Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 72e6b5c9ed5e72ca3a6ccc3177941b7c487a0826^! / . / servconf.c
commit72e6b5c9ed5e72ca3a6ccc3177941b7c487a0826[log] [tgz]
authorDamien Miller <djm@mindrot.org>Fri Jul 04 09:00:04 2014 +1000
committerDamien Miller <djm@mindrot.org>Fri Jul 04 09:00:04 2014 +1000
tree625fda95a1d78dad23c033cf04a022b86a97a776
parent602943d1179a08dfa70af94f62296ea5e3d6ebb8 [diff] [blame]
   - djm@cvs.openbsd.org 2014/07/03 22:40:43
     [servconf.c servconf.h session.c sshd.8 sshd_config.5]
     Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is
     executed, mirroring the no-user-rc authorized_keys option;
     bz#2160; ok markus@

diff --git a/servconf.c b/servconf.c
index 7ba65d5..331716c 100644
--- a/servconf.c
+++ b/servconf.c

@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.249 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.250 2014/07/03 22:40:43 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -93,6 +93,7 @@
 	options->x11_display_offset = -1;
 	options->x11_use_localhost = -1;
 	options->permit_tty = -1;
+	options->permit_user_rc = -1;
 	options->xauth_location = NULL;
 	options->strict_modes = -1;
 	options->tcp_keep_alive = -1;
@@ -216,6 +217,8 @@
 		options->xauth_location = _PATH_XAUTH;
 	if (options->permit_tty == -1)
 		options->permit_tty = 1;
+	if (options->permit_user_rc == -1)
+		options->permit_user_rc = 1;
 	if (options->strict_modes == -1)
 		options->strict_modes = 1;
 	if (options->tcp_keep_alive == -1)
@@ -347,7 +350,7 @@
 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
 	sKexAlgorithms, sIPQoS, sVersionAddendum,
 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
-	sAuthenticationMethods, sHostKeyAgent,
+	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
 	sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -460,6 +463,7 @@
 	{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
 	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
 	{ "permittty", sPermitTTY, SSHCFG_ALL },
+	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
 	{ "match", sMatch, SSHCFG_ALL },
 	{ "permitopen", sPermitOpen, SSHCFG_ALL },
 	{ "forcecommand", sForceCommand, SSHCFG_ALL },
@@ -1130,6 +1134,10 @@
 		intptr = &options->permit_tty;
 		goto parse_flag;
 
+	case sPermitUserRC:
+		intptr = &options->permit_user_rc;
+		goto parse_flag;
+
 	case sStrictModes:
 		intptr = &options->strict_modes;
 		goto parse_flag;
@@ -1766,6 +1774,7 @@
 	M_CP_INTOPT(x11_forwarding);
 	M_CP_INTOPT(x11_use_localhost);
 	M_CP_INTOPT(permit_tty);
+	M_CP_INTOPT(permit_user_rc);
 	M_CP_INTOPT(max_sessions);
 	M_CP_INTOPT(max_authtries);
 	M_CP_INTOPT(ip_qos_interactive);
@@ -2007,6 +2016,7 @@
 	dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
 	dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
 	dump_cfg_fmtint(sPermitTTY, o->permit_tty);
+	dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
 	dump_cfg_fmtint(sStrictModes, o->strict_modes);
 	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
 	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);