* New upstream release (http://www.openssh.org/txt/release-5.9).

- Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. - Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt. - The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot (closes: #75043, #429243, #599240). - ssh(1) now warns when a server refuses X11 forwarding (closes: #504757). - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace (closes: #76312). The authorized_keys2 fallback is deprecated but documented (closes: #560156). - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4 ToS/DSCP (closes: #498297). - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key" (closes: #229124). - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691). - Say "required" rather than "recommended" in unprotected-private-key warning (LP: #663455).
author: Colin Watson <cjwatson@debian.org> 2011-09-06 14:56:29 +0100
committer: Colin Watson <cjwatson@debian.org> 2011-09-06 14:56:29 +0100
commit: 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch)
tree: 89400a44e42d84937deba7864e4964d6c7734da5 /servconf.c
parent: 87c685b8c6a49814fd782288097b3093f975aa72 (diff)
parent: 3a7e89697ca363de0f64e0d5704c57219294e41c (diff)
1 files changed, 153 insertions, 136 deletions
diff --git a/servconf.c b/servconf.c
index 11a69f819..1911ac540 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.222 2011/06/22 21:57:01 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -130,8 +130,7 @@ initialize_server_options(ServerOptions *options)
        options->use_dns = -1;
        options->client_alive_interval = -1;
        options->client_alive_count_max = -1;
-        options->authorized_keys_file = NULL;
+        options->num_authkeys_files = 0;
-        options->authorized_keys_file2 = NULL;
        options->num_accept_env = 0;
        options->permit_tun = -1;
        options->num_permitted_opens = -1;
@@ -277,15 +276,12 @@ fill_default_server_options(ServerOptions *options)
                options->client_alive_interval = 0;
        if (options->client_alive_count_max == -1)
                options->client_alive_count_max = 3;
-        if (options->authorized_keys_file2 == NULL) {
+        if (options->num_authkeys_files == 0) {
-                /* authorized_keys_file2 falls back to authorized_keys_file */
+                options->authorized_keys_files[options->num_authkeys_files++] =
-                if (options->authorized_keys_file != NULL)
+                    xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
-                        options->authorized_keys_file2 = xstrdup(options->authorized_keys_file);
+                options->authorized_keys_files[options->num_authkeys_files++] =
-                else
+                    xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
-                        options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
        }
-        if (options->authorized_keys_file == NULL)
-                options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
        if (options->permit_tun == -1)
                options->permit_tun = SSH_TUNMODE_NO;
        if (options->zero_knowledge_password_authentication == -1)
@@ -299,7 +295,7 @@ fill_default_server_options(ServerOptions *options)
        /* Turn privilege separation on by default */
        if (use_privsep == -1)
-                use_privsep = 1;
+                use_privsep = PRIVSEP_ON;
 #ifndef HAVE_MMAP
        if (use_privsep && options->compression == 1) {
@@ -336,7 +332,7 @@ typedef enum {
        sMaxStartups, sMaxAuthTries, sMaxSessions,
        sBanner, sUseDNS, sHostbasedAuthentication,
        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
-        sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+        sClientAliveCountMax, sAuthorizedKeysFile,
        sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
        sGssKeyEx, sGssStoreRekey,
        sAcceptEnv, sPermitTunnel,
@@ -467,7 +463,7 @@ static struct {
        { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
        { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
        { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
-        { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL },
+        { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
        { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
        { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
        { "permittunnel", sPermitTunnel, SSHCFG_ALL },
@@ -705,6 +701,43 @@ match_cfg_line(char **condition, int line, const char *user, const char *host,
 #define WHITESPACE " \t\r\n"
+/* Multistate option parsing */
+struct multistate {
+        char *key;
+        int value;
+};
+static const struct multistate multistate_addressfamily[] = {
+        { "inet",                       AF_INET },
+        { "inet6",                      AF_INET6 },
+        { "any",                        AF_UNSPEC },
