2 /* $OpenBSD: servconf.c,v 1.350 2019/03/25 22:33:44 djm Exp $ */
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
16 #include <sys/types.h>
17 #include <sys/socket.h>
18 #ifdef HAVE_SYS_SYSCTL_H
19 #include <sys/sysctl.h>
22 #include <netinet/in.h>
23 #include <netinet/in_systm.h>
24 #include <netinet/ip.h>
25 #ifdef HAVE_NET_ROUTE_H
26 #include <net/route.h>
44 #include "openbsd-compat/sys-queue.h"
52 #include "pathnames.h"
59 #include "groupaccess.h"
65 #include "myproposal.h"
68 static void add_listen_addr(ServerOptions *, const char *,
70 static void add_one_listen_addr(ServerOptions *, const char *,
73 /* Use of privilege separation or not */
74 extern int use_privsep;
75 extern struct sshbuf *cfg;
77 /* Initializes the server options to their default values. */
80 initialize_server_options(ServerOptions *options)
82 memset(options, 0, sizeof(*options));
84 /* Portable-specific options */
85 options->use_pam = -1;
87 /* Standard Options */
88 options->num_ports = 0;
89 options->ports_from_cmdline = 0;
90 options->queued_listen_addrs = NULL;
91 options->num_queued_listens = 0;
92 options->listen_addrs = NULL;
93 options->num_listen_addrs = 0;
94 options->address_family = -1;
95 options->routing_domain = NULL;
96 options->num_host_key_files = 0;
97 options->num_host_cert_files = 0;
98 options->host_key_agent = NULL;
99 options->pid_file = NULL;
100 options->login_grace_time = -1;
101 options->permit_root_login = PERMIT_NOT_SET;
102 options->ignore_rhosts = -1;
103 options->ignore_user_known_hosts = -1;
104 options->print_motd = -1;
105 options->print_lastlog = -1;
106 options->x11_forwarding = -1;
107 options->x11_display_offset = -1;
108 options->x11_use_localhost = -1;
109 options->permit_tty = -1;
110 options->permit_user_rc = -1;
111 options->xauth_location = NULL;
112 options->strict_modes = -1;
113 options->tcp_keep_alive = -1;
114 options->log_facility = SYSLOG_FACILITY_NOT_SET;
115 options->log_level = SYSLOG_LEVEL_NOT_SET;
116 options->hostbased_authentication = -1;
117 options->hostbased_uses_name_from_packet_only = -1;
118 options->hostbased_key_types = NULL;
119 options->hostkeyalgorithms = NULL;
120 options->pubkey_authentication = -1;
121 options->pubkey_key_types = NULL;
122 options->kerberos_authentication = -1;
123 options->kerberos_or_local_passwd = -1;
124 options->kerberos_ticket_cleanup = -1;
125 options->kerberos_get_afs_token = -1;
126 options->gss_authentication=-1;
127 options->gss_cleanup_creds = -1;
128 options->gss_strict_acceptor = -1;
129 options->password_authentication = -1;
130 options->kbd_interactive_authentication = -1;
131 options->challenge_response_authentication = -1;
132 options->permit_empty_passwd = -1;
133 options->permit_user_env = -1;
134 options->permit_user_env_whitelist = NULL;
135 options->compression = -1;
136 options->rekey_limit = -1;
137 options->rekey_interval = -1;
138 options->allow_tcp_forwarding = -1;
139 options->allow_streamlocal_forwarding = -1;
140 options->allow_agent_forwarding = -1;
141 options->num_allow_users = 0;
142 options->num_deny_users = 0;
143 options->num_allow_groups = 0;
144 options->num_deny_groups = 0;
145 options->ciphers = NULL;
146 options->macs = NULL;
147 options->kex_algorithms = NULL;
148 options->ca_sign_algorithms = NULL;
149 options->fwd_opts.gateway_ports = -1;
150 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
151 options->fwd_opts.streamlocal_bind_unlink = -1;
152 options->num_subsystems = 0;
153 options->max_startups_begin = -1;
154 options->max_startups_rate = -1;
155 options->max_startups = -1;
156 options->max_authtries = -1;
157 options->max_sessions = -1;
158 options->banner = NULL;
159 options->use_dns = -1;
160 options->client_alive_interval = -1;
161 options->client_alive_count_max = -1;
162 options->num_authkeys_files = 0;
163 options->num_accept_env = 0;
164 options->num_setenv = 0;
165 options->permit_tun = -1;
166 options->permitted_opens = NULL;
167 options->permitted_listens = NULL;
168 options->adm_forced_command = NULL;
169 options->chroot_directory = NULL;
170 options->authorized_keys_command = NULL;
171 options->authorized_keys_command_user = NULL;
172 options->revoked_keys_file = NULL;
173 options->trusted_user_ca_keys = NULL;
174 options->authorized_principals_file = NULL;
175 options->authorized_principals_command = NULL;
176 options->authorized_principals_command_user = NULL;
177 options->ip_qos_interactive = -1;
178 options->ip_qos_bulk = -1;
179 options->version_addendum = NULL;
180 options->fingerprint_hash = -1;
181 options->disable_forwarding = -1;
182 options->expose_userauth_info = -1;
185 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
187 option_clear_or_none(const char *o)
189 return o == NULL || strcasecmp(o, "none") == 0;
193 assemble_algorithms(ServerOptions *o)
195 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
198 all_cipher = cipher_alg_list(',', 0);
199 all_mac = mac_alg_list(',');
200 all_kex = kex_alg_list(',');
201 all_key = sshkey_alg_list(0, 0, 1, ',');
202 all_sig = sshkey_alg_list(0, 1, 1, ',');
203 #define ASSEMBLE(what, defaults, all) \
205 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
206 fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
208 ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
209 ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
210 ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
211 ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
212 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
213 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
214 ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
224 array_append2(const char *file, const int line, const char *directive,
225 char ***array, int **iarray, u_int *lp, const char *s, int i)
229 fatal("%s line %d: Too many %s entries", file, line, directive);
231 if (iarray != NULL) {
232 *iarray = xrecallocarray(*iarray, *lp, *lp + 1,
237 *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
238 (*array)[*lp] = xstrdup(s);
243 array_append(const char *file, const int line, const char *directive,
244 char ***array, u_int *lp, const char *s)
246 array_append2(file, line, directive, array, NULL, lp, s, 0);
250 servconf_add_hostkey(const char *file, const int line,
251 ServerOptions *options, const char *path, int userprovided)
253 char *apath = derelativise_path(path);
255 array_append2(file, line, "HostKey",
256 &options->host_key_files, &options->host_key_file_userprovided,
257 &options->num_host_key_files, apath, userprovided);
262 servconf_add_hostcert(const char *file, const int line,
263 ServerOptions *options, const char *path)
265 char *apath = derelativise_path(path);
267 array_append(file, line, "HostCertificate",
268 &options->host_cert_files, &options->num_host_cert_files, apath);
273 fill_default_server_options(ServerOptions *options)
278 * Portable-specific options.
