summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--dns.c7
-rw-r--r--dns.h4
-rw-r--r--readconf.c6
-rw-r--r--ssh-keygen.c12
-rw-r--r--sshconnect.c10
6 files changed, 10 insertions, 34 deletions
diff --git a/ChangeLog b/ChangeLog
index 486a2a981..414a51f25 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,9 @@
30 - markus@cvs.openbsd.org 2003/10/13 08:22:25 30 - markus@cvs.openbsd.org 2003/10/13 08:22:25
31 [scp.1 sftp.1] 31 [scp.1 sftp.1]
32 don't refer to options related to forwarding; ok jmc@ 32 don't refer to options related to forwarding; ok jmc@
33 - jakob@cvs.openbsd.org 2003/10/14 19:42:10
34 [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
35 include SSHFP lookup code (not enabled by default). ok markus@
33 36
3420031009 3720031009
35 - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ 38 - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@
@@ -1347,4 +1350,4 @@
1347 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. 1350 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
1348 Report from murple@murple.net, diagnosis from dtucker@zip.com.au 1351 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
1349 1352
1350$Id: ChangeLog,v 1.3076 2003/10/15 05:59:26 dtucker Exp $ 1353$Id: ChangeLog,v 1.3077 2003/10/15 06:00:47 dtucker Exp $
diff --git a/dns.c b/dns.c
index 90ab5601a..2fff1b802 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $ */ 1/* $OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2003 Wesley Griffin. All rights reserved. 4 * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -28,7 +28,6 @@
28 28
29#include "includes.h" 29#include "includes.h"
30 30
31#ifdef DNS
32#include <openssl/bn.h> 31#include <openssl/bn.h>
33#ifdef LWRES 32#ifdef LWRES
34#include <lwres/netdb.h> 33#include <lwres/netdb.h>
@@ -44,7 +43,7 @@
44#include "uuencode.h" 43#include "uuencode.h"
45 44
46extern char *__progname; 45extern char *__progname;
47RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $"); 46RCSID("$OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $");
48 47
49#ifndef LWRES 48#ifndef LWRES
50static const char *errset_text[] = { 49static const char *errset_text[] = {
@@ -286,5 +285,3 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
286 285
287 return success; 286 return success;
288} 287}
289
290#endif /* DNS */
diff --git a/dns.h b/dns.h
index ba0ea9fb4..1eb07d96e 100644
--- a/dns.h
+++ b/dns.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $ */ 1/* $OpenBSD: dns.h,v 1.4 2003/10/14 19:42:10 jakob Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2003 Wesley Griffin. All rights reserved. 4 * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -28,7 +28,6 @@
28 28
29#include "includes.h" 29#include "includes.h"
30 30
31#ifdef DNS
32#ifndef DNS_H 31#ifndef DNS_H
33#define DNS_H 32#define DNS_H
34 33
@@ -54,4 +53,3 @@ int verify_host_key_dns(const char *, struct sockaddr *, Key *);
54int export_dns_rr(const char *, Key *, FILE *, int); 53int export_dns_rr(const char *, Key *, FILE *, int);
55 54
56#endif /* DNS_H */ 55#endif /* DNS_H */
57#endif /* DNS */
diff --git a/readconf.c b/readconf.c
index e5f2620a7..86d28bc8d 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.123 2003/10/11 08:24:07 markus Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.124 2003/10/14 19:42:10 jakob Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -183,11 +183,7 @@ static struct {
183#endif 183#endif
184 { "clearallforwardings", oClearAllForwardings }, 184 { "clearallforwardings", oClearAllForwardings },
185 { "enablesshkeysign", oEnableSSHKeysign }, 185 { "enablesshkeysign", oEnableSSHKeysign },
186#ifdef DNS
187 { "verifyhostkeydns", oVerifyHostKeyDNS }, 186 { "verifyhostkeydns", oVerifyHostKeyDNS },
188#else
189 { "verifyhostkeydns", oUnsupported },
190#endif
191 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, 187 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
192 { "rekeylimit", oRekeyLimit }, 188 { "rekeylimit", oRekeyLimit },
193 { "connecttimeout", oConnectTimeout }, 189 { "connecttimeout", oConnectTimeout },
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5b7bc400a..4a3cf241a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.110 2003/10/14 19:42:10 jakob Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
@@ -32,9 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
32#ifdef SMARTCARD 32#ifdef SMARTCARD
33#include "scard.h" 33#include "scard.h"
34#endif 34#endif
35#ifdef DNS
36#include "dns.h" 35#include "dns.h"
37#endif
38 36
39/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ 37/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
40int bits = 1024; 38int bits = 1024;
@@ -625,7 +623,6 @@ do_change_passphrase(struct passwd *pw)
625 exit(0); 623 exit(0);
626} 624}
627 625
628#ifdef DNS
629/* 626/*
630 * Print the SSHFP RR. 627 * Print the SSHFP RR.