+        { NULL, -1 }
+};
+static const struct multistate multistate_permitrootlogin[] = {
+        { "without-password",           PERMIT_NO_PASSWD },
+        { "forced-commands-only",       PERMIT_FORCED_ONLY },
+        { "yes",                        PERMIT_YES },
+        { "no",                         PERMIT_NO },
+        { NULL, -1 }
+};
+static const struct multistate multistate_compression[] = {
+        { "delayed",                    COMP_DELAYED },
+        { "yes",                        COMP_ZLIB },
+        { "no",                         COMP_NONE },
+        { NULL, -1 }
+};
+static const struct multistate multistate_gatewayports[] = {
+        { "clientspecified",            2 },
+        { "yes",                        1 },
+        { "no",                         0 },
+        { NULL, -1 }
+};
+static const struct multistate multistate_privsep[] = {
+        { "sandbox",                    PRIVSEP_SANDBOX },
+        { "yes",                        PRIVSEP_ON },
+        { "no",                         PRIVSEP_OFF },
+        { NULL, -1 }
+};
 int
 process_server_config_line(ServerOptions *options, char *line,
    const char *filename, int linenum, int *activep, const char *user,
@@ -718,6 +751,7 @@ process_server_config_line(ServerOptions *options, char *line,
        int port;
        u_int i, flags = 0;
        size_t len;
+        const struct multistate *multistate_ptr;
        cp = line;
        if ((arg = strdelim(&cp)) == NULL)
@@ -833,24 +867,27 @@ process_server_config_line(ServerOptions *options, char *line,
                break;
        case sAddressFamily:
+                intptr = &options->address_family;
+                multistate_ptr = multistate_addressfamily;
+                if (options->listen_addrs != NULL)
+                        fatal("%s line %d: address family must be specified "
+                            "before ListenAddress.", filename, linenum);
+ parse_multistate:
                arg = strdelim(&cp);
                if (!arg || *arg == '\0')
-                        fatal("%s line %d: missing address family.",
+                        fatal("%s line %d: missing argument.",
                            filename, linenum);
-                intptr = &options->address_family;
+                value = -1;
-                if (options->listen_addrs != NULL)
+                for (i = 0; multistate_ptr[i].key != NULL; i++) {
-                        fatal("%s line %d: address family must be specified before "
+                        if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
-                            "ListenAddress.", filename, linenum);
+                                value = multistate_ptr[i].value;
-                if (strcasecmp(arg, "inet") == 0)
+                                break;
-                        value = AF_INET;
+                        }
-                else if (strcasecmp(arg, "inet6") == 0)
+                }
-                        value = AF_INET6;
+                if (value == -1)
-                else if (strcasecmp(arg, "any") == 0)
+                        fatal("%s line %d: unsupported option \"%s\".",
-                        value = AF_UNSPEC;
-                else
-                        fatal("%s line %d: unsupported address family \"%s\".",
                            filename, linenum, arg);
-                if (*intptr == -1)
+                if (*activep && *intptr == -1)
                        *intptr = value;
                break;
@@ -889,27 +926,8 @@ process_server_config_line(ServerOptions *options, char *line,
        case sPermitRootLogin:
                intptr = &options->permit_root_login;
-                arg = strdelim(&cp);
+                multistate_ptr = multistate_permitrootlogin;
-                if (!arg || *arg == '\0')
+                goto parse_multistate;
-                        fatal("%s line %d: missing yes/"
-                            "without-password/forced-commands-only/no "
-                            "argument.", filename, linenum);
-                value = 0;      /* silence compiler */
-                if (strcmp(arg, "without-password") == 0)
-                        value = PERMIT_NO_PASSWD;
-                else if (strcmp(arg, "forced-commands-only") == 0)
-                        value = PERMIT_FORCED_ONLY;
-                else if (strcmp(arg, "yes") == 0)
-                        value = PERMIT_YES;
-                else if (strcmp(arg, "no") == 0)
-                        value = PERMIT_NO;
-                else
-                        fatal("%s line %d: Bad yes/"
-                            "without-password/forced-commands-only/no "
-                            "argument: %s", filename, linenum, arg);
-                if (*activep && *intptr == -1)
-                        *intptr = value;
-                break;
        case sIgnoreRhosts:
                intptr = &options->ignore_rhosts;
@@ -1056,43 +1074,13 @@ process_server_config_line(ServerOptions *options, char *line,
        case sCompression:
                intptr = &options->compression;
-                arg = strdelim(&cp);
+                multistate_ptr = multistate_compression;
-                if (!arg || *arg == '\0')
+                goto parse_multistate;
-                        fatal("%s line %d: missing yes/no/delayed "
-                            "argument.", filename, linenum);
-                value = 0;      /* silence compiler */
-                if (strcmp(arg, "delayed") == 0)
-                        value = COMP_DELAYED;
-                else if (strcmp(arg, "yes") == 0)
-                        value = COMP_ZLIB;
-                else if (strcmp(arg, "no") == 0)
-                        value = COMP_NONE;
-                else
-                        fatal("%s line %d: Bad yes/no/delayed "
-                            "argument: %s", filename, linenum, arg);
-                if (*intptr == -1)
-                        *intptr = value;
-                break;
        case sGatewayPorts:
                intptr = &options->gateway_ports;
-                arg = strdelim(&cp);
+                multistate_ptr = multistate_gatewayports;
-                if (!arg || *arg == '\0')
+                goto parse_multistate;
-                        fatal("%s line %d: missing yes/no/clientspecified "
-                            "argument.", filename, linenum);
-                value = 0;      /* silence compiler */
-                if (strcmp(arg, "clientspecified") == 0)
-                        value = 2;
-                else if (strcmp(arg, "yes") == 0)
-                        value = 1;
-                else if (strcmp(arg, "no") == 0)
-                        value = 0;
-                else
-                        fatal("%s line %d: Bad yes/no/clientspecified "
-                            "argument: %s", filename, linenum, arg);
-                if (*activep && *intptr == -1)
-                        *intptr = value;
-                break;
        case sUseDNS:
                intptr = &options->use_dns;
@@ -1130,7 +1118,8 @@ process_server_config_line(ServerOptions *options, char *line,
        case sUsePrivilegeSeparation:
                intptr = &use_privsep;
-                goto parse_flag;
+                multistate_ptr = multistate_privsep;
+                goto parse_multistate;
        case sAllowUsers:
                while ((arg = strdelim(&cp)) && *arg != '\0') {
@@ -1296,14 +1285,22 @@ process_server_config_line(ServerOptions *options, char *line,
         * AuthorizedKeysFile   /etc/ssh_keys/%u
         */
        case sAuthorizedKeysFile:
-                charptr = &options->authorized_keys_file;
+                if (*activep && options->num_authkeys_files == 0) {
-                goto parse_tilde_filename;
+                        while ((arg = strdelim(&cp)) && *arg != '\0') {
-        case sAuthorizedKeysFile2:
+                                if (options->num_authkeys_files >=
-                charptr = &options->authorized_keys_file2;
+                                    MAX_AUTHKEYS_FILES)
-                goto parse_tilde_filename;
+                                        fatal("%s line %d: "
+                                            "too many authorized keys files.",
+                                            filename, linenum);
+                                options->authorized_keys_files[
+                                    options->num_authkeys_files++] =
+                                    tilde_expand_filename(arg, getuid());
+                        }
+                }
+                return 0;
        case sAuthorizedPrincipalsFile:
                charptr = &options->authorized_principals_file;
- parse_tilde_filename:
                arg = strdelim(&cp);
                if (!arg || *arg == '\0')
                        fatal("%s line %d: missing file name.",
@@ -1526,6 +1523,12 @@ parse_server_match_config(ServerOptions *options, const char *user,
                dst->n = src->n; \
        } \
 } while(0)
+#define M_CP_STRARRAYOPT(n, num_n) do {\
+        if (src->num_n != 0) { \
+                for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
+                        dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
+        } \
+} while(0)
 /*
 * Copy any supported values that are set.
@@ -1561,20 +1564,23 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
        M_CP_INTOPT(ip_qos_interactive);
        M_CP_INTOPT(ip_qos_bulk);
-        M_CP_STROPT(banner);
+        /* See comment in servconf.h */
+        COPY_MATCH_STRING_OPTS();
+        /*
+         * The only things that should be below this point are string options
+         * which are only used after authentication.
+         */
        if (preauth)
