2 /* $OpenBSD: servconf.c,v 1.229 2012/07/13 01:35:21 dtucker Exp $ */
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
16 #include <sys/types.h>
17 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <netinet/in_systm.h>
21 #include <netinet/ip.h>
33 #include "openbsd-compat/sys-queue.h"
40 #include "pathnames.h"
48 #include "groupaccess.h"
52 static void add_listen_addr(ServerOptions *, char *, int);
53 static void add_one_listen_addr(ServerOptions *, char *, int);
55 /* Use of privilege separation or not */
56 extern int use_privsep;
59 /* Initializes the server options to their default values. */
62 initialize_server_options(ServerOptions *options)
64 memset(options, 0, sizeof(*options));
66 /* Portable-specific options */
67 options->use_pam = -1;
69 /* Standard Options */
70 options->num_ports = 0;
71 options->ports_from_cmdline = 0;
72 options->listen_addrs = NULL;
73 options->address_family = -1;
74 options->num_host_key_files = 0;
75 options->num_host_cert_files = 0;
76 options->pid_file = NULL;
77 options->server_key_bits = -1;
78 options->login_grace_time = -1;
79 options->key_regeneration_time = -1;
80 options->permit_root_login = PERMIT_NOT_SET;
81 options->ignore_rhosts = -1;
82 options->ignore_user_known_hosts = -1;
83 options->print_motd = -1;
84 options->print_lastlog = -1;
85 options->x11_forwarding = -1;
86 options->x11_display_offset = -1;
87 options->x11_use_localhost = -1;
88 options->xauth_location = NULL;
89 options->strict_modes = -1;
90 options->tcp_keep_alive = -1;
91 options->log_facility = SYSLOG_FACILITY_NOT_SET;
92 options->log_level = SYSLOG_LEVEL_NOT_SET;
93 options->rhosts_rsa_authentication = -1;
94 options->hostbased_authentication = -1;
95 options->hostbased_uses_name_from_packet_only = -1;
96 options->rsa_authentication = -1;
97 options->pubkey_authentication = -1;
98 options->kerberos_authentication = -1;
99 options->kerberos_or_local_passwd = -1;
100 options->kerberos_ticket_cleanup = -1;
101 options->kerberos_get_afs_token = -1;
102 options->gss_authentication=-1;
103 options->gss_cleanup_creds = -1;
104 options->password_authentication = -1;
105 options->kbd_interactive_authentication = -1;
106 options->challenge_response_authentication = -1;
107 options->permit_blacklisted_keys = -1;
108 options->permit_empty_passwd = -1;
109 options->permit_user_env = -1;
110 options->use_login = -1;
111 options->compression = -1;
112 options->allow_tcp_forwarding = -1;
113 options->allow_agent_forwarding = -1;
114 options->num_allow_users = 0;
115 options->num_deny_users = 0;
116 options->num_allow_groups = 0;
117 options->num_deny_groups = 0;
118 options->ciphers = NULL;
119 options->macs = NULL;
120 options->kex_algorithms = NULL;
121 options->protocol = SSH_PROTO_UNKNOWN;
122 options->gateway_ports = -1;
123 options->num_subsystems = 0;
124 options->max_startups_begin = -1;
125 options->max_startups_rate = -1;
126 options->max_startups = -1;
127 options->max_authtries = -1;
128 options->max_sessions = -1;
129 options->banner = NULL;
130 options->use_dns = -1;
131 options->client_alive_interval = -1;
132 options->client_alive_count_max = -1;
133 options->num_authkeys_files = 0;
134 options->num_accept_env = 0;
135 options->permit_tun = -1;
136 options->num_permitted_opens = -1;
137 options->adm_forced_command = NULL;
138 options->chroot_directory = NULL;
139 options->zero_knowledge_password_authentication = -1;
140 options->none_enabled = -1;
141 options->tcp_rcv_buf_poll = -1;
142 options->hpn_disabled = -1;
143 options->hpn_buffer_size = -1;
144 options->revoked_keys_file = NULL;
145 options->trusted_user_ca_keys = NULL;
146 options->authorized_principals_file = NULL;
147 options->ip_qos_interactive = -1;
148 options->ip_qos_bulk = -1;
149 options->version_addendum = NULL;
153 fill_default_server_options(ServerOptions *options)
155 /* needed for hpn socket tests */
158 int socksizelen = sizeof(int);
160 /* Portable-specific options */
161 if (options->use_pam == -1)
162 options->use_pam = 0;
164 /* Standard Options */
165 if (options->protocol == SSH_PROTO_UNKNOWN)
166 options->protocol = SSH_PROTO_2;
167 if (options->num_host_key_files == 0) {
168 /* fill default hostkeys for protocols */
169 if (options->protocol & SSH_PROTO_1)
170 options->host_key_files[options->num_host_key_files++] =
172 if (options->protocol & SSH_PROTO_2) {
173 options->host_key_files[options->num_host_key_files++] =
174 _PATH_HOST_RSA_KEY_FILE;
175 options->host_key_files[options->num_host_key_files++] =
176 _PATH_HOST_DSA_KEY_FILE;
177 #ifdef OPENSSL_HAS_ECC
178 options->host_key_files[options->num_host_key_files++] =
179 _PATH_HOST_ECDSA_KEY_FILE;
183 /* No certificates by default */
184 if (options->num_ports == 0)
185 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
186 if (options->listen_addrs == NULL)
187 add_listen_addr(options, NULL, 0);
188 if (options->pid_file == NULL)
189 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
190 if (options->server_key_bits == -1)
191 options->server_key_bits = 1024;
192 if (options->login_grace_time == -1)
193 options->login_grace_time = 120;
194 if (options->key_regeneration_time == -1)
195 options->key_regeneration_time = 3600;
196 if (options->permit_root_login == PERMIT_NOT_SET)
197 options->permit_root_login = PERMIT_NO;
198 if (options->ignore_rhosts == -1)
199 options->ignore_rhosts = 1;
200 if (options->ignore_user_known_hosts == -1)
201 options->ignore_user_known_hosts = 0;
202 if (options->print_motd == -1)
203 options->print_motd = 1;
204 if (options->print_lastlog == -1)
205 options->print_lastlog = 1;
206 if (options->x11_forwarding == -1)
207 options->x11_forwarding = 1;
208 if (options->x11_display_offset == -1)
209 options->x11_display_offset = 10;
210 if (options->x11_use_localhost == -1)
211 options->x11_use_localhost = 1;
212 if (options->xauth_location == NULL)
213 options->xauth_location = _PATH_XAUTH;
214 if (options->strict_modes == -1)
215 options->strict_modes = 1;
216 if (options->tcp_keep_alive == -1)
217 options->tcp_keep_alive = 1;
218 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
219 options->log_facility = SYSLOG_FACILITY_AUTH;
220 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
221 options->log_level = SYSLOG_LEVEL_INFO;
222 if (options->rhosts_rsa_authentication == -1)
223 options->rhosts_rsa_authentication = 0;
224 if (options->hostbased_authentication == -1)
225 options->hostbased_authentication = 0;
226 if (options->hostbased_uses_name_from_packet_only == -1)
227 options->hostbased_uses_name_from_packet_only = 0;
228 if (options->rsa_authentication == -1)
229 options->rsa_authentication = 1;
230 if (options->pubkey_authentication == -1)
231 options->pubkey_authentication = 1;
232 if (options->kerberos_authentication == -1)
233 options->kerberos_authentication = 0;
234 if (options->kerberos_or_local_passwd == -1)
235 options->kerberos_or_local_passwd = 1;
236 if (options->kerberos_ticket_cleanup == -1)
237 options->kerberos_ticket_cleanup = 1;
238 if (options->kerberos_get_afs_token == -1)
239 options->kerberos_get_afs_token = 0;
240 if (options->gss_authentication == -1)
241 options->gss_authentication = 0;
242 if (options->gss_cleanup_creds == -1)
243 options->gss_cleanup_creds = 1;
244 if (options->password_authentication == -1)
245 options->password_authentication = 1;
246 if (options->kbd_interactive_authentication == -1)
247 options->kbd_interactive_authentication = 0;
248 if (options->challenge_response_authentication == -1)
249 options->challenge_response_authentication = 1;
