From 28013759f09ed3ebf7e8335e83a62936bd7a7f47 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 9 Jun 2018 03:03:10 +0000 Subject: upstream: add a SetEnv directive for sshd_config to allow an administrator to explicitly specify environment variables set in sessions started by sshd. These override the default environment and any variables set by user configuration (PermitUserEnvironment, etc), but not the SSH_* variables set by sshd itself. ok markus@ OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0 --- session.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'session.c') diff --git a/session.c b/session.c index 7b15e32cc..85df6a272 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.299 2018/06/09 02:58:02 djm Exp $ */ +/* $OpenBSD: session.c,v 1.300 2018/06/09 03:03:10 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1004,7 +1004,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) char buf[256]; size_t n; u_int i, envsize; - char *ocp, *cp, **env, *laddr; + char *ocp, *cp, *value, **env, *laddr; struct passwd *pw = s->pw; #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) char *path = NULL; @@ -1156,6 +1156,17 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) } #endif /* USE_PAM */ + /* Environment specified by admin */ + for (i = 0; i < options.num_setenv; i++) { + cp = xstrdup(options.setenv[i]); + if ((value = strchr(cp, '=')) == NULL) { + /* shouldn't happen; vars are checked in servconf.c */ + fatal("Invalid config SetEnv: %s", options.setenv[i]); + } + *value++ = '\0'; + child_set_env(&env, &envsize, cp, value); + } + /* SSH_CLIENT deprecated */ snprintf(buf, sizeof buf, "%.50s %d %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), -- cgit v1.2.3