Blame - auth-options.c - platform/external/openssh

blob: fa209eaab8131ec4932c6fe7dd0e0006eeca153d [file] [log] [blame]

Damien Miller	bf25d11	2013-12-29 17:44:56 +1100	[diff] [blame^]	1	/* $OpenBSD: auth-options.c,v 1.62 2013/12/19 00:27:57 djm Exp $ */
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	2	/*
				3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	* All rights reserved
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	6	* As far as I am concerned, the code I have written for this software
				7	* can be used freely for any purpose. Any derived versions of this
				8	* software must be clearly marked as such, and if the derived work is
				9	* incompatible with the protocol description in the RFC file, it must be
				10	* called by a name other than "ssh" or "Secure Shell".
				11	*/
				12
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	13	#include "includes.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	14
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	15	#include <sys/types.h>
				16
Damien Miller	b8fe89c	2006-07-24 14:51:00 +1000	[diff] [blame]	17	#include <netdb.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	18	#include <pwd.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	19	#include <string.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	20	#include <stdio.h>
				21	#include <stdarg.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	22
Damien Miller	b84886b	2008-05-19 15:05:07 +1000	[diff] [blame]	23	#include "openbsd-compat/sys-queue.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	24	#include "xmalloc.h"
				25	#include "match.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	26	#include "log.h"
				27	#include "canohost.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	28	#include "buffer.h"
Ben Lindstrom	c763767	2001-06-09 00:36:26 +0000	[diff] [blame]	29	#include "channels.h"
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	30	#include "servconf.h"
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	31	#include "misc.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	32	#include "key.h"
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	33	#include "auth-options.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	34	#include "hostfile.h"
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	35	#include "auth.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	36
				37	/* Flags set authorized_keys flags */
				38	int no_port_forwarding_flag = 0;
				39	int no_agent_forwarding_flag = 0;
				40	int no_x11_forwarding_flag = 0;
				41	int no_pty_flag = 0;
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	42	int no_user_rc = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	43	int key_is_cert_authority = 0;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	44
				45	/* "command=" option. */
				46	char *forced_command = NULL;
				47
				48	/* "environment=" options. */
				49	struct envstring *custom_environment = NULL;
				50
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	51	/* "tunnel=" option. */
				52	int forced_tun_device = -1;
				53
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	54	/* "principals=" option. */
				55	char *authorized_principals = NULL;
				56
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	57	extern ServerOptions options;
				58
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	59	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	60	auth_clear_options(void)
				61	{
				62	no_agent_forwarding_flag = 0;
				63	no_port_forwarding_flag = 0;
				64	no_pty_flag = 0;
				65	no_x11_forwarding_flag = 0;
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	66	no_user_rc = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	67	key_is_cert_authority = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	68	while (custom_environment) {
				69	struct envstring *ce = custom_environment;
				70	custom_environment = ce->next;
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	71	free(ce->s);
				72	free(ce);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	73	}
				74	if (forced_command) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	75	free(forced_command);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	76	forced_command = NULL;
				77	}
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	78	if (authorized_principals) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	79	free(authorized_principals);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	80	authorized_principals = NULL;
				81	}
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	82	forced_tun_device = -1;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	83	channel_clear_permitted_opens();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	84	}
				85
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	86	/*
				87	* return 1 if access is granted, 0 if not.
