diff options
author | Colin Watson <cjwatson@debian.org> | 2015-08-19 17:00:17 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2015-08-19 17:40:32 +0100 |
commit | 927d0032b865f05679d3cc052bc13cb0e6490283 (patch) | |
tree | 69f782deb79182f26069ff41e9539f17e6e44912 /servconf.c | |
parent | d35c65e77ab6a6a95fefa2c852827ba08e507f0b (diff) | |
parent | 810eecd6b2e03770f21e46b5cb8ce8c7fcd46da8 (diff) |
New upstream release (6.9p1).
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 164 |
1 files changed, 131 insertions, 33 deletions
diff --git a/servconf.c b/servconf.c index bec53e00e..fe3e31157 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,4 @@ | |||
1 | 1 | /* $OpenBSD: servconf.c,v 1.274 2015/07/01 02:32:17 djm Exp $ */ | |
2 | /* $OpenBSD: servconf.c,v 1.260 2015/02/02 01:57:44 deraadt Exp $ */ | ||
3 | /* | 2 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 4 | * All rights reserved |
@@ -78,6 +77,8 @@ initialize_server_options(ServerOptions *options) | |||
78 | /* Standard Options */ | 77 | /* Standard Options */ |
79 | options->num_ports = 0; | 78 | options->num_ports = 0; |
80 | options->ports_from_cmdline = 0; | 79 | options->ports_from_cmdline = 0; |
80 | options->queued_listen_addrs = NULL; | ||
81 | options->num_queued_listens = 0; | ||
81 | options->listen_addrs = NULL; | 82 | options->listen_addrs = NULL; |
82 | options->address_family = -1; | 83 | options->address_family = -1; |
83 | options->num_host_key_files = 0; | 84 | options->num_host_key_files = 0; |
@@ -162,6 +163,8 @@ initialize_server_options(ServerOptions *options) | |||
162 | options->revoked_keys_file = NULL; | 163 | options->revoked_keys_file = NULL; |
163 | options->trusted_user_ca_keys = NULL; | 164 | options->trusted_user_ca_keys = NULL; |
164 | options->authorized_principals_file = NULL; | 165 | options->authorized_principals_file = NULL; |
166 | options->authorized_principals_command = NULL; | ||
167 | options->authorized_principals_command_user = NULL; | ||
165 | options->ip_qos_interactive = -1; | 168 | options->ip_qos_interactive = -1; |
166 | options->ip_qos_bulk = -1; | 169 | options->ip_qos_bulk = -1; |
167 | options->version_addendum = NULL; | 170 | options->version_addendum = NULL; |
@@ -209,6 +212,8 @@ fill_default_server_options(ServerOptions *options) | |||
209 | /* No certificates by default */ | 212 | /* No certificates by default */ |
210 | if (options->num_ports == 0) | 213 | if (options->num_ports == 0) |
211 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; | 214 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; |
215 | if (options->address_family == -1) | ||
216 | options->address_family = AF_UNSPEC; | ||
212 | if (options->listen_addrs == NULL) | 217 | if (options->listen_addrs == NULL) |
213 | add_listen_addr(options, NULL, 0); | 218 | add_listen_addr(options, NULL, 0); |
214 | if (options->pid_file == NULL) | 219 | if (options->pid_file == NULL) |
@@ -361,6 +366,7 @@ fill_default_server_options(ServerOptions *options) | |||
361 | CLEAR_ON_NONE(options->banner); | 366 | CLEAR_ON_NONE(options->banner); |
362 | CLEAR_ON_NONE(options->trusted_user_ca_keys); | 367 | CLEAR_ON_NONE(options->trusted_user_ca_keys); |
363 | CLEAR_ON_NONE(options->revoked_keys_file); | 368 | CLEAR_ON_NONE(options->revoked_keys_file); |
369 | CLEAR_ON_NONE(options->authorized_principals_file); | ||
364 | for (i = 0; i < options->num_host_key_files; i++) | 370 | for (i = 0; i < options->num_host_key_files; i++) |
365 | CLEAR_ON_NONE(options->host_key_files[i]); | 371 | CLEAR_ON_NONE(options->host_key_files[i]); |
366 | for (i = 0; i < options->num_host_cert_files; i++) | 372 | for (i = 0; i < options->num_host_cert_files; i++) |
@@ -410,6 +416,7 @@ typedef enum { | |||
