summaryrefslogtreecommitdiff
path: root/auth-options.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-options.c')
-rw-r--r--auth-options.c76
1 files changed, 19 insertions, 57 deletions
diff --git a/auth-options.c b/auth-options.c
index 3408b3d8f..2787d2948 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth-options.c,v 1.23 2002/03/19 10:35:39 markus Exp $"); 13RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $");
14 14
15#include "packet.h" 15#include "packet.h"
16#include "xmalloc.h" 16#include "xmalloc.h"
@@ -23,10 +23,7 @@ RCSID("$OpenBSD: auth-options.c,v 1.23 2002/03/19 10:35:39 markus Exp $");
23#include "bufaux.h" 23#include "bufaux.h"
24#include "misc.h" 24#include "misc.h"
25#include "monitor_wrap.h" 25#include "monitor_wrap.h"
26 26#include "auth.h"
27/* Debugging messages */
28Buffer auth_debug;
29int auth_debug_init;
30 27
31/* Flags set authorized_keys flags */ 28/* Flags set authorized_keys flags */
32int no_port_forwarding_flag = 0; 29int no_port_forwarding_flag = 0;
@@ -42,28 +39,9 @@ struct envstring *custom_environment = NULL;
42 39
43extern ServerOptions options; 40extern ServerOptions options;
44 41
45static void
46auth_send_debug(Buffer *m)
47{
48 char *msg;
49
50 while (buffer_len(m)) {
51 msg = buffer_get_string(m, NULL);
52 packet_send_debug("%s", msg);
53 xfree(msg);
54 }
55}
56
57void 42void
58auth_clear_options(void) 43auth_clear_options(void)
59{ 44{
60 if (auth_debug_init)
61 buffer_clear(&auth_debug);
62 else {
63 buffer_init(&auth_debug);
64 auth_debug_init = 1;
65 }
66
67 no_agent_forwarding_flag = 0; 45 no_agent_forwarding_flag = 0;
68 no_port_forwarding_flag = 0; 46 no_port_forwarding_flag = 0;
69 no_pty_flag = 0; 47 no_pty_flag = 0;
@@ -79,6 +57,7 @@ auth_clear_options(void)
79 forced_command = NULL; 57 forced_command = NULL;
80 } 58 }
81 channel_clear_permitted_opens(); 59 channel_clear_permitted_opens();
60 auth_debug_reset();
82} 61}
83 62
84/* 63/*
@@ -88,7 +67,6 @@ auth_clear_options(void)
88int 67int
89auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) 68auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
90{ 69{
91 char tmp[1024];
92 const char *cp; 70 const char *cp;
93 int i; 71 int i;
94 72
@@ -101,32 +79,28 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
101 while (*opts && *opts != ' ' && *opts != '\t') { 79 while (*opts && *opts != ' ' && *opts != '\t') {
102 cp = "no-port-forwarding"; 80 cp = "no-port-forwarding";
103 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 81 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
104 snprintf(tmp, sizeof(tmp), "Port forwarding disabled."); 82 auth_debug_add("Port forwarding disabled.");
105 buffer_put_cstring(&auth_debug, tmp);
106 no_port_forwarding_flag = 1; 83 no_port_forwarding_flag = 1;
107 opts += strlen(cp); 84 opts += strlen(cp);
108 goto next_option; 85 goto next_option;
109 } 86 }
110 cp = "no-agent-forwarding"; 87 cp = "no-agent-forwarding";
111 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 88 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
112 snprintf(tmp, sizeof(tmp), "Agent forwarding disabled."); 89 auth_debug_add("Agent forwarding disabled.");
113 buffer_put_cstring(&auth_debug, tmp);
114 no_agent_forwarding_flag = 1; 90 no_agent_forwarding_flag = 1;
115 opts += strlen(cp); 91 opts += strlen(cp);
116 goto next_option; 92 goto next_option;
117 } 93 }
118 cp = "no-X11-forwarding"; 94 cp = "no-X11-forwarding";
119 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 95 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
120 snprintf(tmp, sizeof(tmp), "X11 forwarding disabled."); 96 auth_debug_add("X11 forwarding disabled.");
121 buffer_put_cstring(&auth_debug, tmp);
122 no_x11_forwarding_flag = 1; 97 no_x11_forwarding_flag = 1;
123 opts += strlen(cp); 98 opts += strlen(cp);
124 goto next_option; 99 goto next_option;
125 } 100 }
126 cp = "no-pty"; 101 cp = "no-pty";
127 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 102 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
128 snprintf(tmp, sizeof(tmp), "Pty allocation disabled."); 103 auth_debug_add("Pty allocation disabled.");
129 buffer_put_cstring(&auth_debug, tmp);
130 no_pty_flag = 1; 104 no_pty_flag = 1;
131 opts += strlen(cp); 105 opts += strlen(cp);
132 goto next_option; 106 goto next_option;
@@ -149,16 +123,14 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
149 if (!*opts) { 123 if (!*opts) {
150 debug("%.100s, line %lu: missing end quote", 124 debug("%.100s, line %lu: missing end quote",
151 file, linenum); 125 file, linenum);
152 snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", 126 auth_debug_add("%.100s, line %lu: missing end quote",
153 file, linenum); 127 file, linenum);
154 buffer_put_cstring(&auth_debug, tmp);
155 xfree(forced_command); 128 xfree(forced_command);
156 forced_command = NULL; 129 forced_command = NULL;
157 goto bad_option; 130 goto bad_option;
158 } 131 }
159 forced_command[i] = 0; 132 forced_command[i] = 0;
160 snprintf(tmp, sizeof(tmp), "Forced command: %.900s", forced_command); 133 auth_debug_add("Forced command: %.900s", forced_command);
