| | 1 | /* $OpenBSD: auth-options.c,v 1.39 2006/07/22 20:48:22 stevesk Exp $ */ |
| | 2 | /* |
| | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| | 5 | * All rights reserved |
| | 6 | * As far as I am concerned, the code I have written for this software |
| | 7 | * can be used freely for any purpose. Any derived versions of this |
| | 8 | * software must be clearly marked as such, and if the derived work is |
| | 9 | * incompatible with the protocol description in the RFC file, it must be |
| | 10 | * called by a name other than "ssh" or "Secure Shell". |
| | 11 | */ |
| | 12 | |
| | 13 | #include "includes.h" |
| | 14 | |
| | 15 | #include <sys/types.h> |
| | 16 | |
| | 17 | #include <netdb.h> |
| | 18 | #include <pwd.h> |
| | 19 | #include <string.h> |
| | 20 | |
| | 21 | #include "xmalloc.h" |
| | 22 | #include "match.h" |
| | 23 | #include "log.h" |
| | 24 | #include "canohost.h" |
| | 25 | #include "channels.h" |
| | 26 | #include "auth-options.h" |
| | 27 | #include "servconf.h" |
| | 28 | #include "misc.h" |
| | 29 | #include "monitor_wrap.h" |
| | 30 | #include "auth.h" |
| | 31 | |
| | 32 | /* Flags set authorized_keys flags */ |
| | 33 | int no_port_forwarding_flag = 0; |
| | 34 | int no_agent_forwarding_flag = 0; |
| | 35 | int no_x11_forwarding_flag = 0; |
| | 36 | int no_pty_flag = 0; |
| | 37 | |
| | 38 | /* "command=" option. */ |
| | 39 | char *forced_command = NULL; |
| | 40 | |
| | 41 | /* "environment=" options. */ |
| | 42 | struct envstring *custom_environment = NULL; |
| | 43 | |
| | 44 | /* "tunnel=" option. */ |
| | 45 | int forced_tun_device = -1; |
| | 46 | |
| | 47 | extern ServerOptions options; |
| | 48 | |
| | 49 | void |
| | 50 | auth_clear_options(void) |
| | 51 | { |
| | 52 | no_agent_forwarding_flag = 0; |
| | 53 | no_port_forwarding_flag = 0; |
| | 54 | no_pty_flag = 0; |
| | 55 | no_x11_forwarding_flag = 0; |
| | 56 | while (custom_environment) { |
| | 57 | struct envstring *ce = custom_environment; |
| | 58 | custom_environment = ce->next; |
| | 59 | xfree(ce->s); |
| | 60 | xfree(ce); |
| | 61 | } |
| | 62 | if (forced_command) { |
| | 63 | xfree(forced_command); |
| | 64 | forced_command = NULL; |
| | 65 | } |
| | 66 | forced_tun_device = -1; |
| | 67 | channel_clear_permitted_opens(); |
| | 68 | auth_debug_reset(); |
| | 69 | } |
| | 70 | |
| | 71 | /* |
| | 72 | * return 1 if access is granted, 0 if not. |
| | 73 | * side effect: sets key option flags |
| | 74 | */ |
| | 75 | int |
| | 76 | auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) |
| | 77 | { |
| | 78 | const char *cp; |
| | 79 | int i; |
| | 80 | |
| | 81 | /* reset options */ |
| | 82 | auth_clear_options(); |
| | 83 | |
| | 84 | if (!opts) |
| | 85 | return 1; |
| | 86 | |
| | 87 | while (*opts && *opts != ' ' && *opts != '\t') { |
| | 88 | cp = "no-port-forwarding"; |
| | 89 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| | 90 | auth_debug_add("Port forwarding disabled."); |
| | 91 | no_port_forwarding_flag = 1; |
| | 92 | opts += strlen(cp); |
| | 93 | goto next_option; |
| | 94 | } |
| | 95 | cp = "no-agent-forwarding"; |
| | 96 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| | 97 | auth_debug_add("Agent forwarding disabled."); |
| | 98 | no_agent_forwarding_flag = 1; |
| | 99 | opts += strlen(cp); |
| | 100 | goto next_option; |
| | 101 | } |
| | 102 | cp = "no-X11-forwarding"; |
| | 103 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| | 104 | auth_debug_add("X11 forwarding disabled."); |
| | 105 | no_x11_forwarding_flag = 1; |
| | 106 | opts += strlen(cp); |
| | 107 | goto next_option; |
| | 108 | } |
| | 109 | cp = "no-pty"; |
| | 110 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| | 111 | auth_debug_add("Pty allocation disabled."); |
| | 112 | no_pty_flag = 1; |
| | 113 | opts += strlen(cp); |
| | 114 | goto next_option; |
| | 115 | } |
| | 116 | cp = "command=\""; |