280 * Please do NOT under any circumstances change the default to 1,
281 * for any reason. The use of PAM is not considered to be secure
284 if (options->use_pam == -1)
285 options->use_pam = 0;
287 /* Standard Options */
288 if (options->num_host_key_files == 0) {
289 /* fill default hostkeys for protocols */
290 servconf_add_hostkey("[default]", 0, options,
291 _PATH_HOST_RSA_KEY_FILE, 0);
292 #ifdef OPENSSL_HAS_ECC
293 servconf_add_hostkey("[default]", 0, options,
294 _PATH_HOST_ECDSA_KEY_FILE, 0);
296 servconf_add_hostkey("[default]", 0, options,
297 _PATH_HOST_ED25519_KEY_FILE, 0);
299 servconf_add_hostkey("[default]", 0, options,
300 _PATH_HOST_XMSS_KEY_FILE, 0);
301 #endif /* WITH_XMSS */
303 /* No certificates by default */
304 if (options->num_ports == 0)
305 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
306 if (options->address_family == -1)
307 options->address_family = AF_UNSPEC;
308 if (options->listen_addrs == NULL)
309 add_listen_addr(options, NULL, NULL, 0);
310 if (options->pid_file == NULL)
311 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
312 if (options->login_grace_time == -1)
313 options->login_grace_time = 120;
314 if (options->permit_root_login == PERMIT_NOT_SET)
315 options->permit_root_login = PERMIT_NO_PASSWD;
316 if (options->ignore_rhosts == -1)
317 options->ignore_rhosts = 1;
318 if (options->ignore_user_known_hosts == -1)
319 options->ignore_user_known_hosts = 0;
320 if (options->print_motd == -1)
321 options->print_motd = 1;
322 if (options->print_lastlog == -1)
323 options->print_lastlog = 1;
324 if (options->x11_forwarding == -1)
325 options->x11_forwarding = 0;
326 if (options->x11_display_offset == -1)
327 options->x11_display_offset = 10;
328 if (options->x11_use_localhost == -1)
329 options->x11_use_localhost = 1;
330 if (options->xauth_location == NULL)
331 options->xauth_location = xstrdup(_PATH_XAUTH);
332 if (options->permit_tty == -1)
333 options->permit_tty = 1;
334 if (options->permit_user_rc == -1)
335 options->permit_user_rc = 1;
336 if (options->strict_modes == -1)
337 options->strict_modes = 1;
338 if (options->tcp_keep_alive == -1)
339 options->tcp_keep_alive = 1;
340 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
341 options->log_facility = SYSLOG_FACILITY_AUTH;
342 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
343 options->log_level = SYSLOG_LEVEL_INFO;
344 if (options->hostbased_authentication == -1)
345 options->hostbased_authentication = 0;
346 if (options->hostbased_uses_name_from_packet_only == -1)
347 options->hostbased_uses_name_from_packet_only = 0;
348 if (options->pubkey_authentication == -1)
349 options->pubkey_authentication = 1;
350 if (options->kerberos_authentication == -1)
351 options->kerberos_authentication = 0;
352 if (options->kerberos_or_local_passwd == -1)
353 options->kerberos_or_local_passwd = 1;
354 if (options->kerberos_ticket_cleanup == -1)
355 options->kerberos_ticket_cleanup = 1;
356 if (options->kerberos_get_afs_token == -1)
357 options->kerberos_get_afs_token = 0;
358 if (options->gss_authentication == -1)
359 options->gss_authentication = 0;
360 if (options->gss_cleanup_creds == -1)
361 options->gss_cleanup_creds = 1;
362 if (options->gss_strict_acceptor == -1)
363 options->gss_strict_acceptor = 1;
365 * Please do NOT under any circumstances change the default to 1,
366 * for any reason. The use of plaintext passwords are not considered
369 if (options->password_authentication == -1)
370 options->password_authentication = 0;
371 if (options->kbd_interactive_authentication == -1)
372 options->kbd_interactive_authentication = 0;
373 if (options->challenge_response_authentication == -1)
374 options->challenge_response_authentication = 1;
375 if (options->permit_empty_passwd == -1)
376 options->permit_empty_passwd = 0;
377 if (options->permit_user_env == -1) {
378 options->permit_user_env = 0;
379 options->permit_user_env_whitelist = NULL;
381 if (options->compression == -1)
382 options->compression = COMP_DELAYED;
383 if (options->rekey_limit == -1)
384 options->rekey_limit = 0;
385 if (options->rekey_interval == -1)
386 options->rekey_interval = 0;
387 if (options->allow_tcp_forwarding == -1)
388 options->allow_tcp_forwarding = FORWARD_ALLOW;
389 if (options->allow_streamlocal_forwarding == -1)
390 options->allow_streamlocal_forwarding = FORWARD_ALLOW;
391 if (options->allow_agent_forwarding == -1)
392 options->allow_agent_forwarding = 1;
393 if (options->fwd_opts.gateway_ports == -1)
394 options->fwd_opts.gateway_ports = 0;
395 if (options->max_startups == -1)
396 options->max_startups = 100;
397 if (options->max_startups_rate == -1)
398 options->max_startups_rate = 30; /* 30% */
399 if (options->max_startups_begin == -1)
400 options->max_startups_begin = 10;
401 if (options->max_authtries == -1)
402 options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
403 if (options->max_sessions == -1)
404 options->max_sessions = DEFAULT_SESSIONS_MAX;
405 if (options->use_dns == -1)
406 options->use_dns = 0;
407 if (options->client_alive_interval == -1)
408 options->client_alive_interval = 0;
409 if (options->client_alive_count_max == -1)
410 options->client_alive_count_max = 3;
411 if (options->num_authkeys_files == 0) {
412 array_append("[default]", 0, "AuthorizedKeysFiles",
413 &options->authorized_keys_files,
414 &options->num_authkeys_files,
415 _PATH_SSH_USER_PERMITTED_KEYS);
416 array_append("[default]", 0, "AuthorizedKeysFiles",
417 &options->authorized_keys_files,
418 &options->num_authkeys_files,
419 _PATH_SSH_USER_PERMITTED_KEYS2);
421 if (options->permit_tun == -1)
422 options->permit_tun = SSH_TUNMODE_NO;
423 if (options->ip_qos_interactive == -1)
424 options->ip_qos_interactive = IPTOS_DSCP_AF21;
425 if (options->ip_qos_bulk == -1)
426 options->ip_qos_bulk = IPTOS_DSCP_CS1;
427 if (options->version_addendum == NULL)
428 options->version_addendum = xstrdup("");
429 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
430 options->fwd_opts.streamlocal_bind_mask = 0177;
431 if (options->fwd_opts.streamlocal_bind_unlink == -1)
432 options->fwd_opts.streamlocal_bind_unlink = 0;
433 if (options->fingerprint_hash == -1)
434 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
435 if (options->disable_forwarding == -1)
436 options->disable_forwarding = 0;
437 if (options->expose_userauth_info == -1)
438 options->expose_userauth_info = 0;
440 assemble_algorithms(options);
442 /* Turn privilege separation and sandboxing on by default */
443 if (use_privsep == -1)
444 use_privsep = PRIVSEP_ON;
446 #define CLEAR_ON_NONE(v) \
448 if (option_clear_or_none(v)) { \
453 CLEAR_ON_NONE(options->pid_file);
454 CLEAR_ON_NONE(options->xauth_location);
455 CLEAR_ON_NONE(options->banner);
456 CLEAR_ON_NONE(options->trusted_user_ca_keys);
457 CLEAR_ON_NONE(options->revoked_keys_file);
458 CLEAR_ON_NONE(options->authorized_principals_file);
459 CLEAR_ON_NONE(options->adm_forced_command);
460 CLEAR_ON_NONE(options->chroot_directory);
461 CLEAR_ON_NONE(options->routing_domain);
462 for (i = 0; i < options->num_host_key_files; i++)
463 CLEAR_ON_NONE(options->host_key_files[i]);
464 for (i = 0; i < options->num_host_cert_files; i++)
465 CLEAR_ON_NONE(options->host_cert_files[i]);
468 /* Similar handling for AuthenticationMethods=any */
469 if (options->num_auth_methods == 1 &&
470 strcmp(options->auth_methods[0], "any") == 0) {
471 free(options->auth_methods[0]);
472 options->auth_methods[0] = NULL;
473 options->num_auth_methods = 0;
477 if (use_privsep && options->compression == 1) {
478 error("This platform does not support both privilege "
479 "separation and compression");
480 error("Compression disabled");
481 options->compression = 0;
486 /* Keyword tokens. */
488 sBadOption, /* == unknown option */
489 /* Portable-specific options */
491 /* Standard Options */
492 sPort, sHostKeyFile, sLoginGraceTime,
493 sPermitRootLogin, sLogFacility, sLogLevel,
494 sRhostsRSAAuthentication, sRSAAuthentication,
495 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
496 sKerberosGetAFSToken, sChallengeResponseAuthentication,
497 sPasswordAuthentication, sKbdInteractiveAuthentication,
498 sListenAddress, sAddressFamily,
499 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
500 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
501 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
502 sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
503 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
504 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
505 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
506 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
507 sBanner, sUseDNS, sHostbasedAuthentication,
508 sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
510 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
511 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
512 sAcceptEnv, sSetEnv, sPermitTunnel,
513 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
514 sUsePrivilegeSeparation, sAllowAgentForwarding,
516 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
517 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
518 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
519 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
520 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
521 sStreamLocalBindMask, sStreamLocalBindUnlink,
522 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
523 sExposeAuthInfo, sRDomain,
524 sDeprecated, sIgnore, sUnsupported
527 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
528 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
529 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
531 /* Textual representation of the tokens. */
534 ServerOpCodes opcode;
537 /* Portable-specific options */
539 { "usepam", sUsePAM, SSHCFG_GLOBAL },
541 { "usepam", sUnsupported, SSHCFG_GLOBAL },
543 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
544 /* Standard Options */
545 { "port", sPort, SSHCFG_GLOBAL },
546 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
547 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
548 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
549 { "pidfile", sPidFile, SSHCFG_GLOBAL },
550 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL },
551 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
552 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
553 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
554 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
555 { "loglevel", sLogLevel, SSHCFG_ALL },
556 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
557 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
558 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
559 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
560 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
561 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
562 { "rsaauthentication", sDeprecated, SSHCFG_ALL },
563 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
564 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
565 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
567 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
568 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
569 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
571 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
573 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
576 { "kerberosauthentication", sUnsupported, SSHCFG_ALL },
577 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
578 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
579 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
581 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
582 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
584 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
585 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
586 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
588 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
589 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
590 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
592 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
593 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
594 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
595 { "skeyauthentication", sDeprecated, SSHCFG_GLOBAL },
596 { "checkmail", sDeprecated, SSHCFG_GLOBAL },
597 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
598 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
599 { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
600 #ifdef DISABLE_LASTLOG
601 { "printlastlog", sUnsupported, SSHCFG_GLOBAL },
603 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
605 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
606 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
607 { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
608 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
609 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
610 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
611 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
612 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
613 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
614 { "uselogin", sDeprecated, SSHCFG_GLOBAL },
615 { "compression", sCompression, SSHCFG_GLOBAL },
616 { "rekeylimit", sRekeyLimit, SSHCFG_ALL },
617 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
618 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
619 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
620 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
621 { "allowusers", sAllowUsers, SSHCFG_ALL },
622 { "denyusers", sDenyUsers, SSHCFG_ALL },
623 { "allowgroups", sAllowGroups, SSHCFG_ALL },
624 { "denygroups", sDenyGroups, SSHCFG_ALL },
625 { "ciphers", sCiphers, SSHCFG_GLOBAL },
626 { "macs", sMacs, SSHCFG_GLOBAL },
627 { "protocol", sIgnore, SSHCFG_GLOBAL },
628 { "gatewayports", sGatewayPorts, SSHCFG_ALL },
629 { "subsystem", sSubsystem, SSHCFG_GLOBAL },
630 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
631 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
632 { "maxsessions", sMaxSessions, SSHCFG_ALL },
633 { "banner", sBanner, SSHCFG_ALL },
634 { "usedns", sUseDNS, SSHCFG_GLOBAL },
635 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
636 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
637 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },
638 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
639 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
640 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
641 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
642 { "acceptenv", sAcceptEnv, SSHCFG_ALL },
643 { "setenv", sSetEnv, SSHCFG_ALL },
644 { "permittunnel", sPermitTunnel, SSHCFG_ALL },
645 { "permittty", sPermitTTY, SSHCFG_ALL },
646 { "permituserrc", sPermitUserRC, SSHCFG_ALL },
647 { "match", sMatch, SSHCFG_ALL },
648 { "permitopen", sPermitOpen, SSHCFG_ALL },
649 { "permitlisten", sPermitListen, SSHCFG_ALL },
650 { "forcecommand", sForceCommand, SSHCFG_ALL },
651 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
652 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
653 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
654 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
655 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
656 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
657 { "ipqos", sIPQoS, SSHCFG_ALL },
658 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
659 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
660 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
661 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
662 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
663 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
664 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
665 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
666 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
667 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
668 { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
669 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
670 { "rdomain", sRDomain, SSHCFG_ALL },
671 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
672 { NULL, sBadOption, 0 }
679 { SSH_TUNMODE_NO, "no" },
680 { SSH_TUNMODE_POINTOPOINT, "point-to-point" },
681 { SSH_TUNMODE_ETHERNET, "ethernet" },
682 { SSH_TUNMODE_YES, "yes" },
686 /* Returns an opcode name from its number */
689 lookup_opcode_name(ServerOpCodes code)
693 for (i = 0; keywords[i].name != NULL; i++)
694 if (keywords[i].opcode == code)
695 return(keywords[i].name);
701 * Returns the number of the token pointed to by cp or sBadOption.