250 if (options->permit_blacklisted_keys == -1)
251 options->permit_blacklisted_keys = 0;
252 if (options->permit_empty_passwd == -1)
253 options->permit_empty_passwd = 0;
254 if (options->permit_user_env == -1)
255 options->permit_user_env = 0;
256 if (options->use_login == -1)
257 options->use_login = 0;
258 if (options->compression == -1)
259 options->compression = COMP_DELAYED;
260 if (options->allow_tcp_forwarding == -1)
261 options->allow_tcp_forwarding = 1;
262 if (options->allow_agent_forwarding == -1)
263 options->allow_agent_forwarding = 1;
264 if (options->gateway_ports == -1)
265 options->gateway_ports = 0;
266 if (options->max_startups == -1)
267 options->max_startups = 10;
268 if (options->max_startups_rate == -1)
269 options->max_startups_rate = 100; /* 100% */
270 if (options->max_startups_begin == -1)
271 options->max_startups_begin = options->max_startups;
272 if (options->max_authtries == -1)
273 options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
274 if (options->max_sessions == -1)
275 options->max_sessions = DEFAULT_SESSIONS_MAX;
276 if (options->use_dns == -1)
277 options->use_dns = 1;
278 if (options->client_alive_interval == -1)
279 options->client_alive_interval = 0;
280 if (options->client_alive_count_max == -1)
281 options->client_alive_count_max = 3;
282 if (options->num_authkeys_files == 0) {
283 options->authorized_keys_files[options->num_authkeys_files++] =
284 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
285 options->authorized_keys_files[options->num_authkeys_files++] =
286 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
288 if (options->permit_tun == -1)
289 options->permit_tun = SSH_TUNMODE_NO;
290 if (options->zero_knowledge_password_authentication == -1)
291 options->zero_knowledge_password_authentication = 0;
292 if (options->ip_qos_interactive == -1)
293 options->ip_qos_interactive = IPTOS_LOWDELAY;
294 if (options->ip_qos_bulk == -1)
295 options->ip_qos_bulk = IPTOS_THROUGHPUT;
297 if (options->hpn_disabled == -1)
298 options->hpn_disabled = 0;
300 if (options->hpn_buffer_size == -1) {
301 /* option not explicitly set. Now we have to figure out */
302 /* what value to use */
303 if (options->hpn_disabled == 1) {
304 options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
306 /* get the current RCV size and set it to that */
307 /*create a socket but don't connect it */
308 /* we use that the get the rcv socket size */
309 sock = socket(AF_INET, SOCK_STREAM, 0);
310 getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
311 &socksize, &socksizelen);
313 options->hpn_buffer_size = socksize;
314 debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
318 /* we have to do this incase the user sets both values in a contradictory */
319 /* manner. hpn_disabled overrrides hpn_buffer_size*/
320 if (options->hpn_disabled <= 0) {
321 if (options->hpn_buffer_size == 0)
322 options->hpn_buffer_size = 1;
323 /* limit the maximum buffer to 64MB */
324 if (options->hpn_buffer_size > 64*1024) {
325 options->hpn_buffer_size = 64*1024*1024;
327 options->hpn_buffer_size *= 1024;
330 options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
333 if (options->version_addendum == NULL)
334 options->version_addendum = xstrdup("");
335 /* Turn privilege separation on by default */
336 if (use_privsep == -1)
337 use_privsep = PRIVSEP_NOSANDBOX;
340 if (use_privsep && options->compression == 1) {
341 error("This platform does not support both privilege "
342 "separation and compression");
343 error("Compression disabled");
344 options->compression = 0;
350 /* Keyword tokens. */
352 sBadOption, /* == unknown option */
353 /* Portable-specific options */
355 /* Standard Options */
356 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
357 sPermitRootLogin, sLogFacility, sLogLevel,
358 sRhostsRSAAuthentication, sRSAAuthentication,
359 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
360 sKerberosGetAFSToken,
361 sKerberosTgtPassing, sChallengeResponseAuthentication,
362 sPasswordAuthentication, sKbdInteractiveAuthentication,
363 sListenAddress, sAddressFamily,
364 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
365 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
366 sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
367 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
368 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
369 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
370 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
371 sMaxStartups, sMaxAuthTries, sMaxSessions,
372 sBanner, sUseDNS, sHostbasedAuthentication,
373 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
374 sClientAliveCountMax, sAuthorizedKeysFile,
375 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
376 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
377 sUsePrivilegeSeparation, sAllowAgentForwarding,
378 sZeroKnowledgePasswordAuthentication, sHostCertificate,
379 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
380 sKexAlgorithms, sIPQoS, sVersionAddendum,
381 sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
382 sDeprecated, sUnsupported
385 #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
386 #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
387 #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
389 /* Textual representation of the tokens. */
392 ServerOpCodes opcode;
395 /* Portable-specific options */
397 { "usepam", sUsePAM, SSHCFG_GLOBAL },
399 { "usepam", sUnsupported, SSHCFG_GLOBAL },
401 { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
402 /* Standard Options */
403 { "port", sPort, SSHCFG_GLOBAL },
404 { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
405 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
406 { "pidfile", sPidFile, SSHCFG_GLOBAL },
407 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL },
408 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
409 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL },
410 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
411 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
412 { "loglevel", sLogLevel, SSHCFG_GLOBAL },
413 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
414 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
415 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
416 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
417 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
418 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
419 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
421 { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
422 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
423 { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
425 { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL },
427 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
430 { "kerberosauthentication", sUnsupported, SSHCFG_ALL },
431 { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
432 { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
433 { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
435 { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
436 { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
438 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
439 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
441 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
442 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
444 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
445 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
