diff options
Diffstat (limited to 'auth-options.c')
-rw-r--r-- | auth-options.c | 80 |
1 files changed, 65 insertions, 15 deletions
diff --git a/auth-options.c b/auth-options.c index 8df6a6dfc..48be6d8e0 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth-options.c,v 1.21 2002/01/29 14:32:03 markus Exp $"); | 13 | RCSID("$OpenBSD: auth-options.c,v 1.22 2002/03/18 17:50:31 provos Exp $"); |
14 | 14 | ||
15 | #include "packet.h" | 15 | #include "packet.h" |
16 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
@@ -20,7 +20,13 @@ RCSID("$OpenBSD: auth-options.c,v 1.21 2002/01/29 14:32:03 markus Exp $"); | |||
20 | #include "channels.h" | 20 | #include "channels.h" |
21 | #include "auth-options.h" | 21 | #include "auth-options.h" |
22 | #include "servconf.h" | 22 | #include "servconf.h" |
23 | #include "bufaux.h" | ||
23 | #include "misc.h" | 24 | #include "misc.h" |
25 | #include "monitor_wrap.h" | ||
26 | |||
27 | /* Debugging messages */ | ||
28 | Buffer auth_debug; | ||
29 | int auth_debug_init; | ||
24 | 30 | ||
25 | /* Flags set authorized_keys flags */ | 31 | /* Flags set authorized_keys flags */ |
26 | int no_port_forwarding_flag = 0; | 32 | int no_port_forwarding_flag = 0; |
@@ -37,8 +43,27 @@ struct envstring *custom_environment = NULL; | |||
37 | extern ServerOptions options; | 43 | extern ServerOptions options; |
38 | 44 | ||
39 | void | 45 | void |
46 | auth_send_debug(Buffer *m) | ||
47 | { | ||
48 | char *msg; | ||
49 | |||
50 | while (buffer_len(m)) { | ||
51 | msg = buffer_get_string(m, NULL); | ||
52 | packet_send_debug("%s", msg); | ||
53 | xfree(msg); | ||
54 | } | ||
55 | } | ||
56 | |||
57 | void | ||
40 | auth_clear_options(void) | 58 | auth_clear_options(void) |
41 | { | 59 | { |
60 | if (auth_debug_init) | ||
61 | buffer_clear(&auth_debug); | ||
62 | else { | ||
63 | buffer_init(&auth_debug); | ||
64 | auth_debug_init = 1; | ||
65 | } | ||
66 | |||
42 | no_agent_forwarding_flag = 0; | 67 | no_agent_forwarding_flag = 0; |
43 | no_port_forwarding_flag = 0; | 68 | no_port_forwarding_flag = 0; |
44 | no_pty_flag = 0; | 69 | no_pty_flag = 0; |
@@ -63,6 +88,7 @@ auth_clear_options(void) | |||
63 | int | 88 | int |
64 | auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | 89 | auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) |
65 | { | 90 | { |
91 | char tmp[1024]; | ||
66 | const char *cp; | 92 | const char *cp; |
67 | int i; | 93 | int i; |
68 | 94 | ||
@@ -75,28 +101,32 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
75 | while (*opts && *opts != ' ' && *opts != '\t') { | 101 | while (*opts && *opts != ' ' && *opts != '\t') { |
76 | cp = "no-port-forwarding"; | 102 | cp = "no-port-forwarding"; |
77 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 103 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
78 | packet_send_debug("Port forwarding disabled."); | 104 | snprintf(tmp, sizeof(tmp), "Port forwarding disabled."); |
105 | buffer_put_cstring(&auth_debug, tmp); | ||
79 | no_port_forwarding_flag = 1; | 106 | no_port_forwarding_flag = 1; |
80 | opts += strlen(cp); | 107 | opts += strlen(cp); |
81 | goto next_option; | 108 | goto next_option; |
82 | } | 109 | } |
83 | cp = "no-agent-forwarding"; | 110 | cp = "no-agent-forwarding"; |
84 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 111 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
85 | packet_send_debug("Agent forwarding disabled."); | 112 | snprintf(tmp, sizeof(tmp), "Agent forwarding disabled."); |
113 | buffer_put_cstring(&auth_debug, tmp); | ||
86 | no_agent_forwarding_flag = 1; | 114 | no_agent_forwarding_flag = 1; |
87 | opts += strlen(cp); | 115 | opts += strlen(cp); |
88 | goto next_option; | 116 | goto next_option; |
89 | } | 117 | } |
90 | cp = "no-X11-forwarding"; | 118 | cp = "no-X11-forwarding"; |
