Attachment #2535 for bug #2062

Lines 159-166 allowed_user(struct passwd * pw) Link Here

(-)a/auth.c (-2 / +3 lines)
159	* Deny if shell does not exist or is not executable unless we	159	* Deny if shell does not exist or is not executable unless we
160	* are chrooting.	160	* are chrooting.
161	*/	161	*/
162	if (options.chroot_directory == NULL \|\|	162	if (options.adm_forced_shell == NULL &&
163	strcasecmp(options.chroot_directory, "none") == 0) {	163	(options.chroot_directory == NULL \|\|
		164	strcasecmp(options.chroot_directory, "none") == 0)) {
164	char *shell = xstrdup((pw->pw_shell[0] == '\0') ?	165	char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
165	_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */	166	_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
166		167




	options->ip_qos_bulk = -1;
	options->version_addendum = NULL;
	options->fingerprint_hash = -1;
	options->adm_forced_shell = NULL;
}

/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */

	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
	sStreamLocalBindMask, sStreamLocalBindUnlink,
	sAllowStreamLocalForwarding, sFingerprintHash, sForceShell,
	sDeprecated, sUnsupported
} ServerOpCodes;


	{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
	{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
	{ "forceshell", sForceShell, SSHCFG_ALL },
	{ NULL, sBadOption, 0 }
};


			options->fingerprint_hash = value;
		break;

	case sForceShell:
		if (cp == NULL)
			fatal("%.200s line %d: Missing argument.", filename,
			    linenum);
		len = strspn(cp, WHITESPACE);
		if (*activep && options->adm_forced_shell == NULL)
			options->adm_forced_shell = xstrdup(cp + len);
		return 0;

	case sDeprecated:
		logit("%s line %d: Deprecated option %s",
		    filename, linenum, arg);


	M_CP_STROPT(adm_forced_command);
	M_CP_STROPT(chroot_directory);
	M_CP_STROPT(adm_forced_shell);
}

#undef M_CP_INTOPT

	    o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
	    o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
	dump_cfg_string(sForceShell, o->adm_forced_shell);

	/* string arguments requiring a lookup */
	dump_cfg_string(sLogLevel, log_level_name(o->log_level));

Lines 189-194 typedef struct { Link Here

(-)a/servconf.h (+2 lines)
189	char *auth_methods[MAX_AUTH_METHODS];	189	char *auth_methods[MAX_AUTH_METHODS];
190		190
191	int fingerprint_hash;	191	int fingerprint_hash;
		192
		193	char *adm_forced_shell;
192	} ServerOptions;	194	} ServerOptions;
193		195
194	/* Information about the incoming connection as used by Match */	196	/* Information about the incoming connection as used by Match */

Lines 828-834 do_exec(Session s, const char command) Link Here

(-)a/session.c (-1 / +5 lines)
828	else if (s->ttyfd == -1) {	828	else if (s->ttyfd == -1) {
829	char *shell = s->pw->pw_shell;	829	char *shell = s->pw->pw_shell;
830		830
831	if (shell[0] == '\0') /* empty shell means /bin/sh */	831	if (options.adm_forced_shell)
		832	shell = options.adm_forced_shell;
		833	else if (shell[0] == '\0') /* empty shell means /bin/sh */
832	shell =_PATH_BSHELL;	834	shell =_PATH_BSHELL;
833	PRIVSEP(audit_run_command(shell));	835	PRIVSEP(audit_run_command(shell));
834	}	836	}
Lines 1728-1733 do_child(Session s, const char command) Link Here
1728	* legal, and means /bin/sh.	1730	* legal, and means /bin/sh.
1729	*/	1731	*/
1730	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;	1732	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
		1733	if (options.adm_forced_shell)
		1734	shell = options.adm_forced_shell;
1731		1735
1732	/*	1736	/*
1733	* Make sure $SHELL points to the shell from the password file,	1737	* Make sure $SHELL points to the shell from the password file,

