diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | session.c | 7 | ||||
-rw-r--r-- | sshd_config.5 | 8 |
3 files changed, 14 insertions, 7 deletions
@@ -33,6 +33,10 @@ | |||
33 | works now that kernel fd passing has been fixed to accept a bit of | 33 | works now that kernel fd passing has been fixed to accept a bit of |
34 | sloppiness because of this ABI repair. | 34 | sloppiness because of this ABI repair. |
35 | lots of discussion with kettenis | 35 | lots of discussion with kettenis |
36 | - djm@cvs.openbsd.org 2008/03/25 11:58:02 | ||
37 | [session.c sshd_config.5] | ||
38 | ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; | ||
39 | from dtucker@ ok deraadt@ djm@ | ||
36 | 40 | ||
37 | 20080315 | 41 | 20080315 |
38 | - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are | 42 | - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are |
@@ -3801,4 +3805,4 @@ | |||
3801 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 3805 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
3802 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 3806 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
3803 | 3807 | ||
3804 | $Id: ChangeLog,v 1.4886 2008/03/27 00:01:15 djm Exp $ | 3808 | $Id: ChangeLog,v 1.4887 2008/03/27 00:02:02 djm Exp $ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.230 2008/02/22 05:58:56 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.231 2008/03/25 11:58:02 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -1202,8 +1202,9 @@ do_rc_files(Session *s, const char *shell) | |||
1202 | do_xauth = | 1202 | do_xauth = |
1203 | s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; | 1203 | s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; |
1204 | 1204 | ||
1205 | /* ignore _PATH_SSH_USER_RC for subsystems */ | 1205 | /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ |
1206 | if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { | 1206 | if (!s->is_subsystem && options.adm_forced_command != NULL && |
1207 | (stat(_PATH_SSH_USER_RC, &st) >= 0)) { | ||
1207 | snprintf(cmd, sizeof cmd, "%s -c '%s %s'", | 1208 | snprintf(cmd, sizeof cmd, "%s -c '%s %s'", |
1208 | shell, _PATH_BSHELL, _PATH_SSH_USER_RC); | 1209 | shell, _PATH_BSHELL, _PATH_SSH_USER_RC); |
1209 | if (debug_flag) | 1210 | if (debug_flag) |
diff --git a/sshd_config.5 b/sshd_config.5 index a2f193470..245ed946f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.83 2008/02/11 07:58:28 jmc Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.84 2008/03/25 11:58:02 djm Exp $ |
38 | .Dd $Mdocdate: February 11 2008 $ | 38 | .Dd $Mdocdate: March 25 2008 $ |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -324,7 +324,9 @@ for more information on patterns. | |||
324 | .It Cm ForceCommand | 324 | .It Cm ForceCommand |
325 | Forces the execution of the command specified by | 325 | Forces the execution of the command specified by |
326 | .Cm ForceCommand , | 326 | .Cm ForceCommand , |
327 | ignoring any command supplied by the client. | 327 | ignoring any command supplied by the client and |
328 | .Pa ~/.ssh/rc | ||
329 | if present. | ||
328 | The command is invoked by using the user's login shell with the -c option. | 330 | The command is invoked by using the user's login shell with the -c option. |
329 | This applies to shell, command, or subsystem execution. | 331 | This applies to shell, command, or subsystem execution. |
330 | It is most useful inside a | 332 | It is most useful inside a |