summaryrefslogtreecommitdiff
path: root/hostfile.c
diff options
context:
space:
mode:
Diffstat (limited to 'hostfile.c')
-rw-r--r--hostfile.c74
1 files changed, 40 insertions, 34 deletions
diff --git a/hostfile.c b/hostfile.c
index ad5acb68e..40dbbd478 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.c,v 1.58 2014/10/20 03:43:01 djm Exp $ */ 1/* $OpenBSD: hostfile.c,v 1.59 2015/01/15 09:40:00 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -51,10 +51,11 @@
51 51
52#include "xmalloc.h" 52#include "xmalloc.h"
53#include "match.h" 53#include "match.h"
54#include "key.h" 54#include "sshkey.h"
55#include "hostfile.h" 55#include "hostfile.h"
56#include "log.h" 56#include "log.h"
57#include "misc.h" 57#include "misc.h"
58#include "ssherr.h"
58#include "digest.h" 59#include "digest.h"
59#include "hmac.h" 60#include "hmac.h"
60 61
@@ -155,15 +156,16 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
155 */ 156 */
156 157
157int 158int
158hostfile_read_key(char **cpp, int *bitsp, Key *ret) 159hostfile_read_key(char **cpp, u_int *bitsp, struct sshkey *ret)
159{ 160{
160 char *cp; 161 char *cp;
162 int r;
161 163
162 /* Skip leading whitespace. */ 164 /* Skip leading whitespace. */
163 for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++) 165 for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++)
164 ; 166 ;
165 167
166 if (key_read(ret, &cp) != 1) 168 if ((r = sshkey_read(ret, &cp)) != 0)
167 return 0; 169 return 0;
168 170
169 /* Skip trailing whitespace. */ 171 /* Skip trailing whitespace. */
@@ -172,15 +174,13 @@ hostfile_read_key(char **cpp, int *bitsp, Key *ret)
172 174
173 /* Return results. */ 175 /* Return results. */
174 *cpp = cp; 176 *cpp = cp;
175 if (bitsp != NULL) { 177 if (bitsp != NULL)
176 if ((*bitsp = key_size(ret)) <= 0) 178 *bitsp = sshkey_size(ret);
177 return 0;
178 }
179 return 1; 179 return 1;
180} 180}
181 181
182static int 182static int
183hostfile_check_key(int bits, const Key *key, const char *host, 183hostfile_check_key(int bits, const struct sshkey *key, const char *host,
184 const char *filename, u_long linenum) 184 const char *filename, u_long linenum)
185{ 185{
186#ifdef WITH_SSH1 186#ifdef WITH_SSH1
@@ -249,8 +249,8 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
249 u_long linenum = 0, num_loaded = 0; 249 u_long linenum = 0, num_loaded = 0;
250 char *cp, *cp2, *hashed_host; 250 char *cp, *cp2, *hashed_host;
251 HostkeyMarker marker; 251 HostkeyMarker marker;
252 Key *key; 252 struct sshkey *key;
253 int kbits; 253 u_int kbits;
254 254
255 if ((f = fopen(path, "r")) == NULL) 255 if ((f = fopen(path, "r")) == NULL)
256 return; 256 return;
@@ -296,13 +296,19 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
296 * Extract the key from the line. This will skip any leading 296 * Extract the key from the line. This will skip any leading
297 * whitespace. Ignore badly formatted lines. 297 * whitespace. Ignore badly formatted lines.
298 */ 298 */
299 key = key_new(KEY_UNSPEC); 299 if ((key = sshkey_new(KEY_UNSPEC)) == NULL) {
300 error("%s: sshkey_new failed", __func__);
301 break;
302 }
300 if (!hostfile_read_key(&cp, &kbits, key)) { 303 if (!hostfile_read_key(&cp, &kbits, key)) {
301 key_free(key); 304 sshkey_free(key);
302#ifdef WITH_SSH1 305#ifdef WITH_SSH1
303 key = key_new(KEY_RSA1); 306 if ((key = sshkey_new(KEY_RSA1)) == NULL) {
307 error("%s: sshkey_new failed", __func__);
308 break;
309 }
304 if (!hostfile_read_key(&cp, &kbits, key)) { 310 if (!hostfile_read_key(&cp, &kbits, key)) {
305 key_free(key); 311 sshkey_free(key);
306 continue; 312 continue;
307 } 313 }
308#else 314#else
@@ -315,7 +321,7 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
315 debug3("%s: found %skey type %s in file %s:%lu", __func__, 321 debug3("%s: found %skey type %s in file %s:%lu", __func__,
316 marker == MRK_NONE ? "" : 322 marker == MRK_NONE ? "" :
317 (marker == MRK_CA ? "ca " : "revoked "), 323 (marker == MRK_CA ? "ca " : "revoked "),
318 key_type(key), path, linenum); 324 sshkey_type(key), path, linenum);
319 hostkeys->entries = xrealloc(hostkeys->entries, 325 hostkeys->entries = xrealloc(hostkeys->entries,
320 hostkeys->num_entries + 1, sizeof(*hostkeys->entries)); 326 hostkeys->num_entries + 1, sizeof(*hostkeys->entries));
321 hostkeys->entries[hostkeys->num_entries].host = xstrdup(host); 327 hostkeys->entries[hostkeys->num_entries].host = xstrdup(host);
@@ -339,7 +345,7 @@ free_hostkeys(struct hostkeys *hostkeys)
339 for (i = 0; i < hostkeys->num_entries; i++) { 345 for (i = 0; i < hostkeys->num_entries; i++) {
340 free(hostkeys->entries[i].host); 346 free(hostkeys->entries[i].host);
