Grid Community Toolkit  6.2.1629922860 (tag: v6.2.20210826)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
servconf.h
1 /* $OpenBSD: servconf.h,v 1.154 2021/04/03 06:18:40 djm Exp $ */
2 
3 /*
4  * Author: Tatu Ylonen <[email protected]>
5  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
6  * All rights reserved
7  * Definitions for server configuration data and for the functions reading it.
8  *
9  * As far as I am concerned, the code I have written for this software
10  * can be used freely for any purpose. Any derived versions of this
11  * software must be clearly marked as such, and if the derived work is
12  * incompatible with the protocol description in the RFC file, it must be
13  * called by a name other than "ssh" or "Secure Shell".
14  */
15 
16 #ifndef SERVCONF_H
17 #define SERVCONF_H
18 
19 #include <openbsd-compat/sys-queue.h>
20 
21 #define MAX_PORTS 256 /* Max # ports. */
22 
23 #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */
24 
25 /* permit_root_login */
26 #define PERMIT_NOT_SET -1
27 #define PERMIT_NO 0
28 #define PERMIT_FORCED_ONLY 1
29 #define PERMIT_NO_PASSWD 2
30 #define PERMIT_YES 3
31 
32 /* use_privsep */
33 #define PRIVSEP_OFF 0
34 #define PRIVSEP_ON 1
35 #define PRIVSEP_NOSANDBOX 2
36 
37 /* PermitOpen */
38 #define PERMITOPEN_ANY 0
39 #define PERMITOPEN_NONE -2
40 
41 /* IgnoreRhosts */
42 #define IGNORE_RHOSTS_NO 0
43 #define IGNORE_RHOSTS_YES 1
44 #define IGNORE_RHOSTS_SHOSTS 2
45 
46 #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
47 #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
48 #define DEFAULT_MAX_DISPLAYS 1000 /* Maximum number of fake X11 displays to try. */
49 
50 /* Magic name for internal sftp-server */
51 #define INTERNAL_SFTP_NAME "internal-sftp"
52 
53 /* PubkeyAuthOptions flags */
54 #define PUBKEYAUTH_TOUCH_REQUIRED (1)
55 #define PUBKEYAUTH_VERIFY_REQUIRED (1<<1)
56 
57 struct ssh;
58 struct fwd_perm_list;
59 
60 /*
61  * Used to store addresses from ListenAddr directives. These may be
62  * incomplete, as they may specify addresses that need to be merged
63  * with any ports requested by ListenPort.
64  */
65 struct queued_listenaddr {
66  char *addr;
67  int port; /* <=0 if unspecified */
68  char *rdomain;
69 };
70 
71 /* Resolved listen addresses, grouped by optional routing domain */
72 struct listenaddr {
73  char *rdomain;
74  struct addrinfo *addrs;
75 };
76 
77 typedef struct {
78  u_int num_ports;
79  u_int ports_from_cmdline;
80  int ports[MAX_PORTS]; /* Port number to listen on. */
81  struct queued_listenaddr *queued_listen_addrs;
82  u_int num_queued_listens;
83  struct listenaddr *listen_addrs;
84  u_int num_listen_addrs;
85  int address_family; /* Address family used by the server. */
86 
87  char *routing_domain; /* Bind session to routing domain */
88 
89  char **host_key_files; /* Files containing host keys. */
90  int *host_key_file_userprovided; /* Key was specified by user. */
91  u_int num_host_key_files; /* Number of files for host keys. */
92  char **host_cert_files; /* Files containing host certs. */
93  u_int num_host_cert_files; /* Number of files for host certs. */
94 
95  char *host_key_agent; /* ssh-agent socket for host keys. */
96  char *pid_file; /* Where to put our pid */
97  char *moduli_file; /* moduli file for DH-GEX */
98  int login_grace_time; /* Disconnect if no auth in this time
99  * (sec). */
100  int permit_root_login; /* PERMIT_*, see above */
101  int ignore_rhosts; /* Ignore .rhosts and .shosts. */
102  int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts
103  * for RhostsRsaAuth */
104  int print_motd; /* If true, print /etc/motd. */
105  int print_lastlog; /* If true, print lastlog */
106  int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */
107  int x11_display_offset; /* What DISPLAY number to start
108  * searching at */
109  int x11_max_displays; /* Number of displays to search */
110  int x11_use_localhost; /* If true, use localhost for fake X11 server. */
111  char *xauth_location; /* Location of xauth program */
112  int permit_tty; /* If false, deny pty allocation */
113  int permit_user_rc; /* If false, deny ~/.ssh/rc execution */
114  int strict_modes; /* If true, require string home dir modes. */
115  int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
116  int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
117  int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
118  char *ciphers; /* Supported SSH2 ciphers. */
119  char *macs; /* Supported SSH2 macs. */
