changeset 1830:c32976db772f

Merge
author Matt Johnston <matt@ucc.asn.au>
date Mon, 11 Oct 2021 15:46:49 +0800
parents a7cc3332d8ab (current diff) 1edf4f143e12 (diff)
children 0a3d02c66bf6
files cli-session.c svr-chansession.c
diffstat 14 files changed, 67 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/cli-auth.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/cli-auth.c	Mon Oct 11 15:46:49 2021 +0800
@@ -261,6 +261,9 @@
 	if DROPBEAR_CLI_IMMEDIATE_AUTH is set */
 
 	TRACE(("received msg_userauth_success"))
+	if (cli_opts.disable_trivial_auth && cli_ses.is_trivial_auth) {
+		dropbear_exit("trivial authentication not allowed");
+	}
 	/* Note: in delayed-zlib mode, setting authdone here 
 	 * will enable compression in the transport layer */
 	ses.authstate.authdone = 1;
--- a/cli-authinteract.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/cli-authinteract.c	Mon Oct 11 15:46:49 2021 +0800
@@ -114,6 +114,7 @@
 	m_free(instruction);
 
 	for (i = 0; i < num_prompts; i++) {
+		cli_ses.is_trivial_auth = 0;
 		unsigned int response_len = 0;
 		prompt = buf_getstring(ses.payload, NULL);
 		cleantext(prompt);
--- a/cli-authpasswd.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/cli-authpasswd.c	Mon Oct 11 15:46:49 2021 +0800
@@ -155,7 +155,7 @@
 
 	encrypt_packet();
 	m_burn(password, strlen(password));
-
+	cli_ses.is_trivial_auth = 0;
 	TRACE(("leave cli_auth_password"))
 }
 #endif	/* DROPBEAR_CLI_PASSWORD_AUTH */
--- a/cli-authpubkey.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/cli-authpubkey.c	Mon Oct 11 15:46:49 2021 +0800
@@ -176,6 +176,7 @@
 		buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
 		cli_buf_put_sign(ses.writepayload, key, sigtype, sigbuf);
 		buf_free(sigbuf); /* Nothing confidential in the buffer */
+		cli_ses.is_trivial_auth = 0;
 	}
 
 	encrypt_packet();
--- a/cli-runopts.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/cli-runopts.c	Mon Oct 11 15:46:49 2021 +0800
@@ -152,6 +152,7 @@
 #if DROPBEAR_CLI_ANYTCPFWD
 	cli_opts.exit_on_fwd_failure = 0;
 #endif
+	cli_opts.disable_trivial_auth = 0;
 #if DROPBEAR_CLI_LOCALTCPFWD
 	cli_opts.localfwds = list_new();
 	opts.listen_fwd_all = 0;
@@ -889,6 +890,7 @@
 #if DROPBEAR_CLI_ANYTCPFWD
 			"\tExitOnForwardFailure\n"
 #endif
+			"\tDisableTrivialAuth\n"
 #ifndef DISABLE_SYSLOG
 			"\tUseSyslog\n"
 #endif
@@ -916,5 +918,10 @@
 		return;
 	}
 
+	if (match_extendedopt(&optstr, "DisableTrivialAuth") == DROPBEAR_SUCCESS) {
+		cli_opts.disable_trivial_auth = parse_flag_value(optstr);
+		return;
+	}
+
 	dropbear_log(LOG_WARNING, "Ignoring unknown configuration option '%s'", origstr);
 }
--- a/cli-session.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/cli-session.c	Mon Oct 11 15:46:49 2021 +0800
@@ -165,6 +165,7 @@
 	/* Auth */
 	cli_ses.lastprivkey = NULL;
 	cli_ses.lastauthtype = 0;
+	cli_ses.is_trivial_auth = 1;
 
