src/usr.bin/ssh/servconf.c - diff

Return to servconf.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/servconf.c between version 1.313 and 1.314

version 1.313, 2017/10/04 18:49:30

version 1.314, 2017/10/05 15:52:03

Line 178

fatal("kex_assemble_names failed");

}

static void

array_append(const char *file, const int line, const char *directive,

char ***array, u_int *lp, const char *s)

{

if (*lp >= INT_MAX)

fatal("%s line %d: Too many %s entries", file, line, directive);

*array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));

(*array)[*lp] = xstrdup(s);

(*lp)++;

}

void

servconf_add_hostkey(const char *file, const int line,

ServerOptions *options, const char *path)

{

char *apath = derelativise_path(path);

array_append(file, line, "HostKey",

&options->host_key_files, &options->num_host_key_files, apath);

free(apath);

}

void

servconf_add_hostcert(const char *file, const int line,

ServerOptions *options, const char *path)

{

char *apath = derelativise_path(path);

array_append(file, line, "HostCertificate",

&options->host_cert_files, &options->num_host_cert_files, apath);

free(apath);

}

void

fill_default_server_options(ServerOptions *options)

{

int i;

u_int i;

if (options->num_host_key_files == 0) {

/* fill default hostkeys */

options->host_key_files[options->num_host_key_files++] =

servconf_add_hostkey("[default]", 0, options,

_PATH_HOST_RSA_KEY_FILE;

_PATH_HOST_RSA_KEY_FILE);

options->host_key_files[options->num_host_key_files++] =

servconf_add_hostkey("[default]", 0, options,

_PATH_HOST_DSA_KEY_FILE;

_PATH_HOST_DSA_KEY_FILE);

options->host_key_files[options->num_host_key_files++] =

servconf_add_hostkey("[default]", 0, options,

_PATH_HOST_ECDSA_KEY_FILE;

_PATH_HOST_ECDSA_KEY_FILE);

options->host_key_files[options->num_host_key_files++] =

servconf_add_hostkey("[default]", 0, options,

_PATH_HOST_ED25519_KEY_FILE;

_PATH_HOST_ED25519_KEY_FILE);

}

/* No certificates by default */

if (options->num_ports == 0)

Line 296

Line 331

if (options->client_alive_count_max == -1)

options->client_alive_count_max = 3;

if (options->num_authkeys_files == 0) {

options->authorized_keys_files[options->num_authkeys_files++] =

array_append("[default]", 0, "AuthorizedKeysFiles",

xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);

&options->authorized_keys_files,

options->authorized_keys_files[options->num_authkeys_files++] =

&options->num_authkeys_files,

xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);

_PATH_SSH_USER_PERMITTED_KEYS);

array_append("[default]", 0, "AuthorizedKeysFiles",

&options->authorized_keys_files,

&options->num_authkeys_files,

_PATH_SSH_USER_PERMITTED_KEYS2);

}

if (options->permit_tun == -1)

options->permit_tun = SSH_TUNMODE_NO;

Line 1076

Line 1115

break;

case sHostKeyFile:

intptr = &options->num_host_key_files;

if (*intptr >= MAX_HOSTKEYS)

fatal("%s line %d: too many host keys specified (max %d).",

filename, linenum, MAX_HOSTKEYS);

charptr = &options->host_key_files[*intptr];

parse_filename:

arg = strdelim(&cp);

if (!arg || *arg == '\0')

fatal("%s line %d: missing file name.",

filename, linenum);

if (*activep && *charptr == NULL) {

if (*activep)

*charptr = derelativise_path(arg);

servconf_add_hostkey(filename, linenum, options, arg);

/* increase optional counter */

if (intptr != NULL)

*intptr = *intptr + 1;

}

break;

case sHostKeyAgent:

Line 1106

Line 1135

break;

case sHostCertificate:

intptr = &options->num_host_cert_files;

arg = strdelim(&cp);

if (*intptr >= MAX_HOSTKEYS)

if (!arg || *arg == '\0')

fatal("%s line %d: too many host certificates "

fatal("%s line %d: missing file name.",

"specified (max %d).", filename, linenum,

filename, linenum);

MAX_HOSTCERTS);

if (*activep)

charptr = &options->host_cert_files[*intptr];

servconf_add_hostcert(filename, linenum, options, arg);

goto parse_filename;

break;

case sPidFile:

charptr = &options->pid_file;

goto parse_filename;

parse_filename:

arg = strdelim(&cp);

if (!arg || *arg == '\0')

fatal("%s line %d: missing file name.",

filename, linenum);

if (*activep && *charptr == NULL) {

*charptr = derelativise_path(arg);

/* increase optional counter */

if (intptr != NULL)

*intptr = *intptr + 1;

}

break;

case sPermitRootLogin:

intptr = &options->permit_root_login;

Line 1360

Line 1400

case sAllowUsers:

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_allow_users >= MAX_ALLOW_USERS)

fatal("%s line %d: too many allow users.",

filename, linenum);

if (match_user(NULL, NULL, NULL, arg) == -1)

fatal("%s line %d: invalid AllowUsers pattern: "

