Blame - auth-options.c - platform/external/openssh

blob: 57b49f7fd7518c5865f7e7b27be87f7cae882bb3 [file] [log] [blame]

djm@openbsd.org	fd6dcef	2016-11-30 02:57:40 +0000	[diff] [blame^]	1	/* $OpenBSD: auth-options.c,v 1.72 2016/11/30 02:57:40 djm Exp $ */
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	2	/*
				3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	* All rights reserved
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	6	* As far as I am concerned, the code I have written for this software
				7	* can be used freely for any purpose. Any derived versions of this
				8	* software must be clearly marked as such, and if the derived work is
				9	* incompatible with the protocol description in the RFC file, it must be
				10	* called by a name other than "ssh" or "Secure Shell".
				11	*/
				12
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	13	#include "includes.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	14
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	15	#include <sys/types.h>
				16
Damien Miller	b8fe89c	2006-07-24 14:51:00 +1000	[diff] [blame]	17	#include <netdb.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	18	#include <pwd.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	19	#include <string.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	20	#include <stdio.h>
				21	#include <stdarg.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	22
Damien Miller	b84886b	2008-05-19 15:05:07 +1000	[diff] [blame]	23	#include "openbsd-compat/sys-queue.h"
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	24
				25	#include "key.h" /* XXX for typedef */
				26	#include "buffer.h" /* XXX for typedef */
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	27	#include "xmalloc.h"
				28	#include "match.h"
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	29	#include "ssherr.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	30	#include "log.h"
				31	#include "canohost.h"
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	32	#include "packet.h"
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	33	#include "sshbuf.h"
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	34	#include "misc.h"
Ben Lindstrom	c763767	2001-06-09 00:36:26 +0000	[diff] [blame]	35	#include "channels.h"
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	36	#include "servconf.h"
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	37	#include "sshkey.h"
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	38	#include "auth-options.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	39	#include "hostfile.h"
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	40	#include "auth.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	41
				42	/* Flags set authorized_keys flags */
				43	int no_port_forwarding_flag = 0;
				44	int no_agent_forwarding_flag = 0;
				45	int no_x11_forwarding_flag = 0;
				46	int no_pty_flag = 0;
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	47	int no_user_rc = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	48	int key_is_cert_authority = 0;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	49
				50	/* "command=" option. */
				51	char *forced_command = NULL;
				52
				53	/* "environment=" options. */
				54	struct envstring *custom_environment = NULL;
				55
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	56	/* "tunnel=" option. */
				57	int forced_tun_device = -1;
				58
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	59	/* "principals=" option. */
				60	char *authorized_principals = NULL;
				61
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	62	extern ServerOptions options;
				63
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	64	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	65	auth_clear_options(void)
				66	{
				67	no_agent_forwarding_flag = 0;
				68	no_port_forwarding_flag = 0;
				69	no_pty_flag = 0;
				70	no_x11_forwarding_flag = 0;
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	71	no_user_rc = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	72	key_is_cert_authority = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	73	while (custom_environment) {
				74	struct envstring *ce = custom_environment;
				75	custom_environment = ce->next;
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	76	free(ce->s);
				77	free(ce);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	78	}
mmcc@openbsd.org	d59ce08	2015-12-10 17:08:40 +0000	[diff] [blame]	79	free(forced_command);
				80	forced_command = NULL;
				81	free(authorized_principals);
				82	authorized_principals = NULL;
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	83	forced_tun_device = -1;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	84	channel_clear_permitted_opens();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	85	}
				86
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	87	/*
djm@openbsd.org	383f10f	2015-11-16 00:30:02 +0000	[diff] [blame]	88	* Match flag 'opt' in *optsp, and if allow_negate is set then also match
				89	* 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0
				90	* if negated option matches.
				91	* If the option or negated option matches, then *optsp is updated to
				92	* point to the first character after the option and, if 'msg' is not NULL
				93	* then a message based on it added via auth_debug_add().
				94	*/
				95	static int
				96	match_flag(const char opt, int allow_negate, char optsp, const char msg)
				97	{
				98	size_t opt_len = strlen(opt);
				99	char opts = optsp;
				100	int negate = 0;
				101
				102	if (allow_negate && strncasecmp(opts, "no-", 3) == 0) {
				103	opts += 3;
				104	negate = 1;
				105	}
				106	if (strncasecmp(opts, opt, opt_len) == 0) {
				107	*optsp = opts + opt_len;
				108	if (msg != NULL) {
				109	auth_debug_add("%s %s.", msg,
				110	negate ? "disabled" : "enabled");
				111	}
				112	return negate ? 0 : 1;
				113	}
				114	return -1;
				115	}
				116
				117	/*
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	118	* return 1 if access is granted, 0 if not.
