- markus@cvs.openbsd.org 2001/03/16 19:06:30

[auth-options.c channels.c channels.h serverloop.c session.c] implement "permitopen" key option, restricts -L style forwarding to to specified host:port pairs. based on work by harlan@genua.de
author: Ben Lindstrom <mouring@eviladmin.org> 2001-03-17 00:47:54 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-03-17 00:47:54 +0000
commit: 7bb8b49596156b85df403d09c2195e2533ec372c (patch)
tree: e6bc23a1a38a24e4bc5438695300a37a913dcb17 /auth-options.c
parent: cf00df63443b40190d3f88c5f0a7e102540d0cac (diff)
1 files changed, 58 insertions, 4 deletions
diff --git a/auth-options.c b/auth-options.c
index bfb1af86b..7ce1e4b0c 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,13 +10,14 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.14 2001/03/13 17:34:42 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.15 2001/03/16 19:06:28 markus Exp $");
 #include "packet.h"
 #include "xmalloc.h"
 #include "match.h"
 #include "log.h"
 #include "canohost.h"
+#include "channels.h"
 #include "auth-options.h"
 #include "servconf.h"
@@ -51,6 +52,7 @@ auth_clear_options(void)
                xfree(forced_command);
                forced_command = NULL;
        }
+        channel_clear_permitted_opens();
 }
 /*
@@ -61,6 +63,7 @@ int
 auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 {
        const char *cp;
+        int i;
        /* reset options */
        auth_clear_options();
@@ -99,7 +102,6 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                }
                cp = "command=\"";
                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-                        int i;
                        opts += strlen(cp);
                        forced_command = xmalloc(strlen(opts) + 1);
                        i = 0;
@@ -129,9 +131,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                }
                cp = "environment=\"";
                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-                        int i;
                        char *s;
                        struct envstring *new_envstring;
                        opts += strlen(cp);
                        s = xmalloc(strlen(opts) + 1);
                        i = 0;
@@ -170,7 +172,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                        const char *remote_host = get_canonical_hostname(
                            options.reverse_mapping_check);
                        char *patterns = xmalloc(strlen(opts) + 1);
-                        int i;
                        opts += strlen(cp);
                        i = 0;
                        while (*opts) {
@@ -218,6 +220,58 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                        /* Host name matches. */
                        goto next_option;
                }
+                cp = "permitopen=\"";
+                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+                        u_short port;
+                        char *c, *ep;
+                        char *patterns = xmalloc(strlen(opts) + 1);
+                        opts += strlen(cp);
+                        i = 0;
+                        while (*opts) {
+                                if (*opts == '"')
+                                        break;
+                                if (*opts == '\\' && opts[1] == '"') {
+                                        opts += 2;
+                                        patterns[i++] = '"';
+                                        continue;
+                                }
+                                patterns[i++] = *opts++;
+                        }
+                        if (!*opts) {
+                                debug("%.100s, line %lu: missing end quote",
+                                    file, linenum);
+                                packet_send_debug("%.100s, line %lu: missing end quote",
+                                    file, linenum);
+                                xfree(patterns);
+                                goto bad_option;
+                        }
+                        patterns[i] = 0;
+                        opts++;
+                        c = strchr(patterns, ':');
+                        if (c == NULL) {
+                                debug("%.100s, line %lu: permitopen: missing colon <%.100s>",
+                                    file, linenum, patterns);
+                                packet_send_debug("%.100s, line %lu: missing colon",
+                                    file, linenum);
+                                xfree(patterns);
+                                goto bad_option;
+                        }
+                        *c = 0;
+                        c++;
+                        port = strtol(c, &ep, 0);
+                        if (c == ep) {
+                                debug("%.100s, line %lu: permitopen: missing port <%.100s>",
+                                    file, linenum, patterns);
+                                packet_send_debug("%.100s, line %lu: missing port",
