Bugzilla – Attachment 2839 Details for
Bug 2103
remote command as an option in ssh_config
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
RemoteCommand for openssh-7.2_p2
remotecommand.patch (text/plain), 6.38 KB, created by
main.haarp
on 2016-06-17 18:16:00 AEST
(
hide
)
Description:
RemoteCommand for openssh-7.2_p2
Filename:
MIME Type:
Creator:
main.haarp
Created:
2016-06-17 18:16:00 AEST
Size:
6.38 KB
patch
obsolete
>diff -W 119 -Naupr /tmp/openssh-7.2p2/readconf.c ./readconf.c >--- a/readconf.c 2016-06-17 09:16:36.000000000 +0200 >+++ b/readconf.c 2016-06-17 09:24:19.552589577 +0200 >@@ -159,6 +159,7 @@ typedef enum { > oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, > oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, > oPubkeyAcceptedKeyTypes, >+ oRemoteCommand, > oIgnoredUnknownOption, oDeprecated, oUnsupported > } OpCodes; > >@@ -281,6 +282,7 @@ static struct { > { "hostbasedkeytypes", oHostbasedKeyTypes }, > { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, > { "ignoreunknown", oIgnoreUnknown }, >+ { "remotecommand", oRemoteCommand }, > > { NULL, oBadOption } > }; >@@ -1399,6 +1401,10 @@ parse_keytypes: > charptr = &options->local_command; > goto parse_command; > >+ case oRemoteCommand: >+ charptr = &options->remote_command; >+ goto parse_command; >+ > case oPermitLocalCommand: > intptr = &options->permit_local_command; > goto parse_flag; >@@ -1708,6 +1714,7 @@ initialize_options(Options * options) > options->tun_remote = -1; > options->local_command = NULL; > options->permit_local_command = -1; >+ options->remote_command = NULL; > options->add_keys_to_agent = -1; > options->visual_host_key = -1; > options->ip_qos_interactive = -1; >diff -W 119 -Naupr /tmp/openssh-7.2p2/readconf.h ./readconf.h >--- a/readconf.h 2016-06-17 09:16:36.000000000 +0200 >+++ b/readconf.h 2016-06-17 09:24:51.745923019 +0200 >@@ -135,6 +135,7 @@ typedef struct { > > char *local_command; > int permit_local_command; >+ char *remote_command; > int visual_host_key; > > int request_tty; >diff -W 119 -Naupr /tmp/openssh-7.2p2/regress/Makefile ./regress/Makefile >--- a/regress/Makefile 2016-03-09 19:04:48.000000000 +0100 >+++ b/regress/Makefile 2016-06-17 09:37:24.129258893 +0200 >@@ -75,7 +75,9 @@ LTESTS= connect \ > keygen-knownhosts \ > hostkey-rotate \ > principals-command \ >- cert-file >+ cert-file \ >+ remotecommand \ >+ remote_host_expand > > > # dhgex \ >diff -W 119 -Naupr /tmp/openssh-7.2p2/regress/remotecommand.sh ./regress/remotecommand.sh >--- a/regress/remotecommand.sh 1970-01-01 01:00:00.000000000 +0100 >+++ b/regress/remotecommand.sh 2016-06-17 09:41:16.225926343 +0200 >@@ -0,0 +1,33 @@ >+# $OpenBSD: Exp $ >+# Placed in the Public Domain. >+ >+tid="remotecommand" >+ >+echo "RemoteCommand touch $OBJ/remote_test" >> $OBJ/ssh_proxy >+ >+for p1 in disabled enabled; do >+ for p in 1 2; do >+ verbose "test $tid: proto $p remotecommand cmd override. $p1" >+ ${SSH} -F $OBJ/ssh_proxy -$p somehost touch $OBJ/remote_command_tt >+ if [ -f $OBJ/remote_test ] ; then >+ fail "$tid proto $p cmd override failed" >+ fi >+ if [ ! -f $OBJ/remote_command_tt ] ; then >+ fail "$tid proto $p cmd override no cmdline" >+ fi >+ [ -f $OBJ/remote_test ] && rm $OBJ/remote_test >+ [ -f $OBJ/remote_command_tt ] && rm $OBJ/remote_command_tt >+ done >+ echo 'PermitRemoteCommand yes' >> $OBJ/ssh_proxy >+done >+ >+ >+for p in 1 2; do >+ verbose "test $tid: proto $p remotecommand cmd override" >+ ${SSH} -F $OBJ/ssh_proxy -$p somehost >+ if [ ! -f $OBJ/remote_test ] ; then >+ fail "$tid proto $p" >+ else >+ rm $OBJ/remote_test >+ fi >+done >diff -W 119 -Naupr /tmp/openssh-7.2p2/regress/remote_host-expand.sh ./regress/remote_host-expand.sh >--- a/regress/remote_host-expand.sh 1970-01-01 01:00:00.000000000 +0100 >+++ b/regress/remote_host-expand.sh 2016-06-17 09:41:25.409259708 +0200 >@@ -0,0 +1,16 @@ >+# Placed in the Public Domain. >+ >+tid="remote expand %h and %n" >+ >+echo 'PermitRemoteCommand yes' >> $OBJ/ssh_proxy >+echo "RemoteCommand echo \"%n %h\" > $OBJ/actual" >> $OBJ/ssh+ if [ -f $OBJ/remote_test ] ; then >+ fail "$tid proto $p cmd override failed" >+ fi >+ if [ ! -f $OBJ/remote_command_tt ] ; then >+ fail "$tid proto $p cmd override no cmdline" >+ fi >+ [ -f $OBJ/remote_test ] && rm $OBJ/remote_test >+ [ -f $OBJ/remote_command_tt ] && rm $OBJ/remote_command_tt >+ done >+ echo 'PermitRemoteCommand yes' >> $OBJ/ssh_proxy >+done >diff -W 119 -Naupr /tmp/openssh-7.2p2/ssh.1 ./ssh.1 >--- a/ssh.1 2016-06-17 09:16:36.000000000 +0200 >+++ b/ssh.1 2016-06-17 09:26:04.992589933 +0200 >@@ -525,6 +525,7 @@ For full details of the options listed b > .It PubkeyAcceptedKeyTypes > .It PubkeyAuthentication > .It RekeyLimit >+.It RemoteCommand > .It RemoteForward > .It RequestTTY > .It RhostsRSAAuthentication >diff -W 119 -Naupr /tmp/openssh-7.2p2/ssh.c ./ssh.c >--- a/ssh.c 2016-06-17 09:16:36.000000000 +0200 >+++ b/ssh.c 2016-06-17 09:31:41.212591068 +0200 >@@ -1110,7 +1120,8 @@ main(int ac, char **av) > tty_flag = 1; > > /* Allocate a tty by default if no command specified. */ >- if (buffer_len(&command) == 0) >+ if (buffer_len(&command) == 0 || (options.remote_command != NULL && >+ !subsystem_flag)) > tty_flag = options.request_tty != REQUEST_TTY_NO; > > /* Force no tty */ >@@ -1165,6 +1169,20 @@ main(int ac, char **av) > free(cp); > } > >+ if (options.remote_command != NULL && !subsystem_flag && >+ buffer_len(&command) == 0) { >+ debug3("expanding RemoteCommand: %s", options.local_command); >+ cp = options.remote_command; >+ options.remote_command = percent_expand(cp, >+ "h", host, "l", thishost, "n", host_arg, "r", options.user, >+ "p", portstr, "u", pw->pw_name, "L", shorthost, >+ (char *)NULL); >+ buffer_append(&command, options.remote_command, >+ strlen(options.remote_command)); >+ debug3("expanded RemoteCommand: %s", options.remote_command); >+ free(cp); >+ } >+ > if (options.control_path != NULL) { > cp = tilde_expand_filename(options.control_path, > original_real_uid); >diff -W 119 -Naupr /tmp/openssh-7.2p2/ssh_config.5 ./ssh_config.5 >--- a/ssh_config.5 2016-06-17 09:16:36.000000000 +0200 >+++ b/ssh_config.5 2016-06-17 09:36:38.839258740 +0200 >@@ -1373,6 +1373,26 @@ is > .Dq default none , > which means that rekeying is performed after the cipher's default amount > of data has been sent or received and no time based rekeying is done. >+.It Cm RemoteCommand >+Specifies the command that will be executed on the remote machine. >+The following escape character substitutions will be performed: >+.Ql %h >+(remote host name), >+.Ql %l >+(local host name), >+.Ql %n >+(host name as provided on the command line), >+.Ql %p >+(remote port), >+.Ql %r >+(remote user name) or >+.Ql %u >+(local user name). >+.Pp >+Specifing a command on the >+.Xr ssh 1 >+command line will disable the >+.Cm RemoteCommand > .It Cm RemoteForward > Specifies that a TCP port on the remote machine be forwarded over > the secure channel to the specified host and port from the local machine.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2839">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2103
:
2348
|
2349
|
2350
| 2839 |
3067