version 1.246, 2014/04/29 18:01:49 |
version 1.249, 2014/07/03 03:47:27 |
|
|
|
|
#include <errno.h> |
#include <errno.h> |
#include <fcntl.h> |
#include <fcntl.h> |
|
#include <netdb.h> |
#include <pwd.h> |
#include <pwd.h> |
#include <stdio.h> |
#include <stdio.h> |
#include <stdlib.h> |
#include <stdlib.h> |
|
|
/* argv0 */ |
/* argv0 */ |
extern char *__progname; |
extern char *__progname; |
|
|
char hostname[MAXHOSTNAMELEN]; |
char hostname[NI_MAXHOST]; |
|
|
/* moduli.c */ |
/* moduli.c */ |
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
|
|
buffer_get_bignum_bits(&b, key->rsa->iqmp); |
buffer_get_bignum_bits(&b, key->rsa->iqmp); |
buffer_get_bignum_bits(&b, key->rsa->q); |
buffer_get_bignum_bits(&b, key->rsa->q); |
buffer_get_bignum_bits(&b, key->rsa->p); |
buffer_get_bignum_bits(&b, key->rsa->p); |
rsa_generate_additional_parameters(key->rsa); |
if (rsa_generate_additional_parameters(key->rsa) != 0) |
|
fatal("%s: rsa_generate_additional_parameters " |
|
"error", __func__); |
break; |
break; |
} |
} |
rlen = buffer_len(&b); |
rlen = buffer_len(&b); |
|
|
} |
} |
|
|
static void |
static void |
printhost(FILE *f, const char *name, Key *public, int ca, int hash) |
printhost(FILE *f, const char *name, Key *public, int ca, int revoked, int hash) |
{ |
{ |
if (print_fingerprint) { |
if (print_fingerprint) { |
enum fp_rep rep; |
enum fp_rep rep; |
|
|
} else { |
} else { |
if (hash && (name = host_hash(name, NULL, 0)) == NULL) |
if (hash && (name = host_hash(name, NULL, 0)) == NULL) |
fatal("hash_host failed"); |
fatal("hash_host failed"); |
fprintf(f, "%s%s%s ", ca ? CA_MARKER : "", ca ? " " : "", name); |
fprintf(f, "%s%s%s ", ca ? CA_MARKER " " : "", |
|
revoked ? REVOKE_MARKER " " : "" , name); |
if (!key_write(public, f)) |
if (!key_write(public, f)) |
fatal("key_write failed"); |
fatal("key_write failed"); |
fprintf(f, "\n"); |
fprintf(f, "\n"); |
|
|
char *cp, *cp2, *kp, *kp2; |
char *cp, *cp2, *kp, *kp2; |
char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN]; |
char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN]; |
int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0; |
int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0; |
int ca; |
int ca, revoked; |
int found_key = 0; |
int found_key = 0; |
|
|
if (!have_identity) { |
if (!have_identity) { |
|
|
if ((in = fopen(identity_file, "r")) == NULL) |
if ((in = fopen(identity_file, "r")) == NULL) |
fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); |
fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); |
|
|
|
/* XXX this code is a mess; refactor -djm */ |
/* |
/* |
* Find hosts goes to stdout, hash and deletions happen in-place |
* Find hosts goes to stdout, hash and deletions happen in-place |
* A corner case is ssh-keygen -HF foo, which should go to stdout |
* A corner case is ssh-keygen -HF foo, which should go to stdout |
|
|
fprintf(out, "%s\n", cp); |
fprintf(out, "%s\n", cp); |
continue; |
continue; |
} |
} |
/* Check whether this is a CA key */ |
/* Check whether this is a CA key or revocation marker */ |
if (strncasecmp(cp, CA_MARKER, sizeof(CA_MARKER) - 1) == 0 && |
if (strncasecmp(cp, CA_MARKER, sizeof(CA_MARKER) - 1) == 0 && |
(cp[sizeof(CA_MARKER) - 1] == ' ' || |
(cp[sizeof(CA_MARKER) - 1] == ' ' || |
cp[sizeof(CA_MARKER) - 1] == '\t')) { |
cp[sizeof(CA_MARKER) - 1] == '\t')) { |
|
|
cp += sizeof(CA_MARKER); |
cp += sizeof(CA_MARKER); |
} else |
} else |
ca = 0; |
ca = 0; |
|
if (strncasecmp(cp, REVOKE_MARKER, |
|
sizeof(REVOKE_MARKER) - 1) == 0 && |
|
(cp[sizeof(REVOKE_MARKER) - 1] == ' ' || |
|
cp[sizeof(REVOKE_MARKER) - 1] == '\t')) { |
|
revoked = 1; |
|
cp += sizeof(REVOKE_MARKER); |
|
} else |
|
revoked = 0; |
|
|
/* Find the end of the host name portion. */ |
/* Find the end of the host name portion. */ |
for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++) |
for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++) |
|
|
printf("# Host %s found: " |
printf("# Host %s found: " |
"line %d type %s%s\n", name, |
"line %d type %s%s\n", name, |
num, key_type(pub), |
num, key_type(pub), |
ca ? " (CA key)" : ""); |
ca ? " (CA key)" : |
printhost(out, cp, pub, ca, 0); |
revoked? " (revoked)" : ""); |
