2 /* $OpenBSD: servconf.c,v 1.342 2018/09/20 23:40:16 djm Exp $ */
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
17 #include <sys/types.h>
18 #include <sys/socket.h>
19 #ifdef HAVE_SYS_SYSCTL_H
20 #include <sys/sysctl.h>
23 #include <netinet/in.h>
24 #include <netinet/in_systm.h>
25 #include <netinet/ip.h>
26 #ifdef HAVE_NET_ROUTE_H
27 #include <net/route.h>
45 #include "openbsd-compat/sys-queue.h"
53 #include "pathnames.h"
60 #include "groupaccess.h"
66 #include "myproposal.h"
70 static void add_listen_addr(ServerOptions *, const char *,
72 static void add_one_listen_addr(ServerOptions *, const char *,
75 /* Use of privilege separation or not */
76 extern int use_privsep;
77 extern struct sshbuf *cfg;
79 /* Initializes the server options to their default values. */
82 initialize_server_options(ServerOptions *options)
84 memset(options, 0, sizeof(*options));
86 /* Portable-specific options */
87 options->use_pam = -1;
89 /* Standard Options */
90 options->num_ports = 0;
91 options->ports_from_cmdline = 0;
92 options->queued_listen_addrs = NULL;
93 options->num_queued_listens = 0;
94 options->listen_addrs = NULL;
95 options->num_listen_addrs = 0;
96 options->address_family = -1;
97 options->routing_domain = NULL;
98 options->num_host_key_files = 0;
99 options->num_host_cert_files = 0;
100 options->host_key_agent = NULL;
101 options->pid_file = NULL;
102 options->login_grace_time = -1;
103 options->permit_root_login = PERMIT_NOT_SET;
104 options->ignore_rhosts = -1;
105 options->ignore_user_known_hosts = -1;
106 options->print_motd = -1;
107 options->print_lastlog = -1;
108 options->x11_forwarding = -1;
109 options->x11_display_offset = -1;
110 options->x11_use_localhost = -1;
111 options->permit_tty = -1;
112 options->permit_user_rc = -1;
113 options->xauth_location = NULL;
114 options->strict_modes = -1;
115 options->tcp_keep_alive = -1;
116 options->log_facility = SYSLOG_FACILITY_NOT_SET;
117 options->log_level = SYSLOG_LEVEL_NOT_SET;
118 options->hostbased_authentication = -1;
119 options->hostbased_uses_name_from_packet_only = -1;
120 options->hostbased_key_types = NULL;
121 options->hostkeyalgorithms = NULL;
122 options->pubkey_authentication = -1;
123 options->pubkey_key_types = NULL;
124 options->kerberos_authentication = -1;
125 options->kerberos_or_local_passwd = -1;
126 options->kerberos_ticket_cleanup = -1;
127 options->kerberos_get_afs_token = -1;
128 options->gss_authentication=-1;
129 options->gss_cleanup_creds = -1;
130 options->gss_strict_acceptor = -1;
131 options->password_authentication = -1;
132 options->kbd_interactive_authentication = -1;
133 options->challenge_response_authentication = -1;
134 options->permit_empty_passwd = -1;
135 options->permit_user_env = -1;
136 options->permit_user_env_whitelist = NULL;
137 options->compression = -1;
138 options->rekey_limit = -1;
139 options->rekey_interval = -1;
140 options->allow_tcp_forwarding = -1;
141 options->allow_streamlocal_forwarding = -1;
142 options->allow_agent_forwarding = -1;
143 options->num_allow_users = 0;
144 options->num_deny_users = 0;
145 options->num_allow_groups = 0;
146 options->num_deny_groups = 0;
147 options->ciphers = NULL;
148 options->macs = NULL;
149 options->kex_algorithms = NULL;
150 options->ca_sign_algorithms = NULL;
151 options->fwd_opts.gateway_ports = -1;
152 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
153 options->fwd_opts.streamlocal_bind_unlink = -1;
154 options->num_subsystems = 0;
155 options->max_startups_begin = -1;
156 options->max_startups_rate = -1;
157 options->max_startups = -1;
158 options->max_authtries = -1;
159 options->max_sessions = -1;
160 options->banner = NULL;
161 options->use_dns = -1;
162 options->client_alive_interval = -1;
163 options->client_alive_count_max = -1;
164 options->num_authkeys_files = 0;
165 options->num_accept_env = 0;
166 options->num_setenv = 0;
167 options->permit_tun = -1;
168 options->permitted_opens = NULL;
169 options->permitted_listens = NULL;
170 options->adm_forced_command = NULL;
171 options->chroot_directory = NULL;
172 options->authorized_keys_command = NULL;
173 options->authorized_keys_command_user = NULL;
174 options->revoked_keys_file = NULL;
175 options->trusted_user_ca_keys = NULL;
176 options->authorized_principals_file = NULL;
177 options->authorized_principals_command = NULL;
178 options->authorized_principals_command_user = NULL;
179 options->ip_qos_interactive = -1;
180 options->ip_qos_bulk = -1;
181 options->version_addendum = NULL;
182 options->fingerprint_hash = -1;
183 options->disable_forwarding = -1;
184 options->expose_userauth_info = -1;
185 options->use_blacklist = -1;
188 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
190 option_clear_or_none(const char *o)
192 return o == NULL || strcasecmp(o, "none") == 0;
196 assemble_algorithms(ServerOptions *o)
198 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
201 all_cipher = cipher_alg_list(',', 0);
202 all_mac = mac_alg_list(',');
203 all_kex = kex_alg_list(',');
204 all_key = sshkey_alg_list(0, 0, 1, ',');
205 all_sig = sshkey_alg_list(0, 1, 1, ',');
206 #define ASSEMBLE(what, defaults, all) \
208 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
209 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
211 ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
212 ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
213 ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
214 ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
215 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
216 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
217 ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
227 array_append(const char *file, const int line, const char *directive,
228 char ***array, u_int *lp, const char *s)
232 fatal("%s line %d: Too many %s entries", file, line, directive);
234 *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
235 (*array)[*lp] = xstrdup(s);
239 static const char *defaultkey = "[default]";
242 servconf_add_hostkey(const char *file, const int line,
243 ServerOptions *options, const char *path)
245 char *apath = derelativise_path(path);
247 if (file == defaultkey && access(path, R_OK) != 0)
249 array_append(file, line, "HostKey",
250 &options->host_key_files, &options->num_host_key_files, apath);
255 servconf_add_hostcert(const char *file, const int line,
256 ServerOptions *options, const char *path)
258 char *apath = derelativise_path(path);
260 array_append(file, line, "HostCertificate",
261 &options->host_cert_files, &options->num_host_cert_files, apath);
266 fill_default_server_options(ServerOptions *options)
270 /* Portable-specific options */
271 if (options->use_pam == -1)
272 options->use_pam = 1;
274 /* Standard Options */
275 if (options->num_host_key_files == 0) {
276 /* fill default hostkeys for protocols */
277 servconf_add_hostkey(defaultkey, 0, options,
278 _PATH_HOST_RSA_KEY_FILE);
279 servconf_add_hostkey(defaultkey, 0, options,
280 _PATH_HOST_DSA_KEY_FILE);
281 #ifdef OPENSSL_HAS_ECC
282 servconf_add_hostkey(defaultkey, 0, options,
283 _PATH_HOST_ECDSA_KEY_FILE);
285 servconf_add_hostkey(defaultkey, 0, options,
286 _PATH_HOST_ED25519_KEY_FILE);
288 servconf_add_hostkey(defaultkey, 0, options,
289 _PATH_HOST_XMSS_KEY_FILE);
290 #endif /* WITH_XMSS */
292 if (options->num_host_key_files == 0)
293 fatal("No host key files found");
294 /* No certificates by default */
295 if (options->num_ports == 0)
296 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
297 if (options->address_family == -1)
298 options->address_family = AF_UNSPEC;
299 if (options->listen_addrs == NULL)
300 add_listen_addr(options, NULL, NULL, 0);
301 if (options->pid_file == NULL)
302 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
303 if (options->login_grace_time == -1)
304 options->login_grace_time = 120;
305 if (options->permit_root_login == PERMIT_NOT_SET)
306 options->permit_root_login = PERMIT_NO;
307 if (options->ignore_rhosts == -1)
308 options->ignore_rhosts = 1;
309 if (options->ignore_user_known_hosts == -1)
310 options->ignore_user_known_hosts = 0;
311 if (options->print_motd == -1)
312 options->print_motd = 1;
313 if (options->print_lastlog == -1)
314 options->print_lastlog = 1;
315 if (options->x11_forwarding == -1)
316 options->x11_forwarding = 1;
317 if (options->x11_display_offset == -1)
318 options->x11_display_offset = 10;
319 if (options->x11_use_localhost == -1)
320 options->x11_use_localhost = 1;
321 if (options->xauth_location == NULL)
322 options->xauth_location = xstrdup(_PATH_XAUTH);
323 if (options->permit_tty == -1)
324 options->permit_tty = 1;
325 if (options->permit_user_rc == -1)
326 options->permit_user_rc = 1;
327 if (options->strict_modes == -1)
328 options->strict_modes = 1;
329 if (options->tcp_keep_alive == -1)
330 options->tcp_keep_alive = 1;
331 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
332 options->log_facility = SYSLOG_FACILITY_AUTH;
333 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
334 options->log_level = SYSLOG_LEVEL_INFO;
335 if (options->hostbased_authentication == -1)
336 options->hostbased_authentication = 0;
337 if (options->hostbased_uses_name_from_packet_only == -1)
338 options->hostbased_uses_name_from_packet_only = 0;
339 if (options->pubkey_authentication == -1)
340 options->pubkey_authentication = 1;
341 if (options->kerberos_authentication == -1)
342 options->kerberos_authentication = 0;
343 if (options->kerberos_or_local_passwd == -1)
344 options->kerberos_or_local_passwd = 1;
345 if (options->kerberos_ticket_cleanup == -1)
346 options->kerberos_ticket_cleanup = 1;
347 if (options->kerberos_get_afs_token == -1)
348 options->kerberos_get_afs_token = 0;
349 if (options->gss_authentication == -1)
350 options->gss_authentication = 0;
351 if (options->gss_cleanup_creds == -1)
352 options->gss_cleanup_creds = 1;
353 if (options->gss_strict_acceptor == -1)
354 options->gss_strict_acceptor = 1;
355 if (options->password_authentication == -1)
356 options->password_authentication = 0;
357 if (options->kbd_interactive_authentication == -1)
358 options->kbd_interactive_authentication = 0;
359 if (options->challenge_response_authentication == -1)
360 options->challenge_response_authentication = 1;
361 if (options->permit_empty_passwd == -1)
362 options->permit_empty_passwd = 0;
363 if (options->permit_user_env == -1) {
364 options->permit_user_env = 0;
365 options->permit_user_env_whitelist = NULL;
367 if (options->compression == -1)
368 options->compression = COMP_DELAYED;
369 if (options->rekey_limit == -1)
370 options->rekey_limit = 0;
371 if (options->rekey_interval == -1)
372 options->rekey_interval = 0;
373 if (options->allow_tcp_forwarding == -1)
374 options->allow_tcp_forwarding = FORWARD_ALLOW;
375 if (options->allow_streamlocal_forwarding == -1)
376 options->allow_streamlocal_forwarding = FORWARD_ALLOW;
377 if (options->allow_agent_forwarding == -1)
378 options->allow_agent_forwarding = 1;
379 if (options->fwd_opts.gateway_ports == -1)
380 options->fwd_opts.gateway_ports = 0;
381 if (options->max_startups == -1)
382 options->max_startups = 100;
383 if (options->max_startups_rate == -1)
384 options->max_startups_rate = 30; /* 30% */
385 if (options->max_startups_begin == -1)
386 options->max_startups_begin = 10;
387 if (options->max_authtries == -1)
388 options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
389 if (options->max_sessions == -1)
390 options->max_sessions = DEFAULT_SESSIONS_MAX;
391 if (options->use_dns == -1)
392 options->use_dns = 1;
393 if (options->client_alive_interval == -1)
394 options->client_alive_interval = 0;
395 if (options->client_alive_count_max == -1)
396 options->client_alive_count_max = 3;
397 if (options->num_authkeys_files == 0) {
398 array_append(defaultkey, 0, "AuthorizedKeysFiles",
