Grid Community Toolkit  6.2.1705709074 (tag: v6.2.20240202)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
servconf.h
1 /* $OpenBSD: servconf.h,v 1.159 2023/01/17 09:44:48 djm Exp $ */
2 
3 /*
4  * Author: Tatu Ylonen <[email protected]>
5  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
6  * All rights reserved
7  * Definitions for server configuration data and for the functions reading it.
8  *
9  * As far as I am concerned, the code I have written for this software
10  * can be used freely for any purpose. Any derived versions of this
11  * software must be clearly marked as such, and if the derived work is
12  * incompatible with the protocol description in the RFC file, it must be
13  * called by a name other than "ssh" or "Secure Shell".
14  */
15 
16 #ifndef SERVCONF_H
17 #define SERVCONF_H
18 
19 #include <openbsd-compat/sys-queue.h>
20 
21 #define MAX_PORTS 256 /* Max # ports. */
22 
23 #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */
24 
25 /* permit_root_login */
26 #define PERMIT_NOT_SET -1
27 #define PERMIT_NO 0
28 #define PERMIT_FORCED_ONLY 1
29 #define PERMIT_NO_PASSWD 2
30 #define PERMIT_YES 3
31 
32 /* use_privsep */
33 #define PRIVSEP_OFF 0
34 #define PRIVSEP_ON 1
35 #define PRIVSEP_NOSANDBOX 2
36 
37 /* PermitOpen */
38 #define PERMITOPEN_ANY 0
39 #define PERMITOPEN_NONE -2
40 
41 /* IgnoreRhosts */
42 #define IGNORE_RHOSTS_NO 0
43 #define IGNORE_RHOSTS_YES 1
44 #define IGNORE_RHOSTS_SHOSTS 2
45 
46 #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
47 #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
48 #define DEFAULT_MAX_DISPLAYS 1000 /* Maximum number of fake X11 displays to try. */
49 
50 /* Magic name for internal sftp-server */
51 #define INTERNAL_SFTP_NAME "internal-sftp"
52 
53 /* PubkeyAuthOptions flags */
54 #define PUBKEYAUTH_TOUCH_REQUIRED (1)
55 #define PUBKEYAUTH_VERIFY_REQUIRED (1<<1)
56 
57 struct ssh;
58 struct fwd_perm_list;
59 
60 /*
61  * Used to store addresses from ListenAddr directives. These may be
62  * incomplete, as they may specify addresses that need to be merged
63  * with any ports requested by ListenPort.
64  */
65 struct queued_listenaddr {
66  char *addr;
67  int port; /* <=0 if unspecified */
68  char *rdomain;
69 };
70 
71 /* Resolved listen addresses, grouped by optional routing domain */
72 struct listenaddr {
73  char *rdomain;
74  struct addrinfo *addrs;
75 };
76 
77 typedef struct {
78  u_int num_ports;
79  u_int ports_from_cmdline;
80  int ports[MAX_PORTS]; /* Port number to listen on. */
81  struct queued_listenaddr *queued_listen_addrs;
82  u_int num_queued_listens;
83  struct listenaddr *listen_addrs;
84  u_int num_listen_addrs;
85  int address_family; /* Address family used by the server. */
86 
87  char *routing_domain; /* Bind session to routing domain */
88 
89  char **host_key_files; /* Files containing host keys. */
90  int *host_key_file_userprovided; /* Key was specified by user. */
91  u_int num_host_key_files; /* Number of files for host keys. */
92  char **host_cert_files; /* Files containing host certs. */
93  u_int num_host_cert_files; /* Number of files for host certs. */
94 
95  char *host_key_agent; /* ssh-agent socket for host keys. */
96  char *pid_file; /* Where to put our pid */
97  char *moduli_file; /* moduli file for DH-GEX */
98  int login_grace_time; /* Disconnect if no auth in this time
99  * (sec). */
100  int permit_root_login; /* PERMIT_*, see above */
101  int ignore_rhosts; /* Ignore .rhosts and .shosts. */
102  int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts
103  * for RhostsRsaAuth */
104  int print_motd; /* If true, print /etc/motd. */
105  int print_lastlog; /* If true, print lastlog */
106  int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */
107  int x11_display_offset; /* What DISPLAY number to start
108  * searching at */
109  int x11_max_displays; /* Number of displays to search */
110  int x11_use_localhost; /* If true, use localhost for fake X11 server. */
111  char *xauth_location; /* Location of xauth program */
112  int permit_tty; /* If false, deny pty allocation */
113  int permit_user_rc; /* If false, deny ~/.ssh/rc execution */
114  int strict_modes; /* If true, require string home dir modes. */
115  int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
116  int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
117  int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
118  char *ciphers; /* Supported SSH2 ciphers. */
119  char *macs; /* Supported SSH2 macs. */
120  char *kex_algorithms; /* SSH2 kex methods in order of preference. */