446 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
447 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
449 { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL },
451 { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL },
453 { "checkmail", sDeprecated, SSHCFG_GLOBAL },
454 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
455 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
456 { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
457 { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
458 { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
459 { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
460 { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
461 { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
462 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
463 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
464 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
465 { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
466 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
467 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
468 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
469 { "compression", sCompression, SSHCFG_GLOBAL },
470 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
471 { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
472 { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
473 { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
474 { "allowusers", sAllowUsers, SSHCFG_ALL },
475 { "denyusers", sDenyUsers, SSHCFG_ALL },
476 { "allowgroups", sAllowGroups, SSHCFG_ALL },
477 { "denygroups", sDenyGroups, SSHCFG_ALL },
478 { "ciphers", sCiphers, SSHCFG_GLOBAL },
479 { "macs", sMacs, SSHCFG_GLOBAL },
480 { "protocol", sProtocol, SSHCFG_GLOBAL },
481 { "gatewayports", sGatewayPorts, SSHCFG_ALL },
482 { "subsystem", sSubsystem, SSHCFG_GLOBAL },
483 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
484 { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
485 { "maxsessions", sMaxSessions, SSHCFG_ALL },
486 { "banner", sBanner, SSHCFG_ALL },
487 { "usedns", sUseDNS, SSHCFG_GLOBAL },
488 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
489 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
490 { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
491 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
492 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
493 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
494 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
495 { "acceptenv", sAcceptEnv, SSHCFG_ALL },
496 { "permittunnel", sPermitTunnel, SSHCFG_ALL },
497 { "match", sMatch, SSHCFG_ALL },
498 { "permitopen", sPermitOpen, SSHCFG_ALL },
499 { "forcecommand", sForceCommand, SSHCFG_ALL },
500 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
501 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
502 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
503 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
504 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
505 { "noneenabled", sNoneEnabled },
506 { "hpndisabled", sHPNDisabled },
507 { "hpnbuffersize", sHPNBufferSize },
508 { "tcprcvbufpoll", sTcpRcvBufPoll },
509 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
510 { "ipqos", sIPQoS, SSHCFG_ALL },
511 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
512 { NULL, sBadOption, 0 }
519 { SSH_TUNMODE_NO, "no" },
520 { SSH_TUNMODE_POINTOPOINT, "point-to-point" },
521 { SSH_TUNMODE_ETHERNET, "ethernet" },
522 { SSH_TUNMODE_YES, "yes" },
527 * Returns the number of the token pointed to by cp or sBadOption.
531 parse_token(const char *cp, const char *filename,
532 int linenum, u_int *flags)
536 for (i = 0; keywords[i].name; i++)
537 if (strcasecmp(cp, keywords[i].name) == 0) {
538 debug ("Config token is %s", keywords[i].name);
539 *flags = keywords[i].flags;
540 return keywords[i].opcode;
543 error("%s: line %d: Bad configuration option: %s",
544 filename, linenum, cp);
549 derelativise_path(const char *path)
551 char *expanded, *ret, cwd[MAXPATHLEN];
553 expanded = tilde_expand_filename(path, getuid());
554 if (*expanded == '/')
556 if (getcwd(cwd, sizeof(cwd)) == NULL)
557 fatal("%s: getcwd: %s", __func__, strerror(errno));
558 xasprintf(&ret, "%s/%s", cwd, expanded);
564 add_listen_addr(ServerOptions *options, char *addr, int port)
568 if (options->num_ports == 0)
569 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
570 if (options->address_family == -1)
571 options->address_family = AF_UNSPEC;
573 for (i = 0; i < options->num_ports; i++)
574 add_one_listen_addr(options, addr, options->ports[i]);
576 add_one_listen_addr(options, addr, port);
580 add_one_listen_addr(ServerOptions *options, char *addr, int port)
582 struct addrinfo hints, *ai, *aitop;
583 char strport[NI_MAXSERV];
586 memset(&hints, 0, sizeof(hints));
587 hints.ai_family = options->address_family;
588 hints.ai_socktype = SOCK_STREAM;
589 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
590 snprintf(strport, sizeof strport, "%d", port);
591 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
592 fatal("bad addr or host: %s (%s)",
593 addr ? addr : "<NULL>",
594 ssh_gai_strerror(gaierr));
595 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
597 ai->ai_next = options->listen_addrs;
598 options->listen_addrs = aitop;
601 struct connection_info *
602 get_connection_info(int populate, int use_dns)
604 static struct connection_info ci;
608 ci.host = get_canonical_hostname(use_dns);
609 ci.address = get_remote_ipaddr();
610 ci.laddress = get_local_ipaddr(packet_get_connection_in());
611 ci.lport = get_local_port();
616 * The strategy for the Match blocks is that the config file is parsed twice.
618 * The first time is at startup. activep is initialized to 1 and the
619 * directives in the global context are processed and acted on. Hitting a
620 * Match directive unsets activep and the directives inside the block are
621 * checked for syntax only.
623 * The second time is after a connection has been established but before
624 * authentication. activep is initialized to 2 and global config directives
625 * are ignored since they have already been processed. If the criteria in a
626 * Match block is met, activep is set and the subsequent directives
627 * processed and actioned until EOF or another Match block unsets it. Any
628 * options set are copied into the main server config.
630 * Potential additions/improvements:
631 * - Add Match support for pre-kex directives, eg Protocol, Ciphers.
633 * - Add a Tag directive (idea from David Leonard) ala pf, eg:
634 * Match Address 192.168.0.*
639 * AllowTcpForwarding yes
640 * GatewayPorts clientspecified
643 * - Add a PermittedChannelRequests directive
645 * PermittedChannelRequests session,forwarded-tcpip
649 match_cfg_line_group(const char *grps, int line, const char *user)
657 if ((pw = getpwnam(user)) == NULL) {
658 debug("Can't match group at line %d because user %.100s does "
659 "not exist", line, user);
660 } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
661 debug("Can't Match group because user %.100s not in any group "
662 "at line %d", user, line);
663 } else if (ga_match_pattern_list(grps) != 1) {
664 debug("user %.100s does not match group list %.100s at line %d",
667 debug("user %.100s matched group list %.100s at line %d", user,
677 * All of the attributes on a single Match line are ANDed together, so we need to check every
678 * attribute and set the result to zero if any attribute does not match.
