Attachment #2113 for bug #1800




		if (options.permit_user_env &&
		    strncasecmp(opts, cp, strlen(cp)) == 0) {
			char *s;
			int match;
			struct envstring *new_envstring;

			opts += strlen(cp);

				goto bad_option;
			}
			s[i] = '\0';

			match = match_pattern_list(s, options.permit_user_env, 
						   strlen(options.permit_user_env), 0);
			if (match == -1) {
				auth_debug_add("Negation: not adding to environment:"
						" %.900s", s);
				debug("Negation: not adding to environment:"
				      " %.900s (based on permitUserEnvironment="
				      "%.900s)", s, options.permit_user_env);
			}

			if (strncasecmp(options.permit_user_env, "yes", 
					strlen(options.permit_user_env)) == 0 || 
			    match == 1)
				{
					auth_debug_add("Adding to environment: %.900s", s);

					debug("Adding to environment: %.900s (based on"
					      " permitUserEnvironment=%.900s)", s, 
					      options.permit_user_env);
					new_envstring = xmalloc(sizeof(struct envstring));
					new_envstring->s = s;
					new_envstring->next = custom_environment;
					custom_environment = new_envstring;
				}
			
			opts++;
			new_envstring = xmalloc(sizeof(struct envstring));
			new_envstring->s = s;
			new_envstring->next = custom_environment;
			custom_environment = new_envstring;
			goto next_option;
		}
		cp = "from=\"";




	options->kbd_interactive_authentication = -1;
	options->challenge_response_authentication = -1;
	options->permit_empty_passwd = -1;
	options->permit_user_env = NULL;
	options->use_login = -1;
	options->compression = -1;
	options->allow_tcp_forwarding = -1;

		options->challenge_response_authentication = 1;
	if (options->permit_empty_passwd == -1)
		options->permit_empty_passwd = 0;
	if (options->permit_user_env == -1)
		options->permit_user_env = 0;
	if (options->use_login == -1)
		options->use_login = 0;
	if (options->compression == -1)

		intptr = &options->permit_empty_passwd;
		goto parse_flag;

        case sPermitUserEnvironment:
		arg = strdelim(&cp);
		if (!arg || *arg == '\0')
			fatal("%s line %d: missing yes/no/value argument.", 
			      filename, linenum);

		if (strcmp(arg, "no") == 0)
			return 0;
		else if (*activep && options->permit_user_env == NULL)
			options->permit_user_env = xstrdup(arg);
		return 0;
		
	case sUseLogin:
		intptr = &options->use_login;
		goto parse_flag;


	M_CP_STROPT(adm_forced_command);
	M_CP_STROPT(chroot_directory);
	M_CP_STROPT(permit_user_env);
}

#undef M_CP_INTOPT

	dump_cfg_fmtint(sStrictModes, o->strict_modes);
	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
	dump_cfg_fmtint(sUseLogin, o->use_login);
	dump_cfg_fmtint(sCompression, o->compression);
	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);

	dump_cfg_string(sChrootDirectory, o->chroot_directory);
	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
	dump_cfg_string(sPermitUserEnvironment, o->permit_user_env);
	dump_cfg_string(sAuthorizedPrincipalsFile,
	    o->authorized_principals_file);


Lines 112-118 Link Here

(-)openssh-5.9p1/servconf.h (-1 / +1 lines)
112	/* If true, permit jpake auth */	112	/* If true, permit jpake auth */
113	int permit_empty_passwd; /* If false, do not permit empty	113	int permit_empty_passwd; /* If false, do not permit empty
114	* passwords. */	114	* passwords. */
115	int permit_user_env; /* If true, read ~/.ssh/environment */	115	char permit_user_env; / If true or string, read ~/.ssh/environment */
116	int use_login; /* If true, login(1) is used */	116	int use_login; /* If true, login(1) is used */
117	int compression; /* If true, compression is allowed */	117	int compression; /* If true, compression is allowed */
118	int allow_tcp_forwarding;	118	int allow_tcp_forwarding;

