2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
13 RCSID("$OpenBSD: servconf.c,v 1.76 2001/04/12 20:09:37 stevesk Exp $");
27 #include "pathnames.h"
28 #include "tildexpand.h"
34 void add_listen_addr(ServerOptions *options, char *addr, u_short port);
35 void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
37 /* AF_UNSPEC or AF_INET or AF_INET6 */
40 /* Initializes the server options to their default values. */
43 initialize_server_options(ServerOptions *options)
45 memset(options, 0, sizeof(*options));
46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
49 options->num_host_key_files = 0;
50 options->pid_file = NULL;
51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
54 options->permit_root_login = PERMIT_NOT_SET;
55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
58 options->print_lastlog = -1;
59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
62 options->xauth_location = NULL;
63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
71 options->rsa_authentication = -1;
72 options->pubkey_authentication = -1;
74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
79 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
82 options->password_authentication = -1;
83 options->kbd_interactive_authentication = -1;
84 options->challenge_reponse_authentication = -1;
85 options->permit_empty_passwd = -1;
86 options->use_login = -1;
87 options->allow_tcp_forwarding = -1;
88 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
92 options->ciphers = NULL;
94 options->protocol = SSH_PROTO_UNKNOWN;
95 options->gateway_ports = -1;
96 options->num_subsystems = 0;
97 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
99 options->max_startups = -1;
100 options->banner = NULL;
101 options->reverse_mapping_check = -1;
105 fill_default_server_options(ServerOptions *options)
107 if (options->protocol == SSH_PROTO_UNKNOWN)
108 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
109 if (options->num_host_key_files == 0) {
110 /* fill default hostkeys for protocols */
111 if (options->protocol & SSH_PROTO_1)
112 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
113 if (options->protocol & SSH_PROTO_2)
114 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
116 if (options->num_ports == 0)
117 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
118 if (options->listen_addrs == NULL)
119 add_listen_addr(options, NULL, 0);
120 if (options->pid_file == NULL)
121 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
122 if (options->server_key_bits == -1)
123 options->server_key_bits = 768;
124 if (options->login_grace_time == -1)
125 options->login_grace_time = 600;
126 if (options->key_regeneration_time == -1)
127 options->key_regeneration_time = 3600;
128 if (options->permit_root_login == PERMIT_NOT_SET)
129 options->permit_root_login = PERMIT_YES;
130 if (options->ignore_rhosts == -1)
131 options->ignore_rhosts = 1;
132 if (options->ignore_user_known_hosts == -1)
133 options->ignore_user_known_hosts = 0;
134 if (options->check_mail == -1)
135 options->check_mail = 0;
136 if (options->print_motd == -1)
137 options->print_motd = 1;
138 if (options->print_lastlog == -1)
139 options->print_lastlog = 1;
140 if (options->x11_forwarding == -1)
141 options->x11_forwarding = 0;
142 if (options->x11_display_offset == -1)
143 options->x11_display_offset = 10;
145 if (options->xauth_location == NULL)
146 options->xauth_location = XAUTH_PATH;
147 #endif /* XAUTH_PATH */
148 if (options->strict_modes == -1)
149 options->strict_modes = 1;
150 if (options->keepalives == -1)
151 options->keepalives = 1;
152 if (options->log_facility == (SyslogFacility) (-1))
153 options->log_facility = SYSLOG_FACILITY_AUTH;
154 if (options->log_level == (LogLevel) (-1))
155 options->log_level = SYSLOG_LEVEL_INFO;
156 if (options->rhosts_authentication == -1)
157 options->rhosts_authentication = 0;
158 if (options->rhosts_rsa_authentication == -1)
159 options->rhosts_rsa_authentication = 0;
160 if (options->hostbased_authentication == -1)
161 options->hostbased_authentication = 0;
162 if (options->hostbased_uses_name_from_packet_only == -1)
163 options->hostbased_uses_name_from_packet_only = 0;
164 if (options->rsa_authentication == -1)
165 options->rsa_authentication = 1;
166 if (options->pubkey_authentication == -1)
167 options->pubkey_authentication = 1;
169 if (options->kerberos_authentication == -1)
170 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
171 if (options->kerberos_or_local_passwd == -1)
172 options->kerberos_or_local_passwd = 1;