				88	* side effect: sets key option flags
				89	*/
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	90	int
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	91	auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	92	{
				93	const char *cp;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	94	int i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	95
				96	/* reset options */
				97	auth_clear_options();
				98
Ben Lindstrom	36d7bd0	2001-02-10 22:27:19 +0000	[diff] [blame]	99	if (!opts)
				100	return 1;
				101
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	102	while (opts && opts != ' ' && *opts != '\t') {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	103	cp = "cert-authority";
				104	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				105	key_is_cert_authority = 1;
				106	opts += strlen(cp);
				107	goto next_option;
				108	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	109	cp = "no-port-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	110	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	111	auth_debug_add("Port forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	112	no_port_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	113	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	114	goto next_option;
				115	}
				116	cp = "no-agent-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	117	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	118	auth_debug_add("Agent forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	119	no_agent_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	120	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	121	goto next_option;
				122	}
				123	cp = "no-X11-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	124	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	125	auth_debug_add("X11 forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	126	no_x11_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	127	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	128	goto next_option;
				129	}
				130	cp = "no-pty";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	131	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	132	auth_debug_add("Pty allocation disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	133	no_pty_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	134	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	135	goto next_option;
				136	}
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	137	cp = "no-user-rc";
				138	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				139	auth_debug_add("User rc file execution disabled.");
				140	no_user_rc = 1;
				141	opts += strlen(cp);
				142	goto next_option;
				143	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	144	cp = "command=\"";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	145	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	146	opts += strlen(cp);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	147	if (forced_command != NULL)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	148	free(forced_command);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	149	forced_command = xmalloc(strlen(opts) + 1);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	150	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	151	while (*opts) {
				152	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	153	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	154	if (*opts == '\\' && opts[1] == '"') {
				155	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	156	forced_command[i++] = '"';
				157	continue;
				158	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	159	forced_command[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	160	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	161	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	162	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	163	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	164	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	165	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	166	free(forced_command);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	167	forced_command = NULL;
				168	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	169	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	170	forced_command[i] = '\0';
Damien Miller	de53fd0	2011-01-06 22:44:18 +1100	[diff] [blame]	171	auth_debug_add("Forced command.");
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	172	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	173	goto next_option;
				174	}
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	175	cp = "principals=\"";
				176	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				177	opts += strlen(cp);
				178	if (authorized_principals != NULL)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	179	free(authorized_principals);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	180	authorized_principals = xmalloc(strlen(opts) + 1);
				181	i = 0;
				182	while (*opts) {
				183	if (*opts == '"')
				184	break;
				185	if (*opts == '\\' && opts[1] == '"') {
				186	opts += 2;
				187	authorized_principals[i++] = '"';
				188	continue;
				189	}
				190	authorized_principals[i++] = *opts++;
				191	}
				192	if (!*opts) {
				193	debug("%.100s, line %lu: missing end quote",
				194	file, linenum);
				195	auth_debug_add("%.100s, line %lu: missing end quote",
				196	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	197	free(authorized_principals);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	198	authorized_principals = NULL;
				199	goto bad_option;
				200	}
				201	authorized_principals[i] = '\0';
				202	auth_debug_add("principals: %.900s",
				203	authorized_principals);
				204	opts++;
				205	goto next_option;
				206	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	207	cp = "environment=\"";
Ben Lindstrom	5d860f0	2002-08-01 01:28:38 +0000	[diff] [blame]	208	if (options.permit_user_env &&
				209	strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	210	char *s;
				211	struct envstring *new_envstring;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	212
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	213	opts += strlen(cp);
				214	s = xmalloc(strlen(opts) + 1);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	215	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	216	while (*opts) {
				217	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	218	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	219	if (*opts == '\\' && opts[1] == '"') {
				220	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	221	s[i++] = '"';
				222	continue;
				223	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	224	s[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	225	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	226	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	227	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	228	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	229	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	230	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	231	free(s);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	232	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	233	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	234	s[i] = '\0';
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	235	auth_debug_add("Adding to environment: %.900s", s);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	236	debug("Adding to environment: %.900s", s);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	237	opts++;
Damien Miller	6c81fee	2013-11-08 12:19:55 +1100	[diff] [blame]	238	new_envstring = xcalloc(1, sizeof(struct envstring));