Lines 999-1008 Link Here

(-)openssh-5.9p1/session.c (-6 / +16 lines)
999	* into the environment. If the file does not exist, this does nothing.	999	* into the environment. If the file does not exist, this does nothing.
1000	* Otherwise, it must consist of empty lines, comments (line starts with '#')	1000	* Otherwise, it must consist of empty lines, comments (line starts with '#')
1001	* and assignments of the form name=value. No other forms are allowed.	1001	* and assignments of the form name=value. No other forms are allowed.
		1002	* If pattern is present, only adds/overrides the subset of variables whose
		1003	* names match the pattern.
1002	*/	1004	*/
1003	static void	1005	static void
1004	read_environment_file(char **env, u_int envsize,	1006	read_environment_file(char **env, u_int envsize,
1005	const char *filename)	1007	const char filename, char pattern)
1006	{	1008	{
1007	FILE *f;	1009	FILE *f;
1008	char buf[4096];	1010	char buf[4096];
Lines 1035-1045 Link Here
1035	*/	1037	*/
1036	*value = '\0';	1038	*value = '\0';
1037	value++;	1039	value++;
1038	child_set_env(env, envsize, cp, value);	1040	if (pattern == NULL \|\|
		1041	match_pattern_list(cp, pattern, strlen(pattern),0) == 1)
		1042	child_set_env(env, envsize, cp, value);
1039	}	1043	}
1040	fclose(f);	1044	fclose(f);
1041	}	1045	}
1042		1046
		1047
1043	#ifdef HAVE_ETC_DEFAULT_LOGIN	1048	#ifdef HAVE_ETC_DEFAULT_LOGIN
1044	/*	1049	/*
1045	* Return named variable from specified environment, or NULL if not present.	1050	* Return named variable from specified environment, or NULL if not present.
Lines 1073-1079 Link Here
1073	* so we use a temporary environment and copy the variables we're	1078	* so we use a temporary environment and copy the variables we're
1074	* interested in.	1079	* interested in.
1075	*/	1080	*/
1076	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");	1081	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", NULL);
1077		1082
1078	if (tmpenv == NULL)	1083	if (tmpenv == NULL)
1079	return;	1084	return;
Lines 1265-1271 Link Here
1265		1270
1266	if ((cp = getenv("AUTHSTATE")) != NULL)	1271	if ((cp = getenv("AUTHSTATE")) != NULL)
1267	child_set_env(&env, &envsize, "AUTHSTATE", cp);	1272	child_set_env(&env, &envsize, "AUTHSTATE", cp);
1268	read_environment_file(&env, &envsize, "/etc/environment");	1273	read_environment_file(&env, &envsize, "/etc/environment", NULL);
1269	}	1274	}
1270	#endif	1275	#endif
1271	#ifdef KRB5	1276	#ifdef KRB5
Lines 1296-1305 Link Here
1296	auth_sock_name);	1301	auth_sock_name);
1297		1302
1298	/* read $HOME/.ssh/environment. */	1303	/* read $HOME/.ssh/environment. */
1299	if (options.permit_user_env && !options.use_login) {	1304
		1305	if (options.permit_user_env && !options.use_login) {
		1306
1300	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",	1307	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
1301	strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");	1308	strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
1302	read_environment_file(&env, &envsize, buf);	1309	if (strncasecmp(options.permit_user_env, "yes", strlen(options.permit_user_env)) == 0)
		1310	read_environment_file(&env, &envsize, buf, NULL);
		1311	else
		1312	read_environment_file(&env, &envsize, buf, options.permit_user_env);
1303	}	1313	}
1304	if (debug_flag) {	1314	if (debug_flag) {
1305	/* dump the environment */	1315	/* dump the environment */

