version 1.313, 2017/10/04 18:49:30 |
version 1.314, 2017/10/05 15:52:03 |
|
|
fatal("kex_assemble_names failed"); |
fatal("kex_assemble_names failed"); |
} |
} |
|
|
|
static void |
|
array_append(const char *file, const int line, const char *directive, |
|
char ***array, u_int *lp, const char *s) |
|
{ |
|
|
|
if (*lp >= INT_MAX) |
|
fatal("%s line %d: Too many %s entries", file, line, directive); |
|
|
|
*array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array)); |
|
(*array)[*lp] = xstrdup(s); |
|
(*lp)++; |
|
} |
|
|
void |
void |
|
servconf_add_hostkey(const char *file, const int line, |
|
ServerOptions *options, const char *path) |
|
{ |
|
char *apath = derelativise_path(path); |
|
|
|
array_append(file, line, "HostKey", |
|
&options->host_key_files, &options->num_host_key_files, apath); |
|
free(apath); |
|
} |
|
|
|
void |
|
servconf_add_hostcert(const char *file, const int line, |
|
ServerOptions *options, const char *path) |
|
{ |
|
char *apath = derelativise_path(path); |
|
|
|
array_append(file, line, "HostCertificate", |
|
&options->host_cert_files, &options->num_host_cert_files, apath); |
|
free(apath); |
|
} |
|
|
|
void |
fill_default_server_options(ServerOptions *options) |
fill_default_server_options(ServerOptions *options) |
{ |
{ |
int i; |
u_int i; |
|
|
if (options->num_host_key_files == 0) { |
if (options->num_host_key_files == 0) { |
/* fill default hostkeys */ |
/* fill default hostkeys */ |
options->host_key_files[options->num_host_key_files++] = |
servconf_add_hostkey("[default]", 0, options, |
_PATH_HOST_RSA_KEY_FILE; |
_PATH_HOST_RSA_KEY_FILE); |
options->host_key_files[options->num_host_key_files++] = |
servconf_add_hostkey("[default]", 0, options, |
_PATH_HOST_DSA_KEY_FILE; |
_PATH_HOST_DSA_KEY_FILE); |
options->host_key_files[options->num_host_key_files++] = |
servconf_add_hostkey("[default]", 0, options, |
_PATH_HOST_ECDSA_KEY_FILE; |
_PATH_HOST_ECDSA_KEY_FILE); |
options->host_key_files[options->num_host_key_files++] = |
servconf_add_hostkey("[default]", 0, options, |
_PATH_HOST_ED25519_KEY_FILE; |
_PATH_HOST_ED25519_KEY_FILE); |
} |
} |
/* No certificates by default */ |
/* No certificates by default */ |
if (options->num_ports == 0) |
if (options->num_ports == 0) |
|
|
if (options->client_alive_count_max == -1) |
if (options->client_alive_count_max == -1) |
options->client_alive_count_max = 3; |
options->client_alive_count_max = 3; |
if (options->num_authkeys_files == 0) { |
if (options->num_authkeys_files == 0) { |
options->authorized_keys_files[options->num_authkeys_files++] = |
array_append("[default]", 0, "AuthorizedKeysFiles", |
xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); |
&options->authorized_keys_files, |
options->authorized_keys_files[options->num_authkeys_files++] = |
&options->num_authkeys_files, |
xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); |
_PATH_SSH_USER_PERMITTED_KEYS); |
|
array_append("[default]", 0, "AuthorizedKeysFiles", |
|
&options->authorized_keys_files, |
|
&options->num_authkeys_files, |
|
_PATH_SSH_USER_PERMITTED_KEYS2); |
} |
} |
if (options->permit_tun == -1) |
if (options->permit_tun == -1) |
options->permit_tun = SSH_TUNMODE_NO; |
options->permit_tun = SSH_TUNMODE_NO; |
|
|
break; |
break; |
|
|
case sHostKeyFile: |
case sHostKeyFile: |
intptr = &options->num_host_key_files; |
|
if (*intptr >= MAX_HOSTKEYS) |
|
fatal("%s line %d: too many host keys specified (max %d).", |
|
filename, linenum, MAX_HOSTKEYS); |
|
charptr = &options->host_key_files[*intptr]; |
|
parse_filename: |
|
arg = strdelim(&cp); |
arg = strdelim(&cp); |
if (!arg || *arg == '\0') |
if (!arg || *arg == '\0') |
fatal("%s line %d: missing file name.", |
fatal("%s line %d: missing file name.", |
filename, linenum); |
filename, linenum); |
if (*activep && *charptr == NULL) { |
if (*activep) |
*charptr = derelativise_path(arg); |
servconf_add_hostkey(filename, linenum, options, arg); |
/* increase optional counter */ |
|
if (intptr != NULL) |
|
*intptr = *intptr + 1; |
