# HG changeset patch
# User Jeremy Kerr <jk@ozlabs.org>
# Date 1460466068 -28800
# Node ID a23386821e9feb1d14def8792239734ac3af2840
# Parent  c93af4270fa1654b19b0febab91c674e31aeaa3c
Add -c <command> option to force a specific command

This change adds a -c option to dropbear, to force the session to use a
specific command, in a similar fashion to OpenSSH's ForceCommand
configuration option.

This is useful to provide a simple fixed service over ssh, without
requiring an authorized key file for the per-key forced_command option.

This setting takes precedence over the channel session's provided
command, and the per-key forced_command setting.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>

diff -r c93af4270fa1 -r a23386821e9f runopts.h
--- a/runopts.h	Fri Mar 18 23:51:50 2016 +0800
+++ b/runopts.h	Tue Apr 12 21:01:08 2016 +0800
@@ -114,6 +114,8 @@
 	buffer * banner;
 	char * pidfile;
 
+	char * forced_command;
+
 } svr_runopts;
 
 extern svr_runopts svr_opts;
diff -r c93af4270fa1 -r a23386821e9f svr-chansession.c
--- a/svr-chansession.c	Fri Mar 18 23:51:50 2016 +0800
+++ b/svr-chansession.c	Tue Apr 12 21:01:08 2016 +0800
@@ -671,8 +671,16 @@
 		}
 	}
 	
-	/* take public key option 'command' into account */
-	svr_pubkey_set_forced_command(chansess);
+
+	/* take global command into account */
+	if (svr_opts.forced_command) {
+		chansess->original_command = chansess->cmd ? : m_strdup("");
+		chansess->cmd = m_strdup(svr_opts.forced_command);
+	} else {
+		/* take public key option 'command' into account */
+		svr_pubkey_set_forced_command(chansess);
+	}
+
 
 #ifdef LOG_COMMANDS
 	if (chansess->cmd) {
diff -r c93af4270fa1 -r a23386821e9f svr-runopts.c
--- a/svr-runopts.c	Fri Mar 18 23:51:50 2016 +0800
+++ b/svr-runopts.c	Tue Apr 12 21:01:08 2016 +0800
@@ -79,6 +79,7 @@
 #ifdef ENABLE_SVR_REMOTETCPFWD
 					"-k		Disable remote port forwarding\n"
 					"-a		Allow connections to forwarded ports from any host\n"
+					"-c command	Force executed command\n"
 #endif
 					"-p [address:]port\n"
 					"		Listen on specified tcp port (and optionally address),\n"
@@ -125,6 +126,7 @@
 	/* see printhelp() for options */
 	svr_opts.bannerfile = NULL;
 	svr_opts.banner = NULL;
+	svr_opts.forced_command = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
 	svr_opts.noauthpass = 0;
@@ -177,6 +179,9 @@
 				case 'b':
 					next = &svr_opts.bannerfile;
 					break;
+				case 'c':
+					next = &svr_opts.forced_command;
+					break;
 				case 'd':
 				case 'r':
 					next = &keyfile;