1 /*
   2  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
   3  *                    All rights reserved
   4  *
   5  * As far as I am concerned, the code I have written for this software
   6  * can be used freely for any purpose.  Any derived versions of this
   7  * software must be clearly marked as such, and if the derived work is
   8  * incompatible with the protocol description in the RFC file, it must be
   9  * called by a name other than "ssh" or "Secure Shell".
  10  */
  11 /*
  12  * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
  13  */
  14 
  15 #include "includes.h"
  16 RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
  17 
  18 #ifdef HAVE_DEFOPEN
  19 #include <deflt.h>
  20 #endif /* HAVE_DEFOPEN */
  21 
  22 #if defined(KRB4)
  23 #include <krb.h>
  24 #endif
  25 #if defined(KRB5)
  26 #ifdef HEIMDAL
  27 #include <krb.h>
  28 #else
  29 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
  30  * keytab */
  31 #define KEYFILE "/etc/krb5.keytab"
  32 #endif
  33 #endif
  34 #ifdef AFS
  35 #include <kafs.h>
  36 #endif
  37 
  38 #include "ssh.h"
  39 #include "log.h"
  40 #include "buffer.h"
  41 #include "servconf.h"
  42 #include "xmalloc.h"
  43 #include "compat.h"
  44 #include "pathnames.h"
  45 #include "tildexpand.h"
  46 #include "misc.h"
  47 #include "cipher.h"
  48 #include "kex.h"
  49 #include "mac.h"
  50 #include "auth.h"
  51 #include "match.h"
  52 #include "groupaccess.h"
  53 
  54 static void add_listen_addr(ServerOptions *, char *, u_short);
  55 static void add_one_listen_addr(ServerOptions *, char *, u_short);
  56 
  57 extern Buffer cfg;
  58 
  59 /* AF_UNSPEC or AF_INET or AF_INET6 */
  60 extern int IPv4or6;
  61 
  62 /*
  63  * Initializes the server options to their initial (unset) values. Some of those
  64  * that stay unset after the command line options and configuration files are
  65  * read are set to their default values in fill_default_server_options().
  66  */
  67 void
  68 initialize_server_options(ServerOptions *options)
  69 {
  70         (void) memset(options, 0, sizeof(*options));
  71 
  72         /* Standard Options */
  73         options->num_ports = 0;
  74         options->ports_from_cmdline = 0;
  75         options->listen_addrs = NULL;
  76         options->num_host_key_files = 0;
  77         options->pid_file = NULL;
  78         options->server_key_bits = -1;
  79         options->login_grace_time = -1;
  80         options->key_regeneration_time = -1;
  81         options->permit_root_login = PERMIT_NOT_SET;
  82         options->ignore_rhosts = -1;
  83         options->ignore_user_known_hosts = -1;
  84         options->print_motd = -1;
  85         options->print_lastlog = -1;
  86         options->x11_forwarding = -1;
  87         options->x11_display_offset = -1;
  88         options->x11_use_localhost = -1;
  89         options->xauth_location = NULL;
  90         options->strict_modes = -1;
  91         options->keepalives = -1;
  92         options->log_facility = SYSLOG_FACILITY_NOT_SET;
  93         options->log_level = SYSLOG_LEVEL_NOT_SET;
  94         options->rhosts_authentication = -1;
  95         options->rhosts_rsa_authentication = -1;
  96         options->hostbased_authentication = -1;
  97         options->hostbased_uses_name_from_packet_only = -1;
  98         options->rsa_authentication = -1;
  99         options->pubkey_authentication = -1;
 100 #ifdef GSSAPI
 101         options->gss_authentication = -1;
 102         options->gss_keyex = -1;
 103         options->gss_store_creds = -1;
 104         options->gss_use_session_ccache = -1;
 105         options->gss_cleanup_creds = -1;
 106 #endif
 107 #if defined(KRB4) || defined(KRB5)
 108         options->kerberos_authentication = -1;
 109         options->kerberos_or_local_passwd = -1;
 110         options->kerberos_ticket_cleanup = -1;
 111 #endif
 112 #if defined(AFS) || defined(KRB5)
 113         options->kerberos_tgt_passing = -1;
 114 #endif
 115 #ifdef AFS
 116         options->afs_token_passing = -1;
 117 #endif
 118         options->password_authentication = -1;
 119         options->kbd_interactive_authentication = -1;
 120         options->challenge_response_authentication = -1;
 121         options->pam_authentication_via_kbd_int = -1;
 122         options->permit_empty_passwd = -1;
 123         options->permit_user_env = -1;
 124         options->compression = -1;
 125         options->allow_tcp_forwarding = -1;
 126         options->num_allow_users = 0;
 127         options->num_deny_users = 0;
 128         options->num_allow_groups = 0;
 129         options->num_deny_groups = 0;
 130         options->ciphers = NULL;
 131         options->macs = NULL;
 132         options->protocol = SSH_PROTO_UNKNOWN;
 133         options->gateway_ports = -1;
 134         options->num_subsystems = 0;
 135         options->max_startups_begin = -1;
 136         options->max_startups_rate = -1;
 137         options->max_startups = -1;
 138         options->banner = NULL;
 139         options->verify_reverse_mapping = -1;
 140         options->client_alive_interval = -1;
 141         options->client_alive_count_max = -1;
 142         options->authorized_keys_file = NULL;
 143         options->authorized_keys_file2 = NULL;
 144 
 145         options->max_auth_tries = -1;
 146         options->max_auth_tries_log = -1;
 147 
 148         options->max_init_auth_tries = -1;
 149         options->max_init_auth_tries_log = -1;
 150 
 151         options->lookup_client_hostnames = -1;
 152         options->use_openssl_engine = -1;
 153         options->chroot_directory = NULL;
 154         options->pre_userauth_hook = NULL;
 155         options->pam_service_name = NULL;
 156         options->pam_service_prefix = NULL;
 157 }
 158 
 159 #ifdef HAVE_DEFOPEN
 160 /*
 161  * Reads /etc/default/login and defaults several ServerOptions:
 162  *
 163  * PermitRootLogin
 164  * PermitEmptyPasswords
 165  * LoginGraceTime
 166  *
 167  * CONSOLE=*      -> PermitRootLogin=without-password
 168  * #CONSOLE=*     -> PermitRootLogin=yes
 169  *
 170  * PASSREQ=YES    -> PermitEmptyPasswords=no
 171  * PASSREQ=NO     -> PermitEmptyPasswords=yes
 172  * #PASSREQ=*     -> PermitEmptyPasswords=no
 173  *
 174  * TIMEOUT=<secs> -> LoginGraceTime=<secs>
 175  * #TIMEOUT=<secs> -> LoginGraceTime=300
 176  */
 177 static
 178 void
 179 deflt_fill_default_server_options(ServerOptions *options)
 180 {
 181         int     flags;
 182         char    *ptr;
 183 
 184         if (defopen(_PATH_DEFAULT_LOGIN))
 185                 return;
 186 
 187         /* Ignore case */
 188         flags = defcntl(DC_GETFLAGS, 0);
 189         TURNOFF(flags, DC_CASE);
 190         (void) defcntl(DC_SETFLAGS, flags);
 191 
