- dtucker@cvs.openbsd.org 2006/07/19 13:07:10

[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] Add ForceCommand keyword to sshd_config, equivalent to the "command=" key option, man page entry and example in sshd_config. Feedback & ok djm@, man page corrections & ok jmc@
2024-12-22 01:50:16 +00:00 · 2006-07-24 14:06:47 +10:00 · 2006-07-24 14:06:47 +10:00 · e275443f66
commit e275443f66
parent d1de9950e5
7 changed files with 61 additions and 10 deletions
--- a/7
+++ b/7
@ -56,6 +56,11 @@
     [servconf.c sshd_config.5]
     Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
     Match.  ok djm@
+   - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
+     [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
+     Add ForceCommand keyword to sshd_config, equivalent to the "command="
+     key option, man page entry and example in sshd_config.
+     Feedback & ok djm@, man page corrections & ok jmc@

 20060713
 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h
@ -4974,4 +4979,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu

-$Id: ChangeLog,v 1.4421 2006/07/24 04:05:48 djm Exp $
+$Id: ChangeLog,v 1.4422 2006/07/24 04:06:47 djm Exp $
--- a/servconf.c
+++ b/servconf.c
@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.157 2006/07/19 08:56:41 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.158 2006/07/19 13:07:10 dtucker Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@ -113,6 +113,7 @@ initialize_server_options(ServerOptions *options)
 	options->authorized_keys_file2 = NULL;
 	options->num_accept_env = 0;
 	options->permit_tun = -1;
+	options->adm_forced_command = NULL;
 }

 void
@ -282,7 +283,7 @@ typedef enum {
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
-	sMatch, sPermitOpen,
+	sMatch, sPermitOpen, sForceCommand,
 	sUsePrivilegeSeparation,
 	sDeprecated, sUnsupported
 } ServerOpCodes;
@ -393,6 +394,7 @@ static struct {
 	{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
 	{ "match", sMatch, SSHCFG_ALL },
 	{ "permitopen", sPermitOpen, SSHCFG_ALL },
+	{ "forcecommand", sForceCommand, SSHCFG_ALL },
 	{ NULL, sBadOption, 0 }
 };

@ -551,6 +553,8 @@ match_cfg_line(char **condition, int line, const char *user, const char *host,
 	return result;
 }

+#define WHITESPACE " \t\r\n"
+
 int
 process_server_config_line(ServerOptions *options, char *line,
    const char *filename, int linenum, int *activep, const char *user,
@ -1173,6 +1177,15 @@ parse_flag:
 			channel_add_adm_permitted_opens(p, port);
 		break;

+	case sForceCommand:
+		if (cp == NULL)
+			fatal("%.200s line %d: Missing argument.", filename,
+			    linenum);
+		len = strspn(cp, WHITESPACE);
+		if (*activep && options->adm_forced_command == NULL)
+			options->adm_forced_command = xstrdup(cp + len);
+		return 0;
+
 	case sDeprecated:
 		logit("%s line %d: Deprecated option %s",
 		    filename, linenum, arg);
@ -1247,6 +1260,11 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src)
 		dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
 	if (src->gateway_ports != -1)
 		dst->gateway_ports = src->gateway_ports;
+	if (src->adm_forced_command != NULL) {
+		if (dst->adm_forced_command != NULL)
+			xfree(dst->adm_forced_command);
+		dst->adm_forced_command = src->adm_forced_command;
+	}
 	if (src->x11_display_offset != -1)
 		dst->x11_display_offset = src->x11_display_offset;
 	if (src->x11_forwarding != -1)
--- a/servconf.h
+++ b/servconf.h
@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.75 2006/07/12 11:34:58 dtucker Exp $ */
+/* $OpenBSD: servconf.h,v 1.76 2006/07/19 13:07:10 dtucker Exp $ */

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -135,6 +135,8 @@ typedef struct {
 	char   *authorized_keys_file;	/* File containing public keys */
 	char   *authorized_keys_file2;

+	char   *adm_forced_command;
+
 	int	use_pam;		/* Enable auth via PAM */

 	int	permit_tun;
--- a/session.c
+++ b/session.c
@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.209 2006/07/11 20:07:25 stevesk Exp $ */
+/* $OpenBSD: session.c,v 1.210 2006/07/19 13:07:10 dtucker Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@ -672,10 +672,14 @@ do_pre_login(Session *s)
 void
 do_exec(Session *s, const char *command)
 {
-	if (forced_command) {
+	if (options.adm_forced_command) {
+		original_command = command;
+		command = options.adm_forced_command;
+		debug("Forced command (config) '%.900s'", command);
+	} else if (forced_command) {
 		original_command = command;
 		command = forced_command;
-		debug("Forced command '%.900s'", command);
+		debug("Forced command (key option) '%.900s'", command);
 	}

 #ifdef SSH_AUDIT_EVENTS
--- a/sshd.8
+++ b/sshd.8
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.232 2006/07/10 16:04:21 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@ -481,6 +481,9 @@ to restrict certain public keys to perform just a specific operation.
 An example might be a key that permits remote backups but nothing else.
 Note that the client may specify TCP and/or X11
 forwarding unless they are explicitly prohibited.
+The command originally supplied by the client is available in the
+.Ev SSH_ORIGINAL_COMMAND
+environment variable.
 Note that this option applies to shell, command or subsystem execution.
 .It Cm environment="NAME=value"
 Specifies that the string is to be added to the environment when
--- a/8
+++ b/8
@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
+#	$OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $

 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@ -104,3 +104,9 @@

 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	ForceCommand cvs server
--- a/sshd_config.5
+++ b/sshd_config.5
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.66 2006/07/19 08:56:41 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.67 2006/07/19 13:07:10 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@ -283,6 +283,18 @@ See
 in
 .Xr ssh_config 5
 for more information on patterns.
+.It Cm ForceCommand
+Forces the execution of the command specified by
+.Cm ForceCommand ,
+ignoring any command supplied by the client.
+The command is invoked by using the user's login shell with the -c option.
+This applies to shell, command, or subsystem execution.
+It is most useful inside a
+.Cm Match
+block.
+The command originally supplied by the client is available in the
+.Ev SSH_ORIGINAL_COMMAND
+environment variable.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to ports
 forwarded for the client.
@ -484,6 +496,7 @@ Only a subset of keywords may be used on the lines following a
 keyword.
 Available keywords are
 .Cm AllowTcpForwarding ,
+.Cm ForceCommand ,
 .Cm GatewayPorts ,
 .Cm PermitOpen ,
 .Cm X11DisplayOffset ,