705 parse_token(const char *cp, const char *filename,
706 int linenum, u_int *flags)
710 for (i = 0; keywords[i].name; i++)
711 if (strcasecmp(cp, keywords[i].name) == 0) {
712 *flags = keywords[i].flags;
713 return keywords[i].opcode;
716 error("%s: line %d: Bad configuration option: %s",
717 filename, linenum, cp);
722 derelativise_path(const char *path)
724 char *expanded, *ret, cwd[PATH_MAX];
726 if (strcasecmp(path, "none") == 0)
727 return xstrdup("none");
728 expanded = tilde_expand_filename(path, getuid());
729 if (path_absolute(expanded))
731 if (getcwd(cwd, sizeof(cwd)) == NULL)
732 fatal("%s: getcwd: %s", __func__, strerror(errno));
733 xasprintf(&ret, "%s/%s", cwd, expanded);
739 add_listen_addr(ServerOptions *options, const char *addr,
740 const char *rdomain, int port)
745 add_one_listen_addr(options, addr, rdomain, port);
747 for (i = 0; i < options->num_ports; i++) {
748 add_one_listen_addr(options, addr, rdomain,
755 add_one_listen_addr(ServerOptions *options, const char *addr,
756 const char *rdomain, int port)
758 struct addrinfo hints, *ai, *aitop;
759 char strport[NI_MAXSERV];
763 /* Find listen_addrs entry for this rdomain */
764 for (i = 0; i < options->num_listen_addrs; i++) {
765 if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL)
767 if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL)
769 if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0)
772 if (i >= options->num_listen_addrs) {
773 /* No entry for this rdomain; allocate one */
775 fatal("%s: too many listen addresses", __func__);
776 options->listen_addrs = xrecallocarray(options->listen_addrs,
777 options->num_listen_addrs, options->num_listen_addrs + 1,
778 sizeof(*options->listen_addrs));
779 i = options->num_listen_addrs++;
781 options->listen_addrs[i].rdomain = xstrdup(rdomain);
783 /* options->listen_addrs[i] points to the addresses for this rdomain */
785 memset(&hints, 0, sizeof(hints));
786 hints.ai_family = options->address_family;
787 hints.ai_socktype = SOCK_STREAM;
788 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
789 snprintf(strport, sizeof strport, "%d", port);
790 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
791 fatal("bad addr or host: %s (%s)",
792 addr ? addr : "<NULL>",
793 ssh_gai_strerror(gaierr));
794 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
796 ai->ai_next = options->listen_addrs[i].addrs;
797 options->listen_addrs[i].addrs = aitop;
800 /* Returns nonzero if the routing domain name is valid */
802 valid_rdomain(const char *name)
804 #if defined(HAVE_SYS_VALID_RDOMAIN)
805 return sys_valid_rdomain(name);
806 #elif defined(__OpenBSD__)
809 struct rt_tableinfo info;
811 size_t miblen = sizeof(mib);
816 num = strtonum(name, 0, 255, &errstr);
820 /* Check whether the table actually exists */
821 memset(mib, 0, sizeof(mib));
824 mib[4] = NET_RT_TABLE;
826 if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1)
830 #else /* defined(__OpenBSD__) */
831 error("Routing domains are not supported on this platform");
837 * Queue a ListenAddress to be processed once we have all of the Ports
838 * and AddressFamily options.
841 queue_listen_addr(ServerOptions *options, const char *addr,
842 const char *rdomain, int port)
844 struct queued_listenaddr *qla;
846 options->queued_listen_addrs = xrecallocarray(
847 options->queued_listen_addrs,
848 options->num_queued_listens, options->num_queued_listens + 1,
849 sizeof(*options->queued_listen_addrs));
850 qla = &options->queued_listen_addrs[options->num_queued_listens++];
851 qla->addr = xstrdup(addr);
853 qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain);
857 * Process queued (text) ListenAddress entries.
860 process_queued_listen_addrs(ServerOptions *options)
863 struct queued_listenaddr *qla;
865 if (options->num_ports == 0)
866 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
867 if (options->address_family == -1)
868 options->address_family = AF_UNSPEC;
870 for (i = 0; i < options->num_queued_listens; i++) {
871 qla = &options->queued_listen_addrs[i];
872 add_listen_addr(options, qla->addr, qla->rdomain, qla->port);
876 free(options->queued_listen_addrs);
877 options->queued_listen_addrs = NULL;
878 options->num_queued_listens = 0;
882 * Inform channels layer of permitopen options for a single forwarding
883 * direction (local/remote).
886 process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
887 char **opens, u_int num_opens)
891 char *host, *arg, *oarg, ch;
892 int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
893 const char *what = lookup_opcode_name(opcode);
895 channel_clear_permission(ssh, FORWARD_ADM, where);
897 return; /* permit any */
899 /* handle keywords: "any" / "none" */
900 if (num_opens == 1 && strcmp(opens[0], "any") == 0)
902 if (num_opens == 1 && strcmp(opens[0], "none") == 0) {
903 channel_disable_admin(ssh, where);
906 /* Otherwise treat it as a list of permitted host:port */
907 for (i = 0; i < num_opens; i++) {
908 oarg = arg = xstrdup(opens[i]);
910 host = hpdelim2(&arg, &ch);
911 if (host == NULL || ch == '/')
912 fatal("%s: missing host in %s", __func__, what);
913 host = cleanhostname(host);
914 if (arg == NULL || ((port = permitopen_port(arg)) < 0))
915 fatal("%s: bad port number in %s", __func__, what);
916 /* Send it to channels layer */
917 channel_add_permission(ssh, FORWARD_ADM,
924 * Inform channels layer of permitopen options from configuration.
927 process_permitopen(struct ssh *ssh, ServerOptions *options)
929 process_permitopen_list(ssh, sPermitOpen,
930 options->permitted_opens, options->num_permitted_opens);
931 process_permitopen_list(ssh, sPermitListen,
932 options->permitted_listens,
933 options->num_permitted_listens);
936 struct connection_info *
937 get_connection_info(struct ssh *ssh, int populate, int use_dns)
939 static struct connection_info ci;
941 if (ssh == NULL || !populate)
943 ci.host = auth_get_canonical_hostname(ssh, use_dns);
944 ci.address = ssh_remote_ipaddr(ssh);
945 ci.laddress = ssh_local_ipaddr(ssh);
946 ci.lport = ssh_local_port(ssh);
947 ci.rdomain = ssh_packet_rdomain_in(ssh);
952 * The strategy for the Match blocks is that the config file is parsed twice.
954 * The first time is at startup. activep is initialized to 1 and the
955 * directives in the global context are processed and acted on. Hitting a
956 * Match directive unsets activep and the directives inside the block are
957 * checked for syntax only.
959 * The second time is after a connection has been established but before
960 * authentication. activep is initialized to 2 and global config directives
961 * are ignored since they have already been processed. If the criteria in a
962 * Match block is met, activep is set and the subsequent directives
963 * processed and actioned until EOF or another Match block unsets it. Any
964 * options set are copied into the main server config.
966 * Potential additions/improvements:
967 * - Add Match support for pre-kex directives, eg. Ciphers.
969 * - Add a Tag directive (idea from David Leonard) ala pf, eg:
970 * Match Address 192.168.0.*
975 * AllowTcpForwarding yes
976 * GatewayPorts clientspecified
979 * - Add a PermittedChannelRequests directive
981 * PermittedChannelRequests session,forwarded-tcpip
985 match_cfg_line_group(const char *grps, int line, const char *user)
993 if ((pw = getpwnam(user)) == NULL) {
994 debug("Can't match group at line %d because user %.100s does "
995 "not exist", line, user);
996 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
997 debug("Can't Match group because user %.100s not in any group "
998 "at line %d", user, line);
999 } else if (ga_match_pattern_list(grps) != 1) {
1000 debug("user %.100s does not match group list %.100s at line %d",
1003 debug("user %.100s matched group list %.100s at line %d", user,
1013 match_test_missing_fatal(const char *criteria, const char *attrib)
1015 fatal("'Match %s' in configuration but '%s' not in connection "
1016 "test specification.", criteria, attrib);
1020 * All of the attributes on a single Match line are ANDed together, so we need
1021 * to check every attribute and set the result to zero if any attribute does
1025 match_cfg_line(char **condition, int line, struct connection_info *ci)
1027 int result = 1, attributes = 0, port;
1028 char *arg, *attrib, *cp = *condition;
1031 debug3("checking syntax for 'Match %s'", cp);
1033 debug3("checking match for '%s' user %s host %s addr %s "
1034 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
1035 ci->host ? ci->host : "(null)",
1036 ci->address ? ci->address : "(null)",
1037 ci->laddress ? ci->laddress : "(null)", ci->lport);
1039 while ((attrib = strdelim(&cp)) && *attrib != '\0') {
1041 if (strcasecmp(attrib, "all") == 0) {
1042 if (attributes != 1 ||
1043 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
1044 error("'all' cannot be combined with other "
1045 "Match attributes");
1051 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
1052 error("Missing Match criteria for %s", attrib);
1055 if (strcasecmp(attrib, "user") == 0) {
1060 if (ci->user == NULL)
1061 match_test_missing_fatal("User", "user");
1062 if (match_usergroup_pattern_list(ci->user, arg) != 1)
1065 debug("user %.100s matched 'User %.100s' at "
1066 "line %d", ci->user, arg, line);
1067 } else if (strcasecmp(attrib, "group") == 0) {
1072 if (ci->user == NULL)
1073 match_test_missing_fatal("Group", "user");
1074 switch (match_cfg_line_group(arg, line, ci->user)) {
1080 } else if (strcasecmp(attrib, "host") == 0) {
1085 if (ci->host == NULL)
1086 match_test_missing_fatal("Host", "host");
1087 if (match_hostname(ci->host, arg) != 1)
1090 debug("connection from %.100s matched 'Host "
1091 "%.100s' at line %d", ci->host, arg, line);
1092 } else if (strcasecmp(attrib, "address") == 0) {
1097 if (ci->address == NULL)
1098 match_test_missing_fatal("Address", "addr");
1099 switch (addr_match_list(ci->address, arg)) {
1101 debug("connection from %.100s matched 'Address "
1102 "%.100s' at line %d", ci->address, arg, line);
1111 } else if (strcasecmp(attrib, "localaddress") == 0){
1116 if (ci->laddress == NULL)
1117 match_test_missing_fatal("LocalAddress",
1119 switch (addr_match_list(ci->laddress, arg)) {
1121 debug("connection from %.100s matched "
1122 "'LocalAddress %.100s' at line %d",
1123 ci->laddress, arg, line);
1132 } else if (strcasecmp(attrib, "localport") == 0) {
1133 if ((port = a2port(arg)) == -1) {
1134 error("Invalid LocalPort '%s' on Match line",
1143 match_test_missing_fatal("LocalPort", "lport");
1144 /* TODO support port lists */
1145 if (port == ci->lport)
1146 debug("connection from %.100s matched "
1147 "'LocalPort %d' at line %d",
1148 ci->laddress, port, line);
1151 } else if (strcasecmp(attrib, "rdomain") == 0) {
1152 if (ci == NULL || ci->rdomain == NULL) {
1156 if (match_pattern_list(ci->rdomain, arg, 0) != 1)
1159 debug("user %.100s matched 'RDomain %.100s' at "
1160 "line %d", ci->rdomain, arg, line);
1162 error("Unsupported Match attribute %s", attrib);
1166 if (attributes == 0) {
1167 error("One or more attributes required for Match");
1171 debug3("match %sfound", result ? "" : "not ");
1176 #define WHITESPACE " \t\r\n"
1178 /* Multistate option parsing */
1183 static const struct multistate multistate_flag[] = {
1188 static const struct multistate multistate_addressfamily[] = {
1189 { "inet", AF_INET },
1190 { "inet6", AF_INET6 },
1191 { "any", AF_UNSPEC },
1194 static const struct multistate multistate_permitrootlogin[] = {
1195 { "without-password", PERMIT_NO_PASSWD },
1196 { "prohibit-password", PERMIT_NO_PASSWD },
1197 { "forced-commands-only", PERMIT_FORCED_ONLY },
1198 { "yes", PERMIT_YES },
1199 { "no", PERMIT_NO },
1202 static const struct multistate multistate_compression[] = {
1203 { "yes", COMP_DELAYED },
1204 { "delayed", COMP_DELAYED },
1205 { "no", COMP_NONE },
1208 static const struct multistate multistate_gatewayports[] = {
1209 { "clientspecified", 2 },
1214 static const struct multistate multistate_tcpfwd[] = {
1215 { "yes", FORWARD_ALLOW },
1216 { "all", FORWARD_ALLOW },
1217 { "no", FORWARD_DENY },
1218 { "remote", FORWARD_REMOTE },
1219 { "local", FORWARD_LOCAL },
1224 process_server_config_line(ServerOptions *options, char *line,
1225 const char *filename, int linenum, int *activep,
1226 struct connection_info *connectinfo)
1228 char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
1229 int cmdline = 0, *intptr, value, value2, n, port;
1230 SyslogFacility *log_facility_ptr;
1231 LogLevel *log_level_ptr;
1232 ServerOpCodes opcode;
1233 u_int i, *uintptr, uvalue, flags = 0;
1236 const struct multistate *multistate_ptr;
1239 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
1240 if ((len = strlen(line)) == 0)
1242 for (len--; len > 0; len--) {
1243 if (strchr(WHITESPACE "\f", line[len]) == NULL)
1249 if ((arg = strdelim(&cp)) == NULL)
1251 /* Ignore leading whitespace */
1253 arg = strdelim(&cp);
1254 if (!arg || !*arg || *arg == '#')
1258 opcode = parse_token(arg, filename, linenum, &flags);
1260 if (activep == NULL) { /* We are processing a command line directive */
1264 if (*activep && opcode != sMatch)
1265 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
1266 if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
1267 if (connectinfo == NULL) {
1268 fatal("%s line %d: Directive '%s' is not allowed "
1269 "within a Match block", filename, linenum, arg);
1270 } else { /* this is a directive we have already processed */
1272 arg = strdelim(&cp);
1278 /* Portable-specific options */
1280 intptr = &options->use_pam;
1283 /* Standard Options */
1287 /* ignore ports from configfile if cmdline specifies ports */
1288 if (options->ports_from_cmdline)
1290 if (options->num_ports >= MAX_PORTS)
1291 fatal("%s line %d: too many ports.",
1293 arg = strdelim(&cp);
1294 if (!arg || *arg == '\0')
1295 fatal("%s line %d: missing port number.",
