ai;
  2622. char addr[NI_MAXHOST], port[NI_MAXSERV];
  2623. char *laddr1 = xstrdup(""), *laddr2 = NULL;
  2624. /*
  2625. * ListenAddress must be after Port. add_one_listen_addr pushes
  2626. * addresses onto a stack, so to maintain ordering we need to
  2627. * print these in reverse order.
  2628. */
  2629. for (ai = la->addrs; ai; ai = ai->ai_next) {
  2630. if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
  2631. sizeof(addr), port, sizeof(port),
  2632. NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
  2633. error("getnameinfo: %.100s", ssh_gai_strerror(r));
  2634. continue;
  2635. }
  2636. laddr2 = laddr1;
  2637. if (ai->ai_family == AF_INET6) {
  2638. xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s",
  2639. addr, port,
  2640. la->rdomain == NULL ? "" : " rdomain ",
  2641. la->rdomain == NULL ? "" : la->rdomain,
  2642. laddr2);
  2643. } else {
  2644. xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s",
  2645. addr, port,
  2646. la->rdomain == NULL ? "" : " rdomain ",
  2647. la->rdomain == NULL ? "" : la->rdomain,
  2648. laddr2);
  2649. }
  2650. free(laddr2);
  2651. }
  2652. return laddr1;
  2653. }
  2654. void
  2655. dump_config(ServerOptions *o)
  2656. {
  2657. char *s;
  2658. u_int i;
  2659. /* these are usually at the top of the config */
  2660. for (i = 0; i < o->num_ports; i++)
  2661. printf("port %d\n", o->ports[i]);
  2662. dump_cfg_fmtint(sAddressFamily, o->address_family);
  2663. for (i = 0; i < o->num_listen_addrs; i++) {
  2664. s = format_listen_addrs(&o->listen_addrs[i]);
  2665. printf("%s", s);
  2666. free(s);
  2667. }
  2668. /* integer arguments */
  2669. #ifdef USE_PAM
  2670. dump_cfg_fmtint(sUsePAM, o->use_pam);
  2671. #endif
  2672. dump_cfg_int(sLoginGraceTime, o->login_grace_time);
  2673. dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
  2674. dump_cfg_int(sMaxAuthTries, o->max_authtries);
  2675. dump_cfg_int(sMaxSessions, o->max_sessions);
  2676. dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
  2677. dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
  2678. dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
  2679. /* formatted integer arguments */
  2680. dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
  2681. dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
  2682. dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
  2683. dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
  2684. dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
  2685. o->hostbased_uses_name_from_packet_only);
  2686. dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
  2687. #ifdef KRB5
  2688. dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
  2689. dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
  2690. dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
  2691. # ifdef USE_AFS
  2692. dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
  2693. # endif
  2694. #endif
  2695. #ifdef GSSAPI
  2696. dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
  2697. dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
  2698. #endif
  2699. dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
  2700. dump_cfg_fmtint(sKbdInteractiveAuthentication,
  2701. o->kbd_interactive_authentication);
  2702. dump_cfg_fmtint(sChallengeResponseAuthentication,
  2703. o->challenge_response_authentication);
  2704. dump_cfg_fmtint(sPrintMotd, o->print_motd);
  2705. #ifndef DISABLE_LASTLOG
  2706. dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
  2707. #endif
  2708. dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
  2709. dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
  2710. dump_cfg_fmtint(sPermitTTY, o->permit_tty);
  2711. dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
  2712. dump_cfg_fmtint(sStrictModes, o->strict_modes);
  2713. dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
  2714. dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
  2715. dump_cfg_fmtint(sCompression, o->compression);
  2716. dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
  2717. dump_cfg_fmtint(sUseDNS, o->use_dns);
  2718. dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
  2719. dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
  2720. dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
  2721. dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
  2722. dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
  2723. dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
  2724. dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
  2725. /* string arguments */