                return;
        M_CP_STROPT(adm_forced_command);
        M_CP_STROPT(chroot_directory);
-        M_CP_STROPT(trusted_user_ca_keys);
-        M_CP_STROPT(revoked_keys_file);
-        M_CP_STROPT(authorized_keys_file);
-        M_CP_STROPT(authorized_keys_file2);
-        M_CP_STROPT(authorized_principals_file);
 }
 #undef M_CP_INTOPT
 #undef M_CP_STROPT
+#undef M_CP_STRARRAYOPT
 void
 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
@@ -1600,31 +1606,34 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
 }
 static const char *
-fmt_intarg(ServerOpCodes code, int val)
+fmt_multistate_int(int val, const struct multistate *m)
 {
-        if (code == sAddressFamily) {
+        u_int i;
-                switch (val) {
-                case AF_INET:
+        for (i = 0; m[i].key != NULL; i++) {
-                        return "inet";
+                if (m[i].value == val)
-                case AF_INET6:
+                        return m[i].key;
-                        return "inet6";
-                case AF_UNSPEC:
-                        return "any";
-                default:
-                        return "UNKNOWN";
-                }
-        }
-        if (code == sPermitRootLogin) {
-                switch (val) {
-                case PERMIT_NO_PASSWD:
-                        return "without-password";
-                case PERMIT_FORCED_ONLY:
-                        return "forced-commands-only";
-                case PERMIT_YES:
-                        return "yes";
-                }
        }
-        if (code == sProtocol) {
+        return "UNKNOWN";
+}
+static const char *
+fmt_intarg(ServerOpCodes code, int val)
+{
+        if (val == -1)
+                return "unset";
+        switch (code) {
+        case sAddressFamily:
+                return fmt_multistate_int(val, multistate_addressfamily);
+        case sPermitRootLogin:
+                return fmt_multistate_int(val, multistate_permitrootlogin);
+        case sGatewayPorts:
+                return fmt_multistate_int(val, multistate_gatewayports);
+        case sCompression:
+                return fmt_multistate_int(val, multistate_compression);
+        case sUsePrivilegeSeparation:
+                return fmt_multistate_int(val, multistate_privsep);
+        case sProtocol:
                switch (val) {
                case SSH_PROTO_1:
                        return "1";
@@ -1635,20 +1644,16 @@ fmt_intarg(ServerOpCodes code, int val)
                default:
                        return "UNKNOWN";
                }
+        default:
+                switch (val) {
+                case 0:
+                        return "no";
+                case 1:
+                        return "yes";
+                default:
+                        return "UNKNOWN";
+                }
        }
-        if (code == sGatewayPorts && val == 2)
-                return "clientspecified";
-        if (code == sCompression && val == COMP_DELAYED)
-                return "delayed";
-        switch (val) {
-        case -1:
-                return "unset";
-        case 0:
-                return "no";
-        case 1:
-                return "yes";
-        }
-        return "UNKNOWN";
 }
 static const char *
@@ -1688,7 +1693,18 @@ dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
        u_int i;
        for (i = 0; i < count; i++)
-                printf("%s %s\n", lookup_opcode_name(code),  vals[i]);
+                printf("%s %s\n", lookup_opcode_name(code), vals[i]);
+}
+static void
+dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
+{
+        u_int i;
+        printf("%s", lookup_opcode_name(code));
+        for (i = 0; i < count; i++)
+                printf(" %s",  vals[i]);
+        printf("\n");
 }
 void
@@ -1790,8 +1806,6 @@ dump_config(ServerOptions *o)
        dump_cfg_string(sCiphers, o->ciphers);
        dump_cfg_string(sMacs, o->macs);
        dump_cfg_string(sBanner, o->banner);
-        dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
-        dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
        dump_cfg_string(sForceCommand, o->adm_forced_command);
        dump_cfg_string(sChrootDirectory, o->chroot_directory);
        dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
@@ -1804,6 +1818,8 @@ dump_config(ServerOptions *o)
        dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
        /* string array arguments */
+        dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
+            o->authorized_keys_files);
        dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
             o->host_key_files);
        dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
@@ -1829,7 +1845,8 @@ dump_config(ServerOptions *o)
                }
        dump_cfg_string(sPermitTunnel, s);
-        printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk);
