Репозитории ALT
| S: | 2022.82-alt1 |
| 5.1: | 0.50-alt3 |
| 4.1: | 0.50-alt1 |
| 4.0: | 0.49-alt1 |
Группа :: Система/Серверы
Пакет: dropbear
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: dropbear-2013.62-authkey_fp.patch
Скачать
Скачать
From 93c8ede915030c697b9304d5bcd64c2bf58b068c Mon Sep 17 00:00:00 2001
From: "George V. Kouryachy (Fr. Br. George)" <george@altlinux.ru>
Date: Wed, 15 Jan 2014 16:21:22 +0400
Subject: [PATCH] export $SSH_AUTHKEY_FINGERPRINT
---
dropbear/dropbear.8 | 12 ++++++++++--
dropbear/runopts.h | 1 +
dropbear/session.h | 2 ++
dropbear/svr-authpubkey.c | 1 +
dropbear/svr-chansession.c | 3 +++
dropbear/svr-runopts.c | 5 +++++
6 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/dropbear/dropbear.8 b/dropbear/dropbear.8
index 032e4ce..e6f487e 100644
--- a/dropbear/dropbear.8
+++ b/dropbear/dropbear.8
@@ -71,6 +71,10 @@ Use this option to run
under TCP/IP servers like inetd, tcpsvd, or tcpserver.
In program mode the \-F option is implied, and \-p options are ignored.
.TP
+.B \-f
+Upon succsessful public key authentication,
+expose (via $SSH_AUTHKEY_FINGERPRINT) a fingerprint of the key just authenticated.
+.TP
.B \-P \fIpidfile
Specify a pidfile to create when running as a daemon. If not specified, the
default is /var/run/dropbear.pid
@@ -175,7 +179,11 @@ in this variable. If a shell was requested this is set to an empty value.
.TP
.B SSH_AUTH_SOCK
Set to a forwarded ssh-agent connection.
-
+
+.TP
+.B SSH_AUTHKEY_FINGERPRINT
+When -f is used, set to a fingerprint of the succsessfully authenticated public key, if any.
+
.SH NOTES
Dropbear only supports SSH protocol version 2.
diff --git a/dropbear/runopts.h b/dropbear/runopts.h
index 21fc8e5..77e7957 100644
--- a/dropbear/runopts.h
+++ b/dropbear/runopts.h
@@ -64,6 +64,7 @@ typedef struct svr_runopts {char * bannerfile;
+ int authkey_fp;
int forkbg;
int usingsyslog;
diff --git a/dropbear/session.h b/dropbear/session.h
index 91e306a..71224e6 100644
--- a/dropbear/session.h
+++ b/dropbear/session.h
@@ -154,6 +154,8 @@ struct sshsession {idle timeout purposes */
+ /*G*//* exposing buffer(s)*/
+ char *authkey_fp; /* sucsessful authentificated key fingerprint (if any)*/
/* KEX/encryption related */
struct KEXState kexstate;
struct key_context *keys;
diff --git a/dropbear/svr-authpubkey.c b/dropbear/svr-authpubkey.c
index 66fe5e5..382bb29 100644
--- a/dropbear/svr-authpubkey.c
+++ b/dropbear/svr-authpubkey.c
@@ -137,6 +137,7 @@ void svr_auth_pubkey() {"Pubkey auth succeeded for '%s' with key %s from %s",
ses.authstate.pw_name, fp, svr_ses.addrstring);
send_msg_userauth_success();
+ ses.authkey_fp=strdup(fp);
} else {dropbear_log(LOG_WARNING,
"Pubkey auth bad signature for '%s' with key %s from %s",
diff --git a/dropbear/svr-chansession.c b/dropbear/svr-chansession.c
index dd9ea02..fc3a875 100644
--- a/dropbear/svr-chansession.c
+++ b/dropbear/svr-chansession.c
@@ -917,6 +917,9 @@ static void execchild(void *user_data) { addnewvar("HOME", ses.authstate.pw_dir); addnewvar("SHELL", get_user_shell()); addnewvar("PATH", DEFAULT_PATH);+ if(ses.authkey_fp !=NULL && svr_opts.authkey_fp) {+ addnewvar("SSH_AUTHKEY_FINGERPRINT",ses.authkey_fp);+ }
if (chansess->term != NULL) { addnewvar("TERM", chansess->term);}
diff --git a/dropbear/svr-runopts.c b/dropbear/svr-runopts.c
index 414cb45..422b8c3 100644
--- a/dropbear/svr-runopts.c
+++ b/dropbear/svr-runopts.c
@@ -59,6 +59,7 @@ static void printhelp(const char * progname) {"-R Create hostkeys as required\n"
#endif
"-F Don't fork into background\n"
+ "-f Expose session fingerprint via $SSH_AUTHKEY_FINGERPRINT\n"
#ifdef DISABLE_SYSLOG
"(Syslog support not compiled in, using stderr)\n"
#else
@@ -123,6 +124,7 @@ void svr_getopts(int argc, char ** argv) {/* see printhelp() for options */
svr_opts.bannerfile = NULL;
svr_opts.banner = NULL;
+ svr_opts.authkey_fp = 0;
svr_opts.forkbg = 1;
svr_opts.norootlogin = 0;
svr_opts.noauthpass = 0;
@@ -193,6 +195,9 @@ void svr_getopts(int argc, char ** argv) {case 'R':
svr_opts.delay_hostkey = 1;
break;
+ case 'f':
+ svr_opts.authkey_fp = 1;
+ break;
case 'F':
svr_opts.forkbg = 0;
break;
--
1.8.3.4