auth-options.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
#include "includes.h"
RCSID("$OpenBSD: auth-options.c,v 1.26 2002/07/30 17:03:55 markus Exp $");
#pragma ident "%Z%%M% %I% %E% SMI"
#include "xmalloc.h"
#include "match.h"
#include "log.h"
#include "canohost.h"
#include "channels.h"
#include "auth-options.h"
#include "servconf.h"
#include "misc.h"
#include "monitor_wrap.h"
#include "auth.h"
/* Flags set authorized_keys flags */
int no_port_forwarding_flag = 0;
int no_agent_forwarding_flag = 0;
int no_x11_forwarding_flag = 0;
int no_pty_flag = 0;
/* "command=" option. */
char *forced_command = NULL;
/* "environment=" options. */
extern ServerOptions options;
void
auth_clear_options(void)
{
no_pty_flag = 0;
while (custom_environment) {
}
if (forced_command) {
}
}
/*
* return 1 if access is granted, 0 if not.
* side effect: sets key option flags
*/
int
{
const char *cp;
int i;
/* reset options */
if (!opts)
return 1;
cp = "no-port-forwarding";
auth_debug_add("Port forwarding disabled.");
goto next_option;
}
cp = "no-agent-forwarding";
auth_debug_add("Agent forwarding disabled.");
goto next_option;
}
cp = "no-X11-forwarding";
auth_debug_add("X11 forwarding disabled.");
goto next_option;
}
cp = "no-pty";
auth_debug_add("Pty allocation disabled.");
no_pty_flag = 1;
goto next_option;
}
cp = "command=\"";
i = 0;
while (*opts) {
if (*opts == '"')
break;
opts += 2;
forced_command[i++] = '"';
continue;
}
forced_command[i++] = *opts++;
}
if (!*opts) {
debug("%.100s, line %lu: missing end quote",
auth_debug_add("%.100s, line %lu: missing end quote",
goto bad_option;
}
forced_command[i] = 0;
opts++;
goto next_option;
}
cp = "environment=\"";
if (options.permit_user_env &&
char *s;
struct envstring *new_envstring;
i = 0;
while (*opts) {
if (*opts == '"')
break;
opts += 2;
s[i++] = '"';
continue;
}
s[i++] = *opts++;
}
if (!*opts) {
debug("%.100s, line %lu: missing end quote",
auth_debug_add("%.100s, line %lu: missing end quote",
xfree(s);
goto bad_option;
}
s[i] = 0;
auth_debug_add("Adding to environment: %.900s", s);
debug("Adding to environment: %.900s", s);
opts++;
new_envstring->s = s;
goto next_option;
}
cp = "from=\"";
const char *remote_ip = get_remote_ipaddr();
const char *remote_host = get_canonical_hostname(
i = 0;
while (*opts) {
if (*opts == '"')
break;
opts += 2;
patterns[i++] = '"';
continue;
}
}
if (!*opts) {
debug("%.100s, line %lu: missing end quote",
auth_debug_add("%.100s, line %lu: missing end quote",
goto bad_option;
}
patterns[i] = 0;
opts++;
patterns) != 1) {
log("Authentication tried for %.100s with "
"correct key but not from a permitted "
"host (host=%.200s, ip=%.200s).",
auth_debug_add("Your host '%.200s' is not "
"permitted to use this key for login.",
/* deny access */
return 0;
}
/* Host name matches. */
goto next_option;
}
cp = "permitopen=\"";
i = 0;
while (*opts) {
if (*opts == '"')
break;
opts += 2;
patterns[i++] = '"';
continue;
}
}
if (!*opts) {
debug("%.100s, line %lu: missing end quote",
auth_debug_add("%.100s, line %lu: missing end quote",
goto bad_option;
}
patterns[i] = 0;
opts++;
debug("%.100s, line %lu: Bad permitopen specification "
auth_debug_add("%.100s, line %lu: "
goto bad_option;
}
debug("%.100s, line %lu: Bad permitopen port <%.100s>",
auth_debug_add("%.100s, line %lu: "
goto bad_option;
}
goto next_option;
}
/*
* Skip the comma, and move to the next option
* (or break out if there are no more).
*/
if (!*opts)
fatal("Bugs in auth-options.c option processing.");
break; /* End of options. */
if (*opts != ',')
goto bad_option;
opts++;
/* Process the next option. */
}
if (!use_privsep)
/* grant access */
return 1;
log("Bad options in %.100s file, line %lu: %.50s",
auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
if (!use_privsep)
/* deny access */
return 0;
}