Bugzilla – Attachment 1901 Details for
Bug 1800
PermitUserEnvironment accepting pattern of allowed userenv variables
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
diff for patching 5.5p1 and 5.4p1
permituserenvironment-allows-pattern.diff (text/plain), 9.45 KB, created by
Daniel Allen
on 2010-07-18 14:18:41 AEST
(
hide
)
Description:
diff for patching 5.5p1 and 5.4p1
Filename:
MIME Type:
Creator:
Daniel Allen
Created:
2010-07-18 14:18:41 AEST
Size:
9.45 KB
patch
obsolete
>diff -c openssh-5.4p1-make/ChangeLog openssh-5.4p1/ChangeLog >diff -c openssh-5.4p1-make/auth-options.c openssh-5.4p1/auth-options.c >*** openssh-5.4p1-make/auth-options.c Sun Mar 7 07:05:17 2010 >--- openssh-5.4p1/auth-options.c Tue May 25 17:21:53 2010 >*************** >*** 195,207 **** > goto bad_option; > } > s[i] = '\0'; >! auth_debug_add("Adding to environment: %.900s", s); >! debug("Adding to environment: %.900s", s); > opts++; >- new_envstring = xmalloc(sizeof(struct envstring)); >- new_envstring->s = s; >- new_envstring->next = custom_environment; >- custom_environment = new_envstring; > goto next_option; > } > cp = "from=\""; >--- 195,215 ---- > goto bad_option; > } > s[i] = '\0'; >! >! if ( strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0 || >! strncasecmp(s, options.permit_user_env, strlen(options.permit_user_env)) == 0) >! { >! >! auth_debug_add("Adding to environment: %.900s", s); >! >! debug("Adding to environment: %.900s (based on permitUserEnvironment=%.900s)", s, options.permit_user_env); >! new_envstring = xmalloc(sizeof(struct envstring)); >! new_envstring->s = s; >! new_envstring->next = custom_environment; >! custom_environment = new_envstring; >! } >! > opts++; > goto next_option; > } > cp = "from=\""; >diff -c openssh-5.4p1-make/servconf.c openssh-5.4p1/servconf.c >*** openssh-5.4p1-make/servconf.c Thu Mar 4 05:53:35 2010 >--- openssh-5.4p1/servconf.c Thu May 27 14:10:54 2010 >*************** >*** 98,104 **** > options->kbd_interactive_authentication = -1; > options->challenge_response_authentication = -1; > options->permit_empty_passwd = -1; >! options->permit_user_env = -1; > options->use_login = -1; > options->compression = -1; > options->allow_tcp_forwarding = -1; >--- 98,104 ---- > options->kbd_interactive_authentication = -1; > options->challenge_response_authentication = -1; > options->permit_empty_passwd = -1; >! options->permit_user_env = NULL; > options->use_login = -1; > options->compression = -1; > options->allow_tcp_forwarding = -1; >*************** >*** 224,231 **** > options->challenge_response_authentication = 1; > if (options->permit_empty_passwd == -1) > options->permit_empty_passwd = 0; >- if (options->permit_user_env == -1) >- options->permit_user_env = 0; > if (options->use_login == -1) > options->use_login = 0; > if (options->compression == -1) >--- 224,229 ---- >*************** >*** 981,990 **** > intptr = &options->permit_empty_passwd; > goto parse_flag; > >! case sPermitUserEnvironment: >! intptr = &options->permit_user_env; >! goto parse_flag; > > case sUseLogin: > intptr = &options->use_login; > goto parse_flag; >--- 979,996 ---- > intptr = &options->permit_empty_passwd; > goto parse_flag; > >! case sPermitUserEnvironment: >! arg = strdelim(&cp); >! if (!arg || *arg == '\0') >! fatal("%s line %d: missing yes/no/value argument.", >! filename, linenum); > >+ if (strcmp(arg, "no") == 0) >+ return 0; >+ else if (*activep && options->permit_user_env == NULL) >+ options->permit_user_env = xstrdup(arg); >+ return 0; >+ > case sUseLogin: > intptr = &options->use_login; > goto parse_flag; >*************** >*** 1452,1457 **** >--- 1458,1464 ---- > M_CP_STROPT(chroot_directory); > M_CP_STROPT(trusted_user_ca_keys); > M_CP_STROPT(revoked_keys_file); >+ M_CP_STROPT(permit_user_env); > } > > #undef M_CP_INTOPT >*************** >*** 1653,1659 **** > dump_cfg_fmtint(sStrictModes, o->strict_modes); > dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); > dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); >- dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); > dump_cfg_fmtint(sUseLogin, o->use_login); > dump_cfg_fmtint(sCompression, o->compression); > dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); >--- 1660,1665 ---- >*************** >*** 1673,1678 **** >--- 1679,1685 ---- > dump_cfg_string(sChrootDirectory, o->chroot_directory); > dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); > dump_cfg_string(sRevokedKeys, o->revoked_keys_file); >+ dump_cfg_string(sPermitUserEnvironment, o->permit_user_env); > > /* string arguments requiring a lookup */ > dump_cfg_string(sLogLevel, log_level_name(o->log_level)); >diff -c openssh-5.4p1-make/servconf.h openssh-5.4p1/servconf.h >*** openssh-5.4p1-make/servconf.h Thu Mar 4 05:53:35 2010 >--- openssh-5.4p1/servconf.h Fri May 21 17:32:52 2010 >*************** >*** 103,109 **** > /* If true, permit jpake auth */ > int permit_empty_passwd; /* If false, do not permit empty > * passwords. */ >! int permit_user_env; /* If