2 /* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
17 #include <sys/types.h>
18 #include <sys/socket.h>
19 #ifdef HAVE_SYS_SYSCTL_H
20 #include <sys/sysctl.h>
23 #include <netinet/in.h>
24 #include <netinet/in_systm.h>
25 #include <netinet/ip.h>
26 #ifdef HAVE_NET_ROUTE_H
27 #include <net/route.h>
45 #include "openbsd-compat/sys-queue.h"
53 #include "pathnames.h"
60 #include "groupaccess.h"
66 #include "myproposal.h"
70 static void add_listen_addr(ServerOptions *, const char *,
72 static void add_one_listen_addr(ServerOptions *, const char *,
75 /* Use of privilege separation or not */
76 extern int use_privsep;
77 extern struct sshbuf *cfg;
79 /* Initializes the server options to their default values. */
82 initialize_server_options(ServerOptions *options)
84 memset(options, 0, sizeof(*options));
86 /* Portable-specific options */
87 options->use_pam = -1;
89 /* Standard Options */
90 options->num_ports = 0;
91 options->ports_from_cmdline = 0;
92 options->queued_listen_addrs = NULL;
93 options->num_queued_listens = 0;
94 options->listen_addrs = NULL;
95 options->num_listen_addrs = 0;
96 options->address_family = -1;
97 options->routing_domain = NULL;
98 options->num_host_key_files = 0;
99 options->num_host_cert_files = 0;
100 options->host_key_agent = NULL;
101 options->pid_file = NULL;
102 options->login_grace_time = -1;
103 options->permit_root_login = PERMIT_NOT_SET;
104 options->ignore_rhosts = -1;
105 options->ignore_user_known_hosts = -1;
106 options->print_motd = -1;
107 options->print_lastlog = -1;
108 options->x11_forwarding = -1;
109 options->x11_display_offset = -1;
110 options->x11_use_localhost = -1;
111 options->permit_tty = -1;
112 options->permit_user_rc = -1;
113 options->xauth_location = NULL;
114 options->strict_modes = -1;
115 options->tcp_keep_alive = -1;
116 options->log_facility = SYSLOG_FACILITY_NOT_SET;
117 options->log_level = SYSLOG_LEVEL_NOT_SET;
118 options->hostbased_authentication = -1;
119 options->hostbased_uses_name_from_packet_only = -1;
120 options->hostbased_key_types = NULL;
121 options->hostkeyalgorithms = NULL;
122 options->pubkey_authentication = -1;
123 options->pubkey_key_types = NULL;
124 options->kerberos_authentication = -1;
125 options->kerberos_or_local_passwd = -1;
126 options->kerberos_ticket_cleanup = -1;
127 options->kerberos_get_afs_token = -1;
128 options->gss_authentication=-1;
129 options->gss_cleanup_creds = -1;
130 options->gss_strict_acceptor = -1;
131 options->password_authentication = -1;
132 options->kbd_interactive_authentication = -1;
133 options->challenge_response_authentication = -1;
134 options->permit_empty_passwd = -1;
135 options->permit_user_env = -1;
136 options->permit_user_env_whitelist = NULL;
137 options->compression = -1;
138 options->rekey_limit = -1;
139 options->rekey_interval = -1;
140 options->allow_tcp_forwarding = -1;
141 options->allow_streamlocal_forwarding = -1;
142 options->allow_agent_forwarding = -1;
143 options->num_allow_users = 0;
144 options->num_deny_users = 0;
145 options->num_allow_groups = 0;
146 options->num_deny_groups = 0;
147 options->ciphers = NULL;
148 options->macs = NULL;
149 options->kex_algorithms = NULL;
150 options->fwd_opts.gateway_ports = -1;
151 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
152 options->fwd_opts.streamlocal_bind_unlink = -1;
153 options->num_subsystems = 0;
154 options->max_startups_begin = -1;
155 options->max_startups_rate = -1;
156 options->max_startups = -1;
157 options->max_authtries = -1;
158 options->max_sessions = -1;
159 options->banner = NULL;
160 options->use_dns = -1;
161 options->client_alive_interval = -1;
162 options->client_alive_count_max = -1;
163 options->num_authkeys_files = 0;
164 options->num_accept_env = 0;
165 options->num_setenv = 0;
166 options->permit_tun = -1;
167 options->permitted_opens = NULL;
168 options->permitted_listens = NULL;
169 options->adm_forced_command = NULL;
170 options->chroot_directory = NULL;
171 options->authorized_keys_command = NULL;
172 options->authorized_keys_command_user = NULL;
173 options->revoked_keys_file = NULL;
174 options->trusted_user_ca_keys = NULL;
175 options->authorized_principals_file = NULL;
176 options->authorized_principals_command = NULL;
177 options->authorized_principals_command_user = NULL;
178 options->ip_qos_interactive = -1;
179 options->ip_qos_bulk = -1;
180 options->version_addendum = NULL;
181 options->fingerprint_hash = -1;
182 options->disable_forwarding = -1;
183 options->expose_userauth_info = -1;
184 options->use_blacklist = -1;
187 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
189 option_clear_or_none(const char *o)
191 return o == NULL || strcasecmp(o, "none") == 0;
195 assemble_algorithms(ServerOptions *o)
197 char *all_cipher, *all_mac, *all_kex, *all_key;
200 all_cipher = cipher_alg_list(',', 0);
201 all_mac = mac_alg_list(',');
202 all_kex = kex_alg_list(',');
203 all_key = sshkey_alg_list(0, 0, 1, ',');
204 #define ASSEMBLE(what, defaults, all) \
206 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
207 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
209 ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
210 ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
211 ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
212 ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
213 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
214 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
223 array_append(const char *file, const int line, const char *directive,
224 char ***array, u_int *lp, const char *s)
228 fatal("%s line %d: Too many %s entries", file, line, directive);
230 *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
231 (*array)[*lp] = xstrdup(s);
235 static const char *defaultkey = "[default]";
238 servconf_add_hostkey(const char *file, const int line,
239 ServerOptions *options, const char *path)
241 char *apath = derelativise_path(path);
243 if (file == defaultkey && access(path, R_OK) != 0)
245 array_append(file, line, "HostKey",
246 &options->host_key_files, &options->num_host_key_files, apath);
251 servconf_add_hostcert(const char *file, const int line,
252 ServerOptions *options, const char *path)
254 char *apath = derelativise_path(path);
256 array_append(file, line, "HostCertificate",
257 &options->host_cert_files, &options->num_host_cert_files, apath);
262 fill_default_server_options(ServerOptions *options)
266 /* Portable-specific options */
267 if (options->use_pam == -1)
268 options->use_pam = 1;
270 /* Standard Options */
271 if (options->num_host_key_files == 0) {
272 /* fill default hostkeys for protocols */
273 servconf_add_hostkey(defaultkey, 0, options,
274 _PATH_HOST_RSA_KEY_FILE);
275 servconf_add_hostkey(defaultkey, 0, options,
276 _PATH_HOST_DSA_KEY_FILE);
277 #ifdef OPENSSL_HAS_ECC
278 servconf_add_hostkey(defaultkey, 0, options,
279 _PATH_HOST_ECDSA_KEY_FILE);
281 servconf_add_hostkey(defaultkey, 0, options,
282 _PATH_HOST_ED25519_KEY_FILE);
284 servconf_add_hostkey(defaultkey, 0, options,
285 _PATH_HOST_XMSS_KEY_FILE);
286 #endif /* WITH_XMSS */
288 if (options->num_host_key_files == 0)
289 fatal("No host key files found");
290 /* No certificates by default */
291 if (options->num_ports == 0)
292 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
293 if (options->address_family == -1)
294 options->address_family = AF_UNSPEC;
295 if (options->listen_addrs == NULL)
296 add_listen_addr(options, NULL, NULL, 0);
297 if (options->pid_file == NULL)
298 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
299 if (options->login_grace_time == -1)
300 options->login_grace_time = 120;
301 if (options->permit_root_login == PERMIT_NOT_SET)
302 options->permit_root_login = PERMIT_NO;
303 if (options->ignore_rhosts == -1)
304 options->ignore_rhosts = 1;
305 if (options->ignore_user_known_hosts == -1)
306 options->ignore_user_known_hosts = 0;
307 if (options->print_motd == -1)
308 options->print_motd = 1;
309 if (options->print_lastlog == -1)
310 options->print_lastlog = 1;
311 if (options->x11_forwarding == -1)
312 options->x11_forwarding = 1;
313 if (options->x11_display_offset == -1)
314 options->x11_display_offset = 10;
315 if (options->x11_use_localhost == -1)
316 options->x11_use_localhost = 1;
317 if (options->xauth_location == NULL)
318 options->xauth_location = xstrdup(_PATH_XAUTH);
319 if (options->permit_tty == -1)
320 options->permit_tty = 1;
321 if (options->permit_user_rc == -1)
322 options->permit_user_rc = 1;
323 if (options->strict_modes == -1)
324 options->strict_modes = 1;
325 if (options->tcp_keep_alive == -1)
326 options->tcp_keep_alive = 1;
327 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
328 options->log_facility = SYSLOG_FACILITY_AUTH;
329 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
330 options->log_level = SYSLOG_LEVEL_INFO;
331 if (options->hostbased_authentication == -1)
332 options->hostbased_authentication = 0;
333 if (options->hostbased_uses_name_from_packet_only == -1)
334 options->hostbased_uses_name_from_packet_only = 0;
335 if (options->pubkey_authentication == -1)
336 options->pubkey_authentication = 1;
337 if (options->kerberos_authentication == -1)
338 options->kerberos_authentication = 0;
339 if (options->kerberos_or_local_passwd == -1)
340 options->kerberos_or_local_passwd = 1;
341 if (options->kerberos_ticket_cleanup == -1)
342 options->kerberos_ticket_cleanup = 1;
343 if (options->kerberos_get_afs_token == -1)
344 options->kerberos_get_afs_token = 0;
345 if (options->gss_authentication == -1)
346 options->gss_authentication = 0;
347 if (options->gss_cleanup_creds == -1)
348 options->gss_cleanup_creds = 1;
349 if (options->gss_strict_acceptor == -1)
350 options->gss_strict_acceptor = 1;
351 if (options->password_authentication == -1)
352 options->password_authentication = 0;
353 if (options->kbd_interactive_authentication == -1)
354 options->kbd_interactive_authentication = 0;
355 if (options->challenge_response_authentication == -1)
356 options->challenge_response_authentication = 1;
357 if (options->permit_empty_passwd == -1)
358 options->permit_empty_passwd = 0;
359 if (options->permit_user_env == -1) {
360 options->permit_user_env = 0;
361 options->permit_user_env_whitelist = NULL;
363 if (options->compression == -1)
364 options->compression = COMP_DELAYED;
365 if (options->rekey_limit == -1)
366 options->rekey_limit = 0;
367 if (options->rekey_interval == -1)
368 options->rekey_interval = 0;
369 if (options->allow_tcp_forwarding == -1)
370 options->allow_tcp_forwarding = FORWARD_ALLOW;
371 if (options->allow_streamlocal_forwarding == -1)
372 options->allow_streamlocal_forwarding = FORWARD_ALLOW;
373 if (options->allow_agent_forwarding == -1)
374 options->allow_agent_forwarding = 1;
375 if (options->fwd_opts.gateway_ports == -1)
376 options->fwd_opts.gateway_ports = 0;
377 if (options->max_startups == -1)
378 options->max_startups = 100;
379 if (options->max_startups_rate == -1)
380 options->max_startups_rate = 30; /* 30% */
381 if (options->max_startups_begin == -1)
382 options->max_startups_begin = 10;
383 if (options->max_authtries == -1)
384 options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
385 if (options->max_sessions == -1)
386 options->max_sessions = DEFAULT_SESSIONS_MAX;
387 if (options->use_dns == -1)
388 options->use_dns = 1;
389 if (options->client_alive_interval == -1)
390 options->client_alive_interval = 0;
391 if (options->client_alive_count_max == -1)
392 options->client_alive_count_max = 3;
393 if (options->num_authkeys_files == 0) {
394 array_append(defaultkey, 0, "AuthorizedKeysFiles",
395 &options->authorized_keys_files,