				119	* side effect: sets key option flags
				120	*/
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	121	int
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	122	auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	123	{
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	124	struct ssh ssh = active_state; / XXX */
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	125	const char *cp;
djm@openbsd.org	383f10f	2015-11-16 00:30:02 +0000	[diff] [blame]	126	int i, r;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	127
				128	/* reset options */
				129	auth_clear_options();
				130
Ben Lindstrom	36d7bd0	2001-02-10 22:27:19 +0000	[diff] [blame]	131	if (!opts)
				132	return 1;
				133
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	134	while (opts && opts != ' ' && *opts != '\t') {
djm@openbsd.org	383f10f	2015-11-16 00:30:02 +0000	[diff] [blame]	135	if ((r = match_flag("cert-authority", 0, &opts, NULL)) != -1) {
				136	key_is_cert_authority = r;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	137	goto next_option;
				138	}
djm@openbsd.org	383f10f	2015-11-16 00:30:02 +0000	[diff] [blame]	139	if ((r = match_flag("restrict", 0, &opts, NULL)) != -1) {
				140	auth_debug_add("Key is restricted.");
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	141	no_port_forwarding_flag = 1;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	142	no_agent_forwarding_flag = 1;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	143	no_x11_forwarding_flag = 1;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	144	no_pty_flag = 1;
djm@openbsd.org	383f10f	2015-11-16 00:30:02 +0000	[diff] [blame]	145	no_user_rc = 1;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	146	goto next_option;
				147	}
djm@openbsd.org	383f10f	2015-11-16 00:30:02 +0000	[diff] [blame]	148	if ((r = match_flag("port-forwarding", 1, &opts,
				149	"Port forwarding")) != -1) {
				150	no_port_forwarding_flag = r != 1;
				151	goto next_option;
				152	}
				153	if ((r = match_flag("agent-forwarding", 1, &opts,
				154	"Agent forwarding")) != -1) {
				155	no_agent_forwarding_flag = r != 1;
				156	goto next_option;
				157	}
				158	if ((r = match_flag("x11-forwarding", 1, &opts,
				159	"X11 forwarding")) != -1) {
				160	no_x11_forwarding_flag = r != 1;
				161	goto next_option;
				162	}
				163	if ((r = match_flag("pty", 1, &opts,
				164	"PTY allocation")) != -1) {
				165	no_pty_flag = r != 1;
				166	goto next_option;
				167	}
				168	if ((r = match_flag("user-rc", 1, &opts,
				169	"User rc execution")) != -1) {
				170	no_user_rc = r != 1;
Damien Miller	95e8095	2008-03-27 11:03:05 +1100	[diff] [blame]	171	goto next_option;
				172	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	173	cp = "command=\"";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	174	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	175	opts += strlen(cp);
mmcc@openbsd.org	d59ce08	2015-12-10 17:08:40 +0000	[diff] [blame]	176	free(forced_command);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	177	forced_command = xmalloc(strlen(opts) + 1);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	178	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	179	while (*opts) {
				180	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	181	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	182	if (*opts == '\\' && opts[1] == '"') {
				183	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	184	forced_command[i++] = '"';
				185	continue;
				186	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	187	forced_command[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	188	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	189	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	190	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	191	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	192	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	193	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	194	free(forced_command);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	195	forced_command = NULL;
				196	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	197	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	198	forced_command[i] = '\0';
Damien Miller	de53fd0	2011-01-06 22:44:18 +1100	[diff] [blame]	199	auth_debug_add("Forced command.");
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	200	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	201	goto next_option;
				202	}
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	203	cp = "principals=\"";
				204	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				205	opts += strlen(cp);
mmcc@openbsd.org	d59ce08	2015-12-10 17:08:40 +0000	[diff] [blame]	206	free(authorized_principals);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	207	authorized_principals = xmalloc(strlen(opts) + 1);
				208	i = 0;
				209	while (*opts) {
				210	if (*opts == '"')
				211	break;
				212	if (*opts == '\\' && opts[1] == '"') {
				213	opts += 2;
				214	authorized_principals[i++] = '"';
				215	continue;
				216	}
				217	authorized_principals[i++] = *opts++;
				218	}
				219	if (!*opts) {
				220	debug("%.100s, line %lu: missing end quote",
				221	file, linenum);
				222	auth_debug_add("%.100s, line %lu: missing end quote",
