Blame - auth-options.c - platform/external/openssh

blob: 23d0423e122df2064debee9f0c5570c6cde06e0a [file] [log] [blame]

Damien Miller	aa5b3f8	2012-12-03 09:50:54 +1100	[diff] [blame^]	1	/* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	2	/*
				3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	* All rights reserved
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	6	* As far as I am concerned, the code I have written for this software
				7	* can be used freely for any purpose. Any derived versions of this
				8	* software must be clearly marked as such, and if the derived work is
				9	* incompatible with the protocol description in the RFC file, it must be
				10	* called by a name other than "ssh" or "Secure Shell".
				11	*/
				12
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	13	#include "includes.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	14
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	15	#include <sys/types.h>
				16
Damien Miller	b8fe89c	2006-07-24 14:51:00 +1000	[diff] [blame]	17	#include <netdb.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	18	#include <pwd.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	19	#include <string.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	20	#include <stdio.h>
				21	#include <stdarg.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	22
Damien Miller	b84886b	2008-05-19 15:05:07 +1000	[diff] [blame]	23	#include "openbsd-compat/sys-queue.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	24	#include "xmalloc.h"
				25	#include "match.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	26	#include "log.h"
				27	#include "canohost.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	28	#include "buffer.h"
Ben Lindstrom	c763767	2001-06-09 00:36:26 +0000	[diff] [blame]	29	#include "channels.h"
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	30	#include "servconf.h"
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	31	#include "misc.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	32	#include "key.h"
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	33	#include "auth-options.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	34	#include "hostfile.h"
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	35	#include "auth.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	36	#ifdef GSSAPI
				37	#include "ssh-gss.h"
				38	#endif
				39	#include "monitor_wrap.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	40
				41	/* Flags set authorized_keys flags */
				42	int no_port_forwarding_flag = 0;
				43	int no_agent_forwarding_flag = 0;
				44	int no_x11_forwarding_flag = 0;
				45	int no_pty_flag = 0;
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	46	int no_user_rc = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	47	int key_is_cert_authority = 0;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	48
				49	/* "command=" option. */
				50	char *forced_command = NULL;
				51
				52	/* "environment=" options. */
				53	struct envstring *custom_environment = NULL;
				54
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	55	/* "tunnel=" option. */
				56	int forced_tun_device = -1;
				57
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	58	/* "principals=" option. */
				59	char *authorized_principals = NULL;
				60
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	61	extern ServerOptions options;
				62
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	63	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	64	auth_clear_options(void)
				65	{
				66	no_agent_forwarding_flag = 0;
				67	no_port_forwarding_flag = 0;
				68	no_pty_flag = 0;
				69	no_x11_forwarding_flag = 0;
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	70	no_user_rc = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	71	key_is_cert_authority = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	72	while (custom_environment) {
				73	struct envstring *ce = custom_environment;
				74	custom_environment = ce->next;
				75	xfree(ce->s);
				76	xfree(ce);
				77	}
				78	if (forced_command) {
				79	xfree(forced_command);
				80	forced_command = NULL;
				81	}
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	82	if (authorized_principals) {
				83	xfree(authorized_principals);
				84	authorized_principals = NULL;
				85	}
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	86	forced_tun_device = -1;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	87	channel_clear_permitted_opens();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	88	}
				89
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	90	/*
				91	* return 1 if access is granted, 0 if not.
