version 1.85, 2020/10/11 22:13:37 |
version 1.86, 2020/10/18 11:32:01 |
|
|
ssh_hmac_init(ctx, salt, len) < 0 || |
ssh_hmac_init(ctx, salt, len) < 0 || |
ssh_hmac_update(ctx, host, strlen(host)) < 0 || |
ssh_hmac_update(ctx, host, strlen(host)) < 0 || |
ssh_hmac_final(ctx, result, sizeof(result))) |
ssh_hmac_final(ctx, result, sizeof(result))) |
fatal("%s: ssh_hmac failed", __func__); |
fatal_f("ssh_hmac failed"); |
ssh_hmac_free(ctx); |
ssh_hmac_free(ctx); |
|
|
if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || |
if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || |
__b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) |
__b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) |
fatal("%s: __b64_ntop failed", __func__); |
fatal_f("__b64_ntop failed"); |
|
|
snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, |
snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, |
HASH_DELIM, uu_result); |
HASH_DELIM, uu_result); |
|
|
return 0; |
return 0; |
} |
} |
|
|
debug3("%s: found %skey type %s in file %s:%lu", __func__, |
debug3_f("found %skey type %s in file %s:%lu", |
l->marker == MRK_NONE ? "" : |
l->marker == MRK_NONE ? "" : |
(l->marker == MRK_CA ? "ca " : "revoked "), |
(l->marker == MRK_CA ? "ca " : "revoked "), |
sshkey_type(l->key), l->path, l->linenum); |
sshkey_type(l->key), l->path, l->linenum); |
|
|
if ((r = hostkeys_foreach(path, record_hostkey, &ctx, host, NULL, |
if ((r = hostkeys_foreach(path, record_hostkey, &ctx, host, NULL, |
HKF_WANT_MATCH|HKF_WANT_PARSE_KEY)) != 0) { |
HKF_WANT_MATCH|HKF_WANT_PARSE_KEY)) != 0) { |
if (r != SSH_ERR_SYSTEM_ERROR && errno != ENOENT) |
if (r != SSH_ERR_SYSTEM_ERROR && errno != ENOENT) |
debug("%s: hostkeys_foreach failed for %s: %s", |
debug_fr(r, "hostkeys_foreach failed for %s", path); |
__func__, path, ssh_err(r)); |
|
} |
} |
if (ctx.num_loaded != 0) |
if (ctx.num_loaded != 0) |
debug3("%s: loaded %lu keys from %s", __func__, |
debug3_f("loaded %lu keys from %s", ctx.num_loaded, host); |
ctx.num_loaded, host); |
|
} |
} |
|
|
void |
void |
|
|
|
|
if (store_hash) { |
if (store_hash) { |
if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) { |
if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) { |
error("%s: host_hash failed", __func__); |
error_f("host_hash failed"); |
free(lhost); |
free(lhost); |
return 0; |
return 0; |
} |
} |
|
|
if ((r = sshkey_write(key, f)) == 0) |
if ((r = sshkey_write(key, f)) == 0) |
success = 1; |
success = 1; |
else |
else |
error("%s: sshkey_write failed: %s", __func__, ssh_err(r)); |
error_fr(r, "sshkey_write"); |
fputc('\n', f); |
fputc('\n', f); |
/* If hashing is enabled, the IP address needs to go on its own line */ |
/* If hashing is enabled, the IP address needs to go on its own line */ |
if (success && store_hash && ip != NULL) |
if (success && store_hash && ip != NULL) |
|
|
continue; |
continue; |
ctx->match_keys[i] |= l->match; |
ctx->match_keys[i] |= l->match; |
fprintf(ctx->out, "%s\n", l->line); |
fprintf(ctx->out, "%s\n", l->line); |
debug3("%s: %s key already at %s:%ld", __func__, |
debug3_f("%s key already at %s:%ld", |
sshkey_type(l->key), l->path, l->linenum); |
sshkey_type(l->key), l->path, l->linenum); |
return 0; |
return 0; |
} |
} |
|
|
|
|
if ((fd = mkstemp(temp)) == -1) { |
if ((fd = mkstemp(temp)) == -1) { |
oerrno = errno; |
oerrno = errno; |
error("%s: mkstemp: %s", __func__, strerror(oerrno)); |
error_f("mkstemp: %s", strerror(oerrno)); |
r = SSH_ERR_SYSTEM_ERROR; |
r = SSH_ERR_SYSTEM_ERROR; |
goto fail; |
goto fail; |
} |
} |
if ((ctx.out = fdopen(fd, "w")) == NULL) { |
if ((ctx.out = fdopen(fd, "w")) == NULL) { |
oerrno = errno; |
oerrno = errno; |
close(fd); |
close(fd); |
error("%s: fdopen: %s", __func__, strerror(oerrno)); |
error_f("fdopen: %s", strerror(oerrno)); |
r = SSH_ERR_SYSTEM_ERROR; |
r = SSH_ERR_SYSTEM_ERROR; |
goto fail; |
goto fail; |
} |
} |
|
|