1297 options->ports[options->num_ports++] = a2port(arg);
1298 if (options->ports[options->num_ports-1] <= 0)
1299 fatal("%s line %d: Badly formatted port number.",
1303 case sLoginGraceTime:
1304 intptr = &options->login_grace_time;
1306 arg = strdelim(&cp);
1307 if (!arg || *arg == '\0')
1308 fatal("%s line %d: missing time value.",
1310 if ((value = convtime(arg)) == -1)
1311 fatal("%s line %d: invalid time value.",
1313 if (*activep && *intptr == -1)
1317 case sListenAddress:
1318 arg = strdelim(&cp);
1319 if (arg == NULL || *arg == '\0')
1320 fatal("%s line %d: missing address",
1322 /* check for bare IPv6 address: no "[]" and 2 or more ":" */
1323 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
1324 && strchr(p+1, ':') != NULL) {
1330 p = hpdelim2(&arg, &ch);
1331 if (p == NULL || ch == '/')
1332 fatal("%s line %d: bad address:port usage",
1334 p = cleanhostname(p);
1337 else if ((port = a2port(arg)) <= 0)
1338 fatal("%s line %d: bad port number",
1341 /* Optional routing table */
1343 if ((arg = strdelim(&cp)) != NULL) {
1344 if (strcmp(arg, "rdomain") != 0 ||
1345 (arg2 = strdelim(&cp)) == NULL)
1346 fatal("%s line %d: bad ListenAddress syntax",
1348 if (!valid_rdomain(arg2))
1349 fatal("%s line %d: bad routing domain",
1353 queue_listen_addr(options, p, arg2, port);
1357 case sAddressFamily:
1358 intptr = &options->address_family;
1359 multistate_ptr = multistate_addressfamily;
1361 arg = strdelim(&cp);
1362 if (!arg || *arg == '\0')
1363 fatal("%s line %d: missing argument.",
1366 for (i = 0; multistate_ptr[i].key != NULL; i++) {
1367 if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
1368 value = multistate_ptr[i].value;
1373 fatal("%s line %d: unsupported option \"%s\".",
1374 filename, linenum, arg);
1375 if (*activep && *intptr == -1)
1380 arg = strdelim(&cp);
1381 if (!arg || *arg == '\0')
1382 fatal("%s line %d: missing file name.",
1385 servconf_add_hostkey(filename, linenum,
1391 charptr = &options->host_key_agent;
1392 arg = strdelim(&cp);
1393 if (!arg || *arg == '\0')
1394 fatal("%s line %d: missing socket name.",
1396 if (*activep && *charptr == NULL)
1397 *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
1398 xstrdup(arg) : derelativise_path(arg);
1401 case sHostCertificate:
1402 arg = strdelim(&cp);
1403 if (!arg || *arg == '\0')
1404 fatal("%s line %d: missing file name.",
1407 servconf_add_hostcert(filename, linenum, options, arg);
1411 charptr = &options->pid_file;
1413 arg = strdelim(&cp);
1414 if (!arg || *arg == '\0')
1415 fatal("%s line %d: missing file name.",
1417 if (*activep && *charptr == NULL) {
1418 *charptr = derelativise_path(arg);
1419 /* increase optional counter */
1421 *intptr = *intptr + 1;
1425 case sPermitRootLogin:
1426 intptr = &options->permit_root_login;
1427 multistate_ptr = multistate_permitrootlogin;
1428 goto parse_multistate;
1431 intptr = &options->ignore_rhosts;
1433 multistate_ptr = multistate_flag;
1434 goto parse_multistate;
1436 case sIgnoreUserKnownHosts:
1437 intptr = &options->ignore_user_known_hosts;
1440 case sHostbasedAuthentication:
1441 intptr = &options->hostbased_authentication;
1444 case sHostbasedUsesNameFromPacketOnly:
1445 intptr = &options->hostbased_uses_name_from_packet_only;
1448 case sHostbasedAcceptedKeyTypes:
1449 charptr = &options->hostbased_key_types;
1451 arg = strdelim(&cp);
1452 if (!arg || *arg == '\0')
1453 fatal("%s line %d: Missing argument.",
1456 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1457 fatal("%s line %d: Bad key types '%s'.",
1458 filename, linenum, arg ? arg : "<NONE>");
1459 if (*activep && *charptr == NULL)
1460 *charptr = xstrdup(arg);
1463 case sHostKeyAlgorithms:
1464 charptr = &options->hostkeyalgorithms;
1465 goto parse_keytypes;
1467 case sCASignatureAlgorithms:
1468 charptr = &options->ca_sign_algorithms;
1469 goto parse_keytypes;
1471 case sPubkeyAuthentication:
1472 intptr = &options->pubkey_authentication;
1475 case sPubkeyAcceptedKeyTypes:
1476 charptr = &options->pubkey_key_types;
1477 goto parse_keytypes;
1479 case sKerberosAuthentication:
1480 intptr = &options->kerberos_authentication;
1483 case sKerberosOrLocalPasswd:
1484 intptr = &options->kerberos_or_local_passwd;
1487 case sKerberosTicketCleanup:
1488 intptr = &options->kerberos_ticket_cleanup;
1491 case sKerberosGetAFSToken:
1492 intptr = &options->kerberos_get_afs_token;
1495 case sGssAuthentication:
1496 intptr = &options->gss_authentication;
1499 case sGssCleanupCreds:
1500 intptr = &options->gss_cleanup_creds;
1503 case sGssStrictAcceptor:
1504 intptr = &options->gss_strict_acceptor;
1507 case sPasswordAuthentication:
1508 intptr = &options->password_authentication;
1511 case sKbdInteractiveAuthentication:
1512 intptr = &options->kbd_interactive_authentication;
1515 case sChallengeResponseAuthentication:
1516 intptr = &options->challenge_response_authentication;
1520 intptr = &options->print_motd;
1524 intptr = &options->print_lastlog;
1527 case sX11Forwarding:
1528 intptr = &options->x11_forwarding;
1531 case sX11DisplayOffset:
1532 intptr = &options->x11_display_offset;
1534 arg = strdelim(&cp);
1535 if ((errstr = atoi_err(arg, &value)) != NULL)
1536 fatal("%s line %d: integer value %s.",
1537 filename, linenum, errstr);
1538 if (*activep && *intptr == -1)
1542 case sX11UseLocalhost:
1543 intptr = &options->x11_use_localhost;
1546 case sXAuthLocation:
1547 charptr = &options->xauth_location;
1548 goto parse_filename;
1551 intptr = &options->permit_tty;
1555 intptr = &options->permit_user_rc;
1559 intptr = &options->strict_modes;
1563 intptr = &options->tcp_keep_alive;
1567 intptr = &options->permit_empty_passwd;
1570 case sPermitUserEnvironment:
1571 intptr = &options->permit_user_env;
1572 charptr = &options->permit_user_env_whitelist;
1573 arg = strdelim(&cp);
1574 if (!arg || *arg == '\0')
1575 fatal("%s line %d: missing argument.",
1579 if (strcmp(arg, "yes") == 0)
1581 else if (strcmp(arg, "no") == 0)
1584 /* Pattern-list specified */
1588 if (*activep && *intptr == -1) {
1597 intptr = &options->compression;
1598 multistate_ptr = multistate_compression;
1599 goto parse_multistate;
1602 arg = strdelim(&cp);
1603 if (!arg || *arg == '\0')
1604 fatal("%.200s line %d: Missing argument.", filename,
1606 if (strcmp(arg, "default") == 0) {
1609 if (scan_scaled(arg, &val64) == -1)
1610 fatal("%.200s line %d: Bad number '%s': %s",
1611 filename, linenum, arg, strerror(errno));
1612 if (val64 != 0 && val64 < 16)
1613 fatal("%.200s line %d: RekeyLimit too small",
1616 if (*activep && options->rekey_limit == -1)
1617 options->rekey_limit = val64;
1618 if (cp != NULL) { /* optional rekey interval present */
1619 if (strcmp(cp, "none") == 0) {
1620 (void)strdelim(&cp); /* discard */
1623 intptr = &options->rekey_interval;
1629 intptr = &options->fwd_opts.gateway_ports;
1630 multistate_ptr = multistate_gatewayports;
1631 goto parse_multistate;
1634 intptr = &options->use_dns;
1638 log_facility_ptr = &options->log_facility;
1639 arg = strdelim(&cp);
1640 value = log_facility_number(arg);
1641 if (value == SYSLOG_FACILITY_NOT_SET)
1642 fatal("%.200s line %d: unsupported log facility '%s'",
1643 filename, linenum, arg ? arg : "<NONE>");
1644 if (*log_facility_ptr == -1)
1645 *log_facility_ptr = (SyslogFacility) value;
1649 log_level_ptr = &options->log_level;
1650 arg = strdelim(&cp);
1651 value = log_level_number(arg);
1652 if (value == SYSLOG_LEVEL_NOT_SET)