+        printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
+        printf("%s\n", iptos2str(o->ip_qos_bulk));
        channel_print_adm_permitted_opens();
 }
author	Colin Watson <cjwatson@debian.org>	2011-09-06 14:56:29 +0100
committer	Colin Watson <cjwatson@debian.org>	2011-09-06 14:56:29 +0100
commit	978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch)
tree	89400a44e42d84937deba7864e4964d6c7734da5 /servconf.c
parent	87c685b8c6a49814fd782288097b3093f975aa72 (diff)
parent	3a7e89697ca363de0f64e0d5704c57219294e41c (diff)

diff --git a/servconf.c b/servconf.c index 11a69f819..1911ac540 100644 --- a/servconf.c +++ b/servconf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */	1	/* $OpenBSD: servconf.c,v 1.222 2011/06/22 21:57:01 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4	* All rights reserved	4	* All rights reserved
@@ -130,8 +130,7 @@ initialize_server_options(ServerOptions *options)
130	options->use_dns = -1;	130	options->use_dns = -1;
131	options->client_alive_interval = -1;	131	options->client_alive_interval = -1;
132	options->client_alive_count_max = -1;	132	options->client_alive_count_max = -1;
133	options->authorized_keys_file = NULL;	133	options->num_authkeys_files = 0;
134	options->authorized_keys_file2 = NULL;
135	options->num_accept_env = 0;	134	options->num_accept_env = 0;
136	options->permit_tun = -1;	135	options->permit_tun = -1;
137	options->num_permitted_opens = -1;	136	options->num_permitted_opens = -1;
@@ -277,15 +276,12 @@ fill_default_server_options(ServerOptions *options)
277	options->client_alive_interval = 0;	276	options->client_alive_interval = 0;
278	if (options->client_alive_count_max == -1)	277	if (options->client_alive_count_max == -1)
279	options->client_alive_count_max = 3;	278	options->client_alive_count_max = 3;
280	if (options->authorized_keys_file2 == NULL) {	279	if (options->num_authkeys_files == 0) {
281	/* authorized_keys_file2 falls back to authorized_keys_file */	280	options->authorized_keys_files[options->num_authkeys_files++] =
282	if (options->authorized_keys_file != NULL)	281	xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
283	options->authorized_keys_file2 = xstrdup(options->authorized_keys_file);	282	options->authorized_keys_files[options->num_authkeys_files++] =
284	else	283	xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
285	options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
286	}	284	}
287	if (options->authorized_keys_file == NULL)
288	options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
289	if (options->permit_tun == -1)	285	if (options->permit_tun == -1)
290	options->permit_tun = SSH_TUNMODE_NO;	286	options->permit_tun = SSH_TUNMODE_NO;
291	if (options->zero_knowledge_password_authentication == -1)	287	if (options->zero_knowledge_password_authentication == -1)
@@ -299,7 +295,7 @@ fill_default_server_options(ServerOptions *options)
299		295
300	/* Turn privilege separation on by default */	296	/* Turn privilege separation on by default */
301	if (use_privsep == -1)	297	if (use_privsep == -1)
302	use_privsep = 1;	298	use_privsep = PRIVSEP_ON;
303		299
304	#ifndef HAVE_MMAP	300	#ifndef HAVE_MMAP
305	if (use_privsep && options->compression == 1) {	301	if (use_privsep && options->compression == 1) {
@@ -336,7 +332,7 @@ typedef enum {
336	sMaxStartups, sMaxAuthTries, sMaxSessions,	332	sMaxStartups, sMaxAuthTries, sMaxSessions,
337	sBanner, sUseDNS, sHostbasedAuthentication,	333	sBanner, sUseDNS, sHostbasedAuthentication,
338	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,	334	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
339	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,	335	sClientAliveCountMax, sAuthorizedKeysFile,
340	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,	336	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
341	sGssKeyEx, sGssStoreRekey,	337	sGssKeyEx, sGssStoreRekey,
342	sAcceptEnv, sPermitTunnel,	338	sAcceptEnv, sPermitTunnel,
@@ -467,7 +463,7 @@ static struct {
467	{ "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },	463	{ "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
468	{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },	464	{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
469	{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },	465	{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
470	{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL },	466	{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
471	{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},	467	{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
472	{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },	468	{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
473	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },	469	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
@@ -705,6 +701,43 @@ match_cfg_line(char *condition, int line, const char user, const char *host,