 	/* For printing "remote host closed" for the user */
 	ses.remoteclosed = cli_remoteclosed;
--- a/dropbear.8	Mon Oct 11 15:42:14 2021 +0800
+++ b/dropbear.8	Mon Oct 11 15:46:49 2021 +0800
@@ -35,6 +35,12 @@
 .B \-E
 Log to standard error rather than syslog.
 .TP
+.B \-e
+Pass on the server environment to all child processes. This is required, for example,
+if Dropbear is launched on the fly from a SLURM workload manager. The environment is not
+passed by default. Note that this could expose secrets in environment variables from 
+the calling process - use with caution.
+.TP
 .B \-m
 Don't display the message of the day on login.
 .TP
@@ -135,6 +141,10 @@
 same functionality with other means even if no-pty is set.
 
 .TP
+.B restrict
+Applies all the no- restrictions listed above.
+
+.TP
 .B command=\fR"\fIforced_command\fR"
 Disregard the command provided by the user and always run \fIforced_command\fR.
 The -c command line option overrides this.
--- a/runopts.h	Mon Oct 11 15:42:14 2021 +0800
+++ b/runopts.h	Mon Oct 11 15:46:49 2021 +0800
@@ -130,6 +130,8 @@
         char *pubkey_plugin_options;
 #endif
 
+	int pass_on_env;
+
 } svr_runopts;
 
 extern svr_runopts svr_opts;
@@ -159,6 +161,7 @@
 #if DROPBEAR_CLI_ANYTCPFWD
 	int exit_on_fwd_failure;
 #endif
+	int disable_trivial_auth;
 #if DROPBEAR_CLI_REMOTETCPFWD
 	m_list * remotefwds;
 #endif
--- a/scp.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/scp.c	Mon Oct 11 15:46:49 2021 +0800
@@ -185,7 +185,7 @@
 }
 
 int
-do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
+do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
 {
 	int pin[2], pout[2], reserved[2];
 
@@ -532,8 +532,7 @@
 				bp = xmalloc(len);
 				(void) snprintf(bp, len, "%s -t %s", cmd, targ);
 				host = cleanhostname(thost);
-				if (do_cmd(host, tuser, bp, &remin,
-				    &remout, argc) < 0)
+				if (do_cmd(host, tuser, bp, &remin, &remout) < 0)
 					exit(1);
 				if (response() < 0)
 					exit(1);
@@ -584,7 +583,7 @@
 		len = strlen(src) + CMDNEEDS + 20;
 		bp = xmalloc(len);
 		(void) snprintf(bp, len, "%s -f %s", cmd, src);
-		if (do_cmd(host, suser, bp, &remin, &remout, argc) < 0) {
+		if (do_cmd(host, suser, bp, &remin, &remout) < 0) {
 			(void) xfree(bp);
 			++errs;
 			continue;
--- a/session.h	Mon Oct 11 15:42:14 2021 +0800
+++ b/session.h	Mon Oct 11 15:46:49 2021 +0800
@@ -316,6 +316,7 @@
 
 	int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
 						 for the last type of auth we tried */
+	int is_trivial_auth;
 	int ignore_next_auth_response;
 #if DROPBEAR_CLI_INTERACT_AUTH
 	int auth_interact_failed; /* flag whether interactive auth can still
--- a/signkey.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/signkey.c	Mon Oct 11 15:46:49 2021 +0800
@@ -568,7 +568,7 @@
 	buflen = 7 + 3*SHA1_HASH_SIZE;
 	ret = (char*)m_malloc(buflen);
 