410 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 416 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
411 | sHostCertificate, | 417 | sHostCertificate, |
412 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 418 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
419 | sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, | ||
413 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 420 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
414 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 421 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
415 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 422 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
@@ -554,6 +561,8 @@ static struct { | |||
554 | { "ipqos", sIPQoS, SSHCFG_ALL }, | 561 | { "ipqos", sIPQoS, SSHCFG_ALL }, |
555 | { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, | 562 | { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, |
556 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, | 563 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, |
564 | { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, | ||
565 | { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, | ||
557 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | 566 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, |
558 | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, | 567 | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, |
559 | { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, | 568 | { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, |
@@ -618,10 +627,6 @@ add_listen_addr(ServerOptions *options, char *addr, int port) | |||
618 | { | 627 | { |
619 | u_int i; | 628 | u_int i; |
620 | 629 | ||
621 | if (options->num_ports == 0) | ||
622 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; | ||
623 | if (options->address_family == -1) | ||
624 | options->address_family = AF_UNSPEC; | ||
625 | if (port == 0) | 630 | if (port == 0) |
626 | for (i = 0; i < options->num_ports; i++) | 631 | for (i = 0; i < options->num_ports; i++) |
627 | add_one_listen_addr(options, addr, options->ports[i]); | 632 | add_one_listen_addr(options, addr, options->ports[i]); |
@@ -651,6 +656,51 @@ add_one_listen_addr(ServerOptions *options, char *addr, int port) | |||
651 | options->listen_addrs = aitop; | 656 | options->listen_addrs = aitop; |
652 | } | 657 | } |
653 | 658 | ||
659 | /* | ||
660 | * Queue a ListenAddress to be processed once we have all of the Ports | ||
661 | * and AddressFamily options. | ||
662 | */ | ||
663 | static void | ||
664 | queue_listen_addr(ServerOptions *options, char *addr, int port) | ||
665 | { | ||
666 | options->queued_listen_addrs = xreallocarray( | ||
667 | options->queued_listen_addrs, options->num_queued_listens + 1, | ||
668 | sizeof(addr)); | ||
669 | options->queued_listen_ports = xreallocarray( | ||
670 | options->queued_listen_ports, options->num_queued_listens + 1, | ||
671 | sizeof(port)); | ||
672 | options->queued_listen_addrs[options->num_queued_listens] = | ||
673 | xstrdup(addr); | ||
674 | options->queued_listen_ports[options->num_queued_listens] = port; | ||
675 | options->num_queued_listens++; | ||
676 | } | ||
677 | |||
678 | /* | ||
679 | * Process queued (text) ListenAddress entries. | ||
680 | */ | ||
681 | static void | ||
682 | process_queued_listen_addrs(ServerOptions *options) | ||
683 | { | ||
684 | u_int i; | ||
685 | |||
686 | if (options->num_ports == 0) | ||
687 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; | ||
688 | if (options->address_family == -1) | ||
689 | options->address_family = AF_UNSPEC; | ||
690 | |||
691 | for (i = 0; i < options->num_queued_listens; i++) { | ||
