Attachment #2098 for bug #1800




				goto bad_option;
			}
			s[i] = '\0';
			
			if ( strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0 || 
			     strncasecmp(s, options.permit_user_env, strlen(options.permit_user_env)) == 0)
				{
			    
					auth_debug_add("Adding to environment: %.900s", s);

					debug("Adding to environment: %.900s (based on permitUserEnvironment=%.900s)", s, options.permit_user_env);
					new_envstring = xmalloc(sizeof(struct envstring));
					new_envstring->s = s;
					new_envstring->next = custom_environment;
					custom_environment = new_envstring;
				}
			
			opts++;
			new_envstring = xmalloc(sizeof(struct envstring));
			new_envstring->s = s;
			new_envstring->next = custom_environment;
			custom_environment = new_envstring;
			goto next_option;
		}
		cp = "from=\"";




	options->kbd_interactive_authentication = -1;
	options->challenge_response_authentication = -1;
	options->permit_empty_passwd = -1;
	options->permit_user_env = NULL;
	options->use_login = -1;
	options->compression = -1;
	options->allow_tcp_forwarding = -1;

		options->challenge_response_authentication = 1;
	if (options->permit_empty_passwd == -1)
		options->permit_empty_passwd = 0;
	if (options->permit_user_env == -1)
		options->permit_user_env = 0;
	if (options->use_login == -1)
		options->use_login = 0;
	if (options->compression == -1)

		intptr = &options->permit_empty_passwd;
		goto parse_flag;

        case sPermitUserEnvironment:
		arg = strdelim(&cp);
		if (!arg || *arg == '\0')
			fatal("%s line %d: missing yes/no/value argument.", 
			      filename, linenum);

		if (strcmp(arg, "no") == 0)
			return 0;
		else if (*activep && options->permit_user_env == NULL)
			options->permit_user_env = xstrdup(arg);
		return 0;
		
	case sUseLogin:
		intptr = &options->use_login;
		goto parse_flag;


	M_CP_STROPT(adm_forced_command);
	M_CP_STROPT(chroot_directory);
	M_CP_STROPT(permit_user_env);
}

#undef M_CP_INTOPT

	dump_cfg_fmtint(sStrictModes, o->strict_modes);
	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
	dump_cfg_fmtint(sUseLogin, o->use_login);
	dump_cfg_fmtint(sCompression, o->compression);
	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);

	dump_cfg_string(sChrootDirectory, o->chroot_directory);
	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
	dump_cfg_string(sPermitUserEnvironment, o->permit_user_env);
	dump_cfg_string(sAuthorizedPrincipalsFile,
	    o->authorized_principals_file);


Lines 112-118 Link Here

(-)openssh-5.9p1/servconf.h (-1 / +1 lines)
112	/* If true, permit jpake auth */	112	/* If true, permit jpake auth */
113	int permit_empty_passwd; /* If false, do not permit empty	113	int permit_empty_passwd; /* If false, do not permit empty
114	* passwords. */	114	* passwords. */
115	int permit_user_env; /* If true, read ~/.ssh/environment */	115	char permit_user_env; / If true or string, read ~/.ssh/environment */
116	int use_login; /* If true, login(1) is used */	116	int use_login; /* If true, login(1) is used */
117	int compression; /* If true, compression is allowed */	117	int compression; /* If true, compression is allowed */
118	int allow_tcp_forwarding;	118	int allow_tcp_forwarding;




 * into the environment.  If the file does not exist, this does nothing.
 * Otherwise, it must consist of empty lines, comments (line starts with '#')
 * and assignments of the form name=value.  No other forms are allowed.
 * If prefix is present, only adds/overrides the subset of variables whose
 * names start with prefix (case-insensitive).
 */
static void
read_environment_file(char ***env, u_int *envsize,
	const char *filename, char *prefix)
{
	FILE *f;
	char buf[4096];

		 */
		*value = '\0';
		value++;
		if (prefix == NULL || strncasecmp(cp, prefix, strlen(prefix)) == 0)
			child_set_env(env, envsize, cp, value);
	}
	fclose(f);
}


#ifdef HAVE_ETC_DEFAULT_LOGIN
/*
 * Return named variable from specified environment, or NULL if not present.

	 * so we use a temporary environment and copy the variables we're
	 * interested in.
	 */
	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", NULL);

	if (tmpenv == NULL)
		return;


		if ((cp = getenv("AUTHSTATE")) != NULL)
			child_set_env(&env, &envsize, "AUTHSTATE", cp);
		read_environment_file(&env, &envsize, "/etc/environment", NULL);
	}
#endif
#ifdef KRB5

		    auth_sock_name);

	/* read $HOME/.ssh/environment. */

	if (options.permit_user_env && !options.use_login) { 
		
		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
		if (strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0)
			read_environment_file(&env, &envsize, buf, NULL);
		else
			read_environment_file(&env, &envsize, buf, options.permit_user_env);
	}
	if (debug_flag) {
		/* dump the environment */

Lines 856-864 Link Here

(-)openssh-5.9p1/sshd_config.5 (-1 / +7 lines)
856	.Pa ~/.ssh/authorized_keys	856	.Pa ~/.ssh/authorized_keys
857	are processed by	857	are processed by
858	.Xr sshd 8 .	858	.Xr sshd 8 .
		859	Arguments may be
		860	.Dq yes ,
		861	.Dq no ,
		862	or a single-word prefix for permitted user environment variables.
859	The default is	863	The default is
860	.Dq no .	864	.Dq no .
861	Enabling environment processing may enable users to bypass access	865	Enabling environment processing with
		866	.Dq yes
		867	is not recommended because it may enable users to bypass access
862	restrictions in some configurations using mechanisms such as	868	restrictions in some configurations using mechanisms such as
863	.Ev LD_PRELOAD .	869	.Ev LD_PRELOAD .
864	.It Cm PidFile	870	.It Cm PidFile

Return to bug 1800

Lines 236-248 Link Here

(-)openssh-5.9p1/auth-options.c (-6 / +14 lines)
236	goto bad_option;	236	goto bad_option;
237	}	237	}
238	s[i] = '\0';	238	s[i] = '\0';
239	auth_debug_add("Adding to environment: %.900s", s);	239
240	debug("Adding to environment: %.900s", s);	240	if ( strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0 \|\|
		241	strncasecmp(s, options.permit_user_env, strlen(options.permit_user_env)) == 0)
		242	{
		243
		244	auth_debug_add("Adding to environment: %.900s", s);
		245
		246	debug("Adding to environment: %.900s (based on permitUserEnvironment=%.900s)", s, options.permit_user_env);
		247	new_envstring = xmalloc(sizeof(struct envstring));
		248	new_envstring->s = s;
		249	new_envstring->next = custom_environment;
		250	custom_environment = new_envstring;
		251	}
		252
241	opts++;	253	opts++;
242	new_envstring = xmalloc(sizeof(struct envstring));
243	new_envstring->s = s;
244	new_envstring->next = custom_environment;
245	custom_environment = new_envstring;
246	goto next_option;	254	goto next_option;
247	}	255	}
248	cp = "from=\"";	256	cp = "from=\"";

Lines 102-108 Link Here

(-)openssh-5.9p1/servconf.c (-7 / +14 lines)
102	options->kbd_interactive_authentication = -1;	102	options->kbd_interactive_authentication = -1;
103	options->challenge_response_authentication = -1;	103	options->challenge_response_authentication = -1;
104	options->permit_empty_passwd = -1;	104	options->permit_empty_passwd = -1;
105	options->permit_user_env = -1;	105	options->permit_user_env = NULL;
106	options->use_login = -1;	106	options->use_login = -1;
107	options->compression = -1;	107	options->compression = -1;
108	options->allow_tcp_forwarding = -1;	108	options->allow_tcp_forwarding = -1;
Lines 235-242 Link Here
235	options->challenge_response_authentication = 1;	235	options->challenge_response_authentication = 1;
236	if (options->permit_empty_passwd == -1)	236	if (options->permit_empty_passwd == -1)
237	options->permit_empty_passwd = 0;	237	options->permit_empty_passwd = 0;
238	if (options->permit_user_env == -1)
239	options->permit_user_env = 0;
240	if (options->use_login == -1)	238	if (options->use_login == -1)
241	options->use_login = 0;	239	options->use_login = 0;
242	if (options->compression == -1)	240	if (options->compression == -1)
Lines 1018-1027 Link Here
1018	intptr = &options->permit_empty_passwd;	1016	intptr = &options->permit_empty_passwd;
1019	goto parse_flag;	1017	goto parse_flag;
1020		1018
1021	case sPermitUserEnvironment:	1019	case sPermitUserEnvironment:
1022	intptr = &options->permit_user_env;	1020	arg = strdelim(&cp);
1023	goto parse_flag;	1021	if (!arg \|\| *arg == '\0')
		1022	fatal("%s line %d: missing yes/no/value argument.",
		1023	filename, linenum);
1024		1024
		1025	if (strcmp(arg, "no") == 0)
		1026	return 0;
		1027	else if (*activep && options->permit_user_env == NULL)
		1028	options->permit_user_env = xstrdup(arg);
		1029	return 0;
		1030
1025	case sUseLogin:	1031	case sUseLogin:
1026	intptr = &options->use_login;	1032	intptr = &options->use_login;
1027	goto parse_flag;	1033	goto parse_flag;
Lines 1526-1531 Link Here
1526		1532
1527	M_CP_STROPT(adm_forced_command);	1533	M_CP_STROPT(adm_forced_command);
1528	M_CP_STROPT(chroot_directory);	1534	M_CP_STROPT(chroot_directory);
		1535	M_CP_STROPT(permit_user_env);
1529	}	1536	}
1530		1537
1531	#undef M_CP_INTOPT	1538	#undef M_CP_INTOPT
Lines 1738-1744 Link Here
1738	dump_cfg_fmtint(sStrictModes, o->strict_modes);	1745	dump_cfg_fmtint(sStrictModes, o->strict_modes);
1739	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);	1746	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
1740	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);	1747	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
1741	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
1742	dump_cfg_fmtint(sUseLogin, o->use_login);	1748	dump_cfg_fmtint(sUseLogin, o->use_login);
1743	dump_cfg_fmtint(sCompression, o->compression);	1749	dump_cfg_fmtint(sCompression, o->compression);
1744	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);	1750	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
Lines 1756-1761 Link Here
1756	dump_cfg_string(sChrootDirectory, o->chroot_directory);	1762	dump_cfg_string(sChrootDirectory, o->chroot_directory);
1757	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);	1763	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
1758	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);	1764	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
		1765	dump_cfg_string(sPermitUserEnvironment, o->permit_user_env);
1759	dump_cfg_string(sAuthorizedPrincipalsFile,	1766	dump_cfg_string(sAuthorizedPrincipalsFile,
1760	o->authorized_principals_file);	1767	o->authorized_principals_file);
1761		1768