681 match_cfg_line(char **condition, int line, struct connection_info *ci)
683 int result = 1, port;
684 char *arg, *attrib, *cp = *condition;
688 debug3("checking syntax for 'Match %s'", cp);
690 debug3("checking match for '%s' user %s host %s addr %s "
691 "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
692 ci->host ? ci->host : "(null)",
693 ci->address ? ci->address : "(null)",
694 ci->laddress ? ci->laddress : "(null)", ci->lport);
696 while ((attrib = strdelim(&cp)) && *attrib != '\0') {
697 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
698 error("Missing Match criteria for %s", attrib);
702 if (strcasecmp(attrib, "user") == 0) {
703 if (ci == NULL || ci->user == NULL) {
707 if (match_pattern_list(ci->user, arg, len, 0) != 1)
710 debug("user %.100s matched 'User %.100s' at "
711 "line %d", ci->user, arg, line);
712 } else if (strcasecmp(attrib, "group") == 0) {
713 if (ci == NULL || ci->user == NULL) {
717 switch (match_cfg_line_group(arg, line, ci->user)) {
723 } else if (strcasecmp(attrib, "host") == 0) {
724 if (ci == NULL || ci->host == NULL) {
728 if (match_hostname(ci->host, arg, len) != 1)
731 debug("connection from %.100s matched 'Host "
732 "%.100s' at line %d", ci->host, arg, line);
733 } else if (strcasecmp(attrib, "address") == 0) {
734 if (ci == NULL || ci->address == NULL) {
738 switch (addr_match_list(ci->address, arg)) {
740 debug("connection from %.100s matched 'Address "
741 "%.100s' at line %d", ci->address, arg, line);
750 } else if (strcasecmp(attrib, "localaddress") == 0){
751 if (ci == NULL || ci->laddress == NULL) {
755 switch (addr_match_list(ci->laddress, arg)) {
757 debug("connection from %.100s matched "
758 "'LocalAddress %.100s' at line %d",
759 ci->laddress, arg, line);
768 } else if (strcasecmp(attrib, "localport") == 0) {
769 if ((port = a2port(arg)) == -1) {
770 error("Invalid LocalPort '%s' on Match line",
774 if (ci == NULL || ci->lport == 0) {
778 /* TODO support port lists */
779 if (port == ci->lport)
780 debug("connection from %.100s matched "
781 "'LocalPort %d' at line %d",
782 ci->laddress, port, line);
786 error("Unsupported Match attribute %s", attrib);
791 debug3("match %sfound", result ? "" : "not ");
796 #define WHITESPACE " \t\r\n"
798 /* Multistate option parsing */
803 static const struct multistate multistate_addressfamily[] = {
805 { "inet6", AF_INET6 },
806 { "any", AF_UNSPEC },
809 static const struct multistate multistate_permitrootlogin[] = {
810 { "without-password", PERMIT_NO_PASSWD },
811 { "forced-commands-only", PERMIT_FORCED_ONLY },
812 { "yes", PERMIT_YES },
816 static const struct multistate multistate_compression[] = {
817 { "delayed", COMP_DELAYED },
818 { "yes", COMP_ZLIB },
822 static const struct multistate multistate_gatewayports[] = {
823 { "clientspecified", 2 },
828 static const struct multistate multistate_privsep[] = {
829 { "yes", PRIVSEP_NOSANDBOX },
830 { "sandbox", PRIVSEP_ON },
831 { "nosandbox", PRIVSEP_NOSANDBOX },
832 { "no", PRIVSEP_OFF },
837 process_server_config_line(ServerOptions *options, char *line,
838 const char *filename, int linenum, int *activep,
839 struct connection_info *connectinfo)
841 char *cp, **charptr, *arg, *p;
842 int cmdline = 0, *intptr, value, value2, n;
843 SyslogFacility *log_facility_ptr;
844 LogLevel *log_level_ptr;
845 ServerOpCodes opcode;
849 const struct multistate *multistate_ptr;
852 if ((arg = strdelim(&cp)) == NULL)
854 /* Ignore leading whitespace */
857 if (!arg || !*arg || *arg == '#')
861 opcode = parse_token(arg, filename, linenum, &flags);
863 if (activep == NULL) { /* We are processing a command line directive */
867 if (*activep && opcode != sMatch)
868 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
869 if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
870 if (connectinfo == NULL) {
871 fatal("%s line %d: Directive '%s' is not allowed "
872 "within a Match block", filename, linenum, arg);
873 } else { /* this is a directive we have already processed */
881 /* Portable-specific options */
883 intptr = &options->use_pam;
886 /* Standard Options */
890 /* ignore ports from configfile if cmdline specifies ports */
891 if (options->ports_from_cmdline)
893 if (options->listen_addrs != NULL)
894 fatal("%s line %d: ports must be specified before "
895 "ListenAddress.", filename, linenum);
896 if (options->num_ports >= MAX_PORTS)
897 fatal("%s line %d: too many ports.",
900 if (!arg || *arg == '\0')
901 fatal("%s line %d: missing port number.",
903 options->ports[options->num_ports++] = a2port(arg);
904 if (options->ports[options->num_ports-1] <= 0)
905 fatal("%s line %d: Badly formatted port number.",
910 intptr = &options->server_key_bits;
913 if (!arg || *arg == '\0')
914 fatal("%s line %d: missing integer value.",
917 if (*activep && *intptr == -1)
921 case sLoginGraceTime:
922 intptr = &options->login_grace_time;
925 if (!arg || *arg == '\0')
926 fatal("%s line %d: missing time value.",
928 if ((value = convtime(arg)) == -1)
929 fatal("%s line %d: invalid time value.",
935 case sKeyRegenerationTime:
936 intptr = &options->key_regeneration_time;
941 if (arg == NULL || *arg == '\0')
942 fatal("%s line %d: missing address",
944 /* check for bare IPv6 address: no "[]" and 2 or more ":" */
945 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
946 && strchr(p+1, ':') != NULL) {
947 add_listen_addr(options, arg, 0);
952 fatal("%s line %d: bad address:port usage",
954 p = cleanhostname(p);
957 else if ((port = a2port(arg)) <= 0)
958 fatal("%s line %d: bad port number", filename, linenum);
960 add_listen_addr(options, p, port);
965 intptr = &options->address_family;
966 multistate_ptr = multistate_addressfamily;
967 if (options->listen_addrs != NULL)
968 fatal("%s line %d: address family must be specified "
969 "before ListenAddress.", filename, linenum);
972 if (!arg || *arg == '\0')