120  char *kex_algorithms; /* SSH2 kex methods in order of preference. */
121  struct ForwardOptions fwd_opts; /* forwarding options */
122  SyslogFacility log_facility; /* Facility for system logging. */
123  LogLevel log_level; /* Level for system logging. */
124  u_int num_log_verbose; /* Verbose log overrides */
125  char **log_verbose;
126  int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
127  int hostbased_uses_name_from_packet_only; /* experimental */
128  char *hostbased_accepted_algos; /* Algos allowed for hostbased */
129  char *hostkeyalgorithms; /* SSH2 server key types */
130  char *ca_sign_algorithms; /* Allowed CA signature algorithms */
131  int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
132  char *pubkey_accepted_algos; /* Signature algos allowed for pubkey */
133  int pubkey_auth_options; /* -1 or mask of PUBKEYAUTH_* flags */
134  int kerberos_authentication; /* If true, permit Kerberos
135  * authentication. */
136  int kerberos_or_local_passwd; /* If true, permit kerberos
137  * and any other password
138  * authentication mechanism,
139  * such as SecurID or
140  * /etc/passwd */
141  int kerberos_ticket_cleanup; /* If true, destroy ticket
142  * file on logout. */
143  int kerberos_get_afs_token; /* If true, try to get AFS token if
144  * authenticated with Kerberos. */
145  int kerberos_unique_ccache; /* If true, the acquired ticket will
146  * be stored in per-session ccache */
147  int use_kuserok;
148  int enable_k5users;
149  int gsi_allow_limited_proxy; /* If true, accept limited proxies */
150  int gss_authentication; /* If true, permit GSSAPI authentication */
151  int gss_deleg_creds; /* If true, store delegated GSSAPI credentials*/
152  int gss_keyex; /* If true, permit GSSAPI key exchange */
153  int gss_cleanup_creds; /* If true, destroy cred cache on logout */
154  char *gss_creds_path; /* Use non-default credentials path */
155  int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */
156  int gss_store_rekey;
157  char *gss_kex_algorithms; /* GSSAPI kex methods to be offered by client. */
158  int password_authentication; /* If true, permit password
159  * authentication. */
160  int kbd_interactive_authentication; /* If true, permit */
161  int challenge_response_authentication;
162  int permit_empty_passwd; /* If false, do not permit empty
163  * passwords. */
164  int permit_user_env; /* If true, read ~/.ssh/environment */
165  char *permit_user_env_allowlist; /* pattern-list of allowed env names */
166  int compression; /* If true, compression is allowed */
167  int allow_tcp_forwarding; /* One of FORWARD_* */
168  int allow_streamlocal_forwarding; /* One of FORWARD_* */
169  int allow_agent_forwarding;
170  int disable_forwarding;
171  u_int num_allow_users;
172  char **allow_users;
173  u_int num_deny_users;
174  char **deny_users;
175  u_int num_allow_groups;
176  char **allow_groups;
177  u_int num_deny_groups;
178  char **deny_groups;
179 
180  u_int num_subsystems;
181  char *subsystem_name[MAX_SUBSYSTEMS];
182  char *subsystem_command[MAX_SUBSYSTEMS];
183  char *subsystem_args[MAX_SUBSYSTEMS];
184 
185  u_int num_accept_env;
186  char **accept_env;
187  u_int num_setenv;
188  char **setenv;
189 
190  int max_startups_begin;
191  int max_startups_rate;
192  int max_startups;
193  int per_source_max_startups;
194  int per_source_masklen_ipv4;
195  int per_source_masklen_ipv6;
196  int max_authtries;
197  int max_sessions;
198  char *banner; /* SSH-2 banner message */
199  int use_dns;
200  int client_alive_interval; /*
201  * poke the client this often to
202  * see if it's still there
203  */
204  int client_alive_count_max; /*
205  * If the client is unresponsive
206  * for this many intervals above,
207  * disconnect the session
208  */
209 
210  u_int num_authkeys_files; /* Files containing public keys */
211  char **authorized_keys_files;
212 
213  char *adm_forced_command;
214 
215  int use_pam; /* Enable auth via PAM */
216  int permit_pam_user_change; /* Allow PAM to change user name */
217 
218  int tcp_rcv_buf_poll; /* poll tcp rcv window in autotuning kernels*/
219  int hpn_disabled; /* disable hpn functionality. false by default */
220  int hpn_buffer_size; /* set the hpn buffer size - default 3MB */
221  int none_enabled; /* Enable NONE cipher switch */
222  int disable_multithreaded; /*disable multithreaded aes-ctr cipher */
223  int nonemac_enabled; /* Enable NONE MAC switch */
224 
225  int permit_tun;