399 &options->authorized_keys_files,
400 &options->num_authkeys_files,
401 _PATH_SSH_USER_PERMITTED_KEYS);
402 array_append(defaultkey, 0, "AuthorizedKeysFiles",
403 &options->authorized_keys_files,
404 &options->num_authkeys_files,
405 _PATH_SSH_USER_PERMITTED_KEYS2);
407 if (options->permit_tun == -1)
408 options->permit_tun = SSH_TUNMODE_NO;
409 if (options->ip_qos_interactive == -1)
410 options->ip_qos_interactive = IPTOS_DSCP_AF21;
411 if (options->ip_qos_bulk == -1)
412 options->ip_qos_bulk = IPTOS_DSCP_CS1;
413 if (options->version_addendum == NULL)
414 options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
415 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
416 options->fwd_opts.streamlocal_bind_mask = 0177;
417 if (options->fwd_opts.streamlocal_bind_unlink == -1)
418 options->fwd_opts.streamlocal_bind_unlink = 0;
419 if (options->fingerprint_hash == -1)
420 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
421 if (options->disable_forwarding == -1)
422 options->disable_forwarding = 0;
423 if (options->expose_userauth_info == -1)
424 options->expose_userauth_info = 0;
425 if (options->use_blacklist == -1)
426 options->use_blacklist = 0;
428 assemble_algorithms(options);
430 /* Turn privilege separation and sandboxing on by default */
431 if (use_privsep == -1)
432 use_privsep = PRIVSEP_ON;
434 #define CLEAR_ON_NONE(v) \
436 if (option_clear_or_none(v)) { \
441 CLEAR_ON_NONE(options->pid_file);
442 CLEAR_ON_NONE(options->xauth_location);
443 CLEAR_ON_NONE(options->banner);
444 CLEAR_ON_NONE(options->trusted_user_ca_keys);
445 CLEAR_ON_NONE(options->revoked_keys_file);
446 CLEAR_ON_NONE(options->authorized_principals_file);
447 CLEAR_ON_NONE(options->adm_forced_command);
448 CLEAR_ON_NONE(options->chroot_directory);
449 CLEAR_ON_NONE(options->routing_domain);
450 for (i = 0; i < options->num_host_key_files; i++)
451 CLEAR_ON_NONE(options->host_key_files[i]);
452 for (i = 0; i < options->num_host_cert_files; i++)
453 CLEAR_ON_NONE(options->host_cert_files[i]);
456 /* Similar handling for AuthenticationMethods=any */
457 if (options->num_auth_methods == 1 &&
458 strcmp(options->auth_methods[0], "any") == 0) {
459 free(options->auth_methods[0]);
460 options->auth_methods[0] = NULL;
461 options->num_auth_methods = 0;
465 if (use_privsep && options->compression == 1) {
466 error("This platform does not support both privilege "
467 "separation and compression");
468 error("Compression disabled");
469 options->compression = 0;
475 /* Keyword tokens. */
477 sBadOption, /* == unknown option */
478 /* Portable-specific options */
480 /* Standard Options */
481 sPort, sHostKeyFile, sLoginGraceTime,
482 sPermitRootLogin, sLogFacility, sLogLevel,
483 sRhostsRSAAuthentication, sRSAAuthentication,
484 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
485 sKerberosGetAFSToken, sChallengeResponseAuthentication,
486 sPasswordAuthentication, sKbdInteractiveAuthentication,
487 sListenAddress, sAddressFamily,
488 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
489 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
490 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
491 sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
492 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
493 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
494 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
495 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
496 sBanner, sUseDNS, sHostbasedAuthentication,
497 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
499 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
500 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
501 sAcceptEnv, sSetEnv, sPermitTunnel,
502 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
503 sUsePrivilegeSeparation, sAllowAgentForwarding,
505 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
506 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
507 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
508 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
509 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
510 sStreamLocalBindMask, sStreamLocalBindUnlink,
511 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
512 sExposeAuthInfo, sRDomain,
514 sDeprecated, sIgnore, sUnsupported
517 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
518 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
519 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
521 /* Textual representation of the tokens. */
524 ServerOpCodes opcode;
527 /* Portable-specific options */
529 { "usepam", sUsePAM, SSHCFG_GLOBAL },
531 { "usepam", sUnsupported, SSHCFG_GLOBAL },
533 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
534 /* Standard Options */
535 { "port", sPort, SSHCFG_GLOBAL },
536 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
537 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
538 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
539 { "pidfile", sPidFile, SSHCFG_GLOBAL },
540 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL },
541 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
542 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
543 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
544 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
545 { "loglevel", sLogLevel, SSHCFG_ALL },
546 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
547 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
548 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
549 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
550 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
551 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
552 { "rsaauthentication", sDeprecated, SSHCFG_ALL },
553 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
554 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
555 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
557 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
558 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
559 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
561 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
563 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
566 { "kerberosauthentication", sUnsupported, SSHCFG_ALL },
567 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
568 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
569 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
571 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
572 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
574 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
575 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
576 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
578 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
579 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
580 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
582 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
583 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
584 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
585 { "skeyauthentication", sDeprecated, SSHCFG_GLOBAL },
586 { "checkmail", sDeprecated, SSHCFG_GLOBAL },
587 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
588 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
589 { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
590 #ifdef DISABLE_LASTLOG
591 { "printlastlog", sUnsupported, SSHCFG_GLOBAL },
593 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
595 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
596 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
597 { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
598 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
599 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
600 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
601 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
602 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
603 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
604 { "uselogin", sDeprecated, SSHCFG_GLOBAL },
605 { "compression", sCompression, SSHCFG_GLOBAL },
606 { "rekeylimit", sRekeyLimit, SSHCFG_ALL },
607 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
608 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
609 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
610 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
611 { "allowusers", sAllowUsers, SSHCFG_ALL },
612 { "denyusers", sDenyUsers, SSHCFG_ALL },
613 { "allowgroups", sAllowGroups, SSHCFG_ALL },
614 { "denygroups", sDenyGroups, SSHCFG_ALL },
615 { "ciphers", sCiphers, SSHCFG_GLOBAL },
616 { "macs", sMacs, SSHCFG_GLOBAL },
617 { "protocol", sIgnore, SSHCFG_GLOBAL },
618 { "gatewayports", sGatewayPorts, SSHCFG_ALL },
619 { "subsystem", sSubsystem, SSHCFG_GLOBAL },
620 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
621 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
622 { "maxsessions", sMaxSessions, SSHCFG_ALL },
623 { "banner", sBanner, SSHCFG_ALL },
624 { "usedns", sUseDNS, SSHCFG_GLOBAL },
625 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
626 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
627 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },
628 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
629 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
630 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
631 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
632 { "acceptenv", sAcceptEnv, SSHCFG_ALL },
633 { "setenv", sSetEnv, SSHCFG_ALL },
634 { "permittunnel", sPermitTunnel, SSHCFG_ALL },
635 { "permittty", sPermitTTY, SSHCFG_ALL },
636 { "permituserrc", sPermitUserRC, SSHCFG_ALL },
637 { "match", sMatch, SSHCFG_ALL },
638 { "permitopen", sPermitOpen, SSHCFG_ALL },
639 { "permitlisten", sPermitListen, SSHCFG_ALL },
640 { "forcecommand", sForceCommand, SSHCFG_ALL },
641 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
642 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
643 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
644 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
645 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
646 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
647 { "ipqos", sIPQoS, SSHCFG_ALL },
648 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
649 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
650 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
651 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
652 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
653 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
654 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
655 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
656 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
657 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
658 { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
659 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
660 { "rdomain", sRDomain, SSHCFG_ALL },
661 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
662 { "useblacklist", sUseBlacklist, SSHCFG_GLOBAL },
663 { "noneenabled", sUnsupported, SSHCFG_ALL },
664 { "hpndisabled", sDeprecated, SSHCFG_ALL },
665 { "hpnbuffersize", sDeprecated, SSHCFG_ALL },
666 { "tcprcvbufpoll", sDeprecated, SSHCFG_ALL },
667 { NULL, sBadOption, 0 }
674 { SSH_TUNMODE_NO, "no" },
675 { SSH_TUNMODE_POINTOPOINT, "point-to-point" },
676 { SSH_TUNMODE_ETHERNET, "ethernet" },
677 { SSH_TUNMODE_YES, "yes" },
681 /* Returns an opcode name from its number */
684 lookup_opcode_name(ServerOpCodes code)
688 for (i = 0; keywords[i].name != NULL; i++)
689 if (keywords[i].opcode == code)
690 return(keywords[i].name);
696 * Returns the number of the token pointed to by cp or sBadOption.