161 buffer_put_cstring(&auth_debug, tmp);
162 opts++; 134 opts++;
163 goto next_option; 135 goto next_option;
164 } 136 }
@@ -183,15 +155,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
183 if (!*opts) { 155 if (!*opts) {
184 debug("%.100s, line %lu: missing end quote", 156 debug("%.100s, line %lu: missing end quote",
185 file, linenum); 157 file, linenum);
186 snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", 158 auth_debug_add("%.100s, line %lu: missing end quote",
187 file, linenum); 159 file, linenum);
188 buffer_put_cstring(&auth_debug, tmp);
189 xfree(s); 160 xfree(s);
190 goto bad_option; 161 goto bad_option;
191 } 162 }
192 s[i] = 0; 163 s[i] = 0;
193 snprintf(tmp, sizeof(tmp), "Adding to environment: %.900s", s); 164 auth_debug_add("Adding to environment: %.900s", s);
194 buffer_put_cstring(&auth_debug, tmp);
195 debug("Adding to environment: %.900s", s); 165 debug("Adding to environment: %.900s", s);
196 opts++; 166 opts++;
197 new_envstring = xmalloc(sizeof(struct envstring)); 167 new_envstring = xmalloc(sizeof(struct envstring));
@@ -222,9 +192,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
222 if (!*opts) { 192 if (!*opts) {
223 debug("%.100s, line %lu: missing end quote", 193 debug("%.100s, line %lu: missing end quote",
224 file, linenum); 194 file, linenum);
225 snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", 195 auth_debug_add("%.100s, line %lu: missing end quote",
226 file, linenum); 196 file, linenum);
227 buffer_put_cstring(&auth_debug, tmp);
228 xfree(patterns); 197 xfree(patterns);
229 goto bad_option; 198 goto bad_option;
230 } 199 }
@@ -237,11 +206,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
237 "correct key but not from a permitted " 206 "correct key but not from a permitted "
238 "host (host=%.200s, ip=%.200s).", 207 "host (host=%.200s, ip=%.200s).",
239 pw->pw_name, remote_host, remote_ip); 208 pw->pw_name, remote_host, remote_ip);
240 snprintf(tmp, sizeof(tmp), 209 auth_debug_add("Your host '%.200s' is not "
241 "Your host '%.200s' is not "
242 "permitted to use this key for login.", 210 "permitted to use this key for login.",
243 remote_host); 211 remote_host);
244 buffer_put_cstring(&auth_debug, tmp);
245 /* deny access */ 212 /* deny access */
246 return 0; 213 return 0;
247 } 214 }
@@ -270,9 +237,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
270 if (!*opts) { 237 if (!*opts) {
271 debug("%.100s, line %lu: missing end quote", 238 debug("%.100s, line %lu: missing end quote",
272 file, linenum); 239 file, linenum);
273 snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote", 240 auth_debug_add("%.100s, line %lu: missing end quote",
274 file, linenum); 241 file, linenum);
275 buffer_put_cstring(&auth_debug, tmp);
276 xfree(patterns); 242 xfree(patterns);
277 goto bad_option; 243 goto bad_option;
278 } 244 }
@@ -282,18 +248,16 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
282 sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) { 248 sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) {
283 debug("%.100s, line %lu: Bad permitopen specification " 249 debug("%.100s, line %lu: Bad permitopen specification "
284 "<%.100s>", file, linenum, patterns); 250 "<%.100s>", file, linenum, patterns);
285 snprintf(tmp, sizeof(tmp), "%.100s, line %lu: " 251 auth_debug_add("%.100s, line %lu: "
286 "Bad permitopen specification", file, linenum); 252 "Bad permitopen specification", file, linenum);
287 buffer_put_cstring(&auth_debug, tmp);
288 xfree(patterns); 253 xfree(patterns);
289 goto bad_option; 254 goto bad_option;
290 } 255 }
291 if ((port = a2port(sport)) == 0) { 256 if ((port = a2port(sport)) == 0) {
292 debug("%.100s, line %lu: Bad permitopen port <%.100s>", 257 debug("%.100s, line %lu: Bad permitopen port <%.100s>",
293 file, linenum, sport); 258 file, linenum, sport);
294 snprintf(tmp, sizeof(tmp), "%.100s, line %lu: " 259 auth_debug_add("%.100s, line %lu: "
295 "Bad permitopen port", file, linenum); 260 "Bad permitopen port", file, linenum);
296 buffer_put_cstring(&auth_debug, tmp);
297 xfree(patterns); 261 xfree(patterns);
298 goto bad_option; 262 goto bad_option;
299 } 263 }
@@ -318,7 +282,7 @@ next_option:
318 } 282 }
319 283
320 if (!use_privsep) 284 if (!use_privsep)
321 auth_send_debug(&auth_debug); 285 auth_debug_send();
322 286
323 /* grant access */ 287 /* grant access */
324 return 1; 288 return 1;
@@ -326,13 +290,11 @@ next_option:
326bad_option: 290bad_option:
327 log("Bad options in %.100s file, line %lu: %.50s", 291 log("Bad options in %.100s file, line %lu: %.50s",
328 file, linenum, opts); 292 file, linenum, opts);
329 snprintf(tmp, sizeof(tmp), 293 auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
330 "Bad options in %.100s file, line %lu: %.50s",
331 file, linenum, opts); 294 file, linenum, opts);
332 buffer_put_cstring(&auth_debug, tmp);
333 295
334 if (!use_privsep) 296 if (!use_privsep)
335 auth_send_debug(&auth_debug); 297 auth_debug_send();
336 298
337 /* deny access */ 299 /* deny access */
338 return 0; 300 return 0;