121  struct ForwardOptions fwd_opts; /* forwarding options */
122  SyslogFacility log_facility; /* Facility for system logging. */
123  LogLevel log_level; /* Level for system logging. */
124  u_int num_log_verbose; /* Verbose log overrides */
125  char **log_verbose;
126  int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
127  int hostbased_uses_name_from_packet_only; /* experimental */
128  char *hostbased_accepted_algos; /* Algos allowed for hostbased */
129  char *hostkeyalgorithms; /* SSH2 server key types */
130  char *ca_sign_algorithms; /* Allowed CA signature algorithms */
131  int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
132  char *pubkey_accepted_algos; /* Signature algos allowed for pubkey */
133  int pubkey_auth_options; /* -1 or mask of PUBKEYAUTH_* flags */
134  int kerberos_authentication; /* If true, permit Kerberos
135  * authentication. */
136  int kerberos_or_local_passwd; /* If true, permit kerberos
137  * and any other password
138  * authentication mechanism,
139  * such as SecurID or
140  * /etc/passwd */
141  int kerberos_ticket_cleanup; /* If true, destroy ticket
142  * file on logout. */
143  int kerberos_get_afs_token; /* If true, try to get AFS token if
144  * authenticated with Kerberos. */
145  int kerberos_unique_ccache; /* If true, the acquired ticket will
146  * be stored in per-session ccache */
147  int use_kuserok;
148  int enable_k5users;
149  int gsi_allow_limited_proxy; /* If true, accept limited proxies */
150  int gss_authentication; /* If true, permit GSSAPI authentication */
151  int gss_deleg_creds; /* If true, store delegated GSSAPI credentials*/
152  int gss_keyex; /* If true, permit GSSAPI key exchange */
153  int gss_cleanup_creds; /* If true, destroy cred cache on logout */
154  char *gss_creds_path; /* Use non-default credentials path */
155  int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */
156  int gss_store_rekey;
157  char *gss_kex_algorithms; /* GSSAPI kex methods to be offered by client. */
158  int password_authentication; /* If true, permit password
159  * authentication. */
160  int kbd_interactive_authentication; /* If true, permit */
161  int permit_empty_passwd; /* If false, do not permit empty
162  * passwords. */
163  int permit_user_env; /* If true, read ~/.ssh/environment */
164  char *permit_user_env_allowlist; /* pattern-list of allowed env names */
165  int compression; /* If true, compression is allowed */
166  int allow_tcp_forwarding; /* One of FORWARD_* */
167  int allow_streamlocal_forwarding; /* One of FORWARD_* */
168  int allow_agent_forwarding;
169  int disable_forwarding;
170  u_int num_allow_users;
171  char **allow_users;
172  u_int num_deny_users;
173  char **deny_users;
174  u_int num_allow_groups;
175  char **allow_groups;
176  u_int num_deny_groups;
177  char **deny_groups;
178 
179  u_int num_subsystems;
180  char *subsystem_name[MAX_SUBSYSTEMS];
181  char *subsystem_command[MAX_SUBSYSTEMS];
182  char *subsystem_args[MAX_SUBSYSTEMS];
183 
184  u_int num_accept_env;
185  char **accept_env;
186  u_int num_setenv;
187  char **setenv;
188 
189  int max_startups_begin;
190  int max_startups_rate;
191  int max_startups;
192  int per_source_max_startups;
193  int per_source_masklen_ipv4;
194  int per_source_masklen_ipv6;
195  int max_authtries;
196  int max_sessions;
197  char *banner; /* SSH-2 banner message */
198  int use_dns;
199  int client_alive_interval; /*
200  * poke the client this often to
201  * see if it's still there
202  */
203  int client_alive_count_max; /*
204  * If the client is unresponsive
205  * for this many intervals above,
206  * disconnect the session
207  */
208 
209  u_int num_authkeys_files; /* Files containing public keys */
210  char **authorized_keys_files;
211 
212  char *adm_forced_command;
213 
214  int use_pam; /* Enable auth via PAM */
215  int permit_pam_user_change; /* Allow PAM to change user name */
216 
217  int tcp_rcv_buf_poll; /* poll tcp rcv window in autotuning kernels*/
218  int hpn_disabled; /* disable hpn functionality. false by default */
219  int hpn_buffer_size; /* set the hpn buffer size - default 3MB */
220  int none_enabled; /* Enable NONE cipher switch */
221  int disable_multithreaded; /*disable multithreaded aes-ctr cipher */
222  int nonemac_enabled; /* Enable NONE MAC switch */
223 
224  int permit_tun;
225 
226  char **permitted_opens; /* May also be one of PERMITOPEN_* */
227  u_int num_permitted_opens;
228  char **permitted_listens; /* May also be one of PERMITOPEN_* */
229  u_int num_permitted_listens;
230 
231  char *chroot_directory;