Lines 539-544 Specifying a command of Link Here

(-)a/sshd_config.5 (+9 lines)
539	will force the use of an in-process sftp server that requires no support	539	will force the use of an in-process sftp server that requires no support
540	files when used with	540	files when used with
541	.Cm ChrootDirectory .	541	.Cm ChrootDirectory .
		542	.It Cm ForceShell
		543	Executes the command specified by
		544	.Cm ForceShell
		545	in place of the user's normal login shell.
		546	This applies to shell, command, or subsystem execution.
		547	It is most useful inside a
		548	.Cm Match
		549	block.
542	.It Cm GatewayPorts	550	.It Cm GatewayPorts
543	Specifies whether remote hosts are allowed to connect to ports	551	Specifies whether remote hosts are allowed to connect to ports
544	forwarded for the client.	552	forwarded for the client.
Lines 980-985 Available keywords are Link Here
980	.Cm DenyGroups ,	988	.Cm DenyGroups ,
981	.Cm DenyUsers ,	989	.Cm DenyUsers ,
982	.Cm ForceCommand ,	990	.Cm ForceCommand ,
		991	.Cm ForceShell ,
983	.Cm GatewayPorts ,	992	.Cm GatewayPorts ,
984	.Cm GSSAPIAuthentication ,	993	.Cm GSSAPIAuthentication ,
985	.Cm HostbasedAcceptedKeyTypes ,	994	.Cm HostbasedAcceptedKeyTypes ,

Return to bug 2062

Lines 163-168 initialize_server_options(ServerOptions *options) Link Here

(-)a/servconf.c (-1 / +14 lines)
163	options->ip_qos_bulk = -1;	163	options->ip_qos_bulk = -1;
164	options->version_addendum = NULL;	164	options->version_addendum = NULL;
165	options->fingerprint_hash = -1;	165	options->fingerprint_hash = -1;
		166	options->adm_forced_shell = NULL;
166	}	167	}
167		168
168	/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */	169	/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
Lines 400-406 typedef enum { Link Here
400	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,	401	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
401	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,	402	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
402	sStreamLocalBindMask, sStreamLocalBindUnlink,	403	sStreamLocalBindMask, sStreamLocalBindUnlink,
403	sAllowStreamLocalForwarding, sFingerprintHash,	404	sAllowStreamLocalForwarding, sFingerprintHash, sForceShell,
404	sDeprecated, sUnsupported	405	sDeprecated, sUnsupported
405	} ServerOpCodes;	406	} ServerOpCodes;
406		407
Lines 534-539 static struct { Link Here
534	{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },	535	{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
535	{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },	536	{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
536	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },	537	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
		538	{ "forceshell", sForceShell, SSHCFG_ALL },
537	{ NULL, sBadOption, 0 }	539	{ NULL, sBadOption, 0 }
538	};	540	};
539		541
Lines 1743-1748 process_server_config_line(ServerOptions options, char line, Link Here
1743	options->fingerprint_hash = value;	1745	options->fingerprint_hash = value;
1744	break;	1746	break;
1745		1747
		1748	case sForceShell:
		1749	if (cp == NULL)
		1750	fatal("%.200s line %d: Missing argument.", filename,
		1751	linenum);
		1752	len = strspn(cp, WHITESPACE);
		1753	if (*activep && options->adm_forced_shell == NULL)
		1754	options->adm_forced_shell = xstrdup(cp + len);
		1755	return 0;
		1756
1746	case sDeprecated:	1757	case sDeprecated:
1747	logit("%s line %d: Deprecated option %s",	1758	logit("%s line %d: Deprecated option %s",
1748	filename, linenum, arg);	1759	filename, linenum, arg);
Lines 1924-1929 copy_set_server_options(ServerOptions dst, ServerOptions src, int preauth) Link Here
1924		1935
1925	M_CP_STROPT(adm_forced_command);	1936	M_CP_STROPT(adm_forced_command);
1926	M_CP_STROPT(chroot_directory);	1937	M_CP_STROPT(chroot_directory);
		1938	M_CP_STROPT(adm_forced_shell);
1927	}	1939	}
1928		1940
1929	#undef M_CP_INTOPT	1941	#undef M_CP_INTOPT
Lines 2173-2178 dump_config(ServerOptions *o) Link Here
2173	o->hostbased_key_types : KEX_DEFAULT_PK_ALG);	2185	o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
2174	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?	2186	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
2175	o->pubkey_key_types : KEX_DEFAULT_PK_ALG);	2187	o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
		2188	dump_cfg_string(sForceShell, o->adm_forced_shell);
2176		2189
2177	/* string arguments requiring a lookup */	2190	/* string arguments requiring a lookup */
2178	dump_cfg_string(sLogLevel, log_level_name(o->log_level));	2191	dump_cfg_string(sLogLevel, log_level_name(o->log_level));