173 if (options->kerberos_ticket_cleanup == -1)
174 options->kerberos_ticket_cleanup = 1;
177 if (options->kerberos_tgt_passing == -1)
178 options->kerberos_tgt_passing = 0;
179 if (options->afs_token_passing == -1)
180 options->afs_token_passing = k_hasafs();
182 if (options->password_authentication == -1)
183 options->password_authentication = 1;
184 if (options->kbd_interactive_authentication == -1)
185 options->kbd_interactive_authentication = 0;
186 if (options->challenge_reponse_authentication == -1)
187 options->challenge_reponse_authentication = 1;
188 if (options->permit_empty_passwd == -1)
189 options->permit_empty_passwd = 0;
190 if (options->use_login == -1)
191 options->use_login = 0;
192 if (options->allow_tcp_forwarding == -1)
193 options->allow_tcp_forwarding = 1;
194 if (options->gateway_ports == -1)
195 options->gateway_ports = 0;
196 if (options->max_startups == -1)
197 options->max_startups = 10;
198 if (options->max_startups_rate == -1)
199 options->max_startups_rate = 100; /* 100% */
200 if (options->max_startups_begin == -1)
201 options->max_startups_begin = options->max_startups;
202 if (options->reverse_mapping_check == -1)
203 options->reverse_mapping_check = 0;
206 /* Keyword tokens. */
208 sBadOption, /* == unknown option */
209 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
210 sPermitRootLogin, sLogFacility, sLogLevel,
211 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
213 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
216 sKerberosTgtPassing, sAFSTokenPassing,
218 sChallengeResponseAuthentication,
219 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
220 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
221 sX11Forwarding, sX11DisplayOffset,
222 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
223 sUseLogin, sAllowTcpForwarding,
224 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
225 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
226 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
227 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
228 sHostbasedUsesNameFromPacketOnly
231 /* Textual representation of the tokens. */
234 ServerOpCodes opcode;
237 { "hostkey", sHostKeyFile },
238 { "hostdsakey", sHostKeyFile }, /* alias */
239 { "pidfile", sPidFile },
240 { "serverkeybits", sServerKeyBits },
241 { "logingracetime", sLoginGraceTime },
242 { "keyregenerationinterval", sKeyRegenerationTime },
243 { "permitrootlogin", sPermitRootLogin },
244 { "syslogfacility", sLogFacility },
245 { "loglevel", sLogLevel },
246 { "rhostsauthentication", sRhostsAuthentication },
247 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
248 { "hostbasedauthentication", sHostbasedAuthentication },
249 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
250 { "rsaauthentication", sRSAAuthentication },
251 { "pubkeyauthentication", sPubkeyAuthentication },
252 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
254 { "kerberosauthentication", sKerberosAuthentication },
255 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
256 { "kerberosticketcleanup", sKerberosTicketCleanup },
259 { "kerberostgtpassing", sKerberosTgtPassing },
260 { "afstokenpassing", sAFSTokenPassing },
262 { "passwordauthentication", sPasswordAuthentication },
263 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
264 { "challengeresponseauthentication", sChallengeResponseAuthentication },
265 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
266 { "checkmail", sCheckMail },
267 { "listenaddress", sListenAddress },
268 { "printmotd", sPrintMotd },
269 { "printlastlog", sPrintLastLog },
270 { "ignorerhosts", sIgnoreRhosts },
271 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
272 { "x11forwarding", sX11Forwarding },
273 { "x11displayoffset", sX11DisplayOffset },
274 { "xauthlocation", sXAuthLocation },
275 { "strictmodes", sStrictModes },
276 { "permitemptypasswords", sEmptyPasswd },
277 { "uselogin", sUseLogin },
278 { "keepalive", sKeepAlives },
279 { "allowtcpforwarding", sAllowTcpForwarding },
280 { "allowusers", sAllowUsers },
281 { "denyusers", sDenyUsers },
282 { "allowgroups", sAllowGroups },
283 { "denygroups", sDenyGroups },
284 { "ciphers", sCiphers },
286 { "protocol", sProtocol },
287 { "gatewayports", sGatewayPorts },
288 { "subsystem", sSubsystem },
289 { "maxstartups", sMaxStartups },
290 { "banner", sBanner },
291 { "reversemappingcheck", sReverseMappingCheck },
296 * Returns the number of the token pointed to by cp or sBadOption.
300 parse_token(const char *cp, const char *filename,
305 for (i = 0; keywords[i].name; i++)
306 if (strcasecmp(cp, keywords[i].name) == 0)
307 return keywords[i].opcode;
309 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
310 filename, linenum, cp);
315 add_listen_addr(ServerOptions *options, char *addr, u_short port)
319 if (options->num_ports == 0)
320 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
322 for (i = 0; i < options->num_ports; i++)
323 add_one_listen_addr(options, addr, options->ports[i]);
325 add_one_listen_addr(options, addr, port);
329 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
331 struct addrinfo hints, *ai, *aitop;
332 char strport[NI_MAXSERV];
335 memset(&hints, 0, sizeof(hints));
336 hints.ai_family = IPv4or6;
337 hints.ai_socktype = SOCK_STREAM;
338 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
339 snprintf(strport, sizeof strport, "%d", port);
340 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
341 fatal("bad addr or host: %s (%s)",
342 addr ? addr : "<NULL>",
343 gai_strerror(gaierr));
344 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
346 ai->ai_next = options->listen_addrs;
347 options->listen_addrs = aitop;
350 /* Reads the server configuration file. */
353 read_server_config(ServerOptions *options, const char *filename)
357 char *cp, **charptr, *arg, *p;
358 int linenum, *intptr, value;
360 ServerOpCodes opcode;
363 f = fopen(filename, "r");
369 while (fgets(line, sizeof(line), f)) {
373 /* Ignore leading whitespace */
376 if (!arg || !*arg || *arg == '#')
380 opcode = parse_token(arg, filename, linenum);
386 /* ignore ports from configfile if cmdline specifies ports */
387 if (options->ports_from_cmdline)
389 if (options->listen_addrs != NULL)
390 fatal("%s line %d: ports must be specified before "
391 "ListenAdress.\n", filename, linenum);
392 if (options->num_ports >= MAX_PORTS)
393 fatal("%s line %d: too many ports.",
396 if (!arg || *arg == '\0')
397 fatal("%s line %d: missing port number.",
399 options->ports[options->num_ports++] = a2port(arg);
400 if (options->ports[options->num_ports-1] == 0)
401 fatal("%s line %d: Badly formatted port number.",
406 intptr = &options->server_key_bits;
409 if (!arg || *arg == '\0') {
410 fprintf(stderr, "%s line %d: missing integer value.\n",
419 case sLoginGraceTime:
420 intptr = &options->login_grace_time;
423 case sKeyRegenerationTime:
424 intptr = &options->key_regeneration_time;
429 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
430 fatal("%s line %d: missing inet addr.",
433 if ((p = strchr(arg, ']')) == NULL)
434 fatal("%s line %d: bad ipv6 inet addr usage.",
437 memmove(p, p+1, strlen(p+1)+1);
438 } else if (((p = strchr(arg, ':')) == NULL) ||
439 (strchr(p+1, ':') != NULL)) {
440 add_listen_addr(options, arg, 0);
448 fatal("%s line %d: bad inet addr:port usage.",
452 if ((port = a2port(p)) == 0)
453 fatal("%s line %d: bad port number.",
455 add_listen_addr(options, arg, port);
457 } else if (*p == '\0')
458 add_listen_addr(options, arg, 0);
460 fatal("%s line %d: bad inet addr usage.",
465 intptr = &options->num_host_key_files;
466 if (*intptr >= MAX_HOSTKEYS) {
468 "%s line %d: too many host keys specified (max %d).\n",
469 filename, linenum, MAX_HOSTKEYS);
472 charptr = &options->host_key_files[*intptr];
475 if (!arg || *arg == '\0') {
