(CommandList children: [ (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:tid) op:Equal rhs:{(DQ ('key options'))} spids:[7])] spids: [7] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:origkeys) op: Equal rhs: {(DQ ($ VSub_Name '$OBJ') (/authkeys_orig))} spids: [13] ) ] spids: [13] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:authkeys) op: Equal rhs: {(DQ ($ VSub_Name '$OBJ') (/authorized_keys_) (${ VSub_Name USER))} spids: [19] ) ] spids: [19] ) (C {(cp)} {($ VSub_Name '$authkeys')} {($ VSub_Name '$origkeys')}) (ForEach iter_name: p iter_words: [{(${ VSub_Name SSH_PROTOCOLS)}] do_arg_iter: False body: (DoGroup children: [ (ForEach iter_name: c iter_words: [{(SQ <'command="echo bar"'>)} {(SQ <'no-pty,command="echo bar"'>)}] do_arg_iter: False body: (DoGroup children: [ (SimpleCommand words: [ {(sed)} {(DQ ('s/.*/') ($ VSub_Name '$c') (' &/'))} {($ VSub_Name '$origkeys')} ] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {($ VSub_Name '$authkeys')} spids: [80] ) ] ) (C {(verbose)} {(DQ ('key option proto ') ($ VSub_Name '$p') (' ') ($ VSub_Name '$c'))} ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:r) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {(${ VSub_Name SSH)} {(-) ($ VSub_Name '$p')} {(-q)} {(-F)} {($ VSub_Name '$OBJ') (/ssh_proxy)} {(somehost)} {(echo)} {(foo)} ) ] ) left_token: <Left_Backtick '`'> spids: [95 115] ) } spids: [94] ) ] spids: [94] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other '[')} {(DQ ($ VSub_Name '$r'))} {(Lit_Other '=')} {(DQ (foo))} {(Lit_Other ']')} ) terminator: <Op_Semi ';'> ) ] action: [(C {(fail)} {(DQ ('key option forced command not restricted'))})] spids: [-1 135] ) ] spids: [-1 145] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other '[')} {(DQ ($ VSub_Name '$r'))} {(KW_Bang '!') (Lit_Other '=')} {(DQ (bar))} {(Lit_Other ']')} ) terminator: <Op_Semi ';'> ) ] action: [(C {(fail)} {(DQ ('key option forced command not executed'))})] spids: [-1 166] ) ] spids: [-1 176] ) ] spids: [67 179] ) spids: [57 65] ) ] spids: [49 181] ) spids: [43 47] ) (SimpleCommand words: [{(sed)} {(SQ <'s/.*/no-pty &/'>)} {($ VSub_Name '$origkeys')}] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{($ VSub_Name '$authkeys')} spids:[195])] ) (ForEach iter_name: p iter_words: [{(${ VSub_Name SSH_PROTOCOLS)}] do_arg_iter: False body: (DoGroup children: [ (C {(verbose)} {(DQ ('key option proto ') ($ VSub_Name '$p') (' no-pty'))}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:r) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {(${ VSub_Name SSH)} {(-) ($ VSub_Name '$p')} {(-q)} {(-F)} {($ VSub_Name '$OBJ') (/ssh_proxy)} {(somehost)} {(tty)} ) ] ) left_token: <Left_Backtick '`'> spids: [222 240] ) } spids: [221] ) ] spids: [221] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other '[')} {(-f)} {(DQ ($ VSub_Name '$r'))} {(Lit_Other ']')}) terminator: <Op_Semi ';'> ) ] action: [ (C {(fail)} { (DQ ('key option failed proto ') ($ VSub_Name '$p') (' no-pty (pty ') ($ VSub_Name '$r') (')') ) } ) ] spids: [-1 256] ) ] spids: [-1 270] ) ] spids: [209 272] ) spids: [203 207] ) (SimpleCommand words: [{(echo)} {(SQ <'PermitUserEnvironment yes'>)}] redirects: [ (Redir op_id: Redir_DGreat fd: -1 arg_word: {($ VSub_Name '$OBJ') (/sshd_proxy)} spids: [284] ) ] ) (SimpleCommand words: [{(sed)} {(SQ <'s/.