just add command in front of any string that is added instead of using sed

1c4b6403 · Maarten de Waard · 45849f53 · 1c4b6403 · 1c4b6403 · 1c4b6403
Commit 1c4b6403 authored 7 years ago by Maarten de Waard
--- a/src/api/ssh_keys_post.c
+++ b/src/api/ssh_keys_post.c
@@ -41,23 +41,11 @@ int callback_ssh_keys_post(const struct _u_request * request,
        return send_simple_response(response, 400, "error", "missing ssh-key");
    }

-    // Call sed to append the command correctly:
-    char * command = NULL;
-    asprintf(&command, "echo '%s' | sed -rf '%s'", ssh_key, RESTRICT_COMMAND_PATH);
-    FILE * sed_output = popen(command, "r");
+    char * ssh_key_with_command;

-    if (!sed_output)
-    {
-        return send_simple_response(response, 500, "error", "Internal error while handling ssh-key");
-    }
-
-    // Get the output from sed
-    char * ssh_key_with_command = read_from_file(sed_output);
+    add_ssh_command(&ssh_key_with_command, ssh_key);

-    if(!ssh_key_with_command)
-    {
-        return send_simple_response(response, 500, "error", "Internal error while converting ssh-key");
-    }
+    asprintf(&ssh_key_with_command, "%s\n", ssh_key_with_command);

    // Write SSH key to file
    fprintf(authorized_keys, ssh_key_with_command);
@@ -65,4 +53,3 @@ int callback_ssh_keys_post(const struct _u_request * request,

    return send_simple_response(response, 200, "status", "ok");
 }
-
--- a/src/auxiliary.c
+++ b/src/auxiliary.c
@@ -191,3 +191,17 @@ int parse_int(const char * input, int * result)
    *result = l;
    return 0;
 }
+
+/**
+ * Add the SSH_COMMAND string in front of ssh_key unless it's already there
+ * because people have seen it being used in ssh_keys_list.
+ * @param[in]   ssh_key a valid ssh key string
+ */
+int add_ssh_command(char ** ssh_key_with_command, const char * ssh_key)
+{
+    if(strncmp(SSH_COMMAND, ssh_key, strlen(SSH_COMMAND)) != 0)
+        asprintf(ssh_key_with_command, "%s %s", SSH_COMMAND, ssh_key);
+    else
+        asprintf(ssh_key_with_command, "%s", ssh_key);
+    return 0;
+}
--- a/src/includes/settings.h
+++ b/src/includes/settings.h
@@ -15,4 +15,4 @@
 #define AUTHORIZED_KEYS_DIR "/root/.ssh"
 #define AUTHORIZED_KEYS_PATH AUTHORIZED_KEYS_DIR "/authorized_keys"
 #define SSH_HOST_KEY_DIR "/dropbear"
-#define RESTRICT_COMMAND_PATH "/etc/cryptops-api/restrict_command.sed"
+#define SSH_COMMAND "command=\"cd / && /usr/bin/cryptops-client\""