Blame - auth-options.c - platform/external/openssh

blob: 4f0da9c04d3327674122f9aa846acc9b37672cca [file] [log] [blame]

markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	1	/* $OpenBSD: auth-options.c,v 1.65 2015/01/14 10:30:34 markus Exp $ */
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	2	/*
				3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	* All rights reserved
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	6	* As far as I am concerned, the code I have written for this software
				7	* can be used freely for any purpose. Any derived versions of this
				8	* software must be clearly marked as such, and if the derived work is
				9	* incompatible with the protocol description in the RFC file, it must be
				10	* called by a name other than "ssh" or "Secure Shell".
				11	*/
				12
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	13	#include "includes.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	14
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	15	#include <sys/types.h>
				16
Damien Miller	b8fe89c	2006-07-24 14:51:00 +1000	[diff] [blame]	17	#include <netdb.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	18	#include <pwd.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	19	#include <string.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	20	#include <stdio.h>
				21	#include <stdarg.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	22
Damien Miller	b84886b	2008-05-19 15:05:07 +1000	[diff] [blame]	23	#include "openbsd-compat/sys-queue.h"
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	24
				25	#include "key.h" /* XXX for typedef */
				26	#include "buffer.h" /* XXX for typedef */
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	27	#include "xmalloc.h"
				28	#include "match.h"
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	29	#include "ssherr.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	30	#include "log.h"
				31	#include "canohost.h"
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	32	#include "sshbuf.h"
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	33	#include "misc.h"
Ben Lindstrom	c763767	2001-06-09 00:36:26 +0000	[diff] [blame]	34	#include "channels.h"
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	35	#include "servconf.h"
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	36	#include "sshkey.h"
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	37	#include "auth-options.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	38	#include "hostfile.h"
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	39	#include "auth.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	40
				41	/* Flags set authorized_keys flags */
				42	int no_port_forwarding_flag = 0;
				43	int no_agent_forwarding_flag = 0;
				44	int no_x11_forwarding_flag = 0;
				45	int no_pty_flag = 0;
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	46	int no_user_rc = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	47	int key_is_cert_authority = 0;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	48
				49	/* "command=" option. */
				50	char *forced_command = NULL;
				51
				52	/* "environment=" options. */
				53	struct envstring *custom_environment = NULL;
				54
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	55	/* "tunnel=" option. */
				56	int forced_tun_device = -1;
				57
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	58	/* "principals=" option. */
				59	char *authorized_principals = NULL;
				60
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	61	extern ServerOptions options;
				62
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	63	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	64	auth_clear_options(void)
				65	{
				66	no_agent_forwarding_flag = 0;
				67	no_port_forwarding_flag = 0;
				68	no_pty_flag = 0;
				69	no_x11_forwarding_flag = 0;
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	70	no_user_rc = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	71	key_is_cert_authority = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	72	while (custom_environment) {
				73	struct envstring *ce = custom_environment;
				74	custom_environment = ce->next;
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	75	free(ce->s);
				76	free(ce);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	77	}
				78	if (forced_command) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	79	free(forced_command);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	80	forced_command = NULL;
				81	}
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	82	if (authorized_principals) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	83	free(authorized_principals);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	84	authorized_principals = NULL;
				85	}
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	86	forced_tun_device = -1;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	87	channel_clear_permitted_opens();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	88	}
				89
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	90	/*
				91	* return 1 if access is granted, 0 if not.
