From 4b1f9e50f27d8bcd36479cb837fdb9711fc41951 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Wed, 26 Aug 2009 14:09:22 +0000
Subject: [PATCH] - set $SSH_ORIGINAL_COMMAND if a command is forced, and log
 it if LOG_COMMANDS is set

--HG--
extra : convert_revision : d9e8aa0ecbe7607285fa4f96f0d6f9b1523719d8
---
 auth.h                  |  4 +---
 options.h               |  3 ++-
 svr-authpubkeyoptions.c | 15 ++++++++++++---
 svr-chansession.c       | 18 +++++++++++++++---
 4 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/auth.h b/auth.h
index 115000af..7ebf9ae7 100644
--- a/auth.h
+++ b/auth.h
@@ -99,7 +99,6 @@ void cli_auth_pubkey_cleanup();
  * relatively little extraneous bits when used for the client rather than the
  * server */
 struct AuthState {
-
 	char *username; /* This is the username the client presents to check. It
 					   is updated each run through, used for auth checking */
 	unsigned char authtypes; /* Flags indicating which auth types are still 
@@ -122,7 +121,6 @@ struct AuthState {
 #ifdef ENABLE_SVR_PUBKEY_OPTIONS
 	struct PubKeyOptions* pubkey_options;
 #endif
-
 };
 
 #ifdef ENABLE_SVR_PUBKEY_OPTIONS
@@ -135,7 +133,7 @@ struct PubKeyOptions {
 	int no_pty_flag;
 	/* "command=" option. */
 	unsigned char * forced_command;
-
+	unsigned char * original_command;
 };
 #endif
 
diff --git a/options.h b/options.h
index 83b0b24f..f151cdb6 100644
--- a/options.h
+++ b/options.h
@@ -172,7 +172,8 @@ much traffic. */
 /*#define ENABLE_SVR_PAM_AUTH*/
 #define ENABLE_SVR_PUBKEY_AUTH
 
-/* Wether to ake public key options in authorized_keys file into account */
+/* Whether to take public key options in 
+ * authorized_keys file into account */
 #ifdef ENABLE_SVR_PUBKEY_AUTH
 #define ENABLE_SVR_PUBKEY_OPTIONS
 #endif
diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c
index 13a179de..8fa7b3df 100644
--- a/svr-authpubkeyoptions.c
+++ b/svr-authpubkeyoptions.c
@@ -88,10 +88,20 @@ int svr_pubkey_allows_pty() {
 	return 1;
 }
 
-/* Set chansession command to the one forced by 'command' public key option */
+/* Set chansession command to the one forced 
+ * by any 'command' public key option. */
 void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
-	if (ses.authstate.pubkey_options)
+	if (ses.authstate.pubkey_options) {
+		ses.authstate.pubkey_options->original_command = chansess->cmd;
+		if (!chansess->cmd)
+		{
+			ses.authstate.pubkey_options->original_command = m_strdup("");
+		}
 		chansess->cmd = ses.authstate.pubkey_options->forced_command;
+#ifdef LOG_COMMANDS
+		dropbear_log(LOG_INFO, "command forced to '%s'", ses.authstate.pubkey_options->original_command);
+#endif
+	}
 }
 
 /* Free potential public key options */
@@ -124,7 +134,6 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena
 	TRACE(("enter addpubkeyoptions"))
 
 	ses.authstate.pubkey_options = (struct PubKeyOptions*)m_malloc(sizeof( struct PubKeyOptions ));
-	memset(ses.authstate.pubkey_options, '\0', sizeof(*ses.authstate.pubkey_options));
 
 	buf_setpos(options_buf, 0);
 	while (options_buf->pos < options_buf->len) {
diff --git a/svr-chansession.c b/svr-chansession.c
index 574e46f7..cb5acda2 100644
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -578,6 +578,7 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
 		int iscmd, int issubsys) {
 
 	unsigned int cmdlen;
+	int is_forced;
 	int ret;
 
 	TRACE(("enter sessioncommand"))
@@ -589,9 +590,6 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
 		return DROPBEAR_FAILURE;
 	}
 
-	/* take public key option 'command' into account */
-	svr_pubkey_set_forced_command(chansess);
-
 	if (iscmd) {
 		/* "exec" */
 		if (chansess->cmd == NULL) {
@@ -616,6 +614,9 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
 			}
 		}
 	}
+	
+	/* take public key option 'command' into account */
+	svr_pubkey_set_forced_command(chansess);
 
 #ifdef LOG_COMMANDS
 	if (chansess->cmd) {
@@ -883,6 +884,17 @@ static void execchild(void *user_data) {
 		addnewvar("TERM", chansess->term);
 	}
 
+	printf("adding option %p %s\n", ses.authstate.pubkey_options,
+			ses.authstate.pubkey_options->original_command);
+
+#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+	if (ses.authstate.pubkey_options &&
+			ses.authstate.pubkey_options->original_command) {
+		addnewvar("SSH_ORIGINAL_COMMAND", 
+			ses.authstate.pubkey_options->original_command);
+	}
+#endif
+
 	/* change directory */
 	if (chdir(ses.authstate.pw_dir) < 0) {
 		dropbear_exit("error changing directory");
-- 
GitLab