973 fatal("%s line %d: missing argument.",
976 for (i = 0; multistate_ptr[i].key != NULL; i++) {
977 if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
978 value = multistate_ptr[i].value;
983 fatal("%s line %d: unsupported option \"%s\".",
984 filename, linenum, arg);
985 if (*activep && *intptr == -1)
990 intptr = &options->num_host_key_files;
991 if (*intptr >= MAX_HOSTKEYS)
992 fatal("%s line %d: too many host keys specified (max %d).",
993 filename, linenum, MAX_HOSTKEYS);
994 charptr = &options->host_key_files[*intptr];
997 if (!arg || *arg == '\0')
998 fatal("%s line %d: missing file name.",
1000 if (*activep && *charptr == NULL) {
1001 *charptr = derelativise_path(arg);
1002 /* increase optional counter */
1004 *intptr = *intptr + 1;
1008 case sHostCertificate:
1009 intptr = &options->num_host_cert_files;
1010 if (*intptr >= MAX_HOSTKEYS)
1011 fatal("%s line %d: too many host certificates "
1012 "specified (max %d).", filename, linenum,
1014 charptr = &options->host_cert_files[*intptr];
1015 goto parse_filename;
1019 charptr = &options->pid_file;
1020 goto parse_filename;
1022 case sPermitRootLogin:
1023 intptr = &options->permit_root_login;
1024 multistate_ptr = multistate_permitrootlogin;
1025 goto parse_multistate;
1028 intptr = &options->ignore_rhosts;
1030 arg = strdelim(&cp);
1031 if (!arg || *arg == '\0')
1032 fatal("%s line %d: missing yes/no argument.",
1034 value = 0; /* silence compiler */
1035 if (strcmp(arg, "yes") == 0)
1037 else if (strcmp(arg, "no") == 0)
1040 fatal("%s line %d: Bad yes/no argument: %s",
1041 filename, linenum, arg);
1042 if (*activep && *intptr == -1)
1047 intptr = &options->none_enabled;
1050 case sTcpRcvBufPoll:
1051 intptr = &options->tcp_rcv_buf_poll;
1055 intptr = &options->hpn_disabled;
1058 case sHPNBufferSize:
1059 intptr = &options->hpn_buffer_size;
1062 case sIgnoreUserKnownHosts:
1063 intptr = &options->ignore_user_known_hosts;
1066 case sRhostsRSAAuthentication:
1067 intptr = &options->rhosts_rsa_authentication;
1070 case sHostbasedAuthentication:
1071 intptr = &options->hostbased_authentication;
1074 case sHostbasedUsesNameFromPacketOnly:
1075 intptr = &options->hostbased_uses_name_from_packet_only;
1078 case sRSAAuthentication:
1079 intptr = &options->rsa_authentication;
1082 case sPubkeyAuthentication:
1083 intptr = &options->pubkey_authentication;
1086 case sKerberosAuthentication:
1087 intptr = &options->kerberos_authentication;
1090 case sKerberosOrLocalPasswd:
1091 intptr = &options->kerberos_or_local_passwd;
1094 case sKerberosTicketCleanup:
1095 intptr = &options->kerberos_ticket_cleanup;
1098 case sKerberosGetAFSToken:
1099 intptr = &options->kerberos_get_afs_token;
1102 case sGssAuthentication:
1103 intptr = &options->gss_authentication;
1106 case sGssCleanupCreds:
1107 intptr = &options->gss_cleanup_creds;
1110 case sPasswordAuthentication:
1111 intptr = &options->password_authentication;
1114 case sZeroKnowledgePasswordAuthentication:
1115 intptr = &options->zero_knowledge_password_authentication;
1118 case sKbdInteractiveAuthentication:
1119 intptr = &options->kbd_interactive_authentication;
1122 case sChallengeResponseAuthentication:
1123 intptr = &options->challenge_response_authentication;
1127 intptr = &options->print_motd;
1131 intptr = &options->print_lastlog;
1134 case sX11Forwarding:
1135 intptr = &options->x11_forwarding;
1138 case sX11DisplayOffset:
1139 intptr = &options->x11_display_offset;
1142 case sX11UseLocalhost:
1143 intptr = &options->x11_use_localhost;
1146 case sXAuthLocation:
1147 charptr = &options->xauth_location;
1148 goto parse_filename;
1151 intptr = &options->strict_modes;
1155 intptr = &options->tcp_keep_alive;
1158 case sPermitBlacklistedKeys:
1159 intptr = &options->permit_blacklisted_keys;
1163 intptr = &options->permit_empty_passwd;
1166 case sPermitUserEnvironment:
1167 intptr = &options->permit_user_env;
1171 intptr = &options->use_login;
1175 intptr = &options->compression;
1176 multistate_ptr = multistate_compression;
1177 goto parse_multistate;
1180 intptr = &options->gateway_ports;
1181 multistate_ptr = multistate_gatewayports;
1182 goto parse_multistate;
1185 intptr = &options->use_dns;
1189 log_facility_ptr = &options->log_facility;
1190 arg = strdelim(&cp);
1191 value = log_facility_number(arg);
1192 if (value == SYSLOG_FACILITY_NOT_SET)
1193 fatal("%.200s line %d: unsupported log facility '%s'",
1194 filename, linenum, arg ? arg : "<NONE>");
1195 if (*log_facility_ptr == -1)
1196 *log_facility_ptr = (SyslogFacility) value;
1200 log_level_ptr = &options->log_level;
1201 arg = strdelim(&cp);
1202 value = log_level_number(arg);
1203 if (value == SYSLOG_LEVEL_NOT_SET)
1204 fatal("%.200s line %d: unsupported log level '%s'",
1205 filename, linenum, arg ? arg : "<NONE>");
1206 if (*log_level_ptr == -1)
1207 *log_level_ptr = (LogLevel) value;
1210 case sAllowTcpForwarding:
1211 intptr = &options->allow_tcp_forwarding;
1214 case sAllowAgentForwarding:
1215 intptr = &options->allow_agent_forwarding;
1218 case sUsePrivilegeSeparation:
1219 intptr = &use_privsep;
1220 multistate_ptr = multistate_privsep;
1221 goto parse_multistate;
1224 while ((arg = strdelim(&cp)) && *arg != '\0') {
1225 if (options->num_allow_users >= MAX_ALLOW_USERS)
1226 fatal("%s line %d: too many allow users.",
1230 options->allow_users[options->num_allow_users++] =
1236 while ((arg = strdelim(&cp)) && *arg != '\0') {
1237 if (options->num_deny_users >= MAX_DENY_USERS)
1238 fatal("%s line %d: too many deny users.",
1242 options->deny_users[options->num_deny_users++] =
1248 while ((arg = strdelim(&cp)) && *arg != '\0') {
1249 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
1250 fatal("%s line %d: too many allow groups.",
1254 options->allow_groups[options->num_allow_groups++] =
1260 while ((arg = strdelim(&cp)) && *arg != '\0') {
1261 if (options->num_deny_groups >= MAX_DENY_GROUPS)