|
} |
|
break; |
break; |
|
|
case sHostKeyAgent: |
case sHostKeyAgent: |
|
|
break; |
break; |
|
|
case sHostCertificate: |
case sHostCertificate: |
intptr = &options->num_host_cert_files; |
arg = strdelim(&cp); |
if (*intptr >= MAX_HOSTKEYS) |
if (!arg || *arg == '\0') |
fatal("%s line %d: too many host certificates " |
fatal("%s line %d: missing file name.", |
"specified (max %d).", filename, linenum, |
filename, linenum); |
MAX_HOSTCERTS); |
if (*activep) |
charptr = &options->host_cert_files[*intptr]; |
servconf_add_hostcert(filename, linenum, options, arg); |
goto parse_filename; |
break; |
|
|
case sPidFile: |
case sPidFile: |
charptr = &options->pid_file; |
charptr = &options->pid_file; |
goto parse_filename; |
parse_filename: |
|
arg = strdelim(&cp); |
|
if (!arg || *arg == '\0') |
|
fatal("%s line %d: missing file name.", |
|
filename, linenum); |
|
if (*activep && *charptr == NULL) { |
|
*charptr = derelativise_path(arg); |
|
/* increase optional counter */ |
|
if (intptr != NULL) |
|
*intptr = *intptr + 1; |
|
} |
|
break; |
|
|
case sPermitRootLogin: |
case sPermitRootLogin: |
intptr = &options->permit_root_login; |
intptr = &options->permit_root_login; |
|
|
|
|
case sAllowUsers: |
case sAllowUsers: |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
if (options->num_allow_users >= MAX_ALLOW_USERS) |
|
fatal("%s line %d: too many allow users.", |
|
filename, linenum); |
|
if (match_user(NULL, NULL, NULL, arg) == -1) |
if (match_user(NULL, NULL, NULL, arg) == -1) |
fatal("%s line %d: invalid AllowUsers pattern: " |
fatal("%s line %d: invalid AllowUsers pattern: " |
"\"%.100s\"", filename, linenum, arg); |
"\"%.100s\"", filename, linenum, arg); |
if (!*activep) |
if (!*activep) |
continue; |
continue; |
options->allow_users[options->num_allow_users++] = |
array_append(filename, linenum, "AllowUsers", |
xstrdup(arg); |
&options->allow_users, &options->num_allow_users, |
|
arg); |
} |
} |
break; |
break; |
|
|
case sDenyUsers: |
case sDenyUsers: |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
if (options->num_deny_users >= MAX_DENY_USERS) |
|
fatal("%s line %d: too many deny users.", |
|
filename, linenum); |
|
if (match_user(NULL, NULL, NULL, arg) == -1) |
if (match_user(NULL, NULL, NULL, arg) == -1) |
fatal("%s line %d: invalid DenyUsers pattern: " |
fatal("%s line %d: invalid DenyUsers pattern: " |
"\"%.100s\"", filename, linenum, arg); |
"\"%.100s\"", filename, linenum, arg); |
if (!*activep) |
if (!*activep) |
continue; |
continue; |
options->deny_users[options->num_deny_users++] = |
array_append(filename, linenum, "DenyUsers", |
xstrdup(arg); |
&options->deny_users, &options->num_deny_users, |
|
arg); |
} |
} |
break; |
break; |
|
|
case sAllowGroups: |
case sAllowGroups: |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
if (options->num_allow_groups >= MAX_ALLOW_GROUPS) |
|
fatal("%s line %d: too many allow groups.", |
|
filename, linenum); |
|
if (!*activep) |
if (!*activep) |
continue; |
continue; |
options->allow_groups[options->num_allow_groups++] = |
array_append(filename, linenum, "AllowGroups", |
xstrdup(arg); |
&options->allow_groups, &options->num_allow_groups, |
|
arg); |
} |
} |
break; |
break; |
|
|
case sDenyGroups: |
case sDenyGroups: |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
if (options->num_deny_groups >= MAX_DENY_GROUPS) |
|
fatal("%s line %d: too many deny groups.", |
|
filename, linenum); |
|
if (!*activep) |
if (!*activep) |
continue; |
continue; |
options->deny_groups[options->num_deny_groups++] = |
array_append(filename, linenum, "DenyGroups", |
xstrdup(arg); |
&options->deny_groups, &options->num_deny_groups, |
|
arg); |
} |
} |
break; |
break; |
|
|
|
|
case sAuthorizedKeysFile: |
case sAuthorizedKeysFile: |
if (*activep && options->num_authkeys_files == 0) { |
if (*activep && options->num_authkeys_files == 0) { |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
if (options->num_authkeys_files >= |
arg = tilde_expand_filename(arg, getuid()); |
