2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
13 RCSID("$OpenBSD: servconf.c,v 1.74 2001/04/06 22:25:25 stevesk Exp $");
27 #include "pathnames.h"
28 #include "tildexpand.h"
34 /* add listen address */
35 void add_listen_addr(ServerOptions *options, char *addr, char *port);
36 void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
38 /* AF_UNSPEC or AF_INET or AF_INET6 */
41 /* Initializes the server options to their default values. */
44 initialize_server_options(ServerOptions *options)
46 memset(options, 0, sizeof(*options));
47 options->num_ports = 0;
48 options->ports_from_cmdline = 0;
49 options->listen_addrs = NULL;
50 options->num_host_key_files = 0;
51 options->pid_file = NULL;
52 options->server_key_bits = -1;
53 options->login_grace_time = -1;
54 options->key_regeneration_time = -1;
55 options->permit_root_login = PERMIT_NOT_SET;
56 options->ignore_rhosts = -1;
57 options->ignore_user_known_hosts = -1;
58 options->print_motd = -1;
59 options->print_lastlog = -1;
60 options->check_mail = -1;
61 options->x11_forwarding = -1;
62 options->x11_display_offset = -1;
63 options->xauth_location = NULL;
64 options->strict_modes = -1;
65 options->keepalives = -1;
66 options->log_facility = (SyslogFacility) - 1;
67 options->log_level = (LogLevel) - 1;
68 options->rhosts_authentication = -1;
69 options->rhosts_rsa_authentication = -1;
70 options->rsa_authentication = -1;
71 options->pubkey_authentication = -1;
73 options->kerberos_authentication = -1;
74 options->kerberos_or_local_passwd = -1;
75 options->kerberos_ticket_cleanup = -1;
78 options->kerberos_tgt_passing = -1;
79 options->afs_token_passing = -1;
81 options->password_authentication = -1;
82 options->kbd_interactive_authentication = -1;
83 options->challenge_reponse_authentication = -1;
84 options->permit_empty_passwd = -1;
85 options->use_login = -1;
86 options->allow_tcp_forwarding = -1;
87 options->num_allow_users = 0;
88 options->num_deny_users = 0;
89 options->num_allow_groups = 0;
90 options->num_deny_groups = 0;
91 options->ciphers = NULL;
93 options->protocol = SSH_PROTO_UNKNOWN;
94 options->gateway_ports = -1;
95 options->num_subsystems = 0;
96 options->max_startups_begin = -1;
97 options->max_startups_rate = -1;
98 options->max_startups = -1;
99 options->banner = NULL;
100 options->reverse_mapping_check = -1;
104 fill_default_server_options(ServerOptions *options)
106 if (options->protocol == SSH_PROTO_UNKNOWN)
107 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
108 if (options->num_host_key_files == 0) {
109 /* fill default hostkeys for protocols */
110 if (options->protocol & SSH_PROTO_1)
111 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
112 if (options->protocol & SSH_PROTO_2)
113 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
115 if (options->num_ports == 0)
116 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
117 if (options->listen_addrs == NULL)
118 add_listen_addr(options, NULL, NULL);
119 if (options->pid_file == NULL)
120 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
121 if (options->server_key_bits == -1)
122 options->server_key_bits = 768;
123 if (options->login_grace_time == -1)
124 options->login_grace_time = 600;
125 if (options->key_regeneration_time == -1)
126 options->key_regeneration_time = 3600;
127 if (options->permit_root_login == PERMIT_NOT_SET)
128 options->permit_root_login = PERMIT_YES;
129 if (options->ignore_rhosts == -1)
130 options->ignore_rhosts = 1;
131 if (options->ignore_user_known_hosts == -1)
132 options->ignore_user_known_hosts = 0;
133 if (options->check_mail == -1)
134 options->check_mail = 0;
135 if (options->print_motd == -1)
136 options->print_motd = 1;
137 if (options->print_lastlog == -1)
138 options->print_lastlog = 1;