700 parse_token(const char *cp, const char *filename,
701 int linenum, u_int *flags)
705 for (i = 0; keywords[i].name; i++)
706 if (strcasecmp(cp, keywords[i].name) == 0) {
707 *flags = keywords[i].flags;
708 return keywords[i].opcode;
711 error("%s: line %d: Bad configuration option: %s",
712 filename, linenum, cp);
717 derelativise_path(const char *path)
719 char *expanded, *ret, cwd[PATH_MAX];
721 if (strcasecmp(path, "none") == 0)
722 return xstrdup("none");
723 expanded = tilde_expand_filename(path, getuid());
724 if (*expanded == '/')
726 if (getcwd(cwd, sizeof(cwd)) == NULL)
727 fatal("%s: getcwd: %s", __func__, strerror(errno));
728 xasprintf(&ret, "%s/%s", cwd, expanded);
734 add_listen_addr(ServerOptions *options, const char *addr,
735 const char *rdomain, int port)
740 add_one_listen_addr(options, addr, rdomain, port);
742 for (i = 0; i < options->num_ports; i++) {
743 add_one_listen_addr(options, addr, rdomain,
750 add_one_listen_addr(ServerOptions *options, const char *addr,
751 const char *rdomain, int port)
753 struct addrinfo hints, *ai, *aitop;
754 char strport[NI_MAXSERV];
758 /* Find listen_addrs entry for this rdomain */
759 for (i = 0; i < options->num_listen_addrs; i++) {
760 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL)
762 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL)
764 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0)
767 if (i >= options->num_listen_addrs) {
768 /* No entry for this rdomain; allocate one */
770 fatal("%s: too many listen addresses", __func__);
771 options->listen_addrs = xrecallocarray(options->listen_addrs,
772 options->num_listen_addrs, options->num_listen_addrs + 1,
773 sizeof(*options->listen_addrs));
774 i = options->num_listen_addrs++;
776 options->listen_addrs[i].rdomain = xstrdup(rdomain);
778 /* options->listen_addrs[i] points to the addresses for this rdomain */
780 memset(&hints, 0, sizeof(hints));
781 hints.ai_family = options->address_family;
782 hints.ai_socktype = SOCK_STREAM;
783 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
784 snprintf(strport, sizeof strport, "%d", port);
785 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
786 fatal("bad addr or host: %s (%s)",
787 addr ? addr : "<NULL>",
788 ssh_gai_strerror(gaierr));
789 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
791 ai->ai_next = options->listen_addrs[i].addrs;
792 options->listen_addrs[i].addrs = aitop;
795 /* Returns nonzero if the routing domain name is valid */
797 valid_rdomain(const char *name)
799 #if defined(HAVE_SYS_VALID_RDOMAIN)
800 return sys_valid_rdomain(name);
801 #elif defined(__OpenBSD__)
804 struct rt_tableinfo info;
806 size_t miblen = sizeof(mib);
811 num = strtonum(name, 0, 255, &errstr);
815 /* Check whether the table actually exists */
816 memset(mib, 0, sizeof(mib));
819 mib[4] = NET_RT_TABLE;
821 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1)
825 #else /* defined(__OpenBSD__) */
826 error("Routing domains are not supported on this platform");
832 * Queue a ListenAddress to be processed once we have all of the Ports
833 * and AddressFamily options.
836 queue_listen_addr(ServerOptions *options, const char *addr,
837 const char *rdomain, int port)
839 struct queued_listenaddr *qla;
841 options->queued_listen_addrs = xrecallocarray(
842 options->queued_listen_addrs,
843 options->num_queued_listens, options->num_queued_listens + 1,
844 sizeof(*options->queued_listen_addrs));
845 qla = &options->queued_listen_addrs[options->num_queued_listens++];
846 qla->addr = xstrdup(addr);
848 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain);
852 * Process queued (text) ListenAddress entries.
855 process_queued_listen_addrs(ServerOptions *options)
858 struct queued_listenaddr *qla;
860 if (options->num_ports == 0)
861 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
862 if (options->address_family == -1)
863 options->address_family = AF_UNSPEC;
865 for (i = 0; i < options->num_queued_listens; i++) {
866 qla = &options->queued_listen_addrs[i];
867 add_listen_addr(options, qla->addr, qla->rdomain, qla->port);
871 free(options->queued_listen_addrs);
872 options->queued_listen_addrs = NULL;
873 options->num_queued_listens = 0;
877 * Inform channels layer of permitopen options for a single forwarding
878 * direction (local/remote).
881 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
882 char **opens, u_int num_opens)
886 char *host, *arg, *oarg;
887 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
888 const char *what = lookup_opcode_name(opcode);
890 channel_clear_permission(ssh, FORWARD_ADM, where);
892 return; /* permit any */
894 /* handle keywords: "any" / "none" */
895 if (num_opens == 1 && strcmp(opens[0], "any") == 0)
897 if (num_opens == 1 && strcmp(opens[0], "none") == 0) {
898 channel_disable_admin(ssh, where);
901 /* Otherwise treat it as a list of permitted host:port */
902 for (i = 0; i < num_opens; i++) {
903 oarg = arg = xstrdup(opens[i]);
904 host = hpdelim(&arg);
906 fatal("%s: missing host in %s", __func__, what);
907 host = cleanhostname(host);
908 if (arg == NULL || ((port = permitopen_port(arg)) < 0))
909 fatal("%s: bad port number in %s", __func__, what);
910 /* Send it to channels layer */
911 channel_add_permission(ssh, FORWARD_ADM,
918 * Inform channels layer of permitopen options from configuration.
921 process_permitopen(struct ssh *ssh, ServerOptions *options)
923 process_permitopen_list(ssh, sPermitOpen,
924 options->permitted_opens, options->num_permitted_opens);
925 process_permitopen_list(ssh, sPermitListen,
926 options->permitted_listens,
927 options->num_permitted_listens);
930 struct connection_info *
931 get_connection_info(int populate, int use_dns)
933 struct ssh *ssh = active_state; /* XXX */
934 static struct connection_info ci;
938 ci.host = auth_get_canonical_hostname(ssh, use_dns);
939 ci.address = ssh_remote_ipaddr(ssh);
940 ci.laddress = ssh_local_ipaddr(ssh);
941 ci.lport = ssh_local_port(ssh);
942 ci.rdomain = ssh_packet_rdomain_in(ssh);
947 * The strategy for the Match blocks is that the config file is parsed twice.
949 * The first time is at startup. activep is initialized to 1 and the
950 * directives in the global context are processed and acted on. Hitting a
951 * Match directive unsets activep and the directives inside the block are
952 * checked for syntax only.
