Mercurial > dropbear
annotate svr-authpubkeyoptions.c @ 475:52a644e7b8e1 pubkey-options
* Patch from Frédéric Moulins adding options to authorized_keys.
Needs review.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 08 Sep 2008 15:14:02 +0000 |
| parents | |
| children | df7f7da7f6e4 |
| rev | line source |
|---|---|
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2008 Frederic Moulins |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 * This file incorporates work covered by the following copyright and |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 * permission notice: |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 * Author: Tatu Ylonen <[email protected]> |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 * All rights reserved |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 * As far as I am concerned, the code I have written for this software |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 * can be used freely for any purpose. Any derived versions of this |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 * software must be clearly marked as such, and if the derived work is |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 * incompatible with the protocol description in the RFC file, it must be |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 * called by a name other than "ssh" or "Secure Shell". |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 * This copyright and permission notice applies to the code parsing public keys |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 * options string which can also be found in OpenSSH auth-options.c file |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 * (auth_parse_options). |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 * |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 /* Process pubkey options during a pubkey auth request */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 #include "includes.h" |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 #include "session.h" |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 #include "dbutil.h" |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 #include "signkey.h" |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 #include "auth.h" |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 #ifdef ENABLE_SVR_PUBKEY_OPTIONS |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 /* Returns 1 if pubkey allows agent forwarding, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 * 0 otherwise */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 int svr_pubkey_allows_agentfwd() { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 if (ses.authstate.pubkey_options |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 && ses.authstate.pubkey_options->no_agent_forwarding_flag) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 return 0; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 return 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 /* Returns 1 if pubkey allows tcp forwarding, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 * 0 otherwise */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 int svr_pubkey_allows_tcpfwd() { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 if (ses.authstate.pubkey_options |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 && ses.authstate.pubkey_options->no_port_forwarding_flag) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 return 0; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 return 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 /* Returns 1 if pubkey allows x11 forwarding, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 * 0 otherwise */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 int svr_pubkey_allows_x11fwd() { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 if (ses.authstate.pubkey_options |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 && ses.authstate.pubkey_options->no_x11_forwarding_flag) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 return 0; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 return 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 /* Returns 1 if pubkey allows pty, 0 otherwise */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 int svr_pubkey_allows_pty() { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 if (ses.authstate.pubkey_options |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 && ses.authstate.pubkey_options->no_pty_flag) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 return 0; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 return 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 /* Set chansession command to the one forced by 'command' public key option */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 void svr_pubkey_set_forced_command(struct ChanSess *chansess) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 if (ses.authstate.pubkey_options) |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
94 chansess->cmd = ses.authstate.pubkey_options->forced_command; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
95 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
96 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 /* Free potential public key options */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 void svr_pubkey_options_cleanup() { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 if (ses.authstate.pubkey_options) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 m_free(ses.authstate.pubkey_options); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 ses.authstate.pubkey_options = NULL; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 /* Parse pubkey options and set ses.authstate.pubkey_options accordingly. |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 * Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 int svr_add_pubkey_options(const char* opts) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 const char *cp; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
109 int i; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 int ret = DROPBEAR_FAILURE; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 TRACE(("enter addpubkeyoptions")) |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 if (!opts || *opts == ' ') { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 /* no option, success */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 ret = DROPBEAR_SUCCESS; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 goto end; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 ses.authstate.pubkey_options = (struct PubKeyOptions*)m_malloc(sizeof( struct PubKeyOptions )); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 while (*opts && *opts != ' ' && *opts != '\t') { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 cp = "no-port-forwarding"; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 dropbear_log(LOG_WARNING, "Port forwarding disabled."); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 ses.authstate.pubkey_options->no_port_forwarding_flag = 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 opts += strlen(cp); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 goto next_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 #ifdef ENABLE_AGENTFWD |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 cp = "no-agent-forwarding"; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 dropbear_log(LOG_WARNING, "Agent forwarding disabled."); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 ses.authstate.pubkey_options->no_agent_forwarding_flag = 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 opts += strlen(cp); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 goto next_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 #endif |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 #ifdef ENABLE_X11FWD |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 cp = "no-X11-forwarding"; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 dropbear_log(LOG_WARNING, "X11 forwarding disabled."); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 ses.authstate.pubkey_options->no_x11_forwarding_flag = 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
144 opts += strlen(cp); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 goto next_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 #endif |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 cp = "no-pty"; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 dropbear_log(LOG_WARNING, "Pty allocation disabled."); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 ses.authstate.pubkey_options->no_pty_flag = 1; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 opts += strlen(cp); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 goto next_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 cp = "command=\""; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
156 if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
157 opts += strlen(cp); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
158 ses.authstate.pubkey_options->forced_command = (char*)m_malloc(strlen(opts) + 1); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 i = 0; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
160 while (*opts) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
161 if (*opts == '"') |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 break; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 if (*opts == '\\' && opts[1] == '"') { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 opts += 2; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 ses.authstate.pubkey_options->forced_command[i++] = '"'; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 continue; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
168 ses.authstate.pubkey_options->forced_command[i++] = *opts++; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
169 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 if (!*opts) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 dropbear_log(LOG_WARNING, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 "Missing end quote in public key command option"); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 m_free(ses.authstate.pubkey_options->forced_command); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 ses.authstate.pubkey_options->forced_command = NULL; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 goto bad_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
176 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
177 ses.authstate.pubkey_options->forced_command[i] = '\0'; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 if (strlen(ses.authstate.pubkey_options->forced_command) > MAX_CMD_LEN) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 dropbear_log(LOG_WARNING, |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 "Public key option command too long (>MAX_CMD_LEN)."); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 m_free(ses.authstate.pubkey_options->forced_command); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
182 ses.authstate.pubkey_options->forced_command = NULL; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
183 goto bad_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 dropbear_log(LOG_WARNING, "Forced command '%s'", |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
186 ses.authstate.pubkey_options->forced_command); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 opts++; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 goto next_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 next_option: |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 /* |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 * Skip the comma, and move to the next option |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 * (or break out if there are no more). |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 if (!*opts) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 TRACE(("Bugs in svr-chansession.c pubkey option processing.")) |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 if (*opts == ' ' || *opts == '\t') { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 break; /* End of options. */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 if (*opts != ',') { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 goto bad_option; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
203 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 opts++; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 /* Process the next option. */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 /* parsed all options with no problem */ |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 ret = DROPBEAR_SUCCESS; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 goto end; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 bad_option: |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 ret = DROPBEAR_FAILURE; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 m_free(ses.authstate.pubkey_options); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 ses.authstate.pubkey_options = NULL; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 dropbear_log(LOG_WARNING, "Bad public key options : '%.50s'", opts); |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 end: |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 TRACE(("leave addpubkeyoptions")) |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 return ret; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
223 #endif |