Attachment #1903 for bug #1800




				goto bad_option;
			}
			s[i] = '\0';
			
			if ( strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0 || 
			     strncasecmp(s, options.permit_user_env, strlen(options.permit_user_env)) == 0)
				{
			    
					auth_debug_add("Adding to environment: %.900s", s);

					debug("Adding to environment: %.900s (based on permitUserEnvironment=%.900s)", s, options.permit_user_env);
					new_envstring = xmalloc(sizeof(struct envstring));
					new_envstring->s = s;
					new_envstring->next = custom_environment;
					custom_environment = new_envstring;
				}
			
			opts++;
			new_envstring = xmalloc(sizeof(struct envstring));
			new_envstring->s = s;
			new_envstring->next = custom_environment;
			custom_environment = new_envstring;
			goto next_option;
		}
		cp = "from=\"";




	options->kbd_interactive_authentication = -1;
	options->challenge_response_authentication = -1;
	options->permit_empty_passwd = -1;
	options->permit_user_env = NULL;
	options->use_login = -1;
	options->compression = -1;
	options->allow_tcp_forwarding = -1;

		options->challenge_response_authentication = 1;
	if (options->permit_empty_passwd == -1)
		options->permit_empty_passwd = 0;
	if (options->permit_user_env == -1)
		options->permit_user_env = 0;
	if (options->use_login == -1)
		options->use_login = 0;
	if (options->compression == -1)

		intptr = &options->permit_empty_passwd;
		goto parse_flag;

        case sPermitUserEnvironment:
		arg = strdelim(&cp);
		if (!arg || *arg == '\0')
			fatal("%s line %d: missing yes/no/value argument.", 
			      filename, linenum);

		if (strcmp(arg, "no") == 0)
			return 0;
		else if (*activep && options->permit_user_env == NULL)
			options->permit_user_env = xstrdup(arg);
		return 0;
		
	case sUseLogin:
		intptr = &options->use_login;
		goto parse_flag;

	M_CP_STROPT(chroot_directory);
	M_CP_STROPT(trusted_user_ca_keys);
	M_CP_STROPT(revoked_keys_file);
	M_CP_STROPT(permit_user_env);
}

#undef M_CP_INTOPT

	dump_cfg_fmtint(sStrictModes, o->strict_modes);
	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
	dump_cfg_fmtint(sUseLogin, o->use_login);
	dump_cfg_fmtint(sCompression, o->compression);
	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);

	dump_cfg_string(sChrootDirectory, o->chroot_directory);
	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
	dump_cfg_string(sPermitUserEnvironment, o->permit_user_env);

	/* string arguments requiring a lookup */
	dump_cfg_string(sLogLevel, log_level_name(o->log_level));

Lines 103-109 Link Here

(-)openssh-5.5p1/servconf.h (-1 / +1 lines)
103	/* If true, permit jpake auth */	103	/* If true, permit jpake auth */
104	int permit_empty_passwd; /* If false, do not permit empty	104	int permit_empty_passwd; /* If false, do not permit empty
105	* passwords. */	105	* passwords. */
106	int permit_user_env; /* If true, read ~/.ssh/environment */	106	char permit_user_env; / If true or string, read ~/.ssh/environment */
107	int use_login; /* If true, login(1) is used */	107	int use_login; /* If true, login(1) is used */
108	int compression; /* If true, compression is allowed */	108	int compression; /* If true, compression is allowed */
109	int allow_tcp_forwarding;	109	int allow_tcp_forwarding;




 * into the environment.  If the file does not exist, this does nothing.
 * Otherwise, it must consist of empty lines, comments (line starts with '#')
 * and assignments of the form name=value.  No other forms are allowed.
 * If prefix is present, only adds/overrides the subset of variables whose
 * names start with prefix (case-insensitive).
 */
static void
read_environment_file(char ***env, u_int *envsize,
	const char *filename, char *prefix)
{
	FILE *f;
	char buf[4096];

		 */
		*value = '\0';
		value++;
		if (prefix == NULL || strncasecmp(cp, prefix, strlen(prefix)) == 0)
			child_set_env(env, envsize, cp, value);
	}
	fclose(f);
}


#ifdef HAVE_ETC_DEFAULT_LOGIN
/*
 * Return named variable from specified environment, or NULL if not present.

	 * so we use a temporary environment and copy the variables we're
	 * interested in.
	 */
	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", NULL);

	if (tmpenv == NULL)
		return;


		if ((cp = getenv("AUTHSTATE")) != NULL)
			child_set_env(&env, &envsize, "AUTHSTATE", cp);
		read_environment_file(&env, &envsize, "/etc/environment", NULL);
	}
#endif
#ifdef KRB5

		    auth_sock_name);

	/* read $HOME/.ssh/environment. */

	if (options.permit_user_env && !options.use_login) { 
		
		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
		if (strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0)
			read_environment_file(&env, &envsize, buf, NULL);
		else
			read_environment_file(&env, &envsize, buf, options.permit_user_env);
	}
	if (debug_flag) {
		/* dump the environment */

Lines 755-763 Link Here

(-)openssh-5.5p1/sshd_config.5 (-1 / +7 lines)
755	.Pa ~/.ssh/authorized_keys	755	.Pa ~/.ssh/authorized_keys
756	are processed by	756	are processed by
757	.Xr sshd 8 .	757	.Xr sshd 8 .
		758	Arguments may be
		759	.Dq yes ,
		760	.Dq no ,
		761	or a single-word prefix for permitted user environment variables.
758	The default is	762	The default is
759	.Dq no .	763	.Dq no .
760	Enabling environment processing may enable users to bypass access	764	Enabling environment processing with
		765	.Dq yes
		766	is not recommended because it may enable users to bypass access
761	restrictions in some configurations using mechanisms such as	767	restrictions in some configurations using mechanisms such as
762	.Ev LD_PRELOAD .	768	.Ev LD_PRELOAD .
763	.It Cm PidFile	769	.It Cm PidFile

Return to bug 1800

Lines 195-207 Link Here

(-)openssh-5.5p1/auth-options.c (-6 / +14 lines)
195	goto bad_option;	195	goto bad_option;
196	}	196	}
197	s[i] = '\0';	197	s[i] = '\0';
198	auth_debug_add("Adding to environment: %.900s", s);	198
199	debug("Adding to environment: %.900s", s);	199	if ( strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0 \|\|
		200	strncasecmp(s, options.permit_user_env, strlen(options.permit_user_env)) == 0)
		201	{
		202
		203	auth_debug_add("Adding to environment: %.900s", s);
		204
		205	debug("Adding to environment: %.900s (based on permitUserEnvironment=%.900s)", s, options.permit_user_env);
		206	new_envstring = xmalloc(sizeof(struct envstring));
		207	new_envstring->s = s;
		208	new_envstring->next = custom_environment;
		209	custom_environment = new_envstring;
		210	}
		211
200	opts++;	212	opts++;
201	new_envstring = xmalloc(sizeof(struct envstring));
202	new_envstring->s = s;
203	new_envstring->next = custom_environment;
204	custom_environment = new_envstring;
205	goto next_option;	213	goto next_option;
206	}	214	}
207	cp = "from=\"";	215	cp = "from=\"";

Lines 98-104 Link Here

(-)openssh-5.5p1/servconf.c (-7 / +14 lines)
98	options->kbd_interactive_authentication = -1;	98	options->kbd_interactive_authentication = -1;
99	options->challenge_response_authentication = -1;	99	options->challenge_response_authentication = -1;
100	options->permit_empty_passwd = -1;	100	options->permit_empty_passwd = -1;
101	options->permit_user_env = -1;	101	options->permit_user_env = NULL;
102	options->use_login = -1;	102	options->use_login = -1;
103	options->compression = -1;	103	options->compression = -1;
104	options->allow_tcp_forwarding = -1;	104	options->allow_tcp_forwarding = -1;
Lines 224-231 Link Here
224	options->challenge_response_authentication = 1;	224	options->challenge_response_authentication = 1;
225	if (options->permit_empty_passwd == -1)	225	if (options->permit_empty_passwd == -1)
226	options->permit_empty_passwd = 0;	226	options->permit_empty_passwd = 0;
227	if (options->permit_user_env == -1)
228	options->permit_user_env = 0;
229	if (options->use_login == -1)	227	if (options->use_login == -1)
230	options->use_login = 0;	228	options->use_login = 0;
231	if (options->compression == -1)	229	if (options->compression == -1)
Lines 980-989 Link Here
980	intptr = &options->permit_empty_passwd;	978	intptr = &options->permit_empty_passwd;
981	goto parse_flag;	979	goto parse_flag;
982		980
983	case sPermitUserEnvironment:	981	case sPermitUserEnvironment:
984	intptr = &options->permit_user_env;	982	arg = strdelim(&cp);
985	goto parse_flag;	983	if (!arg \|\| *arg == '\0')
		984	fatal("%s line %d: missing yes/no/value argument.",
		985	filename, linenum);
986		986
		987	if (strcmp(arg, "no") == 0)
		988	return 0;
		989	else if (*activep && options->permit_user_env == NULL)
		990	options->permit_user_env = xstrdup(arg);
		991	return 0;
		992
987	case sUseLogin:	993	case sUseLogin:
988	intptr = &options->use_login;	994	intptr = &options->use_login;
989	goto parse_flag;	995	goto parse_flag;
Lines 1461-1466 Link Here
1461	M_CP_STROPT(chroot_directory);	1467	M_CP_STROPT(chroot_directory);
1462	M_CP_STROPT(trusted_user_ca_keys);	1468	M_CP_STROPT(trusted_user_ca_keys);
1463	M_CP_STROPT(revoked_keys_file);	1469	M_CP_STROPT(revoked_keys_file);
		1470	M_CP_STROPT(permit_user_env);
1464	}	1471	}
1465		1472
1466	#undef M_CP_INTOPT	1473	#undef M_CP_INTOPT
Lines 1662-1668 Link Here
1662	dump_cfg_fmtint(sStrictModes, o->strict_modes);	1669	dump_cfg_fmtint(sStrictModes, o->strict_modes);
1663	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);	1670	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
1664	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);	1671	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
1665	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
1666	dump_cfg_fmtint(sUseLogin, o->use_login);	1672	dump_cfg_fmtint(sUseLogin, o->use_login);
1667	dump_cfg_fmtint(sCompression, o->compression);	1673	dump_cfg_fmtint(sCompression, o->compression);
1668	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);	1674	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
Lines 1682-1687 Link Here
1682	dump_cfg_string(sChrootDirectory, o->chroot_directory);	1688	dump_cfg_string(sChrootDirectory, o->chroot_directory);
1683	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);	1689	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
1684	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);	1690	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
		1691	dump_cfg_string(sPermitUserEnvironment, o->permit_user_env);
1685		1692
1686	/* string arguments requiring a lookup */	1693	/* string arguments requiring a lookup */
1687	dump_cfg_string(sLogLevel, log_level_name(o->log_level));	1694	dump_cfg_string(sLogLevel, log_level_name(o->log_level));

Lines 992-1001 Link Here

(-)openssh-5.5p1/session.c (-6 / +15 lines)
992	* into the environment. If the file does not exist, this does nothing.	992	* into the environment. If the file does not exist, this does nothing.
993	* Otherwise, it must consist of empty lines, comments (line starts with '#')	993	* Otherwise, it must consist of empty lines, comments (line starts with '#')
994	* and assignments of the form name=value. No other forms are allowed.	994	* and assignments of the form name=value. No other forms are allowed.
		995	* If prefix is present, only adds/overrides the subset of variables whose
		996	* names start with prefix (case-insensitive).
995	*/	997	*/
996	static void	998	static void
997	read_environment_file(char **env, u_int envsize,	999	read_environment_file(char **env, u_int envsize,
998	const char *filename)	1000	const char filename, char prefix)
999	{	1001	{
1000	FILE *f;	1002	FILE *f;
1001	char buf[4096];	1003	char buf[4096];
Lines 1028-1038 Link Here
1028	*/	1030	*/
1029	*value = '\0';	1031	*value = '\0';
1030	value++;	1032	value++;
1031	child_set_env(env, envsize, cp, value);	1033	if (prefix == NULL \|\| strncasecmp(cp, prefix, strlen(prefix)) == 0)
		1034	child_set_env(env, envsize, cp, value);
1032	}	1035	}
1033	fclose(f);	1036	fclose(f);
1034	}	1037	}
1035		1038
		1039
1036	#ifdef HAVE_ETC_DEFAULT_LOGIN	1040	#ifdef HAVE_ETC_DEFAULT_LOGIN
1037	/*	1041	/*
1038	* Return named variable from specified environment, or NULL if not present.	1042	* Return named variable from specified environment, or NULL if not present.
Lines 1066-1072 Link Here
1066	* so we use a temporary environment and copy the variables we're	1070	* so we use a temporary environment and copy the variables we're
1067	* interested in.	1071	* interested in.
1068	*/	1072	*/
1069	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");	1073	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", NULL);
1070		1074
1071	if (tmpenv == NULL)	1075	if (tmpenv == NULL)
1072	return;	1076	return;
Lines 1258-1264 Link Here
1258		1262
1259	if ((cp = getenv("AUTHSTATE")) != NULL)	1263	if ((cp = getenv("AUTHSTATE")) != NULL)
1260	child_set_env(&env, &envsize, "AUTHSTATE", cp);	1264	child_set_env(&env, &envsize, "AUTHSTATE", cp);
1261	read_environment_file(&env, &envsize, "/etc/environment");	1265	read_environment_file(&env, &envsize, "/etc/environment", NULL);
1262	}	1266	}
1263	#endif	1267	#endif
1264	#ifdef KRB5	1268	#ifdef KRB5
Lines 1289-1298 Link Here
1289	auth_sock_name);	1293	auth_sock_name);
1290		1294
1291	/* read $HOME/.ssh/environment. */	1295	/* read $HOME/.ssh/environment. */
1292	if (options.permit_user_env && !options.use_login) {	1296
		1297	if (options.permit_user_env && !options.use_login) {
		1298
1293	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",	1299	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
1294	strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");	1300	strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
1295	read_environment_file(&env, &envsize, buf);	1301	if (strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0)
		1302	read_environment_file(&env, &envsize, buf, NULL);
		1303	else
		1304	read_environment_file(&env, &envsize, buf, options.permit_user_env);
1296	}	1305	}
1297	if (debug_flag) {	1306	if (debug_flag) {
1298	/* dump the environment */	1307	/* dump the environment */