  2726. dump_cfg_string(sPidFile, o->pid_file);
  2727. dump_cfg_string(sXAuthLocation, o->xauth_location);
  2728. dump_cfg_string(sCiphers, o->ciphers);
  2729. dump_cfg_string(sMacs, o->macs);
  2730. dump_cfg_string(sBanner, o->banner != NULL ? o->banner : "none");
  2731. dump_cfg_string(sForceCommand, o->adm_forced_command);
  2732. dump_cfg_string(sChrootDirectory, o->chroot_directory);
  2733. dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
  2734. dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
  2735. dump_cfg_string(sSecurityKeyProvider, o->sk_provider);
  2736. dump_cfg_string(sAuthorizedPrincipalsFile,
  2737. o->authorized_principals_file);
  2738. dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
  2739. ? "none" : o->version_addendum);
  2740. dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
  2741. dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
  2742. dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
  2743. dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
  2744. dump_cfg_string(sHostKeyAgent, o->host_key_agent);
  2745. dump_cfg_string(sKexAlgorithms, o->kex_algorithms);
  2746. dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms);
  2747. dump_cfg_string(sHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos);
  2748. dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms);
  2749. dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos);
  2750. #if defined(__OpenBSD__) || defined(HAVE_SYS_SET_PROCESS_RDOMAIN)
  2751. dump_cfg_string(sRDomain, o->routing_domain);
  2752. #endif
  2753. /* string arguments requiring a lookup */
  2754. dump_cfg_string(sLogLevel, log_level_name(o->log_level));
  2755. dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
  2756. /* string array arguments */
  2757. dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
  2758. o->authorized_keys_files);
  2759. dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
  2760. o->host_key_files);
  2761. dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
  2762. o->host_cert_files);
  2763. dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
  2764. dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
  2765. dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
  2766. dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
  2767. dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
  2768. dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv);
  2769. dump_cfg_strarray_oneline(sAuthenticationMethods,
  2770. o->num_auth_methods, o->auth_methods);
  2771. /* other arguments */
  2772. for (i = 0; i < o->num_subsystems; i++)
  2773. printf("subsystem %s %s\n", o->subsystem_name[i],
  2774. o->subsystem_args[i]);
  2775. printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
  2776. o->max_startups_rate, o->max_startups);
  2777. printf("persourcemaxstartups ");
  2778. if (o->per_source_max_startups == INT_MAX)
  2779. printf("none\n");
  2780. else
  2781. printf("%d\n", o->per_source_max_startups);
  2782. printf("persourcenetblocksize %d:%d\n", o->per_source_masklen_ipv4,
  2783. o->per_source_masklen_ipv6);
  2784. s = NULL;
  2785. for (i = 0; tunmode_desc[i].val != -1; i++) {
  2786. if (tunmode_desc[i].val == o->permit_tun) {
  2787. s = tunmode_desc[i].text;
  2788. break;
  2789. }
  2790. }
  2791. dump_cfg_string(sPermitTunnel, s);
  2792. printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
  2793. printf("%s\n", iptos2str(o->ip_qos_bulk));
  2794. printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
  2795. o->rekey_interval);
  2796. printf("permitopen");
  2797. if (o->num_permitted_opens == 0)
  2798. printf(" any");
  2799. else {
  2800. for (i = 0; i < o->num_permitted_opens; i++)
  2801. printf(" %s", o->permitted_opens[i]);
  2802. }
  2803. printf("\n");
  2804. printf("permitlisten");
  2805. if (o->num_permitted_listens == 0)
  2806. printf(" any");
  2807. else {
  2808. for (i = 0; i < o->num_permitted_listens; i++)
  2809. printf(" %s", o->permitted_listens[i]);
  2810. }
  2811. printf("\n");
  2812. if (o->permit_user_env_allowlist == NULL) {
  2813. dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
  2814. } else {
  2815. printf("permituserenvironment %s\n",
  2816. o->permit_user_env_allowlist);
  2817. }
  2818. printf("pubkeyauthoptions");
  2819. if (o->pubkey_auth_options == 0)
  2820. printf(" none");
  2821. if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED)
  2822. printf(" touch-required");
  2823. if (o->pubkey_auth_options & PUBKEYAUTH_VERIFY_REQUIRED)
  2824. printf(" verify-required");
  2825. printf("\n");
  2826. }