 192         if (options->permit_root_login == PERMIT_NOT_SET &&
 193             (ptr = defread("CONSOLE=")) != NULL)
 194                 options->permit_root_login = PERMIT_NO_PASSWD;
 195 
 196         if (options->permit_empty_passwd == -1 &&
 197             (ptr = defread("PASSREQ=")) != NULL) {
 198                 if (strcasecmp("YES", ptr) == 0)
 199                         options->permit_empty_passwd = 0;
 200                 else if (strcasecmp("NO", ptr) == 0)
 201                         options->permit_empty_passwd = 1;
 202         }
 203 
 204         if (options->max_init_auth_tries == -1 &&
 205             (ptr = defread("RETRIES=")) != NULL) {
 206                 options->max_init_auth_tries = atoi(ptr);
 207         }
 208 
 209         if (options->max_init_auth_tries_log == -1 &&
 210             (ptr = defread("SYSLOG_FAILED_LOGINS=")) != NULL) {
 211                 options->max_init_auth_tries_log = atoi(ptr);
 212         }
 213 
 214         if (options->login_grace_time == -1) {
 215                 if ((ptr = defread("TIMEOUT=")) != NULL)
 216                         options->login_grace_time = (unsigned)atoi(ptr);
 217                 else
 218                         options->login_grace_time = 300;
 219         }
 220 
 221         (void) defopen((char *)NULL);
 222 }
 223 #endif /* HAVE_DEFOPEN */
 224 
 225 void
 226 fill_default_server_options(ServerOptions *options)
 227 {
 228 
 229 #ifdef HAVE_DEFOPEN
 230         deflt_fill_default_server_options(options);
 231 #endif /* HAVE_DEFOPEN */
 232 
 233         /* Standard Options */
 234         if (options->protocol == SSH_PROTO_UNKNOWN)
 235                 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
 236         if (options->num_host_key_files == 0) {
 237                 /* fill default hostkeys for protocols */
 238                 if (options->protocol & SSH_PROTO_1)
 239                         options->host_key_files[options->num_host_key_files++] =
 240                             _PATH_HOST_KEY_FILE;
 241 #ifndef GSSAPI
 242                 /* With GSS keyex we can run v2 w/ no host keys */
 243                 if (options->protocol & SSH_PROTO_2) {
 244                         options->host_key_files[options->num_host_key_files++] =
 245                             _PATH_HOST_RSA_KEY_FILE;
 246                         options->host_key_files[options->num_host_key_files++] =
 247                             _PATH_HOST_DSA_KEY_FILE;
 248                 }
 249 #endif /* GSSAPI */
 250         }
 251         if (options->num_ports == 0)
 252                 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
 253         if (options->listen_addrs == NULL)
 254                 add_listen_addr(options, NULL, 0);
 255         if (options->pid_file == NULL)
 256                 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
 257         if (options->server_key_bits == -1)
 258                 options->server_key_bits = 768;
 259         if (options->login_grace_time == -1)
 260                 options->login_grace_time = 120;
 261         if (options->key_regeneration_time == -1)
 262                 options->key_regeneration_time = 3600;
 263         if (options->permit_root_login == PERMIT_NOT_SET)
 264                 options->permit_root_login = PERMIT_YES;
 265         if (options->ignore_rhosts == -1)
 266                 options->ignore_rhosts = 1;
 267         if (options->ignore_user_known_hosts == -1)
 268                 options->ignore_user_known_hosts = 0;
 269         if (options->print_motd == -1)
 270                 options->print_motd = 1;
 271         if (options->print_lastlog == -1)
 272                 options->print_lastlog = 1;
 273         if (options->x11_forwarding == -1)
 274                 options->x11_forwarding = 1;
 275         if (options->x11_display_offset == -1)
 276                 options->x11_display_offset = 10;
 277         if (options->x11_use_localhost == -1)
 278                 options->x11_use_localhost = 1;
 279         if (options->xauth_location == NULL)
 280                 options->xauth_location = _PATH_XAUTH;
 281         if (options->strict_modes == -1)
 282                 options->strict_modes = 1;
 283         if (options->keepalives == -1)
 284                 options->keepalives = 1;
 285         if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
 286                 options->log_facility = SYSLOG_FACILITY_AUTH;
 287         if (options->log_level == SYSLOG_LEVEL_NOT_SET)
 288                 options->log_level = SYSLOG_LEVEL_INFO;
 289         if (options->rhosts_authentication == -1)
 290                 options->rhosts_authentication = 0;
 291         if (options->rhosts_rsa_authentication == -1)
 292                 options->rhosts_rsa_authentication = 0;
 293         if (options->hostbased_authentication == -1)
 294                 options->hostbased_authentication = 0;
 295         if (options->hostbased_uses_name_from_packet_only == -1)
 296                 options->hostbased_uses_name_from_packet_only = 0;
 297         if (options->rsa_authentication == -1)
 298                 options->rsa_authentication = 1;
 299         if (options->pubkey_authentication == -1)
 300                 options->pubkey_authentication = 1;
 301 #ifdef GSSAPI
 302         if (options->gss_authentication == -1)
 303                 options->gss_authentication = 1;
 304         if (options->gss_keyex == -1)
 305                 options->gss_keyex = 1;
 306         if (options->gss_store_creds == -1)
 307                 options->gss_store_creds = 1;
 308         if (options->gss_use_session_ccache == -1)
 309                 options->gss_use_session_ccache = 1;
 310         if (options->gss_cleanup_creds == -1)
 311                 options->gss_cleanup_creds = 1;
 312 #endif
 313 #if defined(KRB4) || defined(KRB5)
 314         if (options->kerberos_authentication == -1)
 315                 options->kerberos_authentication = 0;
 316         if (options->kerberos_or_local_passwd == -1)
 317                 options->kerberos_or_local_passwd = 1;
 318         if (options->kerberos_ticket_cleanup == -1)
 319                 options->kerberos_ticket_cleanup = 1;
 320 #endif
 321 #if defined(AFS) || defined(KRB5)
 322         if (options->kerberos_tgt_passing == -1)
 323                 options->kerberos_tgt_passing = 0;
 324 #endif
 325 #ifdef AFS
 326         if (options->afs_token_passing == -1)
 327                 options->afs_token_passing = 0;
 328 #endif
 329         if (options->password_authentication == -1)
 330                 options->password_authentication = 1;
 331         /*
 332          * options->pam_authentication_via_kbd_int has intentionally no default
 333          * value since we do not need it.
