- djm@cvs.openbsd.org 2012/11/04 10:38:43

[auth2-pubkey.c sshd.c sshd_config.5] Remove default of AuthorizedCommandUser. Administrators are now expected to explicitly specify a user. feedback and ok markus@
author: Damien Miller <djm@mindrot.org> 2012-11-04 22:23:14 +1100
committer: Damien Miller <djm@mindrot.org> 2012-11-04 22:23:14 +1100
commit: d0d1099b3b8a766480ce6df215631bf0af6e6bcd (patch)
tree: e29b37b3e3a9e8e14e78ddc5eb15005fe201717f /sshd.c
parent: f33580eed055472b9e5ca05f4826b05e9eacc651 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/sshd.c b/sshd.c
index eff0290b0..4ad1a4bd1 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.394 2012/10/30 21:29:55 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.395 2012/11/04 10:38:43 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1559,6 +1559,13 @@ main(int ac, char **av)
 	if (options.challenge_response_authentication)
 		options.kbd_interactive_authentication = 1;
 
+	/* Check that options are sensible */
+	if (options.authorized_keys_command_user == NULL &&
+	    (options.authorized_keys_command != NULL &&
+	    strcasecmp(options.authorized_keys_command, "none") != 0))
+		fatal("AuthorizedKeysCommand set without "
+		    "AuthorizedKeysCommandUser");
+
 	/* set default channel AF */
 	channel_set_af(options.address_family);
author	Damien Miller <djm@mindrot.org>	2012-11-04 22:23:14 +1100
committer	Damien Miller <djm@mindrot.org>	2012-11-04 22:23:14 +1100
commit	d0d1099b3b8a766480ce6df215631bf0af6e6bcd (patch)
tree	e29b37b3e3a9e8e14e78ddc5eb15005fe201717f /sshd.c
parent	f33580eed055472b9e5ca05f4826b05e9eacc651 (diff)