1653 fatal("%.200s line %d: unsupported log level '%s'",
1654 filename, linenum, arg ? arg : "<NONE>");
1655 if (*activep && *log_level_ptr == -1)
1656 *log_level_ptr = (LogLevel) value;
1659 case sAllowTcpForwarding:
1660 intptr = &options->allow_tcp_forwarding;
1661 multistate_ptr = multistate_tcpfwd;
1662 goto parse_multistate;
1664 case sAllowStreamLocalForwarding:
1665 intptr = &options->allow_streamlocal_forwarding;
1666 multistate_ptr = multistate_tcpfwd;
1667 goto parse_multistate;
1669 case sAllowAgentForwarding:
1670 intptr = &options->allow_agent_forwarding;
1673 case sDisableForwarding:
1674 intptr = &options->disable_forwarding;
1678 while ((arg = strdelim(&cp)) && *arg != '\0') {
1679 if (match_user(NULL, NULL, NULL, arg) == -1)
1680 fatal("%s line %d: invalid AllowUsers pattern: "
1681 "\"%.100s\"", filename, linenum, arg);
1684 array_append(filename, linenum, "AllowUsers",
1685 &options->allow_users, &options->num_allow_users,
1691 while ((arg = strdelim(&cp)) && *arg != '\0') {
1692 if (match_user(NULL, NULL, NULL, arg) == -1)
1693 fatal("%s line %d: invalid DenyUsers pattern: "
1694 "\"%.100s\"", filename, linenum, arg);
1697 array_append(filename, linenum, "DenyUsers",
1698 &options->deny_users, &options->num_deny_users,
1704 while ((arg = strdelim(&cp)) && *arg != '\0') {
1707 array_append(filename, linenum, "AllowGroups",
1708 &options->allow_groups, &options->num_allow_groups,
1714 while ((arg = strdelim(&cp)) && *arg != '\0') {
1717 array_append(filename, linenum, "DenyGroups",
1718 &options->deny_groups, &options->num_deny_groups,
1724 arg = strdelim(&cp);
1725 if (!arg || *arg == '\0')
1726 fatal("%s line %d: Missing argument.", filename, linenum);
1727 if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
1728 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1729 filename, linenum, arg ? arg : "<NONE>");
1730 if (options->ciphers == NULL)
1731 options->ciphers = xstrdup(arg);
1735 arg = strdelim(&cp);
1736 if (!arg || *arg == '\0')
1737 fatal("%s line %d: Missing argument.", filename, linenum);
1738 if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
1739 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1740 filename, linenum, arg ? arg : "<NONE>");
1741 if (options->macs == NULL)
1742 options->macs = xstrdup(arg);
1745 case sKexAlgorithms:
1746 arg = strdelim(&cp);
1747 if (!arg || *arg == '\0')
1748 fatal("%s line %d: Missing argument.",
1751 !kex_names_valid(*arg == '+' ? arg + 1 : arg))
1752 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1753 filename, linenum, arg ? arg : "<NONE>");
1754 if (options->kex_algorithms == NULL)
1755 options->kex_algorithms = xstrdup(arg);
1759 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1760 fatal("%s line %d: too many subsystems defined.",
1763 arg = strdelim(&cp);
1764 if (!arg || *arg == '\0')
1765 fatal("%s line %d: Missing subsystem name.",
1768 arg = strdelim(&cp);
1771 for (i = 0; i < options->num_subsystems; i++)
1772 if (strcmp(arg, options->subsystem_name[i]) == 0)
1773 fatal("%s line %d: Subsystem '%s' already defined.",
1774 filename, linenum, arg);
1775 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1776 arg = strdelim(&cp);
1777 if (!arg || *arg == '\0')
1778 fatal("%s line %d: Missing subsystem command.",
1780 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1782 /* Collect arguments (separate to executable) */
1784 len = strlen(p) + 1;
1785 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1786 len += 1 + strlen(arg);
1787 p = xreallocarray(p, 1, len);
1788 strlcat(p, " ", len);
1789 strlcat(p, arg, len);
1791 options->subsystem_args[options->num_subsystems] = p;
1792 options->num_subsystems++;
1796 arg = strdelim(&cp);
1797 if (!arg || *arg == '\0')
1798 fatal("%s line %d: Missing MaxStartups spec.",
1800 if ((n = sscanf(arg, "%d:%d:%d",
1801 &options->max_startups_begin,
1802 &options->max_startups_rate,
1803 &options->max_startups)) == 3) {
1804 if (options->max_startups_begin >
1805 options->max_startups ||
1806 options->max_startups_rate > 100 ||
1807 options->max_startups_rate < 1)
1808 fatal("%s line %d: Illegal MaxStartups spec.",
1811 fatal("%s line %d: Illegal MaxStartups spec.",
1814 options->max_startups = options->max_startups_begin;
1818 intptr = &options->max_authtries;
1822 intptr = &options->max_sessions;
1826 charptr = &options->banner;
1827 goto parse_filename;
1830 * These options can contain %X options expanded at
1831 * connect time, so that you can specify paths like:
1833 * AuthorizedKeysFile /etc/ssh_keys/%u
1835 case sAuthorizedKeysFile:
1836 if (*activep && options->num_authkeys_files == 0) {
1837 while ((arg = strdelim(&cp)) && *arg != '\0') {
1838 arg = tilde_expand_filename(arg, getuid());
1839 array_append(filename, linenum,
1840 "AuthorizedKeysFile",
1841 &options->authorized_keys_files,
1842 &options->num_authkeys_files, arg);
1848 case sAuthorizedPrincipalsFile:
1849 charptr = &options->authorized_principals_file;
1850 arg = strdelim(&cp);
1851 if (!arg || *arg == '\0')
1852 fatal("%s line %d: missing file name.",
1854 if (*activep && *charptr == NULL) {
1855 *charptr = tilde_expand_filename(arg, getuid());
1856 /* increase optional counter */
1858 *intptr = *intptr + 1;
1862 case sClientAliveInterval:
1863 intptr = &options->client_alive_interval;
1866 case sClientAliveCountMax:
1867 intptr = &options->client_alive_count_max;
1871 while ((arg = strdelim(&cp)) && *arg != '\0') {
1872 if (strchr(arg, '=') != NULL)
1873 fatal("%s line %d: Invalid environment name.",
1877 array_append(filename, linenum, "AcceptEnv",
1878 &options->accept_env, &options->num_accept_env,
1884 uvalue = options->num_setenv;
1885 while ((arg = strdelimw(&cp)) && *arg != '\0') {
1886 if (strchr(arg, '=') == NULL)
1887 fatal("%s line %d: Invalid environment.",
1889 if (!*activep || uvalue != 0)
1891 array_append(filename, linenum, "SetEnv",
1892 &options->setenv, &options->num_setenv, arg);
1897 intptr = &options->permit_tun;
1898 arg = strdelim(&cp);
1899 if (!arg || *arg == '\0')
1900 fatal("%s line %d: Missing yes/point-to-point/"
1901 "ethernet/no argument.", filename, linenum);
1903 for (i = 0; tunmode_desc[i].val != -1; i++)
1904 if (strcmp(tunmode_desc[i].text, arg) == 0) {
1905 value = tunmode_desc[i].val;
1909 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
1910 "no argument: %s", filename, linenum, arg);
1911 if (*activep && *intptr == -1)
1917 fatal("Match directive not supported as a command-line "
1919 value = match_cfg_line(&cp, linenum, connectinfo);
1921 fatal("%s line %d: Bad Match condition", filename,
1928 if (opcode == sPermitListen) {
1929 uintptr = &options->num_permitted_listens;
1930 chararrayptr = &options->permitted_listens;
1932 uintptr = &options->num_permitted_opens;
1933 chararrayptr = &options->permitted_opens;
1935 arg = strdelim(&cp);
1936 if (!arg || *arg == '\0')
1937 fatal("%s line %d: missing %s specification",
1938 filename, linenum, lookup_opcode_name(opcode));
1939 uvalue = *uintptr; /* modified later */
1940 if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
1941 if (*activep && uvalue == 0) {
1943 *chararrayptr = xcalloc(1,
1944 sizeof(**chararrayptr));
1945 (*chararrayptr)[0] = xstrdup(arg);
1949 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
1950 if (opcode == sPermitListen &&
1951 strchr(arg, ':') == NULL) {
1953 * Allow bare port number for PermitListen
1954 * to indicate a wildcard listen host.