705		701
706	#define WHITESPACE " \t\r\n"	702	#define WHITESPACE " \t\r\n"
707		703
		704	/* Multistate option parsing */
		705	struct multistate {
		706	char *key;
		707	int value;
		708	};
		709	static const struct multistate multistate_addressfamily[] = {
		710	{ "inet", AF_INET },
		711	{ "inet6", AF_INET6 },
		712	{ "any", AF_UNSPEC },
		713	{ NULL, -1 }
		714	};
		715	static const struct multistate multistate_permitrootlogin[] = {
		716	{ "without-password", PERMIT_NO_PASSWD },
		717	{ "forced-commands-only", PERMIT_FORCED_ONLY },
		718	{ "yes", PERMIT_YES },
		719	{ "no", PERMIT_NO },
		720	{ NULL, -1 }
		721	};
		722	static const struct multistate multistate_compression[] = {
		723	{ "delayed", COMP_DELAYED },
		724	{ "yes", COMP_ZLIB },
		725	{ "no", COMP_NONE },
		726	{ NULL, -1 }
		727	};
		728	static const struct multistate multistate_gatewayports[] = {
		729	{ "clientspecified", 2 },
		730	{ "yes", 1 },
		731	{ "no", 0 },
		732	{ NULL, -1 }
		733	};
		734	static const struct multistate multistate_privsep[] = {
		735	{ "sandbox", PRIVSEP_SANDBOX },
		736	{ "yes", PRIVSEP_ON },
		737	{ "no", PRIVSEP_OFF },
		738	{ NULL, -1 }
		739	};
		740
708	int	741	int
709	process_server_config_line(ServerOptions options, char line,	742	process_server_config_line(ServerOptions options, char line,
710	const char filename, int linenum, int activep, const char *user,	743	const char filename, int linenum, int activep, const char *user,
@@ -718,6 +751,7 @@ process_server_config_line(ServerOptions options, char line,
718	int port;	751	int port;
719	u_int i, flags = 0;	752	u_int i, flags = 0;
720	size_t len;	753	size_t len;
		754	const struct multistate *multistate_ptr;
721		755
722	cp = line;	756	cp = line;
723	if ((arg = strdelim(&cp)) == NULL)	757	if ((arg = strdelim(&cp)) == NULL)
@@ -833,24 +867,27 @@ process_server_config_line(ServerOptions options, char line,
833	break;	867	break;
834		868
835	case sAddressFamily:	869	case sAddressFamily:
		870	intptr = &options->address_family;
		871	multistate_ptr = multistate_addressfamily;
		872	if (options->listen_addrs != NULL)
		873	fatal("%s line %d: address family must be specified "
		874	"before ListenAddress.", filename, linenum);
		875	parse_multistate:
836	arg = strdelim(&cp);	876	arg = strdelim(&cp);
837	if (!arg \|\| *arg == '\0')	877	if (!arg \|\| *arg == '\0')
838	fatal("%s line %d: missing address family.",	878	fatal("%s line %d: missing argument.",
839	filename, linenum);	879	filename, linenum);
840	intptr = &options->address_family;	880	value = -1;
841	if (options->listen_addrs != NULL)	881	for (i = 0; multistate_ptr[i].key != NULL; i++) {
842	fatal("%s line %d: address family must be specified before "	882	if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
843	"ListenAddress.", filename, linenum);	883	value = multistate_ptr[i].value;
844	if (strcasecmp(arg, "inet") == 0)	884	break;
845	value = AF_INET;	885	}
846	else if (strcasecmp(arg, "inet6") == 0)	886	}
847	value = AF_INET6;	887	if (value == -1)
848	else if (strcasecmp(arg, "any") == 0)	888	fatal("%s line %d: unsupported option \"%s\".",
849	value = AF_UNSPEC;
850	else
851	fatal("%s line %d: unsupported address family \"%s\".",
852	filename, linenum, arg);	889	filename, linenum, arg);
853	if (*intptr == -1)	890	if (activep && intptr == -1)
854	*intptr = value;	891	*intptr = value;
855	break;	892	break;
856		893
@@ -889,27 +926,8 @@ process_server_config_line(ServerOptions options, char line,
889		926
890	case sPermitRootLogin:	927	case sPermitRootLogin:
891	intptr = &options->permit_root_login;	928	intptr = &options->permit_root_login;
892	arg = strdelim(&cp);	929	multistate_ptr = multistate_permitrootlogin;
893	if (!arg \|\| *arg == '\0')	930	goto parse_multistate;
894	fatal("%s line %d: missing yes/"
895	"without-password/forced-commands-only/no "
896	"argument.", filename, linenum);
897	value = 0; /* silence compiler */
898	if (strcmp(arg, "without-password") == 0)
899	value = PERMIT_NO_PASSWD;
900	else if (strcmp(arg, "forced-commands-only") == 0)
901	value = PERMIT_FORCED_ONLY;
902	else if (strcmp(arg, "yes") == 0)
903	value = PERMIT_YES;
904	else if (strcmp(arg, "no") == 0)
905	value = PERMIT_NO;
906	else
907	fatal("%s line %d: Bad yes/"
908	"without-password/forced-commands-only/no "
909	"argument: %s", filename, linenum, arg);
910	if (activep && intptr == -1)
911	*intptr = value;
912	break;
913		931
914	case sIgnoreRhosts:	932	case sIgnoreRhosts:
915	intptr = &options->ignore_rhosts;	933	intptr = &options->ignore_rhosts;
@@ -1056,43 +1074,13 @@ process_server_config_line(ServerOptions options, char line,
1056		1074
1057	case sCompression:	1075	case sCompression:
1058	intptr = &options->compression;	1076	intptr = &options->compression;
1059	arg = strdelim(&cp);	1077	multistate_ptr = multistate_compression;
1060	if (!arg \|\| *arg == '\0')	1078	goto parse_multistate;