954 * The second time is after a connection has been established but before
955 * authentication. activep is initialized to 2 and global config directives
956 * are ignored since they have already been processed. If the criteria in a
957 * Match block is met, activep is set and the subsequent directives
958 * processed and actioned until EOF or another Match block unsets it. Any
959 * options set are copied into the main server config.
961 * Potential additions/improvements:
962 * - Add Match support for pre-kex directives, eg. Ciphers.
964 * - Add a Tag directive (idea from David Leonard) ala pf, eg:
965 * Match Address 192.168.0.*
970 * AllowTcpForwarding yes
971 * GatewayPorts clientspecified
974 * - Add a PermittedChannelRequests directive
976 * PermittedChannelRequests session,forwarded-tcpip
980 match_cfg_line_group(const char *grps, int line, const char *user)
988 if ((pw = getpwnam(user)) == NULL) {
989 debug("Can't match group at line %d because user %.100s does "
990 "not exist", line, user);
991 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
992 debug("Can't Match group because user %.100s not in any group "
993 "at line %d", user, line);
994 } else if (ga_match_pattern_list(grps) != 1) {
995 debug("user %.100s does not match group list %.100s at line %d",
998 debug("user %.100s matched group list %.100s at line %d", user,
1008 match_test_missing_fatal(const char *criteria, const char *attrib)
1010 fatal("'Match %s' in configuration but '%s' not in connection "
1011 "test specification.", criteria, attrib);
1015 * All of the attributes on a single Match line are ANDed together, so we need
1016 * to check every attribute and set the result to zero if any attribute does
1020 match_cfg_line(char **condition, int line, struct connection_info *ci)
1022 int result = 1, attributes = 0, port;
1023 char *arg, *attrib, *cp = *condition;
1026 debug3("checking syntax for 'Match %s'", cp);
1028 debug3("checking match for '%s' user %s host %s addr %s "
1029 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
1030 ci->host ? ci->host : "(null)",
1031 ci->address ? ci->address : "(null)",
1032 ci->laddress ? ci->laddress : "(null)", ci->lport);
1034 while ((attrib = strdelim(&cp)) && *attrib != '\0') {
1036 if (strcasecmp(attrib, "all") == 0) {
1037 if (attributes != 1 ||
1038 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
1039 error("'all' cannot be combined with other "
1040 "Match attributes");
1046 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
1047 error("Missing Match criteria for %s", attrib);
1050 if (strcasecmp(attrib, "user") == 0) {
1055 if (ci->user == NULL)
1056 match_test_missing_fatal("User", "user");
1057 if (match_pattern_list(ci->user, arg, 0) != 1)
1060 debug("user %.100s matched 'User %.100s' at "
1061 "line %d", ci->user, arg, line);
1062 } else if (strcasecmp(attrib, "group") == 0) {
1067 if (ci->user == NULL)
1068 match_test_missing_fatal("Group", "user");
1069 switch (match_cfg_line_group(arg, line, ci->user)) {
1075 } else if (strcasecmp(attrib, "host") == 0) {
1080 if (ci->host == NULL)
1081 match_test_missing_fatal("Host", "host");
1082 if (match_hostname(ci->host, arg) != 1)
1085 debug("connection from %.100s matched 'Host "
1086 "%.100s' at line %d", ci->host, arg, line);
1087 } else if (strcasecmp(attrib, "address") == 0) {
1092 if (ci->address == NULL)
1093 match_test_missing_fatal("Address", "addr");
1094 switch (addr_match_list(ci->address, arg)) {
1096 debug("connection from %.100s matched 'Address "
1097 "%.100s' at line %d", ci->address, arg, line);
1106 } else if (strcasecmp(attrib, "localaddress") == 0){
1111 if (ci->laddress == NULL)
1112 match_test_missing_fatal("LocalAddress",
1114 switch (addr_match_list(ci->laddress, arg)) {
1116 debug("connection from %.100s matched "
1117 "'LocalAddress %.100s' at line %d",
1118 ci->laddress, arg, line);
1127 } else if (strcasecmp(attrib, "localport") == 0) {
1128 if ((port = a2port(arg)) == -1) {
1129 error("Invalid LocalPort '%s' on Match line",
1138 match_test_missing_fatal("LocalPort", "lport");
1139 /* TODO support port lists */
1140 if (port == ci->lport)
1141 debug("connection from %.100s matched "
1142 "'LocalPort %d' at line %d",
1143 ci->laddress, port, line);
1146 } else if (strcasecmp(attrib, "rdomain") == 0) {
1147 if (ci == NULL || ci->rdomain == NULL) {
1151 if (match_pattern_list(ci->rdomain, arg, 0) != 1)
1154 debug("user %.100s matched 'RDomain %.100s' at "
1155 "line %d", ci->rdomain, arg, line);
1157 error("Unsupported Match attribute %s", attrib);
1161 if (attributes == 0) {
1162 error("One or more attributes required for Match");
1166 debug3("match %sfound", result ? "" : "not ");
1171 #define WHITESPACE " \t\r\n"
1173 /* Multistate option parsing */
1178 static const struct multistate multistate_flag[] = {
1183 static const struct multistate multistate_addressfamily[] = {
1184 { "inet", AF_INET },
1185 { "inet6", AF_INET6 },
1186 { "any", AF_UNSPEC },
1189 static const struct multistate multistate_permitrootlogin[] = {
1190 { "without-password", PERMIT_NO_PASSWD },
1191 { "prohibit-password", PERMIT_NO_PASSWD },
1192 { "forced-commands-only", PERMIT_FORCED_ONLY },
1193 { "yes", PERMIT_YES },
1194 { "no", PERMIT_NO },
1197 static const struct multistate multistate_compression[] = {
1198 { "yes", COMP_DELAYED },
1199 { "delayed", COMP_DELAYED },
1200 { "no", COMP_NONE },
1203 static const struct multistate multistate_gatewayports[] = {
1204 { "clientspecified", 2 },
1209 static const struct multistate multistate_tcpfwd[] = {
1210 { "yes", FORWARD_ALLOW },
1211 { "all", FORWARD_ALLOW },
1212 { "no", FORWARD_DENY },
1213 { "remote", FORWARD_REMOTE },
1214 { "local", FORWARD_LOCAL },
1219 process_server_config_line(ServerOptions *options, char *line,
1220 const char *filename, int linenum, int *activep,
1221 struct connection_info *connectinfo)
1223 char *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
1224 int cmdline = 0, *intptr, value, value2, n, port;
1225 SyslogFacility *log_facility_ptr;
1226 LogLevel *log_level_ptr;
1227 ServerOpCodes opcode;
1228 u_int i, *uintptr, uvalue, flags = 0;
1231 const struct multistate *multistate_ptr;
1234 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
1235 if ((len = strlen(line)) == 0)
1237 for (len--; len > 0; len--) {
1238 if (strchr(WHITESPACE "\f", line[len]) == NULL)
1244 if ((arg = strdelim(&cp)) == NULL)
1246 /* Ignore leading whitespace */
1248 arg = strdelim(&cp);
1249 if (!arg || !*arg || *arg == '#')
1253 opcode = parse_token(arg, filename, linenum, &flags);
1255 if (activep == NULL) { /* We are processing a command line directive */
1259 if (*activep && opcode != sMatch)
1260 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
1261 if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
1262 if (connectinfo == NULL) {
1263 fatal("%s line %d: Directive '%s' is not allowed "
1264 "within a Match block", filename, linenum, arg);
1265 } else { /* this is a directive we have already processed */
1267 arg = strdelim(&cp);
1273 /* Portable-specific options */
1275 intptr = &options->use_pam;
1278 /* Standard Options */
1282 /* ignore ports from configfile if cmdline specifies ports */
1283 if (options->ports_from_cmdline)
1285 if (options->num_ports >= MAX_PORTS)
1286 fatal("%s line %d: too many ports.",
1288 arg = strdelim(&cp);
1289 if (!arg || *arg == '\0')
