servconf.c revision 1305e95ba6ff9fa202d0818caf10405df4b0f648
11305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* $OpenBSD: servconf.c,v 1.222 2011/06/22 21:57:01 djm Exp $ */ 21305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 31305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 41305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * All rights reserved 51305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 61305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * As far as I am concerned, the code I have written for this software 71305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * can be used freely for any purpose. Any derived versions of this 81305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * software must be clearly marked as such, and if the derived work is 91305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * incompatible with the protocol description in the RFC file, it must be 101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * called by a name other than "ssh" or "Secure Shell". 111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "includes.h" 141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/types.h> 161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/socket.h> 171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <netinet/in.h> 191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <netinet/in_systm.h> 201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <netinet/ip.h> 211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <netdb.h> 231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <pwd.h> 241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <stdio.h> 251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <stdlib.h> 261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <string.h> 271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <signal.h> 281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <unistd.h> 291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <stdarg.h> 301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <errno.h> 311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "openbsd-compat/sys-queue.h" 331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "xmalloc.h" 341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "ssh.h" 351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "log.h" 361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "buffer.h" 371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "servconf.h" 381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "compat.h" 391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "pathnames.h" 401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "misc.h" 411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "cipher.h" 421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "key.h" 431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "kex.h" 441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "mac.h" 451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "match.h" 461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "channels.h" 471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "groupaccess.h" 481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void add_listen_addr(ServerOptions *, char *, int); 501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void add_one_listen_addr(ServerOptions *, char *, int); 511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Use of privilege separation or not */ 531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodextern int use_privsep; 541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodextern Buffer cfg; 551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Initializes the server options to their default values. */ 571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodinitialize_server_options(ServerOptions *options) 601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood memset(options, 0, sizeof(*options)); 621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Portable-specific options */ 641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_pam = -1; 651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Standard Options */ 671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_ports = 0; 681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ports_from_cmdline = 0; 691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->listen_addrs = NULL; 701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->address_family = -1; 711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_host_key_files = 0; 721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_host_cert_files = 0; 731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->pid_file = NULL; 741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->server_key_bits = -1; 751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->login_grace_time = -1; 761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->key_regeneration_time = -1; 771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_root_login = PERMIT_NOT_SET; 781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ignore_rhosts = -1; 791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ignore_user_known_hosts = -1; 801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->print_motd = -1; 811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->print_lastlog = -1; 821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_forwarding = -1; 831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_display_offset = -1; 841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_use_localhost = -1; 851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->xauth_location = NULL; 861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->strict_modes = -1; 871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->tcp_keep_alive = -1; 881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->log_facility = SYSLOG_FACILITY_NOT_SET; 891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->log_level = SYSLOG_LEVEL_NOT_SET; 901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->rhosts_rsa_authentication = -1; 911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->hostbased_authentication = -1; 921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->hostbased_uses_name_from_packet_only = -1; 931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->rsa_authentication = -1; 941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->pubkey_authentication = -1; 951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_authentication = -1; 961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_or_local_passwd = -1; 971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_ticket_cleanup = -1; 981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_get_afs_token = -1; 991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gss_authentication=-1; 1001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gss_cleanup_creds = -1; 1011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->password_authentication = -1; 1021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kbd_interactive_authentication = -1; 1031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->challenge_response_authentication = -1; 1041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_empty_passwd = -1; 1051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_user_env = -1; 1061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_login = -1; 1071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->compression = -1; 1081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_tcp_forwarding = -1; 1091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_agent_forwarding = -1; 1101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_allow_users = 0; 1111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_deny_users = 0; 1121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_allow_groups = 0; 1131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_deny_groups = 0; 1141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ciphers = NULL; 1151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->macs = NULL; 1161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kex_algorithms = NULL; 1171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->protocol = SSH_PROTO_UNKNOWN; 1181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gateway_ports = -1; 1191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_subsystems = 0; 1201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_begin = -1; 1211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_rate = -1; 1221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups = -1; 1231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_authtries = -1; 1241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_sessions = -1; 1251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->banner = NULL; 1261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_dns = -1; 1271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->client_alive_interval = -1; 1281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->client_alive_count_max = -1; 1291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_authkeys_files = 0; 1301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_accept_env = 0; 1311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_tun = -1; 1321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_permitted_opens = -1; 1331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->adm_forced_command = NULL; 1341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->chroot_directory = NULL; 1351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->zero_knowledge_password_authentication = -1; 1361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->revoked_keys_file = NULL; 1371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->trusted_user_ca_keys = NULL; 1381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->authorized_principals_file = NULL; 1391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_interactive = -1; 1401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_bulk = -1; 1411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 1421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 1441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfill_default_server_options(ServerOptions *options) 1451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 1461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Portable-specific options */ 1471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->use_pam == -1) 1481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_pam = 0; 1491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Standard Options */ 1511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->protocol == SSH_PROTO_UNKNOWN) 1521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->protocol = SSH_PROTO_2; 1531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_host_key_files == 0) { 1541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* fill default hostkeys for protocols */ 1551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->protocol & SSH_PROTO_1) 1561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->host_key_files[options->num_host_key_files++] = 1571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood _PATH_HOST_KEY_FILE; 1581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->protocol & SSH_PROTO_2) { 1591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->host_key_files[options->num_host_key_files++] = 1601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood _PATH_HOST_RSA_KEY_FILE; 1611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->host_key_files[options->num_host_key_files++] = 1621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood _PATH_HOST_DSA_KEY_FILE; 1631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef OPENSSL_HAS_ECC 1641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->host_key_files[options->num_host_key_files++] = 1651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood _PATH_HOST_ECDSA_KEY_FILE; 1661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 1671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 1681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 1691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* No certificates by default */ 1701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_ports == 0) 1711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 1721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->listen_addrs == NULL) 1731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood add_listen_addr(options, NULL, 0); 1741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->pid_file == NULL) 1751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->pid_file = _PATH_SSH_DAEMON_PID_FILE; 1761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->server_key_bits == -1) 1771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->server_key_bits = 1024; 1781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->login_grace_time == -1) 1791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->login_grace_time = 120; 1801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->key_regeneration_time == -1) 1811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->key_regeneration_time = 3600; 1821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->permit_root_login == PERMIT_NOT_SET) 1831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_root_login = PERMIT_YES; 1841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ignore_rhosts == -1) 1851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ignore_rhosts = 1; 1861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ignore_user_known_hosts == -1) 1871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ignore_user_known_hosts = 0; 1881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->print_motd == -1) 1891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->print_motd = 1; 1901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->print_lastlog == -1) 1911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->print_lastlog = 1; 1921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->x11_forwarding == -1) 1931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_forwarding = 0; 1941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->x11_display_offset == -1) 1951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_display_offset = 10; 1961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->x11_use_localhost == -1) 1971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->x11_use_localhost = 1; 1981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->xauth_location == NULL) 1991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->xauth_location = _PATH_XAUTH; 2001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->strict_modes == -1) 2011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->strict_modes = 1; 2021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->tcp_keep_alive == -1) 2031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->tcp_keep_alive = 1; 2041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 2051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->log_facility = SYSLOG_FACILITY_AUTH; 2061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->log_level == SYSLOG_LEVEL_NOT_SET) 2071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->log_level = SYSLOG_LEVEL_INFO; 2081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->rhosts_rsa_authentication == -1) 2091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->rhosts_rsa_authentication = 0; 2101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->hostbased_authentication == -1) 2111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->hostbased_authentication = 0; 2121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->hostbased_uses_name_from_packet_only == -1) 2131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->hostbased_uses_name_from_packet_only = 0; 2141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->rsa_authentication == -1) 2151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->rsa_authentication = 1; 2161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->pubkey_authentication == -1) 2171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->pubkey_authentication = 1; 2181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kerberos_authentication == -1) 2191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_authentication = 0; 2201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kerberos_or_local_passwd == -1) 2211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_or_local_passwd = 1; 2221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kerberos_ticket_cleanup == -1) 2231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_ticket_cleanup = 1; 2241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kerberos_get_afs_token == -1) 2251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kerberos_get_afs_token = 0; 2261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->gss_authentication == -1) 2271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gss_authentication = 0; 2281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->gss_cleanup_creds == -1) 2291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gss_cleanup_creds = 1; 2301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->password_authentication == -1) 2311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->password_authentication = 1; 2321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kbd_interactive_authentication == -1) 2331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kbd_interactive_authentication = 0; 2341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->challenge_response_authentication == -1) 2351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->challenge_response_authentication = 1; 2361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->permit_empty_passwd == -1) 2371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_empty_passwd = 0; 2381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->permit_user_env == -1) 2391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_user_env = 0; 2401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->use_login == -1) 2411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_login = 0; 2421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->compression == -1) 2431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->compression = COMP_DELAYED; 2441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->allow_tcp_forwarding == -1) 2451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_tcp_forwarding = 1; 2461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->allow_agent_forwarding == -1) 2471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_agent_forwarding = 1; 2481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->gateway_ports == -1) 2491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->gateway_ports = 0; 2501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_startups == -1) 2511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups = 10; 2521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_startups_rate == -1) 2531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_rate = 100; /* 100% */ 2541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_startups_begin == -1) 2551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_begin = options->max_startups; 2561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_authtries == -1) 2571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_authtries = DEFAULT_AUTH_FAIL_MAX; 2581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_sessions == -1) 2591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_sessions = DEFAULT_SESSIONS_MAX; 2601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->use_dns == -1) 2611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->use_dns = 1; 2621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->client_alive_interval == -1) 2631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->client_alive_interval = 0; 2641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->client_alive_count_max == -1) 2651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->client_alive_count_max = 3; 2661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_authkeys_files == 0) { 2671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->authorized_keys_files[options->num_authkeys_files++] = 2681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); 2691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->authorized_keys_files[options->num_authkeys_files++] = 2701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); 2711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->permit_tun == -1) 2731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->permit_tun = SSH_TUNMODE_NO; 2741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->zero_knowledge_password_authentication == -1) 2751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->zero_knowledge_password_authentication = 0; 2761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ip_qos_interactive == -1) 2771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_interactive = IPTOS_LOWDELAY; 2781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ip_qos_bulk == -1) 2791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_bulk = IPTOS_THROUGHPUT; 2801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Turn privilege separation on by default */ 2821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (use_privsep == -1) 2831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood use_privsep = PRIVSEP_ON; 2841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifndef HAVE_MMAP 2861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (use_privsep && options->compression == 1) { 2871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("This platform does not support both privilege " 2881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "separation and compression"); 2891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("Compression disabled"); 2901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->compression = 0; 2911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 2931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 2951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Keyword tokens. */ 2971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodtypedef enum { 2981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sBadOption, /* == unknown option */ 2991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Portable-specific options */ 3001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sUsePAM, 3011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Standard Options */ 3021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, 3031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sPermitRootLogin, sLogFacility, sLogLevel, 3041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sRhostsRSAAuthentication, sRSAAuthentication, 3051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 3061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sKerberosGetAFSToken, 3071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sKerberosTgtPassing, sChallengeResponseAuthentication, 3081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sPasswordAuthentication, sKbdInteractiveAuthentication, 3091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sListenAddress, sAddressFamily, 3101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sPrintMotd, sPrintLastLog, sIgnoreRhosts, 3111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 3121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sStrictModes, sEmptyPasswd, sTCPKeepAlive, 3131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 3141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 3151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 3161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, 3171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sMaxStartups, sMaxAuthTries, sMaxSessions, 3181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sBanner, sUseDNS, sHostbasedAuthentication, 3191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 3201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sClientAliveCountMax, sAuthorizedKeysFile, 3211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, 3221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 3231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sUsePrivilegeSeparation, sAllowAgentForwarding, 3241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sZeroKnowledgePasswordAuthentication, sHostCertificate, 3251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 3261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sKexAlgorithms, sIPQoS, 3271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sDeprecated, sUnsupported 3281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} ServerOpCodes; 3291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 3311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ 3321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) 3331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Textual representation of the tokens. */ 3351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic struct { 3361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *name; 3371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ServerOpCodes opcode; 3381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int flags; 3391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} keywords[] = { 3401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Portable-specific options */ 3411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef USE_PAM 3421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "usepam", sUsePAM, SSHCFG_GLOBAL }, 3431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 3441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "usepam", sUnsupported, SSHCFG_GLOBAL }, 3451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 3461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL }, 3471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Standard Options */ 3481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "port", sPort, SSHCFG_GLOBAL }, 3491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, 3501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 3511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "pidfile", sPidFile, SSHCFG_GLOBAL }, 3521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, 3531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 3541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, 3551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 3561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 3571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 3581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 3591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, 3601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 3611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 3621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, 3631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 3641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 3651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef KRB5 3661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, 3671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, 3681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, 3691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef USE_AFS 3701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosgetafstoken", sKerberosGetAFSToken, SSHCFG_GLOBAL }, 3711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 3721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 3731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 3741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 3751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, 3761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, 3771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, 3781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, 3791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 3801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, 3811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, 3821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef GSSAPI 3831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 3841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 3851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 3861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 3871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 3881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 3891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 3901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 3911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 3921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 3931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef JPAKE 3941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL }, 3951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 3961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL }, 3971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 3981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 3991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 4001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 4011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, 4021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, 4031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, 4041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, 4051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, 