 334          */
 335         if (options->kbd_interactive_authentication == -1)
 336                 options->kbd_interactive_authentication = 1;
 337         if (options->challenge_response_authentication == -1)
 338                 options->challenge_response_authentication = 1;
 339         if (options->permit_empty_passwd == -1)
 340                 options->permit_empty_passwd = 0;
 341         if (options->permit_user_env == -1)
 342                 options->permit_user_env = 0;
 343         if (options->compression == -1)
 344                 options->compression = 1;
 345         if (options->allow_tcp_forwarding == -1)
 346                 options->allow_tcp_forwarding = 1;
 347         if (options->gateway_ports == -1)
 348                 options->gateway_ports = 0;
 349         if (options->max_startups == -1)
 350                 options->max_startups = 10;
 351         if (options->max_startups_rate == -1)
 352                 options->max_startups_rate = 100;            /* 100% */
 353         if (options->max_startups_begin == -1)
 354                 options->max_startups_begin = options->max_startups;
 355         if (options->verify_reverse_mapping == -1)
 356                 options->verify_reverse_mapping = 0;
 357         if (options->client_alive_interval == -1)
 358                 options->client_alive_interval = 0;
 359         if (options->client_alive_count_max == -1)
 360                 options->client_alive_count_max = 3;
 361         if (options->authorized_keys_file2 == NULL) {
 362                 /* authorized_keys_file2 falls back to authorized_keys_file */
 363                 if (options->authorized_keys_file != NULL)
 364                         options->authorized_keys_file2 = options->authorized_keys_file;
 365                 else
 366                         options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
 367         }
 368         if (options->authorized_keys_file == NULL)
 369                 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
 370 
 371         if (options->max_auth_tries == -1)
 372                 options->max_auth_tries = AUTH_FAIL_MAX;
 373         if (options->max_auth_tries_log == -1)
 374                 options->max_auth_tries_log = options->max_auth_tries / 2;
 375 
 376         if (options->max_init_auth_tries == -1)
 377                 options->max_init_auth_tries = AUTH_FAIL_MAX;
 378         if (options->max_init_auth_tries_log == -1)
 379                 options->max_init_auth_tries_log = options->max_init_auth_tries / 2;
 380 
 381         if (options->lookup_client_hostnames == -1)
 382                 options->lookup_client_hostnames = 1;
 383         if (options->use_openssl_engine == -1)
 384                 options->use_openssl_engine = 1;
 385         if (options->pam_service_prefix == NULL)
 386                 options->pam_service_prefix = _SSH_PAM_SERVICE_PREFIX;
 387         if (options->pam_service_name == NULL)
 388                 options->pam_service_name = NULL;
 389 }
 390 
 391 /* Keyword tokens. */
 392 typedef enum {
 393         sBadOption,             /* == unknown option */
 394         /* Portable-specific options */
 395         sPAMAuthenticationViaKbdInt,
 396         /* Standard Options */
 397         sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
 398         sPermitRootLogin, sLogFacility, sLogLevel,
 399         sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
 400 #ifdef GSSAPI
 401         sGssAuthentication, sGssKeyEx, sGssStoreDelegCreds,
 402         sGssUseSessionCredCache, sGssCleanupCreds,
 403 #endif /* GSSAPI */
 404 #if defined(KRB4) || defined(KRB5)
 405         sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
 406 #endif
 407 #if defined(AFS) || defined(KRB5)
 408         sKerberosTgtPassing,
 409 #endif
 410 #ifdef AFS
 411         sAFSTokenPassing,
 412 #endif
 413         sChallengeResponseAuthentication,
 414         sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
 415         sPrintMotd, sPrintLastLog, sIgnoreRhosts,
 416         sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
 417         sStrictModes, sEmptyPasswd, sKeepAlives,
 418         sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
 419         sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
 420         sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
 421         sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
 422         sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
 423         sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 424         sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 425         sMaxAuthTries, sMaxAuthTriesLog, sUsePrivilegeSeparation,
 426         sLookupClientHostnames, sUseOpenSSLEngine, sChrootDirectory,
 427         sPreUserauthHook, sMatch, sPAMServicePrefix, sPAMServiceName,
 428         sDeprecated
 429 } ServerOpCodes;
 430 
 431 #define SSHCFG_GLOBAL   0x01    /* allowed in main section of sshd_config */
 432 #define SSHCFG_MATCH    0x02    /* allowed inside a Match section */
 433 #define SSHCFG_ALL      (SSHCFG_GLOBAL|SSHCFG_MATCH)
 434 
 435 /* Textual representation of the tokens. */
 436 static struct {
 437         const char *name;
 438         ServerOpCodes opcode;
 439         u_int flags;
 440 } keywords[] = {
 441         /* Portable-specific options */
 442         { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt, SSHCFG_GLOBAL },
 443         /* Standard Options */
 444         { "port", sPort, SSHCFG_GLOBAL },
 445         { "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
 446         { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL },                  /* alias */
 447         { "pidfile", sPidFile, SSHCFG_GLOBAL },
 448         { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL },
 449         { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
 450         { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL },
 451         { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
 452         { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
 453         { "loglevel", sLogLevel, SSHCFG_GLOBAL },
 454         { "rhostsauthentication", sRhostsAuthentication, SSHCFG_GLOBAL },
 455         { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
 456         { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
 457         { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
 458         { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
 459         { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
 460         { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL },  /* alias */
 461 #ifdef GSSAPI
 462         { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
 463         { "gssapikeyexchange", sGssKeyEx,   SSHCFG_GLOBAL },
 464         { "gssapistoredelegatedcredentials", sGssStoreDelegCreds, SSHCFG_GLOBAL },
 465         { "gssauthentication", sGssAuthentication, SSHCFG_GLOBAL },     /* alias */
 466         { "gsskeyex", sGssKeyEx, SSHCFG_GLOBAL },       /* alias */
 467         { "gssstoredelegcreds", sGssStoreDelegCreds, SSHCFG_GLOBAL },   /* alias */
 468 #ifndef SUNW_GSSAPI
 469         { "gssusesessionccache", sGssUseSessionCredCache, SSHCFG_GLOBAL },
 470         { "gssusesessioncredcache", sGssUseSessionCredCache, SSHCFG_GLOBAL },
 471         { "gsscleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
 472 #endif /* SUNW_GSSAPI */
 473 #endif
 474 #if defined(KRB4) || defined(KRB5)
 475         { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
 476         { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
 477         { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
 478 #endif
 479 #if defined(AFS) || defined(KRB5)
 480         { "kerberostgtpassing", sKerberosTgtPassing, SSHCFG_GLOBAL },
 481 #endif
 482 #ifdef AFS
 483         { "afstokenpassing", sAFSTokenPassing, SSHCFG_GLOBAL },
 484 #endif
 485         { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
 486         { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
 487         { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
 488         { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
 489         { "checkmail", sDeprecated, SSHCFG_GLOBAL },
 490         { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
 491         { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
 492         { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
 493         { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
 494         { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
 495         { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
 496         { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
 497         { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
 498         { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
 499         { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
 500         { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
 501         { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
 502         { "uselogin", sUseLogin, SSHCFG_GLOBAL },
 503         { "compression", sCompression, SSHCFG_GLOBAL },
 504         { "keepalive", sKeepAlives, SSHCFG_GLOBAL },
 505         { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
 506         { "allowusers", sAllowUsers, SSHCFG_GLOBAL },
 507         { "denyusers", sDenyUsers, SSHCFG_GLOBAL },
 508         { "allowgroups", sAllowGroups, SSHCFG_GLOBAL },
 509         { "denygroups", sDenyGroups, SSHCFG_GLOBAL },
 510         { "ciphers", sCiphers, SSHCFG_GLOBAL },
 511         { "macs", sMacs, SSHCFG_GLOBAL},
 512         { "protocol", sProtocol,SSHCFG_GLOBAL },
 513         { "gatewayports", sGatewayPorts, SSHCFG_ALL },
 514         { "subsystem", sSubsystem, SSHCFG_GLOBAL},
 515         { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
 516         { "banner", sBanner, SSHCFG_ALL },
 517         { "verifyreversemapping", sVerifyReverseMapping, SSHCFG_GLOBAL },
 518         { "reversemappingcheck", sVerifyReverseMapping,SSHCFG_GLOBAL },
 519         { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
 520         { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
 521         { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
 522         { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
 523         { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
 524         { "maxauthtrieslog", sMaxAuthTriesLog, SSHCFG_GLOBAL },
 525         { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
 526         { "lookupclienthostnames", sLookupClientHostnames, SSHCFG_GLOBAL },
 527         { "useopensslengine", sUseOpenSSLEngine, SSHCFG_GLOBAL },
 528         { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
 529         { "preuserauthhook", sPreUserauthHook, SSHCFG_ALL},
 530         { "match", sMatch, SSHCFG_ALL },
 531         { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
 532         { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
 533 
 534         { NULL, sBadOption, 0 }
 535 };
 536 
 537 /*
 538  * Returns the number of the token pointed to by cp or sBadOption.
