Attachment 2098 Details for Bug 1800 – patch for PermitUserEnvironment against 5.9p1

[patch] patch for PermitUserEnvironment against 5.9p1

bugzilla-1800-5.9p1.diff (text/plain), 7.03 KB, created by Daniel Allen on 2011-10-14 05:37:12 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Daniel Allen

Created: 2011-10-14 05:37:12 AEDT

Size: 7.03 KB

patch

obsolete

>diff -u openssh-5.9p1/auth-options.c openssh-5.9p1-patched/auth-options.c
>--- openssh-5.9p1/auth-options.c	2011-01-06 06:44:18.000000000 -0500
>+++ openssh-5.9p1-patched/auth-options.c	2011-09-06 16:37:44.234674608 -0400
>@@ -236,13 +236,21 @@
> 				goto bad_option;
> 			}
> 			s[i] = '\0';
>-			auth_debug_add("Adding to environment: %.900s", s);
>-			debug("Adding to environment: %.900s", s);
>+			
>+			if ( strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0 || 
>+			     strncasecmp(s, options.permit_user_env, strlen(options.permit_user_env)) == 0)
>+				{
>+			    
>+					auth_debug_add("Adding to environment: %.900s", s);
>+
>+					debug("Adding to environment: %.900s (based on permitUserEnvironment=%.900s)", s, options.permit_user_env);
>+					new_envstring = xmalloc(sizeof(struct envstring));
>+					new_envstring->s = s;
>+					new_envstring->next = custom_environment;
>+					custom_environment = new_envstring;
>+				}
>+			
> 			opts++;
>-			new_envstring = xmalloc(sizeof(struct envstring));
>-			new_envstring->s = s;
>-			new_envstring->next = custom_environment;
>-			custom_environment = new_envstring;
> 			goto next_option;
> 		}
> 		cp = "from=\"";
>diff -u openssh-5.9p1/servconf.c openssh-5.9p1-patched/servconf.c
>--- openssh-5.9p1/servconf.c	2011-06-22 18:30:03.000000000 -0400
>+++ openssh-5.9p1-patched/servconf.c	2011-09-06 16:39:13.402550488 -0400
>@@ -102,7 +102,7 @@
> 	options->kbd_interactive_authentication = -1;
> 	options->challenge_response_authentication = -1;
> 	options->permit_empty_passwd = -1;
>-	options->permit_user_env = -1;
>+	options->permit_user_env = NULL;
> 	options->use_login = -1;
> 	options->compression = -1;
> 	options->allow_tcp_forwarding = -1;
>@@ -235,8 +235,6 @@
> 		options->challenge_response_authentication = 1;
> 	if (options->permit_empty_passwd == -1)
> 		options->permit_empty_passwd = 0;
>-	if (options->permit_user_env == -1)
>-		options->permit_user_env = 0;
> 	if (options->use_login == -1)
> 		options->use_login = 0;
> 	if (options->compression == -1)
>@@ -1018,10 +1016,18 @@
> 		intptr = &options->permit_empty_passwd;
> 		goto parse_flag;
> 
>-	case sPermitUserEnvironment:
>-		intptr = &options->permit_user_env;
>-		goto parse_flag;
>+        case sPermitUserEnvironment:
>+		arg = strdelim(&cp);
>+		if (!arg || *arg == '\0')
>+			fatal("%s line %d: missing yes/no/value argument.", 
>+			      filename, linenum);
> 
>+		if (strcmp(arg, "no") == 0)
>+			return 0;
>+		else if (*activep && options->permit_user_env == NULL)
>+			options->permit_user_env = xstrdup(arg);
>+		return 0;
>+		
> 	case sUseLogin:
> 		intptr = &options->use_login;
> 		goto parse_flag;
>@@ -1526,6 +1532,7 @@
> 
> 	M_CP_STROPT(adm_forced_command);
> 	M_CP_STROPT(chroot_directory);
>+	M_CP_STROPT(permit_user_env);
> }
> 
> #undef M_CP_INTOPT
>@@ -1738,7 +1745,6 @@
> 	dump_cfg_fmtint(sStrictModes, o->strict_modes);
> 	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
> 	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
>-	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
> 	dump_cfg_fmtint(sUseLogin, o->use_login);
> 	dump_cfg_fmtint(sCompression, o->compression);
> 	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
>@@ -1756,6 +1762,7 @@
> 	dump_cfg_string(sChrootDirectory, o->chroot_directory);
> 	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
> 	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
>+	dump_cfg_string(sPermitUserEnvironment, o->permit_user_env);
> 	dump_cfg_string(sAuthorizedPrincipalsFile,
