Attachment #2839 for bug #2103

Lines 159-164 typedef enum { Link Here

(-)a/readconf.c (+7 lines)
159	oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,	159	oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
160	oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,	160	oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
161	oPubkeyAcceptedKeyTypes,	161	oPubkeyAcceptedKeyTypes,
		162	oRemoteCommand,
162	oIgnoredUnknownOption, oDeprecated, oUnsupported	163	oIgnoredUnknownOption, oDeprecated, oUnsupported
163	} OpCodes;	164	} OpCodes;
164		165
Lines 281-286 static struct { Link Here
281	{ "hostbasedkeytypes", oHostbasedKeyTypes },	282	{ "hostbasedkeytypes", oHostbasedKeyTypes },
282	{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },	283	{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
283	{ "ignoreunknown", oIgnoreUnknown },	284	{ "ignoreunknown", oIgnoreUnknown },
		285	{ "remotecommand", oRemoteCommand },
284		286
285	{ NULL, oBadOption }	287	{ NULL, oBadOption }
286	};	288	};
Lines 1399-1404 parse_keytypes: Link Here
1399	charptr = &options->local_command;	1401	charptr = &options->local_command;
1400	goto parse_command;	1402	goto parse_command;
1401		1403
		1404	case oRemoteCommand:
		1405	charptr = &options->remote_command;
		1406	goto parse_command;
		1407
1402	case oPermitLocalCommand:	1408	case oPermitLocalCommand:
1403	intptr = &options->permit_local_command;	1409	intptr = &options->permit_local_command;
1404	goto parse_flag;	1410	goto parse_flag;
Lines 1708-1713 initialize_options(Options * options) Link Here
1708	options->tun_remote = -1;	1714	options->tun_remote = -1;
1709	options->local_command = NULL;	1715	options->local_command = NULL;
1710	options->permit_local_command = -1;	1716	options->permit_local_command = -1;
		1717	options->remote_command = NULL;
1711	options->add_keys_to_agent = -1;	1718	options->add_keys_to_agent = -1;
1712	options->visual_host_key = -1;	1719	options->visual_host_key = -1;
1713	options->ip_qos_interactive = -1;	1720	options->ip_qos_interactive = -1;

Lines 135-140 typedef struct { Link Here

(-)a/readconf.h (+1 lines)
135		135
136	char *local_command;	136	char *local_command;
137	int permit_local_command;	137	int permit_local_command;
		138	char *remote_command;
138	int visual_host_key;	139	int visual_host_key;
139		140
140	int request_tty;	141	int request_tty;

Lines 75-81 LTESTS= connect \ Link Here

(-)a/regress/Makefile (-1 / +3 lines)
75	keygen-knownhosts \	75	keygen-knownhosts \
76	hostkey-rotate \	76	hostkey-rotate \
77	principals-command \	77	principals-command \
78	cert-file	78	cert-file \
		79	remotecommand \
		80	remote_host_expand
79		81
80		82
81	# dhgex \	83	# dhgex \




#	$OpenBSD: Exp $
#	Placed in the Public Domain.

tid="remotecommand"

echo "RemoteCommand touch $OBJ/remote_test" >> $OBJ/ssh_proxy

for p1 in disabled enabled; do
  for p in 1 2; do
    verbose "test $tid: proto $p remotecommand cmd override. $p1"
    ${SSH} -F $OBJ/ssh_proxy -$p somehost touch $OBJ/remote_command_tt
    if [ -f $OBJ/remote_test ] ; then
      fail "$tid proto $p cmd override failed"
    fi
    if [ ! -f $OBJ/remote_command_tt ] ; then
      fail "$tid proto $p cmd override no cmdline"
    fi
    [ -f $OBJ/remote_test ] && rm $OBJ/remote_test
    [ -f $OBJ/remote_command_tt ] && rm $OBJ/remote_command_tt
  done
  echo 'PermitRemoteCommand yes' >> $OBJ/ssh_proxy
done


for p in 1 2; do
	verbose "test $tid: proto $p remotecommand cmd override"
	${SSH} -F $OBJ/ssh_proxy -$p somehost
	if [ ! -f $OBJ/remote_test ] ; then
    fail "$tid proto $p"
  else
    rm $OBJ/remote_test
	fi
done




