Mercurial > dropbear
comparison svr-authpubkey.c @ 475:52a644e7b8e1 pubkey-options
* Patch from Frédéric Moulins adding options to authorized_keys.
Needs review.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 08 Sep 2008 15:14:02 +0000 |
| parents | 4317be8b7cf9 |
| children | df7f7da7f6e4 |
comparison
equal
deleted
inserted
replaced
| 474:f33b0898aaa6 | 475:52a644e7b8e1 |
|---|---|
| 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
| 20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | 20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
| 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
| 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
| 23 * SOFTWARE. */ | 23 * SOFTWARE. */ |
| 24 /* | |
| 25 * This file incorporates work covered by the following copyright and | |
| 26 * permission notice: | |
| 27 * | |
| 28 * Copyright (c) 2000 Markus Friedl. All rights reserved. | |
| 29 * | |
| 30 * Redistribution and use in source and binary forms, with or without | |
| 31 * modification, are permitted provided that the following conditions | |
| 32 * are met: | |
| 33 * 1. Redistributions of source code must retain the above copyright | |
| 34 * notice, this list of conditions and the following disclaimer. | |
| 35 * 2. Redistributions in binary form must reproduce the above copyright | |
| 36 * notice, this list of conditions and the following disclaimer in the | |
| 37 * documentation and/or other materials provided with the distribution. | |
| 38 * | |
| 39 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
| 40 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
| 41 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 42 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
| 43 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
| 44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 45 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
| 46 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
| 47 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
| 48 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 49 * | |
| 50 * This copyright and permission notice applies to the code parsing public keys | |
| 51 * options string which can also be found in OpenSSH auth2-pubkey.c file | |
| 52 * (user_key_allowed2). It has been adapted to work with buffers. | |
| 53 * | |
| 54 */ | |
| 24 | 55 |
| 25 /* Process a pubkey auth request */ | 56 /* Process a pubkey auth request */ |
| 26 | 57 |
| 27 #include "includes.h" | 58 #include "includes.h" |
| 28 #include "session.h" | 59 #include "session.h" |
| 156 | 187 |
| 157 FILE * authfile = NULL; | 188 FILE * authfile = NULL; |
| 158 char * filename = NULL; | 189 char * filename = NULL; |
| 159 int ret = DROPBEAR_FAILURE; | 190 int ret = DROPBEAR_FAILURE; |
| 160 buffer * line = NULL; | 191 buffer * line = NULL; |
| 161 unsigned int len, pos; | 192 unsigned int len, pos, quoted; |
| 162 | 193 const char *options = NULL; |
| 194 | |
| 163 TRACE(("enter checkpubkey")) | 195 TRACE(("enter checkpubkey")) |
| 164 | 196 |
| 165 /* check that we can use the algo */ | 197 /* check that we can use the algo */ |
| 166 if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) { | 198 if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) { |
| 167 dropbear_log(LOG_WARNING, | 199 dropbear_log(LOG_WARNING, |
| 194 | 226 |
| 195 line = buf_new(MAX_AUTHKEYS_LINE); | 227 line = buf_new(MAX_AUTHKEYS_LINE); |
| 196 | 228 |
| 197 /* iterate through the lines */ | 229 /* iterate through the lines */ |
| 198 do { | 230 do { |
| 231 /* new line : potentially new options */ | |
