# HG changeset patch # User Matt Johnston # Date 1633938409 -28800 # Node ID c32976db772fee6f3699a3524301dae7584bcd38 # Parent a7cc3332d8abea9dc420c2b4b9b2ffb2b627c4a8# Parent 1edf4f143e12d2b0d3a15ddbca9a38425e58e77e Merge diff -r a7cc3332d8ab -r c32976db772f cli-auth.c --- a/cli-auth.c Mon Oct 11 15:42:14 2021 +0800 +++ b/cli-auth.c Mon Oct 11 15:46:49 2021 +0800 @@ -261,6 +261,9 @@ if DROPBEAR_CLI_IMMEDIATE_AUTH is set */ TRACE(("received msg_userauth_success")) + if (cli_opts.disable_trivial_auth && cli_ses.is_trivial_auth) { + dropbear_exit("trivial authentication not allowed"); + } /* Note: in delayed-zlib mode, setting authdone here * will enable compression in the transport layer */ ses.authstate.authdone = 1; diff -r a7cc3332d8ab -r c32976db772f cli-authinteract.c --- a/cli-authinteract.c Mon Oct 11 15:42:14 2021 +0800 +++ b/cli-authinteract.c Mon Oct 11 15:46:49 2021 +0800 @@ -114,6 +114,7 @@ m_free(instruction); for (i = 0; i < num_prompts; i++) { + cli_ses.is_trivial_auth = 0; unsigned int response_len = 0; prompt = buf_getstring(ses.payload, NULL); cleantext(prompt); diff -r a7cc3332d8ab -r c32976db772f cli-authpasswd.c --- a/cli-authpasswd.c Mon Oct 11 15:42:14 2021 +0800 +++ b/cli-authpasswd.c Mon Oct 11 15:46:49 2021 +0800 @@ -155,7 +155,7 @@ encrypt_packet(); m_burn(password, strlen(password)); - + cli_ses.is_trivial_auth = 0; TRACE(("leave cli_auth_password")) } #endif /* DROPBEAR_CLI_PASSWORD_AUTH */ diff -r a7cc3332d8ab -r c32976db772f cli-authpubkey.c --- a/cli-authpubkey.c Mon Oct 11 15:42:14 2021 +0800 +++ b/cli-authpubkey.c Mon Oct 11 15:46:49 2021 +0800 @@ -176,6 +176,7 @@ buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len); cli_buf_put_sign(ses.writepayload, key, sigtype, sigbuf); buf_free(sigbuf); /* Nothing confidential in the buffer */ + cli_ses.is_trivial_auth = 0; } encrypt_packet(); diff -r a7cc3332d8ab -r c32976db772f cli-runopts.c --- a/cli-runopts.c Mon Oct 11 15:42:14 2021 +0800 +++ b/cli-runopts.c Mon Oct 11 15:46:49 2021 +0800 @@ -152,6 +152,7 @@ #if DROPBEAR_CLI_ANYTCPFWD cli_opts.exit_on_fwd_failure = 0; #endif + cli_opts.disable_trivial_auth = 0; #if DROPBEAR_CLI_LOCALTCPFWD cli_opts.localfwds = list_new(); opts.listen_fwd_all = 0; @@ -889,6 +890,7 @@ #if DROPBEAR_CLI_ANYTCPFWD "\tExitOnForwardFailure\n" #endif + "\tDisableTrivialAuth\n" #ifndef DISABLE_SYSLOG "\tUseSyslog\n" #endif @@ -916,5 +918,10 @@ return; } + if (match_extendedopt(&optstr, "DisableTrivialAuth") == DROPBEAR_SUCCESS) { + cli_opts.disable_trivial_auth = parse_flag_value(optstr); + return; + } + dropbear_log(LOG_WARNING, "Ignoring unknown configuration option '%s'", origstr); } diff -r a7cc3332d8ab -r c32976db772f cli-session.c --- a/cli-session.c Mon Oct 11 15:42:14 2021 +0800 +++ b/cli-session.c Mon Oct 11 15:46:49 2021 +0800 @@ -165,6 +165,7 @@ /* Auth */ cli_ses.lastprivkey = NULL; cli_ses.lastauthtype = 0; + cli_ses.is_trivial_auth = 1; /* For printing "remote host closed" for the user */ ses.remoteclosed = cli_remoteclosed; diff -r a7cc3332d8ab -r c32976db772f dropbear.8 --- a/dropbear.8 Mon Oct 11 15:42:14 2021 +0800 +++ b/dropbear.8 Mon Oct 11 15:46:49 2021 +0800 @@ -35,6 +35,12 @@ .B \-E Log to standard error rather than syslog. .TP +.B \-e +Pass on the server environment to all child processes. This is required, for example, +if Dropbear is launched on the fly from a SLURM workload manager. The environment is not +passed by default. Note that this could expose secrets in environment variables from +the calling process - use with caution. +.TP .B \-m Don't display the message of the day on login. .TP @@ -135,6 +141,10 @@ same functionality with other means even if no-pty is set. .TP +.B restrict +Applies all the no- restrictions listed above. + +.TP .B command=\fR"\fIforced_command\fR" Disregard the command provided by the user and always run \fIforced_command\fR. The -c command line option overrides this. diff -r a7cc3332d8ab -r c32976db772f runopts.h --- a/runopts.h Mon Oct 11 15:42:14 2021 +0800 +++ b/runopts.h Mon Oct 11 15:46:49 2021 +0800 @@ -130,6 +130,8 @@ char *pubkey_plugin_options; #endif + int pass_on_env; + } svr_runopts; extern svr_runopts svr_opts; @@ -159,6 +161,7 @@ #if DROPBEAR_CLI_ANYTCPFWD int exit_on_fwd_failure; #endif + int disable_trivial_auth; #if DROPBEAR_CLI_REMOTETCPFWD m_list * remotefwds; #endif diff -r a7cc3332d8ab -r c32976db772f scp.c --- a/scp.c Mon Oct 11 15:42:14 2021 +0800 +++ b/scp.c Mon Oct 11 15:46:49 2021 +0800 @@ -185,7 +185,7 @@ } int -do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) +do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) { int pin[2], pout[2], reserved[2]; @@ -532,8 +532,7 @@ bp = xmalloc(len); (void) snprintf(bp, len, "%s -t %s", cmd, targ); host = cleanhostname(thost); - if (do_cmd(host, tuser, bp, &remin, - &remout, argc) < 0) + if (do_cmd(host, tuser, bp, &remin, &remout) < 0) exit(1); if (response() < 0) exit(1); @@ -584,7 +583,7 @@ len = strlen(src) + CMDNEEDS + 20; bp = xmalloc(len); (void) snprintf(bp, len, "%s -f %s", cmd, src); - if (do_cmd(host, suser, bp, &remin, &remout, argc) < 0) { + if (do_cmd(host, suser, bp, &remin, &remout) < 0) { (void) xfree(bp); ++errs; continue; diff -r a7cc3332d8ab -r c32976db772f session.h --- a/session.h Mon Oct 11 15:42:14 2021 +0800 +++ b/session.h Mon Oct 11 15:46:49 2021 +0800 @@ -316,6 +316,7 @@ int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD, for the last type of auth we tried */ + int is_trivial_auth; int ignore_next_auth_response; #if DROPBEAR_CLI_INTERACT_AUTH int auth_interact_failed; /* flag whether interactive auth can still diff -r a7cc3332d8ab -r c32976db772f signkey.c --- a/signkey.c Mon Oct 11 15:42:14 2021 +0800 +++ b/signkey.c Mon Oct 11 15:46:49 2021 +0800 @@ -568,7 +568,7 @@ buflen = 7 + 3*SHA1_HASH_SIZE; ret = (char*)m_malloc(buflen); - strcpy(ret, "sha1!! "); + strcpy(ret, "sha1 "); for (i = 0; i < SHA1_HASH_SIZE; i++) { unsigned int pos = 7 + 3*i; diff -r a7cc3332d8ab -r c32976db772f svr-authpubkeyoptions.c --- a/svr-authpubkeyoptions.c Mon Oct 11 15:42:14 2021 +0800 +++ b/svr-authpubkeyoptions.c Mon Oct 11 15:46:49 2021 +0800 @@ -166,6 +166,18 @@ ses.authstate.pubkey_options->no_pty_flag = 1; goto next_option; } + if (match_option(options_buf, "restrict") == DROPBEAR_SUCCESS) { + dropbear_log(LOG_WARNING, "Restrict option set"); + ses.authstate.pubkey_options->no_port_forwarding_flag = 1; +#if DROPBEAR_SVR_AGENTFWD + ses.authstate.pubkey_options->no_agent_forwarding_flag = 1; +#endif +#if DROPBEAR_X11FWD + ses.authstate.pubkey_options->no_x11_forwarding_flag = 1; +#endif + ses.authstate.pubkey_options->no_pty_flag = 1; + goto next_option; + } if (match_option(options_buf, "command=\"") == DROPBEAR_SUCCESS) { int escaped = 0; const unsigned char* command_start = buf_getptr(options_buf, 0); diff -r a7cc3332d8ab -r c32976db772f svr-chansession.c --- a/svr-chansession.c Mon Oct 11 15:42:14 2021 +0800 +++ b/svr-chansession.c Mon Oct 11 15:46:49 2021 +0800 @@ -933,6 +933,11 @@ static void execchild(const void *user_data) { const struct ChanSess *chansess = user_data; char *usershell = NULL; + char *cp = NULL; + char *envcp = getenv("LANG"); + if (envcp != NULL) { + cp = m_strdup(envcp); + } /* with uClinux we'll have vfork()ed, so don't want to overwrite the * hostkey. can't think of a workaround to clear it */ @@ -945,19 +950,21 @@ seedrandom(); #endif - /* clear environment */ + /* clear environment if -e was not set */ /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD * etc. This is hazardous, so should only be used for debugging. */ + if ( !svr_opts.pass_on_env) { #ifndef DEBUG_VALGRIND #ifdef HAVE_CLEARENV - clearenv(); + clearenv(); #else /* don't HAVE_CLEARENV */ - /* Yay for posix. */ - if (environ) { - environ[0] = NULL; - } + /* Yay for posix. */ + if (environ) { + environ[0] = NULL; + } #endif /* HAVE_CLEARENV */ #endif /* DEBUG_VALGRIND */ + } #if DROPBEAR_SVR_MULTIUSER /* We can only change uid/gid as root ... */ @@ -991,6 +998,10 @@ addnewvar("HOME", ses.authstate.pw_dir); addnewvar("SHELL", get_user_shell()); addnewvar("PATH", DEFAULT_PATH); + if (cp != NULL) { + addnewvar("LANG", cp); + m_free(cp); + } if (chansess->term != NULL) { addnewvar("TERM", chansess->term); } diff -r a7cc3332d8ab -r c32976db772f svr-runopts.c --- a/svr-runopts.c Mon Oct 11 15:42:14 2021 +0800 +++ b/svr-runopts.c Mon Oct 11 15:46:49 2021 +0800 @@ -64,6 +64,7 @@ "-R Create hostkeys as required\n" #endif "-F Don't fork into background\n" + "-e Pass on server process environment to child process\n" #ifdef DISABLE_SYSLOG "(Syslog support not compiled in, using stderr)\n" #else @@ -173,6 +174,7 @@ svr_opts.pubkey_plugin = NULL; svr_opts.pubkey_plugin_options = NULL; #endif + svr_opts.pass_on_env = 0; #ifndef DISABLE_ZLIB opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; @@ -223,6 +225,10 @@ opts.usingsyslog = 0; break; #endif + case 'e': + svr_opts.pass_on_env = 1; + break; + #if DROPBEAR_SVR_LOCALTCPFWD case 'j': svr_opts.nolocaltcp = 1;