# HG changeset patch # User Matt Johnston # Date 1251295762 0 # Node ID b321aeb57c6455b8806464f15a2a8320238d68ad # Parent 1929bbe3fa84f3b1dcb7b6cb5d25ace571f742cc - set $SSH_ORIGINAL_COMMAND if a command is forced, and log it if LOG_COMMANDS is set diff -r 1929bbe3fa84 -r b321aeb57c64 auth.h --- a/auth.h Tue Aug 25 11:11:35 2009 +0000 +++ b/auth.h Wed Aug 26 14:09:22 2009 +0000 @@ -99,7 +99,6 @@ * relatively little extraneous bits when used for the client rather than the * server */ struct AuthState { - char *username; /* This is the username the client presents to check. It is updated each run through, used for auth checking */ unsigned char authtypes; /* Flags indicating which auth types are still @@ -122,7 +121,6 @@ #ifdef ENABLE_SVR_PUBKEY_OPTIONS struct PubKeyOptions* pubkey_options; #endif - }; #ifdef ENABLE_SVR_PUBKEY_OPTIONS @@ -135,7 +133,7 @@ int no_pty_flag; /* "command=" option. */ unsigned char * forced_command; - + unsigned char * original_command; }; #endif diff -r 1929bbe3fa84 -r b321aeb57c64 options.h --- a/options.h Tue Aug 25 11:11:35 2009 +0000 +++ b/options.h Wed Aug 26 14:09:22 2009 +0000 @@ -172,7 +172,8 @@ /*#define ENABLE_SVR_PAM_AUTH*/ #define ENABLE_SVR_PUBKEY_AUTH -/* Wether to ake public key options in authorized_keys file into account */ +/* Whether to take public key options in + * authorized_keys file into account */ #ifdef ENABLE_SVR_PUBKEY_AUTH #define ENABLE_SVR_PUBKEY_OPTIONS #endif diff -r 1929bbe3fa84 -r b321aeb57c64 svr-authpubkeyoptions.c --- a/svr-authpubkeyoptions.c Tue Aug 25 11:11:35 2009 +0000 +++ b/svr-authpubkeyoptions.c Wed Aug 26 14:09:22 2009 +0000 @@ -88,10 +88,20 @@ return 1; } -/* Set chansession command to the one forced by 'command' public key option */ +/* Set chansession command to the one forced + * by any 'command' public key option. */ void svr_pubkey_set_forced_command(struct ChanSess *chansess) { - if (ses.authstate.pubkey_options) + if (ses.authstate.pubkey_options) { + ses.authstate.pubkey_options->original_command = chansess->cmd; + if (!chansess->cmd) + { + ses.authstate.pubkey_options->original_command = m_strdup(""); + } chansess->cmd = ses.authstate.pubkey_options->forced_command; +#ifdef LOG_COMMANDS + dropbear_log(LOG_INFO, "command forced to '%s'", ses.authstate.pubkey_options->original_command); +#endif + } } /* Free potential public key options */ @@ -124,7 +134,6 @@ TRACE(("enter addpubkeyoptions")) ses.authstate.pubkey_options = (struct PubKeyOptions*)m_malloc(sizeof( struct PubKeyOptions )); - memset(ses.authstate.pubkey_options, '\0', sizeof(*ses.authstate.pubkey_options)); buf_setpos(options_buf, 0); while (options_buf->pos < options_buf->len) { diff -r 1929bbe3fa84 -r b321aeb57c64 svr-chansession.c --- a/svr-chansession.c Tue Aug 25 11:11:35 2009 +0000 +++ b/svr-chansession.c Wed Aug 26 14:09:22 2009 +0000 @@ -578,6 +578,7 @@ int iscmd, int issubsys) { unsigned int cmdlen; + int is_forced; int ret; TRACE(("enter sessioncommand")) @@ -589,9 +590,6 @@ return DROPBEAR_FAILURE; } - /* take public key option 'command' into account */ - svr_pubkey_set_forced_command(chansess); - if (iscmd) { /* "exec" */ if (chansess->cmd == NULL) { @@ -616,6 +614,9 @@ } } } + + /* take public key option 'command' into account */ + svr_pubkey_set_forced_command(chansess); #ifdef LOG_COMMANDS if (chansess->cmd) { @@ -883,6 +884,17 @@ addnewvar("TERM", chansess->term); } + printf("adding option %p %s\n", ses.authstate.pubkey_options, + ses.authstate.pubkey_options->original_command); + +#ifdef ENABLE_SVR_PUBKEY_OPTIONS + if (ses.authstate.pubkey_options && + ses.authstate.pubkey_options->original_command) { + addnewvar("SSH_ORIGINAL_COMMAND", + ses.authstate.pubkey_options->original_command); + } +#endif + /* change directory */ if (chdir(ses.authstate.pw_dir) < 0) { dropbear_exit("error changing directory");