1
0
mirror of http://galexander.org/git/simplesshd.git synced 2025-01-15 17:40:54 +00:00

intercept attempts to execute "scp", and redirect them to the builtin scp

This commit is contained in:
Greg Alexander 2014-12-20 20:06:02 -05:00
parent 253c468b3a
commit 93760bfb7b
6 changed files with 33 additions and 19 deletions

1
NOTES
View File

@ -72,7 +72,6 @@ it uses select(), I'm not sure how I would honor Thread.interrupt() or
whatever. It's not guaranteed to interrupt select(), and I'm not keen on
adding an arbitrary timeout/polling feature to it.
XXX - scp
XXX - zlib
XXX - rsync

View File

@ -574,10 +574,27 @@ int spawn_command(void(*exec_fn)(void *user_data), void *exec_data,
* re-enabled SIGPIPE. If cmd is NULL, will run a login shell.
*/
void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) {
char * argv[4];
char * argv[100];
char * baseshell = NULL;
unsigned int i;
/* Re-enable SIGPIPE for the executed process */
if (signal(SIGPIPE, SIG_DFL) == SIG_ERR) {
dropbear_exit("signal() error");
}
/* close file descriptors except stdin/stdout/stderr
* Need to be sure FDs are closed here to avoid reading files as root */
for (i = 3; i <= maxfd; i++) {
m_close(i);
}
if (cmd && !strncmp(cmd, "scp ", 4)) {
int argc = split_cmd(cmd, argv, sizeof argv/sizeof argv[0]);
scp_main(argc, argv);
exit(0);
}
baseshell = basename(usershell);
if (cmd != NULL) {
@ -598,17 +615,6 @@ void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) {
argv[1] = NULL;
}
/* Re-enable SIGPIPE for the executed process */
if (signal(SIGPIPE, SIG_DFL) == SIG_ERR) {
dropbear_exit("signal() error");
}
/* close file descriptors except stdin/stdout/stderr
* Need to be sure FDs are closed here to avoid reading files as root */
for (i = 3; i <= maxfd; i++) {
m_close(i);
}
execv(usershell, argv);
}

View File

@ -267,7 +267,7 @@ much traffic. */
/* This is used by the scp binary when used as a client binary. If you're
* not using the Dropbear client, you'll need to change it */
#undef _PATH_SSH_PROGRAM
#define _PATH_SSH_PROGRAM "/dev/null"
/* Whether to log commands executed by a client. This only logs the
* (single) command sent to the server, not what a user did in a

View File

@ -449,6 +449,8 @@ DROPBEAR_SRCS := $(DROPBEAR_PATH)/atomicio.c \
$(DROPBEAR_PATH)/progressmeter.c \
$(DROPBEAR_PATH)/queue.c \
$(DROPBEAR_PATH)/rsa.c \
$(DROPBEAR_PATH)/scp.c \
$(DROPBEAR_PATH)/scpmisc.c \
$(DROPBEAR_PATH)/signkey.c \
$(DROPBEAR_PATH)/sshpty.c \
$(DROPBEAR_PATH)/svr-agentfwd.c \

View File

@ -15,6 +15,7 @@
#define HAVE_GETADDRINFO 1
#define HAVE_FREEADDRINFO 1
#define HAVE_GETNAMEINFO 1
#define HAVE_FORK 1
#define HAVE_BASENAME 1
#define HAVE_NETINET_TCP_H 1
@ -26,13 +27,17 @@
#define DROPBEAR_SERVER 1
#define DBMULTI_dropbear 1
#define DBMULTI_scp 1
#define DROPBEAR_MULTI 1
extern const char *conf_path_file(const char *fn); /* in jni/interface.c */
/* in jni/interface.c: */
extern const char *conf_path;
extern const char *conf_shell;
extern const char *conf_home;
const char *conf_path_file(const char *fn);
int split_cmd(const char *in, char **argv, int max_argc);
#endif /* __CONFIG_H__ */

View File

@ -54,8 +54,8 @@ jni_init(JNIEnv *env_)
}
/* split str into argv entries, honoring " and \ (but nothing else) */
static int
process_extra(const char *in, char **argv, int max_argc)
int
split_cmd(const char *in, char **argv, int max_argc)
{
char curr[1000];
int curr_len = 0;
@ -63,6 +63,7 @@ process_extra(const char *in, char **argv, int max_argc)
int argc = 0;
if (!in) {
argv[argc] = NULL;
return 0;
}
while (1) {
@ -71,7 +72,7 @@ process_extra(const char *in, char **argv, int max_argc)
(!in_quotes && isspace(c))) {
if (curr_len) {
curr[curr_len] = 0;
if (argc+1 >= max_argc) {
if (argc+2 >= max_argc) {
break;
}
argv[argc++] = strdup(curr);
@ -96,6 +97,7 @@ process_extra(const char *in, char **argv, int max_argc)
curr[curr_len++] = c;
}
}
argv[argc] = NULL;
return argc;
}
@ -158,7 +160,7 @@ Java_org_galexander_sshd_SimpleSSHDService_start_1sshd(JNIEnv *env_,
sprintf(argv[argc], "%d", (int)port);
argc++;
}
argc += process_extra(extra, &argv[argc],
argc += split_cmd(extra, &argv[argc],
(sizeof argv / sizeof *argv) - argc);
fprintf(stderr, "starting dropbear\n");
retval = dropbear_main(argc, argv);