| From b4e094381ec846f4387dc6a3c210c2205a8db58a Mon Sep 17 00:00:00 2001 |
| From: Jeremy Kerr <jk@ozlabs.org> |
| Date: Tue, 12 Apr 2016 11:11:40 +0800 |
| Subject: [PATCH] dropbear: Add -c <command> option to force a specific command |
| |
| This change adds a -c option to dropbear, to force the session to use a |
| specific command, in a similar fashion to OpenSSH's ForceCommand |
| configuration option. |
| |
| This is useful to provide a simple fixed service over ssh, without |
| requiring an authorized key file for the per-key forced_command option. |
| |
| This setting takes precedence over the channel session's provided |
| command, and the per-key forced_command setting. |
| |
| Signed-off-by: Jeremy Kerr <jk@ozlabs.org> |
| --- |
| runopts.h | 2 ++ |
| svr-chansession.c | 12 ++++++++++-- |
| svr-runopts.c | 5 +++++ |
| 3 files changed, 17 insertions(+), 2 deletions(-) |
| |
| diff --git a/runopts.h b/runopts.h |
| index f7c869d..ffb573e 100644 |
| --- a/runopts.h |
| +++ b/runopts.h |
| @@ -114,6 +114,8 @@ typedef struct svr_runopts { |
| buffer * banner; |
| char * pidfile; |
| |
| + char * command; |
| + |
| } svr_runopts; |
| |
| extern svr_runopts svr_opts; |
| diff --git a/svr-chansession.c b/svr-chansession.c |
| index bfaf7f6..d6c9330 100644 |
| --- a/svr-chansession.c |
| +++ b/svr-chansession.c |
| @@ -671,8 +671,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, |
| } |
| } |
| |
| - /* take public key option 'command' into account */ |
| - svr_pubkey_set_forced_command(chansess); |
| + |
| + /* take global command into account */ |
| + if (svr_opts.command) { |
| + chansess->original_command = chansess->cmd ? : m_strdup(""); |
| + chansess->cmd = m_strdup(svr_opts.command); |
| + } else { |
| + /* take public key option 'command' into account */ |
| + svr_pubkey_set_forced_command(chansess); |
| + } |
| + |
| |
| #ifdef LOG_COMMANDS |
| if (chansess->cmd) { |
| diff --git a/svr-runopts.c b/svr-runopts.c |
| index 8f60059..f845300 100644 |
| --- a/svr-runopts.c |
| +++ b/svr-runopts.c |
| @@ -79,6 +79,7 @@ static void printhelp(const char * progname) { |
| #ifdef ENABLE_SVR_REMOTETCPFWD |
| "-k Disable remote port forwarding\n" |
| "-a Allow connections to forwarded ports from any host\n" |
| + "-c command Force executed command\n" |
| #endif |
| "-p [address:]port\n" |
| " Listen on specified tcp port (and optionally address),\n" |
| @@ -125,6 +126,7 @@ void svr_getopts(int argc, char ** argv) { |
| /* see printhelp() for options */ |
| svr_opts.bannerfile = NULL; |
| svr_opts.banner = NULL; |
| + svr_opts.command = NULL; |
| svr_opts.forkbg = 1; |
| svr_opts.norootlogin = 0; |
| svr_opts.noauthpass = 0; |
| @@ -177,6 +179,9 @@ void svr_getopts(int argc, char ** argv) { |
| case 'b': |
| next = &svr_opts.bannerfile; |
| break; |
| + case 'c': |
| + next = &svr_opts.command; |
| + break; |
| case 'd': |
| case 'r': |
| next = &keyfile; |
| -- |
| 2.5.0 |
| |