1956 xasprintf(&arg2, "*:%s", arg);
1958 arg2 = xstrdup(arg);
1960 p = hpdelim2(&arg, &ch);
1961 if (p == NULL || ch == '/') {
1962 fatal("%s line %d: missing host in %s",
1964 lookup_opcode_name(opcode));
1966 p = cleanhostname(p);
1969 ((port = permitopen_port(arg)) < 0)) {
1970 fatal("%s line %d: bad port number in %s",
1972 lookup_opcode_name(opcode));
1974 if (*activep && uvalue == 0) {
1975 array_append(filename, linenum,
1976 lookup_opcode_name(opcode),
1977 chararrayptr, uintptr, arg2);
1984 if (cp == NULL || *cp == '\0')
1985 fatal("%.200s line %d: Missing argument.", filename,
1987 len = strspn(cp, WHITESPACE);
1988 if (*activep && options->adm_forced_command == NULL)
1989 options->adm_forced_command = xstrdup(cp + len);
1992 case sChrootDirectory:
1993 charptr = &options->chroot_directory;
1995 arg = strdelim(&cp);
1996 if (!arg || *arg == '\0')
1997 fatal("%s line %d: missing file name.",
1999 if (*activep && *charptr == NULL)
2000 *charptr = xstrdup(arg);
2003 case sTrustedUserCAKeys:
2004 charptr = &options->trusted_user_ca_keys;
2005 goto parse_filename;
2008 charptr = &options->revoked_keys_file;
2009 goto parse_filename;
2012 arg = strdelim(&cp);
2013 if ((value = parse_ipqos(arg)) == -1)
2014 fatal("%s line %d: Bad IPQoS value: %s",
2015 filename, linenum, arg);
2016 arg = strdelim(&cp);
2019 else if ((value2 = parse_ipqos(arg)) == -1)
2020 fatal("%s line %d: Bad IPQoS value: %s",
2021 filename, linenum, arg);
2023 options->ip_qos_interactive = value;
2024 options->ip_qos_bulk = value2;
2028 case sVersionAddendum:
2029 if (cp == NULL || *cp == '\0')
2030 fatal("%.200s line %d: Missing argument.", filename,
2032 len = strspn(cp, WHITESPACE);
2033 if (*activep && options->version_addendum == NULL) {
2034 if (strcasecmp(cp + len, "none") == 0)
2035 options->version_addendum = xstrdup("");
2036 else if (strchr(cp + len, '\r') != NULL)
2037 fatal("%.200s line %d: Invalid argument",
2040 options->version_addendum = xstrdup(cp + len);
2044 case sAuthorizedKeysCommand:
2046 fatal("%.200s line %d: Missing argument.", filename,
2048 len = strspn(cp, WHITESPACE);
2049 if (*activep && options->authorized_keys_command == NULL) {
2050 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
2051 fatal("%.200s line %d: AuthorizedKeysCommand "
2052 "must be an absolute path",
2054 options->authorized_keys_command = xstrdup(cp + len);
2058 case sAuthorizedKeysCommandUser:
2059 charptr = &options->authorized_keys_command_user;
2061 arg = strdelim(&cp);
2062 if (!arg || *arg == '\0')
2063 fatal("%s line %d: missing AuthorizedKeysCommandUser "
2064 "argument.", filename, linenum);
2065 if (*activep && *charptr == NULL)
2066 *charptr = xstrdup(arg);
2069 case sAuthorizedPrincipalsCommand:
2071 fatal("%.200s line %d: Missing argument.", filename,
2073 len = strspn(cp, WHITESPACE);
2075 options->authorized_principals_command == NULL) {
2076 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
2077 fatal("%.200s line %d: "
2078 "AuthorizedPrincipalsCommand must be "
2079 "an absolute path", filename, linenum);
2080 options->authorized_principals_command =
2085 case sAuthorizedPrincipalsCommandUser:
2086 charptr = &options->authorized_principals_command_user;
2088 arg = strdelim(&cp);
2089 if (!arg || *arg == '\0')
2090 fatal("%s line %d: missing "
2091 "AuthorizedPrincipalsCommandUser argument.",
2093 if (*activep && *charptr == NULL)
2094 *charptr = xstrdup(arg);
2097 case sAuthenticationMethods:
2098 if (options->num_auth_methods == 0) {
2099 value = 0; /* seen "any" pseudo-method */
2100 value2 = 0; /* successfully parsed any method */
2101 while ((arg = strdelim(&cp)) && *arg != '\0') {
2102 if (strcmp(arg, "any") == 0) {
2103 if (options->num_auth_methods > 0) {
2104 fatal("%s line %d: \"any\" "
2105 "must appear alone in "
2106 "AuthenticationMethods",
2111 fatal("%s line %d: \"any\" must appear "
2112 "alone in AuthenticationMethods",
2114 } else if (auth2_methods_valid(arg, 0) != 0) {
2115 fatal("%s line %d: invalid "
2116 "authentication method list.",
2122 array_append(filename, linenum,
2123 "AuthenticationMethods",
2124 &options->auth_methods,
2125 &options->num_auth_methods, arg);
2128 fatal("%s line %d: no AuthenticationMethods "
2129 "specified", filename, linenum);
2134 case sStreamLocalBindMask:
2135 arg = strdelim(&cp);
2136 if (!arg || *arg == '\0')
2137 fatal("%s line %d: missing StreamLocalBindMask "
2138 "argument.", filename, linenum);
2139 /* Parse mode in octal format */
2140 value = strtol(arg, &p, 8);
2141 if (arg == p || value < 0 || value > 0777)
2142 fatal("%s line %d: Bad mask.", filename, linenum);
2144 options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
2147 case sStreamLocalBindUnlink:
2148 intptr = &options->fwd_opts.streamlocal_bind_unlink;
2151 case sFingerprintHash:
2152 arg = strdelim(&cp);
2153 if (!arg || *arg == '\0')
2154 fatal("%.200s line %d: Missing argument.",
2156 if ((value = ssh_digest_alg_by_name(arg)) == -1)
2157 fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
2158 filename, linenum, arg);
2160 options->fingerprint_hash = value;
2163 case sExposeAuthInfo:
2164 intptr = &options->expose_userauth_info;
2168 charptr = &options->routing_domain;
2169 arg = strdelim(&cp);
2170 if (!arg || *arg == '\0')
2171 fatal("%.200s line %d: Missing argument.",
2173 if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
2174 !valid_rdomain(arg))
2175 fatal("%s line %d: bad routing domain",
2177 if (*activep && *charptr == NULL)
2178 *charptr = xstrdup(arg);
2184 do_log2(opcode == sIgnore ?
2185 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO,
2186 "%s line %d: %s option %s", filename, linenum,
2187 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg);
2189 arg = strdelim(&cp);
2193 fatal("%s line %d: Missing handler for opcode %s (%d)",
2194 filename, linenum, arg, opcode);
2196 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
2197 fatal("%s line %d: garbage at end of line; \"%.200s\".",
2198 filename, linenum, arg);
2202 /* Reads the server configuration file. */
2205 load_server_config(const char *filename, struct sshbuf *conf)
2207 char *line = NULL, *cp;
2208 size_t linesize = 0;
2212 debug2("%s: filename %s", __func__, filename);
2213 if ((f = fopen(filename, "r")) == NULL) {
2218 while (getline(&line, &linesize, f) != -1) {
2221 * Trim out comments and strip whitespace
2222 * NB - preserve newlines, they are needed to reproduce
2223 * line numbers later for error messages
2225 if ((cp = strchr(line, '#')) != NULL)
2226 memcpy(cp, "\n", 2);
2227 cp = line + strspn(line, " \t\r");
2228 if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
2229 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2232 if ((r = sshbuf_put_u8(conf, 0)) != 0)
2233 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2235 debug2("%s: done config len = %zu", __func__, sshbuf_len(conf));
2239 parse_server_match_config(ServerOptions *options,
2240 struct connection_info *connectinfo)
2244 initialize_server_options(&mo);
2245 parse_server_config(&mo, "reprocess config", cfg, connectinfo);
2246 copy_set_server_options(options, &mo, 0);
2249 int parse_server_match_testspec(struct connection_info *ci, char *spec)
2253 while ((p = strsep(&spec, ",")) && *p != '\0') {
2254 if (strncmp(p, "addr=", 5) == 0) {
2255 ci->address = xstrdup(p + 5);
2256 } else if (strncmp(p, "host=", 5) == 0) {
2257 ci->host = xstrdup(p + 5);
2258 } else if (strncmp(p, "user=", 5) == 0) {
2259 ci->user = xstrdup(p + 5);
2260 } else if (strncmp(p, "laddr=", 6) == 0) {
2261 ci->laddress = xstrdup(p + 6);
2262 } else if (strncmp(p, "rdomain=", 8) == 0) {
2263 ci->rdomain = xstrdup(p + 8);
2264 } else if (strncmp(p, "lport=", 6) == 0) {
2265 ci->lport = a2port(p + 6);
2266 if (ci->lport == -1) {
2267 fprintf(stderr, "Invalid port '%s' in test mode"
2268 " specification %s\n", p+6, p);
2272 fprintf(stderr, "Invalid test mode specification %s\n",
2281 * Copy any supported values that are set.
2283 * If the preauth flag is set, we do not bother copying the string or
2284 * array values that are not used pre-authentication, because any that we
2285 * do use must be explicitly sent in mm_getpwnamallow().
2288 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2290 #define M_CP_INTOPT(n) do {\
2295 M_CP_INTOPT(password_authentication);
2296 M_CP_INTOPT(gss_authentication);
2297 M_CP_INTOPT(pubkey_authentication);
2298 M_CP_INTOPT(kerberos_authentication);
2299 M_CP_INTOPT(hostbased_authentication);
2300 M_CP_INTOPT(hostbased_uses_name_from_packet_only);
2301 M_CP_INTOPT(kbd_interactive_authentication);
2302 M_CP_INTOPT(permit_root_login);
2303 M_CP_INTOPT(permit_empty_passwd);
2305 M_CP_INTOPT(allow_tcp_forwarding);
2306 M_CP_INTOPT(allow_streamlocal_forwarding);
2307 M_CP_INTOPT(allow_agent_forwarding);
2308 M_CP_INTOPT(disable_forwarding);
2309 M_CP_INTOPT(expose_userauth_info);
2310 M_CP_INTOPT(permit_tun);
2311 M_CP_INTOPT(fwd_opts.gateway_ports);
2312 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
2313 M_CP_INTOPT(x11_display_offset);
2314 M_CP_INTOPT(x11_forwarding);
2315 M_CP_INTOPT(x11_use_localhost);
2316 M_CP_INTOPT(permit_tty);
2317 M_CP_INTOPT(permit_user_rc);
2318 M_CP_INTOPT(max_sessions);
2319 M_CP_INTOPT(max_authtries);
2320 M_CP_INTOPT(client_alive_count_max);
2321 M_CP_INTOPT(client_alive_interval);
2322 M_CP_INTOPT(ip_qos_interactive);
2323 M_CP_INTOPT(ip_qos_bulk);
2324 M_CP_INTOPT(rekey_limit);
2325 M_CP_INTOPT(rekey_interval);
2326 M_CP_INTOPT(log_level);
2329 * The bind_mask is a mode_t that may be unsigned, so we can't use
2330 * M_CP_INTOPT - it does a signed comparison that causes compiler
2333 if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) {
2334 dst->fwd_opts.streamlocal_bind_mask =
2335 src->fwd_opts.streamlocal_bind_mask;
2338 /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
2339 #define M_CP_STROPT(n) do {\
2340 if (src->n != NULL && dst->n != src->n) { \
2345 #define M_CP_STRARRAYOPT(s, num_s) do {\
2347 if (src->num_s != 0) { \
2348 for (i = 0; i < dst->num_s; i++) \
2351 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \
2352 for (i = 0; i < src->num_s; i++) \
2353 dst->s[i] = xstrdup(src->s[i]); \
2354 dst->num_s = src->num_s; \
2358 /* See comment in servconf.h */
2359 COPY_MATCH_STRING_OPTS();
2361 /* Arguments that accept '+...' need to be expanded */
2362 assemble_algorithms(dst);
2365 * The only things that should be below this point are string options
2366 * which are only used after authentication.