 539  */
 540 
 541 static ServerOpCodes
 542 parse_token(const char *cp, const char *filename,
 543             int linenum, u_int *flags)
 544 {
 545         u_int i;
 546 
 547         for (i = 0; keywords[i].name; i++)
 548                 if (strcasecmp(cp, keywords[i].name) == 0) {
 549                         *flags = keywords[i].flags;
 550                         return keywords[i].opcode;
 551                 }
 552 
 553         error("%s: line %d: Bad configuration option: %s",
 554             filename, linenum, cp);
 555         return sBadOption;
 556 }
 557 
 558 static void
 559 add_listen_addr(ServerOptions *options, char *addr, u_short port)
 560 {
 561         int i;
 562 
 563         if (options->num_ports == 0)
 564                 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
 565         if (port == 0)
 566                 for (i = 0; i < options->num_ports; i++)
 567                         add_one_listen_addr(options, addr, options->ports[i]);
 568         else
 569                 add_one_listen_addr(options, addr, port);
 570 }
 571 
 572 static void
 573 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
 574 {
 575         struct addrinfo hints, *ai, *aitop;
 576         char strport[NI_MAXSERV];
 577         int gaierr;
 578 
 579         (void) memset(&hints, 0, sizeof(hints));
 580         hints.ai_family = IPv4or6;
 581         hints.ai_socktype = SOCK_STREAM;
 582         hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
 583         (void) snprintf(strport, sizeof strport, "%u", port);
 584         if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
 585                 fatal("bad addr or host: %s (%s)",
 586                     addr ? addr : "<NULL>",
 587                     gai_strerror(gaierr));
 588         for (ai = aitop; ai->ai_next; ai = ai->ai_next)
 589                 ;
 590         ai->ai_next = options->listen_addrs;
 591         options->listen_addrs = aitop;
 592 }
 593 
 594 /*
 595  * The strategy for the Match blocks is that the config file is parsed twice.
 596  *
 597  * The first time is at startup.  activep is initialized to 1 and the
 598  * directives in the global context are processed and acted on.  Hitting a
 599  * Match directive unsets activep and the directives inside the block are
 600  * checked for syntax only.
 601  *
 602  * The second time is after a connection has been established but before
 603  * authentication.  activep is initialized to 2 and global config directives
 604  * are ignored since they have already been processed.  If the criteria in a
 605  * Match block is met, activep is set and the subsequent directives
 606  * processed and actioned until EOF or another Match block unsets it.  Any
 607  * options set are copied into the main server config.
 608  *
 609  * Potential additions/improvements:
 610  *  - Add Match support for pre-kex directives, eg Protocol, Ciphers.
 611  *
 612  *  - Add a Tag directive (idea from David Leonard) ala pf, eg:
 613  *      Match Address 192.168.0.*
 614  *              Tag trusted
 615  *      Match Group wheel
 616  *              Tag trusted
 617  *      Match Tag trusted
 618  *              AllowTcpForwarding yes
 619  *              GatewayPorts clientspecified
 620  *              [...]
 621  *
 622  *  - Add a PermittedChannelRequests directive
 623  *      Match Group shell
 624  *              PermittedChannelRequests session,forwarded-tcpip
 625  */
 626 
 627 static int
 628 match_cfg_line_group(const char *grps, int line, const char *user)
 629 {
 630         int result = 0;
 631         struct passwd *pw;
 632 
 633         if (user == NULL)
 634                 goto out;
 635 
 636         if ((pw = getpwnam(user)) == NULL) {
 637                 debug("Can't match group at line %d because user %.100s does "
 638                     "not exist", line, user);
 639         } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
 640                 debug("Can't Match group because user %.100s not in any group "
 641                     "at line %d", user, line);
 642         } else if (ga_match_pattern_list(grps) != 1) {
 643                 debug("user %.100s does not match group list %.100s at line %d",
 644                     user, grps, line);
 645         } else {
 646                 debug("user %.100s matched group list %.100s at line %d", user,
 647                     grps, line);
 648                 result = 1;
 649         }
 650 out:
 651         ga_free();
 652         return result;
 653 }
 654 
 655 static int
 656 match_cfg_line(char **condition, int line, const char *user, const char *host,
 657     const char *address)
 658 {
 659         int result = 1;
 660         char *arg, *attrib, *cp = *condition;
 661         size_t len;
 662 
 663         if (user == NULL)
 664                 debug3("checking syntax for 'Match %s'", cp);
 665         else
 666                 debug3("checking match for '%s' user %s host %s addr %s", cp,
 667                     user ? user : "(null)", host ? host : "(null)",
 668                     address ? address : "(null)");
 669 
 670         while ((attrib = strdelim(&cp)) != NULL && *attrib != '\0') {
 671                 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
 672                         error("Missing Match criteria for %s", attrib);
 673                         return -1;
 674                 }
 675                 len = strlen(arg);
 676                 if (strcasecmp(attrib, "user") == 0) {
 677                         if (!user) {
 678                                 result = 0;
 679                                 continue;
 680                         }
 681                         if (match_pattern_list(user, arg, len, 0) != 1)
 682                                 result = 0;
 683                         else
 684                                 debug("user %.100s matched 'User %.100s' at "
 685                                     "line %d", user, arg, line);
 686                 } else if (strcasecmp(attrib, "group") == 0) {
 687                         switch (match_cfg_line_group(arg, line, user)) {
 688                         case -1:
 689                                 return -1;
 690                         case 0:
 691                                 result = 0;
 692                         }
 693                 } else if (strcasecmp(attrib, "host") == 0) {
 694                         if (!host) {
 695                                 result = 0;
 696                                 continue;
 697                         }
 698                         if (match_hostname(host, arg, len) != 1)
 699                                 result = 0;
 700                         else
 701                                 debug("connection from %.100s matched 'Host "
 702                                     "%.100s' at line %d", host, arg, line);
 703                 } else if (strcasecmp(attrib, "address") == 0) {
 704                         switch (addr_match_list(address, arg)) {
 705                         case 1:
 706                                 debug("connection from %.100s matched 'Address "
 707                                     "%.100s' at line %d", address, arg, line);
 708                                 break;
 709                         case 0:
 710                         case -1:
 711                                 result = 0;
 712                                 break;
 713                         case -2:
 714                                 return -1;
 715                         }
 716                 } else {
 717                         error("Unsupported Match attribute %s", attrib);
 718                         return -1;
 719                 }
 720         }
 721         if (user != NULL)
 722                 debug3("match %sfound", result ? "" : "not ");
 723         *condition = cp;
 724         return result;
 725 }
 726 
 727 #define WHITESPACE " \t\r\n"
 728 
 729 int
 730 process_server_config_line(ServerOptions *options, char *line,
 731     const char *filename, int linenum, int *activep, const char *user,
 732     const char *host, const char *address)
 733 {
 734         char *cp, **charptr, *arg, *p;
 735         int cmdline = 0, *intptr, value, n;
 736         ServerOpCodes opcode;
 737         u_int i, flags = 0;