692 | add_listen_addr(options, options->queued_listen_addrs[i], | ||
693 | options->queued_listen_ports[i]); | ||
694 | free(options->queued_listen_addrs[i]); | ||
695 | options->queued_listen_addrs[i] = NULL; | ||
696 | } | ||
697 | free(options->queued_listen_addrs); | ||
698 | options->queued_listen_addrs = NULL; | ||
699 | free(options->queued_listen_ports); | ||
700 | options->queued_listen_ports = NULL; | ||
701 | options->num_queued_listens = 0; | ||
702 | } | ||
703 | |||
654 | struct connection_info * | 704 | struct connection_info * |
655 | get_connection_info(int populate, int use_dns) | 705 | get_connection_info(int populate, int use_dns) |
656 | { | 706 | { |
@@ -736,7 +786,6 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
736 | { | 786 | { |
737 | int result = 1, attributes = 0, port; | 787 | int result = 1, attributes = 0, port; |
738 | char *arg, *attrib, *cp = *condition; | 788 | char *arg, *attrib, *cp = *condition; |
739 | size_t len; | ||
740 | 789 | ||
741 | if (ci == NULL) | 790 | if (ci == NULL) |
742 | debug3("checking syntax for 'Match %s'", cp); | 791 | debug3("checking syntax for 'Match %s'", cp); |
@@ -763,13 +812,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
763 | error("Missing Match criteria for %s", attrib); | 812 | error("Missing Match criteria for %s", attrib); |
764 | return -1; | 813 | return -1; |
765 | } | 814 | } |
766 | len = strlen(arg); | ||
767 | if (strcasecmp(attrib, "user") == 0) { | 815 | if (strcasecmp(attrib, "user") == 0) { |
768 | if (ci == NULL || ci->user == NULL) { | 816 | if (ci == NULL || ci->user == NULL) { |
769 | result = 0; | 817 | result = 0; |
770 | continue; | 818 | continue; |
771 | } | 819 | } |
772 | if (match_pattern_list(ci->user, arg, len, 0) != 1) | 820 | if (match_pattern_list(ci->user, arg, 0) != 1) |
773 | result = 0; | 821 | result = 0; |
774 | else | 822 | else |
775 | debug("user %.100s matched 'User %.100s' at " | 823 | debug("user %.100s matched 'User %.100s' at " |
@@ -790,7 +838,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
790 | result = 0; | 838 | result = 0; |
791 | continue; | 839 | continue; |
792 | } | 840 | } |
793 | if (match_hostname(ci->host, arg, len) != 1) | 841 | if (match_hostname(ci->host, arg) != 1) |
794 | result = 0; | 842 | result = 0; |
795 | else | 843 | else |
796 | debug("connection from %.100s matched 'Host " | 844 | debug("connection from %.100s matched 'Host " |
@@ -967,9 +1015,6 @@ process_server_config_line(ServerOptions *options, char *line, | |||
967 | /* ignore ports from configfile if cmdline specifies ports */ | 1015 | /* ignore ports from configfile if cmdline specifies ports */ |
968 | if (options->ports_from_cmdline) | 1016 | if (options->ports_from_cmdline) |
969 | return 0; | 1017 | return 0; |
970 | if (options->listen_addrs != NULL) | ||
971 | fatal("%s line %d: ports must be specified before " | ||
972 | "ListenAddress.", filename, linenum); | ||
973 | if (options->num_ports >= MAX_PORTS) | 1018 | if (options->num_ports >= MAX_PORTS) |
974 | fatal("%s line %d: too many ports.", | 1019 | fatal("%s line %d: too many ports.", |
975 | filename, linenum); | 1020 | filename, linenum); |
@@ -1005,7 +1050,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1005 | if ((value = convtime(arg)) == -1) | 1050 | if ((value = convtime(arg)) == -1) |
1006 | fatal("%s line %d: invalid time value.", | 1051 | fatal("%s line %d: invalid time value.", |
1007 | filename, linenum); | 1052 | filename, linenum); |
1008 | if (*intptr == -1) | 1053 | if (*activep && *intptr == -1) |
1009 | *intptr = value; | 1054 | *intptr = value; |
1010 | break; | 1055 | break; |
1011 | 1056 | ||
@@ -1021,7 +1066,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1021 | /* check for bare IPv6 address: no "[]" and 2 or more ":" */ | 1066 | /* check for bare IPv6 address: no "[]" and 2 or more ":" */ |