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	239	new_envstring->s = s;
				240	new_envstring->next = custom_environment;
				241	custom_environment = new_envstring;
				242	goto next_option;
				243	}
				244	cp = "from=\"";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	245	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	246	const char *remote_ip = get_remote_ipaddr();
				247	const char *remote_host = get_canonical_hostname(
Damien Miller	3a961dc	2003-06-03 10:25:48 +1000	[diff] [blame]	248	options.use_dns);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	249	char *patterns = xmalloc(strlen(opts) + 1);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	250
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	251	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	252	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	253	while (*opts) {
				254	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	255	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	256	if (*opts == '\\' && opts[1] == '"') {
				257	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	258	patterns[i++] = '"';
				259	continue;
				260	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	261	patterns[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	262	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	263	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	264	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	265	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	266	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	267	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	268	free(patterns);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	269	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	270	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	271	patterns[i] = '\0';
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	272	opts++;
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	273	switch (match_host_and_ip(remote_host, remote_ip,
				274	patterns)) {
				275	case 1:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	276	free(patterns);
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	277	/* Host name matches. */
				278	goto next_option;
				279	case -1:
				280	debug("%.100s, line %lu: invalid criteria",
				281	file, linenum);
				282	auth_debug_add("%.100s, line %lu: "
				283	"invalid criteria", file, linenum);
				284	/* FALLTHROUGH */
				285	case 0:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	286	free(patterns);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	287	logit("Authentication tried for %.100s with "
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	288	"correct key but not from a permitted "
				289	"host (host=%.200s, ip=%.200s).",
				290	pw->pw_name, remote_host, remote_ip);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	291	auth_debug_add("Your host '%.200s' is not "
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	292	"permitted to use this key for login.",
				293	remote_host);
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	294	break;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	295	}
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	296	/* deny access */
				297	return 0;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	298	}
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	299	cp = "permitopen=\"";
				300	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	301	char host, p;
Damien Miller	e37dde0	2009-01-28 16:33:01 +1100	[diff] [blame]	302	int port;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	303	char *patterns = xmalloc(strlen(opts) + 1);
				304
				305	opts += strlen(cp);
				306	i = 0;
				307	while (*opts) {
				308	if (*opts == '"')
				309	break;
				310	if (*opts == '\\' && opts[1] == '"') {
				311	opts += 2;
				312	patterns[i++] = '"';
				313	continue;
				314	}
				315	patterns[i++] = *opts++;
				316	}
				317	if (!*opts) {
				318	debug("%.100s, line %lu: missing end quote",
				319	file, linenum);
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	320	auth_debug_add("%.100s, line %lu: missing "
				321	"end quote", file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	322	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	323	goto bad_option;
				324	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	325	patterns[i] = '\0';
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	326	opts++;
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	327	p = patterns;
				328	host = hpdelim(&p);
				329	if (host == NULL \|\| strlen(host) >= NI_MAXHOST) {
				330	debug("%.100s, line %lu: Bad permitopen "
Darren Tucker	90b9e02	2005-03-14 23:08:50 +1100	[diff] [blame]	331	"specification <%.100s>", file, linenum,
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	332	patterns);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	333	auth_debug_add("%.100s, line %lu: "
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	334	"Bad permitopen specification", file,
				335	linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	336	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	337	goto bad_option;
				338	}
Darren Tucker	47eede7	2005-03-14 23:08:12 +1100	[diff] [blame]	339	host = cleanhostname(host);
Darren Tucker	1338b9e	2011-10-02 18:57:35 +1100	[diff] [blame]	340	if (p == NULL \|\| (port = permitopen_port(p)) < 0) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	341	debug("%.100s, line %lu: Bad permitopen port "
				342	"<%.100s>", file, linenum, p ? p : "");
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	343	auth_debug_add("%.100s, line %lu: "
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	344	"Bad permitopen port", file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	345	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	346	goto bad_option;
				347	}
Damien Miller	aa5b3f8	2012-12-03 09:50:54 +1100	[diff] [blame]	348	if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	349	channel_add_permitted_opens(host, port);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	350	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	351	goto next_option;
				352	}
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	353	cp = "tunnel=\"";
				354	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				355	char *tun = NULL;
				356	opts += strlen(cp);
				357	tun = xmalloc(strlen(opts) + 1);
				358	i = 0;
				359	while (*opts) {
				360	if (*opts == '"')
				361	break;
				362	tun[i++] = *opts++;
				363	}
				364	if (!*opts) {
				365	debug("%.100s, line %lu: missing end quote",
				366	file, linenum);
				367	auth_debug_add("%.100s, line %lu: missing end quote",
				368	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	369	free(tun);
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	370	forced_tun_device = -1;
				371	goto bad_option;
				372	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	373	tun[i] = '\0';
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	374	forced_tun_device = a2tun(tun, NULL);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	375	free(tun);
Damien Miller	7b58e80	2005-12-13 19:33:19 +1100	[diff] [blame]	376	if (forced_tun_device == SSH_TUNID_ERR) {
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	377	debug("%.100s, line %lu: invalid tun device",
				378	file, linenum);
				379	auth_debug_add("%.100s, line %lu: invalid tun device",
				380	file, linenum);
				381	forced_tun_device = -1;
				382	goto bad_option;
				383	}
				384	auth_debug_add("Forced tun device: %d", forced_tun_device);
				385	opts++;
				386	goto next_option;
				387	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	388	next_option:
				389	/*
				390	* Skip the comma, and move to the next option
				391	* (or break out if there are no more).