1290 fatal("%s line %d: missing port number.",
1292 options->ports[options->num_ports++] = a2port(arg);
1293 if (options->ports[options->num_ports-1] <= 0)
1294 fatal("%s line %d: Badly formatted port number.",
1298 case sLoginGraceTime:
1299 intptr = &options->login_grace_time;
1301 arg = strdelim(&cp);
1302 if (!arg || *arg == '\0')
1303 fatal("%s line %d: missing time value.",
1305 if ((value = convtime(arg)) == -1)
1306 fatal("%s line %d: invalid time value.",
1308 if (*activep && *intptr == -1)
1312 case sListenAddress:
1313 arg = strdelim(&cp);
1314 if (arg == NULL || *arg == '\0')
1315 fatal("%s line %d: missing address",
1317 /* check for bare IPv6 address: no "[]" and 2 or more ":" */
1318 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
1319 && strchr(p+1, ':') != NULL) {
1325 fatal("%s line %d: bad address:port usage",
1327 p = cleanhostname(p);
1330 else if ((port = a2port(arg)) <= 0)
1331 fatal("%s line %d: bad port number",
1334 /* Optional routing table */
1336 if ((arg = strdelim(&cp)) != NULL) {
1337 if (strcmp(arg, "rdomain") != 0 ||
1338 (arg2 = strdelim(&cp)) == NULL)
1339 fatal("%s line %d: bad ListenAddress syntax",
1341 if (!valid_rdomain(arg2))
1342 fatal("%s line %d: bad routing domain",
1346 queue_listen_addr(options, p, arg2, port);
1350 case sAddressFamily:
1351 intptr = &options->address_family;
1352 multistate_ptr = multistate_addressfamily;
1354 arg = strdelim(&cp);
1355 if (!arg || *arg == '\0')
1356 fatal("%s line %d: missing argument.",
1359 for (i = 0; multistate_ptr[i].key != NULL; i++) {
1360 if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
1361 value = multistate_ptr[i].value;
1366 fatal("%s line %d: unsupported option \"%s\".",
1367 filename, linenum, arg);
1368 if (*activep && *intptr == -1)
1373 arg = strdelim(&cp);
1374 if (!arg || *arg == '\0')
1375 fatal("%s line %d: missing file name.",
1378 servconf_add_hostkey(filename, linenum, options, arg);
1382 charptr = &options->host_key_agent;
1383 arg = strdelim(&cp);
1384 if (!arg || *arg == '\0')
1385 fatal("%s line %d: missing socket name.",
1387 if (*activep && *charptr == NULL)
1388 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
1389 xstrdup(arg) : derelativise_path(arg);
1392 case sHostCertificate:
1393 arg = strdelim(&cp);
1394 if (!arg || *arg == '\0')
1395 fatal("%s line %d: missing file name.",
1398 servconf_add_hostcert(filename, linenum, options, arg);
1402 charptr = &options->pid_file;
1404 arg = strdelim(&cp);
1405 if (!arg || *arg == '\0')
1406 fatal("%s line %d: missing file name.",
1408 if (*activep && *charptr == NULL) {
1409 *charptr = derelativise_path(arg);
1410 /* increase optional counter */
1412 *intptr = *intptr + 1;
1416 case sPermitRootLogin:
1417 intptr = &options->permit_root_login;
1418 multistate_ptr = multistate_permitrootlogin;
1419 goto parse_multistate;
1422 intptr = &options->ignore_rhosts;
1424 multistate_ptr = multistate_flag;
1425 goto parse_multistate;
1427 case sIgnoreUserKnownHosts:
1428 intptr = &options->ignore_user_known_hosts;
1431 case sHostbasedAuthentication:
1432 intptr = &options->hostbased_authentication;
1435 case sHostbasedUsesNameFromPacketOnly:
1436 intptr = &options->hostbased_uses_name_from_packet_only;
1439 case sHostbasedAcceptedKeyTypes:
1440 charptr = &options->hostbased_key_types;
1442 arg = strdelim(&cp);
1443 if (!arg || *arg == '\0')
1444 fatal("%s line %d: Missing argument.",
1447 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1448 fatal("%s line %d: Bad key types '%s'.",
1449 filename, linenum, arg ? arg : "<NONE>");
1450 if (*activep && *charptr == NULL)
1451 *charptr = xstrdup(arg);
1454 case sHostKeyAlgorithms:
1455 charptr = &options->hostkeyalgorithms;
1456 goto parse_keytypes;
1458 case sCASignatureAlgorithms:
1459 charptr = &options->ca_sign_algorithms;
1460 goto parse_keytypes;
1462 case sPubkeyAuthentication:
1463 intptr = &options->pubkey_authentication;
1466 case sPubkeyAcceptedKeyTypes:
1467 charptr = &options->pubkey_key_types;
1468 goto parse_keytypes;
1470 case sKerberosAuthentication:
1471 intptr = &options->kerberos_authentication;
1474 case sKerberosOrLocalPasswd:
1475 intptr = &options->kerberos_or_local_passwd;
1478 case sKerberosTicketCleanup:
1479 intptr = &options->kerberos_ticket_cleanup;
1482 case sKerberosGetAFSToken:
1483 intptr = &options->kerberos_get_afs_token;
1486 case sGssAuthentication:
1487 intptr = &options->gss_authentication;
1490 case sGssCleanupCreds:
1491 intptr = &options->gss_cleanup_creds;
1494 case sGssStrictAcceptor:
1495 intptr = &options->gss_strict_acceptor;
1498 case sPasswordAuthentication:
1499 intptr = &options->password_authentication;
1502 case sKbdInteractiveAuthentication:
1503 intptr = &options->kbd_interactive_authentication;
1506 case sChallengeResponseAuthentication:
1507 intptr = &options->challenge_response_authentication;
1511 intptr = &options->print_motd;
1515 intptr = &options->print_lastlog;
1518 case sX11Forwarding:
1519 intptr = &options->x11_forwarding;
1522 case sX11DisplayOffset:
1523 intptr = &options->x11_display_offset;
1525 arg = strdelim(&cp);
1526 if ((errstr = atoi_err(arg, &value)) != NULL)
1527 fatal("%s line %d: integer value %s.",
1528 filename, linenum, errstr);
1529 if (*activep && *intptr == -1)
1533 case sX11UseLocalhost:
1534 intptr = &options->x11_use_localhost;
1537 case sXAuthLocation:
1538 charptr = &options->xauth_location;
1539 goto parse_filename;
1542 intptr = &options->permit_tty;
1546 intptr = &options->permit_user_rc;
1550 intptr = &options->strict_modes;
1554 intptr = &options->tcp_keep_alive;
1558 intptr = &options->permit_empty_passwd;
1561 case sPermitUserEnvironment:
1562 intptr = &options->permit_user_env;
1563 charptr = &options->permit_user_env_whitelist;
1564 arg = strdelim(&cp);
1565 if (!arg || *arg == '\0')
1566 fatal("%s line %d: missing argument.",
1570 if (strcmp(arg, "yes") == 0)
1572 else if (strcmp(arg, "no") == 0)
1575 /* Pattern-list specified */
1579 if (*activep && *intptr == -1) {
1588 intptr = &options->compression;
1589 multistate_ptr = multistate_compression;
1590 goto parse_multistate;
1593 arg = strdelim(&cp);
1594 if (!arg || *arg == '\0')
1595 fatal("%.200s line %d: Missing argument.", filename,
1597 if (strcmp(arg, "default") == 0) {
1600 if (scan_scaled(arg, &val64) == -1)
1601 fatal("%.200s line %d: Bad number '%s': %s",
1602 filename, linenum, arg, strerror(errno));
1603 if (val64 != 0 && val64 < 16)
1604 fatal("%.200s line %d: RekeyLimit too small",
1607 if (*activep && options->rekey_limit == -1)
1608 options->rekey_limit = val64;
1609 if (cp != NULL) { /* optional rekey interval present */
1610 if (strcmp(cp, "none") == 0) {
1611 (void)strdelim(&cp); /* discard */
1614 intptr = &options->rekey_interval;
1620 intptr = &options->fwd_opts.gateway_ports;
1621 multistate_ptr = multistate_gatewayports;
1622 goto parse_multistate;
1625 intptr = &options->use_dns;
1629 log_facility_ptr = &options->log_facility;
1630 arg = strdelim(&cp);
1631 value = log_facility_number(arg);
1632 if (value == SYSLOG_FACILITY_NOT_SET)
1633 fatal("%.200s line %d: unsupported log facility '%s'",
1634 filename, linenum, arg ? arg : "<NONE>");
1635 if (*log_facility_ptr == -1)
1636 *log_facility_ptr = (SyslogFacility) value;
1640 log_level_ptr = &options->log_level;
1641 arg = strdelim(&cp);
1642 value = log_level_number(arg);
1643 if (value == SYSLOG_LEVEL_NOT_SET)