1022 | if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL | 1067 | if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL |
1023 | && strchr(p+1, ':') != NULL) { | 1068 | && strchr(p+1, ':') != NULL) { |
1024 | add_listen_addr(options, arg, 0); | 1069 | queue_listen_addr(options, arg, 0); |
1025 | break; | 1070 | break; |
1026 | } | 1071 | } |
1027 | p = hpdelim(&arg); | 1072 | p = hpdelim(&arg); |
@@ -1034,16 +1079,13 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1034 | else if ((port = a2port(arg)) <= 0) | 1079 | else if ((port = a2port(arg)) <= 0) |
1035 | fatal("%s line %d: bad port number", filename, linenum); | 1080 | fatal("%s line %d: bad port number", filename, linenum); |
1036 | 1081 | ||
1037 | add_listen_addr(options, p, port); | 1082 | queue_listen_addr(options, p, port); |
1038 | 1083 | ||
1039 | break; | 1084 | break; |
1040 | 1085 | ||
1041 | case sAddressFamily: | 1086 | case sAddressFamily: |
1042 | intptr = &options->address_family; | 1087 | intptr = &options->address_family; |
1043 | multistate_ptr = multistate_addressfamily; | 1088 | multistate_ptr = multistate_addressfamily; |
1044 | if (options->listen_addrs != NULL) | ||
1045 | fatal("%s line %d: address family must be specified " | ||
1046 | "before ListenAddress.", filename, linenum); | ||
1047 | parse_multistate: | 1089 | parse_multistate: |
1048 | arg = strdelim(&cp); | 1090 | arg = strdelim(&cp); |
1049 | if (!arg || *arg == '\0') | 1091 | if (!arg || *arg == '\0') |
@@ -1483,7 +1525,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1483 | len = strlen(p) + 1; | 1525 | len = strlen(p) + 1; |
1484 | while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { | 1526 | while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { |
1485 | len += 1 + strlen(arg); | 1527 | len += 1 + strlen(arg); |
1486 | p = xrealloc(p, 1, len); | 1528 | p = xreallocarray(p, 1, len); |
1487 | strlcat(p, " ", len); | 1529 | strlcat(p, " ", len); |
1488 | strlcat(p, arg, len); | 1530 | strlcat(p, arg, len); |
1489 | } | 1531 | } |
@@ -1598,7 +1640,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1598 | if (value == -1) | 1640 | if (value == -1) |
1599 | fatal("%s line %d: Bad yes/point-to-point/ethernet/" | 1641 | fatal("%s line %d: Bad yes/point-to-point/ethernet/" |
1600 | "no argument: %s", filename, linenum, arg); | 1642 | "no argument: %s", filename, linenum, arg); |
1601 | if (*intptr == -1) | 1643 | if (*activep && *intptr == -1) |
1602 | *intptr = value; | 1644 | *intptr = value; |
1603 | break; | 1645 | break; |
1604 | 1646 | ||
@@ -1651,7 +1693,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1651 | break; | 1693 | break; |
1652 | 1694 | ||
1653 | case sForceCommand: | 1695 | case sForceCommand: |
1654 | if (cp == NULL) | 1696 | if (cp == NULL || *cp == '\0') |
1655 | fatal("%.200s line %d: Missing argument.", filename, | 1697 | fatal("%.200s line %d: Missing argument.", filename, |
1656 | linenum); | 1698 | linenum); |
1657 | len = strspn(cp, WHITESPACE); | 1699 | len = strspn(cp, WHITESPACE); |
@@ -1696,7 +1738,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1696 | break; | 1738 | break; |
1697 | 1739 | ||
1698 | case sVersionAddendum: | 1740 | case sVersionAddendum: |
1699 | if (cp == NULL) | 1741 | if (cp == NULL || *cp == '\0') |
1700 | fatal("%.200s line %d: Missing argument.", filename, | 1742 | fatal("%.200s line %d: Missing argument.", filename, |
1701 | linenum); | 1743 | linenum); |
1702 | len = strspn(cp, WHITESPACE); | 1744 | len = strspn(cp, WHITESPACE); |
@@ -1736,8 +1778,36 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1736 | *charptr = xstrdup(arg); | 1778 | *charptr = xstrdup(arg); |