Lines 856-866 Link Here

(-)openssh-5.9p1/sshd_config.5 (-1 / +22 lines)
856	.Pa ~/.ssh/authorized_keys	856	.Pa ~/.ssh/authorized_keys
857	are processed by	857	are processed by
858	.Xr sshd 8 .	858	.Xr sshd 8 .
		859	Arguments may be
		860	.Dq yes ,
		861	.Dq no ,
		862	or a list of patterns for permitted user environment variables.
859	The default is	863	The default is
860	.Dq no .	864	.Dq no .
861	Enabling environment processing may enable users to bypass access	865	Enabling environment processing with
		866	.Dq yes
		867	is not recommended because it may enable users to bypass access
862	restrictions in some configurations using mechanisms such as	868	restrictions in some configurations using mechanisms such as
863	.Ev LD_PRELOAD .	869	.Ev LD_PRELOAD .
		870	The environment patterns may consist of single entries or comma-separated
		871	lists and may use the wildcard and negation operators described in the
		872	.Sx PATTERNS
		873	section of
		874	.Xr ssh_config 5 .
		875	The patterns entry should be surrounded by quotes.
		876	Patterns may include the environment variable's value. Patterns to match
		877	exactly one variable name must include a trailing
		878	.Dq = .
		879	For example,
		880	.Pp
		881	.Dl PermitUserEnvironment \&"REMOTEUSER=*\&"
		882	.Pp
		883	.Dl PermitUserEnvironment \&"LOGNAME=,XTERM=vt\&"
		884
864	.It Cm PidFile	885	.It Cm PidFile
865	Specifies the file that contains the process ID of the	886	Specifies the file that contains the process ID of the
866	SSH daemon.	887	SSH daemon.

Return to bug 1800

Lines 212-217 Link Here

(-)openssh-5.9p1/auth-options.c (-6 / +27 lines)
212	if (options.permit_user_env &&	212	if (options.permit_user_env &&
213	strncasecmp(opts, cp, strlen(cp)) == 0) {	213	strncasecmp(opts, cp, strlen(cp)) == 0) {
214	char *s;	214	char *s;
		215	int match;
215	struct envstring *new_envstring;	216	struct envstring *new_envstring;
216		217
217	opts += strlen(cp);	218	opts += strlen(cp);
Lines 236-248 Link Here
236	goto bad_option;	237	goto bad_option;
237	}	238	}
238	s[i] = '\0';	239	s[i] = '\0';
239	auth_debug_add("Adding to environment: %.900s", s);	240
240	debug("Adding to environment: %.900s", s);	241	match = match_pattern_list(s, options.permit_user_env,
		242	strlen(options.permit_user_env), 0);
		243	if (match == -1) {
		244	auth_debug_add("Negation: not adding to environment:"
		245	" %.900s", s);
		246	debug("Negation: not adding to environment:"
		247	" %.900s (based on permitUserEnvironment="
		248	"%.900s)", s, options.permit_user_env);
		249	}
		250
		251	if (strncasecmp(options.permit_user_env, "yes",
		252	strlen(options.permit_user_env)) == 0 \|\|
		253	match == 1)
		254	{
		255	auth_debug_add("Adding to environment: %.900s", s);
		256
		257	debug("Adding to environment: %.900s (based on"
		258	" permitUserEnvironment=%.900s)", s,
		259	options.permit_user_env);
		260	new_envstring = xmalloc(sizeof(struct envstring));
		261	new_envstring->s = s;
		262	new_envstring->next = custom_environment;
		263	custom_environment = new_envstring;
		264	}
		265
241	opts++;	266	opts++;
242	new_envstring = xmalloc(sizeof(struct envstring));
243	new_envstring->s = s;
244	new_envstring->next = custom_environment;
245	custom_environment = new_envstring;
246	goto next_option;	267	goto next_option;
247	}	268	}
248	cp = "from=\"";	269	cp = "from=\"";

