1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
From b4e094381ec846f4387dc6a3c210c2205a8db58a Mon Sep 17 00:00:00 2001
From: Jeremy Kerr <jk@ozlabs.org>
Date: Tue, 12 Apr 2016 11:11:40 +0800
Subject: [PATCH] dropbear: Add -c <command> option to force a specific command
This change adds a -c option to dropbear, to force the session to use a
specific command, in a similar fashion to OpenSSH's ForceCommand
configuration option.
This is useful to provide a simple fixed service over ssh, without
requiring an authorized key file for the per-key forced_command option.
This setting takes precedence over the channel session's provided
command, and the per-key forced_command setting.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---
runopts.h | 2 ++
svr-chansession.c | 12 ++++++++++--
svr-runopts.c | 5 +++++
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/runopts.h b/runopts.h
index f7c869d..ffb573e 100644
--- a/runopts.h
+++ b/runopts.h
@@ -114,6 +114,8 @@ typedef struct svr_runopts {
buffer * banner;
char * pidfile;
+ char * command;
+
} svr_runopts;
extern svr_runopts svr_opts;
diff --git a/svr-chansession.c b/svr-chansession.c
index bfaf7f6..d6c9330 100644
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -671,8 +671,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
}
}
- /* take public key option 'command' into account */
- svr_pubkey_set_forced_command(chansess);
+
+ /* take global command into account */
+ if (svr_opts.command) {
+ chansess->original_command = chansess->cmd ? : m_strdup("");
+ chansess->cmd = m_strdup(svr_opts.command);
+ } else {
+ /* take public key option 'command' into account */
+ svr_pubkey_set_forced_command(chansess);
+ }
+
#ifdef LOG_COMMANDS
if (chansess->cmd) {
diff --git a/svr-runopts.c b/svr-runopts.c
index 8f60059..f845300 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -79,6 +79,7 @@ static void printhelp(const char * progname) {
#ifdef ENABLE_SVR_REMOTETCPFWD
"-k Disable remote port forwarding\n"
"-a Allow connections to forwarded ports from any host\n"
+ "-c command Force executed command\n"
#endif
"-p [address:]port\n"
" Listen on specified tcp port (and optionally address),\n"
@@ -125,6 +126,7 @@ void svr_getopts(int argc, char ** argv) {
/* see printhelp() for options */
svr_opts.bannerfile = NULL;
svr_opts.banner = NULL;
+ svr_opts.command = NULL;
svr_opts.forkbg = 1;
svr_opts.norootlogin = 0;
svr_opts.noauthpass = 0;
@@ -177,6 +179,9 @@ void svr_getopts(int argc, char ** argv) {
case 'b':
next = &svr_opts.bannerfile;
break;
+ case 'c':
+ next = &svr_opts.command;
+ break;
case 'd':
case 'r':
next = &keyfile;
--
2.5.0
|