*/environment="FOO=bar" &/'>)} {($ VSub_Name '$origkeys')}] redirects: [(Redir op_id:Redir_Great fd:-1 arg_word:{($ VSub_Name '$authkeys')} spids:[297])] ) (ForEach iter_name: p iter_words: [{(${ VSub_Name SSH_PROTOCOLS)}] do_arg_iter: False body: (DoGroup children: [ (C {(verbose)} {(DQ ('key option proto ') ($ VSub_Name '$p') (' environment'))}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:r) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {(${ VSub_Name SSH)} {(-) ($ VSub_Name '$p')} {(-q)} {(-F)} {($ VSub_Name '$OBJ') (/ssh_proxy)} {(somehost)} {(SQ <'echo $FOO'>)} ) ] ) left_token: <Left_Backtick '`'> spids: [324 344] ) } spids: [323] ) ] spids: [323] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other '[')} {(DQ ($ VSub_Name '$r'))} {(KW_Bang '!') (Lit_Other '=')} {(DQ (bar))} {(Lit_Other ']')} ) terminator: <Op_Semi ';'> ) ] action: [(C {(fail)} {(DQ ('key option environment not set'))})] spids: [-1 365] ) ] spids: [-1 375] ) ] spids: [311 377] ) spids: [305 309] ) (C {(start_sshd)}) (ForEach iter_name: p iter_words: [{(${ VSub_Name SSH_PROTOCOLS)}] do_arg_iter: False body: (DoGroup children: [ (ForEach iter_name: f iter_words: [{(127.0.0.1)} {(SQ <'127.0.0.0\\/8'>)}] do_arg_iter: False body: (DoGroup children: [ (SimpleCommand words: [{(cat)} {($ VSub_Name '$origkeys')}] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {($ VSub_Name '$authkeys')} spids: [419] ) ] ) (C {(${ VSub_Name SSH)} {(-) ($ VSub_Name '$p')} {(-q)} {(-F)} {($ VSub_Name '$OBJ') (/ssh_proxy)} {(somehost)} {(true)} ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other '[')} {($ VSub_QMark '$?')} {(-ne)} {(0)} {(Lit_Other ']')}) terminator: <Op_Semi ';'> ) ] action: [ (C {(fail)} { (DQ ('key option proto ') ($ VSub_Name '$p') (' failed without restriction') ) } ) ] spids: [-1 455] ) ] spids: [-1 467] ) (SimpleCommand words: [ {(sed)} {(SQ <'s/.*/from="'>) (DQ ($ VSub_Name '$f')) (SQ <'" &/'>)} {($ VSub_Name '$origkeys')} ] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {($ VSub_Name '$authkeys')} spids: [485] ) ] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:from) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (C {(head)} {(-1)} {($ VSub_Name '$authkeys')}) (C {(cut)} {(-f1)} {(-d)} {(SQ <' '>)}) ] negated: False ) ] ) left_token: <Left_Backtick '`'> spids: [490 508] ) } spids: [489] ) ] spids: [489] ) (C {(verbose)} {(DQ ('key option proto ') ($ VSub_Name '$p') (' ') ($ VSub_Name '$from'))} ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:r) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {(${ VSub_Name SSH)} {(-) ($ VSub_Name '$p')} {(-q)} {(-F)} {($ VSub_Name '$OBJ') (/ssh_proxy)} {(somehost)} {(SQ <'echo true'>)} ) ] ) left_token: <Left_Backtick '`'> spids: [522 542] ) } spids: [521] ) ] spids: [521] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other '[')} {(DQ ($ VSub_Name '$r'))} {(Lit_Other '=')} {(DQ (true))} {(Lit_Other ']')} ) terminator: <Op_Semi ';'> ) ] action: [ (C {(fail)} { (DQ ('key option proto ') ($ VSub_Name '$p') (' ') ($ VSub_Name '$from') (' not restricted') ) } ) ] spids: [-1 562] ) ] spids: [-1 576] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:r) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {(${ VSub_Name SSH)} {(-) ($ VSub_Name '$p')} {(-q)} {(-F)} {($ VSub_Name '$OBJ') (/ssh_config)} {(somehost)} {(SQ <'echo true'>)} ) ] ) left_token: <Left_Backtick '`'> spids: [581 601] ) } spids: [580] ) ] spids: [580] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other '[')} {(DQ ($ VSub_Name '$r'))} {(KW_Bang '!') (Lit_Other '=')} {(DQ (true))} {(Lit_Other ']')} ) terminator: <Op_Semi ';'> ) ] action: [ (C {(fail)} { (DQ ('key option proto ') ($ VSub_Name '$p') (' ') ($ VSub_Name '$from') (' not allowed but should be') ) } ) ] spids: [-1 622] ) ] spids: [-1 636] ) ] spids: [412 639] ) spids: [404 410] ) ] spids: [396 641] ) spids: [390 394] ) (C {(rm)} {(-f)} {(DQ ($ VSub_Name '$origkeys'))}) ] )