summaryrefslogtreecommitdiff
path: root/hostfile.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-11-16 13:37:16 +1100
committerDamien Miller <djm@mindrot.org>1999-11-16 13:37:16 +1100
commit7e8e820153a620ab1dcd81857a7de0969c41d043 (patch)
tree226cc4185feae97f4069ad60b4c18d259aa5df2f /hostfile.c
parent4874c79a3a05fc18678d7a85d7091f5139630fac (diff)
- Merged OpenBSD CVS changes:
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c] [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c] the keysize of rsa-parameter 'n' is passed implizit, a few more checks and warnings about 'pretended' keysizes. - [cipher.c cipher.h packet.c packet.h sshd.c] remove support for cipher RC4 - [ssh.c] a note for legay systems about secuity issues with permanently_set_uid(), the private hostkey and ptrace() - [sshconnect.c] more detailed messages about adding and checking hostkeys
Diffstat (limited to 'hostfile.c')
-rw-r--r--hostfile.c45
1 files changed, 26 insertions, 19 deletions
diff --git a/hostfile.c b/hostfile.c
index 0e65bfe5f..79ff7f988 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -14,7 +14,7 @@ Functions for manipulating the known hosts files.
14*/ 14*/
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$Id: hostfile.c,v 1.2 1999/11/08 05:15:55 damien Exp $"); 17RCSID("$Id: hostfile.c,v 1.3 1999/11/16 02:37:16 damien Exp $");
18 18
19#include "packet.h" 19#include "packet.h"
20#include "ssh.h" 20#include "ssh.h"
@@ -166,29 +166,20 @@ match_hostname(const char *host, const char *pattern, unsigned int len)
166 but used to have a different host key. */ 166 but used to have a different host key. */
167 167
168HostStatus 168HostStatus
169check_host_in_hostfile(const char *filename, 169check_host_in_hostfile(const char *filename, const char *host,
170 const char *host, unsigned int bits, 170 BIGNUM *e, BIGNUM *n, BIGNUM *ke, BIGNUM *kn)
171 BIGNUM *e, BIGNUM *n,
172 BIGNUM *ke, BIGNUM *kn)
173{ 171{
174 FILE *f; 172 FILE *f;
175 char line[8192]; 173 char line[8192];
176 unsigned int kbits, hostlen; 174 int linenum = 0;
175 unsigned int bits, kbits, hostlen;
177 char *cp, *cp2; 176 char *cp, *cp2;
178 HostStatus end_return; 177 HostStatus end_return;
179 struct stat st;
180 178
181 /* Open the file containing the list of known hosts. */ 179 /* Open the file containing the list of known hosts. */
182 f = fopen(filename, "r"); 180 f = fopen(filename, "r");
183 if (!f) 181 if (!f)
184 { 182 return HOST_NEW;
185 if (stat(filename, &st) >= 0)
186 {
187 packet_send_debug("Could not open %.900s for reading.", filename);
188 packet_send_debug("If your home directory is on an NFS volume, it may need to be world-readable.");
189 }
190 return HOST_NEW;
191 }
192 183
193 /* Cache the length of the host name. */ 184 /* Cache the length of the host name. */
194 hostlen = strlen(host); 185 hostlen = strlen(host);
@@ -198,10 +189,14 @@ check_host_in_hostfile(const char *filename,
198 one. */ 189 one. */
199 end_return = HOST_NEW; 190 end_return = HOST_NEW;
200 191
192 /* size of modulus 'n' */
193 bits = BN_num_bits(n);
194
201 /* Go trough the file. */ 195 /* Go trough the file. */
202 while (fgets(line, sizeof(line), f)) 196 while (fgets(line, sizeof(line), f))
203 { 197 {
204 cp = line; 198 cp = line;
199 linenum++;
205 200
206 /* Skip any leading whitespace. */ 201 /* Skip any leading whitespace. */
207 for (; *cp == ' ' || *cp == '\t'; cp++) 202 for (; *cp == ' ' || *cp == '\t'; cp++)
@@ -227,7 +222,15 @@ check_host_in_hostfile(const char *filename,
227 if (!auth_rsa_read_key(&cp, &kbits, ke, kn)) 222 if (!auth_rsa_read_key(&cp, &kbits, ke, kn))
228 continue; 223 continue;
229 224
230 /* Check if the current key is the same as the previous one. */ 225 if (kbits != BN_num_bits(kn)) {
226 error("Warning: error in %s, line %d: keysize mismatch for host %s: "
227 "actual size %d vs. announced %d.",
228 filename, linenum, host, BN_num_bits(kn), kbits);
229 error("Warning: replace %d with %d in %s, line %d.",
230 kbits, BN_num_bits(kn), filename, linenum);
231 }
232
233 /* Check if the current key is the same as the given key. */
231 if (kbits == bits && BN_cmp(ke, e) == 0 && BN_cmp(kn, n) == 0) 234 if (kbits == bits && BN_cmp(ke, e) == 0 && BN_cmp(kn, n) == 0)
232 { 235 {
233 /* Ok, they match. */ 236 /* Ok, they match. */
@@ -252,21 +255,25 @@ check_host_in_hostfile(const char *filename,
252 255
253int 256int
254add_host_to_hostfile(const char *filename, const char *host, 257add_host_to_hostfile(const char *filename, const char *host,
255 unsigned int bits, BIGNUM *e, BIGNUM *n) 258 BIGNUM *e, BIGNUM *n)
256{ 259{
257 FILE *f; 260 FILE *f;
258 char *buf; 261 char *buf;
262 unsigned int bits;
259 263
260 /* Open the file for appending. */ 264 /* Open the file for appending. */
261 f = fopen(filename, "a"); 265 f = fopen(filename, "a");
262 if (!f) 266 if (!f)
263 return 0; 267 return 0;
264 268
269 /* size of modulus 'n' */
270 bits = BN_num_bits(n);
271
265 /* Print the host name and key to the file. */ 272 /* Print the host name and key to the file. */
266 fprintf(f, "%s %u ", host, bits); 273 fprintf(f, "%s %u ", host, bits);
267 buf = BN_bn2dec(e); 274 buf = BN_bn2dec(e);
268 if (buf == NULL) { 275 if (buf == NULL) {
269 error("add_host_to_hostfile: BN_bn2dec #1 failed"); 276 error("add_host_to_hostfile: BN_bn2dec(e) failed");
270 fclose(f); 277 fclose(f);
271 return 0; 278 return 0;
272 } 279 }
@@ -274,7 +281,7 @@ add_host_to_hostfile(const char *filename, const char *host,
274 free (buf); 281 free (buf);
275 buf = BN_bn2dec(n); 282 buf = BN_bn2dec(n);
276 if (buf == NULL) { 283 if (buf == NULL) {
277 error("add_host_to_hostfile: BN_bn2dec #2 failed"); 284 error("add_host_to_hostfile: BN_bn2dec(n) failed");
278 fclose(f); 285 fclose(f);
279 return 0; 286 return 0;
280 } 287 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 15:16:42 +0000