476 fprintf(stderr, "%s line %d: missing file name.\n",
480 if (*charptr == NULL) {
481 *charptr = tilde_expand_filename(arg, getuid());
482 /* increase optional counter */
484 *intptr = *intptr + 1;
489 charptr = &options->pid_file;
492 case sPermitRootLogin:
493 intptr = &options->permit_root_login;
495 if (!arg || *arg == '\0') {
496 fprintf(stderr, "%s line %d: missing yes/"
497 "without-password/forced-commands-only/no "
498 "argument.\n", filename, linenum);
501 if (strcmp(arg, "without-password") == 0)
502 value = PERMIT_NO_PASSWD;
503 else if (strcmp(arg, "forced-commands-only") == 0)
504 value = PERMIT_FORCED_ONLY;
505 else if (strcmp(arg, "yes") == 0)
507 else if (strcmp(arg, "no") == 0)
510 fprintf(stderr, "%s line %d: Bad yes/"
511 "without-password/forced-commands-only/no "
512 "argument: %s\n", filename, linenum, arg);
520 intptr = &options->ignore_rhosts;
523 if (!arg || *arg == '\0') {
524 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
528 if (strcmp(arg, "yes") == 0)
530 else if (strcmp(arg, "no") == 0)
533 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
534 filename, linenum, arg);
541 case sIgnoreUserKnownHosts:
542 intptr = &options->ignore_user_known_hosts;
545 case sRhostsAuthentication:
546 intptr = &options->rhosts_authentication;
549 case sRhostsRSAAuthentication:
550 intptr = &options->rhosts_rsa_authentication;
553 case sHostbasedAuthentication:
554 intptr = &options->hostbased_authentication;
557 case sHostbasedUsesNameFromPacketOnly:
558 intptr = &options->hostbased_uses_name_from_packet_only;
561 case sRSAAuthentication:
562 intptr = &options->rsa_authentication;
565 case sPubkeyAuthentication:
566 intptr = &options->pubkey_authentication;
570 case sKerberosAuthentication:
571 intptr = &options->kerberos_authentication;
574 case sKerberosOrLocalPasswd:
575 intptr = &options->kerberos_or_local_passwd;
578 case sKerberosTicketCleanup:
579 intptr = &options->kerberos_ticket_cleanup;
584 case sKerberosTgtPassing:
585 intptr = &options->kerberos_tgt_passing;
588 case sAFSTokenPassing:
589 intptr = &options->afs_token_passing;
593 case sPasswordAuthentication:
594 intptr = &options->password_authentication;
597 case sKbdInteractiveAuthentication:
598 intptr = &options->kbd_interactive_authentication;
602 intptr = &options->check_mail;
605 case sChallengeResponseAuthentication:
606 intptr = &options->challenge_reponse_authentication;
610 intptr = &options->print_motd;
614 intptr = &options->print_lastlog;
618 intptr = &options->x11_forwarding;
621 case sX11DisplayOffset:
622 intptr = &options->x11_display_offset;
626 charptr = &options->xauth_location;
630 intptr = &options->strict_modes;
634 intptr = &options->keepalives;
638 intptr = &options->permit_empty_passwd;
642 intptr = &options->use_login;
646 intptr = &options->gateway_ports;
649 case sReverseMappingCheck:
650 intptr = &options->reverse_mapping_check;
654 intptr = (int *) &options->log_facility;
656 value = log_facility_number(arg);
657 if (value == (SyslogFacility) - 1)
658 fatal("%.200s line %d: unsupported log facility '%s'",
659 filename, linenum, arg ? arg : "<NONE>");
661 *intptr = (SyslogFacility) value;
665 intptr = (int *) &options->log_level;
667 value = log_level_number(arg);
668 if (value == (LogLevel) - 1)
669 fatal("%.200s line %d: unsupported log level '%s'",