1644 fatal("%.200s line %d: unsupported log level '%s'",
1645 filename, linenum, arg ? arg : "<NONE>");
1646 if (*activep && *log_level_ptr == -1)
1647 *log_level_ptr = (LogLevel) value;
1650 case sAllowTcpForwarding:
1651 intptr = &options->allow_tcp_forwarding;
1652 multistate_ptr = multistate_tcpfwd;
1653 goto parse_multistate;
1655 case sAllowStreamLocalForwarding:
1656 intptr = &options->allow_streamlocal_forwarding;
1657 multistate_ptr = multistate_tcpfwd;
1658 goto parse_multistate;
1660 case sAllowAgentForwarding:
1661 intptr = &options->allow_agent_forwarding;
1664 case sDisableForwarding:
1665 intptr = &options->disable_forwarding;
1669 while ((arg = strdelim(&cp)) && *arg != '\0') {
1670 if (match_user(NULL, NULL, NULL, arg) == -1)
1671 fatal("%s line %d: invalid AllowUsers pattern: "
1672 "\"%.100s\"", filename, linenum, arg);
1675 array_append(filename, linenum, "AllowUsers",
1676 &options->allow_users, &options->num_allow_users,
1682 while ((arg = strdelim(&cp)) && *arg != '\0') {
1683 if (match_user(NULL, NULL, NULL, arg) == -1)
1684 fatal("%s line %d: invalid DenyUsers pattern: "
1685 "\"%.100s\"", filename, linenum, arg);
1688 array_append(filename, linenum, "DenyUsers",
1689 &options->deny_users, &options->num_deny_users,
1695 while ((arg = strdelim(&cp)) && *arg != '\0') {
1698 array_append(filename, linenum, "AllowGroups",
1699 &options->allow_groups, &options->num_allow_groups,
1705 while ((arg = strdelim(&cp)) && *arg != '\0') {
1708 array_append(filename, linenum, "DenyGroups",
1709 &options->deny_groups, &options->num_deny_groups,
1715 arg = strdelim(&cp);
1716 if (!arg || *arg == '\0')
1717 fatal("%s line %d: Missing argument.", filename, linenum);
1718 if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
1719 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1720 filename, linenum, arg ? arg : "<NONE>");
1721 if (options->ciphers == NULL)
1722 options->ciphers = xstrdup(arg);
1726 arg = strdelim(&cp);
1727 if (!arg || *arg == '\0')
1728 fatal("%s line %d: Missing argument.", filename, linenum);
1729 if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
1730 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1731 filename, linenum, arg ? arg : "<NONE>");
1732 if (options->macs == NULL)
1733 options->macs = xstrdup(arg);
1736 case sKexAlgorithms:
1737 arg = strdelim(&cp);
1738 if (!arg || *arg == '\0')
1739 fatal("%s line %d: Missing argument.",
1742 !kex_names_valid(*arg == '+' ? arg + 1 : arg))
1743 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1744 filename, linenum, arg ? arg : "<NONE>");
1745 if (options->kex_algorithms == NULL)
1746 options->kex_algorithms = xstrdup(arg);
1750 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1751 fatal("%s line %d: too many subsystems defined.",
1754 arg = strdelim(&cp);
1755 if (!arg || *arg == '\0')
1756 fatal("%s line %d: Missing subsystem name.",
1759 arg = strdelim(&cp);
1762 for (i = 0; i < options->num_subsystems; i++)
1763 if (strcmp(arg, options->subsystem_name[i]) == 0)
1764 fatal("%s line %d: Subsystem '%s' already defined.",
1765 filename, linenum, arg);
1766 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1767 arg = strdelim(&cp);
1768 if (!arg || *arg == '\0')
1769 fatal("%s line %d: Missing subsystem command.",
1771 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1773 /* Collect arguments (separate to executable) */
1775 len = strlen(p) + 1;
1776 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1777 len += 1 + strlen(arg);
1778 p = xreallocarray(p, 1, len);
1779 strlcat(p, " ", len);
1780 strlcat(p, arg, len);
1782 options->subsystem_args[options->num_subsystems] = p;
1783 options->num_subsystems++;
1787 arg = strdelim(&cp);
1788 if (!arg || *arg == '\0')
1789 fatal("%s line %d: Missing MaxStartups spec.",
1791 if ((n = sscanf(arg, "%d:%d:%d",
1792 &options->max_startups_begin,
1793 &options->max_startups_rate,
1794 &options->max_startups)) == 3) {
1795 if (options->max_startups_begin >
1796 options->max_startups ||
1797 options->max_startups_rate > 100 ||
1798 options->max_startups_rate < 1)
1799 fatal("%s line %d: Illegal MaxStartups spec.",
1802 fatal("%s line %d: Illegal MaxStartups spec.",
1805 options->max_startups = options->max_startups_begin;
1809 intptr = &options->max_authtries;
1813 intptr = &options->max_sessions;
1817 charptr = &options->banner;
1818 goto parse_filename;
1821 * These options can contain %X options expanded at
1822 * connect time, so that you can specify paths like:
1824 * AuthorizedKeysFile /etc/ssh_keys/%u
1826 case sAuthorizedKeysFile:
1827 if (*activep && options->num_authkeys_files == 0) {
1828 while ((arg = strdelim(&cp)) && *arg != '\0') {
1829 arg = tilde_expand_filename(arg, getuid());
1830 array_append(filename, linenum,
1831 "AuthorizedKeysFile",
1832 &options->authorized_keys_files,
1833 &options->num_authkeys_files, arg);
1839 case sAuthorizedPrincipalsFile:
1840 charptr = &options->authorized_principals_file;
1841 arg = strdelim(&cp);
1842 if (!arg || *arg == '\0')
1843 fatal("%s line %d: missing file name.",
1845 if (*activep && *charptr == NULL) {
1846 *charptr = tilde_expand_filename(arg, getuid());
1847 /* increase optional counter */
1849 *intptr = *intptr + 1;
1853 case sClientAliveInterval:
1854 intptr = &options->client_alive_interval;
1857 case sClientAliveCountMax:
1858 intptr = &options->client_alive_count_max;
1862 while ((arg = strdelim(&cp)) && *arg != '\0') {
1863 if (strchr(arg, '=') != NULL)
1864 fatal("%s line %d: Invalid environment name.",
1868 array_append(filename, linenum, "AcceptEnv",
1869 &options->accept_env, &options->num_accept_env,
1875 uvalue = options->num_setenv;
1876 while ((arg = strdelimw(&cp)) && *arg != '\0') {
1877 if (strchr(arg, '=') == NULL)
1878 fatal("%s line %d: Invalid environment.",
1880 if (!*activep || uvalue != 0)
1882 array_append(filename, linenum, "SetEnv",
1883 &options->setenv, &options->num_setenv, arg);
1888 intptr = &options->permit_tun;
1889 arg = strdelim(&cp);
1890 if (!arg || *arg == '\0')
1891 fatal("%s line %d: Missing yes/point-to-point/"
1892 "ethernet/no argument.", filename, linenum);
1894 for (i = 0; tunmode_desc[i].val != -1; i++)
1895 if (strcmp(tunmode_desc[i].text, arg) == 0) {
1896 value = tunmode_desc[i].val;
1900 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
1901 "no argument: %s", filename, linenum, arg);
1902 if (*activep && *intptr == -1)
1908 fatal("Match directive not supported as a command-line "
1910 value = match_cfg_line(&cp, linenum, connectinfo);
1912 fatal("%s line %d: Bad Match condition", filename,
1919 if (opcode == sPermitListen) {
1920 uintptr = &options->num_permitted_listens;
1921 chararrayptr = &options->permitted_listens;
1923 uintptr = &options->num_permitted_opens;
1924 chararrayptr = &options->permitted_opens;
1926 arg = strdelim(&cp);
1927 if (!arg || *arg == '\0')
1928 fatal("%s line %d: missing %s specification",
1929 filename, linenum, lookup_opcode_name(opcode));
1930 uvalue = *uintptr; /* modified later */
1931 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
1932 if (*activep && uvalue == 0) {
1934 *chararrayptr = xcalloc(1,
1935 sizeof(**chararrayptr));
1936 (*chararrayptr)[0] = xstrdup(arg);
1940 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
1941 if (opcode == sPermitListen &&
1942 strchr(arg, ':') == NULL) {
1944 * Allow bare port number for PermitListen
1945 * to indicate a wildcard listen host.