 738         size_t len;
 739 
 740         cp = line;
 741         arg = strdelim(&cp);
 742         /* Ignore leading whitespace */
 743         if (*arg == '\0')
 744                 arg = strdelim(&cp);
 745         if (!arg || !*arg || *arg == '#')
 746                 return 0;
 747         intptr = NULL;
 748         charptr = NULL;
 749         opcode = parse_token(arg, filename, linenum, &flags);
 750 
 751         if (activep == NULL) { /* We are processing a command line directive */
 752                 cmdline = 1;
 753                 activep = &cmdline;
 754         }
 755         if (*activep && opcode != sMatch)
 756                 debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
 757         if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
 758                 if (user == NULL) {
 759                         fatal("%s line %d: Directive '%s' is not allowed "
 760                             "within a Match block", filename, linenum, arg);
 761                 } else { /* this is a directive we have already processed */
 762                         while (arg)
 763                                 arg = strdelim(&cp);
 764                         return 0;
 765                 }
 766         }
 767 
 768         switch (opcode) {
 769         /* Portable-specific options */
 770         case sPAMAuthenticationViaKbdInt:
 771                 log("%s line %d: PAMAuthenticationViaKbdInt has been "
 772                     "deprecated. You should use KbdInteractiveAuthentication "
 773                     "instead (which defaults to \"yes\").", filename, linenum);
 774                 intptr = &options->pam_authentication_via_kbd_int;
 775                 goto parse_flag;
 776 
 777         /* Standard Options */
 778         case sBadOption:
 779                 return -1;
 780         case sPort:
 781                 /* ignore ports from configfile if cmdline specifies ports */
 782                 if (options->ports_from_cmdline)
 783                         return 0;
 784                 if (options->listen_addrs != NULL)
 785                         fatal("%s line %d: ports must be specified before "
 786                             "ListenAddress.", filename, linenum);
 787                 if (options->num_ports >= MAX_PORTS)
 788                         fatal("%s line %d: too many ports.",
 789                             filename, linenum);
 790                 arg = strdelim(&cp);
 791                 if (!arg || *arg == '\0')
 792                         fatal("%s line %d: missing port number.",
 793                             filename, linenum);
 794                 options->ports[options->num_ports++] = a2port(arg);
 795                 if (options->ports[options->num_ports-1] == 0)
 796                         fatal("%s line %d: Badly formatted port number.",
 797                             filename, linenum);
 798                 break;
 799 
 800         case sServerKeyBits:
 801                 intptr = &options->server_key_bits;
 802 parse_int:
 803                 arg = strdelim(&cp);
 804                 if (!arg || *arg == '\0')
 805                         fatal("%s line %d: missing integer value.",
 806                             filename, linenum);
 807                 value = atoi(arg);
 808                 if (*activep && *intptr == -1)
 809                         *intptr = value;
 810                 break;
 811 
 812         case sLoginGraceTime:
 813                 intptr = &options->login_grace_time;
 814 parse_time:
 815                 arg = strdelim(&cp);
 816                 if (!arg || *arg == '\0')
 817                         fatal("%s line %d: missing time value.",
 818                             filename, linenum);
 819                 if ((value = convtime(arg)) == -1)
 820                         fatal("%s line %d: invalid time value.",
 821                             filename, linenum);
 822                 if (*intptr == -1)
 823                         *intptr = value;
 824                 break;
 825 
 826         case sKeyRegenerationTime:
 827                 intptr = &options->key_regeneration_time;
 828                 goto parse_time;
 829 
 830         case sListenAddress:
 831                 arg = strdelim(&cp);
 832                 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
 833                         fatal("%s line %d: missing inet addr.",
 834                             filename, linenum);
 835                 if (*arg == '[') {
 836                         if ((p = strchr(arg, ']')) == NULL)
 837                                 fatal("%s line %d: bad ipv6 inet addr usage.",
 838                                     filename, linenum);
 839                         arg++;
 840                         (void) memmove(p, p+1, strlen(p+1)+1);
 841                 } else if (((p = strchr(arg, ':')) == NULL) ||
 842                             (strchr(p+1, ':') != NULL)) {
 843                         add_listen_addr(options, arg, 0);
 844                         break;
 845                 }
 846                 if (*p == ':') {
 847                         u_short port;
 848 
 849                         p++;
 850                         if (*p == '\0')
 851                                 fatal("%s line %d: bad inet addr:port usage.",
 852                                     filename, linenum);
 853                         else {
 854                                 *(p-1) = '\0';
 855                                 if ((port = a2port(p)) == 0)
 856                                         fatal("%s line %d: bad port number.",
 857                                             filename, linenum);
 858                                 add_listen_addr(options, arg, port);
 859                         }
 860                 } else if (*p == '\0')
 861                         add_listen_addr(options, arg, 0);
 862                 else
 863                         fatal("%s line %d: bad inet addr usage.",
 864                             filename, linenum);
 865                 break;
 866 
 867         case sHostKeyFile:
 868                 intptr = &options->num_host_key_files;
 869                 if (*intptr >= MAX_HOSTKEYS)
 870                         fatal("%s line %d: too many host keys specified (max %d).",
 871                             filename, linenum, MAX_HOSTKEYS);
 872                 charptr = &options->host_key_files[*intptr];
 873 parse_filename:
 874                 arg = strdelim(&cp);
 875                 if (!arg || *arg == '\0')
 876                         fatal("%s line %d: missing file name.",
 877                             filename, linenum);
 878                 if (*activep && *charptr == NULL) {
 879                         *charptr = tilde_expand_filename(arg, getuid());
 880                         /* increase optional counter */
 881                         if (intptr != NULL)
 882                                 *intptr = *intptr + 1;
 883                 }
 884                 break;
 885 
 886         case sPidFile:
 887                 charptr = &options->pid_file;
 888                 goto parse_filename;
 889 
 890         case sPermitRootLogin:
 891                 intptr = &options->permit_root_login;
 892                 arg = strdelim(&cp);
 893                 if (!arg || *arg == '\0')
 894                         fatal("%s line %d: missing yes/"
 895                             "without-password/forced-commands-only/no "
 896                             "argument.", filename, linenum);
 897                 value = 0;      /* silence compiler */
 898                 if (strcmp(arg, "without-password") == 0)
 899                         value = PERMIT_NO_PASSWD;
 900                 else if (strcmp(arg, "forced-commands-only") == 0)
 901                         value = PERMIT_FORCED_ONLY;
 902                 else if (strcmp(arg, "yes") == 0)
 903                         value = PERMIT_YES;
 904                 else if (strcmp(arg, "no") == 0)
 905                         value = PERMIT_NO;
 906                 else
 907                         fatal("%s line %d: Bad yes/"
 908                             "without-password/forced-commands-only/no "
 909                             "argument: %s", filename, linenum, arg);
 910                 if (*activep && *intptr == -1)