				92	* side effect: sets key option flags
				93	*/
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	94	int
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	95	auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	96	{
				97	const char *cp;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	98	int i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	99
				100	/* reset options */
				101	auth_clear_options();
				102
Ben Lindstrom	36d7bd0	2001-02-10 22:27:19 +0000	[diff] [blame]	103	if (!opts)
				104	return 1;
				105
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	106	while (opts && opts != ' ' && *opts != '\t') {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	107	cp = "cert-authority";
				108	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				109	key_is_cert_authority = 1;
				110	opts += strlen(cp);
				111	goto next_option;
				112	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	113	cp = "no-port-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	114	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	115	auth_debug_add("Port forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	116	no_port_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	117	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	118	goto next_option;
				119	}
				120	cp = "no-agent-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	121	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	122	auth_debug_add("Agent forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	123	no_agent_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	124	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	125	goto next_option;
				126	}
				127	cp = "no-X11-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	128	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	129	auth_debug_add("X11 forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	130	no_x11_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	131	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	132	goto next_option;
				133	}
				134	cp = "no-pty";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	135	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	136	auth_debug_add("Pty allocation disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	137	no_pty_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	138	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	139	goto next_option;
				140	}
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	141	cp = "no-user-rc";
				142	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				143	auth_debug_add("User rc file execution disabled.");
				144	no_user_rc = 1;
				145	opts += strlen(cp);
				146	goto next_option;
				147	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	148	cp = "command=\"";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	149	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	150	opts += strlen(cp);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	151	if (forced_command != NULL)
				152	xfree(forced_command);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	153	forced_command = xmalloc(strlen(opts) + 1);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	154	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	155	while (*opts) {
				156	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	157	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	158	if (*opts == '\\' && opts[1] == '"') {
				159	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	160	forced_command[i++] = '"';
				161	continue;
				162	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	163	forced_command[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	164	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	165	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	166	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	167	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	168	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	169	file, linenum);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	170	xfree(forced_command);
				171	forced_command = NULL;
				172	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	173	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	174	forced_command[i] = '\0';
Damien Miller	de53fd0	2011-01-06 22:44:18 +1100	[diff] [blame]	175	auth_debug_add("Forced command.");
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	176	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	177	goto next_option;
				178	}
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	179	cp = "principals=\"";
				180	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				181	opts += strlen(cp);
				182	if (authorized_principals != NULL)
				183	xfree(authorized_principals);
				184	authorized_principals = xmalloc(strlen(opts) + 1);
				185	i = 0;
				186	while (*opts) {
				187	if (*opts == '"')
				188	break;
				189	if (*opts == '\\' && opts[1] == '"') {
				190	opts += 2;
				191	authorized_principals[i++] = '"';
				192	continue;
				193	}
				194	authorized_principals[i++] = *opts++;
				195	}
				196	if (!*opts) {
				197	debug("%.100s, line %lu: missing end quote",
				198	file, linenum);
				199	auth_debug_add("%.100s, line %lu: missing end quote",
				200	file, linenum);
				201	xfree(authorized_principals);
				202	authorized_principals = NULL;
				203	goto bad_option;
				204	}
				205	authorized_principals[i] = '\0';
				206	auth_debug_add("principals: %.900s",
				207	authorized_principals);
				208	opts++;
				209	goto next_option;
				210	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	211	cp = "environment=\"";
Ben Lindstrom	5d860f0	2002-08-01 01:28:38 +0000	[diff] [blame]	212	if (options.permit_user_env &&
				213	strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	214	char *s;
				215	struct envstring *new_envstring;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	216
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	217	opts += strlen(cp);
				218	s = xmalloc(strlen(opts) + 1);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	219	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	220	while (*opts) {
				221	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	222	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	223	if (*opts == '\\' && opts[1] == '"') {
				224	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	225	s[i++] = '"';
				226	continue;
				227	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	228	s[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	229	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	230	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	231	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	232	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	233	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	234	file, linenum);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	235	xfree(s);
				236	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	237	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	238	s[i] = '\0';
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	239	auth_debug_add("Adding to environment: %.900s", s);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	240	debug("Adding to environment: %.900s", s);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	241	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	242	new_envstring = xmalloc(sizeof(struct envstring));