1061	fatal("%s line %d: missing yes/no/delayed "
1062	"argument.", filename, linenum);
1063	value = 0; /* silence compiler */
1064	if (strcmp(arg, "delayed") == 0)
1065	value = COMP_DELAYED;
1066	else if (strcmp(arg, "yes") == 0)
1067	value = COMP_ZLIB;
1068	else if (strcmp(arg, "no") == 0)
1069	value = COMP_NONE;
1070	else
1071	fatal("%s line %d: Bad yes/no/delayed "
1072	"argument: %s", filename, linenum, arg);
1073	if (*intptr == -1)
1074	*intptr = value;
1075	break;
1076		1079
1077	case sGatewayPorts:	1080	case sGatewayPorts:
1078	intptr = &options->gateway_ports;	1081	intptr = &options->gateway_ports;
1079	arg = strdelim(&cp);	1082	multistate_ptr = multistate_gatewayports;
1080	if (!arg \|\| *arg == '\0')	1083	goto parse_multistate;
1081	fatal("%s line %d: missing yes/no/clientspecified "
1082	"argument.", filename, linenum);
1083	value = 0; /* silence compiler */
1084	if (strcmp(arg, "clientspecified") == 0)
1085	value = 2;
1086	else if (strcmp(arg, "yes") == 0)
1087	value = 1;
1088	else if (strcmp(arg, "no") == 0)
1089	value = 0;
1090	else
1091	fatal("%s line %d: Bad yes/no/clientspecified "
1092	"argument: %s", filename, linenum, arg);
1093	if (activep && intptr == -1)
1094	*intptr = value;
1095	break;
1096		1084
1097	case sUseDNS:	1085	case sUseDNS:
1098	intptr = &options->use_dns;	1086	intptr = &options->use_dns;
@@ -1130,7 +1118,8 @@ process_server_config_line(ServerOptions options, char line,
1130		1118
1131	case sUsePrivilegeSeparation:	1119	case sUsePrivilegeSeparation:
1132	intptr = &use_privsep;	1120	intptr = &use_privsep;
1133	goto parse_flag;	1121	multistate_ptr = multistate_privsep;
		1122	goto parse_multistate;
1134		1123
1135	case sAllowUsers:	1124	case sAllowUsers:
1136	while ((arg = strdelim(&cp)) && *arg != '\0') {	1125	while ((arg = strdelim(&cp)) && *arg != '\0') {
@@ -1296,14 +1285,22 @@ process_server_config_line(ServerOptions options, char line,
1296	* AuthorizedKeysFile /etc/ssh_keys/%u	1285	* AuthorizedKeysFile /etc/ssh_keys/%u
1297	*/	1286	*/
1298	case sAuthorizedKeysFile:	1287	case sAuthorizedKeysFile:
1299	charptr = &options->authorized_keys_file;	1288	if (*activep && options->num_authkeys_files == 0) {
1300	goto parse_tilde_filename;	1289	while ((arg = strdelim(&cp)) && *arg != '\0') {
1301	case sAuthorizedKeysFile2:	1290	if (options->num_authkeys_files >=
1302	charptr = &options->authorized_keys_file2;	1291	MAX_AUTHKEYS_FILES)
1303	goto parse_tilde_filename;	1292	fatal("%s line %d: "
		1293	"too many authorized keys files.",
		1294	filename, linenum);
		1295	options->authorized_keys_files[
		1296	options->num_authkeys_files++] =
		1297	tilde_expand_filename(arg, getuid());
		1298	}
		1299	}
		1300	return 0;
		1301
1304	case sAuthorizedPrincipalsFile:	1302	case sAuthorizedPrincipalsFile:
1305	charptr = &options->authorized_principals_file;	1303	charptr = &options->authorized_principals_file;
1306	parse_tilde_filename:
1307	arg = strdelim(&cp);	1304	arg = strdelim(&cp);
1308	if (!arg \|\| *arg == '\0')	1305	if (!arg \|\| *arg == '\0')
1309	fatal("%s line %d: missing file name.",	1306	fatal("%s line %d: missing file name.",
@@ -1526,6 +1523,12 @@ parse_server_match_config(ServerOptions options, const char user,
1526	dst->n = src->n; \	1523	dst->n = src->n; \
1527	} \	1524	} \
1528	} while(0)	1525	} while(0)
		1526	#define M_CP_STRARRAYOPT(n, num_n) do {\
		1527	if (src->num_n != 0) { \
		1528	for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
		1529	dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
		1530	} \
		1531	} while(0)
1529		1532
1530	/*	1533	/*
1531	* Copy any supported values that are set.	1534	* Copy any supported values that are set.
@@ -1561,20 +1564,23 @@ copy_set_server_options(ServerOptions dst, ServerOptions src, int preauth)
1561	M_CP_INTOPT(ip_qos_interactive);	1564	M_CP_INTOPT(ip_qos_interactive);
1562	M_CP_INTOPT(ip_qos_bulk);	1565	M_CP_INTOPT(ip_qos_bulk);
1563		1566
1564	M_CP_STROPT(banner);	1567	/* See comment in servconf.h */
		1568	COPY_MATCH_STRING_OPTS();
		1569
		1570	/*
		1571	* The only things that should be below this point are string options
		1572	* which are only used after authentication.
		1573	*/
1565	if (preauth)	1574	if (preauth)
1566	return;	1575	return;
		1576
1567	M_CP_STROPT(adm_forced_command);	1577	M_CP_STROPT(adm_forced_command);
1568	M_CP_STROPT(chroot_directory);	1578	M_CP_STROPT(chroot_directory);
1569	M_CP_STROPT(trusted_user_ca_keys);
1570	M_CP_STROPT(revoked_keys_file);
1571	M_CP_STROPT(authorized_keys_file);
1572	M_CP_STROPT(authorized_keys_file2);
1573	M_CP_STROPT(authorized_principals_file);
1574	}	1579	}
1575		1580
1576	#undef M_CP_INTOPT	1581	#undef M_CP_INTOPT
1577	#undef M_CP_STROPT	1582	#undef M_CP_STROPT
		1583	#undef M_CP_STRARRAYOPT
1578		1584
1579	void	1585	void
1580	parse_server_config(ServerOptions options, const char filename, Buffer *conf,	1586	parse_server_config(ServerOptions options, const char filename, Buffer *conf,
