11305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* $OpenBSD: servconf.c,v 1.222 2011/06/22 21:57:01 djm Exp $ */ 21305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 31305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 41305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * All rights reserved 51305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 61305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * As far as I am concerned, the code I have written for this software 71305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * can be used freely for any purpose. Any derived versions of this 81305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * software must be clearly marked as such, and if the derived work is 91305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * incompatible with the protocol description in the RFC file, it must be 101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * called by a name other than "ssh" or "Secure Shell". 111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "includes.h" 141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/types.h> 161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/socket.h> 171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <netinet/in.h> 191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <netinet/in_systm.h> 201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <netinet/ip.h> 211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <netdb.h> 231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <pwd.h> 241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <stdio.h> 251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <stdlib.h> 261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <string.h> 271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <signal.h> 281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <unistd.h> 291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <stdarg.h> 301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <errno.h> 311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "openbsd-compat/sys-queue.h" 331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "xmalloc.h" 341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "ssh.h" 351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "log.h" 361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "buffer.h" 371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "servconf.h" 381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "compat.h" 391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "pathnames.h" 401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "misc.h" 411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "cipher.h" 421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "key.h" 431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "kex.h" 441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "mac.h" 451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "match.h" 461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "channels.h" 471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "groupaccess.h" 481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 498e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood#ifdef ANDROID 508e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood#include <cutils/properties.h> 518e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood#endif 528e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood 531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void add_listen_addr(ServerOptions *, char *, int); 541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void add_one_listen_addr(ServerOptions *, char *, int); 551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Use of privilege separation or not */ 571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodextern int use_privsep; 581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodextern Buffer cfg; 591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Initializes the server options to their default values. */ 611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodinitialize_server_options(ServerOptions *options) 641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood memset(options, 0, sizeof(*options)); 661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Portable-specific options */ 681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_pam = -1; 691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Standard Options */ 711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_ports = 0; 721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ports_from_cmdline = 0; 731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->listen_addrs = NULL; 741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->address_family = -1; 751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_host_key_files = 0; 761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_host_cert_files = 0; 771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->pid_file = NULL; 781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->server_key_bits = -1; 791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->login_grace_time = -1; 801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->key_regeneration_time = -1; 811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_root_login = PERMIT_NOT_SET; 821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ignore_rhosts = -1; 831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ignore_user_known_hosts = -1; 841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->print_motd = -1; 851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->print_lastlog = -1; 861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_forwarding = -1; 871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_display_offset = -1; 881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_use_localhost = -1; 891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->xauth_location = NULL; 901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->strict_modes = -1; 911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->tcp_keep_alive = -1; 921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->log_facility = SYSLOG_FACILITY_NOT_SET; 931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->log_level = SYSLOG_LEVEL_NOT_SET; 941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->rhosts_rsa_authentication = -1; 951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->hostbased_authentication = -1; 961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->hostbased_uses_name_from_packet_only = -1; 971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->rsa_authentication = -1; 981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->pubkey_authentication = -1; 991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_authentication = -1; 1001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_or_local_passwd = -1; 1011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_ticket_cleanup = -1; 1021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_get_afs_token = -1; 1031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gss_authentication=-1; 1041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gss_cleanup_creds = -1; 1051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->password_authentication = -1; 1061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kbd_interactive_authentication = -1; 1071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->challenge_response_authentication = -1; 1081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_empty_passwd = -1; 1091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_user_env = -1; 1101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_login = -1; 1111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->compression = -1; 1121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_tcp_forwarding = -1; 1131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_agent_forwarding = -1; 1141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_allow_users = 0; 1151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_deny_users = 0; 1161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_allow_groups = 0; 1171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_deny_groups = 0; 1181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ciphers = NULL; 1191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->macs = NULL; 1201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kex_algorithms = NULL; 1211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->protocol = SSH_PROTO_UNKNOWN; 1221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gateway_ports = -1; 1231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_subsystems = 0; 1241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_begin = -1; 1251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_rate = -1; 1261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups = -1; 1271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_authtries = -1; 1281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_sessions = -1; 1291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->banner = NULL; 1301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_dns = -1; 1311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->client_alive_interval = -1; 1321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->client_alive_count_max = -1; 1331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_authkeys_files = 0; 1341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_accept_env = 0; 1351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_tun = -1; 1361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_permitted_opens = -1; 1371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->adm_forced_command = NULL; 1381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->chroot_directory = NULL; 1391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->zero_knowledge_password_authentication = -1; 1401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->revoked_keys_file = NULL; 1411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->trusted_user_ca_keys = NULL; 1421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->authorized_principals_file = NULL; 1431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_interactive = -1; 1441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_bulk = -1; 1451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 1461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 1481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfill_default_server_options(ServerOptions *options) 1491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 1501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Portable-specific options */ 1511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->use_pam == -1) 1521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_pam = 0; 1531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Standard Options */ 1551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->protocol == SSH_PROTO_UNKNOWN) 1561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->protocol = SSH_PROTO_2; 1571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_host_key_files == 0) { 1581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* fill default hostkeys for protocols */ 1591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->protocol & SSH_PROTO_1) 1601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->host_key_files[options->num_host_key_files++] = 1611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood _PATH_HOST_KEY_FILE; 1621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->protocol & SSH_PROTO_2) { 1631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->host_key_files[options->num_host_key_files++] = 1641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood _PATH_HOST_RSA_KEY_FILE; 1651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->host_key_files[options->num_host_key_files++] = 1661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood _PATH_HOST_DSA_KEY_FILE; 1671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef OPENSSL_HAS_ECC 1681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->host_key_files[options->num_host_key_files++] = 1691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood _PATH_HOST_ECDSA_KEY_FILE; 1701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 1711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 1721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 1731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* No certificates by default */ 1741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_ports == 0) 1751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 1761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->listen_addrs == NULL) 1771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood add_listen_addr(options, NULL, 0); 1781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->pid_file == NULL) 1791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->pid_file = _PATH_SSH_DAEMON_PID_FILE; 1801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->server_key_bits == -1) 1811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->server_key_bits = 1024; 1821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->login_grace_time == -1) 1831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->login_grace_time = 120; 1841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->key_regeneration_time == -1) 1851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->key_regeneration_time = 3600; 1861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->permit_root_login == PERMIT_NOT_SET) 1871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_root_login = PERMIT_YES; 1881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ignore_rhosts == -1) 1891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ignore_rhosts = 1; 1901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ignore_user_known_hosts == -1) 1911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ignore_user_known_hosts = 0; 1921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->print_motd == -1) 1931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->print_motd = 1; 1941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->print_lastlog == -1) 1951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->print_lastlog = 1; 1961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->x11_forwarding == -1) 1971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_forwarding = 0; 1981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->x11_display_offset == -1) 1991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_display_offset = 10; 2001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->x11_use_localhost == -1) 2011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_use_localhost = 1; 2021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->xauth_location == NULL) 2031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->xauth_location = _PATH_XAUTH; 2041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->strict_modes == -1) 2051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->strict_modes = 1; 2061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->tcp_keep_alive == -1) 2071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->tcp_keep_alive = 1; 2081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 2091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->log_facility = SYSLOG_FACILITY_AUTH; 2101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->log_level == SYSLOG_LEVEL_NOT_SET) 2111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->log_level = SYSLOG_LEVEL_INFO; 2121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->rhosts_rsa_authentication == -1) 2131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->rhosts_rsa_authentication = 0; 2141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->hostbased_authentication == -1) 2151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->hostbased_authentication = 0; 2161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->hostbased_uses_name_from_packet_only == -1) 2171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->hostbased_uses_name_from_packet_only = 0; 2181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->rsa_authentication == -1) 2191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->rsa_authentication = 1; 2201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->pubkey_authentication == -1) 2211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->pubkey_authentication = 1; 2221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kerberos_authentication == -1) 2231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_authentication = 0; 2241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kerberos_or_local_passwd == -1) 2251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_or_local_passwd = 1; 2261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kerberos_ticket_cleanup == -1) 2271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_ticket_cleanup = 1; 2281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kerberos_get_afs_token == -1) 2291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_get_afs_token = 0; 2301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->gss_authentication == -1) 2311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gss_authentication = 0; 2321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->gss_cleanup_creds == -1) 2331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gss_cleanup_creds = 1; 2341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->password_authentication == -1) 2351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->password_authentication = 1; 2361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kbd_interactive_authentication == -1) 2371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kbd_interactive_authentication = 0; 2381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->challenge_response_authentication == -1) 2391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->challenge_response_authentication = 1; 2401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->permit_empty_passwd == -1) 2411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_empty_passwd = 0; 2421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->permit_user_env == -1) 2431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_user_env = 0; 2441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->use_login == -1) 2451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_login = 0; 2461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->compression == -1) 2471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->compression = COMP_DELAYED; 2481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->allow_tcp_forwarding == -1) 2491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_tcp_forwarding = 1; 2501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->allow_agent_forwarding == -1) 2511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_agent_forwarding = 1; 2521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->gateway_ports == -1) 2531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gateway_ports = 0; 2541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_startups == -1) 2551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups = 10; 2561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_startups_rate == -1) 2571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_rate = 100; /* 100% */ 2581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_startups_begin == -1) 2591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_begin = options->max_startups; 2601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_authtries == -1) 2611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 2621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_sessions == -1) 2631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_sessions = DEFAULT_SESSIONS_MAX; 2641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->use_dns == -1) 2651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_dns = 1; 2661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->client_alive_interval == -1) 2671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->client_alive_interval = 0; 2681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->client_alive_count_max == -1) 2691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->client_alive_count_max = 3; 2701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_authkeys_files == 0) { 2711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->authorized_keys_files[options->num_authkeys_files++] = 2721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); 2731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->authorized_keys_files[options->num_authkeys_files++] = 2741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); 2751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->permit_tun == -1) 2771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_tun = SSH_TUNMODE_NO; 2781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->zero_knowledge_password_authentication == -1) 2791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->zero_knowledge_password_authentication = 0; 2801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ip_qos_interactive == -1) 2811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_interactive = IPTOS_LOWDELAY; 2821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ip_qos_bulk == -1) 2831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_bulk = IPTOS_THROUGHPUT; 2841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Turn privilege separation on by default */ 2861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (use_privsep == -1) 2871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood use_privsep = PRIVSEP_ON; 2881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifndef HAVE_MMAP 2901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (use_privsep && options->compression == 1) { 2911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("This platform does not support both privilege " 2921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "separation and compression"); 2931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("Compression disabled"); 2941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->compression = 0; 2951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 2971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 2991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Keyword tokens. */ 3011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodtypedef enum { 3021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sBadOption, /* == unknown option */ 3031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Portable-specific options */ 3041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sUsePAM, 3051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Standard Options */ 3061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, 3071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sPermitRootLogin, sLogFacility, sLogLevel, 3081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sRhostsRSAAuthentication, sRSAAuthentication, 3091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 3101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sKerberosGetAFSToken, 3111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sKerberosTgtPassing, sChallengeResponseAuthentication, 3121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sPasswordAuthentication, sKbdInteractiveAuthentication, 3131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sListenAddress, sAddressFamily, 3141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sPrintMotd, sPrintLastLog, sIgnoreRhosts, 3151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 3161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sStrictModes, sEmptyPasswd, sTCPKeepAlive, 3171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 3181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 3191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 3201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, 3211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sMaxStartups, sMaxAuthTries, sMaxSessions, 3221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sBanner, sUseDNS, sHostbasedAuthentication, 3231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 3241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sClientAliveCountMax, sAuthorizedKeysFile, 3251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, 3261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 3271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sUsePrivilegeSeparation, sAllowAgentForwarding, 3281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sZeroKnowledgePasswordAuthentication, sHostCertificate, 3291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 3301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sKexAlgorithms, sIPQoS, 3311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sDeprecated, sUnsupported 3321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} ServerOpCodes; 3331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 3351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 3361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 3371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Textual representation of the tokens. */ 3391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic struct { 3401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *name; 3411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ServerOpCodes opcode; 3421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int flags; 3431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} keywords[] = { 3441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Portable-specific options */ 3451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef USE_PAM 3461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "usepam", sUsePAM, SSHCFG_GLOBAL }, 3471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 3481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "usepam", sUnsupported, SSHCFG_GLOBAL }, 3491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 3501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, 3511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Standard Options */ 3521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "port", sPort, SSHCFG_GLOBAL }, 3531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 3541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 3551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "pidfile", sPidFile, SSHCFG_GLOBAL }, 3561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, 3571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 3581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, 3591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 3601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 3611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 3621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 3631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, 3641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 3651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 3661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, 3671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 3681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 3691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef KRB5 3701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 3711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 3721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 3731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef USE_AFS 3741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 3751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 3761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 3771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 3781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 3791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 3801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 3811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 3821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 3831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 3841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 3851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 3861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef GSSAPI 3871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 3881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 3891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 3901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 3911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 3921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 3931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 3941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 3951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 3961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 3971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef JPAKE 3981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL }, 3991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 4001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL }, 4011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 4021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 