				392	*/
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	393	if (!*opts)
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	394	fatal("Bugs in auth-options.c option processing.");
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	395	if (opts == ' ' \|\| opts == '\t')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	396	break; /* End of options. */
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	397	if (*opts != ',')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	398	goto bad_option;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	399	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	400	/* Process the next option. */
				401	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	402
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	403	/* grant access */
				404	return 1;
				405
				406	bad_option:
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	407	logit("Bad options in %.100s file, line %lu: %.50s",
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	408	file, linenum, opts);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	409	auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	410	file, linenum, opts);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	411
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	412	/* deny access */
				413	return 0;
				414	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	415
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	416	#define OPTIONS_CRITICAL 1
				417	#define OPTIONS_EXTENSIONS 2
				418	static int
				419	parse_option_list(u_char optblob, size_t optblob_len, struct passwd pw,
				420	u_int which, int crit,
				421	int *cert_no_port_forwarding_flag,
				422	int *cert_no_agent_forwarding_flag,
				423	int *cert_no_x11_forwarding_flag,
				424	int *cert_no_pty_flag,
				425	int *cert_no_user_rc,
				426	char **cert_forced_command,
				427	int *cert_source_address_done)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	428	{
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	429	char command, allowed;
				430	const char *remote_ip;
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	431	char *name = NULL;
				432	u_char *data_blob = NULL;
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	433	u_int nlen, dlen, clen;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	434	Buffer c, data;
Damien Miller	bf25d11	2013-12-29 17:44:56 +1100	[diff] [blame^]	435	int ret = -1, result, found;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	436
				437	buffer_init(&data);
				438
				439	/* Make copy to avoid altering original */
				440	buffer_init(&c);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	441	buffer_append(&c, optblob, optblob_len);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	442
				443	while (buffer_len(&c) > 0) {
Damien Miller	da108ec	2010-08-31 22:36:39 +1000	[diff] [blame]	444	if ((name = buffer_get_cstring_ret(&c, &nlen)) == NULL \|\|
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	445	(data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	446	error("Certificate options corrupt");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	447	goto out;
				448	}
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	449	buffer_append(&data, data_blob, dlen);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	450	debug3("found certificate option \"%.100s\" len %u",
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	451	name, dlen);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	452	found = 0;
				453	if ((which & OPTIONS_EXTENSIONS) != 0) {
				454	if (strcmp(name, "permit-X11-forwarding") == 0) {
				455	*cert_no_x11_forwarding_flag = 0;
				456	found = 1;
				457	} else if (strcmp(name,
				458	"permit-agent-forwarding") == 0) {
				459	*cert_no_agent_forwarding_flag = 0;
				460	found = 1;
				461	} else if (strcmp(name,
				462	"permit-port-forwarding") == 0) {
				463	*cert_no_port_forwarding_flag = 0;
				464	found = 1;
				465	} else if (strcmp(name, "permit-pty") == 0) {
				466	*cert_no_pty_flag = 0;
				467	found = 1;
				468	} else if (strcmp(name, "permit-user-rc") == 0) {
				469	*cert_no_user_rc = 0;
				470	found = 1;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	471	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	472	}
				473	if (!found && (which & OPTIONS_CRITICAL) != 0) {
				474	if (strcmp(name, "force-command") == 0) {
Damien Miller	da108ec	2010-08-31 22:36:39 +1000	[diff] [blame]	475	if ((command = buffer_get_cstring_ret(&data,
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	476	&clen)) == NULL) {
				477	error("Certificate constraint \"%s\" "
				478	"corrupt", name);
				479	goto out;
				480	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	481	if (*cert_forced_command != NULL) {
				482	error("Certificate has multiple "
				483	"force-command options");
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	484	free(command);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	485	goto out;
				486	}
				487	*cert_forced_command = command;
				488	found = 1;
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	489	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	490	if (strcmp(name, "source-address") == 0) {
Damien Miller	da108ec	2010-08-31 22:36:39 +1000	[diff] [blame]	491	if ((allowed = buffer_get_cstring_ret(&data,
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	492	&clen)) == NULL) {
				493	error("Certificate constraint "
				494	"\"%s\" corrupt", name);
				495	goto out;
				496	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	497	if ((*cert_source_address_done)++) {
				498	error("Certificate has multiple "