4061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, 4071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 4081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 4091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 4101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 4111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 4121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 4131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "compression", sCompression, SSHCFG_GLOBAL }, 4141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 4151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ 4161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, 4171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, 4181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "allowusers", sAllowUsers, SSHCFG_GLOBAL }, 4191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "denyusers", sDenyUsers, SSHCFG_GLOBAL }, 4201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "allowgroups", sAllowGroups, SSHCFG_GLOBAL }, 4211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, 4221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "ciphers", sCiphers, SSHCFG_GLOBAL }, 4231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "macs", sMacs, SSHCFG_GLOBAL }, 4241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "protocol", sProtocol, SSHCFG_GLOBAL }, 4251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 4261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 4271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 4281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, 4291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "maxsessions", sMaxSessions, SSHCFG_ALL }, 4301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "banner", sBanner, SSHCFG_ALL }, 4311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "usedns", sUseDNS, SSHCFG_GLOBAL }, 4321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 4331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 4341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, 4351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, 4361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 4371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 4381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 4391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, 4401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 4411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "match", sMatch, SSHCFG_ALL }, 4421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "permitopen", sPermitOpen, SSHCFG_ALL }, 4431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "forcecommand", sForceCommand, SSHCFG_ALL }, 4441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 4451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 4461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 4471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 4481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 4491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 4501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "ipqos", sIPQoS, SSHCFG_ALL }, 4511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, sBadOption, 0 } 4521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 4531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic struct { 4551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int val; 4561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *text; 4571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} tunmode_desc[] = { 4581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { SSH_TUNMODE_NO, "no" }, 4591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { SSH_TUNMODE_POINTOPOINT, "point-to-point" }, 4601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { SSH_TUNMODE_ETHERNET, "ethernet" }, 4611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { SSH_TUNMODE_YES, "yes" }, 4621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { -1, NULL } 4631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 4641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 4661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Returns the number of the token pointed to by cp or sBadOption. 4671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 4681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic ServerOpCodes 4701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodparse_token(const char *cp, const char *filename, 4711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int linenum, u_int *flags) 4721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 4731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 4741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; keywords[i].name; i++) 4761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcasecmp(cp, keywords[i].name) == 0) { 4771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *flags = keywords[i].flags; 4781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return keywords[i].opcode; 4791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("%s: line %d: Bad configuration option: %s", 4821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, cp); 4831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return sBadOption; 4841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 4851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodchar * 4871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodderelativise_path(const char *path) 4881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 4891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *expanded, *ret, cwd[MAXPATHLEN]; 4901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood expanded = tilde_expand_filename(path, getuid()); 4921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*expanded == '/') 4931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return expanded; 4941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (getcwd(cwd, sizeof(cwd)) == NULL) 4951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s: getcwd: %s", __func__, strerror(errno)); 4961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xasprintf(&ret, "%s/%s", cwd, expanded); 4971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xfree(expanded); 4981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return ret; 4991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 5001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 5021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodadd_listen_addr(ServerOptions *options, char *addr, int port) 5031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 5041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 5051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_ports == 0) 5071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 5081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->address_family == -1) 5091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->address_family = AF_UNSPEC; 5101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (port == 0) 5111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < options->num_ports; i++) 5121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood add_one_listen_addr(options, addr, options->ports[i]); 5131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 5141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood add_one_listen_addr(options, addr, port); 5151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 5161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 5181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodadd_one_listen_addr(ServerOptions *options, char *addr, int port) 5191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 5201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct addrinfo hints, *ai, *aitop; 5211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char strport[NI_MAXSERV]; 5221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int gaierr; 5231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood memset(&hints, 0, sizeof(hints)); 5251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood hints.ai_family = options->address_family; 5261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood hints.ai_socktype = SOCK_STREAM; 5271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 5281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood snprintf(strport, sizeof strport, "%d", port); 5291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 5301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("bad addr or host: %s (%s)", 5311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood addr ? addr : "<NULL>", 5321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssh_gai_strerror(gaierr)); 5331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (ai = aitop; ai->ai_next; ai = ai->ai_next) 5341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ; 5351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ai->ai_next = options->listen_addrs; 5361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->listen_addrs = aitop; 5371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 5381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 5401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The strategy for the Match blocks is that the config file is parsed twice. 5411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 5421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The first time is at startup. activep is initialized to 1 and the 5431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * directives in the global context are processed and acted on. Hitting a 5441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match directive unsets activep and the directives inside the block are 5451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * checked for syntax only. 5461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 5471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The second time is after a connection has been established but before 5481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * authentication. activep is initialized to 2 and global config directives 5491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * are ignored since they have already been processed. If the criteria in a 5501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match block is met, activep is set and the subsequent directives 5511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * processed and actioned until EOF or another Match block unsets it. Any 5521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * options set are copied into the main server config. 5531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 5541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Potential additions/improvements: 5551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * - Add Match support for pre-kex directives, eg Protocol, Ciphers. 5561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 5571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * - Add a Tag directive (idea from David Leonard) ala pf, eg: 5581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match Address 192.168.0.* 5591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Tag trusted 5601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match Group wheel 5611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Tag trusted 5621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match Tag trusted 5631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * AllowTcpForwarding yes 5641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * GatewayPorts clientspecified 5651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * [...] 5661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 5671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * - Add a PermittedChannelRequests directive 5681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Match Group shell 5691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * PermittedChannelRequests session,forwarded-tcpip 5701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 5711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic int 5731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodmatch_cfg_line_group(const char *grps, int line, const char *user) 5741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 5751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int result = 0; 5761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct passwd *pw; 5771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (user == NULL) 5791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto out; 5801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((pw = getpwnam(user)) == NULL) { 5821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("Can't match group at line %d because user %.100s does " 5831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "not exist", line, user); 5841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (ga_init(pw->pw_name, pw->pw_gid) == 0) { 5851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("Can't Match group because user %.100s not in any group " 5861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "at line %d", user, line); 5871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (ga_match_pattern_list(grps) != 1) { 5881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("user %.100s does not match group list %.100s at line %d", 5891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood user, grps, line); 5901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { 5911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("user %.100s matched group list %.100s at line %d", user, 5921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood grps, line); 5931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 1; 5941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodout: 5961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ga_free(); 5971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return result; 5981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 5991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic int 6011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodmatch_cfg_line(char **condition, int line, const char *user, const char *host, 6021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *address) 6031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 6041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int result = 1; 6051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *arg, *attrib, *cp = *condition; 6061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood size_t len; 6071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (user == NULL) 6091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("checking syntax for 'Match %s'", cp); 6101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 6111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("checking match