diff --git a/auth.h b/auth.h index 115000a..7ebf9ae 100644 --- a/auth.h +++ b/auth.h @@ -99,7 +99,6 @@ void cli_auth_pubkey_cleanup(); * relatively little extraneous bits when used for the client rather than the * server */ struct AuthState { - char *username; /* This is the username the client presents to check. It is updated each run through, used for auth checking */ unsigned char authtypes; /* Flags indicating which auth types are still @@ -122,7 +121,6 @@ struct AuthState { #ifdef ENABLE_SVR_PUBKEY_OPTIONS struct PubKeyOptions* pubkey_options; #endif - }; #ifdef ENABLE_SVR_PUBKEY_OPTIONS @@ -135,7 +133,7 @@ struct PubKeyOptions { int no_pty_flag; /* "command=" option. */ unsigned char * forced_command; - + unsigned char * original_command; }; #endif diff --git a/options.h b/options.h index 83b0b24..f151cdb 100644 --- a/options.h +++ b/options.h @@ -172,7 +172,8 @@ much traffic. */ /*#define ENABLE_SVR_PAM_AUTH*/ #define ENABLE_SVR_PUBKEY_AUTH -/* Wether to ake public key options in authorized_keys file into account */ +/* Whether to take public key options in + * authorized_keys file into account */ #ifdef ENABLE_SVR_PUBKEY_AUTH #define ENABLE_SVR_PUBKEY_OPTIONS #endif diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c index 13a179d..8fa7b3d 100644 --- a/svr-authpubkeyoptions.c +++ b/svr-authpubkeyoptions.c @@ -88,10 +88,20 @@ int svr_pubkey_allows_pty() { return 1; } -/* Set chansession command to the one forced by 'command' public key option */ +/* Set chansession command to the one forced + * by any 'command' public key option. */ void svr_pubkey_set_forced_command(struct ChanSess *chansess) { - if (ses.authstate.pubkey_options) + if (ses.authstate.pubkey_options) { + ses.authstate.pubkey_options->original_command = chansess->cmd; + if (!chansess->cmd) + { + ses.authstate.pubkey_options->original_command = m_strdup(""); + } chansess->cmd = ses.authstate.pubkey_options->forced_command; +#ifdef LOG_COMMANDS + dropbear_log(LOG_INFO, "command forced to '%s'", ses.authstate.pubkey_options->original_command); +#endif + } } /* Free potential public key options */ @@ -124,7 +134,6 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena TRACE(("enter addpubkeyoptions")) ses.authstate.pubkey_options = (struct PubKeyOptions*)m_malloc(sizeof( struct PubKeyOptions )); - memset(ses.authstate.pubkey_options, '\0', sizeof(*ses.authstate.pubkey_options)); buf_setpos(options_buf, 0); while (options_buf->pos < options_buf->len) { diff --git a/svr-chansession.c b/svr-chansession.c index 574e46f..cb5acda 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -578,6 +578,7 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, int iscmd, int issubsys) { unsigned int cmdlen; + int is_forced; int ret; TRACE(("enter sessioncommand")) @@ -589,9 +590,6 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, return DROPBEAR_FAILURE; } - /* take public key option 'command' into account */ - svr_pubkey_set_forced_command(chansess); - if (iscmd) { /* "exec" */ if (chansess->cmd == NULL) { @@ -616,6 +614,9 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, } } } + + /* take public key option 'command' into account */ + svr_pubkey_set_forced_command(chansess); #ifdef LOG_COMMANDS if (chansess->cmd) { @@ -883,6 +884,17 @@ static void execchild(void *user_data) { addnewvar("TERM", chansess->term); } + printf("adding option %p %s\n", ses.authstate.pubkey_options, + ses.authstate.pubkey_options->original_command); + +#ifdef ENABLE_SVR_PUBKEY_OPTIONS + if (ses.authstate.pubkey_options && + ses.authstate.pubkey_options->original_command) { + addnewvar("SSH_ORIGINAL_COMMAND", + ses.authstate.pubkey_options->original_command); + } +#endif + /* change directory */ if (chdir(ses.authstate.pw_dir) < 0) { dropbear_exit("error changing directory");