1262 fatal("%s line %d: too many deny groups.",
1266 options->deny_groups[options->num_deny_groups++] =
1272 arg = strdelim(&cp);
1273 if (!arg || *arg == '\0')
1274 fatal("%s line %d: Missing argument.", filename, linenum);
1275 if (!ciphers_valid(arg))
1276 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1277 filename, linenum, arg ? arg : "<NONE>");
1278 if (options->ciphers == NULL)
1279 options->ciphers = xstrdup(arg);
1283 arg = strdelim(&cp);
1284 if (!arg || *arg == '\0')
1285 fatal("%s line %d: Missing argument.", filename, linenum);
1286 if (!mac_valid(arg))
1287 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1288 filename, linenum, arg ? arg : "<NONE>");
1289 if (options->macs == NULL)
1290 options->macs = xstrdup(arg);
1293 case sKexAlgorithms:
1294 arg = strdelim(&cp);
1295 if (!arg || *arg == '\0')
1296 fatal("%s line %d: Missing argument.",
1298 if (!kex_names_valid(arg))
1299 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1300 filename, linenum, arg ? arg : "<NONE>");
1301 if (options->kex_algorithms == NULL)
1302 options->kex_algorithms = xstrdup(arg);
1306 intptr = &options->protocol;
1307 arg = strdelim(&cp);
1308 if (!arg || *arg == '\0')
1309 fatal("%s line %d: Missing argument.", filename, linenum);
1310 value = proto_spec(arg);
1311 if (value == SSH_PROTO_UNKNOWN)
1312 fatal("%s line %d: Bad protocol spec '%s'.",
1313 filename, linenum, arg ? arg : "<NONE>");
1314 if (*intptr == SSH_PROTO_UNKNOWN)
1319 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1320 fatal("%s line %d: too many subsystems defined.",
1323 arg = strdelim(&cp);
1324 if (!arg || *arg == '\0')
1325 fatal("%s line %d: Missing subsystem name.",
1328 arg = strdelim(&cp);
1331 for (i = 0; i < options->num_subsystems; i++)
1332 if (strcmp(arg, options->subsystem_name[i]) == 0)
1333 fatal("%s line %d: Subsystem '%s' already defined.",
1334 filename, linenum, arg);
1335 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1336 arg = strdelim(&cp);
1337 if (!arg || *arg == '\0')
1338 fatal("%s line %d: Missing subsystem command.",
1340 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1342 /* Collect arguments (separate to executable) */
1344 len = strlen(p) + 1;
1345 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1346 len += 1 + strlen(arg);
1347 p = xrealloc(p, 1, len);
1348 strlcat(p, " ", len);
1349 strlcat(p, arg, len);
1351 options->subsystem_args[options->num_subsystems] = p;
1352 options->num_subsystems++;
1356 arg = strdelim(&cp);
1357 if (!arg || *arg == '\0')
1358 fatal("%s line %d: Missing MaxStartups spec.",
1360 if ((n = sscanf(arg, "%d:%d:%d",
1361 &options->max_startups_begin,
1362 &options->max_startups_rate,
1363 &options->max_startups)) == 3) {
1364 if (options->max_startups_begin >
1365 options->max_startups ||
1366 options->max_startups_rate > 100 ||
1367 options->max_startups_rate < 1)
1368 fatal("%s line %d: Illegal MaxStartups spec.",
1371 fatal("%s line %d: Illegal MaxStartups spec.",
1374 options->max_startups = options->max_startups_begin;
1378 intptr = &options->max_authtries;
1382 intptr = &options->max_sessions;
1386 charptr = &options->banner;
1387 goto parse_filename;
1390 * These options can contain %X options expanded at
1391 * connect time, so that you can specify paths like:
1393 * AuthorizedKeysFile /etc/ssh_keys/%u
1395 case sAuthorizedKeysFile:
1396 if (*activep && options->num_authkeys_files == 0) {
1397 while ((arg = strdelim(&cp)) && *arg != '\0') {
1398 if (options->num_authkeys_files >=
1400 fatal("%s line %d: "
1401 "too many authorized keys files.",
1403 options->authorized_keys_files[
1404 options->num_authkeys_files++] =
1405 tilde_expand_filename(arg, getuid());
1410 case sAuthorizedPrincipalsFile:
1411 charptr = &options->authorized_principals_file;
1412 arg = strdelim(&cp);
1413 if (!arg || *arg == '\0')
1414 fatal("%s line %d: missing file name.",
1416 if (*activep && *charptr == NULL) {
1417 *charptr = tilde_expand_filename(arg, getuid());
1418 /* increase optional counter */
1420 *intptr = *intptr + 1;
1424 case sClientAliveInterval:
1425 intptr = &options->client_alive_interval;
1428 case sClientAliveCountMax:
1429 intptr = &options->client_alive_count_max;
1433 while ((arg = strdelim(&cp)) && *arg != '\0') {
1434 if (strchr(arg, '=') != NULL)
1435 fatal("%s line %d: Invalid environment name.",
1437 if (options->num_accept_env >= MAX_ACCEPT_ENV)
1438 fatal("%s line %d: too many allow env.",
1442 options->accept_env[options->num_accept_env++] =
1448 intptr = &options->permit_tun;
1449 arg = strdelim(&cp);
1450 if (!arg || *arg == '\0')
1451 fatal("%s line %d: Missing yes/point-to-point/"
1452 "ethernet/no argument.", filename, linenum);
1454 for (i = 0; tunmode_desc[i].val != -1; i++)
1455 if (strcmp(tunmode_desc[i].text, arg) == 0) {
1456 value = tunmode_desc[i].val;
1460 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
1461 "no argument: %s", filename, linenum, arg);
1468 fatal("Match directive not supported as a command-line "
1470 value = match_cfg_line(&cp, linenum, connectinfo);
1472 fatal("%s line %d: Bad Match condition", filename,
1478 arg = strdelim(&cp);
1479 if (!arg || *arg == '\0')
1480 fatal("%s line %d: missing PermitOpen specification",
1482 n = options->num_permitted_opens; /* modified later */
1483 if (strcmp(arg, "any") == 0) {
1484 if (*activep && n == -1) {
1485 channel_clear_adm_permitted_opens();
1486 options->num_permitted_opens = 0;
1490 if (strcmp(arg, "none") == 0) {
1491 if (*activep && n == -1) {
1492 channel_clear_adm_permitted_opens();
1493 options->num_permitted_opens = 1;
1494 channel_disable_adm_local_opens();
1498 if (*activep && n == -1)
1499 channel_clear_adm_permitted_opens();
1500 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
1503 fatal("%s line %d: missing host in PermitOpen",
1505 p = cleanhostname(p);
