Attachment 3012 Details for Bug 1800 – redo

[patch] redo

bz1800.diff (text/plain), 4.89 KB, created by Damien Miller on 2017-07-07 14:59:39 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2017-07-07 14:59:39 AEST

Size: 4.89 KB

patch

obsolete

>diff --git a/servconf.c b/servconf.c
>index ed1fc71c..9ca57f05 100644
>--- a/servconf.c
>+++ b/servconf.c
>@@ -120,6 +120,7 @@ initialize_server_options(ServerOptions *options)
> 	options->challenge_response_authentication = -1;
> 	options->permit_empty_passwd = -1;
> 	options->permit_user_env = -1;
>+	options->permit_user_env_whitelist = NULL;
> 	options->compression = -1;
> 	options->rekey_limit = -1;
> 	options->rekey_interval = -1;
>@@ -280,8 +281,10 @@ fill_default_server_options(ServerOptions *options)
> 		options->challenge_response_authentication = 1;
> 	if (options->permit_empty_passwd == -1)
> 		options->permit_empty_passwd = 0;
>-	if (options->permit_user_env == -1)
>+	if (options->permit_user_env == -1) {
> 		options->permit_user_env = 0;
>+		options->permit_user_env_whitelist = NULL;
>+	}
> 	if (options->compression == -1)
> 		options->compression = COMP_DELAYED;
> 	if (options->rekey_limit == -1)
>@@ -1289,7 +1292,27 @@ process_server_config_line(ServerOptions *options, char *line,
> 
> 	case sPermitUserEnvironment:
> 		intptr = &options->permit_user_env;
>-		goto parse_flag;
>+		charptr = &options->permit_user_env_whitelist;
>+		arg = strdelim(&cp);
>+		if (!arg || *arg == '\0')
>+			fatal("%s line %d: missing argument.",
>+			    filename, linenum);
>+		value = 0;
>+		p = NULL;
>+		if (strcmp(arg, "yes") == 0)
>+			value = 1;
>+		else if (strcmp(arg, "no") == 0)
>+			value = 0;
>+		else {
>+			/* Pattern-list specified */
>+			value = 1;
>+			p = xstrdup(arg);
>+		}
>+		if (*activep && *intptr == -1) {
>+			*intptr = value;
>+			*charptr = p;
>+		}
>+		break;
> 
> 	case sCompression:
> 		intptr = &options->compression;
>@@ -2272,7 +2295,6 @@ dump_config(ServerOptions *o)
> 	dump_cfg_fmtint(sStrictModes, o->strict_modes);
> 	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
> 	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
>-	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
> 	dump_cfg_fmtint(sCompression, o->compression);
> 	dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
> 	dump_cfg_fmtint(sUseDNS, o->use_dns);
>@@ -2352,5 +2374,12 @@ dump_config(ServerOptions *o)
> 	printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit,
> 	    o->rekey_interval);
> 
>+	if (o->permit_user_env_whitelist == NULL)
>+		dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
>+	else {
>+		printf("permituserenvironment %s\n",
>+		    o->permit_user_env_whitelist);
>+	}
>+
> 	channel_print_adm_permitted_opens();
> }
>diff --git a/servconf.h b/servconf.h
>index c2848a76..df42ad5e 100644
>--- a/servconf.h
>+++ b/servconf.h
>@@ -121,6 +121,7 @@ typedef struct {
> 	int     permit_empty_passwd;	/* If false, do not permit empty
> 					 * passwords. */
> 	int     permit_user_env;	/* If true, read ~/.ssh/environment */
>+	char   *permit_user_env_whitelist; /* pattern-list whitelist */
> 	int     compression;	/* If true, compression is allowed */
> 	int	allow_tcp_forwarding; /* One of FORWARD_* */
> 	int	allow_streamlocal_forwarding; /* One of FORWARD_* */
>diff --git a/session.c b/session.c
>index a2588e74..f941a459 100644
>--- a/session.c
>+++ b/session.c
>@@ -888,10 +888,12 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
>  * into the environment.  If the file does not exist, this does nothing.
>  * Otherwise, it must consist of empty lines, comments (line starts with '#')
>  * and assignments of the form name=value.  No other forms are allowed.
>+ * If whitelist is not NULL, then it is interpreted as a pattern list and
>+ * only variable names that match it will be accepted.
>  */
> static void
> read_environment_file(char ***env, u_int *envsize,
>-	const char *filename)
>+	const char *filename, const char *whitelist)
> {
> 	FILE *f;
> 	char buf[4096];
>@@ -924,6 +926,9 @@ read_environment_file(char ***env, u_int *envsize,
> 		 */
> 		*value = '\0';
> 		value++;
>+		if (whitelist != NULL &&
>+		    match_pattern_list(cp, whitelist, 0) != 1)
>+			continue;
> 		child_set_env(env, envsize, cp, value);
> 	}
> 	fclose(f);
>@@ -962,7 +967,7 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
> 	 * so we use a temporary environment and copy the variables we're
> 	 * interested in.
> 	 */
>-	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");
>+	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", NULL);
> 
> 	if (tmpenv == NULL)
> 		return;
>@@ -1153,7 +1158,7 @@ do_setup_env(Session *s, const char *shell)
> 
> 		if ((cp = getenv("AUTHSTATE")) != NULL)
> 			child_set_env(&env, &envsize, "AUTHSTATE", cp);
>-		read_environment_file(&env, &envsize, "/etc/environment");
>+		read_environment_file(&env, &envsize, "/etc/environment", NULL);
> 	}
> #endif
> #ifdef KRB5
>@@ -1187,7 +1192,8 @@ do_setup_env(Session *s, const char *shell)
> 	if (options.permit_user_env) {
> 		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
> 		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
>-		read_environment_file(&env, &envsize, buf);
>+		read_environment_file(&env, &envsize, buf,
>+		    options.permit_user_env_whitelist);
> 	}
> 	if (debug_flag) {
> 		/* dump the environment */

Actions: View | Diff

Attachments on bug 1800: 1901 | 1903 | 2017 | 2098 | 2113 | 3012 | 3013