396 &options->num_authkeys_files,
397 _PATH_SSH_USER_PERMITTED_KEYS);
398 array_append(defaultkey, 0, "AuthorizedKeysFiles",
399 &options->authorized_keys_files,
400 &options->num_authkeys_files,
401 _PATH_SSH_USER_PERMITTED_KEYS2);
403 if (options->permit_tun == -1)
404 options->permit_tun = SSH_TUNMODE_NO;
405 if (options->ip_qos_interactive == -1)
406 options->ip_qos_interactive = IPTOS_DSCP_AF21;
407 if (options->ip_qos_bulk == -1)
408 options->ip_qos_bulk = IPTOS_DSCP_CS1;
409 if (options->version_addendum == NULL)
410 options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
411 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
412 options->fwd_opts.streamlocal_bind_mask = 0177;
413 if (options->fwd_opts.streamlocal_bind_unlink == -1)
414 options->fwd_opts.streamlocal_bind_unlink = 0;
415 if (options->fingerprint_hash == -1)
416 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
417 if (options->disable_forwarding == -1)
418 options->disable_forwarding = 0;
419 if (options->expose_userauth_info == -1)
420 options->expose_userauth_info = 0;
421 if (options->use_blacklist == -1)
422 options->use_blacklist = 0;
424 assemble_algorithms(options);
426 /* Turn privilege separation and sandboxing on by default */
427 if (use_privsep == -1)
428 use_privsep = PRIVSEP_ON;
430 #define CLEAR_ON_NONE(v) \
432 if (option_clear_or_none(v)) { \
437 CLEAR_ON_NONE(options->pid_file);
438 CLEAR_ON_NONE(options->xauth_location);
439 CLEAR_ON_NONE(options->banner);
440 CLEAR_ON_NONE(options->trusted_user_ca_keys);
441 CLEAR_ON_NONE(options->revoked_keys_file);
442 CLEAR_ON_NONE(options->authorized_principals_file);
443 CLEAR_ON_NONE(options->adm_forced_command);
444 CLEAR_ON_NONE(options->chroot_directory);
445 CLEAR_ON_NONE(options->routing_domain);
446 for (i = 0; i < options->num_host_key_files; i++)
447 CLEAR_ON_NONE(options->host_key_files[i]);
448 for (i = 0; i < options->num_host_cert_files; i++)
449 CLEAR_ON_NONE(options->host_cert_files[i]);
452 /* Similar handling for AuthenticationMethods=any */
453 if (options->num_auth_methods == 1 &&
454 strcmp(options->auth_methods[0], "any") == 0) {
455 free(options->auth_methods[0]);
456 options->auth_methods[0] = NULL;
457 options->num_auth_methods = 0;
461 if (use_privsep && options->compression == 1) {
462 error("This platform does not support both privilege "
463 "separation and compression");
464 error("Compression disabled");
465 options->compression = 0;
471 /* Keyword tokens. */
473 sBadOption, /* == unknown option */
474 /* Portable-specific options */
476 /* Standard Options */
477 sPort, sHostKeyFile, sLoginGraceTime,
478 sPermitRootLogin, sLogFacility, sLogLevel,
479 sRhostsRSAAuthentication, sRSAAuthentication,
480 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
481 sKerberosGetAFSToken, sChallengeResponseAuthentication,
482 sPasswordAuthentication, sKbdInteractiveAuthentication,
483 sListenAddress, sAddressFamily,
484 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
485 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
486 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
487 sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
488 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
489 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
490 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
491 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
492 sBanner, sUseDNS, sHostbasedAuthentication,
493 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
495 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
496 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
497 sAcceptEnv, sSetEnv, sPermitTunnel,
498 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
499 sUsePrivilegeSeparation, sAllowAgentForwarding,
501 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
502 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
503 sKexAlgorithms, sIPQoS, sVersionAddendum,
504 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
505 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
506 sStreamLocalBindMask, sStreamLocalBindUnlink,
507 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
508 sExposeAuthInfo, sRDomain,
510 sDeprecated, sIgnore, sUnsupported
513 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
514 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
515 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
517 /* Textual representation of the tokens. */
520 ServerOpCodes opcode;
523 /* Portable-specific options */
525 { "usepam", sUsePAM, SSHCFG_GLOBAL },
527 { "usepam", sUnsupported, SSHCFG_GLOBAL },
529 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
530 /* Standard Options */
531 { "port", sPort, SSHCFG_GLOBAL },
532 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
533 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
534 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
535 { "pidfile", sPidFile, SSHCFG_GLOBAL },
536 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL },
537 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
538 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
539 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
540 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
541 { "loglevel", sLogLevel, SSHCFG_ALL },
542 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
543 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
544 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
545 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
546 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
547 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
548 { "rsaauthentication", sDeprecated, SSHCFG_ALL },
549 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
550 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
551 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
553 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
554 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
555 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
557 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
559 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
562 { "kerberosauthentication", sUnsupported, SSHCFG_ALL },
563 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
564 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
565 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
567 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
568 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
570 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
571 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
572 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
574 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
575 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
576 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
578 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
579 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
580 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
581 { "skeyauthentication", sDeprecated, SSHCFG_GLOBAL },
582 { "checkmail", sDeprecated, SSHCFG_GLOBAL },
583 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
584 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
585 { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
586 #ifdef DISABLE_LASTLOG
587 { "printlastlog", sUnsupported, SSHCFG_GLOBAL },
589 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
591 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
592 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
593 { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
594 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
595 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
596 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
597 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
598 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
599 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
600 { "uselogin", sDeprecated, SSHCFG_GLOBAL },
601 { "compression", sCompression, SSHCFG_GLOBAL },
602 { "rekeylimit", sRekeyLimit, SSHCFG_ALL },
603 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
604 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
605 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
606 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
607 { "allowusers", sAllowUsers, SSHCFG_ALL },
608 { "denyusers", sDenyUsers, SSHCFG_ALL },
609 { "allowgroups", sAllowGroups, SSHCFG_ALL },
610 { "denygroups", sDenyGroups, SSHCFG_ALL },
611 { "ciphers", sCiphers, SSHCFG_GLOBAL },
612 { "macs", sMacs, SSHCFG_GLOBAL },
613 { "protocol", sIgnore, SSHCFG_GLOBAL },
614 { "gatewayports", sGatewayPorts, SSHCFG_ALL },
615 { "subsystem", sSubsystem, SSHCFG_GLOBAL },
616 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
617 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
618 { "maxsessions", sMaxSessions, SSHCFG_ALL },
619 { "banner", sBanner, SSHCFG_ALL },
620 { "usedns", sUseDNS, SSHCFG_GLOBAL },
621 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
622 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
623 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },
624 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
625 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
626 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
627 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
628 { "acceptenv", sAcceptEnv, SSHCFG_ALL },
629 { "setenv", sSetEnv, SSHCFG_ALL },
630 { "permittunnel", sPermitTunnel, SSHCFG_ALL },
631 { "permittty", sPermitTTY, SSHCFG_ALL },
632 { "permituserrc", sPermitUserRC, SSHCFG_ALL },
633 { "match", sMatch, SSHCFG_ALL },
634 { "permitopen", sPermitOpen, SSHCFG_ALL },
635 { "permitlisten", sPermitListen, SSHCFG_ALL },
636 { "forcecommand", sForceCommand, SSHCFG_ALL },
637 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
638 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
639 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
640 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
641 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
642 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
643 { "ipqos", sIPQoS, SSHCFG_ALL },
644 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
645 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
646 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
647 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
648 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
649 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
650 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
651 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
652 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
653 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
654 { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
655 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
656 { "rdomain", sRDomain, SSHCFG_ALL },
657 { "useblacklist", sUseBlacklist, SSHCFG_GLOBAL },
658 { "noneenabled", sUnsupported, SSHCFG_ALL },
659 { "hpndisabled", sDeprecated, SSHCFG_ALL },
660 { "hpnbuffersize", sDeprecated, SSHCFG_ALL },
661 { "tcprcvbufpoll", sDeprecated, SSHCFG_ALL },
662 { NULL, sBadOption, 0 }
669 { SSH_TUNMODE_NO, "no" },
670 { SSH_TUNMODE_POINTOPOINT, "point-to-point" },
671 { SSH_TUNMODE_ETHERNET, "ethernet" },
672 { SSH_TUNMODE_YES, "yes" },
676 /* Returns an opcode name from its number */
679 lookup_opcode_name(ServerOpCodes code)
683 for (i = 0; keywords[i].name != NULL; i++)
684 if (keywords[i].opcode == code)
685 return(keywords[i].name);
691 * Returns the number of the token pointed to by cp or sBadOption.
