[PATCH openbmc 2/3] dropbear: Add patch for -c <command> option to dropbear

Thu Apr 14 16:30:34 AEST 2016

From: Jeremy Kerr <jk at ozlabs.org>

Signed-off-by: Jeremy Kerr <jk at ozlabs.org>
---
 ...d-c-command-option-to-force-a-specific-co.patch | 91 ++++++++++++++++++++++
 .../recipes-core/dropbear/dropbear_%.bbappend      |  3 +-
 2 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100644 meta-phosphor/common/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch

diff --git a/meta-phosphor/common/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch b/meta-phosphor/common/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch
new file mode 100644
index 0000000..88d0ac0
--- /dev/null
+++ b/meta-phosphor/common/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch
@@ -0,0 +1,91 @@
+From b4e094381ec846f4387dc6a3c210c2205a8db58a Mon Sep 17 00:00:00 2001
+From: Jeremy Kerr <jk at ozlabs.org>
+Date: Tue, 12 Apr 2016 11:11:40 +0800
+Subject: [PATCH] dropbear: Add -c <command> option to force a specific command
+
+This change adds a -c option to dropbear, to force the session to use a
+specific command, in a similar fashion to OpenSSH's ForceCommand
+configuration option.
+
+This is useful to provide a simple fixed service over ssh, without
+requiring an authorized key file for the per-key forced_command option.
+
+This setting takes precedence over the channel session's provided
+command, and the per-key forced_command setting.
+
+Signed-off-by: Jeremy Kerr <jk at ozlabs.org>
+---
+ runopts.h         |  2 ++
+ svr-chansession.c | 12 ++++++++++--
+ svr-runopts.c     |  5 +++++
+ 3 files changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/runopts.h b/runopts.h
+index f7c869d..ffb573e 100644
+--- a/runopts.h
++++ b/runopts.h
+@@ -114,6 +114,8 @@ typedef struct svr_runopts {
+ 	buffer * banner;
+ 	char * pidfile;
+ 
++	char * command;
++
+ } svr_runopts;
+ 
+ extern svr_runopts svr_opts;
+diff --git a/svr-chansession.c b/svr-chansession.c
+index bfaf7f6..d6c9330 100644
+--- a/svr-chansession.c
++++ b/svr-chansession.c
+@@ -671,8 +671,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
+ 		}
+ 	}
+ 	
+-	/* take public key option 'command' into account */
+-	svr_pubkey_set_forced_command(chansess);
++
++	/* take global command into account */
++	if (svr_opts.command) {
++		chansess->original_command = chansess->cmd ? : m_strdup("");
++		chansess->cmd = m_strdup(svr_opts.command);
++	} else {
++		/* take public key option 'command' into account */
++		svr_pubkey_set_forced_command(chansess);
++	}
++
+ 
+ #ifdef LOG_COMMANDS
+ 	if (chansess->cmd) {
+diff --git a/svr-runopts.c b/svr-runopts.c
+index 8f60059..f845300 100644
+--- a/svr-runopts.c
++++ b/svr-runopts.c
+@@ -79,6 +79,7 @@ static void printhelp(const char * progname) {
+ #ifdef ENABLE_SVR_REMOTETCPFWD
+ 					"-k		Disable remote port forwarding\n"
+ 					"-a		Allow connections to forwarded ports from any host\n"
++					"-c command	Force executed command\n"
+ #endif
+ 					"-p [address:]port\n"
+ 					"		Listen on specified tcp port (and optionally address),\n"
+@@ -125,6 +126,7 @@ void svr_getopts(int argc, char ** argv) {
+ 	/* see printhelp() for options */
+ 	svr_opts.bannerfile = NULL;
+ 	svr_opts.banner = NULL;
++	svr_opts.command = NULL;
+ 	svr_opts.forkbg = 1;
+ 	svr_opts.norootlogin = 0;
+ 	svr_opts.noauthpass = 0;
+@@ -177,6 +179,9 @@ void svr_getopts(int argc, char ** argv) {
+ 				case 'b':
+ 					next = &svr_opts.bannerfile;
+ 					break;
++				case 'c':
++					next = &svr_opts.command;
++					break;
+ 				case 'd':
+ 				case 'r':
+ 					next = &keyfile;
+-- 
+2.5.0
+
diff --git a/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend b/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend
index 36c0dcd..52a38bd 100644
--- a/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend
+++ b/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend
@@ -1,2 +1,3 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-SRC_URI += "file://dropbearkey.service"
+SRC_URI += "file://dropbearkey.service \
+	    file://0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch"
-- 
2.7.1


