Patch: Set SSH_AUTHKEY to key id used to authenticate.
jafo at tummy.com
jafo at tummy.com
Thu May 17 17:19:33 EST 2001
Attached is a patch which sets the SSH_AUTHKEY environment variable to be
the remaining data at the end of an SSH key which is used for
authentication.
The motivation behind this is that there are time in which it's useful to
know who is on the other end of the connection. For example, if I log in
as root on a box, I'd like to be able to configure vi-specific settings,
while another user may prefer to have emacs.
Originally I had thought about doing it with environment variables. Set it
up with:
SSH_PROPOGATE_ENV="SSH_PROPOGATE_ENV INPUTRC REMOTE_USER"
INPUTRC="$HOME/.inputrc-vi"
REMOTE_USER="jafo"
Something like that. Obviously, there are some problems with "$HOME"
getting expanded on the client side, but worst case you could use
REMOTE_USER in the .profile.
Basing it on the key id seemed to be the simplest thing for me though... A
general-purpose way to propogate environment variables would be nice
though.
Enjoy,
Sean
--
If the code and the comments disagree, then both are probably wrong.
-- Norm Schryer
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
-------------- next part --------------
diff -ur openssh-2.9p1/auth2.c openssh-2.9p1authdata/auth2.c
--- openssh-2.9p1/auth2.c Wed Apr 25 06:44:15 2001
+++ openssh-2.9p1authdata/auth2.c Thu May 17 00:56:38 2001
@@ -771,6 +771,7 @@
if (key_equal(found, key) &&
auth_parse_options(pw, options, file, linenum) == 1) {
found_key = 1;
+ key_matching_data(cp);
debug("matching key found: file %s, line %ld",
file, linenum);
break;
diff -ur openssh-2.9p1/key.c openssh-2.9p1authdata/key.c
--- openssh-2.9p1/key.c Tue Apr 17 12:11:37 2001
+++ openssh-2.9p1authdata/key.c Thu May 17 00:56:46 2001
@@ -781,3 +781,23 @@
break;
}
}
+
+const char *key_matching_data(char *cp)
+{
+ static int isSet = 0;
+ static char name[100];
+ char *s;
+ int len = 0;
+
+ if (!cp) return(isSet ? name : NULL);
+
+ /* skip leading white-space */
+ for (; *cp && isspace(*cp); cp++);
+ /* copy the data to name */
+ for (s = name; *cp && !isspace(*cp) && len < sizeof(name); s++, cp++, len++)
+ *s = *cp;
+ *s = '\0';
+ isSet = 1;
+
+ return(NULL);
+}
diff -ur openssh-2.9p1/key.h openssh-2.9p1authdata/key.h
--- openssh-2.9p1/key.h Tue Apr 17 12:11:37 2001
+++ openssh-2.9p1authdata/key.h Thu May 17 00:34:28 2001
@@ -80,5 +80,6 @@
Key *key,
u_char *signature, int signaturelen,
u_char *data, int datalen);
+const char *key_matching_data(char *cp);
#endif
diff -ur openssh-2.9p1/session.c openssh-2.9p1authdata/session.c
--- openssh-2.9p1/session.c Wed Apr 18 09:29:34 2001
+++ openssh-2.9p1authdata/session.c Thu May 17 00:41:15 2001
@@ -57,6 +57,7 @@
#include "serverloop.h"
#include "canohost.h"
#include "session.h"
+#include "key.h"
#ifdef WITH_IRIX_PROJECT
#include <proj.h>
@@ -1281,6 +1282,8 @@
get_remote_ipaddr(), get_remote_port(), get_local_port());
child_set_env(&env, &envsize, "SSH_CLIENT", buf);
+ if (key_matching_data(NULL))
+ child_set_env(&env, &envsize, "SSH_AUTHKEY", key_matching_data(NULL));
if (s->ttyfd != -1)
child_set_env(&env, &envsize, "SSH_TTY", s->tty);
if (s->term)
More information about the openssh-unix-dev
mailing list