changeset 566:b321aeb57c64

- set $SSH_ORIGINAL_COMMAND if a command is forced, and log it if LOG_COMMANDS is set
author Matt Johnston <matt@ucc.asn.au>
date Wed, 26 Aug 2009 14:09:22 +0000
parents 1929bbe3fa84
children 893a9dd0b9dd
files auth.h options.h svr-authpubkeyoptions.c svr-chansession.c
diffstat 4 files changed, 30 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/auth.h	Tue Aug 25 11:11:35 2009 +0000
+++ b/auth.h	Wed Aug 26 14:09:22 2009 +0000
@@ -99,7 +99,6 @@
  * relatively little extraneous bits when used for the client rather than the
  * server */
 struct AuthState {
-
 	char *username; /* This is the username the client presents to check. It
 					   is updated each run through, used for auth checking */
 	unsigned char authtypes; /* Flags indicating which auth types are still 
@@ -122,7 +121,6 @@
 #ifdef ENABLE_SVR_PUBKEY_OPTIONS
 	struct PubKeyOptions* pubkey_options;
 #endif
-
 };
 
 #ifdef ENABLE_SVR_PUBKEY_OPTIONS
@@ -135,7 +133,7 @@
 	int no_pty_flag;
 	/* "command=" option. */
 	unsigned char * forced_command;
-
+	unsigned char * original_command;
 };
 #endif
 
--- a/options.h	Tue Aug 25 11:11:35 2009 +0000
+++ b/options.h	Wed Aug 26 14:09:22 2009 +0000
@@ -172,7 +172,8 @@
 /*#define ENABLE_SVR_PAM_AUTH*/
 #define ENABLE_SVR_PUBKEY_AUTH
 
-/* Wether to ake public key options in authorized_keys file into account */
+/* Whether to take public key options in 
+ * authorized_keys file into account */
 #ifdef ENABLE_SVR_PUBKEY_AUTH
 #define ENABLE_SVR_PUBKEY_OPTIONS
 #endif
--- a/svr-authpubkeyoptions.c	Tue Aug 25 11:11:35 2009 +0000
+++ b/svr-authpubkeyoptions.c	Wed Aug 26 14:09:22 2009 +0000
@@ -88,10 +88,20 @@
 	return 1;
 }
 
-/* Set chansession command to the one forced by 'command' public key option */
+/* Set chansession command to the one forced 
+ * by any 'command' public key option. */
 void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
-	if (ses.authstate.pubkey_options)
+	if (ses.authstate.pubkey_options) {
+		ses.authstate.pubkey_options->original_command = chansess->cmd;
+		if (!chansess->cmd)
+		{
+			ses.authstate.pubkey_options->original_command = m_strdup("");
+		}
 		chansess->cmd = ses.authstate.pubkey_options->forced_command;
+#ifdef LOG_COMMANDS
+		dropbear_log(LOG_INFO, "command forced to '%s'", ses.authstate.pubkey_options->original_command);
+#endif
+	}
 }
 
 /* Free potential public key options */
@@ -124,7 +134,6 @@
 	TRACE(("enter addpubkeyoptions"))
 
 	ses.authstate.pubkey_options = (struct PubKeyOptions*)m_malloc(sizeof( struct PubKeyOptions ));
-	memset(ses.authstate.pubkey_options, '\0', sizeof(*ses.authstate.pubkey_options));
 
 	buf_setpos(options_buf, 0);
 	while (options_buf->pos < options_buf->len) {
--- a/svr-chansession.c	Tue Aug 25 11:11:35 2009 +0000
+++ b/svr-chansession.c	Wed Aug 26 14:09:22 2009 +0000
@@ -578,6 +578,7 @@
 		int iscmd, int issubsys) {
 
 	unsigned int cmdlen;
+	int is_forced;
 	int ret;
 
 	TRACE(("enter sessioncommand"))
@@ -589,9 +590,6 @@
 		return DROPBEAR_FAILURE;
 	}
 
-	/* take public key option 'command' into account */
-	svr_pubkey_set_forced_command(chansess);
-
 	if (iscmd) {
 		/* "exec" */
 		if (chansess->cmd == NULL) {
@@ -616,6 +614,9 @@
 			}
 		}
 	}
+	
+	/* take public key option 'command' into account */
+	svr_pubkey_set_forced_command(chansess);
 
 #ifdef LOG_COMMANDS
 	if (chansess->cmd) {
@@ -883,6 +884,17 @@
 		addnewvar("TERM", chansess->term);
 	}
 
+	printf("adding option %p %s\n", ses.authstate.pubkey_options,
+			ses.authstate.pubkey_options->original_command);
+
+#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+	if (ses.authstate.pubkey_options &&
+			ses.authstate.pubkey_options->original_command) {
+		addnewvar("SSH_ORIGINAL_COMMAND", 
+			ses.authstate.pubkey_options->original_command);
+	}
+#endif
+
 	/* change directory */
 	if (chdir(ses.authstate.pw_dir) < 0) {
 		dropbear_exit("error changing directory");