1737 | break; | 1779 | break; |
1738 | 1780 | ||
1781 | case sAuthorizedPrincipalsCommand: | ||
1782 | if (cp == NULL) | ||
1783 | fatal("%.200s line %d: Missing argument.", filename, | ||
1784 | linenum); | ||
1785 | len = strspn(cp, WHITESPACE); | ||
1786 | if (*activep && | ||
1787 | options->authorized_principals_command == NULL) { | ||
1788 | if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) | ||
1789 | fatal("%.200s line %d: " | ||
1790 | "AuthorizedPrincipalsCommand must be " | ||
1791 | "an absolute path", filename, linenum); | ||
1792 | options->authorized_principals_command = | ||
1793 | xstrdup(cp + len); | ||
1794 | } | ||
1795 | return 0; | ||
1796 | |||
1797 | case sAuthorizedPrincipalsCommandUser: | ||
1798 | charptr = &options->authorized_principals_command_user; | ||
1799 | |||
1800 | arg = strdelim(&cp); | ||
1801 | if (!arg || *arg == '\0') | ||
1802 | fatal("%s line %d: missing " | ||
1803 | "AuthorizedPrincipalsCommandUser argument.", | ||
1804 | filename, linenum); | ||
1805 | if (*activep && *charptr == NULL) | ||
1806 | *charptr = xstrdup(arg); | ||
1807 | break; | ||
1808 | |||
1739 | case sAuthenticationMethods: | 1809 | case sAuthenticationMethods: |
1740 | if (*activep && options->num_auth_methods == 0) { | 1810 | if (options->num_auth_methods == 0) { |
1741 | while ((arg = strdelim(&cp)) && *arg != '\0') { | 1811 | while ((arg = strdelim(&cp)) && *arg != '\0') { |
1742 | if (options->num_auth_methods >= | 1812 | if (options->num_auth_methods >= |
1743 | MAX_AUTH_METHODS) | 1813 | MAX_AUTH_METHODS) |
@@ -1748,6 +1818,8 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1748 | fatal("%s line %d: invalid " | 1818 | fatal("%s line %d: invalid " |
1749 | "authentication method list.", | 1819 | "authentication method list.", |
1750 | filename, linenum); | 1820 | filename, linenum); |
1821 | if (!*activep) | ||
1822 | continue; | ||
1751 | options->auth_methods[ | 1823 | options->auth_methods[ |
1752 | options->num_auth_methods++] = xstrdup(arg); | 1824 | options->num_auth_methods++] = xstrdup(arg); |
1753 | } | 1825 | } |
@@ -1757,13 +1829,14 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1757 | case sStreamLocalBindMask: | 1829 | case sStreamLocalBindMask: |
1758 | arg = strdelim(&cp); | 1830 | arg = strdelim(&cp); |
1759 | if (!arg || *arg == '\0') | 1831 | if (!arg || *arg == '\0') |
1760 | fatal("%s line %d: missing StreamLocalBindMask argument.", | 1832 | fatal("%s line %d: missing StreamLocalBindMask " |
1761 | filename, linenum); | 1833 | "argument.", filename, linenum); |
1762 | /* Parse mode in octal format */ | 1834 | /* Parse mode in octal format */ |
1763 | value = strtol(arg, &p, 8); | 1835 | value = strtol(arg, &p, 8); |
1764 | if (arg == p || value < 0 || value > 0777) | 1836 | if (arg == p || value < 0 || value > 0777) |
1765 | fatal("%s line %d: Bad mask.", filename, linenum); | 1837 | fatal("%s line %d: Bad mask.", filename, linenum); |
1766 | options->fwd_opts.streamlocal_bind_mask = (mode_t)value; | 1838 | if (*activep) |
1839 | options->fwd_opts.streamlocal_bind_mask = (mode_t)value; | ||
1767 | break; | 1840 | break; |
1768 | 1841 | ||
1769 | case sStreamLocalBindUnlink: | 1842 | case sStreamLocalBindUnlink: |
@@ -1994,6 +2067,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, | |||
1994 | if (bad_options > 0) | 2067 | if (bad_options > 0) |
1995 | fatal("%s: terminating, %d bad configuration options", | 2068 | fatal("%s: terminating, %d bad configuration options", |
1996 | filename, bad_options); | 2069 | filename, bad_options); |
2070 | process_queued_listen_addrs(options); | ||
1997 | } | 2071 | } |
1998 | 2072 | ||
1999 | static const char * | 2073 | static const char * |
