Blame - auth-options.c - platform/external/openssh

blob: 33c62641b0e2edc464558a4c62515bf3d8bb8ffd [file] [log] [blame]

Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame^]	1	/* $OpenBSD: auth-options.c,v 1.39 2006/07/22 20:48:22 stevesk Exp $ */
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	2	/*
				3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	* All rights reserved
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	6	* As far as I am concerned, the code I have written for this software
				7	* can be used freely for any purpose. Any derived versions of this
				8	* software must be clearly marked as such, and if the derived work is
				9	* incompatible with the protocol description in the RFC file, it must be
				10	* called by a name other than "ssh" or "Secure Shell".
				11	*/
				12
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	13	#include "includes.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	14
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	15	#include <sys/types.h>
				16
Damien Miller	be43ebf	2006-07-24 13:51:51 +1000	[diff] [blame]	17	#if defined(HAVE_NETDB_H)
				18	# include <netdb.h>
				19	#endif
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	20	#include <pwd.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame^]	21	#include <string.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	22
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	23	#include "xmalloc.h"
				24	#include "match.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	25	#include "log.h"
				26	#include "canohost.h"
Ben Lindstrom	c763767	2001-06-09 00:36:26 +0000	[diff] [blame]	27	#include "channels.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	28	#include "auth-options.h"
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	29	#include "servconf.h"
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	30	#include "misc.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	31	#include "monitor_wrap.h"
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	32	#include "auth.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	33
				34	/* Flags set authorized_keys flags */
				35	int no_port_forwarding_flag = 0;
				36	int no_agent_forwarding_flag = 0;
				37	int no_x11_forwarding_flag = 0;
				38	int no_pty_flag = 0;
				39
				40	/* "command=" option. */
				41	char *forced_command = NULL;
				42
				43	/* "environment=" options. */
				44	struct envstring *custom_environment = NULL;
				45
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	46	/* "tunnel=" option. */
				47	int forced_tun_device = -1;
				48
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	49	extern ServerOptions options;
				50
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	51	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	52	auth_clear_options(void)
				53	{
				54	no_agent_forwarding_flag = 0;
				55	no_port_forwarding_flag = 0;
				56	no_pty_flag = 0;
				57	no_x11_forwarding_flag = 0;
				58	while (custom_environment) {
				59	struct envstring *ce = custom_environment;
				60	custom_environment = ce->next;
				61	xfree(ce->s);
				62	xfree(ce);
				63	}
				64	if (forced_command) {
				65	xfree(forced_command);
				66	forced_command = NULL;
				67	}
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	68	forced_tun_device = -1;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	69	channel_clear_permitted_opens();
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	70	auth_debug_reset();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	71	}
				72
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	73	/*
				74	* return 1 if access is granted, 0 if not.