				243	new_envstring->s = s;
				244	new_envstring->next = custom_environment;
				245	custom_environment = new_envstring;
				246	goto next_option;
				247	}
				248	cp = "from=\"";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	249	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	250	const char *remote_ip = get_remote_ipaddr();
				251	const char *remote_host = get_canonical_hostname(
Damien Miller	3a961dc	2003-06-03 10:25:48 +1000	[diff] [blame]	252	options.use_dns);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	253	char *patterns = xmalloc(strlen(opts) + 1);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	254
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	255	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	256	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	257	while (*opts) {
				258	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	259	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	260	if (*opts == '\\' && opts[1] == '"') {
				261	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	262	patterns[i++] = '"';
				263	continue;
				264	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	265	patterns[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	266	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	267	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	268	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	269	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	270	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	271	file, linenum);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	272	xfree(patterns);
				273	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	274	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	275	patterns[i] = '\0';
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	276	opts++;
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	277	switch (match_host_and_ip(remote_host, remote_ip,
				278	patterns)) {
				279	case 1:
				280	xfree(patterns);
				281	/* Host name matches. */
				282	goto next_option;
				283	case -1:
				284	debug("%.100s, line %lu: invalid criteria",
				285	file, linenum);
				286	auth_debug_add("%.100s, line %lu: "
				287	"invalid criteria", file, linenum);
				288	/* FALLTHROUGH */
				289	case 0:
Ben Lindstrom	f0c5029	2001-06-25 05:17:53 +0000	[diff] [blame]	290	xfree(patterns);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	291	logit("Authentication tried for %.100s with "
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	292	"correct key but not from a permitted "
				293	"host (host=%.200s, ip=%.200s).",
				294	pw->pw_name, remote_host, remote_ip);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	295	auth_debug_add("Your host '%.200s' is not "
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	296	"permitted to use this key for login.",
				297	remote_host);
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	298	break;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	299	}
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	300	/* deny access */
				301	return 0;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	302	}
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	303	cp = "permitopen=\"";
				304	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	305	char host, p;
Damien Miller	e37dde0	2009-01-28 16:33:01 +1100	[diff] [blame]	306	int port;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	307	char *patterns = xmalloc(strlen(opts) + 1);
				308
				309	opts += strlen(cp);
				310	i = 0;
				311	while (*opts) {
				312	if (*opts == '"')
				313	break;
				314	if (*opts == '\\' && opts[1] == '"') {
				315	opts += 2;
				316	patterns[i++] = '"';
				317	continue;
				318	}
				319	patterns[i++] = *opts++;
				320	}
				321	if (!*opts) {
				322	debug("%.100s, line %lu: missing end quote",
				323	file, linenum);
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	324	auth_debug_add("%.100s, line %lu: missing "
				325	"end quote", file, linenum);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	326	xfree(patterns);
				327	goto bad_option;
				328	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	329	patterns[i] = '\0';
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	330	opts++;
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	331	p = patterns;
				332	host = hpdelim(&p);
				333	if (host == NULL \|\| strlen(host) >= NI_MAXHOST) {
				334	debug("%.100s, line %lu: Bad permitopen "
Darren Tucker	90b9e02	2005-03-14 23:08:50 +1100	[diff] [blame]	335	"specification <%.100s>", file, linenum,
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	336	patterns);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	337	auth_debug_add("%.100s, line %lu: "
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	338	"Bad permitopen specification", file,
				339	linenum);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	340	xfree(patterns);
				341	goto bad_option;
				342	}
Darren Tucker	47eede7	2005-03-14 23:08:12 +1100	[diff] [blame]	343	host = cleanhostname(host);
Darren Tucker	1338b9e	2011-10-02 18:57:35 +1100	[diff] [blame]	344	if (p == NULL \|\| (port = permitopen_port(p)) < 0) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	345	debug("%.100s, line %lu: Bad permitopen port "
				346	"<%.100s>", file, linenum, p ? p : "");
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	347	auth_debug_add("%.100s, line %lu: "
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	348	"Bad permitopen port", file, linenum);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	349	xfree(patterns);
				350	goto bad_option;
				351	}
Damien Miller	aa5b3f8	2012-12-03 09:50:54 +1100	[diff] [blame^]	352	if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	353	channel_add_permitted_opens(host, port);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	354	xfree(patterns);
				355	goto next_option;
				356	}
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	357	cp = "tunnel=\"";
				358	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				359	char *tun = NULL;
				360	opts += strlen(cp);
				361	tun = xmalloc(strlen(opts) + 1);
				362	i = 0;
				363	while (*opts) {
				364	if (*opts == '"')
				365	break;
				366	tun[i++] = *opts++;
				367	}
				368	if (!*opts) {
				369	debug("%.100s, line %lu: missing end quote",
				370	file, linenum);
				371	auth_debug_add("%.100s, line %lu: missing end quote",
				372	file, linenum);
				373	xfree(tun);
				374	forced_tun_device = -1;
				375	goto bad_option;
				376	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	377	tun[i] = '\0';
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	378	forced_tun_device = a2tun(tun, NULL);
				379	xfree(tun);
Damien Miller	7b58e80	2005-12-13 19:33:19 +1100	[diff] [blame]	380	if (forced_tun_device == SSH_TUNID_ERR) {
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	381	debug("%.100s, line %lu: invalid tun device",
				382	file, linenum);
				383	auth_debug_add("%.100s, line %lu: invalid tun device",
				384	file, linenum);
				385	forced_tun_device = -1;
				386	goto bad_option;
				387	}
				388	auth_debug_add("Forced tun device: %d", forced_tun_device);
				389	opts++;
				390	goto next_option;
				391	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	392	next_option:
				393	/*
				394	* Skip the comma, and move to the next option
				395	* (or break out if there are no more).
