2 /* $OpenBSD: servconf.c,v 1.234 2013/02/06 00:20:42 dtucker Exp $ */
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
18 #include <sys/types.h>
19 #include <sys/socket.h>
21 #include <netinet/in.h>
22 #include <netinet/in_systm.h>
23 #include <netinet/ip.h>
35 #include "openbsd-compat/sys-queue.h"
42 #include "pathnames.h"
50 #include "groupaccess.h"
57 static void add_listen_addr(ServerOptions *, char *, int);
58 static void add_one_listen_addr(ServerOptions *, char *, int);
60 /* Use of privilege separation or not */
61 extern int use_privsep;
64 /* Initializes the server options to their default values. */
67 initialize_server_options(ServerOptions *options)
69 memset(options, 0, sizeof(*options));
71 /* Portable-specific options */
72 options->use_pam = -1;
74 /* Standard Options */
75 options->num_ports = 0;
76 options->ports_from_cmdline = 0;
77 options->listen_addrs = NULL;
78 options->address_family = -1;
79 options->num_host_key_files = 0;
80 options->num_host_cert_files = 0;
81 options->pid_file = NULL;
82 options->server_key_bits = -1;
83 options->login_grace_time = -1;
84 options->key_regeneration_time = -1;
85 options->permit_root_login = PERMIT_NOT_SET;
86 options->ignore_rhosts = -1;
87 options->ignore_user_known_hosts = -1;
88 options->print_motd = -1;
89 options->print_lastlog = -1;
90 options->x11_forwarding = -1;
91 options->x11_display_offset = -1;
92 options->x11_use_localhost = -1;
93 options->xauth_location = NULL;
94 options->strict_modes = -1;
95 options->tcp_keep_alive = -1;
96 options->log_facility = SYSLOG_FACILITY_NOT_SET;
97 options->log_level = SYSLOG_LEVEL_NOT_SET;
98 options->rhosts_rsa_authentication = -1;
99 options->hostbased_authentication = -1;
100 options->hostbased_uses_name_from_packet_only = -1;
101 options->rsa_authentication = -1;
102 options->pubkey_authentication = -1;
103 options->kerberos_authentication = -1;
104 options->kerberos_or_local_passwd = -1;
105 options->kerberos_ticket_cleanup = -1;
106 options->kerberos_get_afs_token = -1;
107 options->gss_authentication=-1;
108 options->gss_cleanup_creds = -1;
109 options->password_authentication = -1;
110 options->kbd_interactive_authentication = -1;
111 options->challenge_response_authentication = -1;
112 options->permit_empty_passwd = -1;
113 options->permit_user_env = -1;
114 options->use_login = -1;
115 options->compression = -1;
116 options->allow_tcp_forwarding = -1;
117 options->allow_agent_forwarding = -1;
118 options->num_allow_users = 0;
119 options->num_deny_users = 0;
120 options->num_allow_groups = 0;
121 options->num_deny_groups = 0;
122 options->ciphers = NULL;
123 options->macs = NULL;
124 options->kex_algorithms = NULL;
125 options->protocol = SSH_PROTO_UNKNOWN;
126 options->gateway_ports = -1;
127 options->num_subsystems = 0;
128 options->max_startups_begin = -1;
129 options->max_startups_rate = -1;
130 options->max_startups = -1;
131 options->max_authtries = -1;
132 options->max_sessions = -1;
133 options->banner = NULL;
134 options->use_dns = -1;
135 options->client_alive_interval = -1;
136 options->client_alive_count_max = -1;
137 options->num_authkeys_files = 0;
138 options->num_accept_env = 0;
139 options->permit_tun = -1;
140 options->num_permitted_opens = -1;
141 options->adm_forced_command = NULL;
142 options->chroot_directory = NULL;
143 options->authorized_keys_command = NULL;
144 options->authorized_keys_command_user = NULL;
145 options->zero_knowledge_password_authentication = -1;
146 options->revoked_keys_file = NULL;
147 options->trusted_user_ca_keys = NULL;
148 options->authorized_principals_file = NULL;
149 options->ip_qos_interactive = -1;
150 options->ip_qos_bulk = -1;
151 options->version_addendum = NULL;
152 options->hpn_disabled = -1;
153 options->hpn_buffer_size = -1;
154 options->tcp_rcv_buf_poll = -1;
155 #ifdef NONE_CIPHER_ENABLED
156 options->none_enabled = -1;
161 fill_default_server_options(ServerOptions *options)
163 /* Portable-specific options */
164 if (options->use_pam == -1)
165 options->use_pam = 1;
167 /* Standard Options */
168 if (options->protocol == SSH_PROTO_UNKNOWN)
169 options->protocol = SSH_PROTO_2;
170 if (options->num_host_key_files == 0) {
171 /* fill default hostkeys for protocols */
172 if (options->protocol & SSH_PROTO_1)
173 options->host_key_files[options->num_host_key_files++] =
175 if (options->protocol & SSH_PROTO_2) {
176 options->host_key_files[options->num_host_key_files++] =
177 _PATH_HOST_RSA_KEY_FILE;
178 options->host_key_files[options->num_host_key_files++] =
179 _PATH_HOST_DSA_KEY_FILE;
180 #ifdef OPENSSL_HAS_ECC
181 options->host_key_files[options->num_host_key_files++] =
182 _PATH_HOST_ECDSA_KEY_FILE;
186 /* No certificates by default */
187 if (options->num_ports == 0)
188 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
189 if (options->listen_addrs == NULL)
190 add_listen_addr(options, NULL, 0);
191 if (options->pid_file == NULL)
192 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
193 if (options->server_key_bits == -1)
194 options->server_key_bits = 1024;
195 if (options->login_grace_time == -1)
196 options->login_grace_time = 120;
197 if (options->key_regeneration_time == -1)
198 options->key_regeneration_time = 3600;
199 if (options->permit_root_login == PERMIT_NOT_SET)
200 options->permit_root_login = PERMIT_NO;
201 if (options->ignore_rhosts == -1)
202 options->ignore_rhosts = 1;
203 if (options->ignore_user_known_hosts == -1)
204 options->ignore_user_known_hosts = 0;
205 if (options->print_motd == -1)
206 options->print_motd = 1;
207 if (options->print_lastlog == -1)
208 options->print_lastlog = 1;
209 if (options->x11_forwarding == -1)
210 options->x11_forwarding = 1;
211 if (options->x11_display_offset == -1)
212 options->x11_display_offset = 10;
213 if (options->x11_use_localhost == -1)
214 options->x11_use_localhost = 1;
215 if (options->xauth_location == NULL)
216 options->xauth_location = _PATH_XAUTH;
217 if (options->strict_modes == -1)
218 options->strict_modes = 1;
219 if (options->tcp_keep_alive == -1)
220 options->tcp_keep_alive = 1;
221 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
222 options->log_facility = SYSLOG_FACILITY_AUTH;
223 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
224 options->log_level = SYSLOG_LEVEL_INFO;
225 if (options->rhosts_rsa_authentication == -1)
226 options->rhosts_rsa_authentication = 0;
227 if (options->hostbased_authentication == -1)
228 options->hostbased_authentication = 0;
229 if (options->hostbased_uses_name_from_packet_only == -1)
230 options->hostbased_uses_name_from_packet_only = 0;
231 if (options->rsa_authentication == -1)
232 options->rsa_authentication = 1;
233 if (options->pubkey_authentication == -1)
234 options->pubkey_authentication = 1;
235 if (options->kerberos_authentication == -1)
236 options->kerberos_authentication = 0;
237 if (options->kerberos_or_local_passwd == -1)
238 options->kerberos_or_local_passwd = 1;
239 if (options->kerberos_ticket_cleanup == -1)
240 options->kerberos_ticket_cleanup = 1;
241 if (options->kerberos_get_afs_token == -1)
242 options->kerberos_get_afs_token = 0;
243 if (options->gss_authentication == -1)
244 options->gss_authentication = 0;
