Add -c <command> option to force a specific command

This change adds a -c option to dropbear, to force the session to use a specific command, in a similar fashion to OpenSSH's ForceCommand configuration option. This is useful to provide a simple fixed service over ssh, without requiring an authorized key file for the per-key forced_command option. This setting takes precedence over the channel session's provided command, and the per-key forced_command setting. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
2025-01-31 02:46:58 +00:00 · 2016-04-12 21:01:08 +08:00 · 2016-04-12 21:01:08 +08:00 · ac9a4c839f
commit ac9a4c839f
parent 3d2ddd15f8
3 changed files with 17 additions and 2 deletions
--- a/runopts.h
+++ b/runopts.h
@ -114,6 +114,8 @@ typedef struct svr_runopts {
 	buffer * banner;
 	char * pidfile;

+	char * forced_command;
+
 } svr_runopts;

 extern svr_runopts svr_opts;
--- a/svr-chansession.c
+++ b/svr-chansession.c
@ -671,8 +671,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
 		}
 	}
 	
-	/* take public key option 'command' into account */
-	svr_pubkey_set_forced_command(chansess);
+
+	/* take global command into account */
+	if (svr_opts.forced_command) {
+		chansess->original_command = chansess->cmd ? : m_strdup("");
+		chansess->cmd = m_strdup(svr_opts.forced_command);
+	} else {
+		/* take public key option 'command' into account */
+		svr_pubkey_set_forced_command(chansess);
+	}
+

 #ifdef LOG_COMMANDS
 	if (chansess->cmd) {
--- a/svr-runopts.c
+++ b/svr-runopts.c
@ -79,6 +79,7 @@ static void printhelp(const char * progname) {
 #ifdef ENABLE_SVR_REMOTETCPFWD
 					"-k		Disable remote port forwarding\n"
 					"-a		Allow connections to forwarded ports from any host\n"
+					"-c command	Force executed command\n"
 #endif
 					"-p [address:]port\n"
 					"		Listen on specified tcp port (and optionally address),\n"
@ -125,6 +126,7 @@ void svr_getopts(int argc, char ** argv) {
 	/* see printhelp() for options */
 	svr_opts.bannerfile = NULL;
 	svr_opts.banner = NULL;
+	svr_opts.forced_command = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
 	svr_opts.noauthpass = 0;
@ -177,6 +179,9 @@ void svr_getopts(int argc, char ** argv) {
 				case 'b':
 					next = &svr_opts.bannerfile;
 					break;
+				case 'c':
+					next = &svr_opts.forced_command;
+					break;
 				case 'd':
 				case 'r':
 					next = &keyfile;