631 */ 628 */
@@ -655,7 +652,6 @@ do_print_resource_record(struct passwd *pw, char *hostname)
655 printf("failed to read v2 public key from %s.\n", identity_file); 652 printf("failed to read v2 public key from %s.\n", identity_file);
656 exit(1); 653 exit(1);
657} 654}
658#endif /* DNS */
659 655
660/* 656/*
661 * Change the comment of a private key file. 657 * Change the comment of a private key file.
@@ -774,9 +770,7 @@ usage(void)
774 fprintf(stderr, " -C comment Provide new comment.\n"); 770 fprintf(stderr, " -C comment Provide new comment.\n");
775 fprintf(stderr, " -N phrase Provide new passphrase.\n"); 771 fprintf(stderr, " -N phrase Provide new passphrase.\n");
776 fprintf(stderr, " -P phrase Provide old passphrase.\n"); 772 fprintf(stderr, " -P phrase Provide old passphrase.\n");
777#ifdef DNS
778 fprintf(stderr, " -r hostname Print DNS resource record.\n"); 773 fprintf(stderr, " -r hostname Print DNS resource record.\n");
779#endif /* DNS */
780#ifdef SMARTCARD 774#ifdef SMARTCARD
781 fprintf(stderr, " -D reader Download public key from smartcard.\n"); 775 fprintf(stderr, " -D reader Download public key from smartcard.\n");
782 fprintf(stderr, " -U reader Upload private key to smartcard.\n"); 776 fprintf(stderr, " -U reader Upload private key to smartcard.\n");
@@ -959,11 +953,7 @@ main(int ac, char **av)
959 if (print_public) 953 if (print_public)
960 do_print_public(pw); 954 do_print_public(pw);
961 if (resource_record_hostname != NULL) { 955 if (resource_record_hostname != NULL) {
962#ifdef DNS
963 do_print_resource_record(pw, resource_record_hostname); 956 do_print_resource_record(pw, resource_record_hostname);
964#else /* DNS */
965 fatal("no DNS support.");
966#endif /* DNS */
967 } 957 }
968 if (reader_id != NULL) { 958 if (reader_id != NULL) {
969#ifdef SMARTCARD 959#ifdef SMARTCARD
diff --git a/sshconnect.c b/sshconnect.c
index f29ac8088..2c028f3a6 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $"); 16RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19 19
@@ -33,16 +33,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
33#include "misc.h" 33#include "misc.h"
34#include "readpass.h" 34#include "readpass.h"
35 35
36#ifdef DNS
37#include "dns.h" 36#include "dns.h"
38#endif
39 37
40char *client_version_string = NULL; 38char *client_version_string = NULL;
41char *server_version_string = NULL; 39char *server_version_string = NULL;
42 40
43#ifdef DNS
44int verified_host_key_dns = 0; 41int verified_host_key_dns = 0;
45#endif
46 42
47/* import */ 43/* import */
48extern Options options; 44extern Options options;
@@ -730,7 +726,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
730 /* The default */ 726 /* The default */
731 fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); 727 fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
732 msg2[0] = '\0'; 728 msg2[0] = '\0';
733#ifdef DNS
734 if (options.verify_host_key_dns) { 729 if (options.verify_host_key_dns) {
735 if (verified_host_key_dns) 730 if (verified_host_key_dns)
736 snprintf(msg2, sizeof(msg2), 731 snprintf(msg2, sizeof(msg2),
@@ -741,7 +736,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
741 "No matching host key fingerprint" 736 "No matching host key fingerprint"
742 " found in DNS.\n"); 737 " found in DNS.\n");
743 } 738 }
744#endif
745 snprintf(msg, sizeof(msg), 739 snprintf(msg, sizeof(msg),
746 "The authenticity of host '%.200s (%s)' can't be " 740 "The authenticity of host '%.200s (%s)' can't be "
747 "established%s\n" 741 "established%s\n"
@@ -908,7 +902,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
908{ 902{
909 struct stat st; 903 struct stat st;
910 904
911#ifdef DNS
912 if (options.verify_host_key_dns) { 905 if (options.verify_host_key_dns) {
913 switch(verify_host_key_dns(host, hostaddr, host_key)) { 906 switch(verify_host_key_dns(host, hostaddr, host_key)) {
914 case DNS_VERIFY_OK: 907 case DNS_VERIFY_OK:
@@ -927,7 +920,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
927 break; 920 break;
928 } 921 }
929 } 922 }
930#endif /* DNS */
931 923
932 /* return ok if the key can be found in an old keyfile */ 924 /* return ok if the key can be found in an old keyfile */
933 if (stat(options.system_hostfile2, &st) == 0 || 925 if (stat(options.system_hostfile2, &st) == 0 ||
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 07:16:08 +0000