245 if (options->gss_cleanup_creds == -1)
246 options->gss_cleanup_creds = 1;
247 if (options->password_authentication == -1)
248 options->password_authentication = 0;
249 if (options->kbd_interactive_authentication == -1)
250 options->kbd_interactive_authentication = 0;
251 if (options->challenge_response_authentication == -1)
252 options->challenge_response_authentication = 1;
253 if (options->permit_empty_passwd == -1)
254 options->permit_empty_passwd = 0;
255 if (options->permit_user_env == -1)
256 options->permit_user_env = 0;
257 if (options->use_login == -1)
258 options->use_login = 0;
259 if (options->compression == -1)
260 options->compression = COMP_DELAYED;
261 if (options->allow_tcp_forwarding == -1)
262 options->allow_tcp_forwarding = FORWARD_ALLOW;
263 if (options->allow_agent_forwarding == -1)
264 options->allow_agent_forwarding = 1;
265 if (options->gateway_ports == -1)
266 options->gateway_ports = 0;
267 if (options->max_startups == -1)
268 options->max_startups = 100;
269 if (options->max_startups_rate == -1)
270 options->max_startups_rate = 30; /* 30% */
271 if (options->max_startups_begin == -1)
272 options->max_startups_begin = 10;
273 if (options->max_authtries == -1)
274 options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
275 if (options->max_sessions == -1)
276 options->max_sessions = DEFAULT_SESSIONS_MAX;
277 if (options->use_dns == -1)
278 options->use_dns = 1;
279 if (options->client_alive_interval == -1)
280 options->client_alive_interval = 0;
281 if (options->client_alive_count_max == -1)
282 options->client_alive_count_max = 3;
283 if (options->num_authkeys_files == 0) {
284 options->authorized_keys_files[options->num_authkeys_files++] =
285 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
286 options->authorized_keys_files[options->num_authkeys_files++] =
287 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
289 if (options->permit_tun == -1)
290 options->permit_tun = SSH_TUNMODE_NO;
291 if (options->zero_knowledge_password_authentication == -1)
292 options->zero_knowledge_password_authentication = 0;
293 if (options->ip_qos_interactive == -1)
294 options->ip_qos_interactive = IPTOS_LOWDELAY;
295 if (options->ip_qos_bulk == -1)
296 options->ip_qos_bulk = IPTOS_THROUGHPUT;
297 if (options->version_addendum == NULL)
298 options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
299 /* Turn privilege separation on by default */
300 if (use_privsep == -1)
301 use_privsep = PRIVSEP_NOSANDBOX;
304 if (use_privsep && options->compression == 1) {
305 error("This platform does not support both privilege "
306 "separation and compression");
307 error("Compression disabled");
308 options->compression = 0;
312 if (options->hpn_disabled == -1)
313 options->hpn_disabled = 0;
314 if (options->hpn_buffer_size == -1) {
316 * HPN buffer size option not explicitly set. Try to figure
317 * out what value to use or resort to default.
319 options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
320 if (!options->hpn_disabled) {
321 sock_get_rcvbuf(&options->hpn_buffer_size, 0);
322 debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
326 * In the case that the user sets both values in a
327 * contradictory manner hpn_disabled overrrides hpn_buffer_size.
329 if (options->hpn_disabled <= 0) {
332 maxlen = buffer_get_max_len();
333 if (options->hpn_buffer_size == 0)
334 options->hpn_buffer_size = 1;
335 /* Limit the maximum buffer to BUFFER_MAX_LEN. */
336 if (options->hpn_buffer_size > maxlen / 1024)
337 options->hpn_buffer_size = maxlen;
339 options->hpn_buffer_size *= 1024;
341 options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
346 /* Keyword tokens. */
348 sBadOption, /* == unknown option */
349 /* Portable-specific options */
351 /* Standard Options */
352 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
353 sPermitRootLogin, sLogFacility, sLogLevel,
354 sRhostsRSAAuthentication, sRSAAuthentication,
355 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
356 sKerberosGetAFSToken,
357 sKerberosTgtPassing, sChallengeResponseAuthentication,
358 sPasswordAuthentication, sKbdInteractiveAuthentication,
359 sListenAddress, sAddressFamily,
360 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
361 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
362 sStrictModes, sEmptyPasswd, sTCPKeepAlive,
363 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
364 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
365 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
366 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
367 sMaxStartups, sMaxAuthTries, sMaxSessions,
368 sBanner, sUseDNS, sHostbasedAuthentication,
369 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
370 sClientAliveCountMax, sAuthorizedKeysFile,
371 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
372 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
373 sUsePrivilegeSeparation, sAllowAgentForwarding,
374 sZeroKnowledgePasswordAuthentication, sHostCertificate,
375 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
376 sKexAlgorithms, sIPQoS, sVersionAddendum,
377 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
378 sAuthenticationMethods,
379 sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll,
380 #ifdef NONE_CIPHER_ENABLED
383 sDeprecated, sUnsupported
386 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
387 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
388 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
390 /* Textual representation of the tokens. */
393 ServerOpCodes opcode;
396 /* Portable-specific options */
398 { "usepam", sUsePAM, SSHCFG_GLOBAL },
400 { "usepam", sUnsupported, SSHCFG_GLOBAL },
402 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
403 /* Standard Options */
404 { "port", sPort, SSHCFG_GLOBAL },
405 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
406 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
407 { "pidfile", sPidFile, SSHCFG_GLOBAL },
408 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL },
409 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
410 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL },
411 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
412 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
413 { "loglevel", sLogLevel, SSHCFG_GLOBAL },
414 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
415 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
416 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
417 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
418 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
419 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
420 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
422 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
423 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
424 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
426 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
428 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
431 { "kerberosauthentication", sUnsupported, SSHCFG_ALL },
432 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
433 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
434 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
436 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
437 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
439 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
440 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
442 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
443 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
445 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
446 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
447 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
448 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
450 { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL },
452 { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL },
454 { "checkmail", sDeprecated, SSHCFG_GLOBAL },
455 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
456 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
457 { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
458 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
459 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
460 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
461 { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
462 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
463 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
464 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
465 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
466 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
467 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
468 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
469 { "compression", sCompression, SSHCFG_GLOBAL },
470 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
471 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
472 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
473 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
474 { "allowusers", sAllowUsers, SSHCFG_ALL },
475 { "denyusers", sDenyUsers, SSHCFG_ALL },
476 { "allowgroups", sAllowGroups, SSHCFG_ALL },
477 { "denygroups", sDenyGroups, SSHCFG_ALL },
478 { "ciphers", sCiphers, SSHCFG_GLOBAL },
479 { "macs", sMacs, SSHCFG_GLOBAL },
480 { "protocol", sProtocol, SSHCFG_GLOBAL },
481 { "gatewayports", sGatewayPorts, SSHCFG_ALL },
482 { "subsystem", sSubsystem, SSHCFG_GLOBAL },
483 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
484 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
485 { "maxsessions", sMaxSessions, SSHCFG_ALL },
486 { "banner", sBanner, SSHCFG_ALL },
487 { "usedns", sUseDNS, SSHCFG_GLOBAL },
488 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
489 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
490 { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
491 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
492 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
493 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
494 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
495 { "acceptenv", sAcceptEnv, SSHCFG_ALL },
496 { "permittunnel", sPermitTunnel, SSHCFG_ALL },
497 { "match", sMatch, SSHCFG_ALL },
498 { "permitopen", sPermitOpen, SSHCFG_ALL },
499 { "forcecommand", sForceCommand, SSHCFG_ALL },
500 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
501 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
502 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
503 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
504 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
505 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
506 { "ipqos", sIPQoS, SSHCFG_ALL },
507 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
508 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
509 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
510 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
511 { "hpndisabled", sHPNDisabled, SSHCFG_ALL },
512 { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
513 { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
514 #ifdef NONE_CIPHER_ENABLED
515 { "noneenabled", sNoneEnabled, SSHCFG_ALL },
517 { NULL, sBadOption, 0 }
524 { SSH_TUNMODE_NO, "no" },
525 { SSH_TUNMODE_POINTOPOINT, "point-to-point" },
526 { SSH_TUNMODE_ETHERNET, "ethernet" },
527 { SSH_TUNMODE_YES, "yes" },
532 * Returns the number of the token pointed to by cp or sBadOption.
536 parse_token(const char *cp, const char *filename,
537 int linenum, u_int *flags)
541 for (i = 0; keywords[i].name; i++)
542 if (strcasecmp(cp, keywords[i].name) == 0) {
543 *flags = keywords[i].flags;
544 return keywords[i].opcode;
547 error("%s: line %d: Bad configuration option: %s",
548 filename, linenum, cp);
553 derelativise_path(const char *path)
555 char *expanded, *ret, cwd[MAXPATHLEN];
557 expanded = tilde_expand_filename(path, getuid());
558 if (*expanded == '/')
560 if (getcwd(cwd, sizeof(cwd)) == NULL)
561 fatal("%s: getcwd: %s", __func__, strerror(errno));
562 xasprintf(&ret, "%s/%s", cwd, expanded);
568 add_listen_addr(ServerOptions *options, char *addr, int port)
572 if (options->num_ports == 0)
573 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
574 if (options->address_family == -1)
575 options->address_family = AF_UNSPEC;
577 for (i = 0; i < options->num_ports; i++)
578 add_one_listen_addr(options, addr, options->ports[i]);
580 add_one_listen_addr(options, addr, port);
584 add_one_listen_addr(ServerOptions *options, char *addr, int port)
586 struct addrinfo hints, *ai, *aitop;
587 char strport[NI_MAXSERV];
590 memset(&hints, 0, sizeof(hints));
591 hints.ai_family = options->address_family;
592 hints.ai_socktype = SOCK_STREAM;
593 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
594 snprintf(strport, sizeof strport, "%d", port);
595 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
596 fatal("bad addr or host: %s (%s)",
597 addr ? addr : "<NULL>",
598 ssh_gai_strerror(gaierr));
599 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
601 ai->ai_next = options->listen_addrs;
602 options->listen_addrs = aitop;
605 struct connection_info *
606 get_connection_info(int populate, int use_dns)
608 static struct connection_info ci;
612 ci.host = get_canonical_hostname(use_dns);
613 ci.address = get_remote_ipaddr();
614 ci.laddress = get_local_ipaddr(packet_get_connection_in());
615 ci.lport = get_local_port();
620 * The strategy for the Match blocks is that the config file is parsed twice.
622 * The first time is at startup. activep is initialized to 1 and the
623 * directives in the global context are processed and acted on. Hitting a
624 * Match directive unsets activep and the directives inside the block are
625 * checked for syntax only.
627 * The second time is after a connection has been established but before
628 * authentication. activep is initialized to 2 and global config directives
629 * are ignored since they have already been processed. If the criteria in a
630 * Match block is met, activep is set and the subsequent directives
631 * processed and actioned until EOF or another Match block unsets it. Any
632 * options set are copied into the main server config.
634 * Potential additions/improvements:
635 * - Add Match support for pre-kex directives, eg Protocol, Ciphers.
