Jeremy Kerr | 2f8017a | 2016-04-12 11:38:13 +0800 | [diff] [blame] | 1 | From b4e094381ec846f4387dc6a3c210c2205a8db58a Mon Sep 17 00:00:00 2001 |
| 2 | From: Jeremy Kerr <jk@ozlabs.org> |
| 3 | Date: Tue, 12 Apr 2016 11:11:40 +0800 |
| 4 | Subject: [PATCH] dropbear: Add -c <command> option to force a specific command |
| 5 | |
| 6 | This change adds a -c option to dropbear, to force the session to use a |
| 7 | specific command, in a similar fashion to OpenSSH's ForceCommand |
| 8 | configuration option. |
| 9 | |
| 10 | This is useful to provide a simple fixed service over ssh, without |
| 11 | requiring an authorized key file for the per-key forced_command option. |
| 12 | |
| 13 | This setting takes precedence over the channel session's provided |
| 14 | command, and the per-key forced_command setting. |
| 15 | |
| 16 | Signed-off-by: Jeremy Kerr <jk@ozlabs.org> |
| 17 | --- |
| 18 | runopts.h | 2 ++ |
| 19 | svr-chansession.c | 12 ++++++++++-- |
| 20 | svr-runopts.c | 5 +++++ |
| 21 | 3 files changed, 17 insertions(+), 2 deletions(-) |
| 22 | |
| 23 | diff --git a/runopts.h b/runopts.h |
| 24 | index f7c869d..ffb573e 100644 |
| 25 | --- a/runopts.h |
| 26 | +++ b/runopts.h |
| 27 | @@ -114,6 +114,8 @@ typedef struct svr_runopts { |
| 28 | buffer * banner; |
| 29 | char * pidfile; |
| 30 | |
| 31 | + char * command; |
| 32 | + |
| 33 | } svr_runopts; |
| 34 | |
| 35 | extern svr_runopts svr_opts; |
| 36 | diff --git a/svr-chansession.c b/svr-chansession.c |
| 37 | index bfaf7f6..d6c9330 100644 |
| 38 | --- a/svr-chansession.c |
| 39 | +++ b/svr-chansession.c |
| 40 | @@ -671,8 +671,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, |
| 41 | } |
| 42 | } |
| 43 | |
| 44 | - /* take public key option 'command' into account */ |
| 45 | - svr_pubkey_set_forced_command(chansess); |
| 46 | + |
| 47 | + /* take global command into account */ |
| 48 | + if (svr_opts.command) { |
| 49 | + chansess->original_command = chansess->cmd ? : m_strdup(""); |
| 50 | + chansess->cmd = m_strdup(svr_opts.command); |
| 51 | + } else { |
| 52 | + /* take public key option 'command' into account */ |
| 53 | + svr_pubkey_set_forced_command(chansess); |
| 54 | + } |
| 55 | + |
| 56 | |
| 57 | #ifdef LOG_COMMANDS |
| 58 | if (chansess->cmd) { |
| 59 | diff --git a/svr-runopts.c b/svr-runopts.c |
| 60 | index 8f60059..f845300 100644 |
| 61 | --- a/svr-runopts.c |
| 62 | +++ b/svr-runopts.c |
| 63 | @@ -79,6 +79,7 @@ static void printhelp(const char * progname) { |
| 64 | #ifdef ENABLE_SVR_REMOTETCPFWD |
| 65 | "-k Disable remote port forwarding\n" |
| 66 | "-a Allow connections to forwarded ports from any host\n" |
| 67 | + "-c command Force executed command\n" |
| 68 | #endif |
| 69 | "-p [address:]port\n" |
| 70 | " Listen on specified tcp port (and optionally address),\n" |
| 71 | @@ -125,6 +126,7 @@ void svr_getopts(int argc, char ** argv) { |
| 72 | /* see printhelp() for options */ |
| 73 | svr_opts.bannerfile = NULL; |
| 74 | svr_opts.banner = NULL; |
| 75 | + svr_opts.command = NULL; |
| 76 | svr_opts.forkbg = 1; |
| 77 | svr_opts.norootlogin = 0; |
| 78 | svr_opts.noauthpass = 0; |
| 79 | @@ -177,6 +179,9 @@ void svr_getopts(int argc, char ** argv) { |
| 80 | case 'b': |
| 81 | next = &svr_opts.bannerfile; |
| 82 | break; |
| 83 | + case 'c': |
| 84 | + next = &svr_opts.command; |
| 85 | + break; |
| 86 | case 'd': |
| 87 | case 'r': |
| 88 | next = &keyfile; |
| 89 | -- |
| 90 | 2.5.0 |
| 91 | |