diff options
Diffstat (limited to 'svr-runopts.c')
-rw-r--r-- | svr-runopts.c | 81 |
1 files changed, 43 insertions, 38 deletions
diff --git a/svr-runopts.c b/svr-runopts.c index 8f60059..e6dc8a8 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -46,16 +46,16 @@ static void printhelp(const char * progname) { " (default: none)\n" "-r keyfile Specify hostkeys (repeatable)\n" " defaults: \n" -#ifdef DROPBEAR_DSS +#if DROPBEAR_DSS " dss %s\n" #endif -#ifdef DROPBEAR_RSA +#if DROPBEAR_RSA " rsa %s\n" #endif -#ifdef DROPBEAR_ECDSA +#if DROPBEAR_ECDSA " ecdsa %s\n" #endif -#ifdef DROPBEAR_DELAY_HOSTKEY +#if DROPBEAR_DELAY_HOSTKEY "-R Create hostkeys as required\n" #endif "-F Don't fork into background\n" @@ -68,17 +68,18 @@ static void printhelp(const char * progname) { "-m Don't display the motd on login\n" #endif "-w Disallow root logins\n" -#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) +#if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH "-s Disable password logins\n" "-g Disable password logins for root\n" "-B Allow blank password logins\n" #endif -#ifdef ENABLE_SVR_LOCALTCPFWD +#if DROPBEAR_SVR_LOCALTCPFWD "-j Disable local port forwarding\n" #endif -#ifdef ENABLE_SVR_REMOTETCPFWD +#if DROPBEAR_SVR_REMOTETCPFWD "-k Disable remote port forwarding\n" "-a Allow connections to forwarded ports from any host\n" + "-c command Force executed command\n" #endif "-p [address:]port\n" " Listen on specified tcp port (and optionally address),\n" @@ -93,17 +94,17 @@ static void printhelp(const char * progname) { "-K <keepalive> (0 is never, default %d, in seconds)\n" "-I <idle_timeout> (0 is never, default %d, in seconds)\n" "-V Version\n" -#ifdef DEBUG_TRACE +#if DEBUG_TRACE "-v verbose (compiled with DEBUG_TRACE)\n" #endif ,DROPBEAR_VERSION, progname, -#ifdef DROPBEAR_DSS +#if DROPBEAR_DSS DSS_PRIV_FILENAME, #endif -#ifdef DROPBEAR_RSA +#if DROPBEAR_RSA RSA_PRIV_FILENAME, #endif -#ifdef DROPBEAR_ECDSA +#if DROPBEAR_ECDSA ECDSA_PRIV_FILENAME, #endif DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, @@ -125,6 +126,7 @@ void svr_getopts(int argc, char ** argv) { /* see printhelp() for options */ svr_opts.bannerfile = NULL; svr_opts.banner = NULL; + svr_opts.forced_command = NULL; svr_opts.forkbg = 1; svr_opts.norootlogin = 0; svr_opts.noauthpass = 0; @@ -135,19 +137,15 @@ void svr_getopts(int argc, char ** argv) { svr_opts.hostkey = NULL; svr_opts.delay_hostkey = 0; svr_opts.pidfile = DROPBEAR_PIDFILE; -#ifdef ENABLE_SVR_LOCALTCPFWD +#if DROPBEAR_SVR_LOCALTCPFWD svr_opts.nolocaltcp = 0; #endif -#ifdef ENABLE_SVR_REMOTETCPFWD +#if DROPBEAR_SVR_REMOTETCPFWD svr_opts.noremotetcp = 0; #endif #ifndef DISABLE_ZLIB -#if DROPBEAR_SERVER_DELAY_ZLIB opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; -#else - opts.compress_mode = DROPBEAR_COMPRESS_ON; -#endif #endif /* not yet @@ -164,7 +162,7 @@ void svr_getopts(int argc, char ** argv) { opts.keepalive_secs = DEFAULT_KEEPALIVE; opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT; -#ifdef ENABLE_SVR_REMOTETCPFWD +#if DROPBEAR_SVR_REMOTETCPFWD opts.listen_fwd_all = 0; #endif @@ -177,6 +175,9 @@ void svr_getopts(int argc, char ** argv) { case 'b': next = &svr_opts.bannerfile; break; + case 'c': + next = &svr_opts.forced_command; + break; case 'd': case 'r': next = &keyfile; @@ -192,12 +193,12 @@ void svr_getopts(int argc, char ** argv) { opts.usingsyslog = 0; break; #endif -#ifdef