| 232 options = NULL; | |
| 199 | 233 |
| 200 if (buf_getline(line, authfile) == DROPBEAR_FAILURE) { | 234 if (buf_getline(line, authfile) == DROPBEAR_FAILURE) { |
| 201 /* EOF reached */ | 235 /* EOF reached */ |
| 202 TRACE(("checkpubkey: authorized_keys EOF reached")) | 236 TRACE(("checkpubkey: authorized_keys EOF reached")) |
| 203 break; | 237 break; |
| 206 if (line->len < MIN_AUTHKEYS_LINE) { | 240 if (line->len < MIN_AUTHKEYS_LINE) { |
| 207 TRACE(("checkpubkey: line too short")) | 241 TRACE(("checkpubkey: line too short")) |
| 208 continue; /* line is too short for it to be a valid key */ | 242 continue; /* line is too short for it to be a valid key */ |
| 209 } | 243 } |
| 210 | 244 |
| 211 /* check the key type - this also stops us from using keys | 245 /* check the key type - will fail if there are options */ |
| 212 * which have options with them */ | |
| 213 if (strncmp(buf_getptr(line, algolen), algo, algolen) != 0) { | 246 if (strncmp(buf_getptr(line, algolen), algo, algolen) != 0) { |
| 214 continue; | 247 /* there may be options or a commented line */ |
| 248 if ('#' == line->data[line->pos]) continue; | |
| 249 /* no comment, skip to next space character */ | |
| 250 len = 0; | |
| 251 pos = line->pos; | |
| 252 options = buf_getptr(line, 1); | |
| 253 quoted = 0; | |
| 254 while (line->data[pos] | |
| 255 && (quoted || (line->data[pos] != ' ' | |
| 256 && line->data[pos] != '\t' | |
| 257 && line->data[pos] != '\n' | |
| 258 && line->data[pos] != '\r'))) { | |
| 259 pos++; | |
| 260 if (line->data[pos] == '\\' | |
| 261 && line->data[pos+1] == '"') { | |
| 262 pos++; /* skip both */ | |
| 263 } else if (line->data[pos] == '"') | |
| 264 quoted = !quoted; | |
| 265 } /* line->data[pos] == ['\0'|' '|'\t'] */ | |
| 266 | |
| 267 /* skip line if there is nothing left */ | |
| 268 if (pos >= line->len) continue; | |
| 269 /* skip line if it begins with a space or tab character */ | |
| 270 if (pos == line->pos) continue; | |
| 271 /* set the position of the line after what we have read */ | |
| 272 buf_setpos(line, pos+1); | |
| 273 /* give a second chance to the algo */ | |
| 274 if (line->pos + algolen > line->len) continue; | |
| 275 if (strncmp(buf_getptr(line, algolen), algo, algolen) != 0) { | |
| 276 continue; | |
| 277 } | |
| 215 } | 278 } |
| 216 buf_incrpos(line, algolen); | 279 buf_incrpos(line, algolen); |
| 217 | 280 |
| 218 /* check for space (' ') character */ | 281 /* check for space (' ') character */ |
| 219 if (buf_getbyte(line) != ' ') { | 282 if (buf_getbyte(line) != ' ') { |
| 230 buf_setlen(line, line->pos + len); | 293 buf_setlen(line, line->pos + len); |
| 231 | 294 |
| 232 TRACE(("checkpubkey: line pos = %d len = %d", line->pos, line->len)) | 295 TRACE(("checkpubkey: line pos = %d len = %d", line->pos, line->len)) |
| 233 | 296 |
| 234 ret = cmp_base64_key(keyblob, keybloblen, algo, algolen, line, NULL); | 297 ret = cmp_base64_key(keyblob, keybloblen, algo, algolen, line, NULL); |
| 298 | |
| 299 if (ret == DROPBEAR_SUCCESS) { | |
| 300 ret = svr_add_pubkey_options(options); | |
| 301 } | |
| 302 | |
| 235 if (ret == DROPBEAR_SUCCESS) { | 303 if (ret == DROPBEAR_SUCCESS) { |
| 236 break; | 304 break; |
| 237 } | 305 } |
| 238 | 306 |
| 239 /* We continue to the next line otherwise */ | 307 /* We continue to the next line otherwise */ |
| 341 | 409 |
| 342 TRACE(("leave checkfileperm: success")) | 410 TRACE(("leave checkfileperm: success")) |
| 343 return DROPBEAR_SUCCESS; | 411 return DROPBEAR_SUCCESS; |
| 344 } | 412 } |
| 345 | 413 |
| 346 | 414 #endif |
| 347 #endif |