if ((r = hostkeys_foreach(filename, host_delete, &ctx, host, ip, |
if ((r = hostkeys_foreach(filename, host_delete, &ctx, host, ip, |
HKF_WANT_PARSE_KEY)) != 0) { |
HKF_WANT_PARSE_KEY)) != 0) { |
oerrno = errno; |
oerrno = errno; |
error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); |
error_fr(r, "hostkeys_foreach"); |
goto fail; |
goto fail; |
} |
} |
|
|
|
|
/* Backup the original file and replace it with the temporary */ |
/* Backup the original file and replace it with the temporary */ |
if (unlink(back) == -1 && errno != ENOENT) { |
if (unlink(back) == -1 && errno != ENOENT) { |
oerrno = errno; |
oerrno = errno; |
error("%s: unlink %.100s: %s", __func__, |
error_f("unlink %.100s: %s", back, strerror(errno)); |
back, strerror(errno)); |
|
r = SSH_ERR_SYSTEM_ERROR; |
r = SSH_ERR_SYSTEM_ERROR; |
goto fail; |
goto fail; |
} |
} |
if (link(filename, back) == -1) { |
if (link(filename, back) == -1) { |
oerrno = errno; |
oerrno = errno; |
error("%s: link %.100s to %.100s: %s", __func__, |
error_f("link %.100s to %.100s: %s", filename, |
filename, back, strerror(errno)); |
back, strerror(errno)); |
r = SSH_ERR_SYSTEM_ERROR; |
r = SSH_ERR_SYSTEM_ERROR; |
goto fail; |
goto fail; |
} |
} |
if (rename(temp, filename) == -1) { |
if (rename(temp, filename) == -1) { |
oerrno = errno; |
oerrno = errno; |
error("%s: rename \"%s\" to \"%s\": %s", __func__, |
error_f("rename \"%s\" to \"%s\": %s", temp, |
temp, filename, strerror(errno)); |
filename, strerror(errno)); |
r = SSH_ERR_SYSTEM_ERROR; |
r = SSH_ERR_SYSTEM_ERROR; |
goto fail; |
goto fail; |
} |
} |
} else { |
} else { |
/* No changes made; just delete the temporary file */ |
/* No changes made; just delete the temporary file */ |
if (unlink(temp) != 0) |
if (unlink(temp) != 0) |
error("%s: unlink \"%s\": %s", __func__, |
error_f("unlink \"%s\": %s", temp, strerror(errno)); |
temp, strerror(errno)); |
|
} |
} |
|
|
/* success */ |
/* success */ |
|
|
if ((f = fopen(path, "r")) == NULL) |
if ((f = fopen(path, "r")) == NULL) |
return SSH_ERR_SYSTEM_ERROR; |
return SSH_ERR_SYSTEM_ERROR; |
|
|
debug3("%s: reading file \"%s\"", __func__, path); |
debug3_f("reading file \"%s\"", path); |
while (getline(&line, &linesize, f) != -1) { |
while (getline(&line, &linesize, f) != -1) { |
linenum++; |
linenum++; |
line[strcspn(line, "\n")] = '\0'; |
line[strcspn(line, "\n")] = '\0'; |
|
|
} |
} |
|
|
if ((lineinfo.marker = check_markers(&cp)) == MRK_ERROR) { |
if ((lineinfo.marker = check_markers(&cp)) == MRK_ERROR) { |
verbose("%s: invalid marker at %s:%lu", |
verbose_f("invalid marker at %s:%lu", path, linenum); |
__func__, path, linenum); |
|
if ((options & HKF_WANT_MATCH) == 0) |
if ((options & HKF_WANT_MATCH) == 0) |
goto bad; |
goto bad; |
continue; |
continue; |
|
|
if (host != NULL) { |
if (host != NULL) { |
if ((s = match_maybe_hashed(host, lineinfo.hosts, |
if ((s = match_maybe_hashed(host, lineinfo.hosts, |
&hashed)) == -1) { |
&hashed)) == -1) { |
debug2("%s: %s:%ld: bad host hash \"%.32s\"", |
debug2_f("%s:%ld: bad host hash \"%.32s\"", |
__func__, path, linenum, lineinfo.hosts); |
path, linenum, lineinfo.hosts); |
goto bad; |
goto bad; |
} |
} |
if (s == 1) { |
if (s == 1) { |
|
|
if (ip != NULL) { |
if (ip != NULL) { |
if ((s = match_maybe_hashed(ip, lineinfo.hosts, |
if ((s = match_maybe_hashed(ip, lineinfo.hosts, |
&hashed)) == -1) { |
&hashed)) == -1) { |
debug2("%s: %s:%ld: bad ip hash " |
debug2_f("%s:%ld: bad ip hash " |
"\"%.32s\"", __func__, path, |
"\"%.32s\"", path, linenum, |
linenum, lineinfo.hosts); |
lineinfo.hosts); |
goto bad; |
goto bad; |
} |
} |
if (s == 1) { |
if (s == 1) { |
|
|
* lines. |
* lines. |
*/ |
*/ |
if ((lineinfo.key = sshkey_new(KEY_UNSPEC)) == NULL) { |
if ((lineinfo.key = sshkey_new(KEY_UNSPEC)) == NULL) { |
error("%s: sshkey_new failed", __func__); |
error_f("sshkey_new failed"); |
r = SSH_ERR_ALLOC_FAIL; |
r = SSH_ERR_ALLOC_FAIL; |
break; |
break; |
} |
} |