for '%s' user %s host %s addr %s", cp, 6121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood user ? user : "(null)", host ? host : "(null)", 6131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood address ? address : "(null)"); 6141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((attrib = strdelim(&cp)) && *attrib != '\0') { 6161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 6171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("Missing Match criteria for %s", attrib); 6181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 6191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood len = strlen(arg); 6211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcasecmp(attrib, "user") == 0) { 6221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!user) { 6231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood continue; 6251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (match_pattern_list(user, arg, len, 0) != 1) 6271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 6291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("user %.100s matched 'User %.100s' at " 6301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "line %d", user, arg, line); 6311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (strcasecmp(attrib, "group") == 0) { 6321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (match_cfg_line_group(arg, line, user)) { 6331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case -1: 6341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 6351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 0: 6361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (strcasecmp(attrib, "host") == 0) { 6391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!host) { 6401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood continue; 6421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (match_hostname(host, arg, len) != 1) 6441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 6461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("connection from %.100s matched 'Host " 6471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "%.100s' at line %d", host, arg, line); 6481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (strcasecmp(attrib, "address") == 0) { 6491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (addr_match_list(address, arg)) { 6501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 1: 6511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("connection from %.100s matched 'Address " 6521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "%.100s' at line %d", address, arg, line); 6531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 6541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 0: 6551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case -1: 6561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = 0; 6571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 6581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case -2: 6591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 6601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { 6621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("Unsupported Match attribute %s", attrib); 6631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 6641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (user != NULL) 6671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("match %sfound", result ? "" : "not "); 6681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *condition = cp; 6691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return result; 6701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 6711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define WHITESPACE " \t\r\n" 6731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Multistate option parsing */ 6751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstruct multistate { 6761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *key; 6771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int value; 6781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 6791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const struct multistate multistate_addressfamily[] = { 6801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "inet", AF_INET }, 6811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "inet6", AF_INET6 }, 6821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "any", AF_UNSPEC }, 6831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, -1 } 6841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 6851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const struct multistate multistate_permitrootlogin[] = { 6861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "without-password", PERMIT_NO_PASSWD }, 6871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "forced-commands-only", PERMIT_FORCED_ONLY }, 6881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "yes", PERMIT_YES }, 6891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "no", PERMIT_NO }, 6901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, -1 } 6911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 6921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const struct multistate multistate_compression[] = { 6931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "delayed", COMP_DELAYED }, 6941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "yes", COMP_ZLIB }, 6951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "no", COMP_NONE }, 6961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, -1 } 6971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 6981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const struct multistate multistate_gatewayports[] = { 6991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "clientspecified", 2 }, 7001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "yes", 1 }, 7011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "no", 0 }, 7021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, -1 } 7031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 7041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const struct multistate multistate_privsep[] = { 7051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "sandbox", PRIVSEP_SANDBOX }, 7061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "yes", PRIVSEP_ON }, 7071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { "no", PRIVSEP_OFF }, 7081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { NULL, -1 } 7091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}; 7101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 7121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodprocess_server_config_line(ServerOptions *options, char *line, 7131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *filename, int linenum, int *activep, const char *user, 7141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *host, const char *address) 7151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 7161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *cp, **charptr, *arg, *p; 7171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int cmdline = 0, *intptr, value, value2, n; 7181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood SyslogFacility *log_facility_ptr; 7191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood LogLevel *log_level_ptr; 7201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ServerOpCodes opcode; 7211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int port; 7221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i, flags = 0; 7231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood size_t len; 7241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const struct multistate *multistate_ptr; 7251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cp = line; 7271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((arg = strdelim(&cp)) == NULL) 7281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 7291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Ignore leading whitespace */ 7301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*arg == '\0') 7311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 7321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || !*arg || *arg == '#') 7331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 7341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = NULL; 7351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = NULL; 7361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood opcode = parse_token(arg, filename, linenum, &flags); 7371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (activep == NULL) { /* We are processing a command line directive */ 7391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cmdline = 1; 7401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood activep = &cmdline; 7411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && opcode != sMatch) 7431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("%s:%d setting %s %s", filename, linenum, arg, cp); 7441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep == 0 && !(flags & SSHCFG_MATCH)) { 7451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (user == NULL) { 7461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Directive '%s' is not allowed " 7471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "within a Match block", filename, linenum, arg); 7481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { /* this is a directive we have already processed */ 7491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (arg) 7501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 7511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 7521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (opcode) { 7561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Portable-specific options */ 7571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUsePAM: 7581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->use_pam; 7591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 7601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Standard Options */ 7621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sBadOption: 7631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 7641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPort: 7651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* ignore ports from configfile if cmdline specifies ports */ 7661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ports_from_cmdline) 7671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 7681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->listen_addrs != NULL) 7691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: ports must be specified before " 7701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "ListenAddress.", filename, linenum); 7711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_ports >= MAX_PORTS) 7721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many ports.", 7731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 7741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 7751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 7761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing port number.", 7771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 7781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ports[options->num_ports++] = a2port(arg); 7791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ports[options->num_ports-1] <= 0) 7801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Badly formatted port number.", 7811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 7821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 7831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sServerKeyBits: 7851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->server_key_bits; 7861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_int: 7871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 7881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 7891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing integer value.", 7901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 7911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = atoi(arg); 7921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *intptr == -1) 7931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 7941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 7951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sLoginGraceTime: 7971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->login_grace_time; 7981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_time: 7991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 8001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 8011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing time value.", 8021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((value = convtime(arg)) == -1) 8041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: invalid time value.", 8051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*intptr == -1) 8071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 8081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKeyRegenerationTime: 8111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->key_regeneration_time; 8121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_time; 8131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sListenAddress: 8151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 8161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (arg == NULL || *arg == '\0') 8171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing address", 8181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 8201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 8211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood && strchr(p+1, ':') != NULL) { 8221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood add_listen_addr(options, arg, 0); 8231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 8251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = hpdelim(&arg); 8261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (p == NULL) 8271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: bad address:port usage", 8281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = cleanhostname(p); 8301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (arg == NULL) 8311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood port = 0; 8321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else if ((port = a2port(arg)) <= 0) 8331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: bad port number", filename, linenum); 8341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood add_listen_addr(options, p, port); 8361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAddressFamily: 8401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->address_family; 8411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood multistate_ptr = multistate_addressfamily; 