diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2018-06-09 03:03:11 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2018-06-09 03:03:11 +0000 |
| commit | 3dacd99d5a8e492401a7990e5a08b9ff49dba430 (patch) | |
| tree | fb652e30a7b97b137acfecdfff63fa6b0db85c99 /usr.bin/ssh/servconf.c | |
| parent | c225695c549ccc1c981e7d8ea6788ac5022a6f66 (diff) | |
add a SetEnv directive for sshd_config to allow an administrator to
explicitly specify environment variables set in sessions started by
sshd. These override the default environment and any variables set
by user configuration (PermitUserEnvironment, etc), but not the SSH_*
variables set by sshd itself.
ok markus@
Diffstat (limited to 'usr.bin/ssh/servconf.c')
| -rw-r--r-- | usr.bin/ssh/servconf.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 0980ec346b3..392f2d5e5e1 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.331 2018/06/06 18:29:18 markus Exp $ */ +/* $OpenBSD: servconf.c,v 1.332 2018/06/09 03:03:10 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -144,6 +144,7 @@ initialize_server_options(ServerOptions *options) options->client_alive_count_max = -1; options->num_authkeys_files = 0; options->num_accept_env = 0; + options->num_setenv = 0; options->permit_tun = -1; options->permitted_opens = NULL; options->permitted_listens = NULL; @@ -428,7 +429,7 @@ typedef enum { sHostKeyAlgorithms, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, - sAcceptEnv, sPermitTunnel, + sAcceptEnv, sSetEnv, sPermitTunnel, sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, sHostCertificate, @@ -543,6 +544,7 @@ static struct { { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, { "acceptenv", sAcceptEnv, SSHCFG_ALL }, + { "setenv", sSetEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, { "permittty", sPermitTTY, SSHCFG_ALL }, { "permituserrc", sPermitUserRC, SSHCFG_ALL }, @@ -1738,6 +1740,19 @@ process_server_config_line(ServerOptions *options, char *line, } break; + case sSetEnv: + uvalue = options->num_setenv; + while ((arg = strdelimw(&cp)) && *arg != '\0') { + if (strchr(arg, '=') == NULL) + fatal("%s line %d: Invalid environment.", + filename, linenum); + if (!*activep || uvalue != 0) + continue; + array_append(filename, linenum, "SetEnv", + &options->setenv, &options->num_setenv, arg); + } + break; + case sPermitTunnel: intptr = &options->permit_tun; arg = strdelim(&cp); @@ -2492,6 +2507,7 @@ dump_config(ServerOptions *o) dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); + dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv); dump_cfg_strarray_oneline(sAuthenticationMethods, o->num_auth_methods, o->auth_methods); |