139 if (options->x11_forwarding == -1)
140 options->x11_forwarding = 0;
141 if (options->x11_display_offset == -1)
142 options->x11_display_offset = 10;
144 if (options->xauth_location == NULL)
145 options->xauth_location = XAUTH_PATH;
146 #endif /* XAUTH_PATH */
147 if (options->strict_modes == -1)
148 options->strict_modes = 1;
149 if (options->keepalives == -1)
150 options->keepalives = 1;
151 if (options->log_facility == (SyslogFacility) (-1))
152 options->log_facility = SYSLOG_FACILITY_AUTH;
153 if (options->log_level == (LogLevel) (-1))
154 options->log_level = SYSLOG_LEVEL_INFO;
155 if (options->rhosts_authentication == -1)
156 options->rhosts_authentication = 0;
157 if (options->rhosts_rsa_authentication == -1)
158 options->rhosts_rsa_authentication = 0;
159 if (options->rsa_authentication == -1)
160 options->rsa_authentication = 1;
161 if (options->pubkey_authentication == -1)
162 options->pubkey_authentication = 1;
164 if (options->kerberos_authentication == -1)
165 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
166 if (options->kerberos_or_local_passwd == -1)
167 options->kerberos_or_local_passwd = 1;
168 if (options->kerberos_ticket_cleanup == -1)
169 options->kerberos_ticket_cleanup = 1;
172 if (options->kerberos_tgt_passing == -1)
173 options->kerberos_tgt_passing = 0;
174 if (options->afs_token_passing == -1)
175 options->afs_token_passing = k_hasafs();
177 if (options->password_authentication == -1)
178 options->password_authentication = 1;
179 if (options->kbd_interactive_authentication == -1)
180 options->kbd_interactive_authentication = 0;
181 if (options->challenge_reponse_authentication == -1)
182 options->challenge_reponse_authentication = 1;
183 if (options->permit_empty_passwd == -1)
184 options->permit_empty_passwd = 0;
185 if (options->use_login == -1)
186 options->use_login = 0;
187 if (options->allow_tcp_forwarding == -1)
188 options->allow_tcp_forwarding = 1;
189 if (options->gateway_ports == -1)
190 options->gateway_ports = 0;
191 if (options->max_startups == -1)
192 options->max_startups = 10;
193 if (options->max_startups_rate == -1)
194 options->max_startups_rate = 100; /* 100% */
195 if (options->max_startups_begin == -1)
196 options->max_startups_begin = options->max_startups;
197 if (options->reverse_mapping_check == -1)
198 options->reverse_mapping_check = 0;
201 /* Keyword tokens. */
203 sBadOption, /* == unknown option */
204 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
205 sPermitRootLogin, sLogFacility, sLogLevel,
206 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
208 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
211 sKerberosTgtPassing, sAFSTokenPassing,
213 sChallengeResponseAuthentication,
214 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
215 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
216 sX11Forwarding, sX11DisplayOffset,
217 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
218 sUseLogin, sAllowTcpForwarding,
219 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
220 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
221 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
222 sBanner, sReverseMappingCheck
225 /* Textual representation of the tokens. */
228 ServerOpCodes opcode;
231 { "hostkey", sHostKeyFile },
232 { "hostdsakey", sHostKeyFile }, /* alias */
233 { "pidfile", sPidFile },
234 { "serverkeybits", sServerKeyBits },
235 { "logingracetime", sLoginGraceTime },
236 { "keyregenerationinterval", sKeyRegenerationTime },
237 { "permitrootlogin", sPermitRootLogin },
238 { "syslogfacility", sLogFacility },
239 { "loglevel", sLogLevel },
240 { "rhostsauthentication", sRhostsAuthentication },
241 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
242 { "rsaauthentication", sRSAAuthentication },