637 * - Add a Tag directive (idea from David Leonard) ala pf, eg:
638 * Match Address 192.168.0.*
643 * AllowTcpForwarding yes
644 * GatewayPorts clientspecified
647 * - Add a PermittedChannelRequests directive
649 * PermittedChannelRequests session,forwarded-tcpip
653 match_cfg_line_group(const char *grps, int line, const char *user)
661 if ((pw = getpwnam(user)) == NULL) {
662 debug("Can't match group at line %d because user %.100s does "
663 "not exist", line, user);
664 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
665 debug("Can't Match group because user %.100s not in any group "
666 "at line %d", user, line);
667 } else if (ga_match_pattern_list(grps) != 1) {
668 debug("user %.100s does not match group list %.100s at line %d",
671 debug("user %.100s matched group list %.100s at line %d", user,
681 * All of the attributes on a single Match line are ANDed together, so we need
682 * to check every * attribute and set the result to zero if any attribute does
686 match_cfg_line(char **condition, int line, struct connection_info *ci)
688 int result = 1, port;
689 char *arg, *attrib, *cp = *condition;
693 debug3("checking syntax for 'Match %s'", cp);
695 debug3("checking match for '%s' user %s host %s addr %s "
696 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
697 ci->host ? ci->host : "(null)",
698 ci->address ? ci->address : "(null)",
699 ci->laddress ? ci->laddress : "(null)", ci->lport);
701 while ((attrib = strdelim(&cp)) && *attrib != '\0') {
702 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
703 error("Missing Match criteria for %s", attrib);
707 if (strcasecmp(attrib, "user") == 0) {
708 if (ci == NULL || ci->user == NULL) {
712 if (match_pattern_list(ci->user, arg, len, 0) != 1)
715 debug("user %.100s matched 'User %.100s' at "
716 "line %d", ci->user, arg, line);
717 } else if (strcasecmp(attrib, "group") == 0) {
718 if (ci == NULL || ci->user == NULL) {
722 switch (match_cfg_line_group(arg, line, ci->user)) {
728 } else if (strcasecmp(attrib, "host") == 0) {
729 if (ci == NULL || ci->host == NULL) {
733 if (match_hostname(ci->host, arg, len) != 1)
736 debug("connection from %.100s matched 'Host "
737 "%.100s' at line %d", ci->host, arg, line);
738 } else if (strcasecmp(attrib, "address") == 0) {
739 if (ci == NULL || ci->address == NULL) {
743 switch (addr_match_list(ci->address, arg)) {
745 debug("connection from %.100s matched 'Address "
746 "%.100s' at line %d", ci->address, arg, line);
755 } else if (strcasecmp(attrib, "localaddress") == 0){
756 if (ci == NULL || ci->laddress == NULL) {
760 switch (addr_match_list(ci->laddress, arg)) {
762 debug("connection from %.100s matched "
763 "'LocalAddress %.100s' at line %d",
764 ci->laddress, arg, line);
773 } else if (strcasecmp(attrib, "localport") == 0) {
774 if ((port = a2port(arg)) == -1) {
775 error("Invalid LocalPort '%s' on Match line",
779 if (ci == NULL || ci->lport == 0) {
783 /* TODO support port lists */
784 if (port == ci->lport)
785 debug("connection from %.100s matched "
786 "'LocalPort %d' at line %d",
787 ci->laddress, port, line);
791 error("Unsupported Match attribute %s", attrib);
796 debug3("match %sfound", result ? "" : "not ");
801 #define WHITESPACE " \t\r\n"
803 /* Multistate option parsing */
808 static const struct multistate multistate_addressfamily[] = {
810 { "inet6", AF_INET6 },
811 { "any", AF_UNSPEC },
814 static const struct multistate multistate_permitrootlogin[] = {
815 { "without-password", PERMIT_NO_PASSWD },
816 { "forced-commands-only", PERMIT_FORCED_ONLY },
817 { "yes", PERMIT_YES },
821 static const struct multistate multistate_compression[] = {
822 { "delayed", COMP_DELAYED },
823 { "yes", COMP_ZLIB },
827 static const struct multistate multistate_gatewayports[] = {
828 { "clientspecified", 2 },
833 static const struct multistate multistate_privsep[] = {
834 { "yes", PRIVSEP_NOSANDBOX },
835 { "sandbox", PRIVSEP_ON },
836 { "nosandbox", PRIVSEP_NOSANDBOX },
837 { "no", PRIVSEP_OFF },
840 static const struct multistate multistate_tcpfwd[] = {
841 { "yes", FORWARD_ALLOW },
842 { "all", FORWARD_ALLOW },
843 { "no", FORWARD_DENY },
844 { "remote", FORWARD_REMOTE },
845 { "local", FORWARD_LOCAL },
850 process_server_config_line(ServerOptions *options, char *line,
851 const char *filename, int linenum, int *activep,
852 struct connection_info *connectinfo)
854 char *cp, **charptr, *arg, *p;
855 int cmdline = 0, *intptr, value, value2, n;
856 SyslogFacility *log_facility_ptr;
857 LogLevel *log_level_ptr;
858 ServerOpCodes opcode;
862 const struct multistate *multistate_ptr;
865 if ((arg = strdelim(&cp)) == NULL)
867 /* Ignore leading whitespace */
870 if (!arg || !*arg || *arg == '#')
874 opcode = parse_token(arg, filename, linenum, &flags);
876 if (activep == NULL) { /* We are processing a command line directive */
880 if (*activep && opcode != sMatch)
881 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
882 if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
883 if (connectinfo == NULL) {
884 fatal("%s line %d: Directive '%s' is not allowed "
885 "within a Match block", filename, linenum, arg);
886 } else { /* this is a directive we have already processed */
894 /* Portable-specific options */
896 intptr = &options->use_pam;
899 /* Standard Options */
903 /* ignore ports from configfile if cmdline specifies ports */
904 if (options->ports_from_cmdline)
906 if (options->listen_addrs != NULL)
907 fatal("%s line %d: ports must be specified before "
908 "ListenAddress.", filename, linenum);
909 if (options->num_ports >= MAX_PORTS)
910 fatal("%s line %d: too many ports.",
913 if (!arg || *arg == '\0')
914 fatal("%s line %d: missing port number.",
916 options->ports[options->num_ports++] = a2port(arg);
917 if (options->ports[options->num_ports-1] <= 0)
918 fatal("%s line %d: Badly formatted port number.",
923 intptr = &options->server_key_bits;
926 if (!arg || *arg == '\0')
927 fatal("%s line %d: missing integer value.",
930 if (*activep && *intptr == -1)
934 case sLoginGraceTime:
935 intptr = &options->login_grace_time;
938 if (!arg || *arg == '\0')
939 fatal("%s line %d: missing time value.",
941 if ((value = convtime(arg)) == -1)
942 fatal("%s line %d: invalid time value.",
948 case sKeyRegenerationTime:
949 intptr = &options->key_regeneration_time;
954 if (arg == NULL || *arg == '\0')
955 fatal("%s line %d: missing address",
957 /* check for bare IPv6 address: no "[]" and 2 or more ":" */