@@ -2071,6 +2145,12 @@ dump_cfg_int(ServerOpCodes code, int val) | |||
2071 | } | 2145 | } |
2072 | 2146 | ||
2073 | static void | 2147 | static void |
2148 | dump_cfg_oct(ServerOpCodes code, int val) | ||
2149 | { | ||
2150 | printf("%s 0%o\n", lookup_opcode_name(code), val); | ||
2151 | } | ||
2152 | |||
2153 | static void | ||
2074 | dump_cfg_fmtint(ServerOpCodes code, int val) | 2154 | dump_cfg_fmtint(ServerOpCodes code, int val) |
2075 | { | 2155 | { |
2076 | printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); | 2156 | printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); |
@@ -2099,6 +2179,8 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) | |||
2099 | { | 2179 | { |
2100 | u_int i; | 2180 | u_int i; |
2101 | 2181 | ||
2182 | if (count <= 0) | ||
2183 | return; | ||
2102 | printf("%s", lookup_opcode_name(code)); | 2184 | printf("%s", lookup_opcode_name(code)); |
2103 | for (i = 0; i < count; i++) | 2185 | for (i = 0; i < count; i++) |
2104 | printf(" %s", vals[i]); | 2186 | printf(" %s", vals[i]); |
@@ -2112,6 +2194,7 @@ dump_config(ServerOptions *o) | |||
2112 | int ret; | 2194 | int ret; |
2113 | struct addrinfo *ai; | 2195 | struct addrinfo *ai; |
2114 | char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; | 2196 | char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; |
2197 | char *laddr1 = xstrdup(""), *laddr2 = NULL; | ||
2115 | 2198 | ||
2116 | /* these are usually at the top of the config */ | 2199 | /* these are usually at the top of the config */ |
2117 | for (i = 0; i < o->num_ports; i++) | 2200 | for (i = 0; i < o->num_ports; i++) |
@@ -2119,7 +2202,11 @@ dump_config(ServerOptions *o) | |||
2119 | dump_cfg_fmtint(sProtocol, o->protocol); | 2202 | dump_cfg_fmtint(sProtocol, o->protocol); |
2120 | dump_cfg_fmtint(sAddressFamily, o->address_family); | 2203 | dump_cfg_fmtint(sAddressFamily, o->address_family); |
2121 | 2204 | ||
2122 | /* ListenAddress must be after Port */ | 2205 | /* |
2206 | * ListenAddress must be after Port. add_one_listen_addr pushes | ||
2207 | * addresses onto a stack, so to maintain ordering we need to | ||
2208 | * print these in reverse order. | ||
2209 | */ | ||
2123 | for (ai = o->listen_addrs; ai; ai = ai->ai_next) { | 2210 | for (ai = o->listen_addrs; ai; ai = ai->ai_next) { |
2124 | if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, | 2211 | if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, |
2125 | sizeof(addr), port, sizeof(port), | 2212 | sizeof(addr), port, sizeof(port), |
@@ -2128,16 +2215,22 @@ dump_config(ServerOptions *o) | |||
2128 | (ret != EAI_SYSTEM) ? gai_strerror(ret) : | 2215 | (ret != EAI_SYSTEM) ? gai_strerror(ret) : |
2129 | strerror(errno)); | 2216 | strerror(errno)); |
2130 | } else { | 2217 | } else { |
2218 | laddr2 = laddr1; | ||
2131 | if (ai->ai_family == AF_INET6) | 2219 | if (ai->ai_family == AF_INET6) |
2132 | printf("listenaddress [%s]:%s\n", addr, port); | 2220 | xasprintf(&laddr1, "listenaddress [%s]:%s\n%s", |
2221 | addr, port, laddr2); | ||
2133 | else | 2222 | else |
2134 | printf("listenaddress %s:%s\n", addr, port); | 2223 | xasprintf(&laddr1, "listenaddress %s:%s\n%s", |
2224 | addr, port, laddr2); | ||
2225 | free(laddr2); | ||
2135 | } | 2226 | } |
2136 | } | 2227 | } |
2228 | printf("%s", laddr1); | ||
2229 | free(laddr1); | ||
2137 | 2230 | ||
2138 | /* integer arguments */ | 2231 | /* integer arguments */ |
2139 | #ifdef USE_PAM | 2232 | #ifdef USE_PAM |
2140 | dump_cfg_int(sUsePAM, o->use_pam); | 2233 | dump_cfg_fmtint(sUsePAM, o->use_pam); |
2141 | #endif | 2234 | #endif |
2142 | dump_cfg_int(sServerKeyBits, o->server_key_bits); | 2235 | dump_cfg_int(sServerKeyBits, o->server_key_bits); |