				92	* side effect: sets key option flags
				93	*/
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	94	int
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	95	auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	96	{
				97	const char *cp;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	98	int i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	99
				100	/* reset options */
				101	auth_clear_options();
				102
Ben Lindstrom	36d7bd0	2001-02-10 22:27:19 +0000	[diff] [blame]	103	if (!opts)
				104	return 1;
				105
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	106	while (opts && opts != ' ' && *opts != '\t') {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	107	cp = "cert-authority";
				108	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				109	key_is_cert_authority = 1;
				110	opts += strlen(cp);
				111	goto next_option;
				112	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	113	cp = "no-port-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	114	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	115	auth_debug_add("Port forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	116	no_port_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	117	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	118	goto next_option;
				119	}
				120	cp = "no-agent-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	121	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	122	auth_debug_add("Agent forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	123	no_agent_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	124	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	125	goto next_option;
				126	}
				127	cp = "no-X11-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	128	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	129	auth_debug_add("X11 forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	130	no_x11_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	131	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	132	goto next_option;
				133	}
				134	cp = "no-pty";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	135	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	136	auth_debug_add("Pty allocation disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	137	no_pty_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	138	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	139	goto next_option;
				140	}
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	141	cp = "no-user-rc";
				142	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				143	auth_debug_add("User rc file execution disabled.");
				144	no_user_rc = 1;
				145	opts += strlen(cp);
				146	goto next_option;
				147	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	148	cp = "command=\"";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	149	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	150	opts += strlen(cp);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	151	if (forced_command != NULL)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	152	free(forced_command);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	153	forced_command = xmalloc(strlen(opts) + 1);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	154	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	155	while (*opts) {
				156	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	157	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	158	if (*opts == '\\' && opts[1] == '"') {
				159	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	160	forced_command[i++] = '"';
				161	continue;
				162	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	163	forced_command[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	164	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	165	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	166	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	167	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	168	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	169	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	170	free(forced_command);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	171	forced_command = NULL;
				172	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	173	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	174	forced_command[i] = '\0';
Damien Miller	de53fd0	2011-01-06 22:44:18 +1100	[diff] [blame]	175	auth_debug_add("Forced command.");
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	176	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	177	goto next_option;
				178	}
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	179	cp = "principals=\"";
				180	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				181	opts += strlen(cp);
				182	if (authorized_principals != NULL)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	183	free(authorized_principals);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	184	authorized_principals = xmalloc(strlen(opts) + 1);
				185	i = 0;
				186	while (*opts) {
				187	if (*opts == '"')
				188	break;
				189	if (*opts == '\\' && opts[1] == '"') {
				190	opts += 2;
				191	authorized_principals[i++] = '"';
				192	continue;
				193	}
				194	authorized_principals[i++] = *opts++;
				195	}
				196	if (!*opts) {
				197	debug("%.100s, line %lu: missing end quote",
				198	file, linenum);
				199	auth_debug_add("%.100s, line %lu: missing end quote",
				200	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	201	free(authorized_principals);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	202	authorized_principals = NULL;
				203	goto bad_option;
				204	}
				205	authorized_principals[i] = '\0';
				206	auth_debug_add("principals: %.900s",
				207	authorized_principals);
				208	opts++;
				209	goto next_option;
				210	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	211	cp = "environment=\"";
Ben Lindstrom	5d860f0	2002-08-01 01:28:38 +0000	[diff] [blame]	212	if (options.permit_user_env &&
				213	strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	214	char *s;
				215	struct envstring *new_envstring;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	216
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	217	opts += strlen(cp);
				218	s = xmalloc(strlen(opts) + 1);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	219	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	220	while (*opts) {
				221	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	222	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	223	if (*opts == '\\' && opts[1] == '"') {
				224	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	225	s[i++] = '"';
				226	continue;
				227	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	228	s[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	229	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	230	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	231	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	232	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	233	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	234	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	235	free(s);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	236	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	237	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	238	s[i] = '\0';
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	239	auth_debug_add("Adding to environment: %.900s", s);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	240	debug("Adding to environment: %.900s", s);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	241	opts++;
Damien Miller	6c81fee	2013-11-08 12:19:55 +1100	[diff] [blame]	242	new_envstring = xcalloc(1, sizeof(struct envstring));
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	243	new_envstring->s = s;
				244	new_envstring->next = custom_environment;