243 { "pubkeyauthentication", sPubkeyAuthentication },
244 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
246 { "kerberosauthentication", sKerberosAuthentication },
247 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
248 { "kerberosticketcleanup", sKerberosTicketCleanup },
251 { "kerberostgtpassing", sKerberosTgtPassing },
252 { "afstokenpassing", sAFSTokenPassing },
254 { "passwordauthentication", sPasswordAuthentication },
255 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
256 { "challengeresponseauthentication", sChallengeResponseAuthentication },
257 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
258 { "checkmail", sCheckMail },
259 { "listenaddress", sListenAddress },
260 { "printmotd", sPrintMotd },
261 { "printlastlog", sPrintLastLog },
262 { "ignorerhosts", sIgnoreRhosts },
263 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
264 { "x11forwarding", sX11Forwarding },
265 { "x11displayoffset", sX11DisplayOffset },
266 { "xauthlocation", sXAuthLocation },
267 { "strictmodes", sStrictModes },
268 { "permitemptypasswords", sEmptyPasswd },
269 { "uselogin", sUseLogin },
270 { "keepalive", sKeepAlives },
271 { "allowtcpforwarding", sAllowTcpForwarding },
272 { "allowusers", sAllowUsers },
273 { "denyusers", sDenyUsers },
274 { "allowgroups", sAllowGroups },
275 { "denygroups", sDenyGroups },
276 { "ciphers", sCiphers },
278 { "protocol", sProtocol },
279 { "gatewayports", sGatewayPorts },
280 { "subsystem", sSubsystem },
281 { "maxstartups", sMaxStartups },
282 { "banner", sBanner },
283 { "reversemappingcheck", sReverseMappingCheck },
288 * Returns the number of the token pointed to by cp or sBadOption.
292 parse_token(const char *cp, const char *filename,
297 for (i = 0; keywords[i].name; i++)
298 if (strcasecmp(cp, keywords[i].name) == 0)
299 return keywords[i].opcode;
301 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
302 filename, linenum, cp);
310 add_listen_addr(ServerOptions *options, char *addr, char *port)
314 if (options->num_ports == 0)
315 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
317 for (i = 0; i < options->num_ports; i++)
318 add_one_listen_addr(options, addr, options->ports[i]);
320 add_one_listen_addr(options, addr, atoi(port));
324 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
326 struct addrinfo hints, *ai, *aitop;
327 char strport[NI_MAXSERV];
330 memset(&hints, 0, sizeof(hints));
331 hints.ai_family = IPv4or6;
332 hints.ai_socktype = SOCK_STREAM;
333 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
334 snprintf(strport, sizeof strport, "%d", port);
335 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
336 fatal("bad addr or host: %s (%s)",
337 addr ? addr : "<NULL>",
338 gai_strerror(gaierr));
339 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
341 ai->ai_next = options->listen_addrs;
342 options->listen_addrs = aitop;
345 /* Reads the server configuration file. */
348 read_server_config(ServerOptions *options, const char *filename)
352 char *cp, **charptr, *arg, *p;
353 int linenum, *intptr, value;
355 ServerOpCodes opcode;
358 f = fopen(filename, "r");
364 while (fgets(line, sizeof(line), f)) {
368 /* Ignore leading whitespace */
371 if (!arg || !*arg || *arg == '#')
375 opcode = parse_token(arg, filename, linenum);
381 /* ignore ports from configfile if cmdline specifies ports */
382 if (options->ports_from_cmdline)
384 if (options->listen_addrs != NULL)
385 fatal("%s line %d: ports must be specified before "
386 "ListenAdress.\n", filename, linenum);
387 if (options->num_ports >= MAX_PORTS)
388 fatal("%s line %d: too many ports.",
391 if (!arg || *arg == '\0')
392 fatal("%s line %d: missing port number.",
394 options->ports[options->num_ports++] = atoi(arg);
398 intptr = &options->server_key_bits;
