From 464510eae45c1c16f7306da563981f16c67b5afd Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@cvs.openbsd.org>
Date: Sun, 4 Nov 2012 10:38:44 +0000
Subject: Remove default of AuthorizedCommandUser. Administrators are now
 expected to explicitly specify a user. feedback and ok markus@

---
 usr.bin/ssh/sshd.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'usr.bin/ssh/sshd.c')

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index f732a580e87..7856be6e35f 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.394 2012/10/30 21:29:55 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.395 2012/11/04 10:38:43 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1490,6 +1490,13 @@ main(int ac, char **av)
 	if (options.challenge_response_authentication)
 		options.kbd_interactive_authentication = 1;
 
+	/* Check that options are sensible */
+	if (options.authorized_keys_command_user == NULL &&
+	    (options.authorized_keys_command != NULL &&
+	    strcasecmp(options.authorized_keys_command, "none") != 0))
+		fatal("AuthorizedKeysCommand set without "
+		    "AuthorizedKeysCommandUser");
+
 	/* set default channel AF */
 	channel_set_af(options.address_family);
 
-- 
cgit v1.2.3