1947 xasprintf(&arg2, "*:%s", arg);
1949 arg2 = xstrdup(arg);
1952 fatal("%s line %d: missing host in %s",
1954 lookup_opcode_name(opcode));
1956 p = cleanhostname(p);
1959 ((port = permitopen_port(arg)) < 0)) {
1960 fatal("%s line %d: bad port number in %s",
1962 lookup_opcode_name(opcode));
1964 if (*activep && uvalue == 0) {
1965 array_append(filename, linenum,
1966 lookup_opcode_name(opcode),
1967 chararrayptr, uintptr, arg2);
1974 if (cp == NULL || *cp == '\0')
1975 fatal("%.200s line %d: Missing argument.", filename,
1977 len = strspn(cp, WHITESPACE);
1978 if (*activep && options->adm_forced_command == NULL)
1979 options->adm_forced_command = xstrdup(cp + len);
1982 case sChrootDirectory:
1983 charptr = &options->chroot_directory;
1985 arg = strdelim(&cp);
1986 if (!arg || *arg == '\0')
1987 fatal("%s line %d: missing file name.",
1989 if (*activep && *charptr == NULL)
1990 *charptr = xstrdup(arg);
1993 case sTrustedUserCAKeys:
1994 charptr = &options->trusted_user_ca_keys;
1995 goto parse_filename;
1998 charptr = &options->revoked_keys_file;
1999 goto parse_filename;
2002 arg = strdelim(&cp);
2003 if ((value = parse_ipqos(arg)) == -1)
2004 fatal("%s line %d: Bad IPQoS value: %s",
2005 filename, linenum, arg);
2006 arg = strdelim(&cp);
2009 else if ((value2 = parse_ipqos(arg)) == -1)
2010 fatal("%s line %d: Bad IPQoS value: %s",
2011 filename, linenum, arg);
2013 options->ip_qos_interactive = value;
2014 options->ip_qos_bulk = value2;
2018 case sVersionAddendum:
2019 if (cp == NULL || *cp == '\0')
2020 fatal("%.200s line %d: Missing argument.", filename,
2022 len = strspn(cp, WHITESPACE);
2023 if (*activep && options->version_addendum == NULL) {
2024 if (strcasecmp(cp + len, "none") == 0)
2025 options->version_addendum = xstrdup("");
2026 else if (strchr(cp + len, '\r') != NULL)
2027 fatal("%.200s line %d: Invalid argument",
2030 options->version_addendum = xstrdup(cp + len);
2034 case sAuthorizedKeysCommand:
2036 fatal("%.200s line %d: Missing argument.", filename,
2038 len = strspn(cp, WHITESPACE);
2039 if (*activep && options->authorized_keys_command == NULL) {
2040 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
2041 fatal("%.200s line %d: AuthorizedKeysCommand "
2042 "must be an absolute path",
2044 options->authorized_keys_command = xstrdup(cp + len);
2048 case sAuthorizedKeysCommandUser:
2049 charptr = &options->authorized_keys_command_user;
2051 arg = strdelim(&cp);
2052 if (!arg || *arg == '\0')
2053 fatal("%s line %d: missing AuthorizedKeysCommandUser "
2054 "argument.", filename, linenum);
2055 if (*activep && *charptr == NULL)
2056 *charptr = xstrdup(arg);
2059 case sAuthorizedPrincipalsCommand:
2061 fatal("%.200s line %d: Missing argument.", filename,
2063 len = strspn(cp, WHITESPACE);
2065 options->authorized_principals_command == NULL) {
2066 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
2067 fatal("%.200s line %d: "
2068 "AuthorizedPrincipalsCommand must be "
2069 "an absolute path", filename, linenum);
2070 options->authorized_principals_command =
2075 case sAuthorizedPrincipalsCommandUser:
2076 charptr = &options->authorized_principals_command_user;
2078 arg = strdelim(&cp);
2079 if (!arg || *arg == '\0')
2080 fatal("%s line %d: missing "
2081 "AuthorizedPrincipalsCommandUser argument.",
2083 if (*activep && *charptr == NULL)
2084 *charptr = xstrdup(arg);
2087 case sAuthenticationMethods:
2088 if (options->num_auth_methods == 0) {
2089 value = 0; /* seen "any" pseudo-method */
2090 value2 = 0; /* successfully parsed any method */
2091 while ((arg = strdelim(&cp)) && *arg != '\0') {
2092 if (strcmp(arg, "any") == 0) {
2093 if (options->num_auth_methods > 0) {
2094 fatal("%s line %d: \"any\" "
2095 "must appear alone in "
2096 "AuthenticationMethods",
2101 fatal("%s line %d: \"any\" must appear "
2102 "alone in AuthenticationMethods",
2104 } else if (auth2_methods_valid(arg, 0) != 0) {
2105 fatal("%s line %d: invalid "
2106 "authentication method list.",
2112 array_append(filename, linenum,
2113 "AuthenticationMethods",
2114 &options->auth_methods,
2115 &options->num_auth_methods, arg);
2118 fatal("%s line %d: no AuthenticationMethods "
2119 "specified", filename, linenum);
2124 case sStreamLocalBindMask:
2125 arg = strdelim(&cp);
2126 if (!arg || *arg == '\0')
2127 fatal("%s line %d: missing StreamLocalBindMask "
2128 "argument.", filename, linenum);
2129 /* Parse mode in octal format */
2130 value = strtol(arg, &p, 8);
2131 if (arg == p || value < 0 || value > 0777)
2132 fatal("%s line %d: Bad mask.", filename, linenum);
2134 options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
2137 case sStreamLocalBindUnlink:
2138 intptr = &options->fwd_opts.streamlocal_bind_unlink;
2141 case sFingerprintHash:
2142 arg = strdelim(&cp);
2143 if (!arg || *arg == '\0')
2144 fatal("%.200s line %d: Missing argument.",
2146 if ((value = ssh_digest_alg_by_name(arg)) == -1)
2147 fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
2148 filename, linenum, arg);
2150 options->fingerprint_hash = value;
2153 case sExposeAuthInfo:
2154 intptr = &options->expose_userauth_info;
2158 charptr = &options->routing_domain;
2159 arg = strdelim(&cp);
2160 if (!arg || *arg == '\0')
2161 fatal("%.200s line %d: Missing argument.",
2163 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
2164 !valid_rdomain(arg))
2165 fatal("%s line %d: bad routing domain",
2167 if (*activep && *charptr == NULL)
2168 *charptr = xstrdup(arg);
2172 intptr = &options->use_blacklist;
2178 do_log2(opcode == sIgnore ?
2179 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO,
2180 "%s line %d: %s option %s", filename, linenum,
2181 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg);
2183 arg = strdelim(&cp);
2187 fatal("%s line %d: Missing handler for opcode %s (%d)",
2188 filename, linenum, arg, opcode);
2190 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
2191 fatal("%s line %d: garbage at end of line; \"%.200s\".",
2192 filename, linenum, arg);
2196 /* Reads the server configuration file. */
2199 load_server_config(const char *filename, struct sshbuf *conf)
2201 char *line = NULL, *cp;
2202 size_t linesize = 0;
2206 debug2("%s: filename %s", __func__, filename);
2207 if ((f = fopen(filename, "r")) == NULL) {
2212 while (getline(&line, &linesize, f) != -1) {
2215 * Trim out comments and strip whitespace
2216 * NB - preserve newlines, they are needed to reproduce
2217 * line numbers later for error messages
2219 if ((cp = strchr(line, '#')) != NULL)
2220 memcpy(cp, "\n", 2);
2221 cp = line + strspn(line, " \t\r");
2222 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
2223 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2226 if ((r = sshbuf_put_u8(conf, 0)) != 0)
2227 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2229 debug2("%s: done config len = %zu", __func__, sshbuf_len(conf));
2233 parse_server_match_config(ServerOptions *options,
2234 struct connection_info *connectinfo)
2238 initialize_server_options(&mo);
2239 parse_server_config(&mo, "reprocess config", cfg, connectinfo);
2240 copy_set_server_options(options, &mo, 0);
2243 int parse_server_match_testspec(struct connection_info *ci, char *spec)
2247 while ((p = strsep(&spec, ",")) && *p != '\0') {
2248 if (strncmp(p, "addr=", 5) == 0) {
2249 ci->address = xstrdup(p + 5);
2250 } else if (strncmp(p, "host=", 5) == 0) {
2251 ci->host = xstrdup(p + 5);
2252 } else if (strncmp(p, "user=", 5) == 0) {
2253 ci->user = xstrdup(p + 5);
2254 } else if (strncmp(p, "laddr=", 6) == 0) {
2255 ci->laddress = xstrdup(p + 6);
2256 } else if (strncmp(p, "rdomain=", 8) == 0) {
2257 ci->rdomain = xstrdup(p + 8);
2258 } else if (strncmp(p, "lport=", 6) == 0) {
2259 ci->lport = a2port(p + 6);
2260 if (ci->lport == -1) {
2261 fprintf(stderr, "Invalid port '%s' in test mode"
2262 " specification %s\n", p+6, p);
2266 fprintf(stderr, "Invalid test mode specification %s\n",
2275 * Copy any supported values that are set.
2277 * If the preauth flag is set, we do not bother copying the string or
2278 * array values that are not used pre-authentication, because any that we
2279 * do use must be explicitly sent in mm_getpwnamallow().
2282 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2284 #define M_CP_INTOPT(n) do {\
2289 M_CP_INTOPT(password_authentication);
2290 M_CP_INTOPT(gss_authentication);
2291 M_CP_INTOPT(pubkey_authentication);
2292 M_CP_INTOPT(kerberos_authentication);
2293 M_CP_INTOPT(hostbased_authentication);
2294 M_CP_INTOPT(hostbased_uses_name_from_packet_only);
2295 M_CP_INTOPT(kbd_interactive_authentication);
2296 M_CP_INTOPT(permit_root_login);
2297 M_CP_INTOPT(permit_empty_passwd);
2299 M_CP_INTOPT(allow_tcp_forwarding);
2300 M_CP_INTOPT(allow_streamlocal_forwarding);
2301 M_CP_INTOPT(allow_agent_forwarding);
2302 M_CP_INTOPT(disable_forwarding);
2303 M_CP_INTOPT(expose_userauth_info);
2304 M_CP_INTOPT(permit_tun);
2305 M_CP_INTOPT(fwd_opts.gateway_ports);
2306 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
2307 M_CP_INTOPT(x11_display_offset);
2308 M_CP_INTOPT(x11_forwarding);
2309 M_CP_INTOPT(x11_use_localhost);
2310 M_CP_INTOPT(permit_tty);
2311 M_CP_INTOPT(permit_user_rc);
2312 M_CP_INTOPT(max_sessions);
2313 M_CP_INTOPT(max_authtries);
2314 M_CP_INTOPT(client_alive_count_max);
2315 M_CP_INTOPT(client_alive_interval);
2316 M_CP_INTOPT(ip_qos_interactive);
2317 M_CP_INTOPT(ip_qos_bulk);
2318 M_CP_INTOPT(rekey_limit);
2319 M_CP_INTOPT(rekey_interval);
2320 M_CP_INTOPT(log_level);
2323 * The bind_mask is a mode_t that may be unsigned, so we can't use
2324 * M_CP_INTOPT - it does a signed comparison that causes compiler
2327 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) {
2328 dst->fwd_opts.streamlocal_bind_mask =
2329 src->fwd_opts.streamlocal_bind_mask;
2332 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
2333 #define M_CP_STROPT(n) do {\
2334 if (src->n != NULL && dst->n != src->n) { \
2339 #define M_CP_STRARRAYOPT(s, num_s) do {\
2341 if (src->num_s != 0) { \
2342 for (i = 0; i < dst->num_s; i++) \
2345 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \
2346 for (i = 0; i < src->num_s; i++) \
2347 dst->s[i] = xstrdup(src->s[i]); \
2348 dst->num_s = src->num_s; \
2352 /* See comment in servconf.h */
2353 COPY_MATCH_STRING_OPTS();
2355 /* Arguments that accept '+...' need to be expanded */
2356 assemble_algorithms(dst);
2359 * The only things that should be below this point are string options
2360 * which are only used after authentication.