ENABLE_SVR_LOCALTCPFWD +#if DROPBEAR_SVR_LOCALTCPFWD case 'j': svr_opts.nolocaltcp = 1; break; #endif -#ifdef ENABLE_SVR_REMOTETCPFWD +#if DROPBEAR_SVR_REMOTETCPFWD case 'k': svr_opts.noremotetcp = 1; break; @@ -234,7 +235,7 @@ void svr_getopts(int argc, char ** argv) { case 'I': next = &idle_timeout_arg; break; -#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) +#if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH case 's': svr_opts.noauthpass = 1; break; @@ -252,7 +253,7 @@ void svr_getopts(int argc, char ** argv) { case 'u': /* backwards compatibility with old urandom option */ break; -#ifdef DEBUG_TRACE +#if DEBUG_TRACE case 'v': debug_trace = 1; break; @@ -346,6 +347,10 @@ void svr_getopts(int argc, char ** argv) { } opts.idle_timeout_secs = val; } + + if (svr_opts.forced_command) { + dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command); + } } static void addportandaddress(const char* spec) { @@ -434,30 +439,30 @@ static void loadhostkey(const char *keyfile, int fatal_duplicate) { } } -#ifdef DROPBEAR_RSA +#if DROPBEAR_RSA if (type == DROPBEAR_SIGNKEY_RSA) { loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); } #endif -#ifdef DROPBEAR_DSS +#if DROPBEAR_DSS if (type == DROPBEAR_SIGNKEY_DSS) { loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate); } #endif -#ifdef DROPBEAR_ECDSA -#ifdef DROPBEAR_ECC_256 +#if DROPBEAR_ECDSA +#if DROPBEAR_ECC_256 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) { loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate); } #endif -#ifdef DROPBEAR_ECC_384 +#if DROPBEAR_ECC_384 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) { loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate); } #endif -#ifdef DROPBEAR_ECC_521 +#if DROPBEAR_ECC_521 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate); } @@ -488,25 +493,25 @@ void load_all_hostkeys() { m_free(hostkey_file); } -#ifdef DROPBEAR_RSA +#if DROPBEAR_RSA loadhostkey(RSA_PRIV_FILENAME, 0); #endif -#ifdef DROPBEAR_DSS +#if DROPBEAR_DSS loadhostkey(DSS_PRIV_FILENAME, 0); #endif -#ifdef DROPBEAR_ECDSA +#if DROPBEAR_ECDSA loadhostkey(ECDSA_PRIV_FILENAME, 0); #endif -#ifdef DROPBEAR_DELAY_HOSTKEY +#if DROPBEAR_DELAY_HOSTKEY if (svr_opts.delay_hostkey) { disable_unset_keys = 0; } #endif -#ifdef DROPBEAR_RSA +#if DROPBEAR_RSA if (disable_unset_keys && !svr_opts.hostkey->rsakey) { disablekey(DROPBEAR_SIGNKEY_RSA); } else { @@ -514,7 +519,7 @@ void load_all_hostkeys() { } #endif -#ifdef DROPBEAR_DSS +#if DROPBEAR_DSS if (disable_unset_keys && !svr_opts.hostkey->dsskey) { disablekey(DROPBEAR_SIGNKEY_DSS); } else { @@ -523,8 +528,8 @@ void load_all_hostkeys() { #endif -#ifdef DROPBEAR_ECDSA -#ifdef DROPBEAR_ECC_256 +#if DROPBEAR_ECDSA +#if DROPBEAR_ECC_256 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256) && !svr_opts.hostkey->ecckey256) { disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); @@ -533,7 +538,7 @@ void load_all_hostkeys() { } #endif -#ifdef DROPBEAR_ECC_384 +#if DROPBEAR_ECC_384 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384) && !svr_opts.hostkey->ecckey384) { disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); @@ -542,7 +547,7 @@ void load_all_hostkeys() { } #endif -#ifdef DROPBEAR_ECC_521 +#if DROPBEAR_ECC_521 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521) && !svr_opts.hostkey->ecckey521) { disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); |