670 filename, linenum, arg ? arg : "<NONE>");
672 *intptr = (LogLevel) value;
675 case sAllowTcpForwarding:
676 intptr = &options->allow_tcp_forwarding;
680 while ((arg = strdelim(&cp)) && *arg != '\0') {
681 if (options->num_allow_users >= MAX_ALLOW_USERS)
682 fatal("%s line %d: too many allow users.",
684 options->allow_users[options->num_allow_users++] = xstrdup(arg);
689 while ((arg = strdelim(&cp)) && *arg != '\0') {
690 if (options->num_deny_users >= MAX_DENY_USERS)
691 fatal( "%s line %d: too many deny users.",
693 options->deny_users[options->num_deny_users++] = xstrdup(arg);
698 while ((arg = strdelim(&cp)) && *arg != '\0') {
699 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
700 fatal("%s line %d: too many allow groups.",
702 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
707 while ((arg = strdelim(&cp)) && *arg != '\0') {
708 if (options->num_deny_groups >= MAX_DENY_GROUPS)
709 fatal("%s line %d: too many deny groups.",
711 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
717 if (!arg || *arg == '\0')
718 fatal("%s line %d: Missing argument.", filename, linenum);
719 if (!ciphers_valid(arg))
720 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
721 filename, linenum, arg ? arg : "<NONE>");
722 if (options->ciphers == NULL)
723 options->ciphers = xstrdup(arg);
728 if (!arg || *arg == '\0')
729 fatal("%s line %d: Missing argument.", filename, linenum);
731 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
732 filename, linenum, arg ? arg : "<NONE>");
733 if (options->macs == NULL)
734 options->macs = xstrdup(arg);
738 intptr = &options->protocol;
740 if (!arg || *arg == '\0')
741 fatal("%s line %d: Missing argument.", filename, linenum);
742 value = proto_spec(arg);
743 if (value == SSH_PROTO_UNKNOWN)
744 fatal("%s line %d: Bad protocol spec '%s'.",
745 filename, linenum, arg ? arg : "<NONE>");
746 if (*intptr == SSH_PROTO_UNKNOWN)
751 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
752 fatal("%s line %d: too many subsystems defined.",
756 if (!arg || *arg == '\0')
757 fatal("%s line %d: Missing subsystem name.",
759 for (i = 0; i < options->num_subsystems; i++)
760 if(strcmp(arg, options->subsystem_name[i]) == 0)
761 fatal("%s line %d: Subsystem '%s' already defined.",
762 filename, linenum, arg);
763 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
765 if (!arg || *arg == '\0')
766 fatal("%s line %d: Missing subsystem command.",
768 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
769 options->num_subsystems++;
774 if (!arg || *arg == '\0')
775 fatal("%s line %d: Missing MaxStartups spec.",
777 if (sscanf(arg, "%d:%d:%d",
778 &options->max_startups_begin,
779 &options->max_startups_rate,
780 &options->max_startups) == 3) {
781 if (options->max_startups_begin >
782 options->max_startups ||
783 options->max_startups_rate > 100 ||
784 options->max_startups_rate < 1)
785 fatal("%s line %d: Illegal MaxStartups spec.",
789 intptr = &options->max_startups;
793 charptr = &options->banner;
797 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
798 filename, linenum, arg, opcode);
801 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
803 "%s line %d: garbage at end of line; \"%.200s\".\n",
804 filename, linenum, arg);
809 if (bad_options > 0) {
810 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
811 filename, bad_options);