https://bugzilla.mindrot.org/show_bug.cgi?id=2081
Sami Hartikainen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2478|0 |1 is obsolete| | --- Comment #23 from Sami Hartikainen <[email protected]> --- Created attachment 2479 --> https://bugzilla.mindrot.org/attachment.cgi?id=2479&action=edit Reworked patch enabling optional %-expanded arguments Revised based on feedback, e.g. %h expansion added. > 2. still open issue is if we need to skip calling the > utility if no public key, I leave this to openssh > developers to decide, I think we should execute with > empty value. I would like to hear comments from other people on this as well. But consider an AuthorizedKeysCommand of: /usr/local/sbin/myauth --user %u --key %k non-option-arg If %k is missing (due to sshkey_to_base64() failing), the 'non-option-arg' will be read as the option value for --key, possibly breaking the 'myauth' utility. > 4. I do think that regardless we allow variable # of parameters > we can have sane limit and avoid dynamic memory management... Disagree on this, different limits on different places are a source of hard-to-track bugs. > 6. not sure the sshkey_to_base64 is first requirement to perform > that conversion... maybe something should be shared with ssh-keygen. sshkey_write() is almost the same, so perhaps the 'guts' of it could be refactored to be usable for this. -- Sami -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
