ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 10:57:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add -c <command> option to force a specific command

Browse Source 
This change adds a -c option to dropbear, to force the session to use a
specific command, in a similar fashion to OpenSSH's ForceCommand
configuration option.

This is useful to provide a simple fixed service over ssh, without
requiring an authorized key file for the per-key forced_command option.

This setting takes precedence over the channel session's provided
command, and the per-key forced_command setting.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
This commit is contained in:
Jeremy Kerr 2016-04-12 21:01:08 +08:00
parent 3d2ddd15f8
commit ac9a4c839f
3 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
runopts.h
View File

@ -114,6 +114,8 @@ typedef struct svr_runopts {
buffer * banner; buffer * banner;
char * pidfile; char * pidfile;
char * forced_command;
} svr_runopts; } svr_runopts;
extern svr_runopts svr_opts; extern svr_runopts svr_opts;

12
svr-chansession.c
View File

@ -671,8 +671,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
} }
} }
/* take public key option 'command' into account */
svr_pubkey_set_forced_command(chansess); /* take global command into account */
if (svr_opts.forced_command) {
chansess->original_command = chansess->cmd ? : m_strdup("");
chansess->cmd = m_strdup(svr_opts.forced_command);
} else {
/* take public key option 'command' into account */
svr_pubkey_set_forced_command(chansess);
}
#ifdef LOG_COMMANDS #ifdef LOG_COMMANDS
if (chansess->cmd) { if (chansess->cmd) {

5
svr-runopts.c
View File

@ -79,6 +79,7 @@ static void printhelp(const char * progname) {
#ifdef ENABLE_SVR_REMOTETCPFWD #ifdef ENABLE_SVR_REMOTETCPFWD
"-k Disable remote port forwarding\n" "-k Disable remote port forwarding\n"
"-a Allow connections to forwarded ports from any host\n" "-a Allow connections to forwarded ports from any host\n"
"-c command Force executed command\n"
#endif #endif
"-p [address:]port\n" "-p [address:]port\n"
" Listen on specified tcp port (and optionally address),\n" " Listen on specified tcp port (and optionally address),\n"
@ -125,6 +126,7 @@ void svr_getopts(int argc, char ** argv) {
/* see printhelp() for options */ /* see printhelp() for options */
svr_opts.bannerfile = NULL; svr_opts.bannerfile = NULL;
svr_opts.banner = NULL; svr_opts.banner = NULL;
svr_opts.forced_command = NULL;
svr_opts.forkbg = 1; svr_opts.forkbg = 1;
svr_opts.norootlogin = 0; svr_opts.norootlogin = 0;
svr_opts.noauthpass = 0; svr_opts.noauthpass = 0;
@ -177,6 +179,9 @@ void svr_getopts(int argc, char ** argv) {
case 'b': case 'b':
next = &svr_opts.bannerfile; next = &svr_opts.bannerfile;
break; break;
case 'c':
next = &svr_opts.forced_command;
break;
case 'd': case 'd':
case 'r': case 'r':
next = &keyfile; next = &keyfile;