auth-options.c (181110) | auth-options.c (181111) |
---|---|
1/* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */ | 1/* $OpenBSD: auth-options.c,v 1.43 2008/06/10 23:06:19 djm Exp $ */ |
2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be --- 5 unchanged lines hidden (view full) --- 15#include <sys/types.h> 16 17#include <netdb.h> 18#include <pwd.h> 19#include <string.h> 20#include <stdio.h> 21#include <stdarg.h> 22 | 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be --- 5 unchanged lines hidden (view full) --- 15#include <sys/types.h> 16 17#include <netdb.h> 18#include <pwd.h> 19#include <string.h> 20#include <stdio.h> 21#include <stdarg.h> 22 |
23#include "openbsd-compat/sys-queue.h" |
|
23#include "xmalloc.h" 24#include "match.h" 25#include "log.h" 26#include "canohost.h" 27#include "buffer.h" 28#include "channels.h" 29#include "auth-options.h" 30#include "servconf.h" --- 6 unchanged lines hidden (view full) --- 37#endif 38#include "monitor_wrap.h" 39 40/* Flags set authorized_keys flags */ 41int no_port_forwarding_flag = 0; 42int no_agent_forwarding_flag = 0; 43int no_x11_forwarding_flag = 0; 44int no_pty_flag = 0; | 24#include "xmalloc.h" 25#include "match.h" 26#include "log.h" 27#include "canohost.h" 28#include "buffer.h" 29#include "channels.h" 30#include "auth-options.h" 31#include "servconf.h" --- 6 unchanged lines hidden (view full) --- 38#endif 39#include "monitor_wrap.h" 40 41/* Flags set authorized_keys flags */ 42int no_port_forwarding_flag = 0; 43int no_agent_forwarding_flag = 0; 44int no_x11_forwarding_flag = 0; 45int no_pty_flag = 0; |
46int no_user_rc = 0; |
|
45 46/* "command=" option. */ 47char *forced_command = NULL; 48 49/* "environment=" options. */ 50struct envstring *custom_environment = NULL; 51 52/* "tunnel=" option. */ 53int forced_tun_device = -1; 54 55extern ServerOptions options; 56 57void 58auth_clear_options(void) 59{ 60 no_agent_forwarding_flag = 0; 61 no_port_forwarding_flag = 0; 62 no_pty_flag = 0; 63 no_x11_forwarding_flag = 0; | 47 48/* "command=" option. */ 49char *forced_command = NULL; 50 51/* "environment=" options. */ 52struct envstring *custom_environment = NULL; 53 54/* "tunnel=" option. */ 55int forced_tun_device = -1; 56 57extern ServerOptions options; 58 59void 60auth_clear_options(void) 61{ 62 no_agent_forwarding_flag = 0; 63 no_port_forwarding_flag = 0; 64 no_pty_flag = 0; 65 no_x11_forwarding_flag = 0; |
66 no_user_rc = 0; |
|
64 while (custom_environment) { 65 struct envstring *ce = custom_environment; 66 custom_environment = ce->next; 67 xfree(ce->s); 68 xfree(ce); 69 } 70 if (forced_command) { 71 xfree(forced_command); --- 44 unchanged lines hidden (view full) --- 116 } 117 cp = "no-pty"; 118 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 119 auth_debug_add("Pty allocation disabled."); 120 no_pty_flag = 1; 121 opts += strlen(cp); 122 goto next_option; 123 } | 67 while (custom_environment) { 68 struct envstring *ce = custom_environment; 69 custom_environment = ce->next; 70 xfree(ce->s); 71 xfree(ce); 72 } 73 if (forced_command) { 74 xfree(forced_command); --- 44 unchanged lines hidden (view full) --- 119 } 120 cp = "no-pty"; 121 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 122 auth_debug_add("Pty allocation disabled."); 123 no_pty_flag = 1; 124 opts += strlen(cp); 125 goto next_option; 126 } |
127 cp = "no-user-rc"; 128 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 129 auth_debug_add("User rc file execution disabled."); 130 no_user_rc = 1; 131 opts += strlen(cp); 132 goto next_option; 133 } |
|
124 cp = "command=\""; 125 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 126 opts += strlen(cp); 127 forced_command = xmalloc(strlen(opts) + 1); 128 i = 0; 129 while (*opts) { 130 if (*opts == '"') 131 break; --- 79 unchanged lines hidden (view full) --- 211 file, linenum); 212 auth_debug_add("%.100s, line %lu: missing end quote", 213 file, linenum); 214 xfree(patterns); 215 goto bad_option; 216 } 217 patterns[i] = '\0'; 218 opts++; | 134 cp = "command=\""; 135 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 136 opts += strlen(cp); 137 forced_command = xmalloc(strlen(opts) + 1); 138 i = 0; 139 while (*opts) { 140 if (*opts == '"') 141 break; --- 79 unchanged lines hidden (view full) --- 221 file, linenum); 222 auth_debug_add("%.100s, line %lu: missing end quote", 223 file, linenum); 224 xfree(patterns); 225 goto bad_option; 226 } 227 patterns[i] = '\0'; 228 opts++; |
219 if (match_host_and_ip(remote_host, remote_ip, 220 patterns) != 1) { | 229 switch (match_host_and_ip(remote_host, remote_ip, 230 patterns)) { 231 case 1: |
221 xfree(patterns); | 232 xfree(patterns); |
233 /* Host name matches. */ 234 goto next_option; 235 case -1: 236 debug("%.100s, line %lu: invalid criteria", 237 file, linenum); 238 auth_debug_add("%.100s, line %lu: " 239 "invalid criteria", file, linenum); 240 /* FALLTHROUGH */ 241 case 0: 242 xfree(patterns); |
|
222 logit("Authentication tried for %.100s with " 223 "correct key but not from a permitted " 224 "host (host=%.200s, ip=%.200s).", 225 pw->pw_name, remote_host, remote_ip); 226 auth_debug_add("Your host '%.200s' is not " 227 "permitted to use this key for login.", 228 remote_host); | 243 logit("Authentication tried for %.100s with " 244 "correct key but not from a permitted " 245 "host (host=%.200s, ip=%.200s).", 246 pw->pw_name, remote_host, remote_ip); 247 auth_debug_add("Your host '%.200s' is not " 248 "permitted to use this key for login.", 249 remote_host); |
229 /* deny access */ 230 return 0; | 250 break; |
231 } | 251 } |
232 xfree(patterns); 233 /* Host name matches. */ 234 goto next_option; | 252 /* deny access */ 253 return 0; |
235 } 236 cp = "permitopen=\""; 237 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 238 char *host, *p; 239 u_short port; 240 char *patterns = xmalloc(strlen(opts) + 1); 241 242 opts += strlen(cp); --- 115 unchanged lines hidden --- | 254 } 255 cp = "permitopen=\""; 256 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 257 char *host, *p; 258 u_short port; 259 char *patterns = xmalloc(strlen(opts) + 1); 260 261 opts += strlen(cp); --- 115 unchanged lines hidden --- |