				245	custom_environment = new_envstring;
				246	goto next_option;
				247	}
				248	cp = "from=\"";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	249	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	250	const char *remote_ip = get_remote_ipaddr();
				251	const char *remote_host = get_canonical_hostname(
Damien Miller	3a961dc	2003-06-03 10:25:48 +1000	[diff] [blame]	252	options.use_dns);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	253	char *patterns = xmalloc(strlen(opts) + 1);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	254
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	255	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	256	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	257	while (*opts) {
				258	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	259	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	260	if (*opts == '\\' && opts[1] == '"') {
				261	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	262	patterns[i++] = '"';
				263	continue;
				264	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	265	patterns[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	266	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	267	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	268	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	269	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	270	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	271	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	272	free(patterns);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	273	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	274	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	275	patterns[i] = '\0';
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	276	opts++;
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	277	switch (match_host_and_ip(remote_host, remote_ip,
				278	patterns)) {
				279	case 1:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	280	free(patterns);
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	281	/* Host name matches. */
				282	goto next_option;
				283	case -1:
				284	debug("%.100s, line %lu: invalid criteria",
				285	file, linenum);
				286	auth_debug_add("%.100s, line %lu: "
				287	"invalid criteria", file, linenum);
				288	/* FALLTHROUGH */
				289	case 0:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	290	free(patterns);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	291	logit("Authentication tried for %.100s with "
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	292	"correct key but not from a permitted "
				293	"host (host=%.200s, ip=%.200s).",
				294	pw->pw_name, remote_host, remote_ip);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	295	auth_debug_add("Your host '%.200s' is not "
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	296	"permitted to use this key for login.",
				297	remote_host);
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	298	break;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	299	}
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	300	/* deny access */
				301	return 0;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	302	}
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	303	cp = "permitopen=\"";
				304	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	305	char host, p;
Damien Miller	e37dde0	2009-01-28 16:33:01 +1100	[diff] [blame]	306	int port;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	307	char *patterns = xmalloc(strlen(opts) + 1);
				308
				309	opts += strlen(cp);
				310	i = 0;
				311	while (*opts) {
				312	if (*opts == '"')
				313	break;
				314	if (*opts == '\\' && opts[1] == '"') {
				315	opts += 2;
				316	patterns[i++] = '"';
				317	continue;
				318	}
				319	patterns[i++] = *opts++;
				320	}
				321	if (!*opts) {
				322	debug("%.100s, line %lu: missing end quote",
				323	file, linenum);
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	324	auth_debug_add("%.100s, line %lu: missing "
				325	"end quote", file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	326	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	327	goto bad_option;
				328	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	329	patterns[i] = '\0';
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	330	opts++;
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	331	p = patterns;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	332	/* XXX - add streamlocal support */
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	333	host = hpdelim(&p);
				334	if (host == NULL \|\| strlen(host) >= NI_MAXHOST) {
				335	debug("%.100s, line %lu: Bad permitopen "
Darren Tucker	90b9e02	2005-03-14 23:08:50 +1100	[diff] [blame]	336	"specification <%.100s>", file, linenum,
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	337	patterns);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	338	auth_debug_add("%.100s, line %lu: "
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	339	"Bad permitopen specification", file,
				340	linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	341	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	342	goto bad_option;
				343	}
Darren Tucker	47eede7	2005-03-14 23:08:12 +1100	[diff] [blame]	344	host = cleanhostname(host);
Darren Tucker	1338b9e	2011-10-02 18:57:35 +1100	[diff] [blame]	345	if (p == NULL \|\| (port = permitopen_port(p)) < 0) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	346	debug("%.100s, line %lu: Bad permitopen port "
				347	"<%.100s>", file, linenum, p ? p : "");
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	348	auth_debug_add("%.100s, line %lu: "
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	349	"Bad permitopen port", file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	350	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	351	goto bad_option;
				352	}
Damien Miller	aa5b3f8	2012-12-03 09:50:54 +1100	[diff] [blame]	353	if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	354	channel_add_permitted_opens(host, port);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	355	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	356	goto next_option;
				357	}
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	358	cp = "tunnel=\"";
				359	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				360	char *tun = NULL;
				361	opts += strlen(cp);
				362	tun = xmalloc(strlen(opts) + 1);
				363	i = 0;
				364	while (*opts) {
				365	if (*opts == '"')
				366	break;
				367	tun[i++] = *opts++;
				368	}
				369	if (!*opts) {
				370	debug("%.100s, line %lu: missing end quote",
				371	file, linenum);
				372	auth_debug_add("%.100s, line %lu: missing end quote",
				373	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	374	free(tun);
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	375	forced_tun_device = -1;
				376	goto bad_option;
				377	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	378	tun[i] = '\0';
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	379	forced_tun_device = a2tun(tun, NULL);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	380	free(tun);
Damien Miller	7b58e80	2005-12-13 19:33:19 +1100	[diff] [blame]	381	if (forced_tun_device == SSH_TUNID_ERR) {
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	382	debug("%.100s, line %lu: invalid tun device",
				383	file, linenum);
				384	auth_debug_add("%.100s, line %lu: invalid tun device",
				385	file, linenum);
				386	forced_tun_device = -1;
				387	goto bad_option;
				388	}
				389	auth_debug_add("Forced tun device: %d", forced_tun_device);
				390	opts++;
				391	goto next_option;
				392	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	393	next_option:
				394	/*
				395	* Skip the comma, and move to the next option
				396	* (or break out if there are no more).