				75	* side effect: sets key option flags
				76	*/
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	77	int
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	78	auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	79	{
				80	const char *cp;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	81	int i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	82
				83	/* reset options */
				84	auth_clear_options();
				85
Ben Lindstrom	36d7bd0	2001-02-10 22:27:19 +0000	[diff] [blame]	86	if (!opts)
				87	return 1;
				88
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	89	while (opts && opts != ' ' && *opts != '\t') {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	90	cp = "no-port-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	91	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	92	auth_debug_add("Port forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	93	no_port_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	94	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	95	goto next_option;
				96	}
				97	cp = "no-agent-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	98	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	99	auth_debug_add("Agent forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	100	no_agent_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	101	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	102	goto next_option;
				103	}
				104	cp = "no-X11-forwarding";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	105	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	106	auth_debug_add("X11 forwarding disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	107	no_x11_forwarding_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	108	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	109	goto next_option;
				110	}
				111	cp = "no-pty";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	112	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	113	auth_debug_add("Pty allocation disabled.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	114	no_pty_flag = 1;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	115	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	116	goto next_option;
				117	}
				118	cp = "command=\"";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	119	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	120	opts += strlen(cp);
				121	forced_command = xmalloc(strlen(opts) + 1);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	122	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	123	while (*opts) {
				124	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	125	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	126	if (*opts == '\\' && opts[1] == '"') {
				127	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	128	forced_command[i++] = '"';
				129	continue;
				130	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	131	forced_command[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	132	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	133	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	134	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	135	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	136	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	137	file, linenum);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	138	xfree(forced_command);
				139	forced_command = NULL;
				140	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	141	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	142	forced_command[i] = '\0';
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	143	auth_debug_add("Forced command: %.900s", forced_command);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	144	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	145	goto next_option;
				146	}
				147	cp = "environment=\"";
Ben Lindstrom	5d860f0	2002-08-01 01:28:38 +0000	[diff] [blame]	148	if (options.permit_user_env &&
				149	strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	150	char *s;
				151	struct envstring *new_envstring;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	152
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	153	opts += strlen(cp);
				154	s = xmalloc(strlen(opts) + 1);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	155	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	156	while (*opts) {
				157	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	158	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	159	if (*opts == '\\' && opts[1] == '"') {
				160	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	161	s[i++] = '"';
				162	continue;
				163	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	164	s[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	165	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	166	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	167	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	168	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	169	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	170	file, linenum);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	171	xfree(s);
				172	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	173	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	174	s[i] = '\0';
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	175	auth_debug_add("Adding to environment: %.900s", s);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	176	debug("Adding to environment: %.900s", s);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	177	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	178	new_envstring = xmalloc(sizeof(struct envstring));
				179	new_envstring->s = s;
				180	new_envstring->next = custom_environment;
				181	custom_environment = new_envstring;
				182	goto next_option;
				183	}
				184	cp = "from=\"";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	185	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	186	const char *remote_ip = get_remote_ipaddr();
				187	const char *remote_host = get_canonical_hostname(
Damien Miller	3a961dc	2003-06-03 10:25:48 +1000	[diff] [blame]	188	options.use_dns);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	189	char *patterns = xmalloc(strlen(opts) + 1);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	190
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	191	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	192	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	193	while (*opts) {
				194	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	195	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	196	if (*opts == '\\' && opts[1] == '"') {
				197	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	198	patterns[i++] = '"';
				199	continue;
				200	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	201	patterns[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	202	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	203	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	204	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	205	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	206	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	207	file, linenum);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	208	xfree(patterns);
