Add ForceCommand keyword to sshd_config, equivalent to the "command="

key option, man page entry and example in sshd_config.  Feedback & ok djm@,
man page corrections & ok jmc@

6 files changed, 55 insertions, 9 deletions

diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index fc5303d555b..9801d3e1ae1 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.157 2006/07/19 08:56:41 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.158 2006/07/19 13:07:10 dtucker Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -106,6 +106,7 @@ initialize_server_options(ServerOptions *options)
 	options->authorized_keys_file2 = NULL;
 	options->num_accept_env = 0;
 	options->permit_tun = -1;
+	options->adm_forced_command = NULL;
 }
 
 void
@@ -257,7 +258,7 @@ typedef enum {
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
-	sMatch, sPermitOpen,
+	sMatch, sPermitOpen, sForceCommand,
 	sUsePrivilegeSeparation,
 	sDeprecated, sUnsupported
 } ServerOpCodes;
@@ -356,6 +357,7 @@ static struct {
 	{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
 	{ "match", sMatch, SSHCFG_ALL },
 	{ "permitopen", sPermitOpen, SSHCFG_ALL },
+	{ "forcecommand", sForceCommand, SSHCFG_ALL },
 	{ NULL, sBadOption, 0 }
 };
 
@@ -514,6 +516,8 @@ match_cfg_line(char **condition, int line, const char *user, const char *host,
 	return result;
 }
 
+#define WHITESPACE " \t\r\n"
+
 int
 process_server_config_line(ServerOptions *options, char *line,
     const char *filename, int linenum, int *activep, const char *user,
@@ -1130,6 +1134,15 @@ parse_flag:
 			channel_add_adm_permitted_opens(p, port);
 		break;
 
+	case sForceCommand:
+		if (cp == NULL)
+			fatal("%.200s line %d: Missing argument.", filename,
+			    linenum);
+		len = strspn(cp, WHITESPACE);
+		if (*activep && options->adm_forced_command == NULL)
+			options->adm_forced_command = xstrdup(cp + len);
+		return 0;
+
 	case sDeprecated:
 		logit("%s line %d: Deprecated option %s",
 		    filename, linenum, arg);
@@ -1204,6 +1217,11 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src)
 		dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
 	if (src->gateway_ports != -1)
 		dst->gateway_ports = src->gateway_ports;
+	if (src->adm_forced_command != NULL) {
+		if (dst->adm_forced_command != NULL)
+			xfree(dst->adm_forced_command);
+		dst->adm_forced_command = src->adm_forced_command;
+	}
 	if (src->x11_display_offset != -1)
 		dst->x11_display_offset = src->x11_display_offset;
 	if (src->x11_forwarding != -1)
diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h
index 233790d29c5..dd5d50533fa 100644
--- a/usr.bin/ssh/servconf.h
+++ b/usr.bin/ssh/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.75 2006/07/12 11:34:58 dtucker Exp $ */
+/* $OpenBSD: servconf.h,v 1.76 2006/07/19 13:07:10 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -135,6 +135,8 @@ typedef struct {
 	char   *authorized_keys_file;	/* File containing public keys */
 	char   *authorized_keys_file2;
 
+	char   *adm_forced_command;
+
 	int	permit_tun;
 }       ServerOptions;
 
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index 78dc39fb4b1..c3cccdaf7a5 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.209 2006/07/11 20:07:25 stevesk Exp $ */
+/* $OpenBSD: session.c,v 1.210 2006/07/19 13:07:10 dtucker Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -539,10 +539,14 @@ do_exec_pty(Session *s, const char *command)
 void
 do_exec(Session *s, const char *command)
 {
-	if (forced_command) {
+	if (options.adm_forced_command) {
+		original_command = command;
+		command = options.adm_forced_command;
+		debug("Forced command (config) '%.900s'", command);
+	} else if (forced_command) {
 		original_command = command;
 		command = forced_command;
-		debug("Forced command '%.900s'", command);
+		debug("Forced command (key option) '%.900s'", command);
 	}
 
 #ifdef GSSAPI
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index 8c9bcbfbb86..abe31ce32f5 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.232 2006/07/10 16:04:21 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.233 2006/07/19 13:07:10 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -455,6 +455,9 @@ to restrict certain public keys to perform just a specific operation.
 An example might be a key that permits remote backups but nothing else.
 Note that the client may specify TCP and/or X11
 forwarding unless they are explicitly prohibited.
+The command originally supplied by the client is available in the
+.Ev SSH_ORIGINAL_COMMAND
+environment variable.
 Note that this option applies to shell, command or subsystem execution.
 .It Cm environment="NAME=value"
 Specifies that the string is to be added to the environment when
diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config
index 9bd072d368a..08be5465198 100644
--- a/usr.bin/ssh/sshd_config
+++ b/usr.bin/ssh/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
+#	$OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -91,3 +91,9 @@
 
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	ForceCommand cvs server
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index 3c7c8750930..ddc921a8c3e 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.66 2006/07/19 08:56:41 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.67 2006/07/19 13:07:10 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -283,6 +283,18 @@ See
 in
 .Xr ssh_config 5
 for more information on patterns.
+.It Cm ForceCommand
+Forces the execution of the command specified by
+.Cm ForceCommand ,
+ignoring any command supplied by the client.
+The command is invoked by using the user's login shell with the -c option.
+This applies to shell, command, or subsystem execution.
+It is most useful inside a
+.Cm Match
+block.
+The command originally supplied by the client is available in the
+.Ev SSH_ORIGINAL_COMMAND
+environment variable.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to ports
 forwarded for the client.
@@ -484,6 +496,7 @@ Only a subset of keywords may be used on the lines following a
 keyword.
 Available keywords are
 .Cm AllowTcpForwarding ,
+.Cm ForceCommand ,
 .Cm GatewayPorts ,
 .Cm PermitOpen ,
 .Cm X11DisplayOffset ,