695 parse_token(const char *cp, const char *filename,
696 int linenum, u_int *flags)
700 for (i = 0; keywords[i].name; i++)
701 if (strcasecmp(cp, keywords[i].name) == 0) {
702 *flags = keywords[i].flags;
703 return keywords[i].opcode;
706 error("%s: line %d: Bad configuration option: %s",
707 filename, linenum, cp);
712 derelativise_path(const char *path)
714 char *expanded, *ret, cwd[PATH_MAX];
716 if (strcasecmp(path, "none") == 0)
717 return xstrdup("none");
718 expanded = tilde_expand_filename(path, getuid());
719 if (*expanded == '/')
721 if (getcwd(cwd, sizeof(cwd)) == NULL)
722 fatal("%s: getcwd: %s", __func__, strerror(errno));
723 xasprintf(&ret, "%s/%s", cwd, expanded);
729 add_listen_addr(ServerOptions *options, const char *addr,
730 const char *rdomain, int port)
735 add_one_listen_addr(options, addr, rdomain, port);
737 for (i = 0; i < options->num_ports; i++) {
738 add_one_listen_addr(options, addr, rdomain,
745 add_one_listen_addr(ServerOptions *options, const char *addr,
746 const char *rdomain, int port)
748 struct addrinfo hints, *ai, *aitop;
749 char strport[NI_MAXSERV];
753 /* Find listen_addrs entry for this rdomain */
754 for (i = 0; i < options->num_listen_addrs; i++) {
755 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL)
757 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL)
759 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0)
762 if (i >= options->num_listen_addrs) {
763 /* No entry for this rdomain; allocate one */
765 fatal("%s: too many listen addresses", __func__);
766 options->listen_addrs = xrecallocarray(options->listen_addrs,
767 options->num_listen_addrs, options->num_listen_addrs + 1,
768 sizeof(*options->listen_addrs));
769 i = options->num_listen_addrs++;
771 options->listen_addrs[i].rdomain = xstrdup(rdomain);
773 /* options->listen_addrs[i] points to the addresses for this rdomain */
775 memset(&hints, 0, sizeof(hints));
776 hints.ai_family = options->address_family;
777 hints.ai_socktype = SOCK_STREAM;
778 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
779 snprintf(strport, sizeof strport, "%d", port);
780 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
781 fatal("bad addr or host: %s (%s)",
782 addr ? addr : "<NULL>",
783 ssh_gai_strerror(gaierr));
784 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
786 ai->ai_next = options->listen_addrs[i].addrs;
787 options->listen_addrs[i].addrs = aitop;
790 /* Returns nonzero if the routing domain name is valid */
792 valid_rdomain(const char *name)
794 #if defined(HAVE_SYS_VALID_RDOMAIN)
795 return sys_valid_rdomain(name);
796 #elif defined(__OpenBSD__)
799 struct rt_tableinfo info;
801 size_t miblen = sizeof(mib);
806 num = strtonum(name, 0, 255, &errstr);
810 /* Check whether the table actually exists */
811 memset(mib, 0, sizeof(mib));
814 mib[4] = NET_RT_TABLE;
816 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1)
820 #else /* defined(__OpenBSD__) */
821 error("Routing domains are not supported on this platform");
827 * Queue a ListenAddress to be processed once we have all of the Ports
828 * and AddressFamily options.
831 queue_listen_addr(ServerOptions *options, const char *addr,
832 const char *rdomain, int port)
834 struct queued_listenaddr *qla;
836 options->queued_listen_addrs = xrecallocarray(
837 options->queued_listen_addrs,
838 options->num_queued_listens, options->num_queued_listens + 1,
839 sizeof(*options->queued_listen_addrs));
840 qla = &options->queued_listen_addrs[options->num_queued_listens++];
841 qla->addr = xstrdup(addr);
843 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain);
847 * Process queued (text) ListenAddress entries.
850 process_queued_listen_addrs(ServerOptions *options)
853 struct queued_listenaddr *qla;
855 if (options->num_ports == 0)
856 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
857 if (options->address_family == -1)
858 options->address_family = AF_UNSPEC;
860 for (i = 0; i < options->num_queued_listens; i++) {
861 qla = &options->queued_listen_addrs[i];
862 add_listen_addr(options, qla->addr, qla->rdomain, qla->port);
866 free(options->queued_listen_addrs);
867 options->queued_listen_addrs = NULL;
868 options->num_queued_listens = 0;
872 * Inform channels layer of permitopen options for a single forwarding
873 * direction (local/remote).
876 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
877 char **opens, u_int num_opens)
881 char *host, *arg, *oarg;
882 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
883 const char *what = lookup_opcode_name(opcode);
885 channel_clear_permission(ssh, FORWARD_ADM, where);
887 return; /* permit any */
889 /* handle keywords: "any" / "none" */
890 if (num_opens == 1 && strcmp(opens[0], "any") == 0)
892 if (num_opens == 1 && strcmp(opens[0], "none") == 0) {
893 channel_disable_admin(ssh, where);
896 /* Otherwise treat it as a list of permitted host:port */
897 for (i = 0; i < num_opens; i++) {
898 oarg = arg = xstrdup(opens[i]);
899 host = hpdelim(&arg);
901 fatal("%s: missing host in %s", __func__, what);
902 host = cleanhostname(host);
903 if (arg == NULL || ((port = permitopen_port(arg)) < 0))
904 fatal("%s: bad port number in %s", __func__, what);
905 /* Send it to channels layer */
906 channel_add_permission(ssh, FORWARD_ADM,
913 * Inform channels layer of permitopen options from configuration.
916 process_permitopen(struct ssh *ssh, ServerOptions *options)
918 process_permitopen_list(ssh, sPermitOpen,
919 options->permitted_opens, options->num_permitted_opens);
920 process_permitopen_list(ssh, sPermitListen,
921 options->permitted_listens,
922 options->num_permitted_listens);
925 struct connection_info *
926 get_connection_info(int populate, int use_dns)
928 struct ssh *ssh = active_state; /* XXX */
929 static struct connection_info ci;
933 ci.host = auth_get_canonical_hostname(ssh, use_dns);
934 ci.address = ssh_remote_ipaddr(ssh);
935 ci.laddress = ssh_local_ipaddr(ssh);
936 ci.lport = ssh_local_port(ssh);
937 ci.rdomain = ssh_packet_rdomain_in(ssh);
942 * The strategy for the Match blocks is that the config file is parsed twice.
944 * The first time is at startup. activep is initialized to 1 and the
945 * directives in the global context are processed and acted on. Hitting a
946 * Match directive unsets activep and the directives inside the block are
947 * checked for syntax only.
