[Bug 2081] extend the parameters to the AuthorizedKeysCommand

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Sep 23 21:41:50 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2081

--- Comment #24 from Alon Bar-Lev <alon.barlev at gmail.com> ---
(In reply to Sami Hartikainen from comment #23)
> Created attachment 2479 [details]
> Reworked patch enabling optional %-expanded arguments
> 
> Revised based on feedback, e.g. %h expansion added.
> 
> > 2. still open issue is if we need to skip calling the
> > utility if no public key, I leave this to openssh
> > developers to decide, I think we should execute with
> > empty value.
> 
> I would like to hear comments from other people on this as
> well. But consider an AuthorizedKeysCommand of:
> 
>     /usr/local/sbin/myauth --user %u --key %k non-option-arg
> 
> If %k is missing (due to sshkey_to_base64() failing),
> the 'non-option-arg' will be read as the option value for
> --key, possibly breaking the 'myauth' utility.

I thought there is other reason for that... :)

If you first split it based on delimiters, then substitute each then
you will be ok.

> > 6. not sure the sshkey_to_base64 is first requirement to perform
> > that conversion... maybe something should be shared with ssh-keygen.
> 
> sshkey_write() is almost the same, so perhaps the 'guts' of it could
> be refactored to be usable for this.

this is for openssh developers to instruct.

minor comments:

xrealloc(argv, argc, sizeof(char *));

please use the type of argv[0] instead char*.

thanks!!!!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list