226 
227  char **permitted_opens; /* May also be one of PERMITOPEN_* */
228  u_int num_permitted_opens;
229  char **permitted_listens; /* May also be one of PERMITOPEN_* */
230  u_int num_permitted_listens;
231 
232  char *chroot_directory;
233  char *revoked_keys_file;
234  char *trusted_user_ca_keys;
235  char *authorized_keys_command;
236  char *authorized_keys_command_user;
237  char *authorized_principals_file;
238  char *authorized_principals_command;
239  char *authorized_principals_command_user;
240 
241  int64_t rekey_limit;
242  int rekey_interval;
243 
244  char *version_addendum; /* Appended to SSH banner */
245 
246  u_int num_auth_methods;
247  char **auth_methods;
248 
249  int fingerprint_hash;
250  int expose_userauth_info;
251  u_int64_t timing_secret;
252  char *sk_provider;
253 } ServerOptions;
254 
255 /* Information about the incoming connection as used by Match */
256 struct connection_info {
257  const char *user;
258  const char *host; /* possibly resolved hostname */
259  const char *address; /* remote address */
260  const char *laddress; /* local address */
261  int lport; /* local port */
262  const char *rdomain; /* routing domain if available */
263  int test; /* test mode, allow some attributes to be
264  * unspecified */
265 };
266 
267 /* List of included files for re-exec from the parsed configuration */
268 struct include_item {
269  char *selector;
270  char *filename;
271  struct sshbuf *contents;
272  TAILQ_ENTRY(include_item) entry;
273 };
274 TAILQ_HEAD(include_list, include_item);
275 
276 
277 /*
278  * These are string config options that must be copied between the
279  * Match sub-config and the main config, and must be sent from the
280  * privsep child to the privsep master. We use a macro to ensure all
281  * the options are copied and the copies are done in the correct order.
282  *
283  * NB. an option must appear in servconf.c:copy_set_server_options() or
284  * COPY_MATCH_STRING_OPTS here but never both.
285  */
286 #define COPY_MATCH_STRING_OPTS() do { \
287  M_CP_STROPT(banner); \
288  M_CP_STROPT(trusted_user_ca_keys); \
289  M_CP_STROPT(revoked_keys_file); \
290  M_CP_STROPT(authorized_keys_command); \
291  M_CP_STROPT(authorized_keys_command_user); \
292  M_CP_STROPT(authorized_principals_file); \
293  M_CP_STROPT(authorized_principals_command); \
294  M_CP_STROPT(authorized_principals_command_user); \
295  M_CP_STROPT(hostbased_accepted_algos); \
296  M_CP_STROPT(pubkey_accepted_algos); \
297  M_CP_STROPT(ca_sign_algorithms); \
298  M_CP_STROPT(routing_domain); \
299  M_CP_STROPT(permit_user_env_allowlist); \
300  M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
301  M_CP_STRARRAYOPT(allow_users, num_allow_users); \
302  M_CP_STRARRAYOPT(deny_users, num_deny_users); \
303  M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \
304  M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
305  M_CP_STRARRAYOPT(accept_env, num_accept_env); \
306  M_CP_STRARRAYOPT(setenv, num_setenv); \
307  M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
308  M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
309  M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \
310  M_CP_STRARRAYOPT(log_verbose, num_log_verbose); \
311  } while (0)
312 
313 struct connection_info *get_connection_info(struct ssh *, int, int);
314 void initialize_server_options(ServerOptions *);
315 void fill_default_server_options(ServerOptions *);
316 int process_server_config_line(ServerOptions *, char *, const char *, int,
317  int *, struct connection_info *, struct include_list *includes);
318 void process_permitopen(struct ssh *ssh, ServerOptions *options);
319 void load_server_config(const char *, struct sshbuf *);
320 void parse_server_config(ServerOptions *, const char *, struct sshbuf *,
321  struct include_list *includes, struct connection_info *);
322 void parse_server_match_config(ServerOptions *,
323  struct include_list *includes, struct connection_info *);
324 int parse_server_match_testspec(struct connection_info *, char *);
325 int server_match_spec_complete(struct connection_info *);
326 void copy_set_server_options(ServerOptions *, ServerOptions *, int);
327 void dump_config(ServerOptions *);
328 char *derelativise_path(const char *);
329 void servconf_add_hostkey(const char *, const int,
330  ServerOptions *, const char *path, int);
331 void servconf_add_hostcert(const char *, const int,
332  ServerOptions *, const char *path);
333 
334 #endif /* SERVCONF_H */