"\"%.100s\"", filename, linenum, arg);

if (!*activep)

continue;

options->allow_users[options->num_allow_users++] =

array_append(filename, linenum, "AllowUsers",

xstrdup(arg);

&options->allow_users, &options->num_allow_users,

arg);

}

break;

case sDenyUsers:

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_deny_users >= MAX_DENY_USERS)

fatal("%s line %d: too many deny users.",

filename, linenum);

if (match_user(NULL, NULL, NULL, arg) == -1)

fatal("%s line %d: invalid DenyUsers pattern: "

"\"%.100s\"", filename, linenum, arg);

if (!*activep)

continue;

options->deny_users[options->num_deny_users++] =

array_append(filename, linenum, "DenyUsers",

xstrdup(arg);

&options->deny_users, &options->num_deny_users,

arg);

}

break;

case sAllowGroups:

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_allow_groups >= MAX_ALLOW_GROUPS)

fatal("%s line %d: too many allow groups.",

filename, linenum);

if (!*activep)

continue;

options->allow_groups[options->num_allow_groups++] =

array_append(filename, linenum, "AllowGroups",

xstrdup(arg);

&options->allow_groups, &options->num_allow_groups,

arg);

}

break;

case sDenyGroups:

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_deny_groups >= MAX_DENY_GROUPS)

fatal("%s line %d: too many deny groups.",

filename, linenum);

if (!*activep)

continue;

options->deny_groups[options->num_deny_groups++] =

array_append(filename, linenum, "DenyGroups",

xstrdup(arg);

&options->deny_groups, &options->num_deny_groups,

arg);

}

break;

Line 1527

Line 1559

case sAuthorizedKeysFile:

if (*activep && options->num_authkeys_files == 0) {

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_authkeys_files >=

arg = tilde_expand_filename(arg, getuid());

MAX_AUTHKEYS_FILES)

array_append(filename, linenum,

fatal("%s line %d: "

"AuthorizedKeysFile",

"too many authorized keys files.",

&options->authorized_keys_files,

filename, linenum);

&options->num_authkeys_files, arg);

options->authorized_keys_files[

free(arg);

options->num_authkeys_files++] =

tilde_expand_filename(arg, getuid());

}

return 0;

Line 1566

Line 1596

if (strchr(arg, '=') != NULL)

fatal("%s line %d: Invalid environment name.",

filename, linenum);

if (options->num_accept_env >= MAX_ACCEPT_ENV)

fatal("%s line %d: too many allow env.",

filename, linenum);

if (!*activep)

continue;

options->accept_env[options->num_accept_env++] =

array_append(filename, linenum, "AcceptEnv",

xstrdup(arg);

&options->accept_env, &options->num_accept_env,

arg);

}

break;

Line 1632

Line 1660

fatal("%s line %d: bad port number in "

"PermitOpen", filename, linenum);

if (*activep && value == 0) {

options->permitted_opens = xrecallocarray(

array_append(filename, linenum,

options->permitted_opens,

"PermitOpen",

options->num_permitted_opens,

&options->permitted_opens,

options->num_permitted_opens + 1,

&options->num_permitted_opens, arg2);

sizeof(*options->permitted_opens));

}

i = options->num_permitted_opens++;

free(arg2);

options->permitted_opens[i] = arg2;

} else

free(arg2);

}

break;

Line 1763

Line 1788

value = 0; /* seen "any" pseudo-method */

value2 = 0; /* sucessfully parsed any method */

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_auth_methods >=

MAX_AUTH_METHODS)

fatal("%s line %d: "

"too many authentication methods.",

filename, linenum);

if (strcmp(arg, "any") == 0) {

if (options->num_auth_methods > 0) {

fatal("%s line %d: \"any\" "

Line 1788

Line 1808

value2 = 1;

if (!*activep)

continue;

options->auth_methods[

array_append(filename, linenum,

options->num_auth_methods++] = xstrdup(arg);

"AuthenticationMethods",

&options->auth_methods,

&options->num_auth_methods, arg);

}

if (value2 == 0) {

fatal("%s line %d: no AuthenticationMethods "

Line 2005

Line 2027

dst->n = src->n; \

} \

} while(0)

#define M_CP_STRARRAYOPT(n, num_n) do {\

#define M_CP_STRARRAYOPT(s, num_s) do {\

if (src->num_n != 0) { \

u_int i; \

for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \

if (src->num_s != 0) { \

dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \

for (i = 0; i < dst->num_s; i++) \

free(dst->s[i]); \

free(dst->s); \

dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \

for (i = 0; i < src->num_s; i++) \

dst->s[i] = xstrdup(src->s[i]); \

dst->num_s = src->num_s; \

} \

} while(0)

#define M_CP_STRARRAYOPT_ALLOC(n, num_n) do { \

if (src->num_n != 0) { \

dst->n = xcalloc(src->num_n, sizeof(*dst->n)); \

M_CP_STRARRAYOPT(n, num_n); \

dst->num_n = src->num_n; \

} \

} while(0)

/* See comment in servconf.h */

COPY_MATCH_STRING_OPTS();

Line 2048

Line 2069

#undef M_CP_INTOPT

#undef M_CP_STROPT

#undef M_CP_STRARRAYOPT

#undef M_CP_STRARRAYOPT_ALLOC

void

parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,