diff options
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 71 |
1 files changed, 39 insertions, 32 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 2c6a56839..9b2068254 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.261 2015/01/30 01:10:33 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.262 2015/02/16 22:08:57 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1052,40 +1052,47 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) | |||
1052 | char *hashed, *cp, *hosts, *ohosts; | 1052 | char *hashed, *cp, *hosts, *ohosts; |
1053 | int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); | 1053 | int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); |
1054 | 1054 | ||
1055 | /* Retain invalid lines when hashing, but mark file as invalid. */ | 1055 | switch (l->status) { |
1056 | if (l->status == HKF_STATUS_INVALID) { | 1056 | case HKF_STATUS_OK: |
1057 | case HKF_STATUS_MATCHED: | ||
1058 | /* | ||
1059 | * Don't hash hosts already already hashed, with wildcard | ||
1060 | * characters or a CA/revocation marker. | ||
1061 | */ | ||
1062 | if ((l->match & HKF_MATCH_HOST_HASHED) != 0 || | ||
1063 | has_wild || l->marker != MRK_NONE) { | ||
1064 | fprintf(ctx->out, "%s\n", l->line); | ||
1065 | if (has_wild && !find_host) { | ||
1066 | fprintf(stderr, "%s:%ld: ignoring host name " | ||
1067 | "with wildcard: %.64s\n", l->path, | ||
1068 | l->linenum, l->hosts); | ||
1069 | } | ||
1070 | return 0; | ||
1071 | } | ||
1072 | /* | ||
1073 | * Split any comma-separated hostnames from the host list, | ||
1074 | * hash and store separately. | ||
1075 | */ | ||
1076 | ohosts = hosts = xstrdup(l->hosts); | ||
1077 | while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { | ||
1078 | if ((hashed = host_hash(cp, NULL, 0)) == NULL) | ||
1079 | fatal("hash_host failed"); | ||
1080 | fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); | ||
1081 | ctx->has_unhashed = 1; | ||
1082 | } | ||
1083 | free(ohosts); | ||
1084 | return 0; | ||
1085 | case HKF_STATUS_INVALID: | ||
1086 | /* Retain invalid lines, but mark file as invalid. */ | ||
1057 | ctx->invalid = 1; | 1087 | ctx->invalid = 1; |
1058 | fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum); | 1088 | fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum); |
1089 | /* FALLTHROUGH */ | ||
1090 | default: | ||
1059 | fprintf(ctx->out, "%s\n", l->line); | 1091 | fprintf(ctx->out, "%s\n", l->line); |
1060 | return 0; | 1092 | return 0; |
1061 | } | 1093 | } |
1062 | 1094 | /* NOTREACHED */ | |
1063 | /* | 1095 | return -1; |
1064 | * Don't hash hosts already already hashed, with wildcard characters | ||
1065 | * or a CA/revocation marker. | ||
1066 | */ | ||
1067 | if (l->was_hashed || has_wild || l->marker != MRK_NONE) { | ||
1068 | fprintf(ctx->out, "%s\n", l->line); | ||
1069 | if (has_wild && !find_host) { | ||
1070 | fprintf(stderr, "%s:%ld: ignoring host name " | ||
1071 | "with wildcard: %.64s\n", l->path, | ||
1072 | l->linenum, l->hosts); | ||
1073 | } | ||
1074 | return 0; | ||
1075 | } | ||
1076 | /* | ||
1077 | * Split any comma-separated hostnames from the host list, | ||
1078 | * hash and store separately. | ||
1079 | */ | ||
1080 | ohosts = hosts = xstrdup(l->hosts); | ||
1081 | while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { | ||
1082 | if ((hashed = host_hash(cp, NULL, 0)) == NULL) | ||
1083 | fatal("hash_host failed"); | ||
1084 | fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); | ||
1085 | ctx->has_unhashed = 1; | ||
1086 | } | ||
1087 | free(ohosts); | ||
1088 | return 0; | ||
1089 | } | 1096 | } |
1090 | 1097 | ||
1091 | static int | 1098 | static int |
@@ -1093,7 +1100,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
1093 | { | 1100 | { |
1094 | struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; | 1101 | struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; |
1095 | 1102 | ||
1096 | if (l->status == HKF_STATUS_HOST_MATCHED) { | 1103 | if (l->status == HKF_STATUS_MATCHED) { |
1097 | if (delete_host) { | 1104 | if (delete_host) { |
1098 | if (l->marker != MRK_NONE) { | 1105 | if (l->marker != MRK_NONE) { |
1099 | /* Don't remove CA and revocation lines */ | 1106 | /* Don't remove CA and revocation lines */ |
@@ -1180,7 +1187,7 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
1180 | /* XXX support identity_file == "-" for stdin */ | 1187 | /* XXX support identity_file == "-" for stdin */ |
1181 | if ((r = hostkeys_foreach(identity_file, | 1188 | if ((r = hostkeys_foreach(identity_file, |
1182 | hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, | 1189 | hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, |
1183 | name, find_host ? HKF_WANT_MATCH_HOST : 0)) != 0) | 1190 | name, NULL, find_host ? HKF_WANT_MATCH : 0)) != 0) |
1184 | fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); | 1191 | fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); |
1185 | 1192 | ||
1186 | if (inplace) | 1193 | if (inplace) |