Mercurial > dropbear
comparison svr-runopts.c @ 1921:284c3837891c
Allow user space file locations (rootless support)
Why:
Running dropbear as a user (rootless) is aided if
files and programs can be saved/removed without
needing sudo.
What:
Use the same convention as DROPBEAR_DEFAULT_CLI_AUTHKEY;
if not starting with '/', then is relative to hedge's /home/hedge:
*_PRIV_FILENAME
DROPBEAR_PIDFILE
SFTPSERVER_PATH
default_options.h commentary added.
Changes kept to a minimum, so log entry in svr_kex.c#163
is refactored.
From:
Generated hostkey is <path> ... <finger-print>
to:
Generated hostkey path is <path>
Generated hostkey fingerprint is <fp>
Otherwise the unexpanded path was reported.
Patch modified by Matt Johnston
Signed-off-by: Begley Brothers Inc <[email protected]>
| author | Begley Brothers Inc <begleybrothers@gmail.com> |
|---|---|
| date | Thu, 09 Jul 2020 17:47:58 +1000 |
| parents | be236878efcf |
| children | 4528afefe45d |
comparison
equal
deleted
inserted
replaced
| 1920:1489449eceb1 | 1921:284c3837891c |
|---|---|
| 161 svr_opts.maxauthtries = MAX_AUTH_TRIES; | 161 svr_opts.maxauthtries = MAX_AUTH_TRIES; |
| 162 svr_opts.inetdmode = 0; | 162 svr_opts.inetdmode = 0; |
| 163 svr_opts.portcount = 0; | 163 svr_opts.portcount = 0; |
| 164 svr_opts.hostkey = NULL; | 164 svr_opts.hostkey = NULL; |
| 165 svr_opts.delay_hostkey = 0; | 165 svr_opts.delay_hostkey = 0; |
| 166 svr_opts.pidfile = DROPBEAR_PIDFILE; | 166 svr_opts.pidfile = expand_homedir_path(DROPBEAR_PIDFILE); |
| 167 #if DROPBEAR_SVR_LOCALTCPFWD | 167 #if DROPBEAR_SVR_LOCALTCPFWD |
| 168 svr_opts.nolocaltcp = 0; | 168 svr_opts.nolocaltcp = 0; |
| 169 #endif | 169 #endif |
| 170 #if DROPBEAR_SVR_REMOTETCPFWD | 170 #if DROPBEAR_SVR_REMOTETCPFWD |
| 171 svr_opts.noremotetcp = 0; | 171 svr_opts.noremotetcp = 0; |
| 528 } | 528 } |
| 529 | 529 |
| 530 /* Must be called after syslog/etc is working */ | 530 /* Must be called after syslog/etc is working */ |
| 531 static void loadhostkey(const char *keyfile, int fatal_duplicate) { | 531 static void loadhostkey(const char *keyfile, int fatal_duplicate) { |
| 532 sign_key * read_key = new_sign_key(); | 532 sign_key * read_key = new_sign_key(); |
| 533 char *expand_path = expand_homedir_path(keyfile); | |
| 533 enum signkey_type type = DROPBEAR_SIGNKEY_ANY; | 534 enum signkey_type type = DROPBEAR_SIGNKEY_ANY; |
| 534 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { | 535 if (readhostkey(expand_path, read_key, &type) == DROPBEAR_FAILURE) { |
| 535 if (!svr_opts.delay_hostkey) { | 536 if (!svr_opts.delay_hostkey) { |
| 536 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); | 537 dropbear_log(LOG_WARNING, "Failed loading %s", expand_path); |
| 537 } | 538 } |
| 538 } | 539 } |
| 540 m_free(expand_path); | |
| 539 | 541 |
| 540 #if DROPBEAR_RSA | 542 #if DROPBEAR_RSA |
| 541 if (type == DROPBEAR_SIGNKEY_RSA) { | 543 if (type == DROPBEAR_SIGNKEY_RSA) { |
| 542 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); | 544 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); |
| 543 } | 545 } |