				223	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	224	free(authorized_principals);
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	225	authorized_principals = NULL;
				226	goto bad_option;
				227	}
				228	authorized_principals[i] = '\0';
				229	auth_debug_add("principals: %.900s",
				230	authorized_principals);
				231	opts++;
				232	goto next_option;
				233	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	234	cp = "environment=\"";
djm@openbsd.org	a42d67b	2015-05-01 03:20:54 +0000	[diff] [blame]	235	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	236	char *s;
				237	struct envstring *new_envstring;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	238
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	239	opts += strlen(cp);
				240	s = xmalloc(strlen(opts) + 1);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	241	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	242	while (*opts) {
				243	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	244	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	245	if (*opts == '\\' && opts[1] == '"') {
				246	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	247	s[i++] = '"';
				248	continue;
				249	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	250	s[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	251	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	252	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	253	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	254	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	255	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	256	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	257	free(s);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	258	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	259	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	260	s[i] = '\0';
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	261	opts++;
djm@openbsd.org	a42d67b	2015-05-01 03:20:54 +0000	[diff] [blame]	262	if (options.permit_user_env) {
				263	auth_debug_add("Adding to environment: "
				264	"%.900s", s);
				265	debug("Adding to environment: %.900s", s);
				266	new_envstring = xcalloc(1,
				267	sizeof(*new_envstring));
				268	new_envstring->s = s;
				269	new_envstring->next = custom_environment;
				270	custom_environment = new_envstring;
				271	s = NULL;
				272	}
				273	free(s);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	274	goto next_option;
				275	}
				276	cp = "from=\"";
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	277	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	278	const char *remote_ip = ssh_remote_ipaddr(ssh);
				279	const char *remote_host = auth_get_canonical_hostname(
				280	ssh, options.use_dns);
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	281	char *patterns = xmalloc(strlen(opts) + 1);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	282
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	283	opts += strlen(cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	284	i = 0;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	285	while (*opts) {
				286	if (*opts == '"')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	287	break;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	288	if (*opts == '\\' && opts[1] == '"') {
				289	opts += 2;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	290	patterns[i++] = '"';
				291	continue;
				292	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	293	patterns[i++] = *opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	294	}
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	295	if (!*opts) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	296	debug("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	297	file, linenum);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	298	auth_debug_add("%.100s, line %lu: missing end quote",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	299	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	300	free(patterns);
Damien Miller	056ddf7	2001-03-14 10:15:20 +1100	[diff] [blame]	301	goto bad_option;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	302	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	303	patterns[i] = '\0';
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	304	opts++;
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	305	switch (match_host_and_ip(remote_host, remote_ip,
				306	patterns)) {
				307	case 1:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	308	free(patterns);
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	309	/* Host name matches. */
				310	goto next_option;
				311	case -1:
				312	debug("%.100s, line %lu: invalid criteria",
				313	file, linenum);
				314	auth_debug_add("%.100s, line %lu: "
				315	"invalid criteria", file, linenum);
				316	/* FALLTHROUGH */
				317	case 0:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	318	free(patterns);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	319	logit("Authentication tried for %.100s with "
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	320	"correct key but not from a permitted "
				321	"host (host=%.200s, ip=%.200s).",
