Re: ForceCommand and NFS-shared home directories

On Mon, 24 Mar 2008, Mikhail Terekhov wrote:
>
> Yes in cases like my this option would be very useful.
> Meantime do you think that writing a wrapper script for the shell on the
> server that bypasses everything but the predefined in "ForceCommand"
> command would be a reasonable workaround?
>

Since it is sshd and not any shell running the ~/.ssh/rc file. No amount
of workarounds will resolve this. Only change the sshd can change this
behavior.

Taking a glance (because I don't have time to look at it fully right now)
the changes are ...

1. add: int is_forcedcommand; to session.h
2. modify line 1206 (or so) to read:

- /* ignore _PATH_SSH_USER_RC for subsystems */
+ /* ignore _PATH_SSH_USER_RC for subsystems and forced commands */
- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+ if (!s->is_subsystem && !s->forcedcommand &&
+ (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
4. Maybe initialize s->is_forcedcommand = 0; (maybe, because we may do a
bzero() or other such magic to clear memory for this struct)
3. Find the right place to set s->is_forcedcommand = 1; (Since I've been
out of the code for too many years. I can't state the right
place at this moment. I assume still somewhere in sessions.c)



- Ben
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev