diff options
author | Konstantin Demin <rockdrilla@gmail.com> | 2019-03-25 21:42:01 +0300 |
---|---|---|
committer | Hans Dedecker <dedeckeh@gmail.com> | 2019-03-25 22:25:34 +0100 |
commit | 5d27b10c61171e9974f5db01445acba5181e03b4 (patch) | |
tree | 186ecb8c4610098df827184c42754d310fe31c17 | |
parent | efc533cc2ff7ec99595727c4990b1fed006794ea (diff) | |
download | upstream-5d27b10c61171e9974f5db01445acba5181e03b4.tar.gz upstream-5d27b10c61171e9974f5db01445acba5181e03b4.tar.bz2 upstream-5d27b10c61171e9974f5db01445acba5181e03b4.zip |
dropbear: introduce config option "keyfile" (replacement for "rsakeyfile")
* option "keyfile" is more generic than "rsakeyfile".
* option "rsakeyfile" is considered to be deprecated and should be removed
in future releases.
* warn user (in syslog) if option "rsakeyfile" is used
* better check options ("rsakeyfile" and "keyfile"): don't append
"-r keyfile" to command line if file is absent (doesn't exist or empty),
warn user (in syslog) about such files
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
-rwxr-xr-x | package/network/services/dropbear/files/dropbear.init | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init index 2ea637ee1a..506f7dac65 100755 --- a/package/network/services/dropbear/files/dropbear.init +++ b/package/network/services/dropbear/files/dropbear.init @@ -12,6 +12,54 @@ PIDCOUNT=0 EXTRA_COMMANDS="killclients" EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself" +_dropbearkey() +{ + /usr/bin/dropbearkey "$@" 0<&- 1>&- 2>&- +} + +# $1 - host key file name +hk_verify() +{ + [ -f "$1" ] || return 1 + [ -s "$1" ] || return 2 + _dropbearkey -y -f "$1" || return 3 + return 0 +} + +# $1 - hk_verify() return code +hk_errmsg() +{ + case "$1" in + 0) ;; + 1) echo "file does not exist" ;; + 2) echo "file has zero length" ;; + 3) echo "file is not valid host key or not supported" ;; + *) echo "unknown error" ;; + esac +} + +# $1 - config option +# $2 - host key file name +hk_config() +{ + local x m + hk_verify "$2"; x=$? + case "$x" in + 0) procd_append_param command -r "$2" + ;; + *) m=$(hk_errmsg "$x") + logger -t "${NAME}" -p daemon.warn \ + "option '$1', value '$2': $m, skipping" + ;; + esac +} + +# $1 - host key file name +hk_config__keyfile() +{ + hk_config 'keyfile' "$1" +} + append_ports() { local ipaddrs="$1" @@ -37,6 +85,7 @@ validate_section_dropbear() 'RootPasswordAuth:bool:1' \ 'RootLogin:bool:1' \ 'rsakeyfile:file' \ + 'keyfile:list(file)' \ 'BannerFile:file' \ 'Port:list(port):22' \ 'SSHKeepAlive:uinteger:300' \ @@ -74,7 +123,13 @@ dropbear_instance() [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g [ "${RootLogin}" -eq 0 ] && procd_append_param command -w - [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}" + if [ -n "${rsakeyfile}" ]; then + logger -t ${NAME} -p daemon.warn \ + "option 'rsakeyfile' is considered to be deprecated and" \ + "will be removed in future releases, use 'keyfile' instead" + hk_config 'rsakeyfile' "${rsakeyfile}" + fi + config_list_foreach "$1" "keyfile" hk_config__keyfile [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}" append_ports "${ipaddrs}" "${Port}" [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" |