true, read ~/.ssh/environment */ > int use_login; /* If true, login(1) is used */ > int compression; /* If true, compression is allowed */ > int allow_tcp_forwarding; >--- 103,109 ---- > /* If true, permit jpake auth */ > int permit_empty_passwd; /* If false, do not permit empty > * passwords. */ >! char *permit_user_env; /* If true or string, read ~/.ssh/environment */ > int use_login; /* If true, login(1) is used */ > int compression; /* If true, compression is allowed */ > int allow_tcp_forwarding; >diff -c openssh-5.4p1-make/session.c openssh-5.4p1/session.c >*** openssh-5.4p1-make/session.c Sun Mar 7 07:05:17 2010 >--- openssh-5.4p1/session.c Thu May 27 14:05:38 2010 >*************** >*** 992,1001 **** > * into the environment. If the file does not exist, this does nothing. > * Otherwise, it must consist of empty lines, comments (line starts with '#') > * and assignments of the form name=value. No other forms are allowed. > */ > static void > read_environment_file(char ***env, u_int *envsize, >! const char *filename) > { > FILE *f; > char buf[4096]; >--- 992,1003 ---- > * into the environment. If the file does not exist, this does nothing. > * Otherwise, it must consist of empty lines, comments (line starts with '#') > * and assignments of the form name=value. No other forms are allowed. >+ * If prefix is present, only adds/overrides the subset of variables whose >+ * names start with prefix (case-insensitive). > */ > static void > read_environment_file(char ***env, u_int *envsize, >! const char *filename, char *prefix) > { > FILE *f; > char buf[4096]; >*************** >*** 1028,1038 **** > */ > *value = '\0'; > value++; >! child_set_env(env, envsize, cp, value); > } > fclose(f); > } > > #ifdef HAVE_ETC_DEFAULT_LOGIN > /* > * Return named variable from specified environment, or NULL if not present. >--- 1030,1042 ---- > */ > *value = '\0'; > value++; >! if (prefix == NULL || strncasecmp(cp, prefix, strlen(prefix)) == 0) >! child_set_env(env, envsize, cp, value); > } > fclose(f); > } > >+ > #ifdef HAVE_ETC_DEFAULT_LOGIN > /* > * Return named variable from specified environment, or NULL if not present. >*************** >*** 1066,1072 **** > * so we use a temporary environment and copy the variables we're > * interested in. > */ >! read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login"); > > if (tmpenv == NULL) > return; >--- 1070,1076 ---- > * so we use a temporary environment and copy the variables we're > * interested in. > */ >! read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", NULL); > > if (tmpenv == NULL) > return; >*************** >*** 1258,1264 **** > > if ((cp = getenv("AUTHSTATE")) != NULL) > child_set_env(&env, &envsize, "AUTHSTATE", cp); >! read_environment_file(&env, &envsize, "/etc/environment"); > } > #endif > #ifdef KRB5 >--- 1262,1268 ---- > > if ((cp = getenv("AUTHSTATE")) != NULL) > child_set_env(&env, &envsize, "AUTHSTATE", cp); >! read_environment_file(&env, &envsize, "/etc/environment", NULL); > } > #endif > #ifdef KRB5 >*************** >*** 1289,1298 **** > auth_sock_name); > > /* read $HOME/.ssh/environment. */ >! if (options.permit_user_env && !options.use_login) { > snprintf(buf, sizeof buf, "%.200s/.ssh/environment", > strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); >! read_environment_file(&env, &envsize, buf); > } > if (debug_flag) { > /* dump the environment */ >--- 1293,1307 ---- > auth_sock_name); > > /* read $HOME/.ssh/environment. */ >! >! if (options.permit_user_env && !options.use_login) { >! > snprintf(buf, sizeof buf, "%.200s/.ssh/environment", > strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); >! if (strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0) >! read_environment_file(&env, &envsize, buf, NULL); >! else >! read_environment_file(&env, &envsize, buf, options.permit_user_env); > } > if (debug_flag) { > /* dump the environment */ >diff -c openssh-5.4p1-make/sshd_config.5 openssh-5.4p1/sshd_config.5 >*** openssh-5.4p1-make/sshd_config.5 Thu Mar 4 18:41:45 2010 >--- openssh-5.4p1/sshd_config.5 Thu May 27 16:11:39 2010 >*************** >*** 755,763 **** > .Pa ~/.ssh/authorized_keys > are processed by > .Xr sshd 8 . > The default is > .Dq no . >! Enabling environment processing may enable users to bypass access > restrictions in some configurations using mechanisms such as > .Ev LD_PRELOAD . > .It Cm PidFile >--- 755,769 ---- > .Pa ~/.ssh/authorized_keys > are processed by > .Xr sshd 8 . >+ Arguments may be >+ .Dq yes , >+ .Dq no , >+ or a single-word prefix for permitted user environment variables. > The default is > .Dq no . >! Enabling environment processing with >! .Dq yes >! is not recommended because it may enable users to bypass access > restrictions in some configurations using mechanisms such as > .Ev LD_PRELOAD . > .It Cm PidFile
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1901">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1800
:
1901
|
1903
|
2017
|
2098
|
2113
|
3012
|
3013