232  char *revoked_keys_file;
233  char *trusted_user_ca_keys;
234  char *authorized_keys_command;
235  char *authorized_keys_command_user;
236  char *authorized_principals_file;
237  char *authorized_principals_command;
238  char *authorized_principals_command_user;
239 
240  int64_t rekey_limit;
241  int rekey_interval;
242 
243  char *version_addendum; /* Appended to SSH banner */
244 
245  u_int num_auth_methods;
246  char **auth_methods;
247 
248  int fingerprint_hash;
249  int expose_userauth_info;
250  u_int64_t timing_secret;
251  char *sk_provider;
252  int required_rsa_size; /* minimum size of RSA keys */
253 
254  char **channel_timeouts; /* inactivity timeout by channel type */
255  u_int num_channel_timeouts;
256 
257  int unused_connection_timeout;
258 } ServerOptions;
259 
260 /* Information about the incoming connection as used by Match */
261 struct connection_info {
262  const char *user;
263  const char *host; /* possibly resolved hostname */
264  const char *address; /* remote address */
265  const char *laddress; /* local address */
266  int lport; /* local port */
267  const char *rdomain; /* routing domain if available */
268  int test; /* test mode, allow some attributes to be
269  * unspecified */
270 };
271 
272 /* List of included files for re-exec from the parsed configuration */
273 struct include_item {
274  char *selector;
275  char *filename;
276  struct sshbuf *contents;
277  TAILQ_ENTRY(include_item) entry;
278 };
279 TAILQ_HEAD(include_list, include_item);
280 
281 
282 /*
283  * These are string config options that must be copied between the
284  * Match sub-config and the main config, and must be sent from the
285  * privsep child to the privsep master. We use a macro to ensure all
286  * the options are copied and the copies are done in the correct order.
287  *
288  * NB. an option must appear in servconf.c:copy_set_server_options() or
289  * COPY_MATCH_STRING_OPTS here but never both.
290  */
291 #define COPY_MATCH_STRING_OPTS() do { \
292  M_CP_STROPT(banner); \
293  M_CP_STROPT(trusted_user_ca_keys); \
294  M_CP_STROPT(revoked_keys_file); \
295  M_CP_STROPT(authorized_keys_command); \
296  M_CP_STROPT(authorized_keys_command_user); \
297  M_CP_STROPT(authorized_principals_file); \
298  M_CP_STROPT(authorized_principals_command); \
299  M_CP_STROPT(authorized_principals_command_user); \
300  M_CP_STROPT(hostbased_accepted_algos); \
301  M_CP_STROPT(pubkey_accepted_algos); \
302  M_CP_STROPT(ca_sign_algorithms); \
303  M_CP_STROPT(routing_domain); \
304  M_CP_STROPT(permit_user_env_allowlist); \
305  M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
306  M_CP_STRARRAYOPT(allow_users, num_allow_users); \
307  M_CP_STRARRAYOPT(deny_users, num_deny_users); \
308  M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \
309  M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
310  M_CP_STRARRAYOPT(accept_env, num_accept_env); \
311  M_CP_STRARRAYOPT(setenv, num_setenv); \
312  M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
313  M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
314  M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \
315  M_CP_STRARRAYOPT(channel_timeouts, num_channel_timeouts); \
316  M_CP_STRARRAYOPT(log_verbose, num_log_verbose); \
317  } while (0)
318 
319 struct connection_info *get_connection_info(struct ssh *, int, int);
320 void initialize_server_options(ServerOptions *);
321 void fill_default_server_options(ServerOptions *);
322 int process_server_config_line(ServerOptions *, char *, const char *, int,
323  int *, struct connection_info *, struct include_list *includes);
324 void process_permitopen(struct ssh *ssh, ServerOptions *options);
325 void process_channel_timeouts(struct ssh *ssh, ServerOptions *);
326 void load_server_config(const char *, struct sshbuf *);
327 void parse_server_config(ServerOptions *, const char *, struct sshbuf *,
328  struct include_list *includes, struct connection_info *, int);
329 void parse_server_match_config(ServerOptions *,
330  struct include_list *includes, struct connection_info *);
331 int parse_server_match_testspec(struct connection_info *, char *);
332 int server_match_spec_complete(struct connection_info *);
333 void copy_set_server_options(ServerOptions *, ServerOptions *, int);
334 void dump_config(ServerOptions *);
335 char *derelativise_path(const char *);
336 void servconf_add_hostkey(const char *, const int,
337  ServerOptions *, const char *path, int);
338 void servconf_add_hostcert(const char *, const int,
339  ServerOptions *, const char *path);
340 
341 #endif /* SERVCONF_H */