949 * The second time is after a connection has been established but before
950 * authentication. activep is initialized to 2 and global config directives
951 * are ignored since they have already been processed. If the criteria in a
952 * Match block is met, activep is set and the subsequent directives
953 * processed and actioned until EOF or another Match block unsets it. Any
954 * options set are copied into the main server config.
956 * Potential additions/improvements:
957 * - Add Match support for pre-kex directives, eg. Ciphers.
959 * - Add a Tag directive (idea from David Leonard) ala pf, eg:
960 * Match Address 192.168.0.*
965 * AllowTcpForwarding yes
966 * GatewayPorts clientspecified
969 * - Add a PermittedChannelRequests directive
971 * PermittedChannelRequests session,forwarded-tcpip
975 match_cfg_line_group(const char *grps, int line, const char *user)
983 if ((pw = getpwnam(user)) == NULL) {
984 debug("Can't match group at line %d because user %.100s does "
985 "not exist", line, user);
986 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
987 debug("Can't Match group because user %.100s not in any group "
988 "at line %d", user, line);
989 } else if (ga_match_pattern_list(grps) != 1) {
990 debug("user %.100s does not match group list %.100s at line %d",
993 debug("user %.100s matched group list %.100s at line %d", user,
1003 match_test_missing_fatal(const char *criteria, const char *attrib)
1005 fatal("'Match %s' in configuration but '%s' not in connection "
1006 "test specification.", criteria, attrib);
1010 * All of the attributes on a single Match line are ANDed together, so we need
1011 * to check every attribute and set the result to zero if any attribute does
1015 match_cfg_line(char **condition, int line, struct connection_info *ci)
1017 int result = 1, attributes = 0, port;
1018 char *arg, *attrib, *cp = *condition;
1021 debug3("checking syntax for 'Match %s'", cp);
1023 debug3("checking match for '%s' user %s host %s addr %s "
1024 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
1025 ci->host ? ci->host : "(null)",
1026 ci->address ? ci->address : "(null)",
1027 ci->laddress ? ci->laddress : "(null)", ci->lport);
1029 while ((attrib = strdelim(&cp)) && *attrib != '\0') {
1031 if (strcasecmp(attrib, "all") == 0) {
1032 if (attributes != 1 ||
1033 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
1034 error("'all' cannot be combined with other "
1035 "Match attributes");
1041 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
1042 error("Missing Match criteria for %s", attrib);
1045 if (strcasecmp(attrib, "user") == 0) {
1050 if (ci->user == NULL)
1051 match_test_missing_fatal("User", "user");
1052 if (match_pattern_list(ci->user, arg, 0) != 1)
1055 debug("user %.100s matched 'User %.100s' at "
1056 "line %d", ci->user, arg, line);
1057 } else if (strcasecmp(attrib, "group") == 0) {
1062 if (ci->user == NULL)
1063 match_test_missing_fatal("Group", "user");
1064 switch (match_cfg_line_group(arg, line, ci->user)) {
1070 } else if (strcasecmp(attrib, "host") == 0) {
1075 if (ci->host == NULL)
1076 match_test_missing_fatal("Host", "host");
1077 if (match_hostname(ci->host, arg) != 1)
1080 debug("connection from %.100s matched 'Host "
1081 "%.100s' at line %d", ci->host, arg, line);
1082 } else if (strcasecmp(attrib, "address") == 0) {
1087 if (ci->address == NULL)
1088 match_test_missing_fatal("Address", "addr");
1089 switch (addr_match_list(ci->address, arg)) {
1091 debug("connection from %.100s matched 'Address "
1092 "%.100s' at line %d", ci->address, arg, line);
1101 } else if (strcasecmp(attrib, "localaddress") == 0){
1106 if (ci->laddress == NULL)
1107 match_test_missing_fatal("LocalAddress",
1109 switch (addr_match_list(ci->laddress, arg)) {
1111 debug("connection from %.100s matched "
1112 "'LocalAddress %.100s' at line %d",
1113 ci->laddress, arg, line);
1122 } else if (strcasecmp(attrib, "localport") == 0) {
1123 if ((port = a2port(arg)) == -1) {
1124 error("Invalid LocalPort '%s' on Match line",
1133 match_test_missing_fatal("LocalPort", "lport");
1134 /* TODO support port lists */
1135 if (port == ci->lport)
1136 debug("connection from %.100s matched "
1137 "'LocalPort %d' at line %d",
1138 ci->laddress, port, line);
1141 } else if (strcasecmp(attrib, "rdomain") == 0) {
1142 if (ci == NULL || ci->rdomain == NULL) {
1146 if (match_pattern_list(ci->rdomain, arg, 0) != 1)
1149 debug("user %.100s matched 'RDomain %.100s' at "
1150 "line %d", ci->rdomain, arg, line);
1152 error("Unsupported Match attribute %s", attrib);
1156 if (attributes == 0) {
1157 error("One or more attributes required for Match");
1161 debug3("match %sfound", result ? "" : "not ");
1166 #define WHITESPACE " \t\r\n"
1168 /* Multistate option parsing */
1173 static const struct multistate multistate_flag[] = {
1178 static const struct multistate multistate_addressfamily[] = {
1179 { "inet", AF_INET },
1180 { "inet6", AF_INET6 },
1181 { "any", AF_UNSPEC },
1184 static const struct multistate multistate_permitrootlogin[] = {
1185 { "without-password", PERMIT_NO_PASSWD },
1186 { "prohibit-password", PERMIT_NO_PASSWD },
1187 { "forced-commands-only", PERMIT_FORCED_ONLY },
1188 { "yes", PERMIT_YES },
1189 { "no", PERMIT_NO },
1192 static const struct multistate multistate_compression[] = {
1193 { "yes", COMP_DELAYED },
1194 { "delayed", COMP_DELAYED },
1195 { "no", COMP_NONE },
1198 static const struct multistate multistate_gatewayports[] = {
1199 { "clientspecified", 2 },
1204 static const struct multistate multistate_tcpfwd[] = {
1205 { "yes", FORWARD_ALLOW },
1206 { "all", FORWARD_ALLOW },
1207 { "no", FORWARD_DENY },
1208 { "remote", FORWARD_REMOTE },
1209 { "local", FORWARD_LOCAL },
1214 process_server_config_line(ServerOptions *options, char *line,
1215 const char *filename, int linenum, int *activep,
1216 struct connection_info *connectinfo)
1218 char *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
1219 int cmdline = 0, *intptr, value, value2, n, port;
1220 SyslogFacility *log_facility_ptr;
1221 LogLevel *log_level_ptr;
1222 ServerOpCodes opcode;
1223 u_int i, *uintptr, uvalue, flags = 0;
1226 const struct multistate *multistate_ptr;
1229 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
1230 if ((len = strlen(line)) == 0)
1232 for (len--; len > 0; len--) {
1233 if (strchr(WHITESPACE "\f", line[len]) == NULL)
1239 if ((arg = strdelim(&cp)) == NULL)
1241 /* Ignore leading whitespace */
1243 arg = strdelim(&cp);
1244 if (!arg || !*arg || *arg == '#')
1248 opcode = parse_token(arg, filename, linenum, &flags);
1250 if (activep == NULL) { /* We are processing a command line directive */
1254 if (*activep && opcode != sMatch)
1255 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
1256 if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
1257 if (connectinfo == NULL) {
1258 fatal("%s line %d: Directive '%s' is not allowed "
1259 "within a Match block", filename, linenum, arg);
1260 } else { /* this is a directive we have already processed */
1262 arg = strdelim(&cp);
1268 /* Portable-specific options */
1270 intptr = &options->use_pam;
1273 /* Standard Options */
1277 /* ignore ports from configfile if cmdline specifies ports */
1278 if (options->ports_from_cmdline)
1280 if (options->num_ports >= MAX_PORTS)
1281 fatal("%s line %d: too many ports.",
1283 arg = strdelim(&cp);
1284 if (!arg || *arg == '\0')
