RusstopiaLabs
/
xs
mirror of https://gogs.blitter.com/RLabs/xs
1
0
Fork 0
Code Issues Releases Wiki Activity

Added server -L option to use host builtin login 

Signed-off-by: Russ Magee <rmagee@gmail.com>
This commit is contained in:
Russ Magee 2019-08-08 21:36:37 -07:00
parent 4c0b3a405d
commit 795adf6aa0
1 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
hkexshd/hkexshd.go
View File

@ -35,9 +35,11 @@ import (
) )
var ( var (
version string version string
gitCommit string // set in -ldflags by build gitCommit string // set in -ldflags by build
useSysLogin bool
// Log - syslog output (with no -d) // Log - syslog output (with no -d)
Log *logger.Writer Log *logger.Writer
) )
@ -276,8 +278,18 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *hkexnet.C
var c *exec.Cmd var c *exec.Cmd
if interactive { if interactive {
//c = exec.Command("/bin/login", "-f", "-p", who) // nolint: gosec if useSysLogin {
c = exec.Command("/bin/bash", "-i", "-l") // nolint: gosec // Use the server's login binary (post-auth
// which is still done via our own bcrypt file)
// Things UNIX login does, like print the 'motd',
// and use the shell specified by /etc/passwd, will be done
// automagically, at the cost of another external tool
// dependency.
//
c = exec.Command("/bin/login", "-f", "-p", who) // nolint: gosec
} else {
c = exec.Command("/bin/bash", "-i", "-l") // nolint: gosec
}
} else { } else {
c = exec.Command("/bin/bash", "-c", cmd) // nolint: gosec c = exec.Command("/bin/bash", "-c", cmd) // nolint: gosec
} }
@ -286,8 +298,13 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *hkexnet.C
//c.Env = []string{"HOME=" + u.HomeDir, "SUDO_GID=", "SUDO_UID=", "SUDO_USER=", "SUDO_COMMAND=", "MAIL=", "LOGNAME="+who} //c.Env = []string{"HOME=" + u.HomeDir, "SUDO_GID=", "SUDO_UID=", "SUDO_USER=", "SUDO_COMMAND=", "MAIL=", "LOGNAME="+who}
c.Dir = u.HomeDir c.Dir = u.HomeDir
c.SysProcAttr = &syscall.SysProcAttr{} c.SysProcAttr = &syscall.SysProcAttr{}
//c.SysProcAttr.Credential = &syscall.Credential{} if useSysLogin {
c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid} // If using server's login binary, drop to user creds
// is taken care of by it.
c.SysProcAttr.Credential = &syscall.Credential{}
} else {
c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
}
c.Stdin = conn c.Stdin = conn
c.Stdout = conn c.Stdout = conn
c.Stderr = conn c.Stderr = conn
@ -426,6 +443,7 @@ func main() {
flag.BoolVar(&vopt, "v", false, "show version") flag.BoolVar(&vopt, "v", false, "show version")
flag.StringVar(&laddr, "l", ":2000", "interface[:port] to listen") flag.StringVar(&laddr, "l", ":2000", "interface[:port] to listen")
flag.BoolVar(&useSysLogin, "L", false, "use system login")
flag.BoolVar(&chaffEnabled, "e", true, "enable chaff pkts") flag.BoolVar(&chaffEnabled, "e", true, "enable chaff pkts")
flag.UintVar(&chaffFreqMin, "f", 100, "chaff pkt freq min (msecs)") flag.UintVar(&chaffFreqMin, "f", 100, "chaff pkt freq min (msecs)")
flag.UintVar(&chaffFreqMax, "F", 5000, "chaff pkt freq max (msecs)") flag.UintVar(&chaffFreqMax, "F", 5000, "chaff pkt freq max (msecs)")