Bugzilla – Attachment 620 Details for
Bug 815
RFE: sshd should be able to set environment variables defined by the client
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Revised environment passing diff
envpass.diff (text/plain), 14.16 KB, created by
Damien Miller
on 2004-04-27 12:28:38 AEST
(
hide
)
Description:
Revised environment passing diff
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2004-04-27 12:28:38 AEST
Size:
14.16 KB
patch
obsolete
>Hi, > >Here is the updated diff. Changes: > >- Manpages >- s/AllowEnv/AcceptEnv/ in sshd_config, so hopefully people won't expect a > symmetric DenyEnv (like the other Allow options) >- Regress test >- Passed env vars get added only if !use_login > >Index: usr.bin/ssh/readconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.c,v >retrieving revision 1.129 >diff -u -r1.129 readconf.c >--- usr.bin/ssh/readconf.c 18 Apr 2004 23:10:26 -0000 1.129 >+++ usr.bin/ssh/readconf.c 27 Apr 2004 02:11:05 -0000 >@@ -106,6 +106,7 @@ > oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, > oAddressFamily, oGssAuthentication, oGssDelegateCreds, > oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, >+ oSendEnv, > oDeprecated, oUnsupported > } OpCodes; > >@@ -193,6 +194,7 @@ > { "addressfamily", oAddressFamily }, > { "serveraliveinterval", oServerAliveInterval }, > { "serveralivecountmax", oServerAliveCountMax }, >+ { "sendenv", oSendEnv }, > { NULL, oBadOption } > }; > >@@ -747,6 +749,19 @@ > intptr = &options->server_alive_count_max; > goto parse_int; > >+ case oSendEnv: >+ while ((arg = strdelim(&s)) != NULL && *arg != '\0') { >+ if (strchr(arg, '=') != NULL) >+ fatal("%s line %d: Invalid environment name.", >+ filename, linenum); >+ if (options->num_send_env >= MAX_SEND_ENV) >+ fatal("%s line %d: too many send env.", >+ filename, linenum); >+ options->send_env[options->num_send_env++] = >+ xstrdup(arg); >+ } >+ break; >+ > case oDeprecated: > debug("%s line %d: Deprecated option \"%s\"", > filename, linenum, keyword); >@@ -892,6 +907,7 @@ > options->verify_host_key_dns = -1; > options->server_alive_interval = -1; > options->server_alive_count_max = -1; >+ options->num_send_env = 0; > } > > /* >Index: usr.bin/ssh/readconf.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.h,v >retrieving revision 1.61 >diff -u -r1.61 readconf.h >--- usr.bin/ssh/readconf.h 18 Apr 2004 23:10:26 -0000 1.61 >+++ usr.bin/ssh/readconf.h 27 Apr 2004 02:11:05 -0000 >@@ -27,6 +27,8 @@ > } Forward; > /* Data structure for representing option data. */ > >+#define MAX_SEND_ENV 256 >+ > typedef struct { > int forward_agent; /* Forward authentication agent. */ > int forward_x11; /* Forward X11 display. */ >@@ -103,6 +105,9 @@ > int identities_only; > int server_alive_interval; > int server_alive_count_max; >+ >+ int num_send_env; >+ char *send_env[MAX_SEND_ENV]; > } Options; > > >Index: usr.bin/ssh/servconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/servconf.c,v >retrieving revision 1.130 >diff -u -r1.130 servconf.c >--- usr.bin/ssh/servconf.c 23 Dec 2003 16:12:10 -0000 1.130 >+++ usr.bin/ssh/servconf.c 27 Apr 2004 02:11:06 -0000 >@@ -96,6 +96,7 @@ > options->client_alive_count_max = -1; > options->authorized_keys_file = NULL; > options->authorized_keys_file2 = NULL; >+ options->num_accept_env = 0; > > /* Needs to be accessable in many places */ > use_privsep = -1; >@@ -243,7 +244,7 @@ > sBanner, sUseDNS, sHostbasedAuthentication, > sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, > sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, >- sGssAuthentication, sGssCleanupCreds, >+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, > sUsePrivilegeSeparation, > sDeprecated, sUnsupported > } ServerOpCodes; >@@ -331,6 +332,7 @@ > { "authorizedkeysfile", sAuthorizedKeysFile }, > { "authorizedkeysfile2", sAuthorizedKeysFile2 }, > { "useprivilegeseparation", sUsePrivilegeSeparation}, >+ { "acceptenv", sAcceptEnv }, > { NULL, sBadOption } > }; > >@@ -850,6 +852,19 @@ > case sClientAliveCountMax: > intptr = &options->client_alive_count_max; > goto parse_int; >+ >+ case sAcceptEnv: >+ while ((arg = strdelim(&cp)) && *arg != '\0') { >+ if (strchr(arg, '=') != NULL) >+ fatal("%s line %d: Invalid environment name.", >+ filename, linenum); >+ if (options->num_accept_env >= MAX_ACCEPT_ENV) >+ fatal("%s line %d: too many allow env.", >+ filename, linenum); >+ options->accept_env[options->num_accept_env++] = >+ xstrdup(arg); >+ } >+ break; > > case sDeprecated: > logit("%s line %d: Deprecated option %s", >Index: usr.bin/ssh/servconf.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/servconf.h,v >retrieving revision 1.67 >diff -u -r1.67 servconf.h >--- usr.bin/ssh/servconf.h 23 Dec 2003 16:12:10 -0000 1.67 >+++ usr.bin/ssh/servconf.h 27 Apr 2004 02:11:06 -0000 >@@ -24,6 +24,7 @@ > #define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ > #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ > #define MAX_HOSTKEYS 256 /* Max # hostkeys. */ >+#define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ > > /* permit_root_login */ > #define PERMIT_NOT_SET -1 >@@ -106,6 +107,9 @@ > u_int num_subsystems; > char *subsystem_name[MAX_SUBSYSTEMS]; > char *subsystem_command[MAX_SUBSYSTEMS]; >+ >+ u_int num_accept_env; >+ char *accept_env[MAX_ACCEPT_ENV]; > > int max_startups_begin; > int max_startups_rate; >Index: usr.bin/ssh/session.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/session.c,v >retrieving revision 1.172 >diff -u -r1.172 session.c >--- usr.bin/ssh/session.c 30 Jan 2004 09:48:57 -0000 1.172 >+++ usr.bin/ssh/session.c 27 Apr 2004 02:11:07 -0000 >@@ -42,6 +42,7 @@ > #include "sshpty.h" > #include "packet.h" > #include "buffer.h" >+#include "match.h" > #include "mpaux.h" > #include "uidswap.h" > #include "compat.h" >@@ -793,6 +794,10 @@ > > if (!options.use_login) { > /* Set basic environment. */ >+ for (i = 0; i < s->num_env; i++) >+ child_set_env(&env, &envsize, s->env[i].name, >+ s->env[i].val); >+ > child_set_env(&env, &envsize, "USER", pw->pw_name); > child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); > child_set_env(&env, &envsize, "HOME", pw->pw_dir); >@@ -1514,6 +1519,41 @@ > } > > static int >+session_env_req(Session *s) >+{ >+ char *name, *val; >+ u_int name_len, val_len, i; >+ >+ name = packet_get_string(&name_len); >+ val = packet_get_string(&val_len); >+ packet_check_eom(); >+ >+ /* Don't set too many environment variables */ >+ if (s->num_env > 128) { >+ debug2("Ignoring env request %s: too many env vars", name); >+ goto fail; >+ } >+ >+ for (i = 0; i < options.num_accept_env; i++) { >+ if (match_pattern(name, options.accept_env[i])) { >+ debug2("Setting env %d: %s=%s", s->num_env, name, val); >+ s->env = xrealloc(s->env, sizeof(*s->env) * >+ (s->num_env + 1)); >+ s->env[s->num_env].name = name; >+ s->env[s->num_env].val = val; >+ s->num_env++; >+ return (1); >+ } >+ } >+ debug2("Ignoring env request %s: disallowed name", name); >+ >+ fail: >+ xfree(name); >+ xfree(val); >+ return (0); >+} >+ >+static int > session_auth_agent_req(Session *s) > { > static int called = 0; >@@ -1562,6 +1602,8 @@ > success = session_subsystem_req(s); > } else if (strcmp(rtype, "break") == 0) { > success = session_break_req(s); >+ } else if (strcmp(rtype, "env") == 0) { >+ success = session_env_req(s); > } > } > if (strcmp(rtype, "window-change") == 0) { >@@ -1695,6 +1737,8 @@ > void > session_close(Session *s) > { >+ int i; >+ > debug("session_close: session %d pid %ld", s->self, (long)s->pid); > if (s->ttyfd != -1) > session_pty_cleanup(s); >@@ -1709,6 +1753,12 @@ > if (s->auth_proto) > xfree(s->auth_proto); > s->used = 0; >+ for (i = 0; i < s->num_env; i++) { >+ xfree(s->env[i].name); >+ xfree(s->env[i].val); >+ } >+ if (s->env != NULL) >+ xfree(s->env); > session_proctitle(s); > } > >Index: usr.bin/ssh/session.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/session.h,v >retrieving revision 1.21 >diff -u -r1.21 session.h >--- usr.bin/ssh/session.h 23 Sep 2003 20:17:11 -0000 1.21 >+++ usr.bin/ssh/session.h 27 Apr 2004 02:11:07 -0000 >@@ -53,6 +53,11 @@ > /* proto 2 */ > int chanid; > int is_subsystem; >+ int num_env; >+ struct { >+ char *name; >+ char *val; >+ } *env; > }; > > void do_authenticated(Authctxt *); >Index: usr.bin/ssh/ssh.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.c,v >retrieving revision 1.211 >diff -u -r1.211 ssh.c >--- usr.bin/ssh/ssh.c 19 Apr 2004 21:51:49 -0000 1.211 >+++ usr.bin/ssh/ssh.c 27 Apr 2004 02:11:08 -0000 >@@ -68,6 +68,7 @@ > #include "kex.h" > #include "mac.h" > #include "sshtty.h" >+#include "match.h" > > #ifdef SMARTCARD > #include "scard.h" >@@ -1040,6 +1041,44 @@ > debug("Requesting authentication agent forwarding."); > channel_request_start(id, "auth-agent-req@openssh.com", 0); > packet_send(); >+ } >+ >+ /* Transfer any environment variables from client to server */ >+ if (options.num_send_env != 0) { >+ int i, j, matched; >+ extern char **environ; >+ char *name, *val; >+ >+ debug("Sending environment."); >+ for (i = 0; environ && environ[i] != NULL; i++) { >+ /* Split */ >+ name = xstrdup(environ[i]); >+ if ((val = strchr(name, '=')) == NULL) { >+ free(name); >+ continue; >+ } >+ *val++ = '\0'; >+ >+ matched = 0; >+ for (j = 0; j < options.num_send_env; j++) { >+ if (match_pattern(name, options.send_env[j])) { >+ matched = 1; >+ break; >+ } >+ } >+ if (!matched) { >+ debug3("Ignored env %s", name); >+ free(name); >+ continue; >+ } >+ >+ debug("Sending env %s = %s", name, val); >+ channel_request_start(id, "env", 0); >+ packet_put_cstring(name); >+ packet_put_cstring(val); >+ packet_send(); >+ free(name); >+ } > } > > len = buffer_len(&command); >Index: usr.bin/ssh/ssh_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v >retrieving revision 1.31 >diff -u -r1.31 ssh_config.5 >--- usr.bin/ssh/ssh_config.5 19 Apr 2004 16:12:14 -0000 1.31 >+++ usr.bin/ssh/ssh_config.5 27 Apr 2004 02:11:08 -0000 >@@ -570,6 +570,27 @@ > The default is > .Dq yes . > Note that this option applies to protocol version 1 only. >+.It Cm SendEnv >+Specifies what variables from the local >+.Xr environ 7 >+should be sent to the server. >+Note that environment passing is only supported for protocol 2, the >+server must also support it and must be configured to accept these >+enviornment variables. >+Refer to >+.Cm AcceptEnv >+in >+.Xr sshd_config 5 >+for how to configure the server. >+Variables are specified by name, which may contain the wildcard characters >+.Ql \&* >+and >+.Ql \&? . >+Multiple environment variables may be seperated by whitespace or spread >+across multiple >+.Cm SendEnv >+directives. >+The default is not to send any environment variables. > .It Cm ServerAliveInterval > Sets a timeout interval in seconds after which if no data has been received > from the server, >Index: usr.bin/ssh/sshd_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v >retrieving revision 1.29 >diff -u -r1.29 sshd_config.5 >--- usr.bin/ssh/sshd_config.5 8 Mar 2004 10:18:57 -0000 1.29 >+++ usr.bin/ssh/sshd_config.5 27 Apr 2004 02:11:09 -0000 >@@ -61,6 +61,29 @@ > keywords and their meanings are as follows (note that > keywords are case-insensitive and arguments are case-sensitive): > .Bl -tag -width Ds >+.It Cm AcceptEnv >+Specifies what environment variables sent by the client will be copied into >+the session's >+.Xr environ 7 . >+See >+.Cm SendEnv >+in >+.Xr ssh_config 5 >+for how to configure the client. >+Note that environment passingis only supported for protocol 2. >+Variables are specified by name, which may contain the wildcard characters >+.Ql \&* >+and >+.Ql \&? . >+Multiple environment variables may be seperated by whitespace or spread >+across multiple >+.Cm AcceptEnv >+directives. >+Be warned that some enviornment variables could be used to bypass restricted >+user environments. >+For this reason, care should be taken in the use of this directive. >+The default is not to accept any environment variables. >+.Pp > .It Cm AllowGroups > This keyword can be followed by a list of group name patterns, separated > by spaces. >Index: regress/usr.bin/ssh/Makefile >=================================================================== >RCS file: /cvs/src/regress/usr.bin/ssh/Makefile,v >retrieving revision 1.27 >diff -u -r1.27 Makefile >--- regress/usr.bin/ssh/Makefile 17 Feb 2004 08:23:20 -0000 1.27 >+++ regress/usr.bin/ssh/Makefile 27 Apr 2004 02:11:09 -0000 >@@ -10,6 +10,7 @@ > proto-version \ > proto-mismatch \ > exit-status \ >+ envpass \ > transfer \ > banner \ > rekey \ >Index: regress/usr.bin/ssh/envpass.sh >=================================================================== >RCS file: regress/usr.bin/ssh/envpass.sh >diff -N regress/usr.bin/ssh/envpass.sh >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ regress/usr.bin/ssh/envpass.sh 27 Apr 2004 02:11:09 -0000 >@@ -0,0 +1,44 @@ >+# $OpenBSD$ >+# Placed in the Public Domain. >+ >+tid="environment passing" >+ >+# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST) >+ >+trace "pass env, don't accept" >+verbose "test $tid: pass env, don't accept" >+_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \ >+ '[ -z "$_TEST_ENV" ]' >+r=$? >+if [ $r -ne 0 ]; then >+ fail "environment found" >+fi >+ >+trace "don't pass env, accept" >+verbose "test $tid: don't pass env, accept" >+${SSH} -F $OBJ/ssh_proxy otherhost \ >+ '[ -z "$_XXX_TEST_A" -a -z "$_XXX_TEST_B" ]' >+r=$? >+if [ $r -ne 0 ]; then >+ fail "environment found" >+fi >+ >+trace "pass single env, accept single env" >+verbose "test $tid: pass single env, accept single env" >+_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \ >+ '[ "x$_XXX_TEST" = "xblah" ]' >+r=$? >+if [ $r -ne 0 ]; then >+ fail "environment not found" >+fi >+ >+trace "pass multiple env, accept multiple env" >+verbose "test $tid: pass multiple env, accept multiple env" >+_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \ >+ -F $OBJ/ssh_proxy otherhost \ >+ '[ "x$_XXX_TEST_A" = "x1" -a "x$_XXX_TEST_B" = "x2" ]' >+r=$? >+if [ $r -ne 0 ]; then >+ fail "environment not found" >+fi >+ >Index: regress/usr.bin/ssh/test-exec.sh >=================================================================== >RCS file: /cvs/src/regress/usr.bin/ssh/test-exec.sh,v >retrieving revision 1.15 >diff -u -r1.15 test-exec.sh >--- regress/usr.bin/ssh/test-exec.sh 24 Feb 2004 16:56:30 -0000 1.15 >+++ regress/usr.bin/ssh/test-exec.sh 27 Apr 2004 02:11:09 -0000 >@@ -130,6 +130,8 @@ > PidFile $PIDFILE > AuthorizedKeysFile $OBJ/authorized_keys_%u > LogLevel QUIET >+ AcceptEnv _XXX_TEST_* >+ AcceptEnv _XXX_TEST > EOF > > # server config for proxy connects
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=620">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 815
:
578
| 620