[PATCH] Public keys options

Frédéric Moulins ffrrrr at gmail.com
Mon May 26 14:54:46 WST 2008


Hello,

please find attached a new patch allowing to use the 'command' option
with public keys in authorized_keys file. 

This patch include the one from my previous email :
On Sun, 25 May 2008 11:50:29 +0200
Frédéric Moulins <ffrrrr at gmail.com> wrote:

> Hello,
> 
> the following patch allow to skip options of public keys in
> authorized_keys file.
> 
> authorized_keys file still must respect :
> * no whitespace at the begining of a line.
> * only one space or tab character between options and algorithm type.
> 
> Code has been copied and adapted from OpenSSH function
> user_key_allowed2 in auth2-pubkey.c.
> 

A PubKeyOptions structure is declared in auth.h. It contains the
same parameters used in OpenSSH that I commented out except
'forced_command' that is used. This structure is used under
ses.authstate.

A new function 'addpubkeyoptions' in svr-authpubkey.c parse,  validate
and set options in the session structure. Code has been copied and
adapted from the parsing function in OpenSSH. It only parses the
'command' option for the moment. Any other option will be taken as bad
option and invalidate the key. In order to add support for other
options, you can copy and slightly adapt (mallocS, freeS and gotoS)
chunks of parsing code from OpenSSH function auth_parse_options in
auth-options.c.

What do you think of it ? 
Any feedback or suggestions is welcome (malloc/free, structures, corner
cases,...).


fred

PS : patch is still against dropbear-0.50. Tell me if you prefer a
patch against the latest development version.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: add_command_pubkey_option.patch
Type: text/x-patch
Size: 7684 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20080526/4a79f0aa/attachment.bin 


More information about the Dropbear mailing list