2371 /* These options may be "none" to clear a global setting */
2372 M_CP_STROPT(adm_forced_command);
2373 if (option_clear_or_none(dst->adm_forced_command)) {
2374 free(dst->adm_forced_command);
2375 dst->adm_forced_command = NULL;
2377 M_CP_STROPT(chroot_directory);
2378 if (option_clear_or_none(dst->chroot_directory)) {
2379 free(dst->chroot_directory);
2380 dst->chroot_directory = NULL;
2386 #undef M_CP_STRARRAYOPT
2389 parse_server_config(ServerOptions *options, const char *filename,
2390 struct sshbuf *conf, struct connection_info *connectinfo)
2392 int active, linenum, bad_options = 0;
2393 char *cp, *obuf, *cbuf;
2395 debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf));
2397 if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
2398 fatal("%s: sshbuf_dup_string failed", __func__);
2399 active = connectinfo ? 0 : 1;
2401 while ((cp = strsep(&cbuf, "\n")) != NULL) {
2402 if (process_server_config_line(options, cp, filename,
2403 linenum++, &active, connectinfo) != 0)
2407 if (bad_options > 0)
2408 fatal("%s: terminating, %d bad configuration options",
2409 filename, bad_options);
2410 process_queued_listen_addrs(options);
2414 fmt_multistate_int(int val, const struct multistate *m)
2418 for (i = 0; m[i].key != NULL; i++) {
2419 if (m[i].value == val)
2426 fmt_intarg(ServerOpCodes code, int val)
2431 case sAddressFamily:
2432 return fmt_multistate_int(val, multistate_addressfamily);
2433 case sPermitRootLogin:
2434 return fmt_multistate_int(val, multistate_permitrootlogin);
2436 return fmt_multistate_int(val, multistate_gatewayports);
2438 return fmt_multistate_int(val, multistate_compression);
2439 case sAllowTcpForwarding:
2440 return fmt_multistate_int(val, multistate_tcpfwd);
2441 case sAllowStreamLocalForwarding:
2442 return fmt_multistate_int(val, multistate_tcpfwd);
2443 case sFingerprintHash:
2444 return ssh_digest_alg_name(val);
2458 dump_cfg_int(ServerOpCodes code, int val)
2460 printf("%s %d\n", lookup_opcode_name(code), val);
2464 dump_cfg_oct(ServerOpCodes code, int val)
2466 printf("%s 0%o\n", lookup_opcode_name(code), val);
2470 dump_cfg_fmtint(ServerOpCodes code, int val)
2472 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
2476 dump_cfg_string(ServerOpCodes code, const char *val)
2478 printf("%s %s\n", lookup_opcode_name(code),
2479 val == NULL ? "none" : val);
2483 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
2487 for (i = 0; i < count; i++)
2488 printf("%s %s\n", lookup_opcode_name(code), vals[i]);
2492 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
2496 if (count <= 0 && code != sAuthenticationMethods)
2498 printf("%s", lookup_opcode_name(code));
2499 for (i = 0; i < count; i++)
2500 printf(" %s", vals[i]);
2501 if (code == sAuthenticationMethods && count == 0)
2507 format_listen_addrs(struct listenaddr *la)
2510 struct addrinfo *ai;
2511 char addr[NI_MAXHOST], port[NI_MAXSERV];
2512 char *laddr1 = xstrdup(""), *laddr2 = NULL;
2515 * ListenAddress must be after Port. add_one_listen_addr pushes
2516 * addresses onto a stack, so to maintain ordering we need to
2517 * print these in reverse order.
2519 for (ai = la->addrs; ai; ai = ai->ai_next) {
2520 if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
2521 sizeof(addr), port, sizeof(port),
2522 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
2523 error("getnameinfo: %.100s", ssh_gai_strerror(r));
2527 if (ai->ai_family == AF_INET6) {
2528 xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s",
2530 la->rdomain == NULL ? "" : " rdomain ",
2531 la->rdomain == NULL ? "" : la->rdomain,
2534 xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s",
2536 la->rdomain == NULL ? "" : " rdomain ",
2537 la->rdomain == NULL ? "" : la->rdomain,
2546 dump_config(ServerOptions *o)
2551 /* these are usually at the top of the config */
2552 for (i = 0; i < o->num_ports; i++)
2553 printf("port %d\n", o->ports[i]);
2554 dump_cfg_fmtint(sAddressFamily, o->address_family);
2556 for (i = 0; i < o->num_listen_addrs; i++) {
2557 s = format_listen_addrs(&o->listen_addrs[i]);
2562 /* integer arguments */
2564 dump_cfg_fmtint(sUsePAM, o->use_pam);
2566 dump_cfg_int(sLoginGraceTime, o->login_grace_time);
2567 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
2568 dump_cfg_int(sMaxAuthTries, o->max_authtries);
2569 dump_cfg_int(sMaxSessions, o->max_sessions);
2570 dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
2571 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
2572 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
2574 /* formatted integer arguments */
2575 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
2576 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
2577 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
2578 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
2579 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
2580 o->hostbased_uses_name_from_packet_only);
2581 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
2583 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
2584 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
2585 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
2587 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
2591 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
2592 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
2594 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
2595 dump_cfg_fmtint(sKbdInteractiveAuthentication,
2596 o->kbd_interactive_authentication);
2597 dump_cfg_fmtint(sChallengeResponseAuthentication,
2598 o->challenge_response_authentication);
2599 dump_cfg_fmtint(sPrintMotd, o->print_motd);
2600 #ifndef DISABLE_LASTLOG
2601 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
2603 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
2604 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
2605 dump_cfg_fmtint(sPermitTTY, o->permit_tty);
2606 dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
2607 dump_cfg_fmtint(sStrictModes, o->strict_modes);
2608 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
2609 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
2610 dump_cfg_fmtint(sCompression, o->compression);
2611 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2612 dump_cfg_fmtint(sUseDNS, o->use_dns);
2613 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2614 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
2615 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
2616 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2617 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2618 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2619 dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
2621 /* string arguments */
2622 dump_cfg_string(sPidFile, o->pid_file);
2623 dump_cfg_string(sXAuthLocation, o->xauth_location);
2624 dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT);
2625 dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC);
2626 dump_cfg_string(sBanner, o->banner);
2627 dump_cfg_string(sForceCommand, o->adm_forced_command);
2628 dump_cfg_string(sChrootDirectory, o->chroot_directory);
2629 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
2630 dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
2631 dump_cfg_string(sAuthorizedPrincipalsFile,
2632 o->authorized_principals_file);
2633 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
2634 ? "none" : o->version_addendum);
2635 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
2636 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
2637 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
2638 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
2639 dump_cfg_string(sHostKeyAgent, o->host_key_agent);
2640 dump_cfg_string(sKexAlgorithms,
2641 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
2642 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ?
2643 o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS);
2644 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
2645 o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
2646 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?
2647 o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
2648 dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
2649 o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
2650 dump_cfg_string(sRDomain, o->routing_domain);
2652 /* string arguments requiring a lookup */
2653 dump_cfg_string(sLogLevel, log_level_name(o->log_level));
2654 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
2656 /* string array arguments */
2657 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
2658 o->authorized_keys_files);
2659 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
2661 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
2662 o->host_cert_files);
2663 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
2664 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
2665 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
2666 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
2667 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
2668 dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv);
2669 dump_cfg_strarray_oneline(sAuthenticationMethods,
2670 o->num_auth_methods, o->auth_methods);
2672 /* other arguments */
2673 for (i = 0; i < o->num_subsystems; i++)
2674 printf("subsystem %s %s\n", o->subsystem_name[i],
2675 o->subsystem_args[i]);
2677 printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
2678 o->max_startups_rate, o->max_startups);
2681 for (i = 0; tunmode_desc[i].val != -1; i++) {
2682 if (tunmode_desc[i].val == o->permit_tun) {
2683 s = tunmode_desc[i].text;
2687 dump_cfg_string(sPermitTunnel, s);
2689 printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
2690 printf("%s\n", iptos2str(o->ip_qos_bulk));
2692 printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
2695 printf("permitopen");
2696 if (o->num_permitted_opens == 0)
2699 for (i = 0; i < o->num_permitted_opens; i++)
2700 printf(" %s", o->permitted_opens[i]);
2703 printf("permitlisten");
2704 if (o->num_permitted_listens == 0)
2707 for (i = 0; i < o->num_permitted_listens; i++)
2708 printf(" %s", o->permitted_listens[i]);
2712 if (o->permit_user_env_whitelist == NULL) {
2713 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2715 printf("permituserenvironment %s\n",
2716 o->permit_user_env_whitelist);