Bugzilla – Attachment 2412 Details for
Bug 2081
extend the parameters to the AuthorizedKeysCommand
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch adding two more arguments to the AuthorizedKeysCommand
authorized-keys-command.patch (text/plain), 3.17 KB, created by
Florian Zimmermann
on 2014-02-23 03:24:58 AEDT
(
hide
)
Description:
Patch adding two more arguments to the AuthorizedKeysCommand
Filename:
MIME Type:
Creator:
Florian Zimmermann
Created:
2014-02-23 03:24:58 AEDT
Size:
3.17 KB
patch
obsolete
>Index: auth2-pubkey.c >=================================================================== >RCS file: /cvs/openssh/auth2-pubkey.c,v >retrieving revision 1.42 >diff -u -r1.42 auth2-pubkey.c >--- auth2-pubkey.c 31 Dec 2013 01:25:41 -0000 1.42 >+++ auth2-pubkey.c 22 Feb 2014 15:49:06 -0000 >@@ -509,7 +509,8 @@ > struct stat st; > int status, devnull, p[2], i; > pid_t pid; >- char *username, errmsg[512]; >+ char *username, errmsg[512], *key_fp; >+ const char *key_type_name; > > if (options.authorized_keys_command == NULL || > options.authorized_keys_command[0] != '/') >@@ -549,8 +550,15 @@ > goto out; > } > >- debug3("Running AuthorizedKeysCommand: \"%s %s\" as \"%s\"", >- options.authorized_keys_command, user_pw->pw_name, pw->pw_name); >+ key_type_name = key_ssh_name(key); >+ if (key_type_name == NULL) >+ key_type_name = "ssh-unknown"; >+ >+ key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); >+ >+ debug3("Running AuthorizedKeysCommand: \"%s %s %s %s\" as \"%s\"", >+ options.authorized_keys_command, user_pw->pw_name, >+ key_type_name, key_fp, pw->pw_name); > > /* > * Don't want to call this in the child, where it can fatal() and >@@ -563,6 +571,7 @@ > error("%s: fork: %s", __func__, strerror(errno)); > close(p[0]); > close(p[1]); >+ free(key_fp); > return 0; > case 0: /* child */ > for (i = 0; i < NSIG; i++) >@@ -599,7 +608,8 @@ > } > > execl(options.authorized_keys_command, >- options.authorized_keys_command, user_pw->pw_name, NULL); >+ options.authorized_keys_command, user_pw->pw_name, >+ key_type_name, key_fp, NULL); > > error("AuthorizedKeysCommand %s exec failed: %s", > options.authorized_keys_command, strerror(errno)); >@@ -611,6 +621,7 @@ > temporarily_use_uid(pw); > > close(p[1]); >+ free(key_fp); > if ((f = fdopen(p[0], "r")) == NULL) { > error("%s: fdopen: %s", __func__, strerror(errno)); > close(p[0]); >Index: sshd_config.5 >=================================================================== >RCS file: /cvs/openssh/sshd_config.5,v >retrieving revision 1.178 >diff -u -r1.178 sshd_config.5 >--- sshd_config.5 4 Feb 2014 00:13:18 -0000 1.178 >+++ sshd_config.5 22 Feb 2014 15:49:07 -0000 >@@ -199,10 +199,24 @@ > .It Cm AuthorizedKeysCommand > Specifies a program to be used to look up the user's public keys. > The program must be owned by root and not writable by group or others. >-It will be invoked with a single argument of the username >-being authenticated, and should produce on standard output zero or >-more lines of authorized_keys output (see AUTHORIZED_KEYS in >+It will be invoked with three arguments and should produce on standard output >+zero or more lines of authorized_keys output (see AUTHORIZED_KEYS in > .Xr sshd 8 ) . >+.Pp >+The arguments to the command are: >+.Bl -enum -width 1m -offset Ds -compact >+.It >+the username being authenticated, >+.It >+the type of the key used for authentication, for example, >+.Dq ssh-rsa , >+.Dq ssh-dss , >+.Dq ssh-unknown , >+.It >+the MD5 fingerprint of the key used for authentication, for example, >+.Dq a5:67:0e:55:e6:ca:fb:e8:38:58:1a:bc:1a:a9:42:be . >+.El >+.Pp > If a key supplied by AuthorizedKeysCommand does not successfully authenticate > and authorize the user then public key authentication continues using the usual > .Cm AuthorizedKeysFile
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2081
:
2412
|
2416
|
2417
|
2438
|
2477
|
2478
|
2479
|
2522
|
2544
|
2545
|
2546
|
2549
|
2556
|
2557