- djm@cvs.openbsd.org 2008/03/26 21:28:14

     [auth-options.c auth-options.h session.c sshd.8]
     add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc

1 files changed, 10 insertions, 1 deletions

diff --git a/auth-options.c b/auth-options.c
index ca5e1c931..6e2256961 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-options.c,v 1.41 2008/03/26 21:28:14 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,6 +42,7 @@ int no_port_forwarding_flag = 0;
 int no_agent_forwarding_flag = 0;
 int no_x11_forwarding_flag = 0;
 int no_pty_flag = 0;
+int no_user_rc = 0;
 
 /* "command=" option. */
 char *forced_command = NULL;
@@ -61,6 +62,7 @@ auth_clear_options(void)
         no_port_forwarding_flag = 0;
         no_pty_flag = 0;
         no_x11_forwarding_flag = 0;
+        no_user_rc = 0;
         while (custom_environment) {
                 struct envstring *ce = custom_environment;
                 custom_environment = ce->next;
@@ -121,6 +123,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                         opts += strlen(cp);
                         goto next_option;
                 }
+                cp = "no-user-rc";
+                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+                        auth_debug_add("User rc file execution disabled.");
+                        no_user_rc = 1;
+                        opts += strlen(cp);
+                        goto next_option;
+                }
                 cp = "command=\"";
                 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
                         opts += strlen(cp);