4031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 4041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 4051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 4061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 4071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 4081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 4091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 4101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 4111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 4121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 4131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 4141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 4151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 4161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 4171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "compression", sCompression, SSHCFG_GLOBAL }, 4181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 4191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 4201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 4211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 4221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "allowusers", sAllowUsers, SSHCFG_GLOBAL }, 4231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "denyusers", sDenyUsers, SSHCFG_GLOBAL }, 4241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "allowgroups", sAllowGroups, SSHCFG_GLOBAL }, 4251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, 4261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "ciphers", sCiphers, SSHCFG_GLOBAL }, 4271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "macs", sMacs, SSHCFG_GLOBAL }, 4281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "protocol", sProtocol, SSHCFG_GLOBAL }, 4291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 4301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 4311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 4321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 4331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "maxsessions", sMaxSessions, SSHCFG_ALL }, 4341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "banner", sBanner, SSHCFG_ALL }, 4351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "usedns", sUseDNS, SSHCFG_GLOBAL }, 4361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 4371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 4381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, 4391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, 4401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 4411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 4421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 4431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, 4441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 4451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "match", sMatch, SSHCFG_ALL }, 4461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "permitopen", sPermitOpen, SSHCFG_ALL }, 4471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "forcecommand", sForceCommand, SSHCFG_ALL }, 4481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 4491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 4501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 4511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 4521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 4531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 4541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "ipqos", sIPQoS, SSHCFG_ALL }, 4551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, sBadOption, 0 } 4561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 4571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic struct { 4591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int val; 4601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *text; 4611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} tunmode_desc[] = { 4621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { SSH_TUNMODE_NO, "no" }, 4631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 4641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { SSH_TUNMODE_ETHERNET, "ethernet" }, 4651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { SSH_TUNMODE_YES, "yes" }, 4661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { -1, NULL } 4671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 4681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 4701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Returns the number of the token pointed to by cp or sBadOption. 4711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 4721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic ServerOpCodes 4741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodparse_token(const char *cp, const char *filename, 4751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int linenum, u_int *flags) 4761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 4771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 4781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; keywords[i].name; i++) 4801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcasecmp(cp, keywords[i].name) == 0) { 4811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *flags = keywords[i].flags; 4821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return keywords[i].opcode; 4831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("%s: line %d: Bad configuration option: %s", 4861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, cp); 4871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return sBadOption; 4881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 4891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodchar * 4911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodderelativise_path(const char *path) 4921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 4931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *expanded, *ret, cwd[MAXPATHLEN]; 4941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood expanded = tilde_expand_filename(path, getuid()); 4961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*expanded == '/') 4971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return expanded; 4981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (getcwd(cwd, sizeof(cwd)) == NULL) 4991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s: getcwd: %s", __func__, strerror(errno)); 5001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xasprintf(&ret, "%s/%s", cwd, expanded); 5011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xfree(expanded); 5021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return ret; 5031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 5041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 5061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodadd_listen_addr(ServerOptions *options, char *addr, int port) 5071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 5081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 5091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_ports == 0) 5111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 5121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->address_family == -1) 5131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->address_family = AF_UNSPEC; 5141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (port == 0) 5151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < options->num_ports; i++) 5161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood add_one_listen_addr(options, addr, options->ports[i]); 5171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 5181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood add_one_listen_addr(options, addr, port); 5191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 5201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 5221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodadd_one_listen_addr(ServerOptions *options, char *addr, int port) 5231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 5241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct addrinfo hints, *ai, *aitop; 5251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char strport[NI_MAXSERV]; 5261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int gaierr; 5271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood memset(&hints, 0, sizeof(hints)); 5291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood hints.ai_family = options->address_family; 5301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood hints.ai_socktype = SOCK_STREAM; 5311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 5321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood snprintf(strport, sizeof strport, "%d", port); 5331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 5341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("bad addr or host: %s (%s)", 5351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood addr ? addr : "<NULL>", 5361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssh_gai_strerror(gaierr)); 5371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (ai = aitop; ai->ai_next; ai = ai->ai_next) 5381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ; 5391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ai->ai_next = options->listen_addrs; 5401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->listen_addrs = aitop; 5411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 5421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 5441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The strategy for the Match blocks is that the config file is parsed twice. 5451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 5461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The first time is at startup. activep is initialized to 1 and the 5471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * directives in the global context are processed and acted on. Hitting a 5481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match directive unsets activep and the directives inside the block are 5491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * checked for syntax only. 5501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 5511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The second time is after a connection has been established but before 5521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * authentication. activep is initialized to 2 and global config directives 5531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * are ignored since they have already been processed. If the criteria in a 5541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match block is met, activep is set and the subsequent directives 5551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * processed and actioned until EOF or another Match block unsets it. Any 5561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * options set are copied into the main server config. 5571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 5581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Potential additions/improvements: 5591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * - Add Match support for pre-kex directives, eg Protocol, Ciphers. 5601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 5611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * - Add a Tag directive (idea from David Leonard) ala pf, eg: 5621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match Address 192.168.0.* 5631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Tag trusted 5641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match Group wheel 5651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Tag trusted 5661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match Tag trusted 5671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * AllowTcpForwarding yes 5681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * GatewayPorts clientspecified 5691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * [...] 5701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 5711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * - Add a PermittedChannelRequests directive 5721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match Group shell 5731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * PermittedChannelRequests session,forwarded-tcpip 5741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 5751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic int 5771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodmatch_cfg_line_group(const char *grps, int line, const char *user) 5781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 5791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int result = 0; 5801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct passwd *pw; 5811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (user == NULL) 5831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto out; 5841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((pw = getpwnam(user)) == NULL) { 5861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("Can't match group at line %d because user %.100s does " 5871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "not exist", line, user); 5881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 5891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("Can't Match group because user %.100s not in any group " 5901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "at line %d", user, line); 5911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (ga_match_pattern_list(grps) != 1) { 5921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("user %.100s does not match group list %.100s at line %d", 5931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood user, grps, line); 5941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { 5951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("user %.100s matched group list %.100s at line %d", user, 5961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood grps, line); 5971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 1; 5981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodout: 6001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ga_free(); 6011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return result; 6021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 6031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic int 6051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodmatch_cfg_line(char **condition, int line, const char *user, const char *host, 6061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *address) 6071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 6081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int result = 1; 