]> andersk Git - openssh.git/blobdiff - auth-options.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- djm@cvs.openbsd.org 2010/01/30 02:54:53
[openssh.git] / auth-options.c
diff --git a/auth-options.c b/auth-options.c
index ca5e1c931499934b9eec24b4cceaeae693912e5f..ab085c2339cc7bba259619d7181b1cce3c151a43 100644 (file)
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-options.c,v 1.44 2009/01/22 10:09:16 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -20,6 +20,7 @@
 #include <stdio.h>
 #include <stdarg.h>
 
+#include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
 #include "match.h"
 #include "log.h"
@@ -42,6 +43,7 @@ int no_port_forwarding_flag = 0;
 int no_agent_forwarding_flag = 0;
 int no_x11_forwarding_flag = 0;
 int no_pty_flag = 0;
+int no_user_rc = 0;
 
 /* "command=" option. */
 char *forced_command = NULL;
@@ -61,6 +63,7 @@ auth_clear_options(void)
        no_port_forwarding_flag = 0;
        no_pty_flag = 0;
        no_x11_forwarding_flag = 0;
+       no_user_rc = 0;
        while (custom_environment) {
                struct envstring *ce = custom_environment;
                custom_environment = ce->next;
@@ -121,6 +124,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                        opts += strlen(cp);
                        goto next_option;
                }
+               cp = "no-user-rc";
+               if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+                       auth_debug_add("User rc file execution disabled.");
+                       no_user_rc = 1;
+                       opts += strlen(cp);
+                       goto next_option;
+               }
                cp = "command=\"";
                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
                        opts += strlen(cp);
@@ -216,8 +226,19 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                        }
                        patterns[i] = '\0';
                        opts++;
-                       if (match_host_and_ip(remote_host, remote_ip,
-                           patterns) != 1) {
+                       switch (match_host_and_ip(remote_host, remote_ip,
+                           patterns)) {
+                       case 1:
+                               xfree(patterns);
+                               /* Host name matches. */
+                               goto next_option;
+                       case -1:
+                               debug("%.100s, line %lu: invalid criteria",
+                                   file, linenum);
+                               auth_debug_add("%.100s, line %lu: "
+                                   "invalid criteria", file, linenum);
+                               /* FALLTHROUGH */
+                       case 0:
                                xfree(patterns);
                                logit("Authentication tried for %.100s with "
                                    "correct key but not from a permitted "
@@ -226,17 +247,15 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                                auth_debug_add("Your host '%.200s' is not "
                                    "permitted to use this key for login.",
                                    remote_host);
-                               /* deny access */
-                               return 0;
+                               break;
                        }
-                       xfree(patterns);
-                       /* Host name matches. */
-                       goto next_option;
+                       /* deny access */
+                       return 0;
                }
                cp = "permitopen=\"";
                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
                        char *host, *p;
-                       u_short port;
+                       int port;
                        char *patterns = xmalloc(strlen(opts) + 1);
 
                        opts += strlen(cp);
@@ -274,7 +293,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                                goto bad_option;
                        }
                        host = cleanhostname(host);
-                       if (p == NULL || (port = a2port(p)) == 0) {
+                       if (p == NULL || (port = a2port(p)) <= 0) {
                                debug("%.100s, line %lu: Bad permitopen port "
                                    "<%.100s>", file, linenum, p ? p : "");
                                auth_debug_add("%.100s, line %lu: "
git-cvsimport mirror of OpenSSH
This page took 0.038598 seconds and 4 git commands to generate.