#	Placed in the Public Domain.

tid="remote expand %h and %n"

echo 'PermitRemoteCommand yes' >> $OBJ/ssh_proxy
echo "RemoteCommand echo \"%n %h\" > $OBJ/actual" >> $OBJ/ssh+    if [ -f $OBJ/remote_test ] ; then
      fail "$tid proto $p cmd override failed"
    fi
    if [ ! -f $OBJ/remote_command_tt ] ; then
      fail "$tid proto $p cmd override no cmdline"
    fi
    [ -f $OBJ/remote_test ] && rm $OBJ/remote_test
    [ -f $OBJ/remote_command_tt ] && rm $OBJ/remote_command_tt
  done
  echo 'PermitRemoteCommand yes' >> $OBJ/ssh_proxy
done

Lines 525-530 For full details of the options listed b Link Here

(-)a/ssh.1 (+1 lines)
525	.It PubkeyAcceptedKeyTypes	525	.It PubkeyAcceptedKeyTypes
526	.It PubkeyAuthentication	526	.It PubkeyAuthentication
527	.It RekeyLimit	527	.It RekeyLimit
		528	.It RemoteCommand
528	.It RemoteForward	529	.It RemoteForward
529	.It RequestTTY	530	.It RequestTTY
530	.It RhostsRSAAuthentication	531	.It RhostsRSAAuthentication




		tty_flag = 1;

	/* Allocate a tty by default if no command specified. */
	if (buffer_len(&command) == 0 || (options.remote_command != NULL &&
	    !subsystem_flag))
		tty_flag = options.request_tty != REQUEST_TTY_NO;

	/* Force no tty */

		free(cp);
	}

	if (options.remote_command != NULL && !subsystem_flag &&
	    buffer_len(&command) == 0) {
		debug3("expanding RemoteCommand: %s", options.local_command);
		cp = options.remote_command;
		options.remote_command = percent_expand(cp,
		    "h", host, "l", thishost, "n", host_arg, "r", options.user,
		    "p", portstr, "u", pw->pw_name, "L", shorthost,
		    (char *)NULL);
		buffer_append(&command, options.remote_command,
		    strlen(options.remote_command));
		debug3("expanded RemoteCommand: %s", options.remote_command);
		free(cp);
	}

	if (options.control_path != NULL) {
		cp = tilde_expand_filename(options.control_path,
		    original_real_uid);




.Dq default none ,
which means that rekeying is performed after the cipher's default amount
of data has been sent or received and no time based rekeying is done.
.It Cm RemoteCommand
Specifies the command that will be executed on the remote machine.
The following escape character substitutions will be performed:
.Ql %h
(remote host name),
.Ql %l
(local host name),
.Ql %n
(host name as provided on the command line),
.Ql %p
(remote port),
.Ql %r
(remote user name) or
.Ql %u
(local user name).
.Pp
Specifing a command on the
.Xr ssh 1
command line will disable the
.Cm RemoteCommand
.It Cm RemoteForward
Specifies that a TCP port on the remote machine be forwarded over
the secure channel to the specified host and port from the local machine.

Return to bug 2103

Lines 1110-1116 main(int ac, char **av) Link Here

(-)a/ssh.c (-1 / +16 lines)
1110	tty_flag = 1;	1120	tty_flag = 1;
1111		1121
1112	/* Allocate a tty by default if no command specified. */	1122	/* Allocate a tty by default if no command specified. */
1113	if (buffer_len(&command) == 0)	1123	if (buffer_len(&command) == 0 \|\| (options.remote_command != NULL &&
		1124	!subsystem_flag))
1114	tty_flag = options.request_tty != REQUEST_TTY_NO;	1125	tty_flag = options.request_tty != REQUEST_TTY_NO;
1115		1126
1116	/* Force no tty */	1127	/* Force no tty */
Lines 1165-1170 main(int ac, char **av) Link Here
1165	free(cp);	1169	free(cp);
1166	}	1170	}
1167		1171
		1172	if (options.remote_command != NULL && !subsystem_flag &&
		1173	buffer_len(&command) == 0) {
		1174	debug3("expanding RemoteCommand: %s", options.local_command);
		1175	cp = options.remote_command;
		1176	options.remote_command = percent_expand(cp,
		1177	"h", host, "l", thishost, "n", host_arg, "r", options.user,
		1178	"p", portstr, "u", pw->pw_name, "L", shorthost,
		1179	(char *)NULL);
		1180	buffer_append(&command, options.remote_command,
		1181	strlen(options.remote_command));
		1182	debug3("expanded RemoteCommand: %s", options.remote_command);
		1183	free(cp);
		1184	}
		1185
1168	if (options.control_path != NULL) {	1186	if (options.control_path != NULL) {
1169	cp = tilde_expand_filename(options.control_path,	1187	cp = tilde_expand_filename(options.control_path,
1170	original_real_uid);	1188	original_real_uid);