Lines 999-1008 Link Here

(-)openssh-5.9p1/session.c (-6 / +15 lines)
999	* into the environment. If the file does not exist, this does nothing.	999	* into the environment. If the file does not exist, this does nothing.
1000	* Otherwise, it must consist of empty lines, comments (line starts with '#')	1000	* Otherwise, it must consist of empty lines, comments (line starts with '#')
1001	* and assignments of the form name=value. No other forms are allowed.	1001	* and assignments of the form name=value. No other forms are allowed.
		1002	* If prefix is present, only adds/overrides the subset of variables whose
		1003	* names start with prefix (case-insensitive).
1002	*/	1004	*/
1003	static void	1005	static void
1004	read_environment_file(char **env, u_int envsize,	1006	read_environment_file(char **env, u_int envsize,
1005	const char *filename)	1007	const char filename, char prefix)
1006	{	1008	{
1007	FILE *f;	1009	FILE *f;
1008	char buf[4096];	1010	char buf[4096];
Lines 1035-1045 Link Here
1035	*/	1037	*/
1036	*value = '\0';	1038	*value = '\0';
1037	value++;	1039	value++;
1038	child_set_env(env, envsize, cp, value);	1040	if (prefix == NULL \|\| strncasecmp(cp, prefix, strlen(prefix)) == 0)
		1041	child_set_env(env, envsize, cp, value);
1039	}	1042	}
1040	fclose(f);	1043	fclose(f);
1041	}	1044	}
1042		1045
		1046
1043	#ifdef HAVE_ETC_DEFAULT_LOGIN	1047	#ifdef HAVE_ETC_DEFAULT_LOGIN
1044	/*	1048	/*
1045	* Return named variable from specified environment, or NULL if not present.	1049	* Return named variable from specified environment, or NULL if not present.
Lines 1073-1079 Link Here
1073	* so we use a temporary environment and copy the variables we're	1077	* so we use a temporary environment and copy the variables we're
1074	* interested in.	1078	* interested in.
1075	*/	1079	*/
1076	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");	1080	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", NULL);
1077		1081
1078	if (tmpenv == NULL)	1082	if (tmpenv == NULL)
1079	return;	1083	return;
Lines 1265-1271 Link Here
1265		1269
1266	if ((cp = getenv("AUTHSTATE")) != NULL)	1270	if ((cp = getenv("AUTHSTATE")) != NULL)
1267	child_set_env(&env, &envsize, "AUTHSTATE", cp);	1271	child_set_env(&env, &envsize, "AUTHSTATE", cp);
1268	read_environment_file(&env, &envsize, "/etc/environment");	1272	read_environment_file(&env, &envsize, "/etc/environment", NULL);
1269	}	1273	}
1270	#endif	1274	#endif
1271	#ifdef KRB5	1275	#ifdef KRB5
Lines 1296-1305 Link Here
1296	auth_sock_name);	1300	auth_sock_name);
1297		1301
1298	/* read $HOME/.ssh/environment. */	1302	/* read $HOME/.ssh/environment. */
1299	if (options.permit_user_env && !options.use_login) {	1303
		1304	if (options.permit_user_env && !options.use_login) {
		1305
1300	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",	1306	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
1301	strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");	1307	strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
1302	read_environment_file(&env, &envsize, buf);	1308	if (strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0)
		1309	read_environment_file(&env, &envsize, buf, NULL);
		1310	else
		1311	read_environment_file(&env, &envsize, buf, options.permit_user_env);
1303	}	1312	}
1304	if (debug_flag) {	1313	if (debug_flag) {
1305	/* dump the environment */	1314	/* dump the environment */