X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/d20f3c9eac865c7dd2e9335becc064e15a420202..c1d152b8c12b8449d644ee0981350e73d6ab4f7c:/auth-options.c

diff --git a/auth-options.c b/auth-options.c
index 54798d9a..6e225696 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: auth-options.c,v 1.41 2008/03/26 21:28:14 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -10,24 +11,38 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.32 2005/12/06 22:38:27 reyk Exp $");
+
+#include <sys/types.h>
+
+#include <netdb.h>
+#include <pwd.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdarg.h>
 
 #include "xmalloc.h"
 #include "match.h"
 #include "log.h"
 #include "canohost.h"
+#include "buffer.h"
 #include "channels.h"
 #include "auth-options.h"
 #include "servconf.h"
 #include "misc.h"
-#include "monitor_wrap.h"
+#include "key.h"
+#include "hostfile.h"
 #include "auth.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
 
 /* Flags set authorized_keys flags */
 int no_port_forwarding_flag = 0;
 int no_agent_forwarding_flag = 0;
 int no_x11_forwarding_flag = 0;
 int no_pty_flag = 0;
+int no_user_rc = 0;
 
 /* "command=" option. */
 char *forced_command = NULL;
@@ -47,6 +62,7 @@ auth_clear_options(void)
 	no_port_forwarding_flag = 0;
 	no_pty_flag = 0;
 	no_x11_forwarding_flag = 0;
+	no_user_rc = 0;
 	while (custom_environment) {
 		struct envstring *ce = custom_environment;
 		custom_environment = ce->next;
@@ -107,6 +123,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 			opts += strlen(cp);
 			goto next_option;
 		}
+		cp = "no-user-rc";
+		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+			auth_debug_add("User rc file execution disabled.");
+			no_user_rc = 1;
+			opts += strlen(cp);
+			goto next_option;
+		}
 		cp = "command=\"";
 		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
 			opts += strlen(cp);
@@ -131,7 +154,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				forced_command = NULL;
 				goto bad_option;
 			}
-			forced_command[i] = 0;
+			forced_command[i] = '\0';
 			auth_debug_add("Forced command: %.900s", forced_command);
 			opts++;
 			goto next_option;
@@ -163,7 +186,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				xfree(s);
 				goto bad_option;
 			}
-			s[i] = 0;
+			s[i] = '\0';
 			auth_debug_add("Adding to environment: %.900s", s);
 			debug("Adding to environment: %.900s", s);
 			opts++;
@@ -200,7 +223,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				xfree(patterns);
 				goto bad_option;
 			}
-			patterns[i] = 0;
+			patterns[i] = '\0';
 			opts++;
 			if (match_host_and_ip(remote_host, remote_ip,
 			    patterns) != 1) {
@@ -245,7 +268,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				xfree(patterns);
 				goto bad_option;
 			}
-			patterns[i] = 0;
+			patterns[i] = '\0';
 			opts++;
 			p = patterns;
 			host = hpdelim(&p);
@@ -293,10 +316,10 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				forced_tun_device = -1;
 				goto bad_option;
 			}
-			tun[i] = 0;
+			tun[i] = '\0';
 			forced_tun_device = a2tun(tun, NULL);
 			xfree(tun);
-			if (forced_tun_device < -1) {
+			if (forced_tun_device == SSH_TUNID_ERR) {
 				debug("%.100s, line %lu: invalid tun device",
 				    file, linenum);
 				auth_debug_add("%.100s, line %lu: invalid tun device",