way to set shell used for remote commands?

Iain Morgan imorgan at nas.nasa.gov
Tue Jan 27 11:54:19 AEDT 2015 

On Thu, Jan 22, 2015 at 11:40:59 -0800, Iain Morgan wrote:
> Unfortunately, I haven't touched the patch in two years, so I'm not sure
> if it still applies cleanly. I'll see if I can set aside some time to
> update the patch, but that may be a week or two away. Feel free to give
> it a try in the meantime.
> 

Here's an update of the patch versus 6.7p1.

-- 
Iain Morgan

diff -ur V_6_7_P1/auth.c V_6_7_P1.force-shell/auth.c
--- V_6_7_P1/auth.c	2014-07-17 21:11:25.000000000 -0700
+++ V_6_7_P1.force-shell/auth.c	2015-01-26 14:00:55.687638002 -0800
@@ -158,8 +158,9 @@
 	 * Deny if shell does not exist or is not executable unless we
 	 * are chrooting.
 	 */
-	if (options.chroot_directory == NULL ||
-	    strcasecmp(options.chroot_directory, "none") == 0) {
+	if (options.adm_forced_shell == NULL &&
+	    (options.chroot_directory == NULL ||
+	    strcasecmp(options.chroot_directory, "none") == 0)) {
 		char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
 		    _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
 
diff -ur V_6_7_P1/servconf.c V_6_7_P1.force-shell/servconf.c
--- V_6_7_P1/servconf.c	2014-07-17 21:11:26.000000000 -0700
+++ V_6_7_P1.force-shell/servconf.c	2015-01-26 14:27:11.927378483 -0800
@@ -157,6 +157,7 @@
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
 	options->version_addendum = NULL;
+	options->adm_forced_shell = NULL;
 }
 
 void
@@ -361,7 +362,7 @@
 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
 	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
 	sStreamLocalBindMask, sStreamLocalBindUnlink,
-	sAllowStreamLocalForwarding,
+	sAllowStreamLocalForwarding, sForceShell,
 	sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -492,6 +493,7 @@
 	{ "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
 	{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
 	{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
+	{ "forceshell", sForceShell, SSHCFG_ALL },
 	{ NULL, sBadOption, 0 }
 };
 
@@ -1663,6 +1665,15 @@
 		intptr = &options->fwd_opts.streamlocal_bind_unlink;
 		goto parse_flag;
 
+	case sForceShell:
+		if (cp == NULL)
+			fatal("%.200s line %d: Missing argument.", filename,
+			    linenum);
+		len = strspn(cp, WHITESPACE);
+		if (*activep && options->adm_forced_shell == NULL)
+			options->adm_forced_shell = xstrdup(cp + len);
+		return 0;
+
 	case sDeprecated:
 		logit("%s line %d: Deprecated option %s",
 		    filename, linenum, arg);
@@ -1844,6 +1855,7 @@
 
 	M_CP_STROPT(adm_forced_command);
 	M_CP_STROPT(chroot_directory);
+	M_CP_STROPT(adm_forced_shell);
 }
 
 #undef M_CP_INTOPT
@@ -2086,6 +2098,7 @@
 	dump_cfg_string(sHostKeyAgent, o->host_key_agent);
 	dump_cfg_string(sKexAlgorithms, o->kex_algorithms ? o->kex_algorithms :
 	    kex_alg_list(','));
+	dump_cfg_string(sForceShell, o->adm_forced_shell);
 
 	/* string arguments requiring a lookup */
 	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff -ur V_6_7_P1/servconf.h V_6_7_P1.force-shell/servconf.h
--- V_6_7_P1/servconf.h	2014-07-17 21:11:26.000000000 -0700
+++ V_6_7_P1.force-shell/servconf.h	2015-01-26 14:00:55.696637887 -0800
@@ -185,6 +185,7 @@
 
 	u_int	num_auth_methods;
 	char   *auth_methods[MAX_AUTH_METHODS];
+	char   *adm_forced_shell;
 }       ServerOptions;
 
 /* Information about the incoming connection as used by Match */
diff -ur V_6_7_P1/session.c V_6_7_P1.force-shell/session.c
--- V_6_7_P1/session.c	2014-07-17 21:11:26.000000000 -0700
+++ V_6_7_P1.force-shell/session.c	2015-01-26 14:00:55.698637830 -0800
@@ -827,7 +827,9 @@
 	else if (s->ttyfd == -1) {
 		char *shell = s->pw->pw_shell;
 
-		if (shell[0] == '\0')	/* empty shell means /bin/sh */
+		if (options.adm_forced_shell)
+			shell = options.adm_forced_shell;
+		else if (shell[0] == '\0')	/* empty shell means /bin/sh */
 			shell =_PATH_BSHELL;
 		PRIVSEP(audit_run_command(shell));
 	}
@@ -1727,6 +1729,8 @@
 	 * legal, and means /bin/sh.
 	 */
 	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+	if (options.adm_forced_shell)
+		shell = options.adm_forced_shell;
 
 	/*
 	 * Make sure $SHELL points to the shell from the password file,
diff -ur V_6_7_P1/sshd_config.5 V_6_7_P1.force-shell/sshd_config.5
--- V_6_7_P1/sshd_config.5	2014-10-02 16:24:57.000000000 -0700
+++ V_6_7_P1.force-shell/sshd_config.5	2015-01-26 14:00:55.700637767 -0800
@@ -502,6 +502,14 @@
 will force the use of an in-process sftp server that requires no support
 files when used with
 .Cm ChrootDirectory .
+.It Cm ForceShell
+Executes the command specified by
+.Cm ForceShell
+in place of the user's normal login shell.
+This applies to shell, command, or subsystem execution.
+It is most useful inside a
+.Cm Match
+block.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to ports
 forwarded for the client.
@@ -918,6 +926,7 @@
 .Cm DenyGroups ,
 .Cm DenyUsers ,
 .Cm ForceCommand ,
+.Cm ForceShell ,
 .Cm GatewayPorts ,
 .Cm GSSAPIAuthentication ,
 .Cm HostbasedAuthentication ,

More information about the openssh-unix-dev mailing list