Mercurial > dropbear

changeset 995:6fb4c010c448

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Default client key path ~/.ssh/id_dropbear
author Matt Johnston <matt@ucc.asn.au>
date Sat, 24 Jan 2015 00:05:26 +0800
parents 5c5ade336926
children 47643024fc90
files cli-runopts.c dbutil.c dbutil.h dropbearkey.c options.h
diffstat 5 files changed, 45 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/cli-runopts.c	Fri Jan 23 23:00:25 2015 +0800
+++ b/cli-runopts.c	Sat Jan 24 00:05:26 2015 +0800
@@ -38,7 +38,7 @@
 static void parse_multihop_hostname(const char* orighostarg, const char* argv0);
 static void fill_own_user();
 #ifdef ENABLE_CLI_PUBKEY_AUTH
-static void loadidentityfile(const char* filename);
+static void loadidentityfile(const char* filename, int warnfail);
 #endif
 #ifdef ENABLE_CLI_ANYTCPFWD
 static void addforward(const char* str, m_list *fwdlist);
@@ -65,7 +65,7 @@
 					"-y -y Don't perform any remote host key checking (caution)\n"
 					"-s    Request a subsystem (use by external sftp)\n"
 #ifdef ENABLE_CLI_PUBKEY_AUTH
-					"-i <identityfile>   (multiple allowed)\n"
+					"-i <identityfile>   (multiple allowed, default %s)\n"
 #endif
 #ifdef ENABLE_CLI_AGENTFWD
 					"-A    Enable agent auth forwarding\n"
@@ -95,6 +95,9 @@
 					"-v    verbose (compiled with DEBUG_TRACE)\n"
 #endif
 					,DROPBEAR_VERSION, cli_opts.progname,
+#ifdef ENABLE_CLI_PUBKEY_AUTH
+					DROPBEAR_DEFAULT_CLI_AUTHKEY,
+#endif
 					DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
 					
 }
@@ -174,7 +177,7 @@
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 		if (nextiskey) {
 			/* Load a hostkey since the previous argument was "-i" */
-			loadidentityfile(argv[i]);
+			loadidentityfile(argv[i], 1);
 			nextiskey = 0;
 			continue;
 		}
@@ -231,7 +234,7 @@
 				case 'i': /* an identityfile */
 					/* Keep scp happy when it changes "-i file" to "-ifile" */
 					if (strlen(argv[i]) > 2) {
-						loadidentityfile(&argv[i][2]);
+						loadidentityfile(&argv[i][2], 1);
 					} else  {
 						nextiskey = 1;
 					}
@@ -444,6 +447,14 @@
 	}
 #endif
 
+#ifdef DROPBEAR_DEFAULT_CLI_AUTHKEY
+	{
+		char *expand_path = expand_tilde(DROPBEAR_DEFAULT_CLI_AUTHKEY);
+		loadidentityfile(expand_path, 0);
+		m_free(expand_path);
+	}
+#endif
+
 	/* The hostname gets set up last, since
 	 * in multi-hop mode it will require knowledge
 	 * of other flags such as -i */
@@ -455,14 +466,18 @@
 }
 
 #ifdef ENABLE_CLI_PUBKEY_AUTH
-static void loadidentityfile(const char* filename) {
+static void loadidentityfile(const char* filename, int warnfail) {
 	sign_key *key;
 	enum signkey_type keytype;
 
+	TRACE(("loadidentityfile %s", filename))
+
 	key = new_sign_key();
 	keytype = DROPBEAR_SIGNKEY_ANY;
 	if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) {
-		fprintf(stderr, "Failed loading keyfile '%s'\n", filename);
+		if (warnfail) {
+			fprintf(stderr, "Failed loading keyfile '%s'\n", filename);
+		}
 		sign_key_free(key);
 	} else {
 		key->type = keytype;
--- a/dbutil.c	Fri Jan 23 23:00:25 2015 +0800
+++ b/dbutil.c	Sat Jan 24 00:05:26 2015 +0800
@@ -936,6 +936,23 @@
 	}
 }
 
+/* Returns malloced path. Only expands ~ in first character */
+char * expand_tilde(const char *inpath) {
+	struct passwd *pw = NULL;
+	if (inpath[0] == '~') {
+		pw = getpwuid(getuid());
+		if (pw && pw->pw_dir) {
+			int len = strlen(inpath) + strlen(pw->pw_dir) + 1;
+			char *buf = m_malloc(len);
+			snprintf(buf, len, "%s/%s", pw->pw_dir, &inpath[1]);
+			return buf;
+		}
+	}
+
+	/* Fallback */
+	return m_strdup(inpath);
+}
+
 int constant_time_memcmp(const void* a, const void *b, size_t n)
 {
 	const char *xa = a, *xb = b;
--- a/dbutil.h	Fri Jan 23 23:00:25 2015 +0800
+++ b/dbutil.h	Sat Jan 24 00:05:26 2015 +0800
@@ -110,5 +110,6 @@
 a real-world clock */
 time_t monotonic_now();
 
+char * expand_tilde(const char *inpath);
 
 #endif /* _DBUTIL_H_ */
--- a/dropbearkey.c	Fri Jan 23 23:00:25 2015 +0800
+++ b/dropbearkey.c	Sat Jan 24 00:05:26 2015 +0800
@@ -76,7 +76,8 @@
 #ifdef DROPBEAR_ECDSA
 					"		ecdsa\n"
 #endif
-					"-f filename	Use filename for the secret key\n"
+					"-f filename    Use filename for the secret key.\n"
+					"               ~/.ssh/id_dropbear is recommended for client keys.\n"
 					"-s bits	Key size in bits, should be a multiple of 8 (optional)\n"
 #ifdef DROPBEAR_DSS
 					"           DSS has a fixed size of 1024 bits\n"
--- a/options.h	Fri Jan 23 23:00:25 2015 +0800
+++ b/options.h	Sat Jan 24 00:05:26 2015 +0800
@@ -211,6 +211,10 @@
 #define ENABLE_CLI_PUBKEY_AUTH
 #define ENABLE_CLI_INTERACT_AUTH
 
+/* A default argument for dbclient -i <privatekey>. 
+   leading "~" is expanded */
+#define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear"
+
 /* This variable can be used to set a password for client
  * authentication on the commandline. Beware of platforms
  * that don't protect environment variables of processes etc. Also