changeset 1289:a23386821e9f

Add -c <command> option to force a specific command This change adds a -c option to dropbear, to force the session to use a specific command, in a similar fashion to OpenSSH's ForceCommand configuration option. This is useful to provide a simple fixed service over ssh, without requiring an authorized key file for the per-key forced_command option. This setting takes precedence over the channel session's provided command, and the per-key forced_command setting. Signed-off-by: Jeremy Kerr <[email protected]>
author Jeremy Kerr <jk@ozlabs.org>
date Tue, 12 Apr 2016 21:01:08 +0800
parents c93af4270fa1
children ee2ffa044c7e
files runopts.h svr-chansession.c svr-runopts.c
diffstat 3 files changed, 17 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/runopts.h	Fri Mar 18 23:51:50 2016 +0800
+++ b/runopts.h	Tue Apr 12 21:01:08 2016 +0800
@@ -114,6 +114,8 @@
 	buffer * banner;
 	char * pidfile;
 
+	char * forced_command;
+
 } svr_runopts;
 
 extern svr_runopts svr_opts;
--- a/svr-chansession.c	Fri Mar 18 23:51:50 2016 +0800
+++ b/svr-chansession.c	Tue Apr 12 21:01:08 2016 +0800
@@ -671,8 +671,16 @@
 		}
 	}
 	
-	/* take public key option 'command' into account */
-	svr_pubkey_set_forced_command(chansess);
+
+	/* take global command into account */
+	if (svr_opts.forced_command) {
+		chansess->original_command = chansess->cmd ? : m_strdup("");
+		chansess->cmd = m_strdup(svr_opts.forced_command);
+	} else {
+		/* take public key option 'command' into account */
+		svr_pubkey_set_forced_command(chansess);
+	}
+
 
 #ifdef LOG_COMMANDS
 	if (chansess->cmd) {
--- a/svr-runopts.c	Fri Mar 18 23:51:50 2016 +0800
+++ b/svr-runopts.c	Tue Apr 12 21:01:08 2016 +0800
@@ -79,6 +79,7 @@
 #ifdef ENABLE_SVR_REMOTETCPFWD
 					"-k		Disable remote port forwarding\n"
 					"-a		Allow connections to forwarded ports from any host\n"
+					"-c command	Force executed command\n"
 #endif
 					"-p [address:]port\n"
 					"		Listen on specified tcp port (and optionally address),\n"
@@ -125,6 +126,7 @@
 	/* see printhelp() for options */
 	svr_opts.bannerfile = NULL;
 	svr_opts.banner = NULL;
+	svr_opts.forced_command = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
 	svr_opts.noauthpass = 0;
@@ -177,6 +179,9 @@
 				case 'b':
 					next = &svr_opts.bannerfile;
 					break;
+				case 'c':
+					next = &svr_opts.forced_command;
+					break;
 				case 'd':
 				case 'r':
 					next = &keyfile;