				322	pw->pw_name, remote_host, remote_ip);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	323	auth_debug_add("Your host '%.200s' is not "
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	324	"permitted to use this key for login.",
				325	remote_host);
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	326	break;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	327	}
Darren Tucker	896ad5a	2008-06-11 09:34:46 +1000	[diff] [blame]	328	/* deny access */
				329	return 0;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	330	}
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	331	cp = "permitopen=\"";
				332	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	333	char host, p;
Damien Miller	e37dde0	2009-01-28 16:33:01 +1100	[diff] [blame]	334	int port;
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	335	char *patterns = xmalloc(strlen(opts) + 1);
				336
				337	opts += strlen(cp);
				338	i = 0;
				339	while (*opts) {
				340	if (*opts == '"')
				341	break;
				342	if (*opts == '\\' && opts[1] == '"') {
				343	opts += 2;
				344	patterns[i++] = '"';
				345	continue;
				346	}
				347	patterns[i++] = *opts++;
				348	}
				349	if (!*opts) {
				350	debug("%.100s, line %lu: missing end quote",
				351	file, linenum);
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	352	auth_debug_add("%.100s, line %lu: missing "
				353	"end quote", file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	354	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	355	goto bad_option;
				356	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	357	patterns[i] = '\0';
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	358	opts++;
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	359	p = patterns;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	360	/* XXX - add streamlocal support */
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	361	host = hpdelim(&p);
				362	if (host == NULL \|\| strlen(host) >= NI_MAXHOST) {
				363	debug("%.100s, line %lu: Bad permitopen "
Darren Tucker	90b9e02	2005-03-14 23:08:50 +1100	[diff] [blame]	364	"specification <%.100s>", file, linenum,
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	365	patterns);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	366	auth_debug_add("%.100s, line %lu: "
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	367	"Bad permitopen specification", file,
				368	linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	369	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	370	goto bad_option;
				371	}
Darren Tucker	47eede7	2005-03-14 23:08:12 +1100	[diff] [blame]	372	host = cleanhostname(host);
Darren Tucker	1338b9e	2011-10-02 18:57:35 +1100	[diff] [blame]	373	if (p == NULL \|\| (port = permitopen_port(p)) < 0) {
Damien Miller	f91ee4c	2005-03-01 21:24:33 +1100	[diff] [blame]	374	debug("%.100s, line %lu: Bad permitopen port "
				375	"<%.100s>", file, linenum, p ? p : "");
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	376	auth_debug_add("%.100s, line %lu: "
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	377	"Bad permitopen port", file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	378	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	379	goto bad_option;
				380	}
Damien Miller	aa5b3f8	2012-12-03 09:50:54 +1100	[diff] [blame]	381	if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
Ben Lindstrom	d71ba57	2001-09-12 18:03:31 +0000	[diff] [blame]	382	channel_add_permitted_opens(host, port);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	383	free(patterns);
Ben Lindstrom	7bb8b49	2001-03-17 00:47:54 +0000	[diff] [blame]	384	goto next_option;
				385	}
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	386	cp = "tunnel=\"";
				387	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
				388	char *tun = NULL;
				389	opts += strlen(cp);
				390	tun = xmalloc(strlen(opts) + 1);
				391	i = 0;
				392	while (*opts) {
				393	if (*opts == '"')
				394	break;
				395	tun[i++] = *opts++;
				396	}
				397	if (!*opts) {
				398	debug("%.100s, line %lu: missing end quote",
				399	file, linenum);
				400	auth_debug_add("%.100s, line %lu: missing end quote",
				401	file, linenum);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	402	free(tun);
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	403	forced_tun_device = -1;
				404	goto bad_option;
				405	}
Damien Miller	9829926	2006-07-24 14:01:43 +1000	[diff] [blame]	406	tun[i] = '\0';
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	407	forced_tun_device = a2tun(tun, NULL);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	408	free(tun);
Damien Miller	7b58e80	2005-12-13 19:33:19 +1100	[diff] [blame]	409	if (forced_tun_device == SSH_TUNID_ERR) {
Damien Miller	d27b947	2005-12-13 19:29:02 +1100	[diff] [blame]	410	debug("%.100s, line %lu: invalid tun device",
				411	file, linenum);
				412	auth_debug_add("%.100s, line %lu: invalid tun device",
				413	file, linenum);
				414	forced_tun_device = -1;
				415	goto bad_option;
				416	}
				417	auth_debug_add("Forced tun device: %d", forced_tun_device);
				418	opts++;
				419	goto next_option;
				420	}
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	421	next_option:
				422	/*
				423	* Skip the comma, and move to the next option
				424	* (or break out if there are no more).