@@ -1600,31 +1606,34 @@ parse_server_config(ServerOptions options, const char filename, Buffer *conf,
1600	}	1606	}
1601		1607
1602	static const char *	1608	static const char *
1603	fmt_intarg(ServerOpCodes code, int val)	1609	fmt_multistate_int(int val, const struct multistate *m)
1604	{	1610	{
1605	if (code == sAddressFamily) {	1611	u_int i;
1606	switch (val) {	1612
1607	case AF_INET:	1613	for (i = 0; m[i].key != NULL; i++) {
1608	return "inet";	1614	if (m[i].value == val)
1609	case AF_INET6:	1615	return m[i].key;
1610	return "inet6";
1611	case AF_UNSPEC:
1612	return "any";
1613	default:
1614	return "UNKNOWN";
1615	}
1616	}
1617	if (code == sPermitRootLogin) {
1618	switch (val) {
1619	case PERMIT_NO_PASSWD:
1620	return "without-password";
1621	case PERMIT_FORCED_ONLY:
1622	return "forced-commands-only";
1623	case PERMIT_YES:
1624	return "yes";
1625	}
1626	}	1616	}
1627	if (code == sProtocol) {	1617	return "UNKNOWN";
		1618	}
		1619
		1620	static const char *
		1621	fmt_intarg(ServerOpCodes code, int val)
		1622	{
		1623	if (val == -1)
		1624	return "unset";
		1625	switch (code) {
		1626	case sAddressFamily:
		1627	return fmt_multistate_int(val, multistate_addressfamily);
		1628	case sPermitRootLogin:
		1629	return fmt_multistate_int(val, multistate_permitrootlogin);
		1630	case sGatewayPorts:
		1631	return fmt_multistate_int(val, multistate_gatewayports);
		1632	case sCompression:
		1633	return fmt_multistate_int(val, multistate_compression);
		1634	case sUsePrivilegeSeparation:
		1635	return fmt_multistate_int(val, multistate_privsep);
		1636	case sProtocol:
1628	switch (val) {	1637	switch (val) {
1629	case SSH_PROTO_1:	1638	case SSH_PROTO_1:
1630	return "1";	1639	return "1";
@@ -1635,20 +1644,16 @@ fmt_intarg(ServerOpCodes code, int val)
1635	default:	1644	default:
1636	return "UNKNOWN";	1645	return "UNKNOWN";
1637	}	1646	}
		1647	default:
		1648	switch (val) {
		1649	case 0:
		1650	return "no";
		1651	case 1:
		1652	return "yes";
		1653	default:
		1654	return "UNKNOWN";
		1655	}
1638	}	1656	}
1639	if (code == sGatewayPorts && val == 2)
1640	return "clientspecified";
1641	if (code == sCompression && val == COMP_DELAYED)
1642	return "delayed";
1643	switch (val) {
1644	case -1:
1645	return "unset";
1646	case 0:
1647	return "no";
1648	case 1:
1649	return "yes";
1650	}
1651	return "UNKNOWN";
1652	}	1657	}
1653		1658
1654	static const char *	1659	static const char *
@@ -1688,7 +1693,18 @@ dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
1688	u_int i;	1693	u_int i;
1689		1694
1690	for (i = 0; i < count; i++)	1695	for (i = 0; i < count; i++)
1691	printf("%s %s\n", lookup_opcode_name(code), vals[i]);	1696	printf("%s %s\n", lookup_opcode_name(code), vals[i]);
		1697	}
		1698
		1699	static void
		1700	dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
		1701	{
		1702	u_int i;
		1703
		1704	printf("%s", lookup_opcode_name(code));
		1705	for (i = 0; i < count; i++)
		1706	printf(" %s", vals[i]);
		1707	printf("\n");
1692	}	1708	}
1693		1709
1694	void	1710	void
@@ -1790,8 +1806,6 @@ dump_config(ServerOptions *o)
1790	dump_cfg_string(sCiphers, o->ciphers);	1806	dump_cfg_string(sCiphers, o->ciphers);
1791	dump_cfg_string(sMacs, o->macs);	1807	dump_cfg_string(sMacs, o->macs);
1792	dump_cfg_string(sBanner, o->banner);	1808	dump_cfg_string(sBanner, o->banner);
1793	dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
1794	dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
1795	dump_cfg_string(sForceCommand, o->adm_forced_command);	1809	dump_cfg_string(sForceCommand, o->adm_forced_command);
1796	dump_cfg_string(sChrootDirectory, o->chroot_directory);	1810	dump_cfg_string(sChrootDirectory, o->chroot_directory);
1797	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);	1811	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
@@ -1804,6 +1818,8 @@ dump_config(ServerOptions *o)
1804	dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));	1818	dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
1805		1819
1806	/* string array arguments */	1820	/* string array arguments */
		1821	dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
		1822	o->authorized_keys_files);
1807	dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,	1823	dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
1808	o->host_key_files);	1824	o->host_key_files);
1809	dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,	1825	dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
@@ -1829,7 +1845,8 @@ dump_config(ServerOptions *o)
1829	}	1845	}
1830	dump_cfg_string(sPermitTunnel, s);	1846	dump_cfg_string(sPermitTunnel, s);
1831		1847
1832	printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk);	1848	printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
		1849	printf("%s\n", iptos2str(o->ip_qos_bulk));
1833		1850
1834	channel_print_adm_permitted_opens();	1851	channel_print_adm_permitted_opens();
1835	}	1852	}