- set $SSH_ORIGINAL_COMMAND if a command is forced, and log it

if LOG_COMMANDS is set

--HG--
extra : convert_revision : d9e8aa0ecbe7607285fa4f96f0d6f9b1523719d8

auth.h

@@ -99,7 +99,6 @@ void cli_auth_pubkey_cleanup();
  * relatively little extraneous bits when used for the client rather than the
  * server */
 struct AuthState {
-
 	char *username; /* This is the username the client presents to check. It
 					   is updated each run through, used for auth checking */
 	unsigned char authtypes; /* Flags indicating which auth types are still 
@@ -122,7 +121,6 @@ struct AuthState {
 #ifdef ENABLE_SVR_PUBKEY_OPTIONS
 	struct PubKeyOptions* pubkey_options;
 #endif
-
 };
 
 #ifdef ENABLE_SVR_PUBKEY_OPTIONS
@@ -135,7 +133,7 @@ struct PubKeyOptions {
 	int no_pty_flag;
 	/* "command=" option. */
 	unsigned char * forced_command;
-
+	unsigned char * original_command;
 };
 #endif
 

options.h

@@ -172,7 +172,8 @@ much traffic. */
 /*#define ENABLE_SVR_PAM_AUTH*/
 #define ENABLE_SVR_PUBKEY_AUTH
 
-/* Wether to ake public key options in authorized_keys file into account */
+/* Whether to take public key options in 
+ * authorized_keys file into account */
 #ifdef ENABLE_SVR_PUBKEY_AUTH
 #define ENABLE_SVR_PUBKEY_OPTIONS
 #endif

svr-authpubkeyoptions.c

@@ -88,10 +88,20 @@ int svr_pubkey_allows_pty() {
 	return 1;
 }
 
-/* Set chansession command to the one forced by 'command' public key option */
+/* Set chansession command to the one forced 
+ * by any 'command' public key option. */
 void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
-	if (ses.authstate.pubkey_options)
+	if (ses.authstate.pubkey_options) {
+		ses.authstate.pubkey_options->original_command = chansess->cmd;
+		if (!chansess->cmd)
+		{
+			ses.authstate.pubkey_options->original_command = m_strdup("");
+		}
 		chansess->cmd = ses.authstate.pubkey_options->forced_command;
+#ifdef LOG_COMMANDS
+		dropbear_log(LOG_INFO, "command forced to '%s'", ses.authstate.pubkey_options->original_command);
+#endif
+	}
 }
 
 /* Free potential public key options */
@@ -124,7 +134,6 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena
 	TRACE(("enter addpubkeyoptions"))
 
 	ses.authstate.pubkey_options = (struct PubKeyOptions*)m_malloc(sizeof( struct PubKeyOptions ));
-	memset(ses.authstate.pubkey_options, '\0', sizeof(*ses.authstate.pubkey_options));
 
 	buf_setpos(options_buf, 0);
 	while (options_buf->pos < options_buf->len) {

svr-chansession.c

@@ -578,6 +578,7 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
 		int iscmd, int issubsys) {
 
 	unsigned int cmdlen;
+	int is_forced;
 	int ret;
 
 	TRACE(("enter sessioncommand"))
@@ -589,9 +590,6 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
 		return DROPBEAR_FAILURE;
 	}
 
-	/* take public key option 'command' into account */
-	svr_pubkey_set_forced_command(chansess);
-
 	if (iscmd) {
 		/* "exec" */
 		if (chansess->cmd == NULL) {
@@ -616,6 +614,9 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
 			}
 		}
 	}
+	
+	/* take public key option 'command' into account */
+	svr_pubkey_set_forced_command(chansess);
 
 #ifdef LOG_COMMANDS
 	if (chansess->cmd) {
@@ -883,6 +884,17 @@ static void execchild(void *user_data) {
 		addnewvar("TERM", chansess->term);
 	}
 
+	printf("adding option %p %s\n", ses.authstate.pubkey_options,
+			ses.authstate.pubkey_options->original_command);
+
+#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+	if (ses.authstate.pubkey_options &&
+			ses.authstate.pubkey_options->original_command) {
+		addnewvar("SSH_ORIGINAL_COMMAND", 
+			ses.authstate.pubkey_options->original_command);
+	}
+#endif
+
 	/* change directory */
 	if (chdir(ses.authstate.pw_dir) < 0) {
 		dropbear_exit("error changing directory");