| | 117 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| | 118 | opts += strlen(cp); |
| | 119 | forced_command = xmalloc(strlen(opts) + 1); |
| | 120 | i = 0; |
| | 121 | while (*opts) { |
| | 122 | if (*opts == '"') |
| | 123 | break; |
| | 124 | if (*opts == '\\' && opts[1] == '"') { |
| | 125 | opts += 2; |
| | 126 | forced_command[i++] = '"'; |
| | 127 | continue; |
| | 128 | } |
| | 129 | forced_command[i++] = *opts++; |
| | 130 | } |
| | 131 | if (!*opts) { |
| | 132 | debug("%.100s, line %lu: missing end quote", |
| | 133 | file, linenum); |
| | 134 | auth_debug_add("%.100s, line %lu: missing end quote", |
| | 135 | file, linenum); |
| | 136 | xfree(forced_command); |
| | 137 | forced_command = NULL; |
| | 138 | goto bad_option; |
| | 139 | } |
| | 140 | forced_command[i] = '\0'; |
| | 141 | auth_debug_add("Forced command: %.900s", forced_command); |
| | 142 | opts++; |
| | 143 | goto next_option; |
| | 144 | } |
| | 145 | cp = "environment=\""; |
| | 146 | if (options.permit_user_env && |
| | 147 | strncasecmp(opts, cp, strlen(cp)) == 0) { |
| | 148 | char *s; |
| | 149 | struct envstring *new_envstring; |
| | 150 | |
| | 151 | opts += strlen(cp); |
| | 152 | s = xmalloc(strlen(opts) + 1); |
| | 153 | i = 0; |
| | 154 | while (*opts) { |
| | 155 | if (*opts == '"') |
| | 156 | break; |
| | 157 | if (*opts == '\\' && opts[1] == '"') { |
| | 158 | opts += 2; |
| | 159 | s[i++] = '"'; |
| | 160 | continue; |
| | 161 | } |
| | 162 | s[i++] = *opts++; |
| | 163 | } |
| | 164 | if (!*opts) { |
| | 165 | debug("%.100s, line %lu: missing end quote", |
| | 166 | file, linenum); |
| | 167 | auth_debug_add("%.100s, line %lu: missing end quote", |
| | 168 | file, linenum); |
| | 169 | xfree(s); |
| | 170 | goto bad_option; |
| | 171 | } |
| | 172 | s[i] = '\0'; |
| | 173 | auth_debug_add("Adding to environment: %.900s", s); |
| | 174 | debug("Adding to environment: %.900s", s); |
| | 175 | opts++; |
| | 176 | new_envstring = xmalloc(sizeof(struct envstring)); |
| | 177 | new_envstring->s = s; |
| | 178 | new_envstring->next = custom_environment; |
| | 179 | custom_environment = new_envstring; |
| | 180 | goto next_option; |
| | 181 | } |
| | 182 | cp = "from=\""; |
| | 183 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| | 184 | const char *remote_ip = get_remote_ipaddr(); |
| | 185 | const char *remote_host = get_canonical_hostname( |
| | 186 | options.use_dns); |
| | 187 | char *patterns = xmalloc(strlen(opts) + 1); |
| | 188 | |
| | 189 | opts += strlen(cp); |
| | 190 | i = 0; |
| | 191 | while (*opts) { |
| | 192 | if (*opts == '"') |
| | 193 | break; |
| | 194 | if (*opts == '\\' && opts[1] == '"') { |
| | 195 | opts += 2; |
| | 196 | patterns[i++] = '"'; |
| | 197 | continue; |
| | 198 | } |
| | 199 | patterns[i++] = *opts++; |
| | 200 | } |
| | 201 | if (!*opts) { |
| | 202 | debug("%.100s, line %lu: missing end quote", |
| | 203 | file, linenum); |
| | 204 | auth_debug_add("%.100s, line %lu: missing end quote", |
| | 205 | file, linenum); |
| | 206 | xfree(patterns); |
| | 207 | goto bad_option; |
| | 208 | } |
| | 209 | patterns[i] = '\0'; |
| | 210 | opts++; |
| | 211 | if (match_host_and_ip(remote_host, remote_ip, |
| | 212 | patterns) != 1) { |
| | 213 | xfree(patterns); |
| | 214 | logit("Authentication tried for %.100s with " |
| | 215 | "correct key but not from a permitted " |
| | 216 | "host (host=%.200s, ip=%.200s).", |
| | 217 | pw->pw_name, remote_host, remote_ip); |
| | 218 | auth_debug_add("Your host '%.200s' is not " |
| | 219 | "permitted to use this key for login.", |
| | 220 | remote_host); |
| | 221 | /* deny access */ |
| | 222 | return 0; |
| | 223 | } |
| | 224 | xfree(patterns); |
| | 225 | /* Host name matches. */ |
| | 226 | goto next_option; |
| | 227 | } |
| | 228 | cp = "permitopen=\""; |
| | 229 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| | 230 | char *host, *p; |
| | 231 | u_short port; |
| | 232 | char *patterns = xmalloc(strlen(opts) + 1); |
