Mercurial > dropbear
comparison svr-authpubkeyoptions.c @ 1732:2f5d797d9811
Don't choke on disabled authorized_keys(5) options
As of 2020.79 X11 forwarding is disabled at build time, which could lock
out users with authorized_keys(5) files containing ‘no-X11-forwarding’
options.
author | Guilhem Moulin <guilhem@debian.org> |
---|---|
date | Fri, 26 Jun 2020 20:56:03 +0800 |
parents | 6a6a0bac52f4 |
children | 587c76726b5f |
comparison
equal
deleted
inserted
replaced
1731:cddc90de1b6f | 1732:2f5d797d9811 |
---|---|
145 if (match_option(options_buf, "no-port-forwarding") == DROPBEAR_SUCCESS) { | 145 if (match_option(options_buf, "no-port-forwarding") == DROPBEAR_SUCCESS) { |
146 dropbear_log(LOG_WARNING, "Port forwarding disabled."); | 146 dropbear_log(LOG_WARNING, "Port forwarding disabled."); |
147 ses.authstate.pubkey_options->no_port_forwarding_flag = 1; | 147 ses.authstate.pubkey_options->no_port_forwarding_flag = 1; |
148 goto next_option; | 148 goto next_option; |
149 } | 149 } |
150 if (match_option(options_buf, "no-agent-forwarding") == DROPBEAR_SUCCESS) { | |
150 #if DROPBEAR_SVR_AGENTFWD | 151 #if DROPBEAR_SVR_AGENTFWD |
151 if (match_option(options_buf, "no-agent-forwarding") == DROPBEAR_SUCCESS) { | |
152 dropbear_log(LOG_WARNING, "Agent forwarding disabled."); | 152 dropbear_log(LOG_WARNING, "Agent forwarding disabled."); |
153 ses.authstate.pubkey_options->no_agent_forwarding_flag = 1; | 153 ses.authstate.pubkey_options->no_agent_forwarding_flag = 1; |
154 goto next_option; | 154 #endif |
155 } | 155 goto next_option; |
156 #endif | 156 } |
157 if (match_option(options_buf, "no-X11-forwarding") == DROPBEAR_SUCCESS) { | |
157 #if DROPBEAR_X11FWD | 158 #if DROPBEAR_X11FWD |
158 if (match_option(options_buf, "no-X11-forwarding") == DROPBEAR_SUCCESS) { | |
159 dropbear_log(LOG_WARNING, "X11 forwarding disabled."); | 159 dropbear_log(LOG_WARNING, "X11 forwarding disabled."); |
160 ses.authstate.pubkey_options->no_x11_forwarding_flag = 1; | 160 ses.authstate.pubkey_options->no_x11_forwarding_flag = 1; |
161 goto next_option; | 161 #endif |
162 } | 162 goto next_option; |
163 #endif | 163 } |
164 if (match_option(options_buf, "no-pty") == DROPBEAR_SUCCESS) { | 164 if (match_option(options_buf, "no-pty") == DROPBEAR_SUCCESS) { |
165 dropbear_log(LOG_WARNING, "Pty allocation disabled."); | 165 dropbear_log(LOG_WARNING, "Pty allocation disabled."); |
166 ses.authstate.pubkey_options->no_pty_flag = 1; | 166 ses.authstate.pubkey_options->no_pty_flag = 1; |
167 goto next_option; | 167 goto next_option; |
168 } | 168 } |