				396	*/
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	397	if (!*opts)
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	398	fatal("Bugs in auth-options.c option processing.");
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	399	if (opts == ' ' \|\| opts == '\t')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	400	break; /* End of options. */
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	401	if (*opts != ',')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	402	goto bad_option;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	403	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	404	/* Process the next option. */
				405	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	406
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	407	/* grant access */
				408	return 1;
				409
				410	bad_option:
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	411	logit("Bad options in %.100s file, line %lu: %.50s",
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	412	file, linenum, opts);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	413	auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	414	file, linenum, opts);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	415
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	416	/* deny access */
				417	return 0;
				418	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	419
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	420	#define OPTIONS_CRITICAL 1
				421	#define OPTIONS_EXTENSIONS 2
				422	static int
				423	parse_option_list(u_char optblob, size_t optblob_len, struct passwd pw,
				424	u_int which, int crit,
				425	int *cert_no_port_forwarding_flag,
				426	int *cert_no_agent_forwarding_flag,
				427	int *cert_no_x11_forwarding_flag,
				428	int *cert_no_pty_flag,
				429	int *cert_no_user_rc,
				430	char **cert_forced_command,
				431	int *cert_source_address_done)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	432	{
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	433	char command, allowed;
				434	const char *remote_ip;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	435	u_char name = NULL, data_blob = NULL;
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	436	u_int nlen, dlen, clen;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	437	Buffer c, data;
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	438	int ret = -1, found;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	439
				440	buffer_init(&data);
				441
				442	/* Make copy to avoid altering original */
				443	buffer_init(&c);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	444	buffer_append(&c, optblob, optblob_len);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	445
				446	while (buffer_len(&c) > 0) {
Damien Miller	da108ec	2010-08-31 22:36:39 +1000	[diff] [blame]	447	if ((name = buffer_get_cstring_ret(&c, &nlen)) == NULL \|\|
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	448	(data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	449	error("Certificate options corrupt");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	450	goto out;
				451	}
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	452	buffer_append(&data, data_blob, dlen);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	453	debug3("found certificate option \"%.100s\" len %u",
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	454	name, dlen);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	455	found = 0;
				456	if ((which & OPTIONS_EXTENSIONS) != 0) {
				457	if (strcmp(name, "permit-X11-forwarding") == 0) {
				458	*cert_no_x11_forwarding_flag = 0;
				459	found = 1;
				460	} else if (strcmp(name,
				461	"permit-agent-forwarding") == 0) {
				462	*cert_no_agent_forwarding_flag = 0;
				463	found = 1;
				464	} else if (strcmp(name,
				465	"permit-port-forwarding") == 0) {
				466	*cert_no_port_forwarding_flag = 0;
				467	found = 1;
				468	} else if (strcmp(name, "permit-pty") == 0) {
				469	*cert_no_pty_flag = 0;
				470	found = 1;
				471	} else if (strcmp(name, "permit-user-rc") == 0) {
				472	*cert_no_user_rc = 0;
				473	found = 1;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	474	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	475	}
				476	if (!found && (which & OPTIONS_CRITICAL) != 0) {
				477	if (strcmp(name, "force-command") == 0) {
Damien Miller	da108ec	2010-08-31 22:36:39 +1000	[diff] [blame]	478	if ((command = buffer_get_cstring_ret(&data,
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	479	&clen)) == NULL) {
				480	error("Certificate constraint \"%s\" "
				481	"corrupt", name);
				482	goto out;
				483	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	484	if (*cert_forced_command != NULL) {
				485	error("Certificate has multiple "
				486	"force-command options");
				487	xfree(command);
				488	goto out;
				489	}
				490	*cert_forced_command = command;
				491	found = 1;
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	492	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	493	if (strcmp(name, "source-address") == 0) {