8421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->listen_addrs != NULL) 8431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: address family must be specified " 8441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "before ListenAddress.", filename, linenum); 8451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_multistate: 8461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 8471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 8481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing argument.", 8491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = -1; 8511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; multistate_ptr[i].key != NULL; i++) { 8521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcasecmp(arg, multistate_ptr[i].key) == 0) { 8531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = multistate_ptr[i].value; 8541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 8561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 8571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value == -1) 8581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: unsupported option \"%s\".", 8591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 8601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *intptr == -1) 8611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 8621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sHostKeyFile: 8651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->num_host_key_files; 8661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*intptr >= MAX_HOSTKEYS) 8671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many host keys specified (max %d).", 8681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, MAX_HOSTKEYS); 8691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->host_key_files[*intptr]; 8701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_filename: 8711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 8721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 8731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing file name.", 8741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 8751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *charptr == NULL) { 8761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *charptr = derelativise_path(arg); 8771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* increase optional counter */ 8781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (intptr != NULL) 8791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = *intptr + 1; 8801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 8811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sHostCertificate: 8841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->num_host_cert_files; 8851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*intptr >= MAX_HOSTKEYS) 8861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many host certificates " 8871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "specified (max %d).", filename, linenum, 8881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood MAX_HOSTCERTS); 8891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->host_cert_files[*intptr]; 8901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 8911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 8921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPidFile: 8941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->pid_file; 8951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 8961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPermitRootLogin: 8981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->permit_root_login; 8991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood multistate_ptr = multistate_permitrootlogin; 9001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_multistate; 9011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sIgnoreRhosts: 9031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->ignore_rhosts; 9041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_flag: 9051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 9061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 9071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing yes/no argument.", 9081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 9091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = 0; /* silence compiler */ 9101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcmp(arg, "yes") == 0) 9111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = 1; 9121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else if (strcmp(arg, "no") == 0) 9131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = 0; 9141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 9151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad yes/no argument: %s", 9161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 9171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *intptr == -1) 9181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 9191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 9201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sIgnoreUserKnownHosts: 9221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->ignore_user_known_hosts; 9231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sRhostsRSAAuthentication: 9261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->rhosts_rsa_authentication; 9271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sHostbasedAuthentication: 9301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->hostbased_authentication; 9311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sHostbasedUsesNameFromPacketOnly: 9341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->hostbased_uses_name_from_packet_only; 9351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sRSAAuthentication: 9381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->rsa_authentication; 9391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPubkeyAuthentication: 9421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->pubkey_authentication; 9431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKerberosAuthentication: 9461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->kerberos_authentication; 9471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKerberosOrLocalPasswd: 9501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->kerberos_or_local_passwd; 9511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKerberosTicketCleanup: 9541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->kerberos_ticket_cleanup; 9551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKerberosGetAFSToken: 9581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->kerberos_get_afs_token; 9591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sGssAuthentication: 9621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->gss_authentication; 9631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sGssCleanupCreds: 9661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->gss_cleanup_creds; 9671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPasswordAuthentication: 9701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->password_authentication; 9711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sZeroKnowledgePasswordAuthentication: 9741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->zero_knowledge_password_authentication; 9751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKbdInteractiveAuthentication: 9781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->kbd_interactive_authentication; 9791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sChallengeResponseAuthentication: 9821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->challenge_response_authentication; 9831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPrintMotd: 9861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->print_motd; 9871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPrintLastLog: 9901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->print_lastlog; 9911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sX11Forwarding: 9941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->x11_forwarding; 9951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 9961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 9971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sX11DisplayOffset: 9981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->x11_display_offset; 9991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_int; 10001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sX11UseLocalhost: 10021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->x11_use_localhost; 10031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sXAuthLocation: 10061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->xauth_location; 10071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 10081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sStrictModes: 10101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->strict_modes; 10111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sTCPKeepAlive: 10141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->tcp_keep_alive; 10151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sEmptyPasswd: 10181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->permit_empty_passwd; 10191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPermitUserEnvironment: 10221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->permit_user_env; 10231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUseLogin: 10261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->use_login; 10271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sCompression: 10301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->compression; 10311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood multistate_ptr = multistate_compression; 10321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_multistate; 10331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sGatewayPorts: 10351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->gateway_ports; 10361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood multistate_ptr = multistate_gatewayports; 10371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_multistate; 10381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUseDNS: 10401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->use_dns; 10411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sLogFacility: 10441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood log_facility_ptr = &options->log_facility; 10451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 10461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = log_facility_number(arg); 10471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value == SYSLOG_FACILITY_NOT_SET) 10481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%.200s line %d: unsupported log facility '%s'", 10491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 10501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*log_facility_ptr == -1) 10511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *log_facility_ptr = (SyslogFacility) value; 10521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 10531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sLogLevel: 10551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood log_level_ptr = &options->log_level; 10561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 10571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = log_level_number(arg); 10581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value == SYSLOG_LEVEL_NOT_SET) 10591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%.200s line %d: unsupported log level '%s'", 10601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 10611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*log_level_ptr == -1) 10621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *log_level_ptr = (LogLevel) value; 10631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 10641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAllowTcpForwarding: 10661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->allow_tcp_forwarding; 10671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAllowAgentForwarding: 10701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->allow_agent_forwarding; 10711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_flag; 10721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUsePrivilegeSeparation: 10741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &use_privsep; 10751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood multistate_ptr = multistate_privsep; 10761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_multistate; 10771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAllowUsers: 10791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 10801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_allow_users >= MAX_ALLOW_USERS) 10811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many allow users.", 10821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 10831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_users[options->num_allow_users++] = 10841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(arg); 10851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 10861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 10871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sDenyUsers: 10891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 10901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_deny_users >= MAX_DENY_USERS) 10911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many deny users.", 10921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 10931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->deny_users[options->num_deny_users++] = 10941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(arg); 10951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 10961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 10971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 10981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAllowGroups: 10991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 11001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 11011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many allow groups.", 11021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->allow_groups[options->num_allow_groups++] = 11041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(arg); 11051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 11061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sDenyGroups: 11091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 11101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_deny_groups >= MAX_DENY_GROUPS) 11111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many deny groups.", 11121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->deny_groups[options->num_deny_groups++] = xstrdup(arg); 