Bugzilla – Attachment 2416 Details for
Bug 2081
extend the parameters to the AuthorizedKeysCommand
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch adding environment variables to pass key and fingerprint to AuthorizedKeysCommand
openssh-akcenv.diff (text/plain), 3.12 KB, created by
Scott Duckworth
on 2014-03-25 01:29:51 AEDT
(
hide
)
Description:
Patch adding environment variables to pass key and fingerprint to AuthorizedKeysCommand
Filename:
MIME Type:
Creator:
Scott Duckworth
Created:
2014-03-25 01:29:51 AEDT
Size:
3.12 KB
patch
obsolete
>Index: auth2-pubkey.c >=================================================================== >RCS file: /cvs/openssh/auth2-pubkey.c,v >retrieving revision 1.42 >diff -u -r1.42 auth2-pubkey.c >--- auth2-pubkey.c 31 Dec 2013 01:25:41 -0000 1.42 >+++ auth2-pubkey.c 24 Mar 2014 14:15:52 -0000 >@@ -509,7 +509,8 @@ > struct stat st; > int status, devnull, p[2], i; > pid_t pid; >- char *username, errmsg[512]; >+ long len; >+ char *username, *keytext, errmsg[512]; > > if (options.authorized_keys_command == NULL || > options.authorized_keys_command[0] != '/') >@@ -567,6 +568,37 @@ > case 0: /* child */ > for (i = 0; i < NSIG; i++) > signal(i, SIG_DFL); >+ >+ setenv(SSH_KEY_FINGERPRINT_ENV_NAME, >+ key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX), 1); >+ >+ if ((f = tmpfile()) == NULL) { >+ error("%s: tmpfile: %s", __func__, strerror(errno)); >+ _exit(1); >+ } >+ if (!key_write(key, f)) { >+ error("%s: key_write: %s", __func__, strerror(errno)); >+ _exit(1); >+ } >+ if ((len = ftell(f)) == -1) { >+ error("%s: ftell: %s", __func__, strerror(errno)); >+ _exit(1); >+ } >+ if ((keytext = xmalloc(len + 1)) == NULL) { >+ error("%s: xmalloc: %s", __func__, strerror(errno)); >+ _exit(1); >+ } >+ if ((fseek(f, 0, SEEK_SET)) != 0) { >+ error("%s: fseek: %s", __func__, strerror(errno)); >+ _exit(1); >+ } >+ if (fread(keytext, 1, len, f) != len) { >+ error("%s: fread: %s", __func__, strerror(errno)); >+ _exit(1); >+ } >+ keytext[len] = '\0'; >+ fclose(f); >+ setenv(SSH_KEY_ENV_NAME, keytext, 1); > > if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { > error("%s: open %s: %s", __func__, _PATH_DEVNULL, >Index: ssh.h >=================================================================== >RCS file: /cvs/openssh/ssh.h,v >retrieving revision 1.78 >diff -u -r1.78 ssh.h >--- ssh.h 25 Jun 2010 23:50:30 -0000 1.78 >+++ ssh.h 24 Mar 2014 14:15:52 -0000 >@@ -97,3 +97,15 @@ > > /* Listen backlog for sshd, ssh-agent and forwarding sockets */ > #define SSH_LISTEN_BACKLOG 128 >+ >+/* >+ * Name of the environment variable containing the incoming key passed >+ * to AuthorizedKeysCommand. >+ */ >+#define SSH_KEY_ENV_NAME "SSH_KEY" >+ >+/* >+ * Name of the environment variable containing the incoming key fingerprint >+ * passed to AuthorizedKeysCommand. >+ */ >+#define SSH_KEY_FINGERPRINT_ENV_NAME "SSH_KEY_FINGERPRINT" >Index: sshd_config.5 >=================================================================== >RCS file: /cvs/openssh/sshd_config.5,v >retrieving revision 1.179 >diff -u -r1.179 sshd_config.5 >--- sshd_config.5 27 Feb 2014 23:01:28 -0000 1.179 >+++ sshd_config.5 24 Mar 2014 14:15:52 -0000 >@@ -203,6 +203,11 @@ > being authenticated, and should produce on standard output zero or > more lines of authorized_keys output (see AUTHORIZED_KEYS in > .Xr sshd 8 ) . >+The key being used for authentication (the key's type and the key text itself, >+separated by a space) will be available in the >+.Ev SSH_KEY >+environment variable, and the fingerprint of the key will be available in the >+.Ev SSH_KEY_FINGERPRINT environment variable. > If a key supplied by AuthorizedKeysCommand does not successfully authenticate > and authorize the user then public key authentication continues using the usual > .Cm AuthorizedKeysFile
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2081
:
2412
|
2416
|
2417
|
2438
|
2477
|
2478
|
2479
|
2522
|
2544
|
2545
|
2546
|
2549
|
2556
|
2557