2365 /* These options may be "none" to clear a global setting */
2366 M_CP_STROPT(adm_forced_command);
2367 if (option_clear_or_none(dst->adm_forced_command)) {
2368 free(dst->adm_forced_command);
2369 dst->adm_forced_command = NULL;
2371 M_CP_STROPT(chroot_directory);
2372 if (option_clear_or_none(dst->chroot_directory)) {
2373 free(dst->chroot_directory);
2374 dst->chroot_directory = NULL;
2380 #undef M_CP_STRARRAYOPT
2383 parse_server_config(ServerOptions *options, const char *filename,
2384 struct sshbuf *conf, struct connection_info *connectinfo)
2386 int active, linenum, bad_options = 0;
2387 char *cp, *obuf, *cbuf;
2389 debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf));
2391 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
2392 fatal("%s: sshbuf_dup_string failed", __func__);
2393 active = connectinfo ? 0 : 1;
2395 while ((cp = strsep(&cbuf, "\n")) != NULL) {
2396 if (process_server_config_line(options, cp, filename,
2397 linenum++, &active, connectinfo) != 0)
2401 if (bad_options > 0)
2402 fatal("%s: terminating, %d bad configuration options",
2403 filename, bad_options);
2404 process_queued_listen_addrs(options);
2408 fmt_multistate_int(int val, const struct multistate *m)
2412 for (i = 0; m[i].key != NULL; i++) {
2413 if (m[i].value == val)
2420 fmt_intarg(ServerOpCodes code, int val)
2425 case sAddressFamily:
2426 return fmt_multistate_int(val, multistate_addressfamily);
2427 case sPermitRootLogin:
2428 return fmt_multistate_int(val, multistate_permitrootlogin);
2430 return fmt_multistate_int(val, multistate_gatewayports);
2432 return fmt_multistate_int(val, multistate_compression);
2433 case sAllowTcpForwarding:
2434 return fmt_multistate_int(val, multistate_tcpfwd);
2435 case sAllowStreamLocalForwarding:
2436 return fmt_multistate_int(val, multistate_tcpfwd);
2437 case sFingerprintHash:
2438 return ssh_digest_alg_name(val);
2452 dump_cfg_int(ServerOpCodes code, int val)
2454 printf("%s %d\n", lookup_opcode_name(code), val);
2458 dump_cfg_oct(ServerOpCodes code, int val)
2460 printf("%s 0%o\n", lookup_opcode_name(code), val);
2464 dump_cfg_fmtint(ServerOpCodes code, int val)
2466 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
2470 dump_cfg_string(ServerOpCodes code, const char *val)
2472 printf("%s %s\n", lookup_opcode_name(code),
2473 val == NULL ? "none" : val);
2477 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
2481 for (i = 0; i < count; i++)
2482 printf("%s %s\n", lookup_opcode_name(code), vals[i]);
2486 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
2490 if (count <= 0 && code != sAuthenticationMethods)
2492 printf("%s", lookup_opcode_name(code));
2493 for (i = 0; i < count; i++)
2494 printf(" %s", vals[i]);
2495 if (code == sAuthenticationMethods && count == 0)
2501 format_listen_addrs(struct listenaddr *la)
2504 struct addrinfo *ai;
2505 char addr[NI_MAXHOST], port[NI_MAXSERV];
2506 char *laddr1 = xstrdup(""), *laddr2 = NULL;
2509 * ListenAddress must be after Port. add_one_listen_addr pushes
2510 * addresses onto a stack, so to maintain ordering we need to
2511 * print these in reverse order.
2513 for (ai = la->addrs; ai; ai = ai->ai_next) {
2514 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
2515 sizeof(addr), port, sizeof(port),
2516 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
2517 error("getnameinfo: %.100s", ssh_gai_strerror(r));
2521 if (ai->ai_family == AF_INET6) {
2522 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s",
2524 la->rdomain == NULL ? "" : " rdomain ",
2525 la->rdomain == NULL ? "" : la->rdomain,
2528 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s",
2530 la->rdomain == NULL ? "" : " rdomain ",
2531 la->rdomain == NULL ? "" : la->rdomain,
2540 dump_config(ServerOptions *o)
2545 /* these are usually at the top of the config */
2546 for (i = 0; i < o->num_ports; i++)
2547 printf("port %d\n", o->ports[i]);
2548 dump_cfg_fmtint(sAddressFamily, o->address_family);
2550 for (i = 0; i < o->num_listen_addrs; i++) {
2551 s = format_listen_addrs(&o->listen_addrs[i]);
2556 /* integer arguments */
2558 dump_cfg_fmtint(sUsePAM, o->use_pam);
2560 dump_cfg_int(sLoginGraceTime, o->login_grace_time);
2561 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
2562 dump_cfg_int(sMaxAuthTries, o->max_authtries);
2563 dump_cfg_int(sMaxSessions, o->max_sessions);
2564 dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
2565 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
2566 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
2568 /* formatted integer arguments */
2569 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
2570 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
2571 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
2572 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
2573 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
2574 o->hostbased_uses_name_from_packet_only);
2575 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
2577 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
2578 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
2579 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
2581 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
2585 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
2586 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
2588 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
2589 dump_cfg_fmtint(sKbdInteractiveAuthentication,
2590 o->kbd_interactive_authentication);
2591 dump_cfg_fmtint(sChallengeResponseAuthentication,
2592 o->challenge_response_authentication);
2593 dump_cfg_fmtint(sPrintMotd, o->print_motd);
2594 #ifndef DISABLE_LASTLOG
2595 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
2597 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
2598 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
2599 dump_cfg_fmtint(sPermitTTY, o->permit_tty);
2600 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
2601 dump_cfg_fmtint(sStrictModes, o->strict_modes);
2602 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
2603 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
2604 dump_cfg_fmtint(sCompression, o->compression);
2605 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2606 dump_cfg_fmtint(sUseDNS, o->use_dns);
2607 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2608 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
2609 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
2610 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2611 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2612 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2613 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
2614 dump_cfg_fmtint(sUseBlacklist, o->use_blacklist);
2616 /* string arguments */
2617 dump_cfg_string(sPidFile, o->pid_file);
2618 dump_cfg_string(sXAuthLocation, o->xauth_location);
2619 dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT);
2620 dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC);
2621 dump_cfg_string(sBanner, o->banner);
2622 dump_cfg_string(sForceCommand, o->adm_forced_command);
2623 dump_cfg_string(sChrootDirectory, o->chroot_directory);
2624 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
2625 dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
2626 dump_cfg_string(sAuthorizedPrincipalsFile,
2627 o->authorized_principals_file);
2628 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
2629 ? "none" : o->version_addendum);
2630 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
2631 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
2632 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
2633 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
2634 dump_cfg_string(sHostKeyAgent, o->host_key_agent);
2635 dump_cfg_string(sKexAlgorithms,
2636 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
2637 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ?
2638 o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS);
2639 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
2640 o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
2641 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?
2642 o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
2643 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
2644 o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
2645 dump_cfg_string(sRDomain, o->routing_domain);
2647 /* string arguments requiring a lookup */
2648 dump_cfg_string(sLogLevel, log_level_name(o->log_level));
2649 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
2651 /* string array arguments */
2652 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
2653 o->authorized_keys_files);
2654 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
2656 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
2657 o->host_cert_files);
2658 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
2659 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
2660 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
2661 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
2662 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
2663 dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv);
2664 dump_cfg_strarray_oneline(sAuthenticationMethods,
2665 o->num_auth_methods, o->auth_methods);
2667 /* other arguments */
2668 for (i = 0; i < o->num_subsystems; i++)
2669 printf("subsystem %s %s\n", o->subsystem_name[i],
2670 o->subsystem_args[i]);
2672 printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
2673 o->max_startups_rate, o->max_startups);
2676 for (i = 0; tunmode_desc[i].val != -1; i++) {
2677 if (tunmode_desc[i].val == o->permit_tun) {
2678 s = tunmode_desc[i].text;
2682 dump_cfg_string(sPermitTunnel, s);
2684 printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
2685 printf("%s\n", iptos2str(o->ip_qos_bulk));
2687 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
2690 printf("permitopen");
2691 if (o->num_permitted_opens == 0)
2694 for (i = 0; i < o->num_permitted_opens; i++)
2695 printf(" %s", o->permitted_opens[i]);
2698 printf("permitlisten");
2699 if (o->num_permitted_listens == 0)
2702 for (i = 0; i < o->num_permitted_listens; i++)
2703 printf(" %s", o->permitted_listens[i]);
2707 if (o->permit_user_env_whitelist == NULL) {
2708 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2710 printf("permituserenvironment %s\n",
2711 o->permit_user_env_whitelist);