11141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 11151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sCiphers: 11181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing argument.", filename, linenum); 11211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!ciphers_valid(arg)) 11221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 11231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 11241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->ciphers == NULL) 11251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ciphers = xstrdup(arg); 11261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sMacs: 11291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing argument.", filename, linenum); 11321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!mac_valid(arg)) 11331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad SSH2 mac spec '%s'.", 11341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 11351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->macs == NULL) 11361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->macs = xstrdup(arg); 11371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sKexAlgorithms: 11401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing argument.", 11431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!kex_names_valid(arg)) 11451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 11461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 11471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->kex_algorithms == NULL) 11481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->kex_algorithms = xstrdup(arg); 11491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sProtocol: 11521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->protocol; 11531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing argument.", filename, linenum); 11561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = proto_spec(arg); 11571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value == SSH_PROTO_UNKNOWN) 11581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad protocol spec '%s'.", 11591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg ? arg : "<NONE>"); 11601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*intptr == SSH_PROTO_UNKNOWN) 11611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 11621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sSubsystem: 11651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_subsystems >= MAX_SUBSYSTEMS) { 11661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many subsystems defined.", 11671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 11691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing subsystem name.", 11721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!*activep) { 11741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 11761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 11771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < options->num_subsystems; i++) 11781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcmp(arg, options->subsystem_name[i]) == 0) 11791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Subsystem '%s' already defined.", 11801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 11811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->subsystem_name[options->num_subsystems] = xstrdup(arg); 11821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 11831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 11841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing subsystem command.", 11851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 11861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->subsystem_command[options->num_subsystems] = xstrdup(arg); 11871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 11881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Collect arguments (separate to executable) */ 11891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = xstrdup(arg); 11901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood len = strlen(p) + 1; 11911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 11921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood len += 1 + strlen(arg); 11931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = xrealloc(p, 1, len); 11941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strlcat(p, " ", len); 11951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strlcat(p, arg, len); 11961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 11971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->subsystem_args[options->num_subsystems] = p; 11981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_subsystems++; 11991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 12001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sMaxStartups: 12021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 12031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 12041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing MaxStartups spec.", 12051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((n = sscanf(arg, "%d:%d:%d", 12071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood &options->max_startups_begin, 12081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood &options->max_startups_rate, 12091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood &options->max_startups)) == 3) { 12101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->max_startups_begin > 12111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups || 12121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_rate > 100 || 12131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups_rate < 1) 12141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Illegal MaxStartups spec.", 12151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else if (n != 1) 12171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Illegal MaxStartups spec.", 12181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 12201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->max_startups = options->max_startups_begin; 12211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 12221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sMaxAuthTries: 12241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->max_authtries; 12251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_int; 12261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sMaxSessions: 12281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->max_sessions; 12291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_int; 12301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sBanner: 12321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->banner; 12331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 12341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 12361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * These options can contain %X options expanded at 12371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * connect time, so that you can specify paths like: 12381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 12391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * AuthorizedKeysFile /etc/ssh_keys/%u 12401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 12411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAuthorizedKeysFile: 12421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && options->num_authkeys_files == 0) { 12431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 12441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_authkeys_files >= 12451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood MAX_AUTHKEYS_FILES) 12461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: " 12471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "too many authorized keys files.", 12481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->authorized_keys_files[ 12501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_authkeys_files++] = 12511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood tilde_expand_filename(arg, getuid()); 12521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 12531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 12541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 12551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAuthorizedPrincipalsFile: 12571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->authorized_principals_file; 12581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 12591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 12601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing file name.", 12611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *charptr == NULL) { 12631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *charptr = tilde_expand_filename(arg, getuid()); 12641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* increase optional counter */ 12651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (intptr != NULL) 12661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = *intptr + 1; 12671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 12681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 12691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sClientAliveInterval: 12711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->client_alive_interval; 12721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_time; 12731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sClientAliveCountMax: 12751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->client_alive_count_max; 12761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_int; 12771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAcceptEnv: 12791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((arg = strdelim(&cp)) && *arg != '\0') { 12801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strchr(arg, '=') != NULL) 12811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Invalid environment name.", 12821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options->num_accept_env >= MAX_ACCEPT_ENV) 12841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: too many allow env.", 12851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 12861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!*activep) 12871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 12881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->accept_env[options->num_accept_env++] = 12891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xstrdup(arg); 12901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 12911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 12921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 12931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPermitTunnel: 12941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood intptr = &options->permit_tun; 12951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 12961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 12971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing yes/point-to-point/" 12981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "ethernet/no argument.", filename, linenum); 12991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = -1; 13001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; tunmode_desc[i].val != -1; i++) 13011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcmp(tunmode_desc[i].text, arg) == 0) { 13021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = tunmode_desc[i].val; 13031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 13051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value == -1) 13061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad yes/point-to-point/ethernet/" 13071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "no argument: %s", filename, linenum, arg); 13081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*intptr == -1) 13091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *intptr = value; 13101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sMatch: 13131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (cmdline) 13141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("Match directive not supported as a command-line " 13151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "option"); 13161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value = match_cfg_line(&cp, linenum, user, host, address); 13171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (value < 0) 13181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad Match condition", filename, 13191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood linenum); 13201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *activep = value; 13211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPermitOpen: 13241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 13251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 13261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing PermitOpen specification", 13271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 13281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood n = options->num_permitted_opens; /* modified later */ 13291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcmp(arg, "any") == 0) { 13301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && n == -1) { 13311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood channel_clear_adm_permitted_opens(); 13321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_permitted_opens = 0; 13331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 13341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 13361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && n == -1) 13371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood channel_clear_adm_permitted_opens(); 13381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { 13391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = hpdelim(&arg); 13401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (p == NULL) 13411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing host in PermitOpen", 13421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 13431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = cleanhostname(p); 13441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (arg == NULL || (port = a2port(arg)) <= 0) 13451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: bad port number in " 13461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "PermitOpen", filename, linenum); 13471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && n == -1) 13481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->num_permitted_opens = 13491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood channel_add_adm_permitted_opens(p, port); 13501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 13511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sForceCommand: 13541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (cp == NULL) 13551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%.200s line %d: Missing argument.", filename, 13561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood linenum); 13571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood len = strspn(cp, WHITESPACE); 13581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && options->adm_forced_command == NULL) 13591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->adm_forced_command = xstrdup(cp + len); 13601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 13611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sChrootDirectory: 13631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->chroot_directory; 13641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 13661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!arg || *arg == '\0') 13671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: missing file name.", 13681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum); 13691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep && *charptr == NULL) 13701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *charptr = xstrdup(arg); 13711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sTrustedUserCAKeys: 13741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->trusted_user_ca_keys; 13751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 13761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sRevokedKeys: 13781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood charptr = &options->revoked_keys_file; 13791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto parse_filename; 13801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sIPQoS: 13821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 13831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((value = parse_ipqos(arg)) == -1) 13841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad IPQoS value: %s", 13851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 13861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 13871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (arg == NULL) 13881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood value2 = value; 13891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else if ((value2 = parse_ipqos(arg)) == -1) 13901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Bad IPQoS value: %s", 13911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 13921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*activep) { 13931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_interactive = value; 13941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood options->ip_qos_bulk = value2; 13951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 13961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 13971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 13981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sDeprecated: 13991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood logit("%s line %d: Deprecated option %s", 14001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 14011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (arg) 14021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 14031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 14041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUnsupported: 14061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood logit("%s line %d: Unsupported option %s", 14071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 14081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (arg) 14091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood arg = strdelim(&cp); 14101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 14111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 14131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: Missing handler for opcode %s (%d)", 14141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg, opcode); 14151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 14161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((arg = strdelim(&cp)) != NULL && *arg != '\0') 14171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s line %d: garbage at end of line; \"%.200s\".", 14181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, linenum, arg); 14191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 14201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 14211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Reads the server configuration file. */ 14231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 14251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodload_server_config(const char *filename, Buffer *conf) 14261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 14271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char line[1024], *cp; 14281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood FILE *f; 14291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug2("%s: filename %s", __func__, filename); 14311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((f = fopen(filename, "r")) == NULL) { 14321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood perror(filename); 14331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(1); 14341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 14351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood buffer_clear(conf); 14361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (fgets(line, sizeof(line), f)) { 14371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 14381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Trim out comments and strip whitespace 14391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * NB - preserve newlines, they are needed to reproduce 14401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * line numbers later for error messages 14411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 14421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((cp = strchr(line, '#')) != NULL) 14431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood memcpy(cp, "\n", 2); 14441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cp = line + strspn(line, " \t\r"); 14451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood buffer_append(conf, cp, strlen(cp)); 14471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 14481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood buffer_append(conf, "\0", 1); 14491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fclose(f); 14501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug2("%s: done config len = %d", __func__, buffer_len(conf)); 14511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 14521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 14541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodparse_server_match_config(ServerOptions *options, const char *user, 14551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *host, const char *address) 14561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 14571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ServerOptions mo; 14581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood initialize_server_options(&mo); 14601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood parse_server_config(&mo, "reprocess config", &cfg, user, host, address); 14611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood copy_set_server_options(options, &mo, 0); 14621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 14631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Helper macros */ 14651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define M_CP_INTOPT(n) do {\ 14661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (src->n != -1) \ 14671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dst->n = src->n; \ 14681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} while (0) 14691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define M_CP_STROPT(n) do {\ 14701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (src->n != NULL) { \ 14711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (dst->n != NULL) \ 14721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xfree(dst->n); \ 14731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dst->n = src->n; \ 14741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } \ 14751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} while(0) 14761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define M_CP_STRARRAYOPT(n, num_n) do {\ 14771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (src->num_n != 0) { \ 14781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ 14791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ 14801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } \ 14811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} while(0) 14821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 14831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 14841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Copy any supported values that are set. 14851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 14861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * If the preauth flag is set, we do not bother copying the string or 14871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * array values that are not used pre-authentication, because any that we 14881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * do use must be explictly sent in mm_getpwnamallow(). 14891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 14901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 14911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcopy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) 14921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 14931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(password_authentication); 14941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(gss_authentication); 14951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(rsa_authentication); 14961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(pubkey_authentication); 14971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(kerberos_authentication); 14981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(hostbased_authentication); 14991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(hostbased_uses_name_from_packet_only); 15001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(kbd_interactive_authentication); 15011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(zero_knowledge_password_authentication); 15021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(permit_root_login); 15031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(permit_empty_passwd); 15041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(allow_tcp_forwarding); 15061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(allow_agent_forwarding); 15071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(permit_tun); 15081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(gateway_ports); 15091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(x11_display_offset); 15101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(x11_forwarding); 15111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(x11_use_localhost); 15121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(max_sessions); 15131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(max_authtries); 15141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(ip_qos_interactive); 15151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_INTOPT(ip_qos_bulk); 15161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* See comment in servconf.h */ 15181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood COPY_MATCH_STRING_OPTS(); 15191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 15211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The only things that should be below this point are string options 15221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * which are only used after authentication. 15231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 15241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (preauth) 15251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 15261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_STROPT(adm_forced_command); 15281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood M_CP_STROPT(chroot_directory); 15291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 15301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#undef M_CP_INTOPT 15321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#undef M_CP_STROPT 15331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#undef M_CP_STRARRAYOPT 15341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 15361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodparse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 15371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *user, const char *host, const char *address) 15381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 15391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int active, linenum, bad_options = 0; 15401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *cp, *obuf, *cbuf; 15411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 15431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood obuf = cbuf = xstrdup(buffer_ptr(conf)); 15451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood active = user ? 0 : 1; 15461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood linenum = 1; 15471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((cp = strsep(&cbuf, "\n")) != NULL) { 15481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (process_server_config_line(options, cp, filename, 15491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood linenum++, &active, user, host, address) != 0) 15501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood bad_options++; 15511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 15521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xfree(obuf); 15531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (bad_options > 0) 15541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s: terminating, %d bad configuration options", 15551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood filename, bad_options); 15561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 15571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const char * 15591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfmt_multistate_int(int val, const struct multistate *m) 15601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 15611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 15621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; m[i].key != NULL; i++) { 15641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (m[i].value == val) 15651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return m[i].key; 15661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 15671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "UNKNOWN"; 15681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 15691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 15701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const char * 15711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfmt_intarg(ServerOpCodes code, int val) 15721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 15731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (val == -1) 15741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "unset"; 15751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (code) { 15761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sAddressFamily: 15771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return fmt_multistate_int(val, multistate_addressfamily); 15781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sPermitRootLogin: 15791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return fmt_multistate_int(val, multistate_permitrootlogin); 15801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sGatewayPorts: 15811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return fmt_multistate_int(val, multistate_gatewayports); 15821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sCompression: 15831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return fmt_multistate_int(val, multistate_compression); 15841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sUsePrivilegeSeparation: 15851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return fmt_multistate_int(val, multistate_privsep); 15861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case sProtocol: 15871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (val) { 15881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case SSH_PROTO_1: 15891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "1"; 15901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case SSH_PROTO_2: 15911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "2"; 15921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case (SSH_PROTO_1|SSH_PROTO_2): 15931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "2,1"; 15941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 15951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "UNKNOWN"; 15961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 15971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 15981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (val) { 15991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 0: 16001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "no"; 16011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 1: 16021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "yes"; 16031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 16041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "UNKNOWN"; 16051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 16061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 16071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic const char * 16101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodlookup_opcode_name(ServerOpCodes code) 16111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 16131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; keywords[i].name != NULL; i++) 16151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (keywords[i].opcode == code) 16161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return(keywords[i].name); 16171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return "UNKNOWN"; 16181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 16211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_cfg_int(ServerOpCodes code, int val) 16221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s %d\n", lookup_opcode_name(code), val); 16241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 16271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_cfg_fmtint(ServerOpCodes code, int val) 16281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 16301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 16331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_cfg_string(ServerOpCodes code, const char *val) 16341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (val == NULL) 16361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 16371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s %s\n", lookup_opcode_name(code), val); 16381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 16411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) 16421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 16441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < count; i++) 16461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s %s\n", lookup_opcode_name(code), vals[i]); 16471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void 16501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) 16511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 16531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s", lookup_opcode_name(code)); 16551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < count; i++) 16561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf(" %s", vals[i]); 16571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("\n"); 16581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 16591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 16611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddump_config(ServerOptions *o) 16621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 16631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 16641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int ret; 16651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct addrinfo *ai; 16661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 16671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* these are usually at the top of the config */ 16691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < o->num_ports; i++) 16701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("port %d\n", o->ports[i]); 16711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sProtocol, o->protocol); 16721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sAddressFamily, o->address_family); 16731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* ListenAddress must be after Port */ 16751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 16761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 16771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sizeof(addr), port, sizeof(port), 16781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { 16791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood error("getnameinfo failed: %.100s", 16801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood (ret != EAI_SYSTEM) ? gai_strerror(ret) : 16811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strerror(errno)); 16821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { 16831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ai->ai_family == AF_INET6) 16841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("listenaddress [%s]:%s\n", addr, port); 16851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 16861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("listenaddress %s:%s\n", addr, port); 16871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 16881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 16891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 16901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* integer arguments */ 16911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef USE_PAM 16921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sUsePAM, o->use_pam); 16931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 16941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sServerKeyBits, o->server_key_bits); 16951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sLoginGraceTime, o->login_grace_time); 16961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); 16971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 16981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sMaxAuthTries, o->max_authtries); 16991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sMaxSessions, o->max_sessions); 17001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 17011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 17021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* formatted integer arguments */ 17041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 17051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 17061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 17071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication); 17081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 17091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 17101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->hostbased_uses_name_from_packet_only); 17111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication); 17121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 17131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef KRB5 17141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 17151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 17161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 17171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ifdef USE_AFS 17181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 17191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif 17201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 17211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef GSSAPI 17221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 17231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 17241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 17251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef JPAKE 17261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, 17271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->zero_knowledge_password_authentication); 17281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 17291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 17301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sKbdInteractiveAuthentication, 17311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->kbd_interactive_authentication); 17321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sChallengeResponseAuthentication, 17331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->challenge_response_authentication); 17341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPrintMotd, o->print_motd); 17351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); 17361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); 17371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 17381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sStrictModes, o->strict_modes); 17391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 17401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 17411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 17421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sUseLogin, o->use_login); 17431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sCompression, o->compression); 17441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); 17451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sUseDNS, o->use_dns); 17461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 17471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 17481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* string arguments */ 17501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sPidFile, o->pid_file); 17511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sXAuthLocation, o->xauth_location); 17521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sCiphers, o->ciphers); 17531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sMacs, o->macs); 17541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sBanner, o->banner); 17551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sForceCommand, o->adm_forced_command); 17561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sChrootDirectory, o->chroot_directory); 17571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 17581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 17591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sAuthorizedPrincipalsFile, 17601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->authorized_principals_file); 17611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* string arguments requiring a lookup */ 17631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sLogLevel, log_level_name(o->log_level)); 17641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); 17651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* string array arguments */ 17671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, 17681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->authorized_keys_files); 17691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 17701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->host_key_files); 17711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, 17721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->host_cert_files); 17731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 17741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 17751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); 17761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); 17771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); 17781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* other arguments */ 17801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < o->num_subsystems; i++) 17811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("subsystem %s %s\n", o->subsystem_name[i], 17821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->subsystem_args[i]); 17831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("maxstartups %d:%d:%d\n", o->max_startups_begin, 17851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood o->max_startups_rate, o->max_startups); 17861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; tunmode_desc[i].val != -1; i++) 17881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (tunmode_desc[i].val == o->permit_tun) { 17891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood s = tunmode_desc[i].text; 17901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 17911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 17921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood dump_cfg_string(sPermitTunnel, s); 17931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); 17951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("%s\n", iptos2str(o->ip_qos_bulk)); 17961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 17971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood channel_print_adm_permitted_opens(); 17981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 1799