Add no-user-rc option which disables execution of ~/.ssh/rc
(backport from OpenSSH 4.9)
This commit is contained in:
parent
375450b55e
commit
fe2ff28dc6
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: auth-options.c,v 1.7 2006/09/28 21:22:14 christos Exp $ */
|
||||
/* $NetBSD: auth-options.c,v 1.8 2008/04/05 17:20:53 adrianp Exp $ */
|
||||
/* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
__RCSID("$NetBSD: auth-options.c,v 1.7 2006/09/28 21:22:14 christos Exp $");
|
||||
__RCSID("$NetBSD: auth-options.c,v 1.8 2008/04/05 17:20:53 adrianp Exp $");
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <netdb.h>
|
||||
|
@ -43,6 +43,7 @@ int no_port_forwarding_flag = 0;
|
|||
int no_agent_forwarding_flag = 0;
|
||||
int no_x11_forwarding_flag = 0;
|
||||
int no_pty_flag = 0;
|
||||
int no_user_rc = 0;
|
||||
|
||||
/* "command=" option. */
|
||||
char *forced_command = NULL;
|
||||
|
@ -62,6 +63,7 @@ auth_clear_options(void)
|
|||
no_port_forwarding_flag = 0;
|
||||
no_pty_flag = 0;
|
||||
no_x11_forwarding_flag = 0;
|
||||
no_user_rc = 0;
|
||||
while (custom_environment) {
|
||||
struct envstring *ce = custom_environment;
|
||||
custom_environment = ce->next;
|
||||
|
@ -122,6 +124,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
|||
opts += strlen(cp);
|
||||
goto next_option;
|
||||
}
|
||||
cp = "no-user-rc";
|
||||
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
|
||||
auth_debug_add("User rc file execution disabled.");
|
||||
no_user_rc = 1;
|
||||
opts += strlen(cp);
|
||||
goto next_option;
|
||||
}
|
||||
cp = "command=\"";
|
||||
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
|
||||
opts += strlen(cp);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: auth-options.h,v 1.3 2006/09/28 21:22:14 christos Exp $ */
|
||||
/* $NetBSD: auth-options.h,v 1.4 2008/04/05 17:20:53 adrianp Exp $ */
|
||||
/* $OpenBSD: auth-options.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
|
@ -27,6 +27,7 @@ extern int no_port_forwarding_flag;
|
|||
extern int no_agent_forwarding_flag;
|
||||
extern int no_x11_forwarding_flag;
|
||||
extern int no_pty_flag;
|
||||
extern int no_user_rc;
|
||||
extern char *forced_command;
|
||||
extern struct envstring *custom_environment;
|
||||
extern int forced_tun_device;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: session.c,v 1.45 2008/04/03 13:09:14 adrianp Exp $ */
|
||||
/* $NetBSD: session.c,v 1.46 2008/04/05 17:20:53 adrianp Exp $ */
|
||||
/* $OpenBSD: session.c,v 1.221 2007/01/21 01:41:54 stevesk Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -35,7 +35,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
__RCSID("$NetBSD: session.c,v 1.45 2008/04/03 13:09:14 adrianp Exp $");
|
||||
__RCSID("$NetBSD: session.c,v 1.46 2008/04/05 17:20:53 adrianp Exp $");
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/un.h>
|
||||
|
@ -1075,7 +1075,7 @@ do_rc_files(Session *s, const char *shell)
|
|||
|
||||
/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
|
||||
if (!s->is_subsystem && options.adm_forced_command == NULL &&
|
||||
(stat(_PATH_SSH_USER_RC, &st) >= 0)) {
|
||||
!no_user_rc && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
|
||||
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
|
||||
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
|
||||
if (debug_flag)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: sshd.8,v 1.38 2007/12/18 02:35:32 christos Exp $
|
||||
.\" $NetBSD: sshd.8,v 1.39 2008/04/05 17:20:53 adrianp Exp $
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -505,6 +505,9 @@ This might be used, e.g. in connection with the
|
|||
option.
|
||||
.It Cm no-pty
|
||||
Prevents tty allocation (a request to allocate a pty will fail).
|
||||
.It Cm no-user-rc
|
||||
Disables execution of
|
||||
.Pa ~/.ssh/rc .
|
||||
.It Cm no-X11-forwarding
|
||||
Forbids X11 forwarding when this key is used for authentication.
|
||||
Any X11 forward requests by the client will return an error.
|
||||
|
|
Loading…
Reference in New Issue