diff options
author | Colin Watson <cjwatson@debian.org> | 2008-04-06 11:14:35 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2008-04-06 11:14:35 +0000 |
commit | 0df2e6b41de8b35845aa2f297ef8d39b85ba3d47 (patch) | |
tree | 70f474ce5abb6147c4a45ce9b00b34797e6a4f44 /auth-options.c | |
parent | bfb5ee9d4b1a9dae5bc984975a9cf6c07a86492f (diff) |
Backport from 4.9p1:
- Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see
http://www.securityfocus.com/bid/28531/info).
- Add no-user-rc authorized_keys option to disable execution of
~/.ssh/rc.
Diffstat (limited to 'auth-options.c')
-rw-r--r-- | auth-options.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/auth-options.c b/auth-options.c index ca5e1c931..8f9df7a76 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -42,6 +42,7 @@ int no_port_forwarding_flag = 0; | |||
42 | int no_agent_forwarding_flag = 0; | 42 | int no_agent_forwarding_flag = 0; |
43 | int no_x11_forwarding_flag = 0; | 43 | int no_x11_forwarding_flag = 0; |
44 | int no_pty_flag = 0; | 44 | int no_pty_flag = 0; |
45 | int no_user_rc = 0; | ||
45 | 46 | ||
46 | /* "command=" option. */ | 47 | /* "command=" option. */ |
47 | char *forced_command = NULL; | 48 | char *forced_command = NULL; |
@@ -61,6 +62,7 @@ auth_clear_options(void) | |||
61 | no_port_forwarding_flag = 0; | 62 | no_port_forwarding_flag = 0; |
62 | no_pty_flag = 0; | 63 | no_pty_flag = 0; |
63 | no_x11_forwarding_flag = 0; | 64 | no_x11_forwarding_flag = 0; |
65 | no_user_rc = 0; | ||
64 | while (custom_environment) { | 66 | while (custom_environment) { |
65 | struct envstring *ce = custom_environment; | 67 | struct envstring *ce = custom_environment; |
66 | custom_environment = ce->next; | 68 | custom_environment = ce->next; |
@@ -121,6 +123,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
121 | opts += strlen(cp); | 123 | opts += strlen(cp); |
122 | goto next_option; | 124 | goto next_option; |
123 | } | 125 | } |
126 | cp = "no-user-rc"; | ||
127 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | ||
128 | auth_debug_add("User rc file execution disabled."); | ||
129 | no_user_rc = 1; | ||
130 | opts += strlen(cp); | ||
131 | goto next_option; | ||
132 | } | ||
124 | cp = "command=\""; | 133 | cp = "command=\""; |
125 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 134 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
126 | opts += strlen(cp); | 135 | opts += strlen(cp); |