version 1.18.2.5, 2001/03/21 18:52:46 |
version 1.19, 2000/06/06 19:32:13 |
|
|
/* |
/* |
|
* |
|
* hostfile.c |
|
* |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
|
* |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* All rights reserved |
* All rights reserved |
* Functions for manipulating the known hosts files. |
|
* |
* |
* As far as I am concerned, the code I have written for this software |
* Created: Thu Jun 29 07:10:56 1995 ylo |
* can be used freely for any purpose. Any derived versions of this |
|
* software must be clearly marked as such, and if the derived work is |
|
* incompatible with the protocol description in the RFC file, it must be |
|
* called by a name other than "ssh" or "Secure Shell". |
|
* |
* |
|
* Functions for manipulating the known hosts files. |
* |
* |
* Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
|
* Copyright (c) 1999 Niels Provos. All rights reserved. |
|
* |
|
* Redistribution and use in source and binary forms, with or without |
|
* modification, are permitted provided that the following conditions |
|
* are met: |
|
* 1. Redistributions of source code must retain the above copyright |
|
* notice, this list of conditions and the following disclaimer. |
|
* 2. Redistributions in binary form must reproduce the above copyright |
|
* notice, this list of conditions and the following disclaimer in the |
|
* documentation and/or other materials provided with the distribution. |
|
* |
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
*/ |
*/ |
|
|
#include "includes.h" |
#include "includes.h" |
|
|
|
|
#include "packet.h" |
#include "packet.h" |
#include "match.h" |
#include "match.h" |
|
#include "ssh.h" |
|
#include <openssl/rsa.h> |
|
#include <openssl/dsa.h> |
#include "key.h" |
#include "key.h" |
#include "hostfile.h" |
#include "hostfile.h" |
#include "log.h" |
|
|
|
/* |
/* |
* Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the |
* Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the |
|
|
*/ |
*/ |
|
|
int |
int |
hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) |
hostfile_read_key(char **cpp, unsigned int *bitsp, Key *ret) |
{ |
{ |
|
unsigned int bits; |
char *cp; |
char *cp; |
|
|
/* Skip leading whitespace. */ |
/* Skip leading whitespace. */ |
for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++) |
for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++) |
; |
; |
|
|
if (key_read(ret, &cp) != 1) |
bits = key_read(ret, &cp); |
|
if (bits == 0) |
return 0; |
return 0; |
|
|
/* Skip trailing whitespace. */ |
/* Skip trailing whitespace. */ |
|
|
|
|
/* Return results. */ |
/* Return results. */ |
*cpp = cp; |
*cpp = cp; |
*bitsp = key_size(ret); |
*bitsp = bits; |
return 1; |
return 1; |
} |
} |
|
|
int |
int |
auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n) |
auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n) |
{ |
{ |
Key *k = key_new(KEY_RSA1); |
Key *k = key_new(KEY_RSA); |
int ret = hostfile_read_key(cpp, bitsp, k); |
int ret = hostfile_read_key(cpp, bitsp, k); |
BN_copy(e, k->rsa->e); |
BN_copy(e, k->rsa->e); |
BN_copy(n, k->rsa->n); |
BN_copy(n, k->rsa->n); |
|
|
int |
int |
hostfile_check_key(int bits, Key *key, const char *host, const char *filename, int linenum) |
hostfile_check_key(int bits, Key *key, const char *host, const char *filename, int linenum) |
{ |
{ |
if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL) |
if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) |
return 1; |
return 1; |
if (bits != BN_num_bits(key->rsa->n)) { |
if (bits != BN_num_bits(key->rsa->n)) { |
log("Warning: %s, line %d: keysize mismatch for host %s: " |
log("Warning: %s, line %d: keysize mismatch for host %s: " |
|
|
*/ |
*/ |
|
|
HostStatus |
HostStatus |
check_host_in_hostfile(const char *filename, const char *host, Key *key, |
check_host_in_hostfile(const char *filename, const char *host, Key *key, Key *found) |
Key *found, int *numret) |
|
{ |
{ |
FILE *f; |
FILE *f; |
char line[8192]; |
char line[8192]; |
int linenum = 0; |
int linenum = 0; |
u_int kbits, hostlen; |
unsigned int kbits, hostlen; |
char *cp, *cp2; |
char *cp, *cp2; |
HostStatus end_return; |
HostStatus end_return; |
|
|
|
|
; |
; |
|
|
/* Check if the host name matches. */ |
/* Check if the host name matches. */ |
if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) |
if (match_hostname(host, cp, (unsigned int) (cp2 - cp)) != 1) |
continue; |
continue; |
|
|
/* Got a match. Skip host name. */ |
/* Got a match. Skip host name. */ |
|
|
continue; |
continue; |
if (!hostfile_check_key(kbits, found, host, filename, linenum)) |
if (!hostfile_check_key(kbits, found, host, filename, linenum)) |
continue; |
continue; |
|
|
if (numret != NULL) |
|
*numret = linenum; |
|
|
|
/* Check if the current key is the same as the given key. */ |
/* Check if the current key is the same as the given key. */ |
if (key_equal(key, found)) { |
if (key_equal(key, found)) { |