diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-05-01 03:20:54 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-05-10 11:53:08 +1000 |
commit | a42d67be65b719a430b7fcaba2a4e4118382723a (patch) | |
tree | 4f9cc8c76ecd2fde315971242b065e110847d2ce /auth-options.c | |
parent | e661a86353e11592c7ed6a847e19a83609f49e77 (diff) |
upstream commit
Don't make parsing of authorized_keys' environment=
option conditional on PermitUserEnv - always parse it, but only use the
result if the option is enabled. This prevents the syntax of authorized_keys
changing depending on which sshd_config options were enabled.
bz#2329; based on patch from coladict AT gmail.com, ok dtucker@
Diffstat (limited to 'auth-options.c')
-rw-r--r-- | auth-options.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/auth-options.c b/auth-options.c index 0595537be..facfc025b 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.66 2015/04/22 01:24:01 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -209,8 +209,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
209 | goto next_option; | 209 | goto next_option; |
210 | } | 210 | } |
211 | cp = "environment=\""; | 211 | cp = "environment=\""; |
212 | if (options.permit_user_env && | 212 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
213 | strncasecmp(opts, cp, strlen(cp)) == 0) { | ||
214 | char *s; | 213 | char *s; |
215 | struct envstring *new_envstring; | 214 | struct envstring *new_envstring; |
216 | 215 | ||
@@ -236,13 +235,19 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
236 | goto bad_option; | 235 | goto bad_option; |
237 | } | 236 | } |
238 | s[i] = '\0'; | 237 | s[i] = '\0'; |
239 | auth_debug_add("Adding to environment: %.900s", s); | ||
240 | debug("Adding to environment: %.900s", s); | ||
241 | opts++; | 238 | opts++; |
242 | new_envstring = xcalloc(1, sizeof(struct envstring)); | 239 | if (options.permit_user_env) { |
243 | new_envstring->s = s; | 240 | auth_debug_add("Adding to environment: " |
244 | new_envstring->next = custom_environment; | 241 | "%.900s", s); |
245 | custom_environment = new_envstring; | 242 | debug("Adding to environment: %.900s", s); |
243 | new_envstring = xcalloc(1, | ||
244 | sizeof(*new_envstring)); | ||
245 | new_envstring->s = s; | ||
246 | new_envstring->next = custom_environment; | ||
247 | custom_environment = new_envstring; | ||
248 | s = NULL; | ||
249 | } | ||
250 | free(s); | ||
246 | goto next_option; | 251 | goto next_option; |
247 | } | 252 | } |
248 | cp = "from=\""; | 253 | cp = "from=\""; |