				397	*/
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	398	if (!*opts)
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	399	fatal("Bugs in auth-options.c option processing.");
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	400	if (opts == ' ' \|\| opts == '\t')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	401	break; /* End of options. */
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	402	if (*opts != ',')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	403	goto bad_option;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	404	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	405	/* Process the next option. */
				406	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	407
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	408	/* grant access */
				409	return 1;
				410
				411	bad_option:
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	412	logit("Bad options in %.100s file, line %lu: %.50s",
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	413	file, linenum, opts);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	414	auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	415	file, linenum, opts);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	416
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	417	/* deny access */
				418	return 0;
				419	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	420
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	421	#define OPTIONS_CRITICAL 1
				422	#define OPTIONS_EXTENSIONS 2
				423	static int
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	424	parse_option_list(struct sshbuf oblob, struct passwd pw,
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	425	u_int which, int crit,
				426	int *cert_no_port_forwarding_flag,
				427	int *cert_no_agent_forwarding_flag,
				428	int *cert_no_x11_forwarding_flag,
				429	int *cert_no_pty_flag,
				430	int *cert_no_user_rc,
				431	char **cert_forced_command,
				432	int *cert_source_address_done)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	433	{
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	434	char command, allowed;
				435	const char *remote_ip;
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	436	char *name = NULL;
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	437	struct sshbuf c = NULL, data = NULL;
				438	int r, ret = -1, result, found;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	439
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	440	if ((c = sshbuf_fromb(oblob)) == NULL) {
				441	error("%s: sshbuf_fromb failed", __func__);
				442	goto out;
				443	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	444
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	445	while (sshbuf_len(c) > 0) {
				446	sshbuf_free(data);
				447	data = NULL;
				448	if ((r = sshbuf_get_cstring(c, &name, NULL)) != 0 \|\|
				449	(r = sshbuf_froms(c, &data)) != 0) {
				450	error("Unable to parse certificate options: %s",
				451	ssh_err(r));
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	452	goto out;
				453	}
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	454	debug3("found certificate option \"%.100s\" len %zu",
				455	name, sshbuf_len(data));
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	456	found = 0;
				457	if ((which & OPTIONS_EXTENSIONS) != 0) {
				458	if (strcmp(name, "permit-X11-forwarding") == 0) {
				459	*cert_no_x11_forwarding_flag = 0;
				460	found = 1;
				461	} else if (strcmp(name,
				462	"permit-agent-forwarding") == 0) {
				463	*cert_no_agent_forwarding_flag = 0;
				464	found = 1;
				465	} else if (strcmp(name,
				466	"permit-port-forwarding") == 0) {
				467	*cert_no_port_forwarding_flag = 0;
				468	found = 1;
				469	} else if (strcmp(name, "permit-pty") == 0) {
				470	*cert_no_pty_flag = 0;
				471	found = 1;
				472	} else if (strcmp(name, "permit-user-rc") == 0) {
				473	*cert_no_user_rc = 0;
				474	found = 1;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	475	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	476	}
				477	if (!found && (which & OPTIONS_CRITICAL) != 0) {
				478	if (strcmp(name, "force-command") == 0) {
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	479	if ((r = sshbuf_get_cstring(data, &command,
				480	NULL)) != 0) {
				481	error("Unable to parse \"%s\" "
				482	"section: %s", name, ssh_err(r));
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	483	goto out;
				484	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	485	if (*cert_forced_command != NULL) {
				486	error("Certificate has multiple "
				487	"force-command options");
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	488	free(command);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	489	goto out;
				490	}
				491	*cert_forced_command = command;
				492	found = 1;
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	493	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	494	if (strcmp(name, "source-address") == 0) {
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	495	if ((r = sshbuf_get_cstring(data, &allowed,
				496	NULL)) != 0) {
				497	error("Unable to parse \"%s\" "
				498	"section: %s", name, ssh_err(r));
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	499	goto out;
				500	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	501	if ((*cert_source_address_done)++) {
				502	error("Certificate has multiple "
				503	"source-address options");
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	504	free(allowed);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	505	goto out;
				506	}
				507	remote_ip = get_remote_ipaddr();