|
printhost(out, cp, pub, ca, revoked, 0); |
found_key = 1; |
found_key = 1; |
} |
} |
if (delete_host) { |
if (delete_host) { |
if (!c && !ca) |
if (!c || ca || revoked) { |
printhost(out, cp, pub, ca, 0); |
printhost(out, cp, pub, |
else |
ca, revoked, 0); |
|
} else { |
printf("# Host %s found: " |
printf("# Host %s found: " |
"line %d type %s\n", name, |
"line %d type %s\n", name, |
num, key_type(pub)); |
num, key_type(pub)); |
|
} |
} |
} |
} else if (hash_hosts) |
} else if (hash_hosts) |
printhost(out, cp, pub, ca, 0); |
printhost(out, cp, pub, ca, revoked, 0); |
} else { |
} else { |
if (find_host || delete_host) { |
if (find_host || delete_host) { |
c = (match_hostname(name, cp, |
c = (match_hostname(name, cp, |
|
|
"line %d type %s%s\n", name, |
"line %d type %s%s\n", name, |
num, key_type(pub), |
num, key_type(pub), |
ca ? " (CA key)" : ""); |
ca ? " (CA key)" : ""); |
printhost(out, name, pub, |
printhost(out, name, pub, ca, revoked, |
ca, hash_hosts && !ca); |
hash_hosts && !(ca || revoked)); |
found_key = 1; |
found_key = 1; |
} |
} |
if (delete_host) { |
if (delete_host) { |
if (!c && !ca) |
if (!c || ca || revoked) { |
printhost(out, cp, pub, ca, 0); |
printhost(out, cp, pub, |
else |
ca, revoked, 0); |
|
} else { |
printf("# Host %s found: " |
printf("# Host %s found: " |
"line %d type %s\n", name, |
"line %d type %s\n", name, |
num, key_type(pub)); |
num, key_type(pub)); |
|
} |
} |
} |
|
} else if (hash_hosts && (ca || revoked)) { |
|
/* Don't hash CA and revoked keys' hostnames */ |
|
printhost(out, cp, pub, ca, revoked, 0); |
|
has_unhashed = 1; |
} else if (hash_hosts) { |
} else if (hash_hosts) { |
|
/* Hash each hostname separately */ |
for (cp2 = strsep(&cp, ","); |
for (cp2 = strsep(&cp, ","); |
cp2 != NULL && *cp2 != '\0'; |
cp2 != NULL && *cp2 != '\0'; |
cp2 = strsep(&cp, ",")) { |
cp2 = strsep(&cp, ",")) { |
if (ca) { |
if (strcspn(cp2, "*?!") != |
fprintf(stderr, "Warning: " |
|
"ignoring CA key for host: " |
|
"%.64s\n", cp2); |
|
printhost(out, cp2, pub, ca, 0); |
|
} else if (strcspn(cp2, "*?!") != |
|
strlen(cp2)) { |
strlen(cp2)) { |
fprintf(stderr, "Warning: " |
fprintf(stderr, "Warning: " |
"ignoring host name with " |
"ignoring host name with " |
"metacharacters: %.64s\n", |
"metacharacters: %.64s\n", |
cp2); |
cp2); |
printhost(out, cp2, pub, ca, 0); |
printhost(out, cp2, pub, ca, |
} else |
revoked, 0); |
printhost(out, cp2, pub, ca, 1); |
has_unhashed = 1; |
|
} else { |
|
printhost(out, cp2, pub, ca, |
|
revoked, 1); |
|
} |
} |
} |
has_unhashed = 1; |
|
} |
} |
} |
} |
key_free(pub); |
key_free(pub); |
|
|
public->cert->valid_after = cert_valid_from; |
public->cert->valid_after = cert_valid_from; |
public->cert->valid_before = cert_valid_to; |
public->cert->valid_before = cert_valid_to; |
if (v00) { |
if (v00) { |
prepare_options_buf(&public->cert->critical, |
prepare_options_buf(public->cert->critical, |
OPTIONS_CRITICAL|OPTIONS_EXTENSIONS); |
OPTIONS_CRITICAL|OPTIONS_EXTENSIONS); |
} else { |
} else { |
prepare_options_buf(&public->cert->critical, |
prepare_options_buf(public->cert->critical, |
OPTIONS_CRITICAL); |
OPTIONS_CRITICAL); |
prepare_options_buf(&public->cert->extensions, |
prepare_options_buf(public->cert->extensions, |
OPTIONS_EXTENSIONS); |
OPTIONS_EXTENSIONS); |
} |
} |
public->cert->signature_key = key_from_private(ca); |
public->cert->signature_key = key_from_private(ca); |
|
|
printf("\n"); |
printf("\n"); |
} |
} |
printf(" Critical Options: "); |
printf(" Critical Options: "); |
if (buffer_len(&key->cert->critical) == 0) |
if (buffer_len(key->cert->critical) == 0) |
printf("(none)\n"); |
printf("(none)\n"); |
else { |
else { |
printf("\n"); |
printf("\n"); |
show_options(&key->cert->critical, v00, 1); |
show_options(key->cert->critical, v00, 1); |
} |
} |
if (!v00) { |
if (!v00) { |
printf(" Extensions: "); |
printf(" Extensions: "); |
if (buffer_len(&key->cert->extensions) == 0) |
if (buffer_len(key->cert->extensions) == 0) |
printf("(none)\n"); |
printf("(none)\n"); |
else { |
else { |
printf("\n"); |
printf("\n"); |
show_options(&key->cert->extensions, v00, 0); |
show_options(key->cert->extensions, v00, 0); |
} |
} |
} |
} |
exit(0); |
exit(0); |