				425	*/
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	426	if (!*opts)
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	427	fatal("Bugs in auth-options.c option processing.");
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	428	if (opts == ' ' \|\| opts == '\t')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	429	break; /* End of options. */
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	430	if (*opts != ',')
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	431	goto bad_option;
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	432	opts++;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	433	/* Process the next option. */
				434	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	435
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	436	/* grant access */
				437	return 1;
				438
				439	bad_option:
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	440	logit("Bad options in %.100s file, line %lu: %.50s",
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	441	file, linenum, opts);
Ben Lindstrom	a574cda	2002-05-15 16:16:14 +0000	[diff] [blame]	442	auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
Damien Miller	3380426	2001-02-04 23:20:18 +1100	[diff] [blame]	443	file, linenum, opts);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	444
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	445	/* deny access */
				446	return 0;
				447	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	448
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	449	#define OPTIONS_CRITICAL 1
				450	#define OPTIONS_EXTENSIONS 2
				451	static int
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	452	parse_option_list(struct sshbuf oblob, struct passwd pw,
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	453	u_int which, int crit,
				454	int *cert_no_port_forwarding_flag,
				455	int *cert_no_agent_forwarding_flag,
				456	int *cert_no_x11_forwarding_flag,
				457	int *cert_no_pty_flag,
				458	int *cert_no_user_rc,
				459	char **cert_forced_command,
				460	int *cert_source_address_done)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	461	{
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	462	struct ssh ssh = active_state; / XXX */
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	463	char command, allowed;
				464	const char *remote_ip;
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	465	char *name = NULL;
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	466	struct sshbuf c = NULL, data = NULL;
				467	int r, ret = -1, result, found;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	468
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	469	if ((c = sshbuf_fromb(oblob)) == NULL) {
				470	error("%s: sshbuf_fromb failed", __func__);
				471	goto out;
				472	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	473
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	474	while (sshbuf_len(c) > 0) {
				475	sshbuf_free(data);
				476	data = NULL;
				477	if ((r = sshbuf_get_cstring(c, &name, NULL)) != 0 \|\|
				478	(r = sshbuf_froms(c, &data)) != 0) {
				479	error("Unable to parse certificate options: %s",
				480	ssh_err(r));
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	481	goto out;
				482	}
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	483	debug3("found certificate option \"%.100s\" len %zu",
				484	name, sshbuf_len(data));
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	485	found = 0;
				486	if ((which & OPTIONS_EXTENSIONS) != 0) {
				487	if (strcmp(name, "permit-X11-forwarding") == 0) {
				488	*cert_no_x11_forwarding_flag = 0;
				489	found = 1;
				490	} else if (strcmp(name,
				491	"permit-agent-forwarding") == 0) {
				492	*cert_no_agent_forwarding_flag = 0;
				493	found = 1;
				494	} else if (strcmp(name,
				495	"permit-port-forwarding") == 0) {
				496	*cert_no_port_forwarding_flag = 0;
				497	found = 1;
				498	} else if (strcmp(name, "permit-pty") == 0) {
				499	*cert_no_pty_flag = 0;
				500	found = 1;
				501	} else if (strcmp(name, "permit-user-rc") == 0) {
				502	*cert_no_user_rc = 0;
				503	found = 1;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	504	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	505	}
				506	if (!found && (which & OPTIONS_CRITICAL) != 0) {
				507	if (strcmp(name, "force-command") == 0) {
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	508	if ((r = sshbuf_get_cstring(data, &command,
				509	NULL)) != 0) {
				510	error("Unable to parse \"%s\" "
				511	"section: %s", name, ssh_err(r));
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	512	goto out;
				513	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	514	if (*cert_forced_command != NULL) {
				515	error("Certificate has multiple "
				516	"force-command options");
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	517	free(command);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	518	goto out;
				519	}
				520	*cert_forced_command = command;
				521	found = 1;
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	522	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	523	if (strcmp(name, "source-address") == 0) {
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	524	if ((r = sshbuf_get_cstring(data, &allowed,
				525	NULL)) != 0) {
				526	error("Unable to parse \"%s\" "
				527	"section: %s", name, ssh_err(r));
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	528	goto out;
				529	}
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	530	if ((*cert_source_address_done)++) {
				531	error("Certificate has multiple "
				532	"source-address options");
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	533	free(allowed);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	534	goto out;