Damien Miller	bf25d11	2013-12-29 17:44:56 +1100	[diff] [blame]	508	result = addr_match_cidr_list(remote_ip,
				509	allowed);
				510	free(allowed);
				511	switch (result) {
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	512	case 1:
				513	/* accepted */
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	514	break;
				515	case 0:
				516	/* no match */
				517	logit("Authentication tried for %.100s "
				518	"with valid certificate but not "
				519	"from a permitted host "
				520	"(ip=%.200s).", pw->pw_name,
				521	remote_ip);
				522	auth_debug_add("Your address '%.200s' "
				523	"is not permitted to use this "
				524	"certificate for login.",
				525	remote_ip);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	526	goto out;
				527	case -1:
Damien Miller	bf25d11	2013-12-29 17:44:56 +1100	[diff] [blame]	528	default:
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	529	error("Certificate source-address "
				530	"contents invalid");
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	531	goto out;
				532	}
				533	found = 1;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	534	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	535	}
				536
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	537	if (!found) {
				538	if (crit) {
				539	error("Certificate critical option \"%s\" "
				540	"is not supported", name);
				541	goto out;
				542	} else {
				543	logit("Certificate extension \"%s\" "
				544	"is not supported", name);
				545	}
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	546	} else if (sshbuf_len(data) != 0) {
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	547	error("Certificate option \"%s\" corrupt "
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	548	"(extra data)", name);
				549	goto out;
				550	}
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	551	free(name);
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	552	name = NULL;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	553	}
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	554	/* successfully parsed all options */
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	555	ret = 0;
				556
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	557	out:
				558	if (ret != 0 &&
				559	cert_forced_command != NULL &&
				560	*cert_forced_command != NULL) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	561	free(*cert_forced_command);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	562	*cert_forced_command = NULL;
				563	}
				564	if (name != NULL)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	565	free(name);
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	566	sshbuf_free(data);
				567	sshbuf_free(c);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	568	return ret;
				569	}
				570
				571	/*
				572	* Set options from critical certificate options. These supersede user key
				573	* options so this must be called after auth_parse_options().
				574	*/
				575	int
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	576	auth_cert_options(struct sshkey k, struct passwd pw)
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	577	{
				578	int cert_no_port_forwarding_flag = 1;
				579	int cert_no_agent_forwarding_flag = 1;
				580	int cert_no_x11_forwarding_flag = 1;
				581	int cert_no_pty_flag = 1;
				582	int cert_no_user_rc = 1;
				583	char *cert_forced_command = NULL;
				584	int cert_source_address_done = 0;
				585
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	586	if (sshkey_cert_is_legacy(k)) {
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	587	/* All options are in the one field for v00 certs */
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	588	if (parse_option_list(k->cert->critical, pw,
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	589	OPTIONS_CRITICAL\|OPTIONS_EXTENSIONS, 1,
				590	&cert_no_port_forwarding_flag,
				591	&cert_no_agent_forwarding_flag,
				592	&cert_no_x11_forwarding_flag,
				593	&cert_no_pty_flag,
				594	&cert_no_user_rc,
				595	&cert_forced_command,
				596	&cert_source_address_done) == -1)
				597	return -1;
				598	} else {
				599	/* Separate options and extensions for v01 certs */
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	600	if (parse_option_list(k->cert->critical, pw,
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	601	OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
				602	&cert_forced_command,
				603	&cert_source_address_done) == -1)
				604	return -1;
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame^]	605	if (parse_option_list(k->cert->extensions, pw,
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	606	OPTIONS_EXTENSIONS, 1,
				607	&cert_no_port_forwarding_flag,
				608	&cert_no_agent_forwarding_flag,
				609	&cert_no_x11_forwarding_flag,
				610	&cert_no_pty_flag,
				611	&cert_no_user_rc,
				612	NULL, NULL) == -1)
				613	return -1;
				614	}
				615
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	616	no_port_forwarding_flag \|= cert_no_port_forwarding_flag;
				617	no_agent_forwarding_flag \|= cert_no_agent_forwarding_flag;
				618	no_x11_forwarding_flag \|= cert_no_x11_forwarding_flag;
				619	no_pty_flag \|= cert_no_pty_flag;
				620	no_user_rc \|= cert_no_user_rc;
				621	/* CA-specified forced command supersedes key option */
				622	if (cert_forced_command != NULL) {
				623	if (forced_command != NULL)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	624	free(forced_command);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	625	forced_command = cert_forced_command;
				626	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	627	return 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	628	}
				629