MAX_AUTHKEYS_FILES) |
array_append(filename, linenum, |
fatal("%s line %d: " |
"AuthorizedKeysFile", |
"too many authorized keys files.", |
&options->authorized_keys_files, |
filename, linenum); |
&options->num_authkeys_files, arg); |
options->authorized_keys_files[ |
free(arg); |
options->num_authkeys_files++] = |
|
tilde_expand_filename(arg, getuid()); |
|
} |
} |
} |
} |
return 0; |
return 0; |
|
|
if (strchr(arg, '=') != NULL) |
if (strchr(arg, '=') != NULL) |
fatal("%s line %d: Invalid environment name.", |
fatal("%s line %d: Invalid environment name.", |
filename, linenum); |
filename, linenum); |
if (options->num_accept_env >= MAX_ACCEPT_ENV) |
|
fatal("%s line %d: too many allow env.", |
|
filename, linenum); |
|
if (!*activep) |
if (!*activep) |
continue; |
continue; |
options->accept_env[options->num_accept_env++] = |
array_append(filename, linenum, "AcceptEnv", |
xstrdup(arg); |
&options->accept_env, &options->num_accept_env, |
|
arg); |
} |
} |
break; |
break; |
|
|
|
|
fatal("%s line %d: bad port number in " |
fatal("%s line %d: bad port number in " |
"PermitOpen", filename, linenum); |
"PermitOpen", filename, linenum); |
if (*activep && value == 0) { |
if (*activep && value == 0) { |
options->permitted_opens = xrecallocarray( |
array_append(filename, linenum, |
options->permitted_opens, |
"PermitOpen", |
options->num_permitted_opens, |
&options->permitted_opens, |
options->num_permitted_opens + 1, |
&options->num_permitted_opens, arg2); |
sizeof(*options->permitted_opens)); |
} |
i = options->num_permitted_opens++; |
free(arg2); |
options->permitted_opens[i] = arg2; |
|
} else |
|
free(arg2); |
|
} |
} |
break; |
break; |
|
|
|
|
value = 0; /* seen "any" pseudo-method */ |
value = 0; /* seen "any" pseudo-method */ |
value2 = 0; /* sucessfully parsed any method */ |
value2 = 0; /* sucessfully parsed any method */ |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
if (options->num_auth_methods >= |
|
MAX_AUTH_METHODS) |
|
fatal("%s line %d: " |
|
"too many authentication methods.", |
|
filename, linenum); |
|
if (strcmp(arg, "any") == 0) { |
if (strcmp(arg, "any") == 0) { |
if (options->num_auth_methods > 0) { |
if (options->num_auth_methods > 0) { |
fatal("%s line %d: \"any\" " |
fatal("%s line %d: \"any\" " |
|
|
value2 = 1; |
value2 = 1; |
if (!*activep) |
if (!*activep) |
continue; |
continue; |
options->auth_methods[ |
array_append(filename, linenum, |
options->num_auth_methods++] = xstrdup(arg); |
"AuthenticationMethods", |
|
&options->auth_methods, |
|
&options->num_auth_methods, arg); |
} |
} |
if (value2 == 0) { |
if (value2 == 0) { |
fatal("%s line %d: no AuthenticationMethods " |
fatal("%s line %d: no AuthenticationMethods " |
|
|
dst->n = src->n; \ |
dst->n = src->n; \ |
} \ |
} \ |
} while(0) |
} while(0) |
#define M_CP_STRARRAYOPT(n, num_n) do {\ |
#define M_CP_STRARRAYOPT(s, num_s) do {\ |
if (src->num_n != 0) { \ |
u_int i; \ |
for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ |
if (src->num_s != 0) { \ |
dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ |
for (i = 0; i < dst->num_s; i++) \ |
|
free(dst->s[i]); \ |
|
free(dst->s); \ |
|
dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \ |
|
for (i = 0; i < src->num_s; i++) \ |
|
dst->s[i] = xstrdup(src->s[i]); \ |
|
dst->num_s = src->num_s; \ |
} \ |
} \ |
} while(0) |
} while(0) |
#define M_CP_STRARRAYOPT_ALLOC(n, num_n) do { \ |
|
if (src->num_n != 0) { \ |
|
dst->n = xcalloc(src->num_n, sizeof(*dst->n)); \ |
|
M_CP_STRARRAYOPT(n, num_n); \ |
|
dst->num_n = src->num_n; \ |
|
} \ |
|
} while(0) |
|
|
|
/* See comment in servconf.h */ |
/* See comment in servconf.h */ |
COPY_MATCH_STRING_OPTS(); |
COPY_MATCH_STRING_OPTS(); |
|
|
#undef M_CP_INTOPT |
#undef M_CP_INTOPT |
#undef M_CP_STROPT |
#undef M_CP_STROPT |
#undef M_CP_STRARRAYOPT |
#undef M_CP_STRARRAYOPT |
#undef M_CP_STRARRAYOPT_ALLOC |
|
|
|
void |
void |
parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, |
parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, |