91 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 119 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
92 | packet_send_debug("X11 forwarding disabled."); | 120 | snprintf(tmp, sizeof(tmp), "X11 forwarding disabled."); |
121 | buffer_put_cstring(&auth_debug, tmp); | ||
93 | no_x11_forwarding_flag = 1; | 122 | no_x11_forwarding_flag = 1; |
94 | opts += strlen(cp); | 123 | opts += strlen(cp); |
95 | goto next_option; | 124 | goto next_option; |
96 | } | 125 | } |
97 | cp = "no-pty"; | 126 | cp = "no-pty"; |
98 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 127 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
99 | packet_send_debug("Pty allocation disabled."); | 128 | snprintf(tmp, sizeof(tmp), "Pty allocation disabled."); |
129 | buffer_put_cstring(&auth_debug, tmp); | ||
100 | no_pty_flag = 1; | 130 | no_pty_flag = 1; |
101 | opts += strlen(cp); | 131 | opts += strlen(cp); |
102 | goto next_option; | 132 | goto next_option; |
@@ -119,14 +149,16 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
119 | if (!*opts) { | 149 | if (!*opts) { |
120 | debug("%.100s, line %lu: missing end quote", | 150 | debug("%.100s, line %lu: missing end quote", |
121 | file, linenum); | 151 | file, linenum); |
122 | packet_send_debug("%.100s, line %lu: missing end quote", | 152 | snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", |
123 | file, linenum); | 153 | file, linenum); |
154 | buffer_put_cstring(&auth_debug, tmp); | ||
124 | xfree(forced_command); | 155 | xfree(forced_command); |
125 | forced_command = NULL; | 156 | forced_command = NULL; |
126 | goto bad_option; | 157 | goto bad_option; |
127 | } | 158 | } |
128 | forced_command[i] = 0; | 159 | forced_command[i] = 0; |
129 | packet_send_debug("Forced command: %.900s", forced_command); | 160 | snprintf(tmp, sizeof(tmp), "Forced command: %.900s", forced_command); |
161 | buffer_put_cstring(&auth_debug, tmp); | ||
130 | opts++; | 162 | opts++; |
131 | goto next_option; | 163 | goto next_option; |
132 | } | 164 | } |
@@ -151,13 +183,15 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
151 | if (!*opts) { | 183 | if (!*opts) { |
152 | debug("%.100s, line %lu: missing end quote", | 184 | debug("%.100s, line %lu: missing end quote", |
153 | file, linenum); | 185 | file, linenum); |
154 | packet_send_debug("%.100s, line %lu: missing end quote", | 186 | snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", |
155 | file, linenum); | 187 | file, linenum); |
188 | buffer_put_cstring(&auth_debug, tmp); | ||
156 | xfree(s); | 189 | xfree(s); |
157 | goto bad_option; | 190 | goto bad_option; |
158 | } | 191 | } |
159 | s[i] = 0; | 192 | s[i] = 0; |
160 | packet_send_debug("Adding to environment: %.900s", s); | 193 | snprintf(tmp, sizeof(tmp), "Adding to environment: %.900s", s); |
194 | buffer_put_cstring(&auth_debug, tmp); | ||
161 | debug("Adding to environment: %.900s", s); | 195 | debug("Adding to environment: %.900s", s); |
162 | opts++; | 196 | opts++; |
163 | new_envstring = xmalloc(sizeof(struct envstring)); | 197 | new_envstring = xmalloc(sizeof(struct envstring)); |
@@ -188,8 +222,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
188 | if (!*opts) { | 222 | if (!*opts) { |
189 | debug("%.100s, line %lu: missing end quote", | 223 | debug("%.100s, line %lu: missing end quote", |
190 | file, linenum); | 224 | file, linenum); |
191 | packet_send_debug("%.100s, line %lu: missing end quote", | 225 | snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", |
192 | file, linenum); | 226 | file, linenum); |
227 | buffer_put_cstring(&auth_debug, tmp); | ||
193 | xfree(patterns); | 228 | xfree(patterns); |
194 | goto bad_option; | 229 | goto bad_option; |
195 | } | 230 | } |
@@ -202,9 +237,11 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
