summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2014-07-03 22:40:44 +0000
committerDamien Miller <djm@cvs.openbsd.org>2014-07-03 22:40:44 +0000
commit5192d97645d6e6d99bdeb8bfba851a3bc14a2694 (patch)
tree0a16260fc92bd12c669b386ed7180d9c8a126586
parent58e425864b303ca50c5d6e0030c6247900b8623c (diff)
Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is
executed, mirroring the no-user-rc authorized_keys option; bz#2160; ok markus@
-rw-r--r--usr.bin/ssh/servconf.c14
-rw-r--r--usr.bin/ssh/servconf.h3
-rw-r--r--usr.bin/ssh/session.c5
-rw-r--r--usr.bin/ssh/sshd.89
-rw-r--r--usr.bin/ssh/sshd_config.511
5 files changed, 32 insertions, 10 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 08530dd8c5f..ede4f622503 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.249 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.250 2014/07/03 22:40:43 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -84,6 +84,7 @@ initialize_server_options(ServerOptions *options)
options->x11_display_offset = -1;
options->x11_use_localhost = -1;
options->permit_tty = -1;
+ options->permit_user_rc = -1;
options->xauth_location = NULL;
options->strict_modes = -1;
options->tcp_keep_alive = -1;
@@ -200,6 +201,8 @@ fill_default_server_options(ServerOptions *options)
options->xauth_location = _PATH_XAUTH;
if (options->permit_tty == -1)
options->permit_tty = 1;
+ if (options->permit_user_rc == -1)
+ options->permit_user_rc = 1;
if (options->strict_modes == -1)
options->strict_modes = 1;
if (options->tcp_keep_alive == -1)
@@ -318,7 +321,7 @@ typedef enum {
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
- sAuthenticationMethods, sHostKeyAgent,
+ sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -419,6 +422,7 @@ static struct {
{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
{ "permittty", sPermitTTY, SSHCFG_ALL },
+ { "permituserrc", sPermitUserRC, SSHCFG_ALL },
{ "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
@@ -1083,6 +1087,10 @@ process_server_config_line(ServerOptions *options, char *line,
intptr = &options->permit_tty;
goto parse_flag;
+ case sPermitUserRC:
+ intptr = &options->permit_user_rc;
+ goto parse_flag;
+
case sStrictModes:
intptr = &options->strict_modes;
goto parse_flag;
@@ -1719,6 +1727,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(x11_forwarding);
M_CP_INTOPT(x11_use_localhost);
M_CP_INTOPT(permit_tty);
+ M_CP_INTOPT(permit_user_rc);
M_CP_INTOPT(max_sessions);
M_CP_INTOPT(max_authtries);
M_CP_INTOPT(ip_qos_interactive);
@@ -1955,6 +1964,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
dump_cfg_fmtint(sPermitTTY, o->permit_tty);
+ dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
dump_cfg_fmtint(sStrictModes, o->strict_modes);
dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h
index 68ea681332f..70f237ac75a 100644
--- a/usr.bin/ssh/servconf.h
+++ b/usr.bin/ssh/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.112 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.113 2014/07/03 22:40:43 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -83,6 +83,7 @@ typedef struct {
int x11_use_localhost; /* If true, use localhost for fake X11 server. */
char *xauth_location; /* Location of xauth program */
int permit_tty; /* If false, deny pty allocation */
+ int permit_user_rc; /* If false, deny ~/.ssh/rc execution */
int strict_modes; /* If true, require string home dir modes. */
int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index 4f46e83f1d1..6571f075cb6 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.272 2014/07/03 03:34:09 djm Exp $ */
+/* $OpenBSD: session.c,v 1.273 2014/07/03 22:40:43 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -1078,7 +1078,8 @@ do_rc_files(Session *s, const char *shell)
/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
if (!s->is_subsystem && options.adm_forced_command == NULL &&
- !no_user_rc && stat(_PATH_SSH_USER_RC, &st) >= 0) {
+ !no_user_rc && options.permit_user_rc &&
+ stat(_PATH_SSH_USER_RC, &st) >= 0) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
if (debug_flag)
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index dd18d4322c6..2b6431e1aa4 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.275 2014/04/19 18:15:16 tedu Exp $
-.Dd $Mdocdate: April 19 2014 $
+.\" $OpenBSD: sshd.8,v 1.276 2014/07/03 22:40:43 djm Exp $
+.Dd $Mdocdate: July 3 2014 $
.Dt SSHD 8
.Os
.Sh NAME
@@ -381,7 +381,10 @@ Changes to user's home directory.
.It
If
.Pa ~/.ssh/rc
-exists, runs it; else if
+exists and the
+.Xr sshd_config 5
+.Cm PermitUserRC
+option is set, runs it; else if
.Pa /etc/ssh/sshrc
exists, runs
it; otherwise runs xauth.
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index e5e247c5128..9cc87cbdcc1 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.173 2014/03/28 05:17:11 naddy Exp $
-.Dd $Mdocdate: March 28 2014 $
+.\" $OpenBSD: sshd_config.5,v 1.174 2014/07/03 22:40:43 djm Exp $
+.Dd $Mdocdate: July 3 2014 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -913,6 +913,7 @@ Available keywords are
.Cm PermitRootLogin ,
.Cm PermitTTY ,
.Cm PermitTunnel ,
+.Cm PermitUserRC ,
.Cm PubkeyAuthentication ,
.Cm RekeyLimit ,
.Cm RhostsRSAAuthentication ,
@@ -1061,6 +1062,12 @@ The default is
Enabling environment processing may enable users to bypass access
restrictions in some configurations using mechanisms such as
.Ev LD_PRELOAD .
+.It Cm PermitUserRC
+Specifies whether any
+.Pa ~/.ssh/rc
+file is executed.
+The default is
+.Dq yes .
.It Cm PidFile
Specifies the file that contains the process ID of the
SSH daemon.