Lines 102-108 Link Here

(-)openssh-5.9p1/servconf.c (-7 / +14 lines)
102	options->kbd_interactive_authentication = -1;	102	options->kbd_interactive_authentication = -1;
103	options->challenge_response_authentication = -1;	103	options->challenge_response_authentication = -1;
104	options->permit_empty_passwd = -1;	104	options->permit_empty_passwd = -1;
105	options->permit_user_env = -1;	105	options->permit_user_env = NULL;
106	options->use_login = -1;	106	options->use_login = -1;
107	options->compression = -1;	107	options->compression = -1;
108	options->allow_tcp_forwarding = -1;	108	options->allow_tcp_forwarding = -1;
Lines 235-242 Link Here
235	options->challenge_response_authentication = 1;	235	options->challenge_response_authentication = 1;
236	if (options->permit_empty_passwd == -1)	236	if (options->permit_empty_passwd == -1)
237	options->permit_empty_passwd = 0;	237	options->permit_empty_passwd = 0;
238	if (options->permit_user_env == -1)
239	options->permit_user_env = 0;
240	if (options->use_login == -1)	238	if (options->use_login == -1)
241	options->use_login = 0;	239	options->use_login = 0;
242	if (options->compression == -1)	240	if (options->compression == -1)
Lines 1018-1027 Link Here
1018	intptr = &options->permit_empty_passwd;	1016	intptr = &options->permit_empty_passwd;
1019	goto parse_flag;	1017	goto parse_flag;
1020		1018
1021	case sPermitUserEnvironment:	1019	case sPermitUserEnvironment:
1022	intptr = &options->permit_user_env;	1020	arg = strdelim(&cp);
1023	goto parse_flag;	1021	if (!arg \|\| *arg == '\0')
		1022	fatal("%s line %d: missing yes/no/value argument.",
		1023	filename, linenum);
1024		1024
		1025	if (strcmp(arg, "no") == 0)
		1026	return 0;
		1027	else if (*activep && options->permit_user_env == NULL)
		1028	options->permit_user_env = xstrdup(arg);
		1029	return 0;
		1030
1025	case sUseLogin:	1031	case sUseLogin:
1026	intptr = &options->use_login;	1032	intptr = &options->use_login;
1027	goto parse_flag;	1033	goto parse_flag;
Lines 1526-1531 Link Here
1526		1532
1527	M_CP_STROPT(adm_forced_command);	1533	M_CP_STROPT(adm_forced_command);
1528	M_CP_STROPT(chroot_directory);	1534	M_CP_STROPT(chroot_directory);
		1535	M_CP_STROPT(permit_user_env);
1529	}	1536	}
1530		1537
1531	#undef M_CP_INTOPT	1538	#undef M_CP_INTOPT
Lines 1738-1744 Link Here
1738	dump_cfg_fmtint(sStrictModes, o->strict_modes);	1745	dump_cfg_fmtint(sStrictModes, o->strict_modes);
1739	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);	1746	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
1740	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);	1747	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
1741	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
1742	dump_cfg_fmtint(sUseLogin, o->use_login);	1748	dump_cfg_fmtint(sUseLogin, o->use_login);
1743	dump_cfg_fmtint(sCompression, o->compression);	1749	dump_cfg_fmtint(sCompression, o->compression);
1744	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);	1750	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
Lines 1756-1761 Link Here
1756	dump_cfg_string(sChrootDirectory, o->chroot_directory);	1762	dump_cfg_string(sChrootDirectory, o->chroot_directory);
1757	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);	1763	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
1758	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);	1764	dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
		1765	dump_cfg_string(sPermitUserEnvironment, o->permit_user_env);
1759	dump_cfg_string(sAuthorizedPrincipalsFile,	1766	dump_cfg_string(sAuthorizedPrincipalsFile,
1760	o->authorized_principals_file);	1767	o->authorized_principals_file);
1761		1768