diff options
author | Damien Miller <djm@mindrot.org> | 2014-07-04 09:00:04 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-07-04 09:00:04 +1000 |
commit | 72e6b5c9ed5e72ca3a6ccc3177941b7c487a0826 (patch) | |
tree | 625fda95a1d78dad23c033cf04a022b86a97a776 /servconf.c | |
parent | 602943d1179a08dfa70af94f62296ea5e3d6ebb8 (diff) |
- djm@cvs.openbsd.org 2014/07/03 22:40:43
[servconf.c servconf.h session.c sshd.8 sshd_config.5]
Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is
executed, mirroring the no-user-rc authorized_keys option;
bz#2160; ok markus@
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/servconf.c b/servconf.c index 7ba65d51d..331716c8f 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.249 2014/01/29 06:18:35 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.250 2014/07/03 22:40:43 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -93,6 +93,7 @@ initialize_server_options(ServerOptions *options) | |||
93 | options->x11_display_offset = -1; | 93 | options->x11_display_offset = -1; |
94 | options->x11_use_localhost = -1; | 94 | options->x11_use_localhost = -1; |
95 | options->permit_tty = -1; | 95 | options->permit_tty = -1; |
96 | options->permit_user_rc = -1; | ||
96 | options->xauth_location = NULL; | 97 | options->xauth_location = NULL; |
97 | options->strict_modes = -1; | 98 | options->strict_modes = -1; |
98 | options->tcp_keep_alive = -1; | 99 | options->tcp_keep_alive = -1; |
@@ -216,6 +217,8 @@ fill_default_server_options(ServerOptions *options) | |||
216 | options->xauth_location = _PATH_XAUTH; | 217 | options->xauth_location = _PATH_XAUTH; |
217 | if (options->permit_tty == -1) | 218 | if (options->permit_tty == -1) |
218 | options->permit_tty = 1; | 219 | options->permit_tty = 1; |
220 | if (options->permit_user_rc == -1) | ||
221 | options->permit_user_rc = 1; | ||
219 | if (options->strict_modes == -1) | 222 | if (options->strict_modes == -1) |
220 | options->strict_modes = 1; | 223 | options->strict_modes = 1; |
221 | if (options->tcp_keep_alive == -1) | 224 | if (options->tcp_keep_alive == -1) |
@@ -347,7 +350,7 @@ typedef enum { | |||
347 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 350 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
348 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 351 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
349 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 352 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
350 | sAuthenticationMethods, sHostKeyAgent, | 353 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
351 | sDeprecated, sUnsupported | 354 | sDeprecated, sUnsupported |
352 | } ServerOpCodes; | 355 | } ServerOpCodes; |
353 | 356 | ||
@@ -460,6 +463,7 @@ static struct { | |||
460 | { "acceptenv", sAcceptEnv, SSHCFG_ALL }, | 463 | { "acceptenv", sAcceptEnv, SSHCFG_ALL }, |
461 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, | 464 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
462 | { "permittty", sPermitTTY, SSHCFG_ALL }, | 465 | { "permittty", sPermitTTY, SSHCFG_ALL }, |
466 | { "permituserrc", sPermitUserRC, SSHCFG_ALL }, | ||
463 | { "match", sMatch, SSHCFG_ALL }, | 467 | { "match", sMatch, SSHCFG_ALL }, |
464 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 468 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
465 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 469 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
@@ -1130,6 +1134,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1130 | intptr = &options->permit_tty; | 1134 | intptr = &options->permit_tty; |
1131 | goto parse_flag; | 1135 | goto parse_flag; |
1132 | 1136 | ||
1137 | case sPermitUserRC: | ||
1138 | intptr = &options->permit_user_rc; | ||
1139 | goto parse_flag; | ||
1140 | |||
1133 | case sStrictModes: | 1141 | case sStrictModes: |
1134 | intptr = &options->strict_modes; | 1142 | intptr = &options->strict_modes; |
1135 | goto parse_flag; | 1143 | goto parse_flag; |
@@ -1766,6 +1774,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1766 | M_CP_INTOPT(x11_forwarding); | 1774 | M_CP_INTOPT(x11_forwarding); |
1767 | M_CP_INTOPT(x11_use_localhost); | 1775 | M_CP_INTOPT(x11_use_localhost); |
1768 | M_CP_INTOPT(permit_tty); | 1776 | M_CP_INTOPT(permit_tty); |
1777 | M_CP_INTOPT(permit_user_rc); | ||
1769 | M_CP_INTOPT(max_sessions); | 1778 | M_CP_INTOPT(max_sessions); |
1770 | M_CP_INTOPT(max_authtries); | 1779 | M_CP_INTOPT(max_authtries); |
1771 | M_CP_INTOPT(ip_qos_interactive); | 1780 | M_CP_INTOPT(ip_qos_interactive); |
@@ -2007,6 +2016,7 @@ dump_config(ServerOptions *o) | |||
2007 | dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); | 2016 | dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); |
2008 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 2017 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
2009 | dump_cfg_fmtint(sPermitTTY, o->permit_tty); | 2018 | dump_cfg_fmtint(sPermitTTY, o->permit_tty); |
2019 | dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc); | ||
2010 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 2020 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
2011 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 2021 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
2012 | dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); | 2022 | dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); |