diff options
| -rw-r--r-- | chansession.h | 4 | ||||
| -rw-r--r-- | dropbear.8 | 28 | ||||
| -rw-r--r-- | svr-chansession.c | 30 |
3 files changed, 60 insertions, 2 deletions
diff --git a/chansession.h b/chansession.h index b9d1995..924518b 100644 --- a/chansession.h +++ b/chansession.h @@ -50,6 +50,10 @@ struct ChanSess { /* exit details */ struct exitinfo exit; + + /* Used to set $SSH_CONNECTION in the child session. + Is only set temporarily before forking */ + char *connection_string; #ifndef DISABLE_X11FWD struct Listener * x11listener; @@ -154,6 +154,34 @@ By default the file /etc/motd will be printed for any login shell (unless disabled at compile-time). This can also be disabled per-user by creating a file ~/.hushlogin . +.SH ENVIRONMENT VARIABLES +Dropbear sets the standard variables USER, LOGNAME, HOME, SHELL, PATH, and TERM. + +The variables below are set for sessions as appropriate. + +.TP +.B SSH_TTY +This is set to the allocated TTY if a PTY was used. + +.TP +.B SSH_CONNECTION +Contains "<remote_ip> <remote_port> <local_ip> <local_port>". + +.TP +.B DISPLAY +Set X11 forwarding is used. + +.TP +.B SSH_ORIGINAL_COMMAND +If a 'command=' authorized_keys option was used, the original command is specified +in this variable. If a shell was requested this is set to an empty value. + +.TP +.B SSH_AUTH_SOCK +Set to a forwarded ssh-agent connection. + + + .SH AUTHOR Matt Johnston (matt@ucc.asn.au). .br diff --git a/svr-chansession.c b/svr-chansession.c index 503e789..782e97f 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -222,6 +222,7 @@ static int newchansess(struct Channel *channel) { chansess = (struct ChanSess*)m_malloc(sizeof(struct ChanSess)); chansess->cmd = NULL; + chansess->connection_string = NULL; chansess->pid = 0; /* pty details */ @@ -580,6 +581,21 @@ static int sessionpty(struct ChanSess * chansess) { return DROPBEAR_SUCCESS; } +static char* make_connection_string() { + char *local_ip, *local_port, *remote_ip, *remote_port; + size_t len; + char *ret; + get_socket_address(ses.sock_in, &local_ip, &local_port, &remote_ip, &remote_port, 0); + len = strlen(local_ip) + strlen(local_port) + strlen(remote_ip) + strlen(remote_port) + 4; + ret = m_malloc(len); + snprintf(ret, len, "%s %s %s %s", remote_ip, remote_port, local_ip, local_port); + m_free(local_ip); + m_free(local_port); + m_free(remote_ip); + m_free(remote_port); + return ret; +} + /* Handle a command request from the client. This is used for both shell * and command-execution requests, and passes the command to * noptycommand or ptycommand as appropriate. @@ -637,7 +653,11 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, } #endif - // XXX set SSH_CONNECTION string here, since about to close socket... + /* uClinux will vfork(), so there'll be a race as + connection_string is freed below. */ +#ifndef __uClinux__ + chansess->connection_string = make_connection_string(); +#endif if (chansess->term == NULL) { /* no pty */ @@ -647,6 +667,10 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, ret = ptycommand(channel, chansess); } +#ifndef __uClinux__ + m_free(chansess->connection_string); +#endif + if (ret == DROPBEAR_FAILURE) { m_free(chansess->cmd); } @@ -896,7 +920,9 @@ static void execchild(void *user_data) { addnewvar("SSH_TTY", chansess->tty); } - + if (chansess->connection_string) { + addnewvar("SSH_CONNECTION", chansess->connection_string); + } #ifdef ENABLE_SVR_PUBKEY_OPTIONS if (ses.authstate.pubkey_options && |