-	strcpy(ret, "sha1!! ");
+	strcpy(ret, "sha1 ");
 
 	for (i = 0; i < SHA1_HASH_SIZE; i++) {
 		unsigned int pos = 7 + 3*i;
--- a/svr-authpubkeyoptions.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/svr-authpubkeyoptions.c	Mon Oct 11 15:46:49 2021 +0800
@@ -166,6 +166,18 @@
 			ses.authstate.pubkey_options->no_pty_flag = 1;
 			goto next_option;
 		}
+		if (match_option(options_buf, "restrict") == DROPBEAR_SUCCESS) {
+			dropbear_log(LOG_WARNING, "Restrict option set");
+			ses.authstate.pubkey_options->no_port_forwarding_flag = 1;
+#if DROPBEAR_SVR_AGENTFWD
+			ses.authstate.pubkey_options->no_agent_forwarding_flag = 1;
+#endif
+#if DROPBEAR_X11FWD
+			ses.authstate.pubkey_options->no_x11_forwarding_flag = 1;
+#endif
+			ses.authstate.pubkey_options->no_pty_flag = 1;
+			goto next_option;
+		}
 		if (match_option(options_buf, "command=\"") == DROPBEAR_SUCCESS) {
 			int escaped = 0;
 			const unsigned char* command_start = buf_getptr(options_buf, 0);
--- a/svr-chansession.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/svr-chansession.c	Mon Oct 11 15:46:49 2021 +0800
@@ -933,6 +933,11 @@
 static void execchild(const void *user_data) {
 	const struct ChanSess *chansess = user_data;
 	char *usershell = NULL;
+	char *cp = NULL;
+	char *envcp = getenv("LANG");
+	if (envcp != NULL) {
+		cp = m_strdup(envcp);
+	}
 
 	/* with uClinux we'll have vfork()ed, so don't want to overwrite the
 	 * hostkey. can't think of a workaround to clear it */
@@ -945,19 +950,21 @@
 	seedrandom();
 #endif
 
-	/* clear environment */
+	/* clear environment if -e was not set */
 	/* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD
 	 * etc. This is hazardous, so should only be used for debugging. */
+	if ( !svr_opts.pass_on_env) {
 #ifndef DEBUG_VALGRIND
 #ifdef HAVE_CLEARENV
-	clearenv();
+		clearenv();
 #else /* don't HAVE_CLEARENV */
-	/* Yay for posix. */
-	if (environ) {
-		environ[0] = NULL;
-	}
+		/* Yay for posix. */
+		if (environ) {
+			environ[0] = NULL;
+		}
 #endif /* HAVE_CLEARENV */
 #endif /* DEBUG_VALGRIND */
+	}
 
 #if DROPBEAR_SVR_MULTIUSER
 	/* We can only change uid/gid as root ... */
@@ -991,6 +998,10 @@
 	addnewvar("HOME", ses.authstate.pw_dir);
 	addnewvar("SHELL", get_user_shell());
 	addnewvar("PATH", DEFAULT_PATH);
+	if (cp != NULL) {
+		addnewvar("LANG", cp);
+		m_free(cp);
+	}	
 	if (chansess->term != NULL) {
 		addnewvar("TERM", chansess->term);
 	}
--- a/svr-runopts.c	Mon Oct 11 15:42:14 2021 +0800
+++ b/svr-runopts.c	Mon Oct 11 15:46:49 2021 +0800
@@ -64,6 +64,7 @@
 					"-R		Create hostkeys as required\n" 
 #endif
 					"-F		Don't fork into background\n"
+					"-e		Pass on server process environment to child process\n"
 #ifdef DISABLE_SYSLOG
 					"(Syslog support not compiled in, using stderr)\n"
 #else
@@ -173,6 +174,7 @@
         svr_opts.pubkey_plugin = NULL;
         svr_opts.pubkey_plugin_options = NULL;
 #endif
+	svr_opts.pass_on_env = 0;
 
 #ifndef DISABLE_ZLIB
 	opts.compress_mode = DROPBEAR_COMPRESS_DELAYED;
@@ -223,6 +225,10 @@
 					opts.usingsyslog = 0;
 					break;
 #endif
+				case 'e':
+					svr_opts.pass_on_env = 1;
+					break;
+
 #if DROPBEAR_SVR_LOCALTCPFWD
 				case 'j':
 					svr_opts.nolocaltcp = 1;