+                                    file, linenum);
+                                xfree(patterns);
+                                goto bad_option;
+                        }
+                        channel_add_permitted_opens(patterns, port);
+                        xfree(patterns);
+                        goto next_option;
+                }
 next_option:
                /*
                 * Skip the comma, and move to the next option
author	Ben Lindstrom <mouring@eviladmin.org>	2001-03-17 00:47:54 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-03-17 00:47:54 +0000
commit	7bb8b49596156b85df403d09c2195e2533ec372c (patch)
tree	e6bc23a1a38a24e4bc5438695300a37a913dcb17 /auth-options.c
parent	cf00df63443b40190d3f88c5f0a7e102540d0cac (diff)

diff --git a/auth-options.c b/auth-options.c index bfb1af86b..7ce1e4b0c 100644 --- a/auth-options.c +++ b/auth-options.c
@@ -10,13 +10,14 @@
10	*/	10	*/
11		11
12	#include "includes.h"	12	#include "includes.h"
13	RCSID("$OpenBSD: auth-options.c,v 1.14 2001/03/13 17:34:42 markus Exp $");	13	RCSID("$OpenBSD: auth-options.c,v 1.15 2001/03/16 19:06:28 markus Exp $");
14		14
15	#include "packet.h"	15	#include "packet.h"
16	#include "xmalloc.h"	16	#include "xmalloc.h"
17	#include "match.h"	17	#include "match.h"
18	#include "log.h"	18	#include "log.h"
19	#include "canohost.h"	19	#include "canohost.h"
		20	#include "channels.h"
20	#include "auth-options.h"	21	#include "auth-options.h"
21	#include "servconf.h"	22	#include "servconf.h"
22		23
@@ -51,6 +52,7 @@ auth_clear_options(void)
51	xfree(forced_command);	52	xfree(forced_command);
52	forced_command = NULL;	53	forced_command = NULL;
53	}	54	}
		55	channel_clear_permitted_opens();
54	}	56	}
55		57
56	/*	58	/*
@@ -61,6 +63,7 @@ int
61	auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)	63	auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
62	{	64	{
63	const char *cp;	65	const char *cp;
		66	int i;
64		67
65	/* reset options */	68	/* reset options */
66	auth_clear_options();	69	auth_clear_options();
@@ -99,7 +102,6 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
99	}	102	}
100	cp = "command=\"";	103	cp = "command=\"";
101	if (strncasecmp(opts, cp, strlen(cp)) == 0) {	104	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
102	int i;
103	opts += strlen(cp);	105	opts += strlen(cp);
104	forced_command = xmalloc(strlen(opts) + 1);	106	forced_command = xmalloc(strlen(opts) + 1);
105	i = 0;	107	i = 0;
@@ -129,9 +131,9 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
129	}	131	}
130	cp = "environment=\"";	132	cp = "environment=\"";
131	if (strncasecmp(opts, cp, strlen(cp)) == 0) {	133	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
132	int i;
133	char *s;	134	char *s;
134	struct envstring *new_envstring;	135	struct envstring *new_envstring;
		136
135	opts += strlen(cp);	137	opts += strlen(cp);
136	s = xmalloc(strlen(opts) + 1);	138	s = xmalloc(strlen(opts) + 1);
137	i = 0;	139	i = 0;
@@ -170,7 +172,7 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
170	const char *remote_host = get_canonical_hostname(	172	const char *remote_host = get_canonical_hostname(
171	options.reverse_mapping_check);	173	options.reverse_mapping_check);
172	char *patterns = xmalloc(strlen(opts) + 1);	174	char *patterns = xmalloc(strlen(opts) + 1);
173	int i;	175
174	opts += strlen(cp);	176	opts += strlen(cp);
175	i = 0;	177	i = 0;
176	while (*opts) {	178	while (*opts) {
@@ -218,6 +220,58 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
218	/* Host name matches. */	220	/* Host name matches. */
219	goto next_option;	221	goto next_option;
220	}	222	}
		223	cp = "permitopen=\"";
		224	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
		225	u_short port;
		226	char c, ep;
		227	char *patterns = xmalloc(strlen(opts) + 1);
		228
		229	opts += strlen(cp);
		230	i = 0;
		231	while (*opts) {
		232	if (*opts == '"')
		233	break;
		234	if (*opts == '\\' && opts[1] == '"') {
		235	opts += 2;
		236	patterns[i++] = '"';
		237	continue;
		238	}
		239	patterns[i++] = *opts++;
		240	}
		241	if (!*opts) {
		242	debug("%.100s, line %lu: missing end quote",
		243	file, linenum);
		244	packet_send_debug("%.100s, line %lu: missing end quote",
		245	file, linenum);
		246	xfree(patterns);
		247	goto bad_option;
		248	}
		249	patterns[i] = 0;
		250	opts++;
		251	c = strchr(patterns, ':');
		252	if (c == NULL) {
		253	debug("%.100s, line %lu: permitopen: missing colon <%.100s>",
		254	file, linenum, patterns);
		255	packet_send_debug("%.100s, line %lu: missing colon",
		256	file, linenum);
		257	xfree(patterns);
		258	goto bad_option;
		259	}
		260	*c = 0;
		261	c++;
		262	port = strtol(c, &ep, 0);
		263	if (c == ep) {
		264	debug("%.100s, line %lu: permitopen: missing port <%.100s>",
		265	file, linenum, patterns);
		266	packet_send_debug("%.100s, line %lu: missing port",
		267	file, linenum);
		268	xfree(patterns);
		269	goto bad_option;
		270	}
		271	channel_add_permitted_opens(patterns, port);
		272	xfree(patterns);
		273	goto next_option;
		274	}
221	next_option:	275	next_option:
222	/*	276	/*
223	* Skip the comma, and move to the next option	277	* Skip the comma, and move to the next option