diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-07-03 10:59:35 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-03 21:01:30 +1000 |
| commit | 95344c257412b51199ead18d54eaed5bafb75617 (patch) | |
| tree | 320a21db8781ca4f6a363db928ca04b3b0d1dd70 /session.c | |
| parent | 6f56fe4b9578b0627667f8bce69d4d938a88324c (diff) | |
upstream: allow sshd_config PermitUserEnvironment to accept a
pattern-list of whitelisted environment variable names in addition to yes|no.
bz#1800, feedback and ok markus@
OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 19 |
1 files changed, 15 insertions, 4 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: session.c,v 1.300 2018/06/09 03:03:10 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.301 2018/07/03 10:59:35 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -867,10 +867,12 @@ check_quietlogin(Session *s, const char *command) | |||
| 867 | * into the environment. If the file does not exist, this does nothing. | 867 | * into the environment. If the file does not exist, this does nothing. |
| 868 | * Otherwise, it must consist of empty lines, comments (line starts with '#') | 868 | * Otherwise, it must consist of empty lines, comments (line starts with '#') |
| 869 | * and assignments of the form name=value. No other forms are allowed. | 869 | * and assignments of the form name=value. No other forms are allowed. |
| 870 | * If whitelist is not NULL, then it is interpreted as a pattern list and | ||
| 871 | * only variable names that match it will be accepted. | ||
| 870 | */ | 872 | */ |
| 871 | static void | 873 | static void |
| 872 | read_environment_file(char ***env, u_int *envsize, | 874 | read_environment_file(char ***env, u_int *envsize, |
| 873 | const char *filename) | 875 | const char *filename, const char *whitelist) |
| 874 | { | 876 | { |
| 875 | FILE *f; | 877 | FILE *f; |
| 876 | char *line = NULL, *cp, *value; | 878 | char *line = NULL, *cp, *value; |
| @@ -903,6 +905,9 @@ read_environment_file(char ***env, u_int *envsize, | |||
| 903 | */ | 905 | */ |
| 904 | *value = '\0'; | 906 | *value = '\0'; |
| 905 | value++; | 907 | value++; |
| 908 | if (whitelist != NULL && | ||
| 909 | match_pattern_list(cp, whitelist, 0) != 1) | ||
| 910 | continue; | ||
| 906 | child_set_env(env, envsize, cp, value); | 911 | child_set_env(env, envsize, cp, value); |
| 907 | } | 912 | } |
| 908 | free(line); | 913 | free(line); |
| @@ -1121,7 +1126,12 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) | |||
| 1121 | cp = strchr(ocp, '='); | 1126 | cp = strchr(ocp, '='); |
| 1122 | if (*cp == '=') { | 1127 | if (*cp == '=') { |
| 1123 | *cp = '\0'; | 1128 | *cp = '\0'; |
| 1124 | child_set_env(&env, &envsize, ocp, cp + 1); | 1129 | /* Apply PermitUserEnvironment whitelist */ |
| 1130 | if (options.permit_user_env_whitelist == NULL || | ||
| 1131 | match_pattern_list(ocp, | ||
| 1132 | options.permit_user_env_whitelist, 0) == 1) | ||
| 1133 | child_set_env(&env, &envsize, | ||
| 1134 | ocp, cp + 1); | ||
| 1125 | } | 1135 | } |
| 1126 | free(ocp); | 1136 | free(ocp); |
| 1127 | } | 1137 | } |
| @@ -1131,7 +1141,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) | |||
| 1131 | if (options.permit_user_env) { | 1141 | if (options.permit_user_env) { |
| 1132 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", | 1142 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", |
| 1133 | pw->pw_dir); | 1143 | pw->pw_dir); |
| 1134 | read_environment_file(&env, &envsize, buf); | 1144 | read_environment_file(&env, &envsize, buf, |
| 1145 | options.permit_user_env_whitelist); | ||
| 1135 | } | 1146 | } |
| 1136 | 1147 | ||
| 1137 | #ifdef USE_PAM | 1148 | #ifdef USE_PAM |