Mercurial > dropbear

comparison svr-kex.c @ 1921:284c3837891c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Allow user space file locations (rootless support) Why: Running dropbear as a user (rootless) is aided if files and programs can be saved/removed without needing sudo. What: Use the same convention as DROPBEAR_DEFAULT_CLI_AUTHKEY; if not starting with '/', then is relative to hedge's /home/hedge: *_PRIV_FILENAME DROPBEAR_PIDFILE SFTPSERVER_PATH default_options.h commentary added. Changes kept to a minimum, so log entry in svr_kex.c#163 is refactored. From: Generated hostkey is <path> ... <finger-print> to: Generated hostkey path is <path> Generated hostkey fingerprint is <fp> Otherwise the unexpanded path was reported. Patch modified by Matt Johnston Signed-off-by: Begley Brothers Inc <[email protected]>
author Begley Brothers Inc <begleybrothers@gmail.com>
date Thu, 09 Jul 2020 17:47:58 +1000
parents 435cfb9ec96e
children
comparison
equal deleted inserted replaced
1920:1489449eceb1 1921:284c3837891c
104 #if DROPBEAR_DELAY_HOSTKEY 104 #if DROPBEAR_DELAY_HOSTKEY
105 105
106 static void svr_ensure_hostkey() { 106 static void svr_ensure_hostkey() {
107 107
108 const char* fn = NULL; 108 const char* fn = NULL;
109 char *expand_fn = NULL;
109 enum signkey_type type = ses.newkeys->algo_hostkey; 110 enum signkey_type type = ses.newkeys->algo_hostkey;
110 void **hostkey = signkey_key_ptr(svr_opts.hostkey, type); 111 void **hostkey = signkey_key_ptr(svr_opts.hostkey, type);
111 int ret = DROPBEAR_FAILURE; 112 int ret = DROPBEAR_FAILURE;
112 113
113 if (hostkey && *hostkey) { 114 if (hostkey && *hostkey) {
140 #endif 141 #endif
141 default: 142 default:
142 dropbear_assert(0); 143 dropbear_assert(0);
143 } 144 }
144 145
145 if (readhostkey(fn, svr_opts.hostkey, &type) == DROPBEAR_SUCCESS) { 146 expand_fn = expand_homedir_path(fn);
146 return; 147
147 } 148 ret = readhostkey(expand_fn, svr_opts.hostkey, &type);
148 149 if (ret == DROPBEAR_SUCCESS) {
149 if (signkey_generate(type, 0, fn, 1) == DROPBEAR_FAILURE) {
150 goto out; 150 goto out;
151 } 151 }
152
153 if (signkey_generate(type, 0, expand_fn, 1) == DROPBEAR_FAILURE) {
154 goto out;
155 }
152 156
153 ret = readhostkey(fn, svr_opts.hostkey, &type); 157 /* Read what we just generated (or another process raced us) */
158 ret = readhostkey(expand_fn, svr_opts.hostkey, &type);
154 159
155 if (ret == DROPBEAR_SUCCESS) { 160 if (ret == DROPBEAR_SUCCESS) {
156 char *fp = NULL; 161 char *fp = NULL;
157 unsigned int len; 162 unsigned int len;
158 buffer *key_buf = buf_new(MAX_PUBKEY_SIZE); 163 buffer *key_buf = buf_new(MAX_PUBKEY_SIZE);
159 buf_put_pub_key(key_buf, svr_opts.hostkey, type); 164 buf_put_pub_key(key_buf, svr_opts.hostkey, type);
160 buf_setpos(key_buf, 4); 165 buf_setpos(key_buf, 4);
161 len = key_buf->len - key_buf->pos; 166 len = key_buf->len - key_buf->pos;
162 fp = sign_key_fingerprint(buf_getptr(key_buf, len), len); 167 fp = sign_key_fingerprint(buf_getptr(key_buf, len), len);
163 dropbear_log(LOG_INFO, "Generated hostkey %s, fingerprint is %s", 168 dropbear_log(LOG_INFO, "Generated hostkey %s, fingerprint is %s",
164 fn, fp); 169 expand_fn, fp);
165 m_free(fp); 170 m_free(fp);
166 buf_free(key_buf); 171 buf_free(key_buf);
167 } 172 }
168 173
169 out: 174 out:
170 if (ret == DROPBEAR_FAILURE) 175 if (ret == DROPBEAR_FAILURE) {
171 { 176 dropbear_exit("Couldn't read or generate hostkey %s", expand_fn);
172 dropbear_exit("Couldn't read or generate hostkey %s", fn); 177 }
173 } 178 m_free(expand_fn);
174 } 179 }
175 #endif 180 #endif
176 181
177 /* Generate our side of the diffie-hellman key exchange value (dh_f), and 182 /* Generate our side of the diffie-hellman key exchange value (dh_f), and
178 * calculate the session key using the diffie-hellman algorithm. Following 183 * calculate the session key using the diffie-hellman algorithm. Following