mirror of
http://galexander.org/git/simplesshd.git
synced 2024-12-28 17:08:08 +00:00
intercept attempts to execute "scp", and redirect them to the builtin scp
This commit is contained in:
Greg Alexander
parent
253c468b3a
commit
93760bfb7b
1
NOTES
1
NOTES
@ -72,7 +72,6 @@ it uses select(), I'm not sure how I would honor Thread.interrupt() or
|
|||||||
whatever. It's not guaranteed to interrupt select(), and I'm not keen on
|
whatever. It's not guaranteed to interrupt select(), and I'm not keen on
|
||||||
adding an arbitrary timeout/polling feature to it.
|
adding an arbitrary timeout/polling feature to it.
|
||||||
|
|
||||||
XXX - scp
|
|
||||||
XXX - zlib
|
XXX - zlib
|
||||||
XXX - rsync
|
XXX - rsync
|
||||||
|
|
||||||
|
|||||||
@ -574,10 +574,27 @@ int spawn_command(void(*exec_fn)(void *user_data), void *exec_data,
|
|||||||
* re-enabled SIGPIPE. If cmd is NULL, will run a login shell.
|
* re-enabled SIGPIPE. If cmd is NULL, will run a login shell.
|
||||||
*/
|
*/
|
||||||
void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) {
|
void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) {
|
||||||
char * argv[4];
|
char * argv[100];
|
||||||
char * baseshell = NULL;
|
char * baseshell = NULL;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
|
/* Re-enable SIGPIPE for the executed process */
|
||||||
|
if (signal(SIGPIPE, SIG_DFL) == SIG_ERR) {
|
||||||
|
dropbear_exit("signal() error");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* close file descriptors except stdin/stdout/stderr
|
||||||
|
* Need to be sure FDs are closed here to avoid reading files as root */
|
||||||
|
for (i = 3; i <= maxfd; i++) {
|
||||||
|
m_close(i);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cmd && !strncmp(cmd, "scp ", 4)) {
|
||||||
|
int argc = split_cmd(cmd, argv, sizeof argv/sizeof argv[0]);
|
||||||
|
scp_main(argc, argv);
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
baseshell = basename(usershell);
|
baseshell = basename(usershell);
|
||||||
|
|
||||||
if (cmd != NULL) {
|
if (cmd != NULL) {
|
||||||
@ -598,17 +615,6 @@ void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) {
|
|||||||
argv[1] = NULL;
|
argv[1] = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Re-enable SIGPIPE for the executed process */
|
|
||||||
if (signal(SIGPIPE, SIG_DFL) == SIG_ERR) {
|
|
||||||
dropbear_exit("signal() error");
|
|
||||||
}
|
|
||||||
|
|
||||||
/* close file descriptors except stdin/stdout/stderr
|
|
||||||
* Need to be sure FDs are closed here to avoid reading files as root */
|
|
||||||
for (i = 3; i <= maxfd; i++) {
|
|
||||||
m_close(i);
|
|
||||||
}
|
|
||||||
|
|
||||||
execv(usershell, argv);
|
execv(usershell, argv);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -267,7 +267,7 @@ much traffic. */
|
|||||||
|
|
||||||
/* This is used by the scp binary when used as a client binary. If you're
|
/* This is used by the scp binary when used as a client binary. If you're
|
||||||
* not using the Dropbear client, you'll need to change it */
|
* not using the Dropbear client, you'll need to change it */
|
||||||
#undef _PATH_SSH_PROGRAM
|
#define _PATH_SSH_PROGRAM "/dev/null"
|
||||||
|
|
||||||
/* Whether to log commands executed by a client. This only logs the
|
/* Whether to log commands executed by a client. This only logs the
|
||||||
* (single) command sent to the server, not what a user did in a
|
* (single) command sent to the server, not what a user did in a
|
||||||
|
|||||||
@ -449,6 +449,8 @@ DROPBEAR_SRCS := $(DROPBEAR_PATH)/atomicio.c \
|
|||||||
$(DROPBEAR_PATH)/progressmeter.c \
|
$(DROPBEAR_PATH)/progressmeter.c \
|
||||||
$(DROPBEAR_PATH)/queue.c \
|
$(DROPBEAR_PATH)/queue.c \
|
||||||
