version 1.322, 2020/07/03 07:02:37 |
version 1.323, 2020/07/05 23:59:45 |
|
|
} |
} |
s->pid = pid; |
s->pid = pid; |
|
|
/* Parent. Close the slave side of the pseudo tty. */ |
/* Parent. Close the child side of the pseudo tty. */ |
close(ttyfd); |
close(ttyfd); |
|
|
/* Enter interactive session. */ |
/* Enter interactive session. */ |
|
|
* into the environment. If the file does not exist, this does nothing. |
* into the environment. If the file does not exist, this does nothing. |
* Otherwise, it must consist of empty lines, comments (line starts with '#') |
* Otherwise, it must consist of empty lines, comments (line starts with '#') |
* and assignments of the form name=value. No other forms are allowed. |
* and assignments of the form name=value. No other forms are allowed. |
* If whitelist is not NULL, then it is interpreted as a pattern list and |
* If allowlist is not NULL, then it is interpreted as a pattern list and |
* only variable names that match it will be accepted. |
* only variable names that match it will be accepted. |
*/ |
*/ |
static void |
static void |
read_environment_file(char ***env, u_int *envsize, |
read_environment_file(char ***env, u_int *envsize, |
const char *filename, const char *whitelist) |
const char *filename, const char *allowlist) |
{ |
{ |
FILE *f; |
FILE *f; |
char *line = NULL, *cp, *value; |
char *line = NULL, *cp, *value; |
|
|
*/ |
*/ |
*value = '\0'; |
*value = '\0'; |
value++; |
value++; |
if (whitelist != NULL && |
if (allowlist != NULL && |
match_pattern_list(cp, whitelist, 0) != 1) |
match_pattern_list(cp, allowlist, 0) != 1) |
continue; |
continue; |
child_set_env(env, envsize, cp, value); |
child_set_env(env, envsize, cp, value); |
} |
} |
|
|
cp = strchr(ocp, '='); |
cp = strchr(ocp, '='); |
if (*cp == '=') { |
if (*cp == '=') { |
*cp = '\0'; |
*cp = '\0'; |
/* Apply PermitUserEnvironment whitelist */ |
/* Apply PermitUserEnvironment allowlist */ |
if (options.permit_user_env_whitelist == NULL || |
if (options.permit_user_env_allowlist == NULL || |
match_pattern_list(ocp, |
match_pattern_list(ocp, |
options.permit_user_env_whitelist, 0) == 1) |
options.permit_user_env_allowlist, 0) == 1) |
child_set_env(&env, &envsize, |
child_set_env(&env, &envsize, |
ocp, cp + 1); |
ocp, cp + 1); |
} |
} |
|
|
snprintf(buf, sizeof buf, "%.200s/.ssh/environment", |
snprintf(buf, sizeof buf, "%.200s/.ssh/environment", |
pw->pw_dir); |
pw->pw_dir); |
read_environment_file(&env, &envsize, buf, |
read_environment_file(&env, &envsize, buf, |
options.permit_user_env_whitelist); |
options.permit_user_env_allowlist); |
} |
} |
|
|
/* Environment specified by admin */ |
/* Environment specified by admin */ |