 911                         *intptr = value;
 912                 break;
 913 
 914         case sIgnoreRhosts:
 915                 intptr = &options->ignore_rhosts;
 916 parse_flag:
 917                 arg = strdelim(&cp);
 918                 if (!arg || *arg == '\0')
 919                         fatal("%s line %d: missing yes/no argument.",
 920                             filename, linenum);
 921                 value = 0;      /* silence compiler */
 922                 if (strcmp(arg, "yes") == 0)
 923                         value = 1;
 924                 else if (strcmp(arg, "no") == 0)
 925                         value = 0;
 926                 else
 927                         fatal("%s line %d: Bad yes/no argument: %s",
 928                                 filename, linenum, arg);
 929                 if (*activep && *intptr == -1)
 930                         *intptr = value;
 931                 break;
 932 
 933         case sIgnoreUserKnownHosts:
 934                 intptr = &options->ignore_user_known_hosts;
 935                 goto parse_flag;
 936 
 937         case sRhostsAuthentication:
 938                 intptr = &options->rhosts_authentication;
 939                 goto parse_flag;
 940 
 941         case sRhostsRSAAuthentication:
 942                 intptr = &options->rhosts_rsa_authentication;
 943                 goto parse_flag;
 944 
 945         case sHostbasedAuthentication:
 946                 intptr = &options->hostbased_authentication;
 947                 goto parse_flag;
 948 
 949         case sHostbasedUsesNameFromPacketOnly:
 950                 intptr = &options->hostbased_uses_name_from_packet_only;
 951                 goto parse_flag;
 952 
 953         case sRSAAuthentication:
 954                 intptr = &options->rsa_authentication;
 955                 goto parse_flag;
 956 
 957         case sPubkeyAuthentication:
 958                 intptr = &options->pubkey_authentication;
 959                 goto parse_flag;
 960 #ifdef GSSAPI
 961         case sGssAuthentication:
 962                 intptr = &options->gss_authentication;
 963                 goto parse_flag;
 964         case sGssKeyEx:
 965                 intptr = &options->gss_keyex;
 966                 goto parse_flag;
 967         case sGssStoreDelegCreds:
 968                 intptr = &options->gss_keyex;
 969                 goto parse_flag;
 970 #ifndef SUNW_GSSAPI
 971         case sGssUseSessionCredCache:
 972                 intptr = &options->gss_use_session_ccache;
 973                 goto parse_flag;
 974         case sGssCleanupCreds:
 975                 intptr = &options->gss_cleanup_creds;
 976                 goto parse_flag;
 977 #endif /* SUNW_GSSAPI */
 978 #endif /* GSSAPI */
 979 #if defined(KRB4) || defined(KRB5)
 980         case sKerberosAuthentication:
 981                 intptr = &options->kerberos_authentication;
 982                 goto parse_flag;
 983 
 984         case sKerberosOrLocalPasswd:
 985                 intptr = &options->kerberos_or_local_passwd;
 986                 goto parse_flag;
 987 
 988         case sKerberosTicketCleanup:
 989                 intptr = &options->kerberos_ticket_cleanup;
 990                 goto parse_flag;
 991 #endif
 992 #if defined(AFS) || defined(KRB5)
 993         case sKerberosTgtPassing:
 994                 intptr = &options->kerberos_tgt_passing;
 995                 goto parse_flag;
 996 #endif
 997 #ifdef AFS
 998         case sAFSTokenPassing:
 999                 intptr = &options->afs_token_passing;
1000                 goto parse_flag;
1001 #endif
1002 
1003         case sPasswordAuthentication:
1004                 intptr = &options->password_authentication;
1005                 goto parse_flag;
1006 
1007         case sKbdInteractiveAuthentication:
1008                 intptr = &options->kbd_interactive_authentication;
1009                 goto parse_flag;
1010 
1011         case sChallengeResponseAuthentication:
1012                 intptr = &options->challenge_response_authentication;
1013                 goto parse_flag;
1014 
1015         case sPrintMotd:
1016                 intptr = &options->print_motd;
1017                 goto parse_flag;
1018 
1019         case sPrintLastLog:
1020                 intptr = &options->print_lastlog;
1021                 goto parse_flag;
1022 
1023         case sX11Forwarding:
1024                 intptr = &options->x11_forwarding;
1025                 goto parse_flag;
1026 
1027         case sX11DisplayOffset:
1028                 intptr = &options->x11_display_offset;
1029                 goto parse_int;
1030 
1031         case sX11UseLocalhost:
1032                 intptr = &options->x11_use_localhost;
1033                 goto parse_flag;
1034 
1035         case sXAuthLocation:
1036                 charptr = &options->xauth_location;
1037                 goto parse_filename;
1038 
1039         case sStrictModes:
1040                 intptr = &options->strict_modes;
1041                 goto parse_flag;
1042 
1043         case sKeepAlives:
1044                 intptr = &options->keepalives;
1045                 goto parse_flag;
1046 
1047         case sEmptyPasswd:
1048                 intptr = &options->permit_empty_passwd;
1049                 goto parse_flag;
1050 
1051         case sPermitUserEnvironment:
1052                 intptr = &options->permit_user_env;
1053                 goto parse_flag;
1054 
1055         case sUseLogin:
1056                 log("%s line %d: ignoring UseLogin option value."
1057                     " This option is always off.", filename, linenum);
1058                 while (arg)
1059                         arg = strdelim(&cp);
1060                 break;
1061 
1062         case sCompression:
1063                 intptr = &options->compression;
1064                 goto parse_flag;
1065 
1066         case sGatewayPorts:
1067                 intptr = &options->gateway_ports;
1068                 arg = strdelim(&cp);
1069                 if (!arg || *arg == '\0')
1070                         fatal("%s line %d: missing yes/no/clientspecified "
1071                             "argument.", filename, linenum);
1072                 value = 0;      /* silence compiler */
1073                 if (strcmp(arg, "clientspecified") == 0)
1074                         value = 2;
1075                 else if (strcmp(arg, "yes") == 0)
1076                         value = 1;
1077                 else if (strcmp(arg, "no") == 0)
1078                         value = 0;
1079                 else
1080                         fatal("%s line %d: Bad yes/no/clientspecified "
1081                             "argument: %s", filename, linenum, arg);
1082                 if (*activep && *intptr == -1)
1083                         *intptr = value;
1084                 break;
1085 
1086         case sVerifyReverseMapping:
1087                 intptr = &options->verify_reverse_mapping;
1088                 goto parse_flag;
1089 
1090         case sLogFacility:
1091                 intptr = (int *) &options->log_facility;
1092                 arg = strdelim(&cp);
1093                 value = log_facility_number(arg);
1094                 if (value == SYSLOG_FACILITY_NOT_SET)
1095                         fatal("%.200s line %d: unsupported log facility '%s'",
1096                             filename, linenum, arg ? arg : "<NONE>");
1097                 if (*intptr == -1)
1098                         *intptr = (SyslogFacility) value;
1099                 break;
1100 
1101         case sLogLevel:
1102                 intptr = (int *) &options->log_level;
1103                 arg = strdelim(&cp);
1104                 value = log_level_number(arg);
1105                 if (value == SYSLOG_LEVEL_NOT_SET)
1106                         fatal("%.200s line %d: unsupported log level '%s'",
1107                             filename, linenum, arg ? arg : "<NONE>");
1108                 if (*intptr == -1)
1109                         *intptr = (LogLevel) value;
1110                 break;
1111 
1112         case sAllowTcpForwarding:
1113                 intptr = &options->allow_tcp_forwarding;
1114                 goto parse_flag;
1115 
1116         case sUsePrivilegeSeparation:
1117                 log("%s line %d: ignoring UsePrivilegeSeparation option value."