| | 233 | |
| | 234 | opts += strlen(cp); |
| | 235 | i = 0; |
| | 236 | while (*opts) { |
| | 237 | if (*opts == '"') |
| | 238 | break; |
| | 239 | if (*opts == '\\' && opts[1] == '"') { |
| | 240 | opts += 2; |
| | 241 | patterns[i++] = '"'; |
| | 242 | continue; |
| | 243 | } |
| | 244 | patterns[i++] = *opts++; |
| | 245 | } |
| | 246 | if (!*opts) { |
| | 247 | debug("%.100s, line %lu: missing end quote", |
| | 248 | file, linenum); |
| | 249 | auth_debug_add("%.100s, line %lu: missing " |
| | 250 | "end quote", file, linenum); |
| | 251 | xfree(patterns); |
| | 252 | goto bad_option; |
| | 253 | } |
| | 254 | patterns[i] = '\0'; |
| | 255 | opts++; |
| | 256 | p = patterns; |
| | 257 | host = hpdelim(&p); |
| | 258 | if (host == NULL || strlen(host) >= NI_MAXHOST) { |
| | 259 | debug("%.100s, line %lu: Bad permitopen " |
| | 260 | "specification <%.100s>", file, linenum, |
| | 261 | patterns); |
| | 262 | auth_debug_add("%.100s, line %lu: " |
| | 263 | "Bad permitopen specification", file, |
| | 264 | linenum); |
| | 265 | xfree(patterns); |
| | 266 | goto bad_option; |
| | 267 | } |
| | 268 | host = cleanhostname(host); |
| | 269 | if (p == NULL || (port = a2port(p)) == 0) { |
| | 270 | debug("%.100s, line %lu: Bad permitopen port " |
| | 271 | "<%.100s>", file, linenum, p ? p : ""); |
| | 272 | auth_debug_add("%.100s, line %lu: " |
| | 273 | "Bad permitopen port", file, linenum); |
| | 274 | xfree(patterns); |
| | 275 | goto bad_option; |
| | 276 | } |
| | 277 | if (options.allow_tcp_forwarding) |
| | 278 | channel_add_permitted_opens(host, port); |
| | 279 | xfree(patterns); |
| | 280 | goto next_option; |
| | 281 | } |
| | 282 | cp = "tunnel=\""; |
| | 283 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| | 284 | char *tun = NULL; |
| | 285 | opts += strlen(cp); |
| | 286 | tun = xmalloc(strlen(opts) + 1); |
| | 287 | i = 0; |
| | 288 | while (*opts) { |
| | 289 | if (*opts == '"') |
| | 290 | break; |
| | 291 | tun[i++] = *opts++; |
| | 292 | } |
| | 293 | if (!*opts) { |
| | 294 | debug("%.100s, line %lu: missing end quote", |
| | 295 | file, linenum); |
| | 296 | auth_debug_add("%.100s, line %lu: missing end quote", |
| | 297 | file, linenum); |
| | 298 | xfree(tun); |
| | 299 | forced_tun_device = -1; |
| | 300 | goto bad_option; |
| | 301 | } |
| | 302 | tun[i] = '\0'; |
| | 303 | forced_tun_device = a2tun(tun, NULL); |
| | 304 | xfree(tun); |
| | 305 | if (forced_tun_device == SSH_TUNID_ERR) { |
| | 306 | debug("%.100s, line %lu: invalid tun device", |
| | 307 | file, linenum); |
| | 308 | auth_debug_add("%.100s, line %lu: invalid tun device", |
| | 309 | file, linenum); |
| | 310 | forced_tun_device = -1; |
| | 311 | goto bad_option; |
| | 312 | } |
| | 313 | auth_debug_add("Forced tun device: %d", forced_tun_device); |
| | 314 | opts++; |
| | 315 | goto next_option; |
| | 316 | } |
| | 317 | next_option: |
| | 318 | /* |
| | 319 | * Skip the comma, and move to the next option |
| | 320 | * (or break out if there are no more). |
| | 321 | */ |
| | 322 | if (!*opts) |
| | 323 | fatal("Bugs in auth-options.c option processing."); |
| | 324 | if (*opts == ' ' || *opts == '\t') |
| | 325 | break; /* End of options. */ |
| | 326 | if (*opts != ',') |
| | 327 | goto bad_option; |
| | 328 | opts++; |
| | 329 | /* Process the next option. */ |
| | 330 | } |
| | 331 | |
| | 332 | if (!use_privsep) |
| | 333 | auth_debug_send(); |
| | 334 | |
| | 335 | /* grant access */ |
| | 336 | return 1; |
| | 337 | |
| | 338 | bad_option: |
| | 339 | logit("Bad options in %.100s file, line %lu: %.50s", |
| | 340 | file, linenum, opts); |
| | 341 | auth_debug_add("Bad options in %.100s file, line %lu: %.50s", |
| | 342 | file, linenum, opts); |
| | 343 | |
| | 344 | if (!use_privsep) |
| | 345 | auth_debug_send(); |
| | 346 | |
| | 347 | /* deny access */ |
| | 348 | return 0; |
| | 349 | } |
andersk / openssh.git / blame_incremental