401 if (!arg || *arg == '\0') {
402 fprintf(stderr, "%s line %d: missing integer value.\n",
411 case sLoginGraceTime:
412 intptr = &options->login_grace_time;
415 case sKeyRegenerationTime:
416 intptr = &options->key_regeneration_time;
421 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
422 fatal("%s line %d: missing inet addr.",
425 if ((p = strchr(arg, ']')) == NULL)
426 fatal("%s line %d: bad ipv6 inet addr usage.",
429 memmove(p, p+1, strlen(p+1)+1);
430 } else if (((p = strchr(arg, ':')) == NULL) ||
431 (strchr(p+1, ':') != NULL)) {
432 add_listen_addr(options, arg, NULL);
438 fatal("%s line %d: bad inet addr:port usage.",
442 add_listen_addr(options, arg, p);
444 } else if (*p == '\0')
445 add_listen_addr(options, arg, NULL);
447 fatal("%s line %d: bad inet addr usage.",
452 intptr = &options->num_host_key_files;
453 if (*intptr >= MAX_HOSTKEYS) {
455 "%s line %d: too many host keys specified (max %d).\n",
456 filename, linenum, MAX_HOSTKEYS);
459 charptr = &options->host_key_files[*intptr];
462 if (!arg || *arg == '\0') {
463 fprintf(stderr, "%s line %d: missing file name.\n",
467 if (*charptr == NULL) {
468 *charptr = tilde_expand_filename(arg, getuid());
469 /* increase optional counter */
471 *intptr = *intptr + 1;
476 charptr = &options->pid_file;
479 case sPermitRootLogin:
480 intptr = &options->permit_root_login;
482 if (!arg || *arg == '\0') {
483 fprintf(stderr, "%s line %d: missing yes/"
484 "without-password/forced-commands-only/no "
485 "argument.\n", filename, linenum);
488 if (strcmp(arg, "without-password") == 0)
489 value = PERMIT_NO_PASSWD;
490 else if (strcmp(arg, "forced-commands-only") == 0)
491 value = PERMIT_FORCED_ONLY;
492 else if (strcmp(arg, "yes") == 0)
494 else if (strcmp(arg, "no") == 0)
497 fprintf(stderr, "%s line %d: Bad yes/"
498 "without-password/forced-commands-only/no "
499 "argument: %s\n", filename, linenum, arg);
507 intptr = &options->ignore_rhosts;
510 if (!arg || *arg == '\0') {
511 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
515 if (strcmp(arg, "yes") == 0)
517 else if (strcmp(arg, "no") == 0)
520 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
521 filename, linenum, arg);
528 case sIgnoreUserKnownHosts:
529 intptr = &options->ignore_user_known_hosts;
532 case sRhostsAuthentication:
533 intptr = &options->rhosts_authentication;
536 case sRhostsRSAAuthentication:
537 intptr = &options->rhosts_rsa_authentication;
540 case sRSAAuthentication:
541 intptr = &options->rsa_authentication;
544 case sPubkeyAuthentication:
545 intptr = &options->pubkey_authentication;
549 case sKerberosAuthentication:
550 intptr = &options->kerberos_authentication;
553 case sKerberosOrLocalPasswd:
554 intptr = &options->kerberos_or_local_passwd;
557 case sKerberosTicketCleanup:
558 intptr = &options->kerberos_ticket_cleanup;
563 case sKerberosTgtPassing:
564 intptr = &options->kerberos_tgt_passing;
567 case sAFSTokenPassing:
568 intptr = &options->afs_token_passing;
572 case sPasswordAuthentication:
573 intptr = &options->password_authentication;
576 case sKbdInteractiveAuthentication:
577 intptr = &options->kbd_interactive_authentication;
581 intptr = &options->check_mail;
584 case sChallengeResponseAuthentication:
585 intptr = &options->challenge_reponse_authentication;
589 intptr = &options->print_motd;
593 intptr = &options->print_lastlog;
597 intptr = &options->x11_forwarding;
600 case sX11DisplayOffset:
601 intptr = &options->x11_display_offset;
605 charptr = &options->xauth_location;
609 intptr = &options->strict_modes;
613 intptr = &options->keepalives;
617 intptr = &options->permit_empty_passwd;
621 intptr = &options->use_login;
625 intptr = &options->gateway_ports;
628 case sReverseMappingCheck:
629 intptr = &options->reverse_mapping_check;