				499	"source-address options");
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	500	free(allowed);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	501	goto out;
				502	}
				503	remote_ip = get_remote_ipaddr();
Damien Miller	bf25d11	2013-12-29 17:44:56 +1100	[diff] [blame^]	504	result = addr_match_cidr_list(remote_ip,
				505	allowed);
				506	free(allowed);
				507	switch (result) {
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	508	case 1:
				509	/* accepted */
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	510	break;
				511	case 0:
				512	/* no match */
				513	logit("Authentication tried for %.100s "
				514	"with valid certificate but not "
				515	"from a permitted host "
				516	"(ip=%.200s).", pw->pw_name,
				517	remote_ip);
				518	auth_debug_add("Your address '%.200s' "
				519	"is not permitted to use this "
				520	"certificate for login.",
				521	remote_ip);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	522	goto out;
				523	case -1:
Damien Miller	bf25d11	2013-12-29 17:44:56 +1100	[diff] [blame^]	524	default:
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	525	error("Certificate source-address "
				526	"contents invalid");
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	527	goto out;
				528	}
				529	found = 1;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	530	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	531	}
				532
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	533	if (!found) {
				534	if (crit) {
				535	error("Certificate critical option \"%s\" "
				536	"is not supported", name);
				537	goto out;
				538	} else {
				539	logit("Certificate extension \"%s\" "
				540	"is not supported", name);
				541	}
				542	} else if (buffer_len(&data) != 0) {
				543	error("Certificate option \"%s\" corrupt "
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	544	"(extra data)", name);
				545	goto out;
				546	}
				547	buffer_clear(&data);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	548	free(name);
				549	free(data_blob);
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	550	name = NULL;
				551	data_blob = NULL;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	552	}
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	553	/* successfully parsed all options */
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	554	ret = 0;
				555
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	556	out:
				557	if (ret != 0 &&
				558	cert_forced_command != NULL &&
				559	*cert_forced_command != NULL) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	560	free(*cert_forced_command);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	561	*cert_forced_command = NULL;
				562	}
				563	if (name != NULL)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	564	free(name);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	565	if (data_blob != NULL)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	566	free(data_blob);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	567	buffer_free(&data);
				568	buffer_free(&c);
				569	return ret;
				570	}
				571
				572	/*
				573	* Set options from critical certificate options. These supersede user key
				574	* options so this must be called after auth_parse_options().
				575	*/
				576	int
				577	auth_cert_options(Key k, struct passwd pw)
				578	{
				579	int cert_no_port_forwarding_flag = 1;
				580	int cert_no_agent_forwarding_flag = 1;
				581	int cert_no_x11_forwarding_flag = 1;
				582	int cert_no_pty_flag = 1;
				583	int cert_no_user_rc = 1;
				584	char *cert_forced_command = NULL;
				585	int cert_source_address_done = 0;
				586
				587	if (key_cert_is_legacy(k)) {
				588	/* All options are in the one field for v00 certs */
				589	if (parse_option_list(buffer_ptr(&k->cert->critical),
				590	buffer_len(&k->cert->critical), pw,
				591	OPTIONS_CRITICAL\|OPTIONS_EXTENSIONS, 1,
				592	&cert_no_port_forwarding_flag,
				593	&cert_no_agent_forwarding_flag,
				594	&cert_no_x11_forwarding_flag,
				595	&cert_no_pty_flag,
				596	&cert_no_user_rc,
				597	&cert_forced_command,
				598	&cert_source_address_done) == -1)
				599	return -1;
				600	} else {
				601	/* Separate options and extensions for v01 certs */
				602	if (parse_option_list(buffer_ptr(&k->cert->critical),
				603	buffer_len(&k->cert->critical), pw,
				604	OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
				605	&cert_forced_command,
				606	&cert_source_address_done) == -1)
				607	return -1;
				608	if (parse_option_list(buffer_ptr(&k->cert->extensions),
				609	buffer_len(&k->cert->extensions), pw,
				610	OPTIONS_EXTENSIONS, 1,
				611	&cert_no_port_forwarding_flag,
				612	&cert_no_agent_forwarding_flag,
				613	&cert_no_x11_forwarding_flag,
				614	&cert_no_pty_flag,
				615	&cert_no_user_rc,
				616	NULL, NULL) == -1)
				617	return -1;
				618	}
				619
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	620	no_port_forwarding_flag \|= cert_no_port_forwarding_flag;
				621	no_agent_forwarding_flag \|= cert_no_agent_forwarding_flag;
				622	no_x11_forwarding_flag \|= cert_no_x11_forwarding_flag;
				623	no_pty_flag \|= cert_no_pty_flag;
				624	no_user_rc \|= cert_no_user_rc;
				625	/* CA-specified forced command supersedes key option */
				626	if (cert_forced_command != NULL) {
				627	if (forced_command != NULL)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	628	free(forced_command);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	629	forced_command = cert_forced_command;
				630	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	631	return 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	632	}
				633