1285 fatal("%s line %d: missing port number.",
1287 options->ports[options->num_ports++] = a2port(arg);
1288 if (options->ports[options->num_ports-1] <= 0)
1289 fatal("%s line %d: Badly formatted port number.",
1293 case sLoginGraceTime:
1294 intptr = &options->login_grace_time;
1296 arg = strdelim(&cp);
1297 if (!arg || *arg == '\0')
1298 fatal("%s line %d: missing time value.",
1300 if ((value = convtime(arg)) == -1)
1301 fatal("%s line %d: invalid time value.",
1303 if (*activep && *intptr == -1)
1307 case sListenAddress:
1308 arg = strdelim(&cp);
1309 if (arg == NULL || *arg == '\0')
1310 fatal("%s line %d: missing address",
1312 /* check for bare IPv6 address: no "[]" and 2 or more ":" */
1313 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
1314 && strchr(p+1, ':') != NULL) {
1320 fatal("%s line %d: bad address:port usage",
1322 p = cleanhostname(p);
1325 else if ((port = a2port(arg)) <= 0)
1326 fatal("%s line %d: bad port number",
1329 /* Optional routing table */
1331 if ((arg = strdelim(&cp)) != NULL) {
1332 if (strcmp(arg, "rdomain") != 0 ||
1333 (arg2 = strdelim(&cp)) == NULL)
1334 fatal("%s line %d: bad ListenAddress syntax",
1336 if (!valid_rdomain(arg2))
1337 fatal("%s line %d: bad routing domain",
1341 queue_listen_addr(options, p, arg2, port);
1345 case sAddressFamily:
1346 intptr = &options->address_family;
1347 multistate_ptr = multistate_addressfamily;
1349 arg = strdelim(&cp);
1350 if (!arg || *arg == '\0')
1351 fatal("%s line %d: missing argument.",
1354 for (i = 0; multistate_ptr[i].key != NULL; i++) {
1355 if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
1356 value = multistate_ptr[i].value;
1361 fatal("%s line %d: unsupported option \"%s\".",
1362 filename, linenum, arg);
1363 if (*activep && *intptr == -1)
1368 arg = strdelim(&cp);
1369 if (!arg || *arg == '\0')
1370 fatal("%s line %d: missing file name.",
1373 servconf_add_hostkey(filename, linenum, options, arg);
1377 charptr = &options->host_key_agent;
1378 arg = strdelim(&cp);
1379 if (!arg || *arg == '\0')
1380 fatal("%s line %d: missing socket name.",
1382 if (*activep && *charptr == NULL)
1383 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
1384 xstrdup(arg) : derelativise_path(arg);
1387 case sHostCertificate:
1388 arg = strdelim(&cp);
1389 if (!arg || *arg == '\0')
1390 fatal("%s line %d: missing file name.",
1393 servconf_add_hostcert(filename, linenum, options, arg);
1397 charptr = &options->pid_file;
1399 arg = strdelim(&cp);
1400 if (!arg || *arg == '\0')
1401 fatal("%s line %d: missing file name.",
1403 if (*activep && *charptr == NULL) {
1404 *charptr = derelativise_path(arg);
1405 /* increase optional counter */
1407 *intptr = *intptr + 1;
1411 case sPermitRootLogin:
1412 intptr = &options->permit_root_login;
1413 multistate_ptr = multistate_permitrootlogin;
1414 goto parse_multistate;
1417 intptr = &options->ignore_rhosts;
1419 multistate_ptr = multistate_flag;
1420 goto parse_multistate;
1422 case sIgnoreUserKnownHosts:
1423 intptr = &options->ignore_user_known_hosts;
1426 case sHostbasedAuthentication:
1427 intptr = &options->hostbased_authentication;
1430 case sHostbasedUsesNameFromPacketOnly:
1431 intptr = &options->hostbased_uses_name_from_packet_only;
1434 case sHostbasedAcceptedKeyTypes:
1435 charptr = &options->hostbased_key_types;
1437 arg = strdelim(&cp);
1438 if (!arg || *arg == '\0')
1439 fatal("%s line %d: Missing argument.",
1442 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1443 fatal("%s line %d: Bad key types '%s'.",
1444 filename, linenum, arg ? arg : "<NONE>");
1445 if (*activep && *charptr == NULL)
1446 *charptr = xstrdup(arg);
1449 case sHostKeyAlgorithms:
1450 charptr = &options->hostkeyalgorithms;
1451 goto parse_keytypes;
1453 case sPubkeyAuthentication:
1454 intptr = &options->pubkey_authentication;
1457 case sPubkeyAcceptedKeyTypes:
1458 charptr = &options->pubkey_key_types;
1459 goto parse_keytypes;
1461 case sKerberosAuthentication:
1462 intptr = &options->kerberos_authentication;
1465 case sKerberosOrLocalPasswd:
1466 intptr = &options->kerberos_or_local_passwd;
1469 case sKerberosTicketCleanup:
1470 intptr = &options->kerberos_ticket_cleanup;
1473 case sKerberosGetAFSToken:
1474 intptr = &options->kerberos_get_afs_token;
1477 case sGssAuthentication:
1478 intptr = &options->gss_authentication;
1481 case sGssCleanupCreds:
1482 intptr = &options->gss_cleanup_creds;
1485 case sGssStrictAcceptor:
1486 intptr = &options->gss_strict_acceptor;
1489 case sPasswordAuthentication:
1490 intptr = &options->password_authentication;
1493 case sKbdInteractiveAuthentication:
1494 intptr = &options->kbd_interactive_authentication;
1497 case sChallengeResponseAuthentication:
1498 intptr = &options->challenge_response_authentication;
1502 intptr = &options->print_motd;
1506 intptr = &options->print_lastlog;
1509 case sX11Forwarding:
1510 intptr = &options->x11_forwarding;
1513 case sX11DisplayOffset:
1514 intptr = &options->x11_display_offset;
1516 arg = strdelim(&cp);
1517 if ((errstr = atoi_err(arg, &value)) != NULL)
1518 fatal("%s line %d: integer value %s.",
1519 filename, linenum, errstr);
1520 if (*activep && *intptr == -1)
1524 case sX11UseLocalhost:
1525 intptr = &options->x11_use_localhost;
1528 case sXAuthLocation:
1529 charptr = &options->xauth_location;
1530 goto parse_filename;
1533 intptr = &options->permit_tty;
1537 intptr = &options->permit_user_rc;
1541 intptr = &options->strict_modes;
1545 intptr = &options->tcp_keep_alive;
1549 intptr = &options->permit_empty_passwd;
1552 case sPermitUserEnvironment:
1553 intptr = &options->permit_user_env;
1554 charptr = &options->permit_user_env_whitelist;
1555 arg = strdelim(&cp);
1556 if (!arg || *arg == '\0')
1557 fatal("%s line %d: missing argument.",
1561 if (strcmp(arg, "yes") == 0)
1563 else if (strcmp(arg, "no") == 0)
1566 /* Pattern-list specified */
1570 if (*activep && *intptr == -1) {
1579 intptr = &options->compression;
1580 multistate_ptr = multistate_compression;
1581 goto parse_multistate;
1584 arg = strdelim(&cp);
1585 if (!arg || *arg == '\0')
1586 fatal("%.200s line %d: Missing argument.", filename,
1588 if (strcmp(arg, "default") == 0) {
1591 if (scan_scaled(arg, &val64) == -1)
1592 fatal("%.200s line %d: Bad number '%s': %s",
1593 filename, linenum, arg, strerror(errno));
1594 if (val64 != 0 && val64 < 16)
1595 fatal("%.200s line %d: RekeyLimit too small",
1598 if (*activep && options->rekey_limit == -1)
1599 options->rekey_limit = val64;
1600 if (cp != NULL) { /* optional rekey interval present */
1601 if (strcmp(cp, "none") == 0) {
1602 (void)strdelim(&cp); /* discard */
1605 intptr = &options->rekey_interval;
1611 intptr = &options->fwd_opts.gateway_ports;
1612 multistate_ptr = multistate_gatewayports;
1613 goto parse_multistate;
1616 intptr = &options->use_dns;
1620 log_facility_ptr = &options->log_facility;
1621 arg = strdelim(&cp);
1622 value = log_facility_number(arg);
1623 if (value == SYSLOG_FACILITY_NOT_SET)
1624 fatal("%.200s line %d: unsupported log facility '%s'",
1625 filename, linenum, arg ? arg : "<NONE>");
1626 if (*log_facility_ptr == -1)
1627 *log_facility_ptr = (SyslogFacility) value;
1631 log_level_ptr = &options->log_level;
1632 arg = strdelim(&cp);
1633 value = log_level_number(arg);
1634 if (value == SYSLOG_LEVEL_NOT_SET)
1635 fatal("%.200s line %d: unsupported log level '%s'",