Lines 1373-1378 is Link Here

(-)a/ssh_config.5 (+20 lines)
1373	.Dq default none ,	1373	.Dq default none ,
1374	which means that rekeying is performed after the cipher's default amount	1374	which means that rekeying is performed after the cipher's default amount
1375	of data has been sent or received and no time based rekeying is done.	1375	of data has been sent or received and no time based rekeying is done.
		1376	.It Cm RemoteCommand
		1377	Specifies the command that will be executed on the remote machine.
		1378	The following escape character substitutions will be performed:
		1379	.Ql %h
		1380	(remote host name),
		1381	.Ql %l
		1382	(local host name),
		1383	.Ql %n
		1384	(host name as provided on the command line),
		1385	.Ql %p
		1386	(remote port),
		1387	.Ql %r
		1388	(remote user name) or
		1389	.Ql %u
		1390	(local user name).
		1391	.Pp
		1392	Specifing a command on the
		1393	.Xr ssh 1
		1394	command line will disable the
		1395	.Cm RemoteCommand
1376	.It Cm RemoteForward	1396	.It Cm RemoteForward
1377	Specifies that a TCP port on the remote machine be forwarded over	1397	Specifies that a TCP port on the remote machine be forwarded over
1378	the secure channel to the specified host and port from the local machine.	1398	the secure channel to the specified host and port from the local machine.

Line 0 Link Here

(-)a/regress/remotecommand.sh (+33 lines)
	1	# $OpenBSD: Exp $
	2	# Placed in the Public Domain.
	3
	4	tid="remotecommand"
	5
	6	echo "RemoteCommand touch $OBJ/remote_test" >> $OBJ/ssh_proxy
	7
	8	for p1 in disabled enabled; do
	9	for p in 1 2; do
	10	verbose "test $tid: proto $p remotecommand cmd override. $p1"
	11	${SSH} -F $OBJ/ssh_proxy -$p somehost touch $OBJ/remote_command_tt
	12	if [ -f $OBJ/remote_test ] ; then
	13	fail "$tid proto $p cmd override failed"
	14	fi
	15	if [ ! -f $OBJ/remote_command_tt ] ; then
	16	fail "$tid proto $p cmd override no cmdline"
	17	fi
	18	[ -f $OBJ/remote_test ] && rm $OBJ/remote_test
	19	[ -f $OBJ/remote_command_tt ] && rm $OBJ/remote_command_tt
	20	done
	21	echo 'PermitRemoteCommand yes' >> $OBJ/ssh_proxy
	22	done
	23
	24
	25	for p in 1 2; do
	26	verbose "test $tid: proto $p remotecommand cmd override"
	27	${SSH} -F $OBJ/ssh_proxy -$p somehost
	28	if [ ! -f $OBJ/remote_test ] ; then
	29	fail "$tid proto $p"
	30	else
	31	rm $OBJ/remote_test
	32	fi
	33	done

Line 0 Link Here

(-)a/regress/remote_host-expand.sh (+16 lines)
	1	# Placed in the Public Domain.
	2
	3	tid="remote expand %h and %n"
	4
	5	echo 'PermitRemoteCommand yes' >> $OBJ/ssh_proxy
	6	echo "RemoteCommand echo \"%n %h\" > $OBJ/actual" >> $OBJ/ssh+ if [ -f $OBJ/remote_test ] ; then
	7	fail "$tid proto $p cmd override failed"
	8	fi
	9	if [ ! -f $OBJ/remote_command_tt ] ; then
	10	fail "$tid proto $p cmd override no cmdline"
	11	fi
	12	[ -f $OBJ/remote_test ] && rm $OBJ/remote_test
	13	[ -f $OBJ/remote_command_tt ] && rm $OBJ/remote_command_tt
	14	done
	15	echo 'PermitRemoteCommand yes' >> $OBJ/ssh_proxy
	16	done