$(DROPBEAR_PATH)/rsa.c \
|
$(DROPBEAR_PATH)/rsa.c \
|
||||||
|
$(DROPBEAR_PATH)/scp.c \
|
||||||
|
$(DROPBEAR_PATH)/scpmisc.c \
|
||||||
$(DROPBEAR_PATH)/signkey.c \
|
$(DROPBEAR_PATH)/signkey.c \
|
||||||
$(DROPBEAR_PATH)/sshpty.c \
|
$(DROPBEAR_PATH)/sshpty.c \
|
||||||
$(DROPBEAR_PATH)/svr-agentfwd.c \
|
$(DROPBEAR_PATH)/svr-agentfwd.c \
|
||||||
|
|||||||
@ -15,6 +15,7 @@
|
|||||||
#define HAVE_GETADDRINFO 1
|
#define HAVE_GETADDRINFO 1
|
||||||
#define HAVE_FREEADDRINFO 1
|
#define HAVE_FREEADDRINFO 1
|
||||||
#define HAVE_GETNAMEINFO 1
|
#define HAVE_GETNAMEINFO 1
|
||||||
|
#define HAVE_FORK 1
|
||||||
|
|
||||||
#define HAVE_BASENAME 1
|
#define HAVE_BASENAME 1
|
||||||
#define HAVE_NETINET_TCP_H 1
|
#define HAVE_NETINET_TCP_H 1
|
||||||
@ -26,13 +27,17 @@
|
|||||||
|
|
||||||
#define DROPBEAR_SERVER 1
|
#define DROPBEAR_SERVER 1
|
||||||
#define DBMULTI_dropbear 1
|
#define DBMULTI_dropbear 1
|
||||||
|
#define DBMULTI_scp 1
|
||||||
#define DROPBEAR_MULTI 1
|
#define DROPBEAR_MULTI 1
|
||||||
|
|
||||||
|
|
||||||
extern const char *conf_path_file(const char *fn); /* in jni/interface.c */
|
/* in jni/interface.c: */
|
||||||
extern const char *conf_path;
|
extern const char *conf_path;
|
||||||
extern const char *conf_shell;
|
extern const char *conf_shell;
|
||||||
extern const char *conf_home;
|
extern const char *conf_home;
|
||||||
|
const char *conf_path_file(const char *fn);
|
||||||
|
int split_cmd(const char *in, char **argv, int max_argc);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#endif /* __CONFIG_H__ */
|
#endif /* __CONFIG_H__ */
|
||||||
|
|||||||
@ -54,8 +54,8 @@ jni_init(JNIEnv *env_)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* split str into argv entries, honoring " and \ (but nothing else) */
|
/* split str into argv entries, honoring " and \ (but nothing else) */
|
||||||
static int
|
int
|
||||||
process_extra(const char *in, char **argv, int max_argc)
|
split_cmd(const char *in, char **argv, int max_argc)
|
||||||
{
|
{
|
||||||
char curr[1000];
|
char curr[1000];
|
||||||
int curr_len = 0;
|
int curr_len = 0;
|
||||||
@ -63,6 +63,7 @@ process_extra(const char *in, char **argv, int max_argc)
|
|||||||
int argc = 0;
|
int argc = 0;
|
||||||
|
|
||||||
if (!in) {
|
if (!in) {
|
||||||
|
argv[argc] = NULL;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
while (1) {
|
while (1) {
|
||||||
@ -71,7 +72,7 @@ process_extra(const char *in, char **argv, int max_argc)
|
|||||||
(!in_quotes && isspace(c))) {
|
(!in_quotes && isspace(c))) {
|
||||||
if (curr_len) {
|
if (curr_len) {
|
||||||
curr[curr_len] = 0;
|
curr[curr_len] = 0;
|
||||||
if (argc+1 >= max_argc) {
|
if (argc+2 >= max_argc) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
argv[argc++] = strdup(curr);
|
argv[argc++] = strdup(curr);
|
||||||
@ -96,6 +97,7 @@ process_extra(const char *in, char **argv, int max_argc)
|
|||||||
curr[curr_len++] = c;
|
curr[curr_len++] = c;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
argv[argc] = NULL;
|
||||||
return argc;
|
return argc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -158,7 +160,7 @@ Java_org_galexander_sshd_SimpleSSHDService_start_1sshd(JNIEnv *env_,
|
|||||||
sprintf(argv[argc], "%d", (int)port);
|
sprintf(argv[argc], "%d", (int)port);
|
||||||
argc++;
|
argc++;
|
||||||
}
|
}
|
||||||
argc += process_extra(extra, &argv[argc],
|
argc += split_cmd(extra, &argv[argc],
|
||||||
(sizeof argv / sizeof *argv) - argc);
|
(sizeof argv / sizeof *argv) - argc);
|
||||||
fprintf(stderr, "starting dropbear\n");
|
fprintf(stderr, "starting dropbear\n");
|
||||||
retval = dropbear_main(argc, argv);
|
retval = dropbear_main(argc, argv);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user