958 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
959 && strchr(p+1, ':') != NULL) {
960 add_listen_addr(options, arg, 0);
965 fatal("%s line %d: bad address:port usage",
967 p = cleanhostname(p);
970 else if ((port = a2port(arg)) <= 0)
971 fatal("%s line %d: bad port number", filename, linenum);
973 add_listen_addr(options, p, port);
978 intptr = &options->address_family;
979 multistate_ptr = multistate_addressfamily;
980 if (options->listen_addrs != NULL)
981 fatal("%s line %d: address family must be specified "
982 "before ListenAddress.", filename, linenum);
985 if (!arg || *arg == '\0')
986 fatal("%s line %d: missing argument.",
989 for (i = 0; multistate_ptr[i].key != NULL; i++) {
990 if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
991 value = multistate_ptr[i].value;
996 fatal("%s line %d: unsupported option \"%s\".",
997 filename, linenum, arg);
998 if (*activep && *intptr == -1)
1003 intptr = &options->num_host_key_files;
1004 if (*intptr >= MAX_HOSTKEYS)
1005 fatal("%s line %d: too many host keys specified (max %d).",
1006 filename, linenum, MAX_HOSTKEYS);
1007 charptr = &options->host_key_files[*intptr];
1009 arg = strdelim(&cp);
1010 if (!arg || *arg == '\0')
1011 fatal("%s line %d: missing file name.",
1013 if (*activep && *charptr == NULL) {
1014 *charptr = derelativise_path(arg);
1015 /* increase optional counter */
1017 *intptr = *intptr + 1;
1021 case sHostCertificate:
1022 intptr = &options->num_host_cert_files;
1023 if (*intptr >= MAX_HOSTKEYS)
1024 fatal("%s line %d: too many host certificates "
1025 "specified (max %d).", filename, linenum,
1027 charptr = &options->host_cert_files[*intptr];
1028 goto parse_filename;
1032 charptr = &options->pid_file;
1033 goto parse_filename;
1035 case sPermitRootLogin:
1036 intptr = &options->permit_root_login;
1037 multistate_ptr = multistate_permitrootlogin;
1038 goto parse_multistate;
1041 intptr = &options->ignore_rhosts;
1043 arg = strdelim(&cp);
1044 if (!arg || *arg == '\0')
1045 fatal("%s line %d: missing yes/no argument.",
1047 value = 0; /* silence compiler */
1048 if (strcmp(arg, "yes") == 0)
1050 else if (strcmp(arg, "no") == 0)
1053 fatal("%s line %d: Bad yes/no argument: %s",
1054 filename, linenum, arg);
1055 if (*activep && *intptr == -1)
1059 case sIgnoreUserKnownHosts:
1060 intptr = &options->ignore_user_known_hosts;
1063 case sRhostsRSAAuthentication:
1064 intptr = &options->rhosts_rsa_authentication;
1067 case sHostbasedAuthentication:
1068 intptr = &options->hostbased_authentication;
1071 case sHostbasedUsesNameFromPacketOnly:
1072 intptr = &options->hostbased_uses_name_from_packet_only;
1075 case sRSAAuthentication:
1076 intptr = &options->rsa_authentication;
1079 case sPubkeyAuthentication:
1080 intptr = &options->pubkey_authentication;
1083 case sKerberosAuthentication:
1084 intptr = &options->kerberos_authentication;
1087 case sKerberosOrLocalPasswd:
1088 intptr = &options->kerberos_or_local_passwd;
1091 case sKerberosTicketCleanup:
1092 intptr = &options->kerberos_ticket_cleanup;
1095 case sKerberosGetAFSToken:
1096 intptr = &options->kerberos_get_afs_token;
1099 case sGssAuthentication:
1100 intptr = &options->gss_authentication;
1103 case sGssCleanupCreds:
1104 intptr = &options->gss_cleanup_creds;
1107 case sPasswordAuthentication:
1108 intptr = &options->password_authentication;
1111 case sZeroKnowledgePasswordAuthentication:
1112 intptr = &options->zero_knowledge_password_authentication;
1115 case sKbdInteractiveAuthentication:
1116 intptr = &options->kbd_interactive_authentication;
1119 case sChallengeResponseAuthentication:
1120 intptr = &options->challenge_response_authentication;
1124 intptr = &options->print_motd;
1128 intptr = &options->print_lastlog;
1131 case sX11Forwarding:
1132 intptr = &options->x11_forwarding;
1135 case sX11DisplayOffset:
1136 intptr = &options->x11_display_offset;
1139 case sX11UseLocalhost:
1140 intptr = &options->x11_use_localhost;
1143 case sXAuthLocation:
1144 charptr = &options->xauth_location;
1145 goto parse_filename;
1148 intptr = &options->strict_modes;
1152 intptr = &options->tcp_keep_alive;
1156 intptr = &options->permit_empty_passwd;
1159 case sPermitUserEnvironment:
1160 intptr = &options->permit_user_env;
1164 intptr = &options->use_login;
1168 intptr = &options->compression;
1169 multistate_ptr = multistate_compression;
1170 goto parse_multistate;
1173 intptr = &options->gateway_ports;
1174 multistate_ptr = multistate_gatewayports;
1175 goto parse_multistate;
1178 intptr = &options->use_dns;
1182 log_facility_ptr = &options->log_facility;
1183 arg = strdelim(&cp);
1184 value = log_facility_number(arg);
1185 if (value == SYSLOG_FACILITY_NOT_SET)
1186 fatal("%.200s line %d: unsupported log facility '%s'",
1187 filename, linenum, arg ? arg : "<NONE>");
1188 if (*log_facility_ptr == -1)
1189 *log_facility_ptr = (SyslogFacility) value;
1193 log_level_ptr = &options->log_level;
1194 arg = strdelim(&cp);
1195 value = log_level_number(arg);
1196 if (value == SYSLOG_LEVEL_NOT_SET)
1197 fatal("%.200s line %d: unsupported log level '%s'",
1198 filename, linenum, arg ? arg : "<NONE>");
1199 if (*log_level_ptr == -1)
1200 *log_level_ptr = (LogLevel) value;
1203 case sAllowTcpForwarding:
1204 intptr = &options->allow_tcp_forwarding;
1205 multistate_ptr = multistate_tcpfwd;
1206 goto parse_multistate;
1208 case sAllowAgentForwarding:
1209 intptr = &options->allow_agent_forwarding;
1212 case sUsePrivilegeSeparation:
1213 intptr = &use_privsep;
1214 multistate_ptr = multistate_privsep;
1215 goto parse_multistate;
1218 while ((arg = strdelim(&cp)) && *arg != '\0') {
1219 if (options->num_allow_users >= MAX_ALLOW_USERS)
1220 fatal("%s line %d: too many allow users.",
1224 options->allow_users[options->num_allow_users++] =
1230 while ((arg = strdelim(&cp)) && *arg != '\0') {
1231 if (options->num_deny_users >= MAX_DENY_USERS)
1232 fatal("%s line %d: too many deny users.",
1236 options->deny_users[options->num_deny_users++] =
1242 while ((arg = strdelim(&cp)) && *arg != '\0') {
1243 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
1244 fatal("%s line %d: too many allow groups.",
1248 options->allow_groups[options->num_allow_groups++] =
1254 while ((arg = strdelim(&cp)) && *arg != '\0') {
1255 if (options->num_deny_groups >= MAX_DENY_GROUPS)
1256 fatal("%s line %d: too many deny groups.",
1260 options->deny_groups[options->num_deny_groups++] =
1266 arg = strdelim(&cp);