1506 if (arg == NULL || ((port = permitopen_port(arg)) < 0))
1507 fatal("%s line %d: bad port number in "
1508 "PermitOpen", filename, linenum);
1509 if (*activep && n == -1)
1510 options->num_permitted_opens =
1511 channel_add_adm_permitted_opens(p, port);
1517 fatal("%.200s line %d: Missing argument.", filename,
1519 len = strspn(cp, WHITESPACE);
1520 if (*activep && options->adm_forced_command == NULL)
1521 options->adm_forced_command = xstrdup(cp + len);
1524 case sChrootDirectory:
1525 charptr = &options->chroot_directory;
1527 arg = strdelim(&cp);
1528 if (!arg || *arg == '\0')
1529 fatal("%s line %d: missing file name.",
1531 if (*activep && *charptr == NULL)
1532 *charptr = xstrdup(arg);
1535 case sTrustedUserCAKeys:
1536 charptr = &options->trusted_user_ca_keys;
1537 goto parse_filename;
1540 charptr = &options->revoked_keys_file;
1541 goto parse_filename;
1544 arg = strdelim(&cp);
1545 if ((value = parse_ipqos(arg)) == -1)
1546 fatal("%s line %d: Bad IPQoS value: %s",
1547 filename, linenum, arg);
1548 arg = strdelim(&cp);
1551 else if ((value2 = parse_ipqos(arg)) == -1)
1552 fatal("%s line %d: Bad IPQoS value: %s",
1553 filename, linenum, arg);
1555 options->ip_qos_interactive = value;
1556 options->ip_qos_bulk = value2;
1560 case sVersionAddendum:
1562 fatal("%.200s line %d: Missing argument.", filename,
1564 len = strspn(cp, WHITESPACE);
1565 if (*activep && options->version_addendum == NULL) {
1566 if (strcasecmp(cp + len, "none") == 0)
1567 options->version_addendum = xstrdup("");
1568 else if (strchr(cp + len, '\r') != NULL)
1569 fatal("%.200s line %d: Invalid argument",
1572 options->version_addendum = xstrdup(cp + len);
1577 logit("%s line %d: Deprecated option %s",
1578 filename, linenum, arg);
1580 arg = strdelim(&cp);
1584 logit("%s line %d: Unsupported option %s",
1585 filename, linenum, arg);
1587 arg = strdelim(&cp);
1591 fatal("%s line %d: Missing handler for opcode %s (%d)",
1592 filename, linenum, arg, opcode);
1594 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1595 fatal("%s line %d: garbage at end of line; \"%.200s\".",
1596 filename, linenum, arg);
1600 /* Reads the server configuration file. */
1603 load_server_config(const char *filename, Buffer *conf)
1605 char line[4096], *cp;
1609 debug2("%s: filename %s", __func__, filename);
1610 if ((f = fopen(filename, "r")) == NULL) {
1615 while (fgets(line, sizeof(line), f)) {
1617 if (strlen(line) == sizeof(line) - 1)
1618 fatal("%s line %d too long", filename, lineno);
1620 * Trim out comments and strip whitespace
1621 * NB - preserve newlines, they are needed to reproduce
1622 * line numbers later for error messages
1624 if ((cp = strchr(line, '#')) != NULL)
1625 memcpy(cp, "\n", 2);
1626 cp = line + strspn(line, " \t\r");
1628 buffer_append(conf, cp, strlen(cp));
1630 buffer_append(conf, "\0", 1);
1632 debug2("%s: done config len = %d", __func__, buffer_len(conf));
1636 parse_server_match_config(ServerOptions *options,
1637 struct connection_info *connectinfo)
1641 initialize_server_options(&mo);
1642 parse_server_config(&mo, "reprocess config", &cfg, connectinfo);
1643 copy_set_server_options(options, &mo, 0);
1646 int parse_server_match_testspec(struct connection_info *ci, char *spec)
1650 while ((p = strsep(&spec, ",")) && *p != '\0') {
1651 if (strncmp(p, "addr=", 5) == 0) {
1652 ci->address = xstrdup(p + 5);
1653 } else if (strncmp(p, "host=", 5) == 0) {
1654 ci->host = xstrdup(p + 5);
1655 } else if (strncmp(p, "user=", 5) == 0) {
1656 ci->user = xstrdup(p + 5);
1657 } else if (strncmp(p, "laddr=", 6) == 0) {
1658 ci->laddress = xstrdup(p + 6);
1659 } else if (strncmp(p, "lport=", 6) == 0) {
1660 ci->lport = a2port(p + 6);
1661 if (ci->lport == -1) {
1662 fprintf(stderr, "Invalid port '%s' in test mode"
1663 " specification %s\n", p+6, p);
1667 fprintf(stderr, "Invalid test mode specification %s\n",
1676 * returns 1 for a complete spec, 0 for partial spec and -1 for an
1679 int server_match_spec_complete(struct connection_info *ci)
1681 if (ci->user && ci->host && ci->address)
1682 return 1; /* complete */
1683 if (!ci->user && !ci->host && !ci->address)
1684 return -1; /* empty */
1685 return 0; /* partial */
1689 #define M_CP_INTOPT(n) do {\
1693 #define M_CP_STROPT(n) do {\
1694 if (src->n != NULL) { \
1695 if (dst->n != NULL) \
1700 #define M_CP_STRARRAYOPT(n, num_n) do {\
1701 if (src->num_n != 0) { \
1702 for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
1703 dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
1708 * Copy any supported values that are set.
1710 * If the preauth flag is set, we do not bother copying the string or
1711 * array values that are not used pre-authentication, because any that we
1712 * do use must be explictly sent in mm_getpwnamallow().
1715 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1717 M_CP_INTOPT(password_authentication);
1718 M_CP_INTOPT(gss_authentication);
1719 M_CP_INTOPT(rsa_authentication);
1720 M_CP_INTOPT(pubkey_authentication);
1721 M_CP_INTOPT(kerberos_authentication);
1722 M_CP_INTOPT(hostbased_authentication);
1723 M_CP_INTOPT(hostbased_uses_name_from_packet_only);
1724 M_CP_INTOPT(kbd_interactive_authentication);
1725 M_CP_INTOPT(zero_knowledge_password_authentication);
1726 M_CP_INTOPT(permit_root_login);
1727 M_CP_INTOPT(permit_empty_passwd);
1729 M_CP_INTOPT(allow_tcp_forwarding);
1730 M_CP_INTOPT(allow_agent_forwarding);
1731 M_CP_INTOPT(permit_tun);
1732 M_CP_INTOPT(gateway_ports);
1733 M_CP_INTOPT(x11_display_offset);
1734 M_CP_INTOPT(x11_forwarding);
1735 M_CP_INTOPT(x11_use_localhost);
1736 M_CP_INTOPT(max_sessions);
1737 M_CP_INTOPT(max_authtries);
1738 M_CP_INTOPT(ip_qos_interactive);
1739 M_CP_INTOPT(ip_qos_bulk);
1741 /* See comment in servconf.h */
1742 COPY_MATCH_STRING_OPTS();
1745 * The only things that should be below this point are string options
1746 * which are only used after authentication.
