Mercurial > dropbear
comparison svr-runopts.c @ 1921:284c3837891c
Allow user space file locations (rootless support)
Why:
Running dropbear as a user (rootless) is aided if
files and programs can be saved/removed without
needing sudo.
What:
Use the same convention as DROPBEAR_DEFAULT_CLI_AUTHKEY;
if not starting with '/', then is relative to hedge's /home/hedge:
*_PRIV_FILENAME
DROPBEAR_PIDFILE
SFTPSERVER_PATH
default_options.h commentary added.
Changes kept to a minimum, so log entry in svr_kex.c#163
is refactored.
From:
Generated hostkey is <path> ... <finger-print>
to:
Generated hostkey path is <path>
Generated hostkey fingerprint is <fp>
Otherwise the unexpanded path was reported.
Patch modified by Matt Johnston
Signed-off-by: Begley Brothers Inc <[email protected]>
author | Begley Brothers Inc <begleybrothers@gmail.com> |
---|---|
date | Thu, 09 Jul 2020 17:47:58 +1000 |
parents | be236878efcf |
children | 4528afefe45d |
comparison
equal
deleted
inserted
replaced
1920:1489449eceb1 | 1921:284c3837891c |
---|---|
161 svr_opts.maxauthtries = MAX_AUTH_TRIES; | 161 svr_opts.maxauthtries = MAX_AUTH_TRIES; |
162 svr_opts.inetdmode = 0; | 162 svr_opts.inetdmode = 0; |
163 svr_opts.portcount = 0; | 163 svr_opts.portcount = 0; |
164 svr_opts.hostkey = NULL; | 164 svr_opts.hostkey = NULL; |
165 svr_opts.delay_hostkey = 0; | 165 svr_opts.delay_hostkey = 0; |
166 svr_opts.pidfile = DROPBEAR_PIDFILE; | 166 svr_opts.pidfile = expand_homedir_path(DROPBEAR_PIDFILE); |
167 #if DROPBEAR_SVR_LOCALTCPFWD | 167 #if DROPBEAR_SVR_LOCALTCPFWD |
168 svr_opts.nolocaltcp = 0; | 168 svr_opts.nolocaltcp = 0; |
169 #endif | 169 #endif |
170 #if DROPBEAR_SVR_REMOTETCPFWD | 170 #if DROPBEAR_SVR_REMOTETCPFWD |
171 svr_opts.noremotetcp = 0; | 171 svr_opts.noremotetcp = 0; |
528 } | 528 } |
529 | 529 |
530 /* Must be called after syslog/etc is working */ | 530 /* Must be called after syslog/etc is working */ |
531 static void loadhostkey(const char *keyfile, int fatal_duplicate) { | 531 static void loadhostkey(const char *keyfile, int fatal_duplicate) { |
532 sign_key * read_key = new_sign_key(); | 532 sign_key * read_key = new_sign_key(); |
533 char *expand_path = expand_homedir_path(keyfile); | |
533 enum signkey_type type = DROPBEAR_SIGNKEY_ANY; | 534 enum signkey_type type = DROPBEAR_SIGNKEY_ANY; |
534 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { | 535 if (readhostkey(expand_path, read_key, &type) == DROPBEAR_FAILURE) { |
535 if (!svr_opts.delay_hostkey) { | 536 if (!svr_opts.delay_hostkey) { |
536 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); | 537 dropbear_log(LOG_WARNING, "Failed loading %s", expand_path); |
537 } | 538 } |
538 } | 539 } |
540 m_free(expand_path); | |
539 | 541 |
540 #if DROPBEAR_RSA | 542 #if DROPBEAR_RSA |
541 if (type == DROPBEAR_SIGNKEY_RSA) { | 543 if (type == DROPBEAR_SIGNKEY_RSA) { |
542 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); | 544 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); |
543 } | 545 } |