1636 filename, linenum, arg ? arg : "<NONE>");
1637 if (*activep && *log_level_ptr == -1)
1638 *log_level_ptr = (LogLevel) value;
1641 case sAllowTcpForwarding:
1642 intptr = &options->allow_tcp_forwarding;
1643 multistate_ptr = multistate_tcpfwd;
1644 goto parse_multistate;
1646 case sAllowStreamLocalForwarding:
1647 intptr = &options->allow_streamlocal_forwarding;
1648 multistate_ptr = multistate_tcpfwd;
1649 goto parse_multistate;
1651 case sAllowAgentForwarding:
1652 intptr = &options->allow_agent_forwarding;
1655 case sDisableForwarding:
1656 intptr = &options->disable_forwarding;
1660 while ((arg = strdelim(&cp)) && *arg != '\0') {
1661 if (match_user(NULL, NULL, NULL, arg) == -1)
1662 fatal("%s line %d: invalid AllowUsers pattern: "
1663 "\"%.100s\"", filename, linenum, arg);
1666 array_append(filename, linenum, "AllowUsers",
1667 &options->allow_users, &options->num_allow_users,
1673 while ((arg = strdelim(&cp)) && *arg != '\0') {
1674 if (match_user(NULL, NULL, NULL, arg) == -1)
1675 fatal("%s line %d: invalid DenyUsers pattern: "
1676 "\"%.100s\"", filename, linenum, arg);
1679 array_append(filename, linenum, "DenyUsers",
1680 &options->deny_users, &options->num_deny_users,
1686 while ((arg = strdelim(&cp)) && *arg != '\0') {
1689 array_append(filename, linenum, "AllowGroups",
1690 &options->allow_groups, &options->num_allow_groups,
1696 while ((arg = strdelim(&cp)) && *arg != '\0') {
1699 array_append(filename, linenum, "DenyGroups",
1700 &options->deny_groups, &options->num_deny_groups,
1706 arg = strdelim(&cp);
1707 if (!arg || *arg == '\0')
1708 fatal("%s line %d: Missing argument.", filename, linenum);
1709 if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
1710 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1711 filename, linenum, arg ? arg : "<NONE>");
1712 if (options->ciphers == NULL)
1713 options->ciphers = xstrdup(arg);
1717 arg = strdelim(&cp);
1718 if (!arg || *arg == '\0')
1719 fatal("%s line %d: Missing argument.", filename, linenum);
1720 if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
1721 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1722 filename, linenum, arg ? arg : "<NONE>");
1723 if (options->macs == NULL)
1724 options->macs = xstrdup(arg);
1727 case sKexAlgorithms:
1728 arg = strdelim(&cp);
1729 if (!arg || *arg == '\0')
1730 fatal("%s line %d: Missing argument.",
1733 !kex_names_valid(*arg == '+' ? arg + 1 : arg))
1734 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1735 filename, linenum, arg ? arg : "<NONE>");
1736 if (options->kex_algorithms == NULL)
1737 options->kex_algorithms = xstrdup(arg);
1741 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1742 fatal("%s line %d: too many subsystems defined.",
1745 arg = strdelim(&cp);
1746 if (!arg || *arg == '\0')
1747 fatal("%s line %d: Missing subsystem name.",
1750 arg = strdelim(&cp);
1753 for (i = 0; i < options->num_subsystems; i++)
1754 if (strcmp(arg, options->subsystem_name[i]) == 0)
1755 fatal("%s line %d: Subsystem '%s' already defined.",
1756 filename, linenum, arg);
1757 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1758 arg = strdelim(&cp);
1759 if (!arg || *arg == '\0')
1760 fatal("%s line %d: Missing subsystem command.",
1762 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1764 /* Collect arguments (separate to executable) */
1766 len = strlen(p) + 1;
1767 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1768 len += 1 + strlen(arg);
1769 p = xreallocarray(p, 1, len);
1770 strlcat(p, " ", len);
1771 strlcat(p, arg, len);
1773 options->subsystem_args[options->num_subsystems] = p;
1774 options->num_subsystems++;
1778 arg = strdelim(&cp);
1779 if (!arg || *arg == '\0')
1780 fatal("%s line %d: Missing MaxStartups spec.",
1782 if ((n = sscanf(arg, "%d:%d:%d",
1783 &options->max_startups_begin,
1784 &options->max_startups_rate,
1785 &options->max_startups)) == 3) {
1786 if (options->max_startups_begin >
1787 options->max_startups ||
1788 options->max_startups_rate > 100 ||
1789 options->max_startups_rate < 1)
1790 fatal("%s line %d: Illegal MaxStartups spec.",
1793 fatal("%s line %d: Illegal MaxStartups spec.",
1796 options->max_startups = options->max_startups_begin;
1800 intptr = &options->max_authtries;
1804 intptr = &options->max_sessions;
1808 charptr = &options->banner;
1809 goto parse_filename;
1812 * These options can contain %X options expanded at
1813 * connect time, so that you can specify paths like:
1815 * AuthorizedKeysFile /etc/ssh_keys/%u
1817 case sAuthorizedKeysFile:
1818 if (*activep && options->num_authkeys_files == 0) {
1819 while ((arg = strdelim(&cp)) && *arg != '\0') {
1820 arg = tilde_expand_filename(arg, getuid());
1821 array_append(filename, linenum,
1822 "AuthorizedKeysFile",
1823 &options->authorized_keys_files,
1824 &options->num_authkeys_files, arg);
1830 case sAuthorizedPrincipalsFile:
1831 charptr = &options->authorized_principals_file;
1832 arg = strdelim(&cp);
1833 if (!arg || *arg == '\0')
1834 fatal("%s line %d: missing file name.",
1836 if (*activep && *charptr == NULL) {
1837 *charptr = tilde_expand_filename(arg, getuid());
1838 /* increase optional counter */
1840 *intptr = *intptr + 1;
1844 case sClientAliveInterval:
1845 intptr = &options->client_alive_interval;
1848 case sClientAliveCountMax:
1849 intptr = &options->client_alive_count_max;
1853 while ((arg = strdelim(&cp)) && *arg != '\0') {
1854 if (strchr(arg, '=') != NULL)
1855 fatal("%s line %d: Invalid environment name.",
1859 array_append(filename, linenum, "AcceptEnv",
1860 &options->accept_env, &options->num_accept_env,
1866 uvalue = options->num_setenv;
1867 while ((arg = strdelimw(&cp)) && *arg != '\0') {
1868 if (strchr(arg, '=') == NULL)
1869 fatal("%s line %d: Invalid environment.",
1871 if (!*activep || uvalue != 0)
1873 array_append(filename, linenum, "SetEnv",
1874 &options->setenv, &options->num_setenv, arg);
1879 intptr = &options->permit_tun;
1880 arg = strdelim(&cp);
1881 if (!arg || *arg == '\0')
1882 fatal("%s line %d: Missing yes/point-to-point/"
1883 "ethernet/no argument.", filename, linenum);
1885 for (i = 0; tunmode_desc[i].val != -1; i++)
1886 if (strcmp(tunmode_desc[i].text, arg) == 0) {
1887 value = tunmode_desc[i].val;
1891 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
1892 "no argument: %s", filename, linenum, arg);
1893 if (*activep && *intptr == -1)
1899 fatal("Match directive not supported as a command-line "
1901 value = match_cfg_line(&cp, linenum, connectinfo);
1903 fatal("%s line %d: Bad Match condition", filename,
1910 if (opcode == sPermitListen) {
1911 uintptr = &options->num_permitted_listens;
1912 chararrayptr = &options->permitted_listens;
1914 uintptr = &options->num_permitted_opens;
1915 chararrayptr = &options->permitted_opens;
1917 arg = strdelim(&cp);
1918 if (!arg || *arg == '\0')
1919 fatal("%s line %d: missing %s specification",
1920 filename, linenum, lookup_opcode_name(opcode));
1921 uvalue = *uintptr; /* modified later */
1922 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
1923 if (*activep && uvalue == 0) {
1925 *chararrayptr = xcalloc(1,
1926 sizeof(**chararrayptr));
1927 (*chararrayptr)[0] = xstrdup(arg);
1931 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
1932 if (opcode == sPermitListen &&
1933 strchr(arg, ':') == NULL) {
1935 * Allow bare port number for PermitListen
1936 * to indicate a wildcard listen host.