1118                     " This option is always on.", filename, linenum);
1119                 while (arg)
1120                         arg = strdelim(&cp);
1121                 break;
1122 
1123         case sAllowUsers:
1124                 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1125                         if (options->num_allow_users >= MAX_ALLOW_USERS)
1126                                 fatal("%s line %d: too many allow users.",
1127                                     filename, linenum);
1128                         options->allow_users[options->num_allow_users++] =
1129                             xstrdup(arg);
1130                 }
1131                 break;
1132 
1133         case sDenyUsers:
1134                 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1135                         if (options->num_deny_users >= MAX_DENY_USERS)
1136                                 fatal( "%s line %d: too many deny users.",
1137                                     filename, linenum);
1138                         options->deny_users[options->num_deny_users++] =
1139                             xstrdup(arg);
1140                 }
1141                 break;
1142 
1143         case sAllowGroups:
1144                 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1145                         if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
1146                                 fatal("%s line %d: too many allow groups.",
1147                                     filename, linenum);
1148                         options->allow_groups[options->num_allow_groups++] =
1149                             xstrdup(arg);
1150                 }
1151                 break;
1152 
1153         case sDenyGroups:
1154                 while (((arg = strdelim(&cp)) != NULL) && *arg != '\0') {
1155                         if (options->num_deny_groups >= MAX_DENY_GROUPS)
1156                                 fatal("%s line %d: too many deny groups.",
1157                                     filename, linenum);
1158                         options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
1159                 }
1160                 break;
1161 
1162         case sCiphers:
1163                 arg = strdelim(&cp);
1164                 if (!arg || *arg == '\0')
1165                         fatal("%s line %d: Missing argument.", filename, linenum);
1166                 if (!ciphers_valid(arg))
1167                         fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1168                             filename, linenum, arg ? arg : "<NONE>");
1169                 if (options->ciphers == NULL)
1170                         options->ciphers = xstrdup(arg);
1171                 break;
1172 
1173         case sMacs:
1174                 arg = strdelim(&cp);
1175                 if (!arg || *arg == '\0')
1176                         fatal("%s line %d: Missing argument.", filename, linenum);
1177                 if (!mac_valid(arg))
1178                         fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1179                             filename, linenum, arg ? arg : "<NONE>");
1180                 if (options->macs == NULL)
1181                         options->macs = xstrdup(arg);
1182                 break;
1183 
1184         case sProtocol:
1185                 intptr = &options->protocol;
1186                 arg = strdelim(&cp);
1187                 if (!arg || *arg == '\0')
1188                         fatal("%s line %d: Missing argument.", filename, linenum);
1189                 value = proto_spec(arg);
1190                 if (value == SSH_PROTO_UNKNOWN)
1191                         fatal("%s line %d: Bad protocol spec '%s'.",
1192                             filename, linenum, arg ? arg : "<NONE>");
1193                 if (*intptr == SSH_PROTO_UNKNOWN)
1194                         *intptr = value;
1195                 break;
1196 
1197         case sSubsystem:
1198                 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1199                         fatal("%s line %d: too many subsystems defined.",
1200                             filename, linenum);
1201                 }
1202                 arg = strdelim(&cp);
1203                 if (!arg || *arg == '\0')
1204                         fatal("%s line %d: Missing subsystem name.",
1205                             filename, linenum);
1206                 if (!*activep) {
1207                         arg = strdelim(&cp);
1208                         break;
1209                 }
1210                 for (i = 0; i < options->num_subsystems; i++)
1211                         if (strcmp(arg, options->subsystem_name[i]) == 0)
1212                                 fatal("%s line %d: Subsystem '%s' already defined.",
1213                                     filename, linenum, arg);
1214                 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
1215                 arg = strdelim(&cp);
1216                 if (!arg || *arg == '\0')
1217                         fatal("%s line %d: Missing subsystem command.",
1218                             filename, linenum);
1219                 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
1220 
1221                 /*
1222                  * Collect arguments (separate to executable), including the
1223                  * name of the executable, in a way that is easier to parse
1224                  * later.
1225                  */
1226                 p = xstrdup(arg);
1227                 len = strlen(p) + 1;
1228                 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1229                         len += 1 + strlen(arg);
1230                         p = xrealloc(p, len);
1231                         strlcat(p, " ", len);
1232                         strlcat(p, arg, len);
1233                 }
1234                 options->subsystem_args[options->num_subsystems] = p;
1235                 options->num_subsystems++;
1236                 break;
1237 
1238         case sMaxStartups:
1239                 arg = strdelim(&cp);
1240                 if (!arg || *arg == '\0')
1241                         fatal("%s line %d: Missing MaxStartups spec.",
1242                             filename, linenum);
1243                 if ((n = sscanf(arg, "%d:%d:%d",
1244                     &options->max_startups_begin,
1245                     &options->max_startups_rate,
1246                     &options->max_startups)) == 3) {
1247                         if (options->max_startups_begin >
1248                             options->max_startups ||
1249                             options->max_startups_rate > 100 ||
1250                             options->max_startups_rate < 1)
1251                                 fatal("%s line %d: Illegal MaxStartups spec.",
1252                                     filename, linenum);
1253                 } else if (n != 1)
1254                         fatal("%s line %d: Illegal MaxStartups spec.",
1255                             filename, linenum);
1256                 else
1257                         options->max_startups = options->max_startups_begin;
1258                 break;
1259 
1260         case sBanner:
1261                 charptr = &options->banner;
1262                 goto parse_filename;
1263         /*
1264          * These options can contain %X options expanded at
1265          * connect time, so that you can specify paths like:
1266          *
1267          * AuthorizedKeysFile   /etc/ssh_keys/%u
1268          */
1269         case sAuthorizedKeysFile:
1270         case sAuthorizedKeysFile2:
1271                 charptr = (opcode == sAuthorizedKeysFile) ?