				209	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	210	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	211	patterns[i] = '\0';
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	212	opts++;
Ben Lindstrom	f0c5029	2001-06-25 05:17:53 +0000	[diff] [blame]	213	if (match_host_and_ip(remote_host, remote_ip,
				214	patterns) != 1) {
				215	xfree(patterns);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	216	logit("Authentication tried for %.100s with "
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	217	"correct key but not from a permitted "
				218	"host (host=%.200s, ip=%.200s).",
				219	pw->pw_name, remote_host, remote_ip);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	220	auth_debug_add("Your host '%.200s' is not "
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	221	"permitted to use this key for login.",
				222	remote_host);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	223	/* deny access */
				224	return 0;
				225	}
Ben Lindstrom	f0c5029	2001-06-25 05:17:53 +0000	[diff] [blame]	226	xfree(patterns);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	227	/* Host name matches. */
				228	goto next_option;
				229	}
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	230	cp = "permitopen=\"";
				231	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	232	char host, p;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	233	u_short port;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	234	char *patterns = xmalloc(strlen(opts) + 1);
				235
				236	opts += strlen(cp);
				237	i = 0;
				238	while (*opts) {
				239	if (*opts == '"')
				240	break;
				241	if (*opts == '\\' && opts[1] == '"') {
				242	opts += 2;
				243	patterns[i++] = '"';
				244	continue;
				245	}
				246	patterns[i++] = *opts++;
				247	}
				248	if (!*opts) {
				249	debug("%.100s, line %lu: missing end quote",
				250	file, linenum);
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	251	auth_debug_add("%.100s, line %lu: missing "
				252	"end quote", file, linenum);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	253	xfree(patterns);
				254	goto bad_option;
				255	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	256	patterns[i] = '\0';
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	257	opts++;
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	258	p = patterns;
				259	host = hpdelim(&p);
				260	if (host == NULL \|\| strlen(host) >= NI_MAXHOST) {
				261	debug("%.100s, line %lu: Bad permitopen "
Darren Tucker	90b9e02	2005-03-14 23:08:50 +1100	[diff] [blame]	262	"specification <%.100s>", file, linenum,
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	263	patterns);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	264	auth_debug_add("%.100s, line %lu: "
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	265	"Bad permitopen specification", file,
				266	linenum);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	267	xfree(patterns);
				268	goto bad_option;
				269	}
Darren Tucker	47eede7	2005-03-14 23:08:12 +1100	[diff] [blame]	270	host = cleanhostname(host);
				271	if (p == NULL \|\| (port = a2port(p)) == 0) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	272	debug("%.100s, line %lu: Bad permitopen port "
				273	"<%.100s>", file, linenum, p ? p : "");
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	274	auth_debug_add("%.100s, line %lu: "
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	275	"Bad permitopen port", file, linenum);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	276	xfree(patterns);
				277	goto bad_option;
				278	}
Ben Lindstrom	2d70f98	2001-03-19 00:13:46 +0000	[diff] [blame]	279	if (options.allow_tcp_forwarding)
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	280	channel_add_permitted_opens(host, port);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	281	xfree(patterns);
				282	goto next_option;
				283	}
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	284	cp = "tunnel=\"";
				285	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				286	char *tun = NULL;
				287	opts += strlen(cp);
				288	tun = xmalloc(strlen(opts) + 1);
				289	i = 0;
				290	while (*opts) {
				291	if (*opts == '"')
				292	break;
				293	tun[i++] = *opts++;
				294	}
				295	if (!*opts) {
				296	debug("%.100s, line %lu: missing end quote",
				297	file, linenum);
				298	auth_debug_add("%.100s, line %lu: missing end quote",
				299	file, linenum);
				300	xfree(tun);
				301	forced_tun_device = -1;
				302	goto bad_option;
				303	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	304	tun[i] = '\0';
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	305	forced_tun_device = a2tun(tun, NULL);
				306	xfree(tun);
Damien Miller	7b58e80	2005-12-13 19:33:19 +1100	[diff] [blame]	307	if (forced_tun_device == SSH_TUNID_ERR) {
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	308	debug("%.100s, line %lu: invalid tun device",
				309	file, linenum);
				310	auth_debug_add("%.100s, line %lu: invalid tun device",
				311	file, linenum);
				312	forced_tun_device = -1;
				313	goto bad_option;
				314	}
				315	auth_debug_add("Forced tun device: %d", forced_tun_device);
				316	opts++;
				317	goto next_option;
				318	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	319	next_option:
				320	/*
				321	* Skip the comma, and move to the next option
				322	* (or break out if there are no more).
				323	*/
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	324	if (!*opts)
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	325	fatal("Bugs in auth-options.c option processing.");
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	326	if (opts == ' ' \|\| opts == '\t')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	327	break; /* End of options. */
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	328	if (*opts != ',')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	329	goto bad_option;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	330	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	331	/* Process the next option. */
				332	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	333
				334	if (!use_privsep)
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	335	auth_debug_send();
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	336
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	337	/* grant access */
				338	return 1;
				339
				340	bad_option:
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	341	logit("Bad options in %.100s file, line %lu: %.50s",
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	342	file, linenum, opts);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	343	auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	344	file, linenum, opts);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	345
				346	if (!use_privsep)
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	347	auth_debug_send();
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	348
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	349	/* deny access */
				350	return 0;
				351	}