1938 xasprintf(&arg2, "*:%s", arg);
1940 arg2 = xstrdup(arg);
1943 fatal("%s line %d: missing host in %s",
1945 lookup_opcode_name(opcode));
1947 p = cleanhostname(p);
1950 ((port = permitopen_port(arg)) < 0)) {
1951 fatal("%s line %d: bad port number in %s",
1953 lookup_opcode_name(opcode));
1955 if (*activep && uvalue == 0) {
1956 array_append(filename, linenum,
1957 lookup_opcode_name(opcode),
1958 chararrayptr, uintptr, arg2);
1965 if (cp == NULL || *cp == '\0')
1966 fatal("%.200s line %d: Missing argument.", filename,
1968 len = strspn(cp, WHITESPACE);
1969 if (*activep && options->adm_forced_command == NULL)
1970 options->adm_forced_command = xstrdup(cp + len);
1973 case sChrootDirectory:
1974 charptr = &options->chroot_directory;
1976 arg = strdelim(&cp);
1977 if (!arg || *arg == '\0')
1978 fatal("%s line %d: missing file name.",
1980 if (*activep && *charptr == NULL)
1981 *charptr = xstrdup(arg);
1984 case sTrustedUserCAKeys:
1985 charptr = &options->trusted_user_ca_keys;
1986 goto parse_filename;
1989 charptr = &options->revoked_keys_file;
1990 goto parse_filename;
1993 arg = strdelim(&cp);
1994 if ((value = parse_ipqos(arg)) == -1)
1995 fatal("%s line %d: Bad IPQoS value: %s",
1996 filename, linenum, arg);
1997 arg = strdelim(&cp);
2000 else if ((value2 = parse_ipqos(arg)) == -1)
2001 fatal("%s line %d: Bad IPQoS value: %s",
2002 filename, linenum, arg);
2004 options->ip_qos_interactive = value;
2005 options->ip_qos_bulk = value2;
2009 case sVersionAddendum:
2010 if (cp == NULL || *cp == '\0')
2011 fatal("%.200s line %d: Missing argument.", filename,
2013 len = strspn(cp, WHITESPACE);
2014 if (*activep && options->version_addendum == NULL) {
2015 if (strcasecmp(cp + len, "none") == 0)
2016 options->version_addendum = xstrdup("");
2017 else if (strchr(cp + len, '\r') != NULL)
2018 fatal("%.200s line %d: Invalid argument",
2021 options->version_addendum = xstrdup(cp + len);
2025 case sAuthorizedKeysCommand:
2027 fatal("%.200s line %d: Missing argument.", filename,
2029 len = strspn(cp, WHITESPACE);
2030 if (*activep && options->authorized_keys_command == NULL) {
2031 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
2032 fatal("%.200s line %d: AuthorizedKeysCommand "
2033 "must be an absolute path",
2035 options->authorized_keys_command = xstrdup(cp + len);
2039 case sAuthorizedKeysCommandUser:
2040 charptr = &options->authorized_keys_command_user;
2042 arg = strdelim(&cp);
2043 if (!arg || *arg == '\0')
2044 fatal("%s line %d: missing AuthorizedKeysCommandUser "
2045 "argument.", filename, linenum);
2046 if (*activep && *charptr == NULL)
2047 *charptr = xstrdup(arg);
2050 case sAuthorizedPrincipalsCommand:
2052 fatal("%.200s line %d: Missing argument.", filename,
2054 len = strspn(cp, WHITESPACE);
2056 options->authorized_principals_command == NULL) {
2057 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
2058 fatal("%.200s line %d: "
2059 "AuthorizedPrincipalsCommand must be "
2060 "an absolute path", filename, linenum);
2061 options->authorized_principals_command =
2066 case sAuthorizedPrincipalsCommandUser:
2067 charptr = &options->authorized_principals_command_user;
2069 arg = strdelim(&cp);
2070 if (!arg || *arg == '\0')
2071 fatal("%s line %d: missing "
2072 "AuthorizedPrincipalsCommandUser argument.",
2074 if (*activep && *charptr == NULL)
2075 *charptr = xstrdup(arg);
2078 case sAuthenticationMethods:
2079 if (options->num_auth_methods == 0) {
2080 value = 0; /* seen "any" pseudo-method */
2081 value2 = 0; /* successfully parsed any method */
2082 while ((arg = strdelim(&cp)) && *arg != '\0') {
2083 if (strcmp(arg, "any") == 0) {
2084 if (options->num_auth_methods > 0) {
2085 fatal("%s line %d: \"any\" "
2086 "must appear alone in "
2087 "AuthenticationMethods",
2092 fatal("%s line %d: \"any\" must appear "
2093 "alone in AuthenticationMethods",
2095 } else if (auth2_methods_valid(arg, 0) != 0) {
2096 fatal("%s line %d: invalid "
2097 "authentication method list.",
2103 array_append(filename, linenum,
2104 "AuthenticationMethods",
2105 &options->auth_methods,
2106 &options->num_auth_methods, arg);
2109 fatal("%s line %d: no AuthenticationMethods "
2110 "specified", filename, linenum);
2115 case sStreamLocalBindMask:
2116 arg = strdelim(&cp);
2117 if (!arg || *arg == '\0')
2118 fatal("%s line %d: missing StreamLocalBindMask "
2119 "argument.", filename, linenum);
2120 /* Parse mode in octal format */
2121 value = strtol(arg, &p, 8);
2122 if (arg == p || value < 0 || value > 0777)
2123 fatal("%s line %d: Bad mask.", filename, linenum);
2125 options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
2128 case sStreamLocalBindUnlink:
2129 intptr = &options->fwd_opts.streamlocal_bind_unlink;
2132 case sFingerprintHash:
2133 arg = strdelim(&cp);
2134 if (!arg || *arg == '\0')
2135 fatal("%.200s line %d: Missing argument.",
2137 if ((value = ssh_digest_alg_by_name(arg)) == -1)
2138 fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
2139 filename, linenum, arg);
2141 options->fingerprint_hash = value;
2144 case sExposeAuthInfo:
2145 intptr = &options->expose_userauth_info;
2149 charptr = &options->routing_domain;
2150 arg = strdelim(&cp);
2151 if (!arg || *arg == '\0')
2152 fatal("%.200s line %d: Missing argument.",
2154 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
2155 !valid_rdomain(arg))
2156 fatal("%s line %d: bad routing domain",
2158 if (*activep && *charptr == NULL)
2159 *charptr = xstrdup(arg);
2163 intptr = &options->use_blacklist;
2169 do_log2(opcode == sIgnore ?
2170 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO,
2171 "%s line %d: %s option %s", filename, linenum,
2172 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg);
2174 arg = strdelim(&cp);
2178 fatal("%s line %d: Missing handler for opcode %s (%d)",
2179 filename, linenum, arg, opcode);
2181 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
2182 fatal("%s line %d: garbage at end of line; \"%.200s\".",
2183 filename, linenum, arg);
2187 /* Reads the server configuration file. */
2190 load_server_config(const char *filename, struct sshbuf *conf)
2192 char *line = NULL, *cp;
2193 size_t linesize = 0;
2197 debug2("%s: filename %s", __func__, filename);
2198 if ((f = fopen(filename, "r")) == NULL) {
2203 while (getline(&line, &linesize, f) != -1) {
2206 * Trim out comments and strip whitespace
2207 * NB - preserve newlines, they are needed to reproduce
2208 * line numbers later for error messages
2210 if ((cp = strchr(line, '#')) != NULL)
2211 memcpy(cp, "\n", 2);
2212 cp = line + strspn(line, " \t\r");
2213 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
2214 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2217 if ((r = sshbuf_put_u8(conf, 0)) != 0)
2218 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2220 debug2("%s: done config len = %zu", __func__, sshbuf_len(conf));
2224 parse_server_match_config(ServerOptions *options,
2225 struct connection_info *connectinfo)
2229 initialize_server_options(&mo);
2230 parse_server_config(&mo, "reprocess config", cfg, connectinfo);
2231 copy_set_server_options(options, &mo, 0);
2234 int parse_server_match_testspec(struct connection_info *ci, char *spec)
2238 while ((p = strsep(&spec, ",")) && *p != '\0') {
2239 if (strncmp(p, "addr=", 5) == 0) {
2240 ci->address = xstrdup(p + 5);
2241 } else if (strncmp(p, "host=", 5) == 0) {
2242 ci->host = xstrdup(p + 5);
2243 } else if (strncmp(p, "user=", 5) == 0) {
2244 ci->user = xstrdup(p + 5);
2245 } else if (strncmp(p, "laddr=", 6) == 0) {
2246 ci->laddress = xstrdup(p + 6);
2247 } else if (strncmp(p, "rdomain=", 8) == 0) {
2248 ci->rdomain = xstrdup(p + 8);
2249 } else if (strncmp(p, "lport=", 6) == 0) {
2250 ci->lport = a2port(p + 6);
2251 if (ci->lport == -1) {
2252 fprintf(stderr, "Invalid port '%s' in test mode"
2253 " specification %s\n", p+6, p);
2257 fprintf(stderr, "Invalid test mode specification %s\n",
2266 * Copy any supported values that are set.
2268 * If the preauth flag is set, we do not bother copying the string or
2269 * array values that are not used pre-authentication, because any that we
2270 * do use must be explicitly sent in mm_getpwnamallow().
2273 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2275 #define M_CP_INTOPT(n) do {\
2280 M_CP_INTOPT(password_authentication);
2281 M_CP_INTOPT(gss_authentication);
2282 M_CP_INTOPT(pubkey_authentication);
2283 M_CP_INTOPT(kerberos_authentication);
2284 M_CP_INTOPT(hostbased_authentication);
2285 M_CP_INTOPT(hostbased_uses_name_from_packet_only);
2286 M_CP_INTOPT(kbd_interactive_authentication);
2287 M_CP_INTOPT(permit_root_login);
2288 M_CP_INTOPT(permit_empty_passwd);
2290 M_CP_INTOPT(allow_tcp_forwarding);
2291 M_CP_INTOPT(allow_streamlocal_forwarding);
2292 M_CP_INTOPT(allow_agent_forwarding);
2293 M_CP_INTOPT(disable_forwarding);
2294 M_CP_INTOPT(expose_userauth_info);
2295 M_CP_INTOPT(permit_tun);
2296 M_CP_INTOPT(fwd_opts.gateway_ports);
2297 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
2298 M_CP_INTOPT(x11_display_offset);
2299 M_CP_INTOPT(x11_forwarding);
2300 M_CP_INTOPT(x11_use_localhost);
2301 M_CP_INTOPT(permit_tty);
2302 M_CP_INTOPT(permit_user_rc);
2303 M_CP_INTOPT(max_sessions);
2304 M_CP_INTOPT(max_authtries);
2305 M_CP_INTOPT(client_alive_count_max);
2306 M_CP_INTOPT(client_alive_interval);
2307 M_CP_INTOPT(ip_qos_interactive);
2308 M_CP_INTOPT(ip_qos_bulk);
2309 M_CP_INTOPT(rekey_limit);
2310 M_CP_INTOPT(rekey_interval);
2311 M_CP_INTOPT(log_level);
2314 * The bind_mask is a mode_t that may be unsigned, so we can't use
2315 * M_CP_INTOPT - it does a signed comparison that causes compiler
2318 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) {
2319 dst->fwd_opts.streamlocal_bind_mask =
2320 src->fwd_opts.streamlocal_bind_mask;
2323 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
2324 #define M_CP_STROPT(n) do {\
2325 if (src->n != NULL && dst->n != src->n) { \
2330 #define M_CP_STRARRAYOPT(s, num_s) do {\
2332 if (src->num_s != 0) { \
2333 for (i = 0; i < dst->num_s; i++) \
2336 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \
2337 for (i = 0; i < src->num_s; i++) \
2338 dst->s[i] = xstrdup(src->s[i]); \
2339 dst->num_s = src->num_s; \
2343 /* See comment in servconf.h */
2344 COPY_MATCH_STRING_OPTS();
2346 /* Arguments that accept '+...' need to be expanded */
2347 assemble_algorithms(dst);
2350 * The only things that should be below this point are string options
2351 * which are only used after authentication.