				535	}
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	536	remote_ip = ssh_remote_ipaddr(ssh);
Damien Miller	bf25d11	2013-12-29 17:44:56 +1100	[diff] [blame]	537	result = addr_match_cidr_list(remote_ip,
				538	allowed);
				539	free(allowed);
				540	switch (result) {
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	541	case 1:
				542	/* accepted */
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	543	break;
				544	case 0:
				545	/* no match */
				546	logit("Authentication tried for %.100s "
				547	"with valid certificate but not "
				548	"from a permitted host "
				549	"(ip=%.200s).", pw->pw_name,
				550	remote_ip);
				551	auth_debug_add("Your address '%.200s' "
				552	"is not permitted to use this "
				553	"certificate for login.",
				554	remote_ip);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	555	goto out;
				556	case -1:
Damien Miller	bf25d11	2013-12-29 17:44:56 +1100	[diff] [blame]	557	default:
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	558	error("Certificate source-address "
				559	"contents invalid");
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	560	goto out;
				561	}
				562	found = 1;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	563	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	564	}
				565
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	566	if (!found) {
				567	if (crit) {
				568	error("Certificate critical option \"%s\" "
				569	"is not supported", name);
				570	goto out;
				571	} else {
				572	logit("Certificate extension \"%s\" "
				573	"is not supported", name);
				574	}
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	575	} else if (sshbuf_len(data) != 0) {
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	576	error("Certificate option \"%s\" corrupt "
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	577	"(extra data)", name);
				578	goto out;
				579	}
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	580	free(name);
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	581	name = NULL;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	582	}
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	583	/* successfully parsed all options */
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	584	ret = 0;
				585
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	586	out:
				587	if (ret != 0 &&
				588	cert_forced_command != NULL &&
				589	*cert_forced_command != NULL) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	590	free(*cert_forced_command);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	591	*cert_forced_command = NULL;
				592	}
mmcc@openbsd.org	d59ce08	2015-12-10 17:08:40 +0000	[diff] [blame]	593	free(name);
markus@openbsd.org	ae8b463	2015-01-14 10:30:34 +0000	[diff] [blame]	594	sshbuf_free(data);
				595	sshbuf_free(c);
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	596	return ret;
				597	}
				598
				599	/*
				600	* Set options from critical certificate options. These supersede user key
				601	* options so this must be called after auth_parse_options().
				602	*/
				603	int
djm@openbsd.org	fd6dcef	2016-11-30 02:57:40 +0000	[diff] [blame^]	604	auth_cert_options(struct sshkey k, struct passwd pw, const char **reason)
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	605	{
				606	int cert_no_port_forwarding_flag = 1;
				607	int cert_no_agent_forwarding_flag = 1;
				608	int cert_no_x11_forwarding_flag = 1;
				609	int cert_no_pty_flag = 1;
				610	int cert_no_user_rc = 1;
				611	char *cert_forced_command = NULL;
				612	int cert_source_address_done = 0;
				613
djm@openbsd.org	fd6dcef	2016-11-30 02:57:40 +0000	[diff] [blame^]	614	*reason = "invalid certificate options";
				615
djm@openbsd.org	c28fc62	2015-07-03 03:43:18 +0000	[diff] [blame]	616	/* Separate options and extensions for v01 certs */
				617	if (parse_option_list(k->cert->critical, pw,
				618	OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
				619	&cert_forced_command,
				620	&cert_source_address_done) == -1)
				621	return -1;
				622	if (parse_option_list(k->cert->extensions, pw,
				623	OPTIONS_EXTENSIONS, 0,
				624	&cert_no_port_forwarding_flag,
				625	&cert_no_agent_forwarding_flag,
				626	&cert_no_x11_forwarding_flag,
				627	&cert_no_pty_flag,
				628	&cert_no_user_rc,
				629	NULL, NULL) == -1)
				630	return -1;
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	631
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	632	no_port_forwarding_flag \|= cert_no_port_forwarding_flag;
				633	no_agent_forwarding_flag \|= cert_no_agent_forwarding_flag;
				634	no_x11_forwarding_flag \|= cert_no_x11_forwarding_flag;
				635	no_pty_flag \|= cert_no_pty_flag;
				636	no_user_rc \|= cert_no_user_rc;
djm@openbsd.org	fd6dcef	2016-11-30 02:57:40 +0000	[diff] [blame^]	637	/*
				638	* Only permit both CA and key option forced-command if they match.
				639	* Otherwise refuse the certificate.
				640	*/
				641	if (cert_forced_command != NULL && forced_command != NULL) {
				642	if (strcmp(forced_command, cert_forced_command) == 0) {
				643	free(forced_command);
				644	forced_command = cert_forced_command;
				645	} else {
				646	*reason = "certificate and key options forced command "
				647	"do not match";
				648	free(cert_forced_command);
				649	return -1;
				650	}
				651	} else if (cert_forced_command != NULL)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	652	forced_command = cert_forced_command;
djm@openbsd.org	fd6dcef	2016-11-30 02:57:40 +0000	[diff] [blame^]	653	/* success */
				654	*reason = NULL;
Damien Miller	d0e4a8e	2010-05-21 14:58:32 +1000	[diff] [blame]	655	return 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	656	}
				657