[session.c sshd_config.5]
ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
from dtucker@ ok deraadt@ djm@
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
+ - djm@cvs.openbsd.org 2008/03/25 11:58:02
+ [session.c sshd_config.5]
+ ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
+ from dtucker@ ok deraadt@ djm@
20080315
- (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
20080315
- (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
-/* $OpenBSD: session.c,v 1.230 2008/02/22 05:58:56 djm Exp $ */
+/* $OpenBSD: session.c,v 1.231 2008/03/25 11:58:02 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
do_xauth =
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
do_xauth =
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
- /* ignore _PATH_SSH_USER_RC for subsystems */
- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+ /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
+ if (!s->is_subsystem && options.adm_forced_command != NULL &&
+ (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
if (debug_flag)
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
if (debug_flag)
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.83 2008/02/11 07:58:28 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.84 2008/03/25 11:58:02 djm Exp $
.Dd $Mdocdate$
.Dt SSHD_CONFIG 5
.Os
.Dd $Mdocdate$
.Dt SSHD_CONFIG 5
.Os
.It Cm ForceCommand
Forces the execution of the command specified by
.Cm ForceCommand ,
.It Cm ForceCommand
Forces the execution of the command specified by
.Cm ForceCommand ,
-ignoring any command supplied by the client.
+ignoring any command supplied by the client and
+.Pa ~/.ssh/rc
+if present.
The command is invoked by using the user's login shell with the -c option.
This applies to shell, command, or subsystem execution.
It is most useful inside a
The command is invoked by using the user's login shell with the -c option.
This applies to shell, command, or subsystem execution.
It is most useful inside a