diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-05-01 03:20:54 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-05-10 11:53:08 +1000 |
| commit | a42d67be65b719a430b7fcaba2a4e4118382723a (patch) | |
| tree | 4f9cc8c76ecd2fde315971242b065e110847d2ce /auth-options.c | |
| parent | e661a86353e11592c7ed6a847e19a83609f49e77 (diff) | |
upstream commit
Don't make parsing of authorized_keys' environment=
option conditional on PermitUserEnv - always parse it, but only use the
result if the option is enabled. This prevents the syntax of authorized_keys
changing depending on which sshd_config options were enabled.
bz#2329; based on patch from coladict AT gmail.com, ok dtucker@
Diffstat (limited to 'auth-options.c')
| -rw-r--r-- | auth-options.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/auth-options.c b/auth-options.c index 0595537be..facfc025b 100644 --- a/auth-options.c +++ b/auth-options.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-options.c,v 1.66 2015/04/22 01:24:01 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -209,8 +209,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
| 209 | goto next_option; | 209 | goto next_option; |
| 210 | } | 210 | } |
| 211 | cp = "environment=\""; | 211 | cp = "environment=\""; |
| 212 | if (options.permit_user_env && | 212 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| 213 | strncasecmp(opts, cp, strlen(cp)) == 0) { | ||
| 214 | char *s; | 213 | char *s; |
| 215 | struct envstring *new_envstring; | 214 | struct envstring *new_envstring; |
| 216 | 215 | ||
| @@ -236,13 +235,19 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
| 236 | goto bad_option; | 235 | goto bad_option; |
| 237 | } | 236 | } |
| 238 | s[i] = '\0'; | 237 | s[i] = '\0'; |
| 239 | auth_debug_add("Adding to environment: %.900s", s); | ||
| 240 | debug("Adding to environment: %.900s", s); | ||
| 241 | opts++; | 238 | opts++; |
| 242 | new_envstring = xcalloc(1, sizeof(struct envstring)); | 239 | if (options.permit_user_env) { |
| 243 | new_envstring->s = s; | 240 | auth_debug_add("Adding to environment: " |
| 244 | new_envstring->next = custom_environment; | 241 | "%.900s", s); |
| 245 | custom_environment = new_envstring; | 242 | debug("Adding to environment: %.900s", s); |
| 243 | new_envstring = xcalloc(1, | ||
| 244 | sizeof(*new_envstring)); | ||
| 245 | new_envstring->s = s; | ||
| 246 | new_envstring->next = custom_environment; | ||
| 247 | custom_environment = new_envstring; | ||
| 248 | s = NULL; | ||
| 249 | } | ||
| 250 | free(s); | ||
| 246 | goto next_option; | 251 | goto next_option; |
| 247 | } | 252 | } |
| 248 | cp = "from=\""; | 253 | cp = "from=\""; |