diff options
| author | Jeremy Kerr <jk@ozlabs.org> | 2016-04-12 21:01:08 +0800 |
|---|---|---|
| committer | Jeremy Kerr <jk@ozlabs.org> | 2016-04-12 21:01:08 +0800 |
| commit | ac9a4c839f6cbde3ca8226d79eca36a497620594 (patch) | |
| tree | 10ff821cf12b67d9bc2874253f1469b03f09d124 | |
| parent | 3d2ddd15f8686ab8114dd94aff33919b4095e7b0 (diff) | |
Add -c <command> option to force a specific command
This change adds a -c option to dropbear, to force the session to use a
specific command, in a similar fashion to OpenSSH's ForceCommand
configuration option.
This is useful to provide a simple fixed service over ssh, without
requiring an authorized key file for the per-key forced_command option.
This setting takes precedence over the channel session's provided
command, and the per-key forced_command setting.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
| -rw-r--r-- | runopts.h | 2 | ||||
| -rw-r--r-- | svr-chansession.c | 12 | ||||
| -rw-r--r-- | svr-runopts.c | 5 |
3 files changed, 17 insertions, 2 deletions
@@ -114,6 +114,8 @@ typedef struct svr_runopts { buffer * banner; char * pidfile; + char * forced_command; + } svr_runopts; extern svr_runopts svr_opts; diff --git a/svr-chansession.c b/svr-chansession.c index bfaf7f6..8c6f3a2 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -671,8 +671,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, } } - /* take public key option 'command' into account */ - svr_pubkey_set_forced_command(chansess); + + /* take global command into account */ + if (svr_opts.forced_command) { + chansess->original_command = chansess->cmd ? : m_strdup(""); + chansess->cmd = m_strdup(svr_opts.forced_command); + } else { + /* take public key option 'command' into account */ + svr_pubkey_set_forced_command(chansess); + } + #ifdef LOG_COMMANDS if (chansess->cmd) { diff --git a/svr-runopts.c b/svr-runopts.c index 8f60059..8d1fa6b 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -79,6 +79,7 @@ static void printhelp(const char * progname) { #ifdef ENABLE_SVR_REMOTETCPFWD "-k Disable remote port forwarding\n" "-a Allow connections to forwarded ports from any host\n" + "-c command Force executed command\n" #endif "-p [address:]port\n" " Listen on specified tcp port (and optionally address),\n" @@ -125,6 +126,7 @@ void svr_getopts(int argc, char ** argv) { /* see printhelp() for options */ svr_opts.bannerfile = NULL; svr_opts.banner = NULL; + svr_opts.forced_command = NULL; svr_opts.forkbg = 1; svr_opts.norootlogin = 0; svr_opts.noauthpass = 0; @@ -177,6 +179,9 @@ void svr_getopts(int argc, char ** argv) { case 'b': next = &svr_opts.bannerfile; break; + case 'c': + next = &svr_opts.forced_command; + break; case 'd': case 'r': next = &keyfile; |