202 | "correct key but not from a permitted " | 237 | "correct key but not from a permitted " |
203 | "host (host=%.200s, ip=%.200s).", | 238 | "host (host=%.200s, ip=%.200s).", |
204 | pw->pw_name, remote_host, remote_ip); | 239 | pw->pw_name, remote_host, remote_ip); |
205 | packet_send_debug("Your host '%.200s' is not " | 240 | snprintf(tmp, sizeof(tmp), |
241 | "Your host '%.200s' is not " | ||
206 | "permitted to use this key for login.", | 242 | "permitted to use this key for login.", |
207 | remote_host); | 243 | remote_host); |
244 | buffer_put_cstring(&auth_debug, tmp); | ||
208 | /* deny access */ | 245 | /* deny access */ |
209 | return 0; | 246 | return 0; |
210 | } | 247 | } |
@@ -233,8 +270,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
233 | if (!*opts) { | 270 | if (!*opts) { |
234 | debug("%.100s, line %lu: missing end quote", | 271 | debug("%.100s, line %lu: missing end quote", |
235 | file, linenum); | 272 | file, linenum); |
236 | packet_send_debug("%.100s, line %lu: missing end quote", | 273 | snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", |
237 | file, linenum); | 274 | file, linenum); |
275 | buffer_put_cstring(&auth_debug, tmp); | ||
238 | xfree(patterns); | 276 | xfree(patterns); |
239 | goto bad_option; | 277 | goto bad_option; |
240 | } | 278 | } |
@@ -244,16 +282,18 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
244 | sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) { | 282 | sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) { |
245 | debug("%.100s, line %lu: Bad permitopen specification " | 283 | debug("%.100s, line %lu: Bad permitopen specification " |
246 | "<%.100s>", file, linenum, patterns); | 284 | "<%.100s>", file, linenum, patterns); |
247 | packet_send_debug("%.100s, line %lu: " | 285 | snprintf(tmp, sizeof(tmp), "%.100s, line %lu: " |
248 | "Bad permitopen specification", file, linenum); | 286 | "Bad permitopen specification", file, linenum); |
287 | buffer_put_cstring(&auth_debug, tmp); | ||
249 | xfree(patterns); | 288 | xfree(patterns); |
250 | goto bad_option; | 289 | goto bad_option; |
251 | } | 290 | } |
252 | if ((port = a2port(sport)) == 0) { | 291 | if ((port = a2port(sport)) == 0) { |
253 | debug("%.100s, line %lu: Bad permitopen port <%.100s>", | 292 | debug("%.100s, line %lu: Bad permitopen port <%.100s>", |
254 | file, linenum, sport); | 293 | file, linenum, sport); |
255 | packet_send_debug("%.100s, line %lu: " | 294 | snprintf(tmp, sizeof(tmp), "%.100s, line %lu: " |
256 | "Bad permitopen port", file, linenum); | 295 | "Bad permitopen port", file, linenum); |
296 | buffer_put_cstring(&auth_debug, tmp); | ||
257 | xfree(patterns); | 297 | xfree(patterns); |
258 | goto bad_option; | 298 | goto bad_option; |
259 | } | 299 | } |
@@ -276,14 +316,24 @@ next_option: | |||
276 | opts++; | 316 | opts++; |
277 | /* Process the next option. */ | 317 | /* Process the next option. */ |
278 | } | 318 | } |
319 | |||
320 | if (!use_privsep) | ||
321 | auth_send_debug(&auth_debug); | ||
322 | |||
279 | /* grant access */ | 323 | /* grant access */ |
280 | return 1; | 324 | return 1; |
281 | 325 | ||
282 | bad_option: | 326 | bad_option: |
283 | log("Bad options in %.100s file, line %lu: %.50s", | 327 | log("Bad options in %.100s file, line %lu: %.50s", |
284 | file, linenum, opts); | 328 | file, linenum, opts); |
285 | packet_send_debug("Bad options in %.100s file, line %lu: %.50s", | 329 | snprintf(tmp, sizeof(tmp), |
330 | "Bad options in %.100s file, line %lu: %.50s", | ||
286 | file, linenum, opts); | 331 | file, linenum, opts); |
332 | buffer_put_cstring(&auth_debug, tmp); | ||
333 | |||
334 | if (!use_privsep) | ||
335 | auth_send_debug(&auth_debug); | ||
336 | |||
287 | /* deny access */ | 337 | /* deny access */ |
288 | return 0; | 338 | return 0; |
289 | } | 339 | } |