diff options
Diffstat (limited to 'auth-options.c')
-rw-r--r-- | auth-options.c | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/auth-options.c b/auth-options.c index ca5e1c931..25361455e 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.43 2008/06/10 23:06:19 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -20,6 +20,7 @@ | |||
20 | #include <stdio.h> | 20 | #include <stdio.h> |
21 | #include <stdarg.h> | 21 | #include <stdarg.h> |
22 | 22 | ||
23 | #include "openbsd-compat/sys-queue.h" | ||
23 | #include "xmalloc.h" | 24 | #include "xmalloc.h" |
24 | #include "match.h" | 25 | #include "match.h" |
25 | #include "log.h" | 26 | #include "log.h" |
@@ -42,6 +43,7 @@ int no_port_forwarding_flag = 0; | |||
42 | int no_agent_forwarding_flag = 0; | 43 | int no_agent_forwarding_flag = 0; |
43 | int no_x11_forwarding_flag = 0; | 44 | int no_x11_forwarding_flag = 0; |
44 | int no_pty_flag = 0; | 45 | int no_pty_flag = 0; |
46 | int no_user_rc = 0; | ||
45 | 47 | ||
46 | /* "command=" option. */ | 48 | /* "command=" option. */ |
47 | char *forced_command = NULL; | 49 | char *forced_command = NULL; |
@@ -61,6 +63,7 @@ auth_clear_options(void) | |||
61 | no_port_forwarding_flag = 0; | 63 | no_port_forwarding_flag = 0; |
62 | no_pty_flag = 0; | 64 | no_pty_flag = 0; |
63 | no_x11_forwarding_flag = 0; | 65 | no_x11_forwarding_flag = 0; |
66 | no_user_rc = 0; | ||
64 | while (custom_environment) { | 67 | while (custom_environment) { |
65 | struct envstring *ce = custom_environment; | 68 | struct envstring *ce = custom_environment; |
66 | custom_environment = ce->next; | 69 | custom_environment = ce->next; |
@@ -121,6 +124,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
121 | opts += strlen(cp); | 124 | opts += strlen(cp); |
122 | goto next_option; | 125 | goto next_option; |
123 | } | 126 | } |
127 | cp = "no-user-rc"; | ||
128 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | ||
129 | auth_debug_add("User rc file execution disabled."); | ||
130 | no_user_rc = 1; | ||
131 | opts += strlen(cp); | ||
132 | goto next_option; | ||
133 | } | ||
124 | cp = "command=\""; | 134 | cp = "command=\""; |
125 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 135 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
126 | opts += strlen(cp); | 136 | opts += strlen(cp); |
@@ -216,8 +226,19 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
216 | } | 226 | } |
217 | patterns[i] = '\0'; | 227 | patterns[i] = '\0'; |
218 | opts++; | 228 | opts++; |
219 | if (match_host_and_ip(remote_host, remote_ip, | 229 | switch (match_host_and_ip(remote_host, remote_ip, |
220 | patterns) != 1) { | 230 | patterns)) { |
231 | case 1: | ||
232 | xfree(patterns); | ||
233 | /* Host name matches. */ | ||
234 | goto next_option; | ||
235 | case -1: | ||
236 | debug("%.100s, line %lu: invalid criteria", | ||
237 | file, linenum); | ||
238 | auth_debug_add("%.100s, line %lu: " | ||
239 | "invalid criteria", file, linenum); | ||
240 | /* FALLTHROUGH */ | ||
241 | case 0: | ||
221 | xfree(patterns); | 242 | xfree(patterns); |
222 | logit("Authentication tried for %.100s with " | 243 | logit("Authentication tried for %.100s with " |
223 | "correct key but not from a permitted " | 244 | "correct key but not from a permitted " |
@@ -226,12 +247,10 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
226 | auth_debug_add("Your host '%.200s' is not " | 247 | auth_debug_add("Your host '%.200s' is not " |
227 | "permitted to use this key for login.", | 248 | "permitted to use this key for login.", |
228 | remote_host); | 249 | remote_host); |
229 | /* deny access */ | 250 | break; |
230 | return 0; | ||
231 | } | 251 | } |
232 | xfree(patterns); | 252 | /* deny access */ |
233 | /* Host name matches. */ | 253 | return 0; |
234 | goto next_option; | ||
235 | } | 254 | } |
236 | cp = "permitopen=\""; | 255 | cp = "permitopen=\""; |
237 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 256 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |