# HG changeset patch # User Jeremy Kerr # Date 1460466068 -28800 # Node ID a23386821e9feb1d14def8792239734ac3af2840 # Parent c93af4270fa1654b19b0febab91c674e31aeaa3c Add -c option to force a specific command This change adds a -c option to dropbear, to force the session to use a specific command, in a similar fashion to OpenSSH's ForceCommand configuration option. This is useful to provide a simple fixed service over ssh, without requiring an authorized key file for the per-key forced_command option. This setting takes precedence over the channel session's provided command, and the per-key forced_command setting. Signed-off-by: Jeremy Kerr diff -r c93af4270fa1 -r a23386821e9f runopts.h --- a/runopts.h Fri Mar 18 23:51:50 2016 +0800 +++ b/runopts.h Tue Apr 12 21:01:08 2016 +0800 @@ -114,6 +114,8 @@ buffer * banner; char * pidfile; + char * forced_command; + } svr_runopts; extern svr_runopts svr_opts; diff -r c93af4270fa1 -r a23386821e9f svr-chansession.c --- a/svr-chansession.c Fri Mar 18 23:51:50 2016 +0800 +++ b/svr-chansession.c Tue Apr 12 21:01:08 2016 +0800 @@ -671,8 +671,16 @@ } } - /* take public key option 'command' into account */ - svr_pubkey_set_forced_command(chansess); + + /* take global command into account */ + if (svr_opts.forced_command) { + chansess->original_command = chansess->cmd ? : m_strdup(""); + chansess->cmd = m_strdup(svr_opts.forced_command); + } else { + /* take public key option 'command' into account */ + svr_pubkey_set_forced_command(chansess); + } + #ifdef LOG_COMMANDS if (chansess->cmd) { diff -r c93af4270fa1 -r a23386821e9f svr-runopts.c --- a/svr-runopts.c Fri Mar 18 23:51:50 2016 +0800 +++ b/svr-runopts.c Tue Apr 12 21:01:08 2016 +0800 @@ -79,6 +79,7 @@ #ifdef ENABLE_SVR_REMOTETCPFWD "-k Disable remote port forwarding\n" "-a Allow connections to forwarded ports from any host\n" + "-c command Force executed command\n" #endif "-p [address:]port\n" " Listen on specified tcp port (and optionally address),\n" @@ -125,6 +126,7 @@ /* see printhelp() for options */ svr_opts.bannerfile = NULL; svr_opts.banner = NULL; + svr_opts.forced_command = NULL; svr_opts.forkbg = 1; svr_opts.norootlogin = 0; svr_opts.noauthpass = 0; @@ -177,6 +179,9 @@ case 'b': next = &svr_opts.bannerfile; break; + case 'c': + next = &svr_opts.forced_command; + break; case 'd': case 'r': next = &keyfile;