1272                     &options->authorized_keys_file :
1273                     &options->authorized_keys_file2;
1274                 goto parse_filename;
1275 
1276         case sClientAliveInterval:
1277                 intptr = &options->client_alive_interval;
1278                 goto parse_time;
1279 
1280         case sClientAliveCountMax:
1281                 intptr = &options->client_alive_count_max;
1282                 goto parse_int;
1283 
1284         case sMaxAuthTries:
1285                 intptr = &options->max_auth_tries;
1286                 goto parse_int;
1287 
1288         case sMaxAuthTriesLog:
1289                 intptr = &options->max_auth_tries_log;
1290                 goto parse_int;
1291 
1292         case sLookupClientHostnames:
1293                 intptr = &options->lookup_client_hostnames;
1294                 goto parse_flag;
1295 
1296         case sUseOpenSSLEngine:
1297                 intptr = &options->use_openssl_engine;
1298                 goto parse_flag;
1299 
1300         case sChrootDirectory:
1301                 charptr = &options->chroot_directory;
1302 
1303                 arg = strdelim(&cp);
1304                 if (arg == NULL || *arg == '\0')
1305                         fatal("%s line %d: missing directory name for "
1306                             "ChrootDirectory.", filename, linenum);
1307                 if (*activep && *charptr == NULL)
1308                         *charptr = xstrdup(arg);
1309                 break;
1310 
1311         case sPreUserauthHook:
1312                 charptr = &options->pre_userauth_hook;
1313                 goto parse_filename;
1314 
1315         case sMatch:
1316                 if (cmdline)
1317                         fatal("Match directive not supported as a command-line "
1318                            "option");
1319                 value = match_cfg_line(&cp, linenum, user, host, address);
1320                 if (value < 0)
1321                         fatal("%s line %d: Bad Match condition", filename,
1322                             linenum);
1323                 *activep = value;
1324                 break;
1325 
1326         case sDeprecated:
1327                 log("%s line %d: Deprecated option %s",
1328                     filename, linenum, arg);
1329                 while (arg)
1330                     arg = strdelim(&cp);
1331                 break;
1332 
1333         case sPAMServicePrefix:
1334                 arg = strdelim(&cp);
1335                 if (!arg || *arg == '\0')
1336                         fatal("%s line %d: Missing argument.",
1337                             filename, linenum);
1338                 if (options->pam_service_name != NULL)
1339                         fatal("%s line %d: PAMServiceName and PAMServicePrefix "
1340                             "are mutually exclusive.", filename, linenum);
1341                 if (options->pam_service_prefix == NULL)
1342                         options->pam_service_prefix = xstrdup(arg);
1343                 break;
1344 
1345         case sPAMServiceName:
1346                 arg = strdelim(&cp);
1347                 if (!arg || *arg == '\0')
1348                         fatal("%s line %d: Missing argument.",
1349                             filename, linenum);
1350                 if (options->pam_service_prefix != NULL)
1351                         fatal("%s line %d: PAMServiceName and PAMServicePrefix "
1352                             "are mutually exclusive.", filename, linenum);
1353                 if (options->pam_service_name == NULL)
1354                         options->pam_service_name = xstrdup(arg);
1355                 break;
1356 
1357         default:
1358                 fatal("%s line %d: Missing handler for opcode %s (%d)",
1359                     filename, linenum, arg, opcode);
1360         }
1361         if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
1362                 fatal("%s line %d: garbage at end of line; \"%.200s\".",
1363                     filename, linenum, arg);
1364         return 0;
1365 }
1366 
1367 
1368 /* Reads the server configuration file. */
1369 
1370 void
1371 load_server_config(const char *filename, Buffer *conf)
1372 {
1373         char line[1024], *cp;
1374         FILE *f;
1375 
1376         debug2("%s: filename %s", __func__, filename);
1377         if ((f = fopen(filename, "r")) == NULL) {
1378                 perror(filename);
1379                 exit(1);
1380         }
1381         buffer_clear(conf);
1382         while (fgets(line, sizeof(line), f)) {
1383                 /*
1384                  * Trim out comments and strip whitespace
1385                  * NB - preserve newlines, they are needed to reproduce
1386                  * line numbers later for error messages
1387                  */
1388                 if ((cp = strchr(line, '#')) != NULL)
1389                         memcpy(cp, "\n", 2);
1390                 cp = line + strspn(line, " \t\r");
1391 
1392                 buffer_append(conf, cp, strlen(cp));
1393         }
1394         buffer_append(conf, "\0", 1);
1395         fclose(f);
1396         debug2("%s: done config len = %d", __func__, buffer_len(conf));
1397 }
1398 
1399 void
1400 parse_server_match_config(ServerOptions *options, const char *user,
1401     const char *host, const char *address)
1402 {
1403         ServerOptions mo;
1404 
1405         initialize_server_options(&mo);
1406         parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
1407         copy_set_server_options(options, &mo, 0);
1408 }
1409 
1410 
1411 
1412 /* Helper macros */
1413 #define M_CP_INTOPT(n) do {\
1414         if (src->n != -1) \
1415                 dst->n = src->n; \
1416 } while (0)
1417 #define M_CP_STROPT(n) do {\
1418         if (src->n != NULL) { \
1419                 if (dst->n != NULL) \
1420                         xfree(dst->n); \
1421                 dst->n = src->n; \
1422         } \
1423 } while(0)
1424 
1425 /*
1426  * Copy any supported values that are set.
1427  *
1428  * If the preauth flag is set, we do not bother copying the the string or
1429  * array values that are not used pre-authentication, because any that we
1430  * do use must be explictly sent in mm_getpwnamallow().
1431  */
1432 void
1433 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1434 {
1435         M_CP_INTOPT(password_authentication);
1436         M_CP_INTOPT(gss_authentication);
1437         M_CP_INTOPT(rsa_authentication);
1438         M_CP_INTOPT(pubkey_authentication);
1439         M_CP_INTOPT(hostbased_authentication);
1440         M_CP_INTOPT(kbd_interactive_authentication);
1441         M_CP_INTOPT(permit_root_login);
1442         M_CP_INTOPT(permit_empty_passwd);
1443         M_CP_INTOPT(allow_tcp_forwarding);
1444         M_CP_INTOPT(gateway_ports);
1445         M_CP_INTOPT(x11_display_offset);
1446         M_CP_INTOPT(x11_forwarding);
1447         M_CP_INTOPT(x11_use_localhost);
1448         M_CP_INTOPT(max_auth_tries);
1449         M_CP_STROPT(banner);
1450 
1451         if (preauth)
1452                 return;
1453         M_CP_STROPT(chroot_directory);
1454 }
1455 
1456 #undef M_CP_INTOPT
1457 #undef M_CP_STROPT
1458 
1459 void
1460 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
1461     const char *user, const char *host, const char *address)
1462 {
1463         int active, linenum, bad_options = 0;
1464         char *cp, *obuf, *cbuf;
1465 
1466         debug2("%s: config %s len %d", __func__, filename, buffer_len(conf));
1467 
1468         obuf = cbuf = xstrdup(buffer_ptr(conf));
1469         active = user ? 0 : 1;
1470         linenum = 1;
1471         while ((cp = strsep(&cbuf, "\n")) != NULL) {
1472                 if (process_server_config_line(options, cp, filename,
1473                     linenum++, &active, user, host, address) != 0)
1474                         bad_options++;
1475         }
1476         xfree(obuf);
1477         if (bad_options > 0)
1478                 fatal("%s: terminating, %d bad configuration options",
1479                     filename, bad_options);
1480 }
1481 
1482 
1483 /*
1484  * Note that "none" is a special path having the same affect on sshd
1485  * configuration as not specifying ChrootDirectory at all.
1486  */
1487 int
1488 chroot_requested(char *chroot_directory)
1489 {
1490         return (chroot_directory != NULL &&
1491             strcasecmp(chroot_directory, "none") != 0);
1492 }