2356 /* These options may be "none" to clear a global setting */
2357 M_CP_STROPT(adm_forced_command);
2358 if (option_clear_or_none(dst->adm_forced_command)) {
2359 free(dst->adm_forced_command);
2360 dst->adm_forced_command = NULL;
2362 M_CP_STROPT(chroot_directory);
2363 if (option_clear_or_none(dst->chroot_directory)) {
2364 free(dst->chroot_directory);
2365 dst->chroot_directory = NULL;
2371 #undef M_CP_STRARRAYOPT
2374 parse_server_config(ServerOptions *options, const char *filename,
2375 struct sshbuf *conf, struct connection_info *connectinfo)
2377 int active, linenum, bad_options = 0;
2378 char *cp, *obuf, *cbuf;
2380 debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf));
2382 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
2383 fatal("%s: sshbuf_dup_string failed", __func__);
2384 active = connectinfo ? 0 : 1;
2386 while ((cp = strsep(&cbuf, "\n")) != NULL) {
2387 if (process_server_config_line(options, cp, filename,
2388 linenum++, &active, connectinfo) != 0)
2392 if (bad_options > 0)
2393 fatal("%s: terminating, %d bad configuration options",
2394 filename, bad_options);
2395 process_queued_listen_addrs(options);
2399 fmt_multistate_int(int val, const struct multistate *m)
2403 for (i = 0; m[i].key != NULL; i++) {
2404 if (m[i].value == val)
2411 fmt_intarg(ServerOpCodes code, int val)
2416 case sAddressFamily:
2417 return fmt_multistate_int(val, multistate_addressfamily);
2418 case sPermitRootLogin:
2419 return fmt_multistate_int(val, multistate_permitrootlogin);
2421 return fmt_multistate_int(val, multistate_gatewayports);
2423 return fmt_multistate_int(val, multistate_compression);
2424 case sAllowTcpForwarding:
2425 return fmt_multistate_int(val, multistate_tcpfwd);
2426 case sAllowStreamLocalForwarding:
2427 return fmt_multistate_int(val, multistate_tcpfwd);
2428 case sFingerprintHash:
2429 return ssh_digest_alg_name(val);
2443 dump_cfg_int(ServerOpCodes code, int val)
2445 printf("%s %d\n", lookup_opcode_name(code), val);
2449 dump_cfg_oct(ServerOpCodes code, int val)
2451 printf("%s 0%o\n", lookup_opcode_name(code), val);
2455 dump_cfg_fmtint(ServerOpCodes code, int val)
2457 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
2461 dump_cfg_string(ServerOpCodes code, const char *val)
2463 printf("%s %s\n", lookup_opcode_name(code),
2464 val == NULL ? "none" : val);
2468 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
2472 for (i = 0; i < count; i++)
2473 printf("%s %s\n", lookup_opcode_name(code), vals[i]);
2477 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
2481 if (count <= 0 && code != sAuthenticationMethods)
2483 printf("%s", lookup_opcode_name(code));
2484 for (i = 0; i < count; i++)
2485 printf(" %s", vals[i]);
2486 if (code == sAuthenticationMethods && count == 0)
2492 format_listen_addrs(struct listenaddr *la)
2495 struct addrinfo *ai;
2496 char addr[NI_MAXHOST], port[NI_MAXSERV];
2497 char *laddr1 = xstrdup(""), *laddr2 = NULL;
2500 * ListenAddress must be after Port. add_one_listen_addr pushes
2501 * addresses onto a stack, so to maintain ordering we need to
2502 * print these in reverse order.
2504 for (ai = la->addrs; ai; ai = ai->ai_next) {
2505 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
2506 sizeof(addr), port, sizeof(port),
2507 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
2508 error("getnameinfo: %.100s", ssh_gai_strerror(r));
2512 if (ai->ai_family == AF_INET6) {
2513 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s",
2515 la->rdomain == NULL ? "" : " rdomain ",
2516 la->rdomain == NULL ? "" : la->rdomain,
2519 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s",
2521 la->rdomain == NULL ? "" : " rdomain ",
2522 la->rdomain == NULL ? "" : la->rdomain,
2531 dump_config(ServerOptions *o)
2536 /* these are usually at the top of the config */
2537 for (i = 0; i < o->num_ports; i++)
2538 printf("port %d\n", o->ports[i]);
2539 dump_cfg_fmtint(sAddressFamily, o->address_family);
2541 for (i = 0; i < o->num_listen_addrs; i++) {
2542 s = format_listen_addrs(&o->listen_addrs[i]);
2547 /* integer arguments */
2549 dump_cfg_fmtint(sUsePAM, o->use_pam);
2551 dump_cfg_int(sLoginGraceTime, o->login_grace_time);
2552 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
2553 dump_cfg_int(sMaxAuthTries, o->max_authtries);
2554 dump_cfg_int(sMaxSessions, o->max_sessions);
2555 dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
2556 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
2557 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
2559 /* formatted integer arguments */
2560 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
2561 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
2562 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
2563 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
2564 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
2565 o->hostbased_uses_name_from_packet_only);
2566 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
2568 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
2569 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
2570 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
2572 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
2576 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
2577 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
2579 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
2580 dump_cfg_fmtint(sKbdInteractiveAuthentication,
2581 o->kbd_interactive_authentication);
2582 dump_cfg_fmtint(sChallengeResponseAuthentication,
2583 o->challenge_response_authentication);
2584 dump_cfg_fmtint(sPrintMotd, o->print_motd);
2585 #ifndef DISABLE_LASTLOG
2586 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
2588 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
2589 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
2590 dump_cfg_fmtint(sPermitTTY, o->permit_tty);
2591 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
2592 dump_cfg_fmtint(sStrictModes, o->strict_modes);
2593 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
2594 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
2595 dump_cfg_fmtint(sCompression, o->compression);
2596 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2597 dump_cfg_fmtint(sUseDNS, o->use_dns);
2598 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2599 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
2600 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
2601 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2602 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2603 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2604 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
2605 dump_cfg_fmtint(sUseBlacklist, o->use_blacklist);
2607 /* string arguments */
2608 dump_cfg_string(sPidFile, o->pid_file);
2609 dump_cfg_string(sXAuthLocation, o->xauth_location);
2610 dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT);
2611 dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC);
2612 dump_cfg_string(sBanner, o->banner);
2613 dump_cfg_string(sForceCommand, o->adm_forced_command);
2614 dump_cfg_string(sChrootDirectory, o->chroot_directory);
2615 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
2616 dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
2617 dump_cfg_string(sAuthorizedPrincipalsFile,
2618 o->authorized_principals_file);
2619 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
2620 ? "none" : o->version_addendum);
2621 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
2622 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
2623 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
2624 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
2625 dump_cfg_string(sHostKeyAgent, o->host_key_agent);
2626 dump_cfg_string(sKexAlgorithms,
2627 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
2628 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
2629 o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
2630 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?
2631 o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
2632 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
2633 o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
2634 dump_cfg_string(sRDomain, o->routing_domain);
2636 /* string arguments requiring a lookup */
2637 dump_cfg_string(sLogLevel, log_level_name(o->log_level));
2638 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
2640 /* string array arguments */
2641 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
2642 o->authorized_keys_files);
2643 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
2645 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
2646 o->host_cert_files);
2647 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
2648 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
2649 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
2650 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
2651 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
2652 dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv);
2653 dump_cfg_strarray_oneline(sAuthenticationMethods,
2654 o->num_auth_methods, o->auth_methods);
2656 /* other arguments */
2657 for (i = 0; i < o->num_subsystems; i++)
2658 printf("subsystem %s %s\n", o->subsystem_name[i],
2659 o->subsystem_args[i]);
2661 printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
2662 o->max_startups_rate, o->max_startups);
2665 for (i = 0; tunmode_desc[i].val != -1; i++) {
2666 if (tunmode_desc[i].val == o->permit_tun) {
2667 s = tunmode_desc[i].text;
2671 dump_cfg_string(sPermitTunnel, s);
2673 printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
2674 printf("%s\n", iptos2str(o->ip_qos_bulk));
2676 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
2679 printf("permitopen");
2680 if (o->num_permitted_opens == 0)
2683 for (i = 0; i < o->num_permitted_opens; i++)
2684 printf(" %s", o->permitted_opens[i]);
2687 printf("permitlisten");
2688 if (o->num_permitted_listens == 0)
2691 for (i = 0; i < o->num_permitted_listens; i++)
2692 printf(" %s", o->permitted_listens[i]);
2696 if (o->permit_user_env_whitelist == NULL) {
2697 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2699 printf("permituserenvironment %s\n",
2700 o->permit_user_env_whitelist);