diff options
| author | Colin Watson <cjwatson@debian.org> | 2008-05-25 18:16:31 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2008-05-25 18:16:31 +0000 |
| commit | 56c12903717deaf5eecd4c1b772de1eeb6ec4499 (patch) | |
| tree | e6629641077d9435946bc56bcd4c37abefab2310 | |
| parent | 3cb1ca47f373573cf3cd87af30d96284a3d38bf7 (diff) | |
Make ssh-vulnkey report the file name and line number for each key
(thanks, Heiko Schlittermann and Christopher Perry; closes: #481398).
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | ssh-vulnkey.c | 27 |
2 files changed, 19 insertions, 10 deletions
diff --git a/debian/changelog b/debian/changelog index af07c204f..dd94c58e0 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -24,6 +24,8 @@ openssh (1:4.7p1-11) UNRELEASED; urgency=low | |||
| 24 | * Recommend openssh-blacklist from openssh-client (closes: #481187). | 24 | * Recommend openssh-blacklist from openssh-client (closes: #481187). |
| 25 | * Recommend openssh-blacklist-extra from openssh-client and | 25 | * Recommend openssh-blacklist-extra from openssh-client and |
| 26 | openssh-server. | 26 | openssh-server. |
| 27 | * Make ssh-vulnkey report the file name and line number for each key | ||
| 28 | (thanks, Heiko Schlittermann and Christopher Perry; closes: #481398). | ||
| 27 | 29 | ||
| 28 | -- Colin Watson <cjwatson@debian.org> Sat, 17 May 2008 08:48:45 +0200 | 30 | -- Colin Watson <cjwatson@debian.org> Sat, 17 May 2008 08:48:45 +0200 |
| 29 | 31 | ||
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c index f13eb1619..3c7985448 100644 --- a/ssh-vulnkey.c +++ b/ssh-vulnkey.c | |||
| @@ -73,18 +73,21 @@ usage(void) | |||
| 73 | } | 73 | } |
| 74 | 74 | ||
| 75 | void | 75 | void |
| 76 | describe_key(const char *msg, const Key *key, const char *comment) | 76 | describe_key(const char *filename, u_long linenum, const char *msg, |
| 77 | const Key *key, const char *comment) | ||
| 77 | { | 78 | { |
| 78 | char *fp; | 79 | char *fp; |
| 79 | 80 | ||
| 80 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 81 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
| 81 | if (!quiet) | 82 | if (!quiet) |
| 82 | printf("%s: %u %s %s\n", msg, key_size(key), fp, comment); | 83 | printf("%s:%lu: %s: %u %s %s\n", filename, linenum, msg, |
| 84 | key_size(key), fp, comment); | ||
| 83 | xfree(fp); | 85 | xfree(fp); |
| 84 | } | 86 | } |
| 85 | 87 | ||
| 86 | int | 88 | int |
| 87 | do_key(const Key *key, const char *comment) | 89 | do_key(const char *filename, u_long linenum, |
| 90 | const Key *key, const char *comment) | ||
| 88 | { | 91 | { |
| 89 | Key *public; | 92 | Key *public; |
| 90 | char *blacklist_file; | 93 | char *blacklist_file; |
| @@ -97,13 +100,15 @@ do_key(const Key *key, const char *comment) | |||
| 97 | 100 | ||
| 98 | blacklist_file = blacklist_filename(public); | 101 | blacklist_file = blacklist_filename(public); |
| 99 | if (stat(blacklist_file, &st) < 0) | 102 | if (stat(blacklist_file, &st) < 0) |
| 100 | describe_key("Unknown (no blacklist information)", | 103 | describe_key(filename, linenum, |
| 101 | key, comment); | 104 | "Unknown (no blacklist information)", key, comment); |
| 102 | else if (blacklisted_key(public)) { | 105 | else if (blacklisted_key(public)) { |
| 103 | describe_key("COMPROMISED", key, comment); | 106 | describe_key(filename, linenum, |
| 107 | "COMPROMISED", key, comment); | ||
| 104 | ret = 0; | 108 | ret = 0; |
| 105 | } else | 109 | } else |
| 106 | describe_key("Not blacklisted", key, comment); | 110 | describe_key(filename, linenum, |
| 111 | "Not blacklisted", key, comment); | ||
| 107 | xfree(blacklist_file); | 112 | xfree(blacklist_file); |
| 108 | 113 | ||
| 109 | key_free(public); | 114 | key_free(public); |
| @@ -193,7 +198,8 @@ do_filename(const char *filename, int quiet_open) | |||
| 193 | if (key_read(key, &cp) == 1) { | 198 | if (key_read(key, &cp) == 1) { |
| 194 | while (*cp == ' ' || *cp == '\t') | 199 | while (*cp == ' ' || *cp == '\t') |
| 195 | cp++; | 200 | cp++; |
| 196 | if (!do_key(key, *cp ? cp : filename)) | 201 | if (!do_key(filename, linenum, |
| 202 | key, *cp ? cp : filename)) | ||
| 197 | ret = 0; | 203 | ret = 0; |
| 198 | found = 1; | 204 | found = 1; |
| 199 | } else { | 205 | } else { |
| @@ -202,7 +208,8 @@ do_filename(const char *filename, int quiet_open) | |||
| 202 | if (key_read(key, &cp) == 1) { | 208 | if (key_read(key, &cp) == 1) { |
| 203 | while (*cp == ' ' || *cp == '\t') | 209 | while (*cp == ' ' || *cp == '\t') |
| 204 | cp++; | 210 | cp++; |
| 205 | if (!do_key(key, *cp ? cp : filename)) | 211 | if (!do_key(filename, linenum, |
| 212 | key, *cp ? cp : filename)) | ||
| 206 | ret = 0; | 213 | ret = 0; |
| 207 | found = 1; | 214 | found = 1; |
| 208 | } | 215 | } |
| @@ -215,7 +222,7 @@ do_filename(const char *filename, int quiet_open) | |||
| 215 | if (!found && filename) { | 222 | if (!found && filename) { |
| 216 | key = key_load_public(filename, &comment); | 223 | key = key_load_public(filename, &comment); |
| 217 | if (key) { | 224 | if (key) { |
| 218 | if (!do_key(key, comment)) | 225 | if (!do_key(filename, 1, key, comment)) |
| 219 | ret = 0; | 226 | ret = 0; |
| 220 | found = 1; | 227 | found = 1; |
| 221 | } | 228 | } |