Mercurial > dropbear
comparison svr-chansession.c @ 475:52a644e7b8e1 pubkey-options
* Patch from Frédéric Moulins adding options to authorized_keys.
Needs review.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 08 Sep 2008 15:14:02 +0000 |
| parents | f11544d96354 |
| children | 9f583f4d59a6 |
comparison
equal
deleted
inserted
replaced
| 474:f33b0898aaa6 | 475:52a644e7b8e1 |
|---|---|
| 35 #include "random.h" | 35 #include "random.h" |
| 36 #include "utmp.h" | 36 #include "utmp.h" |
| 37 #include "x11fwd.h" | 37 #include "x11fwd.h" |
| 38 #include "agentfwd.h" | 38 #include "agentfwd.h" |
| 39 #include "runopts.h" | 39 #include "runopts.h" |
| 40 #include "auth.h" | |
| 40 | 41 |
| 41 /* Handles sessions (either shells or programs) requested by the client */ | 42 /* Handles sessions (either shells or programs) requested by the client */ |
| 42 | 43 |
| 43 static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, | 44 static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, |
| 44 int iscmd, int issubsys); | 45 int iscmd, int issubsys); |
| 525 unsigned int termlen; | 526 unsigned int termlen; |
| 526 unsigned char namebuf[65]; | 527 unsigned char namebuf[65]; |
| 527 struct passwd * pw = NULL; | 528 struct passwd * pw = NULL; |
| 528 | 529 |
| 529 TRACE(("enter sessionpty")) | 530 TRACE(("enter sessionpty")) |
| 531 | |
| 532 if (!svr_pubkey_allows_pty()) { | |
| 533 TRACE(("leave sessionpty : pty forbidden by public key option")) | |
| 534 return DROPBEAR_FAILURE; | |
| 535 } | |
| 536 | |
| 530 chansess->term = buf_getstring(ses.payload, &termlen); | 537 chansess->term = buf_getstring(ses.payload, &termlen); |
| 531 if (termlen > MAX_TERM_LEN) { | 538 if (termlen > MAX_TERM_LEN) { |
| 532 /* TODO send disconnect ? */ | 539 /* TODO send disconnect ? */ |
| 533 TRACE(("leave sessionpty: term len too long")) | 540 TRACE(("leave sessionpty: term len too long")) |
| 534 return DROPBEAR_FAILURE; | 541 return DROPBEAR_FAILURE; |
| 580 * one command (which fails), then try another. Ie fallback | 587 * one command (which fails), then try another. Ie fallback |
| 581 * from sftp to scp */ | 588 * from sftp to scp */ |
| 582 return DROPBEAR_FAILURE; | 589 return DROPBEAR_FAILURE; |
| 583 } | 590 } |
| 584 | 591 |
| 592 /* take public key option 'command' into account */ | |
| 593 svr_pubkey_set_forced_command(chansess); | |
| 594 | |
| 585 if (iscmd) { | 595 if (iscmd) { |
| 586 /* "exec" */ | 596 /* "exec" */ |
| 587 chansess->cmd = buf_getstring(ses.payload, &cmdlen); | 597 if (chansess->cmd == NULL) { |
| 588 | 598 chansess->cmd = buf_getstring(ses.payload, &cmdlen); |
| 589 if (cmdlen > MAX_CMD_LEN) { | 599 |
| 590 m_free(chansess->cmd); | 600 if (cmdlen > MAX_CMD_LEN) { |
| 591 /* TODO - send error - too long ? */ | 601 m_free(chansess->cmd); |
| 592 return DROPBEAR_FAILURE; | 602 /* TODO - send error - too long ? */ |
| 603 return DROPBEAR_FAILURE; | |
| 604 } | |
| 593 } | 605 } |
| 594 if (issubsys) { | 606 if (issubsys) { |
| 595 #ifdef SFTPSERVER_PATH | 607 #ifdef SFTPSERVER_PATH |
| 596 if ((cmdlen == 4) && strncmp(chansess->cmd, "sftp", 4) == 0) { | 608 if ((cmdlen == 4) && strncmp(chansess->cmd, "sftp", 4) == 0) { |
| 597 m_free(chansess->cmd); | 609 m_free(chansess->cmd); |