> 	    o->authorized_principals_file);
> 
>diff -u openssh-5.9p1/servconf.h openssh-5.9p1-patched/servconf.h
>--- openssh-5.9p1/servconf.h	2011-06-22 18:30:03.000000000 -0400
>+++ openssh-5.9p1-patched/servconf.h	2011-09-06 16:37:44.234674608 -0400
>@@ -112,7 +112,7 @@
> 					/* If true, permit jpake auth */
> 	int     permit_empty_passwd;	/* If false, do not permit empty
> 					 * passwords. */
>-	int     permit_user_env;	/* If true, read ~/.ssh/environment */
>+	char   *permit_user_env;	/* If true or string, read ~/.ssh/environment */
> 	int     use_login;	/* If true, login(1) is used */
> 	int     compression;	/* If true, compression is allowed */
> 	int	allow_tcp_forwarding;
>diff -u openssh-5.9p1/session.c openssh-5.9p1-patched/session.c
>--- openssh-5.9p1/session.c	2011-05-19 21:23:10.000000000 -0400
>+++ openssh-5.9p1-patched/session.c	2011-09-06 16:37:44.234674608 -0400
>@@ -999,10 +999,12 @@
>  * into the environment.  If the file does not exist, this does nothing.
>  * Otherwise, it must consist of empty lines, comments (line starts with '#')
>  * and assignments of the form name=value.  No other forms are allowed.
>+ * If prefix is present, only adds/overrides the subset of variables whose
>+ * names start with prefix (case-insensitive).
>  */
> static void
> read_environment_file(char ***env, u_int *envsize,
>-	const char *filename)
>+	const char *filename, char *prefix)
> {
> 	FILE *f;
> 	char buf[4096];
>@@ -1035,11 +1037,13 @@
> 		 */
> 		*value = '\0';
> 		value++;
>-		child_set_env(env, envsize, cp, value);
>+		if (prefix == NULL || strncasecmp(cp, prefix, strlen(prefix)) == 0)
>+			child_set_env(env, envsize, cp, value);
> 	}
> 	fclose(f);
> }
> 
>+
> #ifdef HAVE_ETC_DEFAULT_LOGIN
> /*
>  * Return named variable from specified environment, or NULL if not present.
>@@ -1073,7 +1077,7 @@
> 	 * so we use a temporary environment and copy the variables we're
> 	 * interested in.
> 	 */
>-	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");
>+	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", NULL);
> 
> 	if (tmpenv == NULL)
> 		return;
>@@ -1265,7 +1269,7 @@
> 
> 		if ((cp = getenv("AUTHSTATE")) != NULL)
> 			child_set_env(&env, &envsize, "AUTHSTATE", cp);
>-		read_environment_file(&env, &envsize, "/etc/environment");
>+		read_environment_file(&env, &envsize, "/etc/environment", NULL);
> 	}
> #endif
> #ifdef KRB5
>@@ -1296,10 +1300,15 @@
> 		    auth_sock_name);
> 
> 	/* read $HOME/.ssh/environment. */
>-	if (options.permit_user_env && !options.use_login) {
>+
>+	if (options.permit_user_env && !options.use_login) { 
>+		
> 		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
> 		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
>-		read_environment_file(&env, &envsize, buf);
>+		if (strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0)
>+			read_environment_file(&env, &envsize, buf, NULL);
>+		else
>+			read_environment_file(&env, &envsize, buf, options.permit_user_env);
> 	}
> 	if (debug_flag) {
> 		/* dump the environment */
>diff -u openssh-5.9p1/sshd_config.5 openssh-5.9p1-patched/sshd_config.5
>--- openssh-5.9p1/sshd_config.5	2011-08-05 16:17:33.000000000 -0400
>+++ openssh-5.9p1-patched/sshd_config.5	2011-09-06 16:37:44.234674608 -0400
>@@ -856,9 +856,15 @@
> .Pa ~/.ssh/authorized_keys
> are processed by
> .Xr sshd 8 .
>+Arguments may be 
>+.Dq yes ,
>+.Dq no ,
>+or a single-word prefix for permitted user environment variables.
> The default is
> .Dq no .
>-Enabling environment processing may enable users to bypass access
>+Enabling environment processing with 
>+.Dq yes
>+is not recommended because it may enable users to bypass access
> restrictions in some configurations using mechanisms such as
> .Ev LD_PRELOAD .
> .It Cm PidFile
>diff -u openssh-5.9p1/version.h openssh-5.9p1-patched/version.h

Actions: View | Diff

Attachments on bug 1800: 1901 | 1903 | 2017 | 2098 | 2113 | 3012 | 3013