1267 if (!arg || *arg == '\0')
1268 fatal("%s line %d: Missing argument.", filename, linenum);
1269 if (!ciphers_valid(arg))
1270 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1271 filename, linenum, arg ? arg : "<NONE>");
1272 if (options->ciphers == NULL)
1273 options->ciphers = xstrdup(arg);
1277 arg = strdelim(&cp);
1278 if (!arg || *arg == '\0')
1279 fatal("%s line %d: Missing argument.", filename, linenum);
1280 if (!mac_valid(arg))
1281 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1282 filename, linenum, arg ? arg : "<NONE>");
1283 if (options->macs == NULL)
1284 options->macs = xstrdup(arg);
1287 case sKexAlgorithms:
1288 arg = strdelim(&cp);
1289 if (!arg || *arg == '\0')
1290 fatal("%s line %d: Missing argument.",
1292 if (!kex_names_valid(arg))
1293 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1294 filename, linenum, arg ? arg : "<NONE>");
1295 if (options->kex_algorithms == NULL)
1296 options->kex_algorithms = xstrdup(arg);
1300 intptr = &options->protocol;
1301 arg = strdelim(&cp);
1302 if (!arg || *arg == '\0')
1303 fatal("%s line %d: Missing argument.", filename, linenum);
1304 value = proto_spec(arg);
1305 if (value == SSH_PROTO_UNKNOWN)
1306 fatal("%s line %d: Bad protocol spec '%s'.",
1307 filename, linenum, arg ? arg : "<NONE>");
1308 if (*intptr == SSH_PROTO_UNKNOWN)
1313 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1314 fatal("%s line %d: too many subsystems defined.",
1317 arg = strdelim(&cp);
1318 if (!arg || *arg == '\0')
1319 fatal("%s line %d: Missing subsystem name.",
1322 arg = strdelim(&cp);
1325 for (i = 0; i < options->num_subsystems; i++)
1326 if (strcmp(arg, options->subsystem_name[i]) == 0)
1327 fatal("%s line %d: Subsystem '%s' already defined.",
1328 filename, linenum, arg);
1329 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1330 arg = strdelim(&cp);
1331 if (!arg || *arg == '\0')
1332 fatal("%s line %d: Missing subsystem command.",
1334 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1336 /* Collect arguments (separate to executable) */
1338 len = strlen(p) + 1;
1339 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1340 len += 1 + strlen(arg);
1341 p = xrealloc(p, 1, len);
1342 strlcat(p, " ", len);
1343 strlcat(p, arg, len);
1345 options->subsystem_args[options->num_subsystems] = p;
1346 options->num_subsystems++;
1350 arg = strdelim(&cp);
1351 if (!arg || *arg == '\0')
1352 fatal("%s line %d: Missing MaxStartups spec.",
1354 if ((n = sscanf(arg, "%d:%d:%d",
1355 &options->max_startups_begin,
1356 &options->max_startups_rate,
1357 &options->max_startups)) == 3) {
1358 if (options->max_startups_begin >
1359 options->max_startups ||
1360 options->max_startups_rate > 100 ||
1361 options->max_startups_rate < 1)
1362 fatal("%s line %d: Illegal MaxStartups spec.",
1365 fatal("%s line %d: Illegal MaxStartups spec.",
1368 options->max_startups = options->max_startups_begin;
1372 intptr = &options->max_authtries;
1376 intptr = &options->max_sessions;
1380 charptr = &options->banner;
1381 goto parse_filename;
1384 * These options can contain %X options expanded at
1385 * connect time, so that you can specify paths like:
1387 * AuthorizedKeysFile /etc/ssh_keys/%u
1389 case sAuthorizedKeysFile:
1390 if (*activep && options->num_authkeys_files == 0) {
1391 while ((arg = strdelim(&cp)) && *arg != '\0') {
1392 if (options->num_authkeys_files >=
1394 fatal("%s line %d: "
1395 "too many authorized keys files.",
1397 options->authorized_keys_files[
1398 options->num_authkeys_files++] =
1399 tilde_expand_filename(arg, getuid());
1404 case sAuthorizedPrincipalsFile:
1405 charptr = &options->authorized_principals_file;
1406 arg = strdelim(&cp);
1407 if (!arg || *arg == '\0')
1408 fatal("%s line %d: missing file name.",
1410 if (*activep && *charptr == NULL) {
1411 *charptr = tilde_expand_filename(arg, getuid());
1412 /* increase optional counter */
1414 *intptr = *intptr + 1;
1418 case sClientAliveInterval:
1419 intptr = &options->client_alive_interval;
1422 case sClientAliveCountMax:
1423 intptr = &options->client_alive_count_max;
1427 while ((arg = strdelim(&cp)) && *arg != '\0') {
1428 if (strchr(arg, '=') != NULL)
1429 fatal("%s line %d: Invalid environment name.",
1431 if (options->num_accept_env >= MAX_ACCEPT_ENV)
1432 fatal("%s line %d: too many allow env.",
1436 options->accept_env[options->num_accept_env++] =
1442 intptr = &options->permit_tun;
1443 arg = strdelim(&cp);
1444 if (!arg || *arg == '\0')
1445 fatal("%s line %d: Missing yes/point-to-point/"
1446 "ethernet/no argument.", filename, linenum);
1448 for (i = 0; tunmode_desc[i].val != -1; i++)
1449 if (strcmp(tunmode_desc[i].text, arg) == 0) {
1450 value = tunmode_desc[i].val;
1454 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
1455 "no argument: %s", filename, linenum, arg);
1462 fatal("Match directive not supported as a command-line "
1464 value = match_cfg_line(&cp, linenum, connectinfo);
1466 fatal("%s line %d: Bad Match condition", filename,
1472 arg = strdelim(&cp);
1473 if (!arg || *arg == '\0')
1474 fatal("%s line %d: missing PermitOpen specification",
1476 n = options->num_permitted_opens; /* modified later */
1477 if (strcmp(arg, "any") == 0) {
1478 if (*activep && n == -1) {
1479 channel_clear_adm_permitted_opens();
1480 options->num_permitted_opens = 0;
1484 if (strcmp(arg, "none") == 0) {
1485 if (*activep && n == -1) {
1486 options->num_permitted_opens = 1;
1487 channel_disable_adm_local_opens();
1491 if (*activep && n == -1)
1492 channel_clear_adm_permitted_opens();
1493 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
1496 fatal("%s line %d: missing host in PermitOpen",
1498 p = cleanhostname(p);
1499 if (arg == NULL || ((port = permitopen_port(arg)) < 0))
1500 fatal("%s line %d: bad port number in "
1501 "PermitOpen", filename, linenum);
1502 if (*activep && n == -1)
1503 options->num_permitted_opens =
1504 channel_add_adm_permitted_opens(p, port);
1510 fatal("%.200s line %d: Missing argument.", filename,
1512 len = strspn(cp, WHITESPACE);
1513 if (*activep && options->adm_forced_command == NULL)
1514 options->adm_forced_command = xstrdup(cp + len);
1517 case sChrootDirectory:
1518 charptr = &options->chroot_directory;
1520 arg = strdelim(&cp);
1521 if (!arg || *arg == '\0')
1522 fatal("%s line %d: missing file name.",
1524 if (*activep && *charptr == NULL)
1525 *charptr = xstrdup(arg);
1528 case sTrustedUserCAKeys:
1529 charptr = &options->trusted_user_ca_keys;
1530 goto parse_filename;
1533 charptr = &options->revoked_keys_file;
1534 goto parse_filename;
1537 arg = strdelim(&cp);
1538 if ((value = parse_ipqos(arg)) == -1)
1539 fatal("%s line %d: Bad IPQoS value: %s",
1540 filename, linenum, arg);
1541 arg = strdelim(&cp);
1544 else if ((value2 = parse_ipqos(arg)) == -1)
1545 fatal("%s line %d: Bad IPQoS value: %s",
1546 filename, linenum, arg);
1548 options->ip_qos_interactive = value;
1549 options->ip_qos_bulk = value2;
1553 case sVersionAddendum:
1555 fatal("%.200s line %d: Missing argument.", filename,
1557 len = strspn(cp, WHITESPACE);
1558 if (*activep && options->version_addendum == NULL) {
1559 if (strcasecmp(cp + len, "none") == 0)
1560 options->version_addendum = xstrdup("");
1561 else if (strchr(cp + len, '\r') != NULL)
1562 fatal("%.200s line %d: Invalid argument",
1565 options->version_addendum = xstrdup(cp + len);
1569 case sAuthorizedKeysCommand:
1570 len = strspn(cp, WHITESPACE);
1571 if (*activep && options->authorized_keys_command == NULL) {
1572 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
1573 fatal("%.200s line %d: AuthorizedKeysCommand "
1574 "must be an absolute path",
1576 options->authorized_keys_command = xstrdup(cp + len);
1580 case sAuthorizedKeysCommandUser:
1581 charptr = &options->authorized_keys_command_user;
1583 arg = strdelim(&cp);
1584 if (*activep && *charptr == NULL)
1585 *charptr = xstrdup(arg);
1588 case sAuthenticationMethods:
1589 if (*activep && options->num_auth_methods == 0) {
1590 while ((arg = strdelim(&cp)) && *arg != '\0') {
1591 if (options->num_auth_methods >=
1593 fatal("%s line %d: "
1594 "too many authentication methods.",
1596 if (auth2_methods_valid(arg, 0) != 0)
1597 fatal("%s line %d: invalid "
1598 "authentication method list.",
1600 options->auth_methods[
1601 options->num_auth_methods++] = xstrdup(arg);
1607 intptr = &options->hpn_disabled;
1610 case sHPNBufferSize:
1611 intptr = &options->hpn_buffer_size;
1614 case sTcpRcvBufPoll:
1615 intptr = &options->tcp_rcv_buf_poll;
1618 #ifdef NONE_CIPHER_ENABLED
1620 intptr = &options->none_enabled;
1625 logit("%s line %d: Deprecated option %s",
1626 filename, linenum, arg);
1628 arg = strdelim(&cp);
1632 logit("%s line %d: Unsupported option %s",
1633 filename, linenum, arg);
1635 arg = strdelim(&cp);
1639 fatal("%s line %d: Missing handler for opcode %s (%d)",
1640 filename, linenum, arg, opcode);
1642 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1643 fatal("%s line %d: garbage at end of line; \"%.200s\".",
1644 filename, linenum, arg);
1648 /* Reads the server configuration file. */
1651 load_server_config(const char *filename, Buffer *conf)
1653 char line[4096], *cp;
1657 debug2("%s: filename %s", __func__, filename);
1658 if ((f = fopen(filename, "r")) == NULL) {
1663 while (fgets(line, sizeof(line), f)) {
1665 if (strlen(line) == sizeof(line) - 1)
1666 fatal("%s line %d too long", filename, lineno);
1668 * Trim out comments and strip whitespace
1669 * NB - preserve newlines, they are needed to reproduce
1670 * line numbers later for error messages
1672 if ((cp = strchr(line, '#')) != NULL)
1673 memcpy(cp, "\n", 2);
1674 cp = line + strspn(line, " \t\r");
1676 buffer_append(conf, cp, strlen(cp));
1678 buffer_append(conf, "\0", 1);
1680 debug2("%s: done config len = %d", __func__, buffer_len(conf));
1684 parse_server_match_config(ServerOptions *options,
1685 struct connection_info *connectinfo)
1689 initialize_server_options(&mo);
1690 parse_server_config(&mo, "reprocess config", &cfg, connectinfo);
1691 copy_set_server_options(options, &mo, 0);
1694 int parse_server_match_testspec(struct connection_info *ci, char *spec)
1698 while ((p = strsep(&spec, ",")) && *p != '\0') {
1699 if (strncmp(p, "addr=", 5) == 0) {
1700 ci->address = xstrdup(p + 5);
1701 } else if (strncmp(p, "host=", 5) == 0) {
1702 ci->host = xstrdup(p + 5);
1703 } else if (strncmp(p, "user=", 5) == 0) {
1704 ci->user = xstrdup(p + 5);
1705 } else if (strncmp(p, "laddr=", 6) == 0) {
1706 ci->laddress = xstrdup(p + 6);
1707 } else if (strncmp(p, "lport=", 6) == 0) {
1708 ci->lport = a2port(p + 6);
1709 if (ci->lport == -1) {
1710 fprintf(stderr, "Invalid port '%s' in test mode"
1711 " specification %s\n", p+6, p);
1715 fprintf(stderr, "Invalid test mode specification %s\n",
1724 * returns 1 for a complete spec, 0 for partial spec and -1 for an
1727 int server_match_spec_complete(struct connection_info *ci)
1729 if (ci->user && ci->host && ci->address)
1730 return 1; /* complete */
1731 if (!ci->user && !ci->host && !ci->address)
1732 return -1; /* empty */
1733 return 0; /* partial */
1737 #define M_CP_INTOPT(n) do {\
1741 #define M_CP_STROPT(n) do {\
1742 if (src->n != NULL) { \
1743 if (dst->n != NULL) \
1748 #define M_CP_STRARRAYOPT(n, num_n) do {\
1749 if (src->num_n != 0) { \
1750 for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
1751 dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
1756 * Copy any supported values that are set.
1758 * If the preauth flag is set, we do not bother copying the string or
1759 * array values that are not used pre-authentication, because any that we
1760 * do use must be explictly sent in mm_getpwnamallow().
1763 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1765 M_CP_INTOPT(password_authentication);
1766 M_CP_INTOPT(gss_authentication);
1767 M_CP_INTOPT(rsa_authentication);
1768 M_CP_INTOPT(pubkey_authentication);
1769 M_CP_INTOPT(kerberos_authentication);
1770 M_CP_INTOPT(hostbased_authentication);
1771 M_CP_INTOPT(hostbased_uses_name_from_packet_only);
1772 M_CP_INTOPT(kbd_interactive_authentication);
1773 M_CP_INTOPT(zero_knowledge_password_authentication);
1774 M_CP_STROPT(authorized_keys_command);
1775 M_CP_STROPT(authorized_keys_command_user);
1776 M_CP_INTOPT(permit_root_login);
1777 M_CP_INTOPT(permit_empty_passwd);
1779 M_CP_INTOPT(allow_tcp_forwarding);
1780 M_CP_INTOPT(allow_agent_forwarding);
1781 M_CP_INTOPT(permit_tun);
1782 M_CP_INTOPT(gateway_ports);
1783 M_CP_INTOPT(x11_display_offset);
1784 M_CP_INTOPT(x11_forwarding);
1785 M_CP_INTOPT(x11_use_localhost);
1786 M_CP_INTOPT(max_sessions);
1787 M_CP_INTOPT(max_authtries);
1788 M_CP_INTOPT(ip_qos_interactive);
1789 M_CP_INTOPT(ip_qos_bulk);
1791 /* See comment in servconf.h */
1792 COPY_MATCH_STRING_OPTS();
1795 * The only things that should be below this point are string options
1796 * which are only used after authentication.