1751 M_CP_STROPT(adm_forced_command);
1752 M_CP_STROPT(chroot_directory);
1757 #undef M_CP_STRARRAYOPT
1760 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
1761 struct connection_info *connectinfo)
1763 int active, linenum, bad_options = 0;
1764 char *cp, *obuf, *cbuf;
1766 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf));
1768 obuf = cbuf = xstrdup(buffer_ptr(conf));
1769 active = connectinfo ? 0 : 1;
1771 while ((cp = strsep(&cbuf, "\n")) != NULL) {
1772 if (process_server_config_line(options, cp, filename,
1773 linenum++, &active, connectinfo) != 0)
1777 if (bad_options > 0)
1778 fatal("%s: terminating, %d bad configuration options",
1779 filename, bad_options);
1783 fmt_multistate_int(int val, const struct multistate *m)
1787 for (i = 0; m[i].key != NULL; i++) {
1788 if (m[i].value == val)
1795 fmt_intarg(ServerOpCodes code, int val)
1800 case sAddressFamily:
1801 return fmt_multistate_int(val, multistate_addressfamily);
1802 case sPermitRootLogin:
1803 return fmt_multistate_int(val, multistate_permitrootlogin);
1805 return fmt_multistate_int(val, multistate_gatewayports);
1807 return fmt_multistate_int(val, multistate_compression);
1808 case sUsePrivilegeSeparation:
1809 return fmt_multistate_int(val, multistate_privsep);
1816 case (SSH_PROTO_1|SSH_PROTO_2):
1834 lookup_opcode_name(ServerOpCodes code)
1838 for (i = 0; keywords[i].name != NULL; i++)
1839 if (keywords[i].opcode == code)
1840 return(keywords[i].name);
1845 dump_cfg_int(ServerOpCodes code, int val)
1847 printf("%s %d\n", lookup_opcode_name(code), val);
1851 dump_cfg_fmtint(ServerOpCodes code, int val)
1853 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
1857 dump_cfg_string(ServerOpCodes code, const char *val)
1861 printf("%s %s\n", lookup_opcode_name(code), val);
1865 dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
1869 for (i = 0; i < count; i++)
1870 printf("%s %s\n", lookup_opcode_name(code), vals[i]);
1874 dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
1878 printf("%s", lookup_opcode_name(code));
1879 for (i = 0; i < count; i++)
1880 printf(" %s", vals[i]);
1885 dump_config(ServerOptions *o)
1889 struct addrinfo *ai;
1890 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL;
1892 /* these are usually at the top of the config */
1893 for (i = 0; i < o->num_ports; i++)
1894 printf("port %d\n", o->ports[i]);
1895 dump_cfg_fmtint(sProtocol, o->protocol);
1896 dump_cfg_fmtint(sAddressFamily, o->address_family);
1898 /* ListenAddress must be after Port */
1899 for (ai = o->listen_addrs; ai; ai = ai->ai_next) {
1900 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
1901 sizeof(addr), port, sizeof(port),
1902 NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
1903 error("getnameinfo failed: %.100s",
1904 (ret != EAI_SYSTEM) ? gai_strerror(ret) :
1907 if (ai->ai_family == AF_INET6)
1908 printf("listenaddress [%s]:%s\n", addr, port);
1910 printf("listenaddress %s:%s\n", addr, port);
1914 /* integer arguments */
1916 dump_cfg_int(sUsePAM, o->use_pam);
1918 dump_cfg_int(sServerKeyBits, o->server_key_bits);
1919 dump_cfg_int(sLoginGraceTime, o->login_grace_time);
1920 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
1921 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
1922 dump_cfg_int(sMaxAuthTries, o->max_authtries);
1923 dump_cfg_int(sMaxSessions, o->max_sessions);
1924 dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
1925 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
1927 /* formatted integer arguments */
1928 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
1929 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
1930 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
1931 dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication);
1932 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
1933 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
1934 o->hostbased_uses_name_from_packet_only);
1935 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication);
1936 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
1938 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
1939 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
1940 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
1942 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
1946 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
1947 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
1950 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
1951 o->zero_knowledge_password_authentication);
1953 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
1954 dump_cfg_fmtint(sKbdInteractiveAuthentication,
1955 o->kbd_interactive_authentication);
1956 dump_cfg_fmtint(sChallengeResponseAuthentication,
1957 o->challenge_response_authentication);
1958 dump_cfg_fmtint(sPrintMotd, o->print_motd);
1959 dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
1960 dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
1961 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
1962 dump_cfg_fmtint(sStrictModes, o->strict_modes);
1963 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
1964 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
1965 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
1966 dump_cfg_fmtint(sUseLogin, o->use_login);
1967 dump_cfg_fmtint(sCompression, o->compression);
1968 dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
1969 dump_cfg_fmtint(sUseDNS, o->use_dns);
1970 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
1971 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
1973 /* string arguments */
1974 dump_cfg_string(sPidFile, o->pid_file);
1975 dump_cfg_string(sXAuthLocation, o->xauth_location);
1976 dump_cfg_string(sCiphers, o->ciphers);
1977 dump_cfg_string(sMacs, o->macs);
1978 dump_cfg_string(sBanner, o->banner);
1979 dump_cfg_string(sForceCommand, o->adm_forced_command);
1980 dump_cfg_string(sChrootDirectory, o->chroot_directory);
1981 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
1982 dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
1983 dump_cfg_string(sAuthorizedPrincipalsFile,
1984 o->authorized_principals_file);
1985 dump_cfg_string(sVersionAddendum, o->version_addendum);
1987 /* string arguments requiring a lookup */
1988 dump_cfg_string(sLogLevel, log_level_name(o->log_level));
1989 dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
1991 /* string array arguments */
1992 dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
1993 o->authorized_keys_files);
1994 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
1996 dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
1997 o->host_cert_files);
1998 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
1999 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
2000 dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
2001 dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
2002 dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
2004 /* other arguments */
2005 for (i = 0; i < o->num_subsystems; i++)
2006 printf("subsystem %s %s\n", o->subsystem_name[i],
2007 o->subsystem_args[i]);
2009 printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
2010 o->max_startups_rate, o->max_startups);
2012 for (i = 0; tunmode_desc[i].val != -1; i++)
2013 if (tunmode_desc[i].val == o->permit_tun) {
2014 s = tunmode_desc[i].text;
2017 dump_cfg_string(sPermitTunnel, s);
2019 printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
2020 printf("%s\n", iptos2str(o->ip_qos_bulk));
2022 channel_print_adm_permitted_opens();