Dropbear calling my own command-line parser than /bin/sh.
Matt Johnston
matt at ucc.asn.au
Sat Jul 15 10:25:53 WST 2006
On Fri, Jul 14, 2006 at 06:13:44PM -0700, Prasad wrote:
> Hi all,
> How do i make dropbear call my own utility/command-line parser which
> has its own way of checking the username and password and does some
> other work.
Have a look at svr_auth_password() in svr-authpasswd.c for
how the existing password checking works. You could make it
run a hardcoded system() call (beware of allowing arbitrary
input), and then check the return value of the program? Note
that if the user doesn't exist in /etc/passwd, then you'll
have to manually fill out the entries in the
ses.authstate.pw structure. Look out for the code in
svr-auth.c that checks that a shell is valid - you may want
to disable that.
> How do i integrate that with the dropbear-ssh (in this way
> i can get my code to get run using SSH and not the default
> /bin/sh).
If you're using /etc/passwd still, just change the shell
there (and /etc/shells). Otherwise, change the shell that is
filled out in the ses.authstate.pw structure during auth.
The shell to execute is taken from
ses.authstate.pw->pw_shell in svr-chansession.c. The shell
is run as "sh -c 'command line arguments'", so you might
want to change that (or just have your own shell ignore
arguments).
Matt
More information about the Dropbear
mailing list