1801 M_CP_STROPT(adm_forced_command);
1802 M_CP_STROPT(chroot_directory);
1807 #undef M_CP_STRARRAYOPT
1810 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
1811 struct connection_info *connectinfo)
1813 int active, linenum, bad_options = 0;
1814 char *cp, *obuf, *cbuf;
1816 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf));
1818 obuf = cbuf = xstrdup(buffer_ptr(conf));
1819 active = connectinfo ? 0 : 1;
1821 while ((cp = strsep(&cbuf, "\n")) != NULL) {
1822 if (process_server_config_line(options, cp, filename,
1823 linenum++, &active, connectinfo) != 0)
1827 if (bad_options > 0)
1828 fatal("%s: terminating, %d bad configuration options",
1829 filename, bad_options);
1833 fmt_multistate_int(int val, const struct multistate *m)
1837 for (i = 0; m[i].key != NULL; i++) {
1838 if (m[i].value == val)
1845 fmt_intarg(ServerOpCodes code, int val)
1850 case sAddressFamily:
1851 return fmt_multistate_int(val, multistate_addressfamily);
1852 case sPermitRootLogin:
1853 return fmt_multistate_int(val, multistate_permitrootlogin);
1855 return fmt_multistate_int(val, multistate_gatewayports);
1857 return fmt_multistate_int(val, multistate_compression);
1858 case sUsePrivilegeSeparation:
1859 return fmt_multistate_int(val, multistate_privsep);
1860 case sAllowTcpForwarding:
1861 return fmt_multistate_int(val, multistate_tcpfwd);
1868 case (SSH_PROTO_1|SSH_PROTO_2):
1886 lookup_opcode_name(ServerOpCodes code)
1890 for (i = 0; keywords[i].name != NULL; i++)
1891 if (keywords[i].opcode == code)
1892 return(keywords[i].name);
1897 dump_cfg_int(ServerOpCodes code, int val)
1899 printf("%s %d\n", lookup_opcode_name(code), val);
1903 dump_cfg_fmtint(ServerOpCodes code, int val)
1905 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
1909 dump_cfg_string(ServerOpCodes code, const char *val)
1913 printf("%s %s\n", lookup_opcode_name(code), val);
1917 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
1921 for (i = 0; i < count; i++)
1922 printf("%s %s\n", lookup_opcode_name(code), vals[i]);
1926 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
1930 printf("%s", lookup_opcode_name(code));
1931 for (i = 0; i < count; i++)
1932 printf(" %s", vals[i]);
1937 dump_config(ServerOptions *o)
1941 struct addrinfo *ai;
1942 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL;
1944 /* these are usually at the top of the config */
1945 for (i = 0; i < o->num_ports; i++)
1946 printf("port %d\n", o->ports[i]);
1947 dump_cfg_fmtint(sProtocol, o->protocol);
1948 dump_cfg_fmtint(sAddressFamily, o->address_family);
1950 /* ListenAddress must be after Port */
1951 for (ai = o->listen_addrs; ai; ai = ai->ai_next) {
1952 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
1953 sizeof(addr), port, sizeof(port),
1954 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
1955 error("getnameinfo failed: %.100s",
1956 (ret != EAI_SYSTEM) ? gai_strerror(ret) :
1959 if (ai->ai_family == AF_INET6)
1960 printf("listenaddress [%s]:%s\n", addr, port);
1962 printf("listenaddress %s:%s\n", addr, port);
1966 /* integer arguments */
1968 dump_cfg_int(sUsePAM, o->use_pam);
1970 dump_cfg_int(sServerKeyBits, o->server_key_bits);
1971 dump_cfg_int(sLoginGraceTime, o->login_grace_time);
1972 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
1973 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
1974 dump_cfg_int(sMaxAuthTries, o->max_authtries);
1975 dump_cfg_int(sMaxSessions, o->max_sessions);
1976 dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
1977 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
1979 /* formatted integer arguments */
1980 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
1981 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
1982 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
1983 dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication);
1984 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
1985 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
1986 o->hostbased_uses_name_from_packet_only);
1987 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication);
1988 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
1990 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
1991 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
1992 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
1994 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
1998 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
1999 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
2002 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
2003 o->zero_knowledge_password_authentication);
2005 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
2006 dump_cfg_fmtint(sKbdInteractiveAuthentication,
2007 o->kbd_interactive_authentication);
2008 dump_cfg_fmtint(sChallengeResponseAuthentication,
2009 o->challenge_response_authentication);
2010 dump_cfg_fmtint(sPrintMotd, o->print_motd);
2011 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
2012 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
2013 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
2014 dump_cfg_fmtint(sStrictModes, o->strict_modes);
2015 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
2016 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
2017 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2018 dump_cfg_fmtint(sUseLogin, o->use_login);
2019 dump_cfg_fmtint(sCompression, o->compression);
2020 dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
2021 dump_cfg_fmtint(sUseDNS, o->use_dns);
2022 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2023 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
2025 /* string arguments */
2026 dump_cfg_string(sPidFile, o->pid_file);
2027 dump_cfg_string(sXAuthLocation, o->xauth_location);
2028 dump_cfg_string(sCiphers, o->ciphers);
2029 dump_cfg_string(sMacs, o->macs);
2030 dump_cfg_string(sBanner, o->banner);
2031 dump_cfg_string(sForceCommand, o->adm_forced_command);
2032 dump_cfg_string(sChrootDirectory, o->chroot_directory);
2033 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
2034 dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
2035 dump_cfg_string(sAuthorizedPrincipalsFile,
2036 o->authorized_principals_file);
2037 dump_cfg_string(sVersionAddendum, o->version_addendum);
2038 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
2039 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
2041 /* string arguments requiring a lookup */
2042 dump_cfg_string(sLogLevel, log_level_name(o->log_level));
2043 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
2045 /* string array arguments */
2046 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
2047 o->authorized_keys_files);
2048 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
2050 dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
2051 o->host_cert_files);
2052 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
2053 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
2054 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
2055 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
2056 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
2057 dump_cfg_strarray_oneline(sAuthenticationMethods,
2058 o->num_auth_methods, o->auth_methods);
2060 /* other arguments */
2061 for (i = 0; i < o->num_subsystems; i++)
2062 printf("subsystem %s %s\n", o->subsystem_name[i],
2063 o->subsystem_args[i]);
2065 printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
2066 o->max_startups_rate, o->max_startups);
2068 for (i = 0; tunmode_desc[i].val != -1; i++)
2069 if (tunmode_desc[i].val == o->permit_tun) {
2070 s = tunmode_desc[i].text;
2073 dump_cfg_string(sPermitTunnel, s);
2075 printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
2076 printf("%s\n", iptos2str(o->ip_qos_bulk));
2078 channel_print_adm_permitted_opens();