This handles the case where a svrchansess has separate FDs
for nopty, but a single FD for pty mode.
The use of sepfds was also previously incorrect for X11 and
agent forwarding
For the sake of review, this commit alters only the code; the affiliated
comments within the source files also need to be updated, but doing so
now would obscure the operational changes that have been made here.
* All on/off options have been switched to the numeric `#if' variant;
that is the only way to make this `default_options.h.in' thing work
in a reasonable manner.
* There is now some very minor compile-time checking of the user's
choice of options.
* NO_FAST_EXPTMOD doesn't seem to be used, so it has been removed.
* ENABLE_USER_ALGO_LIST was supposed to be renamed DROPBEAR_USER_ALGO_LIST,
and this commit completes that work.
* DROPBEAR_FUZZ seems to be a relatively new, as-yet undocumented option,
which was added by the following commit:
commit 6e0b539e9c
Author: Matt Johnston <matt@ucc.asn.au>
Date: Tue May 23 22:29:21 2017 +0800
split out checkpubkey_line() separately
It has now been added to `sysoptions.h' and defined as `0' by default.
* The configuration option `DROPBEAR_PASSWORD_ENV' is no longer listed in
`default_options.h.in'; it is no longer meant to be set by the user, and
is instead left to be defined in `sysoptions.h' (where it was already being
defined) as merely the name of the environment variable in question:
DROPBEAR_PASSWORD
To enable or disable use of that environment variable, the user must now
toggle `DROPBEAR_USE_DROPBEAR_PASSWORD'.
* The sFTP support is now toggled by setting `DROPBEAR_SFTPSERVER', and the
path of the sFTP server program is set independently through the usual
SFTPSERVER_PATH.
This change adds a -c option to dropbear, to force the session to use a
specific command, in a similar fashion to OpenSSH's ForceCommand
configuration option.
This is useful to provide a simple fixed service over ssh, without
requiring an authorized key file for the per-key forced_command option.
This setting takes precedence over the channel session's provided
command, and the per-key forced_command setting.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
(possibly via authorized_keys(5) restrictions), even when a
pseudo-terminal has been allocated for the session. In other words,
only display the MOTD when the server starts the user's default shell.
if (connecting || ptys || x11) tos = LOWDELAY;
else if (tcp_forwards) tos = 0;
else tos = BULK;
TCP forwards could be either lowdelay or bulk, hence the default priority.
