v/tmate-ssh-server
1
0
Fork 0
mirror of https://github.com/tmate-io/tmate-ssh-server.git synced 2020-11-18 19:53:51 -08:00
Code Issues Releases Wiki Activity

Be more persmissive for session tokens (useful for named sessions)

Browse Source
This commit is contained in:
Nicolas Viennot 2019-11-07 08:17:51 -05:00
parent 7c1bc239af
commit 6c41248dad
4 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tmate-auth-keys.c
View File

@ -167,7 +167,7 @@ bool would_tmate_session_allow_auth(const char *token, const char *pubkey)
int sock_fd = -1; int sock_fd = -1;
int ret = true; int ret = true;
if (tmate_validated_session_token(token) < 0) if (tmate_validate_session_token(token) < 0)
goto out; goto out;
char *sock_path = get_socket_path(token); char *sock_path = get_socket_path(token);

10
tmate-main.c
View File

@ -173,10 +173,18 @@ int main(int argc, char **argv, char **envp)
return 0; return 0;
} }
char *get_socket_path(const char *token) char *get_socket_path(const char *_token)
{ {
char *path; char *path;
char *token = xstrdup(_token);
for (char *c = token; *c; c++) {
if (*c == '/' || *c == '.')
*c = '_';
}
xasprintf(&path, TMATE_WORKDIR "/sessions/%s", token); xasprintf(&path, TMATE_WORKDIR "/sessions/%s", token);
free(token);
return path; return path;
} }

16
tmate-ssh-client-pty.c
View File

@ -133,24 +133,20 @@ static void ssh_echo(struct tmate_ssh_client *ssh_client,
/* /*
* Session tokens are filesystem sensitive, * Note: get_socket_path() replaces '/' and '.' by '_' to
* so we must be very careful with / and . * avoid wondering around the file system.
*/ */
static char valid_digits[] = "abcdefghjklmnopqrstuvwxyz" static char valid_digits[] = "abcdefghjklmnopqrstuvwxyz"
"ABCDEFGHJKLMNOPQRSTUVWXYZ" "ABCDEFGHJKLMNOPQRSTUVWXYZ"
"0123456789-_"; "0123456789-_/";
int tmate_validated_session_token(const char *token) int tmate_validate_session_token(const char *token)
{ {
int len; int len;
int i; int i;
if (!memcmp("ro-", token, 3))
token += 3;
len = strlen(token); len = strlen(token);
if (len <= 2)
if (len != TMATE_TOKEN_LEN)
return -1; return -1;
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
@ -173,7 +169,7 @@ void tmate_spawn_pty_client(struct tmate_session *session)
int slave_pty; int slave_pty;
int ret; int ret;
if (tmate_validated_session_token(token) < 0) { if (tmate_validate_session_token(token) < 0) {
ssh_echo(client, BAD_TOKEN_ERROR_STR); ssh_echo(client, BAD_TOKEN_ERROR_STR);
tmate_fatal("Invalid token"); tmate_fatal("Invalid token");
} }

2
tmate.h
View File

@ -142,7 +142,7 @@ extern void tmate_dump_exec_response(struct tmate_session *session,
/* tmate-ssh-client-pty.c */ /* tmate-ssh-client-pty.c */
extern void tmate_spawn_pty_client(struct tmate_session *session); extern void tmate_spawn_pty_client(struct tmate_session *session);
extern int tmate_validated_session_token(const char *token); extern int tmate_validate_session_token(const char *token);
/* tmate-ssh-server.c */ /* tmate-ssh-server.c */