Attachment #2559 for bug #2276

Lines 561-568 user_key_command_allowed2(struct passwd user_pw, Key key) Link Here

(-)a/auth2-pubkey.c (-2 / +2 lines)
561	options.authorized_keys_command, strerror(errno));	561	options.authorized_keys_command, strerror(errno));
562	goto out;	562	goto out;
563	}	563	}
564	if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0,	564	if (auth_secure_path(options.authorized_keys_command, &st, NULL,
565	errmsg, sizeof(errmsg)) != 0) {	565	options.authorized_keys_command_owner, errmsg, sizeof(errmsg)) != 0) {
566	error("Unsafe AuthorizedKeysCommand: %s", errmsg);	566	error("Unsafe AuthorizedKeysCommand: %s", errmsg);
567	goto out;	567	goto out;
568	}	568	}

Lines 155-160 initialize_server_options(ServerOptions *options) Link Here

(-)a/servconf.c (+1 lines)
155	options->adm_forced_command = NULL;	155	options->adm_forced_command = NULL;
156	options->chroot_directory = NULL;	156	options->chroot_directory = NULL;
157	options->authorized_keys_command = NULL;	157	options->authorized_keys_command = NULL;
		158	options->authorized_keys_command_owner = geteuid();
158	options->authorized_keys_command_user = NULL;	159	options->authorized_keys_command_user = NULL;
159	options->revoked_keys_file = NULL;	160	options->revoked_keys_file = NULL;
160	options->trusted_user_ca_keys = NULL;	161	options->trusted_user_ca_keys = NULL;

Lines 178-183 typedef struct { Link Here

(-)a/servconf.h (-1 / +1 lines)
178	char *trusted_user_ca_keys;	178	char *trusted_user_ca_keys;
179	char *authorized_principals_file;	179	char *authorized_principals_file;
180	char *authorized_keys_command;	180	char *authorized_keys_command;
		181	uid_t authorized_keys_command_owner;
181	char *authorized_keys_command_user;	182	char *authorized_keys_command_user;
182		183
183	int64_t rekey_limit;	184	int64_t rekey_limit;
184	-

Return to bug 2276