6091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *arg, *attrib, *cp = *condition; 6101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood size_t len; 6111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (user == NULL) 6131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("checking syntax for 'Match %s'", cp); 6141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 6151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("checking match for '%s' user %s host %s addr %s", cp, 6161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood user ? user : "(null)", host ? host : "(null)", 6171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood address ? address : "(null)"); 6181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((attrib = strdelim(&cp)) && *attrib != '\0') { 6201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 6211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("Missing Match criteria for %s", attrib); 6221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 6231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood len = strlen(arg); 6251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcasecmp(attrib, "user") == 0) { 6261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!user) { 6271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood continue; 6291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (match_pattern_list(user, arg, len, 0) != 1) 6311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 6331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("user %.100s matched 'User %.100s' at " 6341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "line %d", user, arg, line); 6351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (strcasecmp(attrib, "group") == 0) { 6361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (match_cfg_line_group(arg, line, user)) { 6371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case -1: 6381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 6391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 0: 6401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (strcasecmp(attrib, "host") == 0) { 6431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!host) { 6441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood continue; 6461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (match_hostname(host, arg, len) != 1) 6481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 6501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("connection from %.100s matched 'Host " 6511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "%.100s' at line %d", host, arg, line); 6521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (strcasecmp(attrib, "address") == 0) { 6531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (addr_match_list(address, arg)) { 6541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 1: 6551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("connection from %.100s matched 'Address " 6561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "%.100s' at line %d", address, arg, line); 6571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 6581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 0: 6591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case -1: 6601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 6621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case -2: 6631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 6641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { 6661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("Unsupported Match attribute %s", attrib); 6671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 6681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (user != NULL) 6711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("match %sfound", result ? "" : "not "); 6721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *condition = cp; 6731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return result; 6741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 6751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define WHITESPACE " \t\r\n" 6771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Multistate option parsing */ 6791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstruct multistate { 6801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *key; 6811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int value; 6821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 6831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const struct multistate multistate_addressfamily[] = { 6841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "inet", AF_INET }, 6851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "inet6", AF_INET6 }, 6861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "any", AF_UNSPEC }, 6871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, -1 } 6881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 6891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const struct multistate multistate_permitrootlogin[] = { 6901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "without-password", PERMIT_NO_PASSWD }, 6911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "forced-commands-only", PERMIT_FORCED_ONLY }, 6921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "yes", PERMIT_YES }, 6931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "no", PERMIT_NO }, 6941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, -1 } 6951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 6961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const struct multistate multistate_compression[] = { 6971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "delayed", COMP_DELAYED }, 6981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "yes", COMP_ZLIB }, 6991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "no", COMP_NONE }, 7001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, -1 } 7011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 7021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const struct multistate multistate_gatewayports[] = { 7031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "clientspecified", 2 }, 7041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "yes", 1 }, 7051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "no", 0 }, 7061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, -1 } 7071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 7081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const struct multistate multistate_privsep[] = { 7091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "sandbox", PRIVSEP_SANDBOX }, 7101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "yes", PRIVSEP_ON }, 7111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "no", PRIVSEP_OFF }, 7121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, -1 } 7131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 7141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 7161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodprocess_server_config_line(ServerOptions *options, char *line, 7171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *filename, int linenum, int *activep, const char *user, 7181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *host, const char *address) 7191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 7201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *cp, **charptr, *arg, *p; 7211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int cmdline = 0, *intptr, value, value2, n; 7221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood SyslogFacility *log_facility_ptr; 7231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood LogLevel *log_level_ptr; 7241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ServerOpCodes opcode; 7251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int port; 7261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i, flags = 0; 7271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood size_t len; 7281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const struct multistate *multistate_ptr; 7291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cp = line; 7311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((arg = strdelim(&cp)) == NULL) 7321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 7331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Ignore leading whitespace */ 7341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*arg == '\0') 7351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 7361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || !*arg || *arg == '#') 7371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 7381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = NULL; 7391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = NULL; 7401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood opcode = parse_token(arg, filename, linenum, &flags); 7411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (activep == NULL) { /* We are processing a command line directive */ 7431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cmdline = 1; 7441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood activep = &cmdline; 7451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && opcode != sMatch) 7471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 7481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 7491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (user == NULL) { 7501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Directive '%s' is not allowed " 7511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "within a Match block", filename, linenum, arg); 7521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { /* this is a directive we have already processed */ 7531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (arg) 7541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 7551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 7561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (opcode) { 7601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Portable-specific options */ 7611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUsePAM: 7621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->use_pam; 7631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 7641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Standard Options */ 7661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sBadOption: 7671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 7681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPort: 7691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* ignore ports from configfile if cmdline specifies ports */ 7701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ports_from_cmdline) 7711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 7721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->listen_addrs != NULL) 7731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: ports must be specified before " 7741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "ListenAddress.", filename, linenum); 7751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_ports >= MAX_PORTS) 7761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many ports.", 7771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 7781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 7791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 7801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing port number.", 7811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 7821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ports[options->num_ports++] = a2port(arg); 7831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ports[options->num_ports-1] <= 0) 7841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Badly formatted port number.", 7851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 7861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 7871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sServerKeyBits: 7891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->server_key_bits; 7901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_int: 7911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 7921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 7931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing integer value.", 7941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 7951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = atoi(arg); 7961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *intptr == -1) 7971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 7981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 7991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sLoginGraceTime: 8011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->login_grace_time; 8021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_time: 8031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 8041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 8051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing time value.", 8061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((value = convtime(arg)) == -1) 8081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: invalid time value.", 8091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*intptr == -1) 8111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 8121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKeyRegenerationTime: 8151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->key_regeneration_time; 8161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_time; 8171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sListenAddress: 8191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 8201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (arg == NULL || *arg == '\0') 8211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing address", 8221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 8241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 8251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood && strchr(p+1, ':') != NULL) { 8261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood add_listen_addr(options, arg, 0); 8271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 8291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = hpdelim(&arg); 8301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (p == NULL) 8311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: bad address:port usage", 8321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = cleanhostname(p); 8341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (arg == NULL) 8351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood port = 0; 8361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else if ((port = a2port(arg)) <= 0) 8371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: bad port number", filename, linenum); 8381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood add_listen_addr(options, p, port); 8401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAddressFamily: 8441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->address_family; 8451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood multistate_ptr = multistate_addressfamily; 8461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->listen_addrs != NULL) 8471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: address family must be specified " 8481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "before ListenAddress.", filename, linenum); 8491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_multistate: 8501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 8511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 8521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing argument.", 8531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = -1; 8551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; multistate_ptr[i].key != NULL; i++) { 8561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 8571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = multistate_ptr[i].value; 8581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 8601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 8611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value == -1) 8621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: unsupported option \"%s\".", 8631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 8641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *intptr == -1) 8651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 8661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sHostKeyFile: 8691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->num_host_key_files; 8701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*intptr >= MAX_HOSTKEYS) 8711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many host keys specified (max %d).", 8721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, MAX_HOSTKEYS); 8731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->host_key_files[*intptr]; 8741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_filename: 8751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 8761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 8771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing file name.", 8781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *charptr == NULL) { 8801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *charptr = derelativise_path(arg); 8811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* increase optional counter */ 8821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (intptr != NULL) 8831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = *intptr + 1; 8841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 8851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sHostCertificate: 8881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->num_host_cert_files; 8891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*intptr >= MAX_HOSTKEYS) 8901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many host certificates " 8911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "specified (max %d).", filename, linenum, 8921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood MAX_HOSTCERTS); 8931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->host_cert_files[*intptr]; 8941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 8951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPidFile: 8981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->pid_file; 8991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 9001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPermitRootLogin: 9021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->permit_root_login; 9031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood multistate_ptr = multistate_permitrootlogin; 9041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_multistate; 9051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sIgnoreRhosts: 9071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->ignore_rhosts; 9081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_flag: 9091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 9101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 9111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing yes/no argument.", 9121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 9131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = 0; /* silence compiler */ 9141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcmp(arg, "yes") == 0) 9151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = 1; 9161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else if (strcmp(arg, "no") == 0) 9171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = 0; 9181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 9191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad yes/no argument: %s", 9201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 9211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *intptr == -1) 9221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 9231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 9241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sIgnoreUserKnownHosts: 9261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->ignore_user_known_hosts; 9271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sRhostsRSAAuthentication: 9301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->rhosts_rsa_authentication; 9311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sHostbasedAuthentication: 9341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->hostbased_authentication; 9351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sHostbasedUsesNameFromPacketOnly: 9381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->hostbased_uses_name_from_packet_only; 9391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sRSAAuthentication: 9421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->rsa_authentication; 9431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPubkeyAuthentication: 9461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->pubkey_authentication; 9471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKerberosAuthentication: 9501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->kerberos_authentication; 9511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKerberosOrLocalPasswd: 9541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->kerberos_or_local_passwd; 9551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKerberosTicketCleanup: 9581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->kerberos_ticket_cleanup; 9591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKerberosGetAFSToken: 9621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->kerberos_get_afs_token; 9631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sGssAuthentication: 9661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->gss_authentication; 9671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sGssCleanupCreds: 9701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->gss_cleanup_creds; 9711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPasswordAuthentication: 9741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->password_authentication; 9751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sZeroKnowledgePasswordAuthentication: 9781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->zero_knowledge_password_authentication; 9791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKbdInteractiveAuthentication: 9821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->kbd_interactive_authentication; 9831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sChallengeResponseAuthentication: 9861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->challenge_response_authentication; 9871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPrintMotd: 9901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->print_motd; 9911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPrintLastLog: 9941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->print_lastlog; 9951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sX11Forwarding: 9981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->x11_forwarding; 9991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sX11DisplayOffset: 10021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->x11_display_offset; 10031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_int; 10041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sX11UseLocalhost: 10061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->x11_use_localhost; 10071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sXAuthLocation: 10101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->xauth_location; 10111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 10121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sStrictModes: 10141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->strict_modes; 10151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sTCPKeepAlive: 10181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->tcp_keep_alive; 10191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sEmptyPasswd: 10221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->permit_empty_passwd; 10231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPermitUserEnvironment: 10261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->permit_user_env; 10271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUseLogin: 10301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->use_login; 10311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sCompression: 10341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->compression; 10351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood multistate_ptr = multistate_compression; 10361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_multistate; 10371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sGatewayPorts: 10391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->gateway_ports; 10401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood multistate_ptr = multistate_gatewayports; 10411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_multistate; 10421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUseDNS: 10441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->use_dns; 10451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sLogFacility: 10481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood log_facility_ptr = &options->log_facility; 10491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 10501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = log_facility_number(arg); 10511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value == SYSLOG_FACILITY_NOT_SET) 10521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%.200s line %d: unsupported log facility '%s'", 10531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 10541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*log_facility_ptr == -1) 10551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *log_facility_ptr = (SyslogFacility) value; 10561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 10571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sLogLevel: 10591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood log_level_ptr = &options->log_level; 10601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 10611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = log_level_number(arg); 10621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value == SYSLOG_LEVEL_NOT_SET) 10631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%.200s line %d: unsupported log level '%s'", 10641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 10651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*log_level_ptr == -1) 10661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *log_level_ptr = (LogLevel) value; 10671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 10681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAllowTcpForwarding: 10701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->allow_tcp_forwarding; 10711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAllowAgentForwarding: 10741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->allow_agent_forwarding; 10751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUsePrivilegeSeparation: 10781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &use_privsep; 10791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood multistate_ptr = multistate_privsep; 10801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_multistate; 10811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAllowUsers: 10831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 10841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_allow_users >= MAX_ALLOW_USERS) 10851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many allow users.", 10861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 10871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_users[options->num_allow_users++] = 10881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(arg); 10891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 10901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 10911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sDenyUsers: 10931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 10941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_deny_users >= MAX_DENY_USERS) 10951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many deny users.", 10961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 10971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->deny_users[options->num_deny_users++] = 10981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(arg); 10991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 11001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAllowGroups: 11031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 11041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 11051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many allow groups.", 11061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_groups[options->num_allow_groups++] = 11081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(arg); 11091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 11101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sDenyGroups: 11131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 11141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_deny_groups >= MAX_DENY_GROUPS) 11151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many deny groups.", 11161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->deny_groups[options->num_deny_groups++] = xstrdup(arg); 11181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 11191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sCiphers: 11221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing argument.", filename, linenum); 11251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!ciphers_valid(arg)) 11261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 11271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 11281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ciphers == NULL) 11291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ciphers = xstrdup(arg); 11301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sMacs: 11331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing argument.", filename, linenum); 11361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!mac_valid(arg)) 11371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad SSH2 mac spec '%s'.", 11381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 11391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->macs == NULL) 11401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->macs = xstrdup(arg); 11411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKexAlgorithms: 11441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing argument.", 11471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!kex_names_valid(arg)) 11491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 11501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 11511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kex_algorithms == NULL) 11521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kex_algorithms = xstrdup(arg); 11531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sProtocol: 11561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->protocol; 11571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing argument.", filename, linenum); 11601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = proto_spec(arg); 11611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value == SSH_PROTO_UNKNOWN) 11621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad protocol spec '%s'.", 11631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 11641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*intptr == SSH_PROTO_UNKNOWN) 11651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 11661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sSubsystem: 11691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_subsystems >= MAX_SUBSYSTEMS) { 11701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many subsystems defined.", 11711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 11731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing subsystem name.", 11761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!*activep) { 11781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 11811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < options->num_subsystems; i++) 11821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcmp(arg, options->subsystem_name[i]) == 0) 11831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Subsystem '%s' already defined.", 11841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 11851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->subsystem_name[options->num_subsystems] = xstrdup(arg); 11861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing subsystem command.", 11891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->subsystem_command[options->num_subsystems] = xstrdup(arg); 11911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Collect arguments (separate to executable) */ 11931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = xstrdup(arg); 11941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood len = strlen(p) + 1; 11951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 11961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood len += 1 + strlen(arg); 11971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = xrealloc(p, 1, len); 11981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strlcat(p, " ", len); 11991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strlcat(p, arg, len); 12001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 12011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->subsystem_args[options->num_subsystems] = p; 12021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_subsystems++; 12031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 12041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sMaxStartups: 12061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 12071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 12081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing MaxStartups spec.", 12091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((n = sscanf(arg, "%d:%d:%d", 12111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood &options->max_startups_begin, 12121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood &options->max_startups_rate, 12131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood &options->max_startups)) == 3) { 12141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_startups_begin > 12151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups || 12161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_rate > 100 || 12171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_rate < 1) 12181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Illegal MaxStartups spec.", 12191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (n != 1) 12211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Illegal MaxStartups spec.", 12221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 12241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups = options->max_startups_begin; 12251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 12261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sMaxAuthTries: 12281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->max_authtries; 12291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_int; 12301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sMaxSessions: 12321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->max_sessions; 12331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_int; 12341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sBanner: 12361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->banner; 12371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 12381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 12401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * These options can contain %X options expanded at 12411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * connect time, so that you can specify paths like: 12421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 12431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * AuthorizedKeysFile /etc/ssh_keys/%u 12441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 12451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAuthorizedKeysFile: 12461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && options->num_authkeys_files == 0) { 12471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 12481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_authkeys_files >= 12491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood MAX_AUTHKEYS_FILES) 12501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: " 12511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "too many authorized keys files.", 12521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->authorized_keys_files[ 12541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_authkeys_files++] = 12551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood tilde_expand_filename(arg, getuid()); 12561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 12571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 12581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 12591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAuthorizedPrincipalsFile: 12611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->authorized_principals_file; 12621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 12631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 12641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing file name.", 12651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *charptr == NULL) { 12671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *charptr = tilde_expand_filename(arg, getuid()); 12681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* increase optional counter */ 12691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (intptr != NULL) 12701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = *intptr + 1; 12711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 12721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 12731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sClientAliveInterval: 12751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->client_alive_interval; 12761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_time; 12771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sClientAliveCountMax: 12791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->client_alive_count_max; 12801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_int; 12811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAcceptEnv: 12831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 12841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strchr(arg, '=') != NULL) 12851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Invalid environment name.", 12861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_accept_env >= MAX_ACCEPT_ENV) 12881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many allow env.", 12891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!*activep) 12911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 12921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->accept_env[options->num_accept_env++] = 12931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(arg); 12941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 12951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 12961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPermitTunnel: 12981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->permit_tun; 12991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 13001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 13011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing yes/point-to-point/" 13021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "ethernet/no argument.", filename, linenum); 13031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = -1; 13041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; tunmode_desc[i].val != -1; i++) 13051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcmp(tunmode_desc[i].text, arg) == 0) { 13061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = tunmode_desc[i].val; 13071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 13091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value == -1) 13101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad yes/point-to-point/ethernet/" 13111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "no argument: %s", filename, linenum, arg); 13121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*intptr == -1) 13131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 13141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sMatch: 13171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (cmdline) 13181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("Match directive not supported as a command-line " 13191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "option"); 13201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = match_cfg_line(&cp, linenum, user, host, address); 13211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value < 0) 13221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad Match condition", filename, 13231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood linenum); 13241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *activep = value; 13251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPermitOpen: 13281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 13291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 13301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing PermitOpen specification", 13311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 13321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood n = options->num_permitted_opens; /* modified later */ 13331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcmp(arg, "any") == 0) { 13341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && n == -1) { 13351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood channel_clear_adm_permitted_opens(); 13361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_permitted_opens = 0; 13371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 13381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 13401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && n == -1) 13411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood channel_clear_adm_permitted_opens(); 13421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 13431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = hpdelim(&arg); 13441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (p == NULL) 13451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing host in PermitOpen", 13461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 13471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = cleanhostname(p); 13481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (arg == NULL || (port = a2port(arg)) <= 0) 13491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: bad port number in " 13501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "PermitOpen", filename, linenum); 13511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && n == -1) 13521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_permitted_opens = 13531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood channel_add_adm_permitted_opens(p, port); 13541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 13551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sForceCommand: 13581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (cp == NULL) 13591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%.200s line %d: Missing argument.", filename, 13601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood linenum); 13611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood len = strspn(cp, WHITESPACE); 13621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && options->adm_forced_command == NULL) 13631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->adm_forced_command = xstrdup(cp + len); 13641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 13651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sChrootDirectory: 13671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->chroot_directory; 13681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 13701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 13711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing file name.", 13721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 13731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *charptr == NULL) 13741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *charptr = xstrdup(arg); 13751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sTrustedUserCAKeys: 13781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->trusted_user_ca_keys; 13791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 13801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sRevokedKeys: 13821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->revoked_keys_file; 13831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 13841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sIPQoS: 13861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 13871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((value = parse_ipqos(arg)) == -1) 13881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad IPQoS value: %s", 13891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 13901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 13911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (arg == NULL) 13921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value2 = value; 13931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else if ((value2 = parse_ipqos(arg)) == -1) 13941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad IPQoS value: %s", 13951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 13961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep) { 13971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_interactive = value; 13981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_bulk = value2; 13991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 14001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 14011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sDeprecated: 14031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood logit("%s line %d: Deprecated option %s", 14041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 14051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (arg) 14061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 14071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 14081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUnsupported: 14101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood logit("%s line %d: Unsupported option %s", 14111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 14121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (arg) 14131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 14141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 14151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 14171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing handler for opcode %s (%d)", 14181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg, opcode); 14191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 14201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 14211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: garbage at end of line; \"%.200s\".", 14221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 14231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 14241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 14251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Reads the server configuration file. */ 14271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 14291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodload_server_config(const char *filename, Buffer *conf) 14301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 14311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char line[1024], *cp; 14321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood FILE *f; 14331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug2("%s: filename %s", __func__, filename); 14351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((f = fopen(filename, "r")) == NULL) { 14361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood perror(filename); 14371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(1); 14381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 14391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood buffer_clear(conf); 14401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (fgets(line, sizeof(line), f)) { 14411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 14421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Trim out comments and strip whitespace 14431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * NB - preserve newlines, they are needed to reproduce 14441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * line numbers later for error messages 14451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 14461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((cp = strchr(line, '#')) != NULL) 14471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood memcpy(cp, "\n", 2); 14481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cp = line + strspn(line, " \t\r"); 14491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood buffer_append(conf, cp, strlen(cp)); 14511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 14521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood buffer_append(conf, "\0", 1); 14531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fclose(f); 14541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug2("%s: done config len = %d", __func__, buffer_len(conf)); 14551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 14561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 14581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodparse_server_match_config(ServerOptions *options, const char *user, 14591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *host, const char *address) 14601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 14611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ServerOptions mo; 14628e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood#ifdef ANDROID 14638e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood char value[PROPERTY_VALUE_MAX]; 14648e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood#endif 14651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood initialize_server_options(&mo); 14671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_server_config(&mo, "reprocess config", &cfg, user, host, address); 14688e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood#ifdef ANDROID 14698e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood /* Allow root login if ro.debuggable is set */ 14708e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood property_get("ro.debuggable", value, ""); 14718e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood if (strcmp(value, "1") == 0) 14728e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood mo.permit_root_login = PERMIT_YES; 14738e48564f68a59a5f436a1773f94284eab3af8abcMike Lockwood#endif 14741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood copy_set_server_options(options, &mo, 0); 14751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 14761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Helper macros */ 14781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define M_CP_INTOPT(n) do {\ 14791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (src->n != -1) \ 14801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dst->n = src->n; \ 14811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} while (0) 14821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define M_CP_STROPT(n) do {\ 14831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (src->n != NULL) { \ 14841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (dst->n != NULL) \ 14851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xfree(dst->n); \ 14861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dst->n = src->n; \ 14871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } \ 14881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} while(0) 14891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define M_CP_STRARRAYOPT(n, num_n) do {\ 14901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (src->num_n != 0) { \ 14911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ 14921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ 14931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } \ 14941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} while(0) 14951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 14971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Copy any supported values that are set. 14981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 14991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * If the preauth flag is set, we do not bother copying the string or 15001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * array values that are not used pre-authentication, because any that we 15011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * do use must be explictly sent in mm_getpwnamallow(). 15021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 15031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 15041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcopy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 15051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 15061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(password_authentication); 15071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(gss_authentication); 15081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(rsa_authentication); 15091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(pubkey_authentication); 15101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(kerberos_authentication); 15111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(hostbased_authentication); 15121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(hostbased_uses_name_from_packet_only); 15131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(kbd_interactive_authentication); 15141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(zero_knowledge_password_authentication); 15151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(permit_root_login); 15161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(permit_empty_passwd); 15171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(allow_tcp_forwarding); 15191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(allow_agent_forwarding); 15201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(permit_tun); 15211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(gateway_ports); 15221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(x11_display_offset); 15231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(x11_forwarding); 15241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(x11_use_localhost); 15251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(max_sessions); 15261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(max_authtries); 15271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(ip_qos_interactive); 15281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(ip_qos_bulk); 15291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* See comment in servconf.h */ 15311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood COPY_MATCH_STRING_OPTS(); 15321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 15341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The only things that should be below this point are string options 15351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * which are only used after authentication. 15361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 15371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (preauth) 15381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 15391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_STROPT(adm_forced_command); 15411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_STROPT(chroot_directory); 15421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 15431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#undef M_CP_INTOPT 15451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#undef M_CP_STROPT 15461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#undef M_CP_STRARRAYOPT 15471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 15491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodparse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 15501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *user, const char *host, const char *address) 15511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 15521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int active, linenum, bad_options = 0; 15531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *cp, *obuf, *cbuf; 15541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 15561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood obuf = cbuf = xstrdup(buffer_ptr(conf)); 15581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood active = user ? 0 : 1; 15591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood linenum = 1; 15601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((cp = strsep(&cbuf, "\n")) != NULL) { 15611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (process_server_config_line(options, cp, filename, 15621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood linenum++, &active, user, host, address) != 0) 15631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood bad_options++; 15641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 15651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xfree(obuf); 15661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (bad_options > 0) 15671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s: terminating, %d bad configuration options", 15681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, bad_options); 15691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 15701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const char * 15721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfmt_multistate_int(int val, const struct multistate *m) 15731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 15741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 15751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; m[i].key != NULL; i++) { 15771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (m[i].value == val) 15781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return m[i].key; 15791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 15801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "UNKNOWN"; 15811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 15821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const char * 15841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfmt_intarg(ServerOpCodes code, int val) 15851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 15861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (val == -1) 15871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "unset"; 15881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (code) { 15891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAddressFamily: 15901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return fmt_multistate_int(val, multistate_addressfamily); 15911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPermitRootLogin: 15921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return fmt_multistate_int(val, multistate_permitrootlogin); 15931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sGatewayPorts: 15941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return fmt_multistate_int(val, multistate_gatewayports); 15951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sCompression: 15961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return fmt_multistate_int(val, multistate_compression); 15971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUsePrivilegeSeparation: 15981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return fmt_multistate_int(val, multistate_privsep); 15991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sProtocol: 16001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (val) { 16011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case SSH_PROTO_1: 16021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "1"; 16031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case SSH_PROTO_2: 16041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "2"; 16051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case (SSH_PROTO_1|SSH_PROTO_2): 16061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "2,1"; 16071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 16081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "UNKNOWN"; 16091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 16101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 16111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (val) { 16121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 0: 16131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "no"; 16141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 1: 16151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "yes"; 16161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 16171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "UNKNOWN"; 16181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 16191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 16201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const char * 16231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodlookup_opcode_name(ServerOpCodes code) 16241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 16261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; keywords[i].name != NULL; i++) 16281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (keywords[i].opcode == code) 16291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return(keywords[i].name); 16301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "UNKNOWN"; 16311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 16341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_cfg_int(ServerOpCodes code, int val) 16351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s %d\n", lookup_opcode_name(code), val); 16371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 16401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_cfg_fmtint(ServerOpCodes code, int val) 16411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 16431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 16461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_cfg_string(ServerOpCodes code, const char *val) 16471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (val == NULL) 16491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 16501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s %s\n", lookup_opcode_name(code), val); 16511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 16541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 16551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 16571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < count; i++) 16591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s %s\n", lookup_opcode_name(code), vals[i]); 16601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 16631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 16641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 16661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s", lookup_opcode_name(code)); 16681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < count; i++) 16691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf(" %s", vals[i]); 16701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("\n"); 16711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 16741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_config(ServerOptions *o) 16751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 16771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int ret; 16781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct addrinfo *ai; 16791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 16801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* these are usually at the top of the config */ 16821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < o->num_ports; i++) 16831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("port %d\n", o->ports[i]); 16841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sProtocol, o->protocol); 16851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sAddressFamily, o->address_family); 16861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* ListenAddress must be after Port */ 16881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 16891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 16901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sizeof(addr), port, sizeof(port), 16911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 16921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("getnameinfo failed: %.100s", 16931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood (ret != EAI_SYSTEM) ? gai_strerror(ret) : 16941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strerror(errno)); 16951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { 16961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ai->ai_family == AF_INET6) 16971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("listenaddress [%s]:%s\n", addr, port); 16981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 16991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("listenaddress %s:%s\n", addr, port); 17001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 17011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 17021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* integer arguments */ 17041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef USE_PAM 17051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sUsePAM, o->use_pam); 17061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 17071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sServerKeyBits, o->server_key_bits); 17081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sLoginGraceTime, o->login_grace_time); 17091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); 17101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 17111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sMaxAuthTries, o->max_authtries); 17121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sMaxSessions, o->max_sessions); 17131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 17141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 17151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* formatted integer arguments */ 17171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 17181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 17191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 17201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication); 17211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 17221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 17231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->hostbased_uses_name_from_packet_only); 17241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication); 17251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 17261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef KRB5 17271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 17281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 17291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 17301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ifdef USE_AFS 17311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 17321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif 17331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 17341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef GSSAPI 17351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 17361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 17371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 17381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef JPAKE 17391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, 17401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->zero_knowledge_password_authentication); 17411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 17421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 17431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sKbdInteractiveAuthentication, 17441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->kbd_interactive_authentication); 17451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sChallengeResponseAuthentication, 17461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->challenge_response_authentication); 17471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPrintMotd, o->print_motd); 17481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 17491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 17501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 17511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sStrictModes, o->strict_modes); 17521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 17531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 17541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 17551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sUseLogin, o->use_login); 17561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sCompression, o->compression); 17571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); 17581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sUseDNS, o->use_dns); 17591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 17601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 17611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* string arguments */ 17631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sPidFile, o->pid_file); 17641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sXAuthLocation, o->xauth_location); 17651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sCiphers, o->ciphers); 17661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sMacs, o->macs); 17671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sBanner, o->banner); 17681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sForceCommand, o->adm_forced_command); 17691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sChrootDirectory, o->chroot_directory); 17701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 17711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 17721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sAuthorizedPrincipalsFile, 17731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->authorized_principals_file); 17741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* string arguments requiring a lookup */ 17761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 17771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 17781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* string array arguments */ 17801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 17811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->authorized_keys_files); 17821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 17831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->host_key_files); 17841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, 17851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->host_cert_files); 17861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 17871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 17881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 17891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 17901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 17911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* other arguments */ 17931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < o->num_subsystems; i++) 17941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("subsystem %s %s\n", o->subsystem_name[i], 17951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->subsystem_args[i]); 17961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 17981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->max_startups_rate, o->max_startups); 17991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 18001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; tunmode_desc[i].val != -1; i++) 18011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (tunmode_desc[i].val == o->permit_tun) { 18021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood s = tunmode_desc[i].text; 18031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 18041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 18051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sPermitTunnel, s); 18061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 18071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 18081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s\n", iptos2str(o->ip_qos_bulk)); 18091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 18101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood channel_print_adm_permitted_opens(); 18111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 1812