2143 | dump_cfg_int(sLoginGraceTime, o->login_grace_time); | 2236 | dump_cfg_int(sLoginGraceTime, o->login_grace_time); |
@@ -2147,6 +2240,7 @@ dump_config(ServerOptions *o) | |||
2147 | dump_cfg_int(sMaxSessions, o->max_sessions); | 2240 | dump_cfg_int(sMaxSessions, o->max_sessions); |
2148 | dump_cfg_int(sClientAliveInterval, o->client_alive_interval); | 2241 | dump_cfg_int(sClientAliveInterval, o->client_alive_interval); |
2149 | dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); | 2242 | dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); |
2243 | dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); | ||
2150 | 2244 | ||
2151 | /* formatted integer arguments */ | 2245 | /* formatted integer arguments */ |
2152 | dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); | 2246 | dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); |
@@ -2193,6 +2287,7 @@ dump_config(ServerOptions *o) | |||
2193 | dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); | 2287 | dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); |
2194 | dump_cfg_fmtint(sUseDNS, o->use_dns); | 2288 | dump_cfg_fmtint(sUseDNS, o->use_dns); |
2195 | dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); | 2289 | dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); |
2290 | dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); | ||
2196 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); | 2291 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); |
2197 | dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); | 2292 | dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); |
2198 | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); | 2293 | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); |
@@ -2209,9 +2304,12 @@ dump_config(ServerOptions *o) | |||
2209 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); | 2304 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); |
2210 | dump_cfg_string(sAuthorizedPrincipalsFile, | 2305 | dump_cfg_string(sAuthorizedPrincipalsFile, |
2211 | o->authorized_principals_file); | 2306 | o->authorized_principals_file); |
2212 | dump_cfg_string(sVersionAddendum, o->version_addendum); | 2307 | dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' |
2308 | ? "none" : o->version_addendum); | ||
2213 | dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); | 2309 | dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); |
2214 | dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); | 2310 | dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); |
2311 | dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); | ||
2312 | dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); | ||
2215 | dump_cfg_string(sHostKeyAgent, o->host_key_agent); | 2313 | dump_cfg_string(sHostKeyAgent, o->host_key_agent); |
2216 | dump_cfg_string(sKexAlgorithms, | 2314 | dump_cfg_string(sKexAlgorithms, |
2217 | o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); | 2315 | o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); |
@@ -2229,7 +2327,7 @@ dump_config(ServerOptions *o) | |||
2229 | o->authorized_keys_files); | 2327 | o->authorized_keys_files); |
2230 | dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, | 2328 | dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, |
2231 | o->host_key_files); | 2329 | o->host_key_files); |
2232 | dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, | 2330 | dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, |
2233 | o->host_cert_files); | 2331 | o->host_cert_files); |
2234 | dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); | 2332 | dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); |
2235 | dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); | 2333 | dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); |