[Bug 2081] extend the parameters to the AuthorizedKeysCommand
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Sep 23 21:41:50 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2081
--- Comment #24 from Alon Bar-Lev <alon.barlev at gmail.com> ---
(In reply to Sami Hartikainen from comment #23)
> Created attachment 2479 [details]
> Reworked patch enabling optional %-expanded arguments
>
> Revised based on feedback, e.g. %h expansion added.
>
> > 2. still open issue is if we need to skip calling the
> > utility if no public key, I leave this to openssh
> > developers to decide, I think we should execute with
> > empty value.
>
> I would like to hear comments from other people on this as
> well. But consider an AuthorizedKeysCommand of:
>
> /usr/local/sbin/myauth --user %u --key %k non-option-arg
>
> If %k is missing (due to sshkey_to_base64() failing),
> the 'non-option-arg' will be read as the option value for
> --key, possibly breaking the 'myauth' utility.
I thought there is other reason for that... :)
If you first split it based on delimiters, then substitute each then
you will be ok.
> > 6. not sure the sshkey_to_base64 is first requirement to perform
> > that conversion... maybe something should be shared with ssh-keygen.
>
> sshkey_write() is almost the same, so perhaps the 'guts' of it could
> be refactored to be usable for this.
this is for openssh developers to instruct.
minor comments:
xrealloc(argv, argc, sizeof(char *));
please use the type of argv[0] instead char*.
thanks!!!!
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list