633 intptr = (int *) &options->log_facility;
635 value = log_facility_number(arg);
636 if (value == (SyslogFacility) - 1)
637 fatal("%.200s line %d: unsupported log facility '%s'",
638 filename, linenum, arg ? arg : "<NONE>");
640 *intptr = (SyslogFacility) value;
644 intptr = (int *) &options->log_level;
646 value = log_level_number(arg);
647 if (value == (LogLevel) - 1)
648 fatal("%.200s line %d: unsupported log level '%s'",
649 filename, linenum, arg ? arg : "<NONE>");
651 *intptr = (LogLevel) value;
654 case sAllowTcpForwarding:
655 intptr = &options->allow_tcp_forwarding;
659 while ((arg = strdelim(&cp)) && *arg != '\0') {
660 if (options->num_allow_users >= MAX_ALLOW_USERS)
661 fatal("%s line %d: too many allow users.",
663 options->allow_users[options->num_allow_users++] = xstrdup(arg);
668 while ((arg = strdelim(&cp)) && *arg != '\0') {
669 if (options->num_deny_users >= MAX_DENY_USERS)
670 fatal( "%s line %d: too many deny users.",
672 options->deny_users[options->num_deny_users++] = xstrdup(arg);
677 while ((arg = strdelim(&cp)) && *arg != '\0') {
678 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
679 fatal("%s line %d: too many allow groups.",
681 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
686 while ((arg = strdelim(&cp)) && *arg != '\0') {
687 if (options->num_deny_groups >= MAX_DENY_GROUPS)
688 fatal("%s line %d: too many deny groups.",
690 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
696 if (!arg || *arg == '\0')
697 fatal("%s line %d: Missing argument.", filename, linenum);
698 if (!ciphers_valid(arg))
699 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
700 filename, linenum, arg ? arg : "<NONE>");
701 if (options->ciphers == NULL)
702 options->ciphers = xstrdup(arg);
707 if (!arg || *arg == '\0')
708 fatal("%s line %d: Missing argument.", filename, linenum);
710 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
711 filename, linenum, arg ? arg : "<NONE>");
712 if (options->macs == NULL)
713 options->macs = xstrdup(arg);
717 intptr = &options->protocol;
719 if (!arg || *arg == '\0')
720 fatal("%s line %d: Missing argument.", filename, linenum);
721 value = proto_spec(arg);
722 if (value == SSH_PROTO_UNKNOWN)
723 fatal("%s line %d: Bad protocol spec '%s'.",
724 filename, linenum, arg ? arg : "<NONE>");
725 if (*intptr == SSH_PROTO_UNKNOWN)
730 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
731 fatal("%s line %d: too many subsystems defined.",
735 if (!arg || *arg == '\0')
736 fatal("%s line %d: Missing subsystem name.",
738 for (i = 0; i < options->num_subsystems; i++)
739 if(strcmp(arg, options->subsystem_name[i]) == 0)
740 fatal("%s line %d: Subsystem '%s' already defined.",
741 filename, linenum, arg);
742 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
744 if (!arg || *arg == '\0')
745 fatal("%s line %d: Missing subsystem command.",
747 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
748 options->num_subsystems++;
753 if (!arg || *arg == '\0')
754 fatal("%s line %d: Missing MaxStartups spec.",
756 if (sscanf(arg, "%d:%d:%d",
757 &options->max_startups_begin,
758 &options->max_startups_rate,
759 &options->max_startups) == 3) {
760 if (options->max_startups_begin >
761 options->max_startups ||
762 options->max_startups_rate > 100 ||
763 options->max_startups_rate < 1)
764 fatal("%s line %d: Illegal MaxStartups spec.",
768 intptr = &options->max_startups;
772 charptr = &options->banner;
776 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
777 filename, linenum, arg, opcode);
780 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
782 "%s line %d: garbage at end of line; \"%.200s\".\n",
783 filename, linenum, arg);
788 if (bad_options > 0) {
789 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
790 filename, bad_options);