Damien Miller	da108ec	2010-08-31 22:36:39 +1000	[diff] [blame]	494	if ((allowed = buffer_get_cstring_ret(&data,
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	495	&clen)) == NULL) {
				496	error("Certificate constraint "
				497	"\"%s\" corrupt", name);
				498	goto out;
				499	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	500	if ((*cert_source_address_done)++) {
				501	error("Certificate has multiple "
				502	"source-address options");
				503	xfree(allowed);
				504	goto out;
				505	}
				506	remote_ip = get_remote_ipaddr();
				507	switch (addr_match_cidr_list(remote_ip,
				508	allowed)) {
				509	case 1:
				510	/* accepted */
				511	xfree(allowed);
				512	break;
				513	case 0:
				514	/* no match */
				515	logit("Authentication tried for %.100s "
				516	"with valid certificate but not "
				517	"from a permitted host "
				518	"(ip=%.200s).", pw->pw_name,
				519	remote_ip);
				520	auth_debug_add("Your address '%.200s' "
				521	"is not permitted to use this "
				522	"certificate for login.",
				523	remote_ip);
				524	xfree(allowed);
				525	goto out;
				526	case -1:
				527	error("Certificate source-address "
				528	"contents invalid");
				529	xfree(allowed);
				530	goto out;
				531	}
				532	found = 1;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	533	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	534	}
				535
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	536	if (!found) {
				537	if (crit) {
				538	error("Certificate critical option \"%s\" "
				539	"is not supported", name);
				540	goto out;
				541	} else {
				542	logit("Certificate extension \"%s\" "
				543	"is not supported", name);
				544	}
				545	} else if (buffer_len(&data) != 0) {
				546	error("Certificate option \"%s\" corrupt "
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	547	"(extra data)", name);
				548	goto out;
				549	}
				550	buffer_clear(&data);
				551	xfree(name);
				552	xfree(data_blob);
				553	name = data_blob = NULL;
				554	}
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	555	/* successfully parsed all options */
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	556	ret = 0;
				557
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	558	out:
				559	if (ret != 0 &&
				560	cert_forced_command != NULL &&
				561	*cert_forced_command != NULL) {
				562	xfree(*cert_forced_command);
				563	*cert_forced_command = NULL;
				564	}
				565	if (name != NULL)
				566	xfree(name);
				567	if (data_blob != NULL)
				568	xfree(data_blob);
				569	buffer_free(&data);
				570	buffer_free(&c);
				571	return ret;
				572	}
				573
				574	/*
				575	* Set options from critical certificate options. These supersede user key
				576	* options so this must be called after auth_parse_options().
				577	*/
				578	int
				579	auth_cert_options(Key k, struct passwd pw)
				580	{
				581	int cert_no_port_forwarding_flag = 1;
				582	int cert_no_agent_forwarding_flag = 1;
				583	int cert_no_x11_forwarding_flag = 1;
				584	int cert_no_pty_flag = 1;
				585	int cert_no_user_rc = 1;
				586	char *cert_forced_command = NULL;
				587	int cert_source_address_done = 0;
				588
				589	if (key_cert_is_legacy(k)) {
				590	/* All options are in the one field for v00 certs */
				591	if (parse_option_list(buffer_ptr(&k->cert->critical),
				592	buffer_len(&k->cert->critical), pw,
				593	OPTIONS_CRITICAL\|OPTIONS_EXTENSIONS, 1,
				594	&cert_no_port_forwarding_flag,
				595	&cert_no_agent_forwarding_flag,
				596	&cert_no_x11_forwarding_flag,
				597	&cert_no_pty_flag,
				598	&cert_no_user_rc,
				599	&cert_forced_command,
				600	&cert_source_address_done) == -1)
				601	return -1;
				602	} else {
				603	/* Separate options and extensions for v01 certs */
				604	if (parse_option_list(buffer_ptr(&k->cert->critical),
				605	buffer_len(&k->cert->critical), pw,
				606	OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
				607	&cert_forced_command,
				608	&cert_source_address_done) == -1)
				609	return -1;
				610	if (parse_option_list(buffer_ptr(&k->cert->extensions),
				611	buffer_len(&k->cert->extensions), pw,
				612	OPTIONS_EXTENSIONS, 1,
				613	&cert_no_port_forwarding_flag,
				614	&cert_no_agent_forwarding_flag,
				615	&cert_no_x11_forwarding_flag,
				616	&cert_no_pty_flag,
				617	&cert_no_user_rc,
				618	NULL, NULL) == -1)
				619	return -1;
				620	}
				621
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	622	no_port_forwarding_flag \|= cert_no_port_forwarding_flag;
				623	no_agent_forwarding_flag \|= cert_no_agent_forwarding_flag;
				624	no_x11_forwarding_flag \|= cert_no_x11_forwarding_flag;
				625	no_pty_flag \|= cert_no_pty_flag;
				626	no_user_rc \|= cert_no_user_rc;
				627	/* CA-specified forced command supersedes key option */
				628	if (cert_forced_command != NULL) {
				629	if (forced_command != NULL)
				630	xfree(forced_command);
				631	forced_command = cert_forced_command;
				632	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	633	return 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	634	}
				635