diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2015-01-24 00:05:26 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2015-01-24 00:05:26 +0800 |
| commit | 96709067bb89078f71167ceeb59feb1ee3254e85 (patch) | |
| tree | b05104712c925f9ae6fc3b8e6300a05d52d8e3f5 | |
| parent | 73f09a6c8c61591bd19cc6683f3c01499e8f85e4 (diff) | |
| download | dropbear-96709067bb89078f71167ceeb59feb1ee3254e85.tar.gz | |
Default client key path ~/.ssh/id_dropbear
| -rw-r--r-- | cli-runopts.c | 27 | ||||
| -rw-r--r-- | dbutil.c | 17 | ||||
| -rw-r--r-- | dbutil.h | 1 | ||||
| -rw-r--r-- | dropbearkey.c | 3 | ||||
| -rw-r--r-- | options.h | 4 |
5 files changed, 45 insertions, 7 deletions
diff --git a/cli-runopts.c b/cli-runopts.c index bad991f..11c6890 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -38,7 +38,7 @@ static void parse_hostname(const char* orighostarg); static void parse_multihop_hostname(const char* orighostarg, const char* argv0); static void fill_own_user(); #ifdef ENABLE_CLI_PUBKEY_AUTH -static void loadidentityfile(const char* filename); +static void loadidentityfile(const char* filename, int warnfail); #endif #ifdef ENABLE_CLI_ANYTCPFWD static void addforward(const char* str, m_list *fwdlist); @@ -65,7 +65,7 @@ static void printhelp() { "-y -y Don't perform any remote host key checking (caution)\n" "-s Request a subsystem (use by external sftp)\n" #ifdef ENABLE_CLI_PUBKEY_AUTH - "-i <identityfile> (multiple allowed)\n" + "-i <identityfile> (multiple allowed, default %s)\n" #endif #ifdef ENABLE_CLI_AGENTFWD "-A Enable agent auth forwarding\n" @@ -95,6 +95,9 @@ static void printhelp() { "-v verbose (compiled with DEBUG_TRACE)\n" #endif ,DROPBEAR_VERSION, cli_opts.progname, +#ifdef ENABLE_CLI_PUBKEY_AUTH + DROPBEAR_DEFAULT_CLI_AUTHKEY, +#endif DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); } @@ -174,7 +177,7 @@ void cli_getopts(int argc, char ** argv) { #ifdef ENABLE_CLI_PUBKEY_AUTH if (nextiskey) { /* Load a hostkey since the previous argument was "-i" */ - loadidentityfile(argv[i]); + loadidentityfile(argv[i], 1); nextiskey = 0; continue; } @@ -231,7 +234,7 @@ void cli_getopts(int argc, char ** argv) { case 'i': /* an identityfile */ /* Keep scp happy when it changes "-i file" to "-ifile" */ if (strlen(argv[i]) > 2) { - loadidentityfile(&argv[i][2]); + loadidentityfile(&argv[i][2], 1); } else { nextiskey = 1; } @@ -444,6 +447,14 @@ void cli_getopts(int argc, char ** argv) { } #endif +#ifdef DROPBEAR_DEFAULT_CLI_AUTHKEY + { + char *expand_path = expand_tilde(DROPBEAR_DEFAULT_CLI_AUTHKEY); + loadidentityfile(expand_path, 0); + m_free(expand_path); + } +#endif + /* The hostname gets set up last, since * in multi-hop mode it will require knowledge * of other flags such as -i */ @@ -455,14 +466,18 @@ void cli_getopts(int argc, char ** argv) { } #ifdef ENABLE_CLI_PUBKEY_AUTH -static void loadidentityfile(const char* filename) { +static void loadidentityfile(const char* filename, int warnfail) { sign_key *key; enum signkey_type keytype; + TRACE(("loadidentityfile %s", filename)) + key = new_sign_key(); keytype = DROPBEAR_SIGNKEY_ANY; if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) { - fprintf(stderr, "Failed loading keyfile '%s'\n", filename); + if (warnfail) { + fprintf(stderr, "Failed loading keyfile '%s'\n", filename); + } sign_key_free(key); } else { key->type = keytype; @@ -936,6 +936,23 @@ int m_str_to_uint(const char* str, unsigned int *val) { } } +/* Returns malloced path. Only expands ~ in first character */ +char * expand_tilde(const char *inpath) { + struct passwd *pw = NULL; + if (inpath[0] == '~') { + pw = getpwuid(getuid()); + if (pw && pw->pw_dir) { + int len = strlen(inpath) + strlen(pw->pw_dir) + 1; + char *buf = m_malloc(len); + snprintf(buf, len, "%s/%s", pw->pw_dir, &inpath[1]); + return buf; + } + } + + /* Fallback */ + return m_strdup(inpath); +} + int constant_time_memcmp(const void* a, const void *b, size_t n) { const char *xa = a, *xb = b; @@ -110,5 +110,6 @@ int constant_time_memcmp(const void* a, const void *b, size_t n); a real-world clock */ time_t monotonic_now(); +char * expand_tilde(const char *inpath); #endif /* _DBUTIL_H_ */ diff --git a/dropbearkey.c b/dropbearkey.c index 1eb4db2..7eb2f3f 100644 --- a/dropbearkey.c +++ b/dropbearkey.c @@ -76,7 +76,8 @@ static void printhelp(char * progname) { #ifdef DROPBEAR_ECDSA " ecdsa\n" #endif - "-f filename Use filename for the secret key\n" + "-f filename Use filename for the secret key.\n" + " ~/.ssh/id_dropbear is recommended for client keys.\n" "-s bits Key size in bits, should be a multiple of 8 (optional)\n" #ifdef DROPBEAR_DSS " DSS has a fixed size of 1024 bits\n" @@ -211,6 +211,10 @@ much traffic. */ #define ENABLE_CLI_PUBKEY_AUTH #define ENABLE_CLI_INTERACT_AUTH +/* A default argument for dbclient -i <privatekey>. + leading "~" is expanded */ +#define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" + /* This variable can be used to set a password for client * authentication on the commandline. Beware of platforms * that don't protect environment variables of processes etc. Also |