341 free(hostkeys->entries[i].file); 347 free(hostkeys->entries[i].file);
342 key_free(hostkeys->entries[i].key); 348 sshkey_free(hostkeys->entries[i].key);
343 explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); 349 explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
344 } 350 }
345 free(hostkeys->entries); 351 free(hostkeys->entries);
@@ -348,18 +354,18 @@ free_hostkeys(struct hostkeys *hostkeys)
348} 354}
349 355
350static int 356static int
351check_key_not_revoked(struct hostkeys *hostkeys, Key *k) 357check_key_not_revoked(struct hostkeys *hostkeys, struct sshkey *k)
352{ 358{
353 int is_cert = key_is_cert(k); 359 int is_cert = sshkey_is_cert(k);
354 u_int i; 360 u_int i;
355 361
356 for (i = 0; i < hostkeys->num_entries; i++) { 362 for (i = 0; i < hostkeys->num_entries; i++) {
357 if (hostkeys->entries[i].marker != MRK_REVOKE) 363 if (hostkeys->entries[i].marker != MRK_REVOKE)
358 continue; 364 continue;
359 if (key_equal_public(k, hostkeys->entries[i].key)) 365 if (sshkey_equal_public(k, hostkeys->entries[i].key))
360 return -1; 366 return -1;
361 if (is_cert && 367 if (is_cert &&
362 key_equal_public(k->cert->signature_key, 368 sshkey_equal_public(k->cert->signature_key,
363 hostkeys->entries[i].key)) 369 hostkeys->entries[i].key))
364 return -1; 370 return -1;
365 } 371 }
@@ -383,11 +389,11 @@ check_key_not_revoked(struct hostkeys *hostkeys, Key *k)
383 */ 389 */
384static HostStatus 390static HostStatus
385check_hostkeys_by_key_or_type(struct hostkeys *hostkeys, 391check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
386 Key *k, int keytype, const struct hostkey_entry **found) 392 struct sshkey *k, int keytype, const struct hostkey_entry **found)
387{ 393{
388 u_int i; 394 u_int i;
389 HostStatus end_return = HOST_NEW; 395 HostStatus end_return = HOST_NEW;
390 int want_cert = key_is_cert(k); 396 int want_cert = sshkey_is_cert(k);
391 HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; 397 HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE;
392 int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2; 398 int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2;
393 399
@@ -411,7 +417,7 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
411 break; 417 break;
412 } 418 }
413 if (want_cert) { 419 if (want_cert) {
414 if (key_equal_public(k->cert->signature_key, 420 if (sshkey_equal_public(k->cert->signature_key,
415 hostkeys->entries[i].key)) { 421 hostkeys->entries[i].key)) {
416 /* A matching CA exists */ 422 /* A matching CA exists */
417 end_return = HOST_OK; 423 end_return = HOST_OK;
@@ -420,7 +426,7 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
420 break; 426 break;
421 } 427 }
422 } else { 428 } else {
423 if (key_equal(k, hostkeys->entries[i].key)) { 429 if (sshkey_equal(k, hostkeys->entries[i].key)) {
424 end_return = HOST_OK; 430 end_return = HOST_OK;
425 if (found != NULL) 431 if (found != NULL)
426 *found = hostkeys->entries + i; 432 *found = hostkeys->entries + i;
@@ -441,7 +447,7 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
441} 447}
442 448
443HostStatus 449HostStatus
444check_key_in_hostkeys(struct hostkeys *hostkeys, Key *key, 450check_key_in_hostkeys(struct hostkeys *hostkeys, struct sshkey *key,
445 const struct hostkey_entry **found) 451 const struct hostkey_entry **found)
446{ 452{
447 if (key == NULL) 453 if (key == NULL)
@@ -463,11 +469,11 @@ lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype,
463 */ 469 */
464 470
465int 471int
466add_host_to_hostfile(const char *filename, const char *host, const Key *key, 472add_host_to_hostfile(const char *filename, const char *host,
467 int store_hash) 473 const struct sshkey *key, int store_hash)
468{ 474{
469 FILE *f; 475 FILE *f;
470 int success = 0; 476 int r, success = 0;
471 char *hashed_host = NULL; 477 char *hashed_host = NULL;
472 478
473 if (key == NULL) 479 if (key == NULL)
@@ -485,12 +491,12 @@ add_host_to_hostfile(const char *filename, const char *host, const Key *key,
485 } 491 }
486 fprintf(f, "%s ", store_hash ? hashed_host : host); 492 fprintf(f, "%s ", store_hash ? hashed_host : host);
487 493
488 if (key_write(key, f)) { 494 if ((r = sshkey_write(key, f)) != 0) {
495 error("%s: saving key in %s failed: %s",
496 __func__, filename, ssh_err(r));
497 } else
489 success = 1; 498 success = 1;
490 } else { 499 fputs("\n", f);
491 error("add_host_to_hostfile: saving key in %s failed", filename);
492 }
493 fprintf(f, "\n");
494 fclose(f); 500 fclose(f);
495 return success; 501 return success;
496} 502}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 13:38:25 +0000