=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v retrieving revision 1.117.2.3 retrieving revision 1.118 diff -u -r1.117.2.3 -r1.118 --- src/usr.bin/ssh/ssh-keygen.c 2005/09/02 03:45:01 1.117.2.3 +++ src/usr.bin/ssh/ssh-keygen.c 2004/12/23 17:38:07 1.118 @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.117.2.3 2005/09/02 03:45:01 brad Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.118 2004/12/23 17:38:07 markus Exp $"); #include #include @@ -27,8 +27,6 @@ #include "pathnames.h" #include "log.h" #include "misc.h" -#include "match.h" -#include "hostfile.h" #ifdef SMARTCARD #include "scard.h" @@ -36,7 +34,7 @@ #include "dns.h" /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ -u_int32_t bits = 2048; +int bits = 1024; /* * Flag indicating that we just want to change the passphrase. This can be @@ -52,13 +50,6 @@ int quiet = 0; -/* Flag indicating that we want to hash a known_hosts file */ -int hash_hosts = 0; -/* Flag indicating that we want lookup a host in known_hosts file */ -int find_host = 0; -/* Flag indicating that we want to delete a host from a known_hosts file */ -int delete_host = 0; - /* Flag indicating that we just want to see the key fingerprint */ int print_fingerprint = 0; int print_bubblebabble = 0; @@ -90,7 +81,7 @@ char hostname[MAXHOSTNAMELEN]; /* moduli.c */ -int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); +int gen_candidates(FILE *, int, int, BIGNUM *); int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); static void @@ -550,201 +541,6 @@ exit(0); } -static void -print_host(FILE *f, char *name, Key *public, int hash) -{ - if (hash && (name = host_hash(name, NULL, 0)) == NULL) - fatal("hash_host failed"); - fprintf(f, "%s ", name); - if (!key_write(public, f)) - fatal("key_write failed"); - fprintf(f, "\n"); -} - -static void -do_known_hosts(struct passwd *pw, const char *name) -{ - FILE *in, *out = stdout; - Key *public; - char *cp, *cp2, *kp, *kp2; - char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN]; - int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0; - - if (!have_identity) { - cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); - if (strlcpy(identity_file, cp, sizeof(identity_file)) >= - sizeof(identity_file)) - fatal("Specified known hosts path too long"); - xfree(cp); - have_identity = 1; - } - if ((in = fopen(identity_file, "r")) == NULL) - fatal("fopen: %s", strerror(errno)); - - /* - * Find hosts goes to stdout, hash and deletions happen in-place - * A corner case is ssh-keygen -HF foo, which should go to stdout - */ - if (!find_host && (hash_hosts || delete_host)) { - if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) || - strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) || - strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) || - strlcat(old, ".old", sizeof(old)) >= sizeof(old)) - fatal("known_hosts path too long"); - umask(077); - if ((c = mkstemp(tmp)) == -1) - fatal("mkstemp: %s", strerror(errno)); - if ((out = fdopen(c, "w")) == NULL) { - c = errno; - unlink(tmp); - fatal("fdopen: %s", strerror(c)); - } - inplace = 1; - } - - while (fgets(line, sizeof(line), in)) { - num++; - i = strlen(line) - 1; - if (line[i] != '\n') { - error("line %d too long: %.40s...", num, line); - skip = 1; - invalid = 1; - continue; - } - if (skip) { - skip = 0; - continue; - } - line[i] = '\0'; - - /* Skip leading whitespace, empty and comment lines. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++) - ; - if (!*cp || *cp == '\n' || *cp == '#') { - if (inplace) - fprintf(out, "%s\n", cp); - continue; - } - /* Find the end of the host name portion. */ - for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++) - ; - if (*kp == '\0' || *(kp + 1) == '\0') { - error("line %d missing key: %.40s...", - num, line); - invalid = 1; - continue; - } - *kp++ = '\0'; - kp2 = kp; - - public = key_new(KEY_RSA1); - if (key_read(public, &kp) != 1) { - kp = kp2; - key_free(public); - public = key_new(KEY_UNSPEC); - if (key_read(public, &kp) != 1) { - error("line %d invalid key: %.40s...", - num, line); - key_free(public); - invalid = 1; - continue; - } - } - - if (*cp == HASH_DELIM) { - if (find_host || delete_host) { - cp2 = host_hash(name, cp, strlen(cp)); - if (cp2 == NULL) { - error("line %d: invalid hashed " - "name: %.64s...", num, line); - invalid = 1; - continue; - } - c = (strcmp(cp2, cp) == 0); - if (find_host && c) { - printf("# Host %s found: " - "line %d type %s\n", name, - num, key_type(public)); - print_host(out, cp, public, 0); - } - if (delete_host && !c) - print_host(out, cp, public, 0); - } else if (hash_hosts) - print_host(out, cp, public, 0); - } else { - if (find_host || delete_host) { - c = (match_hostname(name, cp, - strlen(cp)) == 1); - if (find_host && c) { - printf("# Host %s found: " - "line %d type %s\n", name, - num, key_type(public)); - print_host(out, cp, public, hash_hosts); - } - if (delete_host && !c) - print_host(out, cp, public, 0); - } else if (hash_hosts) { - for (cp2 = strsep(&cp, ","); - cp2 != NULL && *cp2 != '\0'; - cp2 = strsep(&cp, ",")) { - if (strcspn(cp2, "*?!") != strlen(cp2)) - fprintf(stderr, "Warning: " - "ignoring host name with " - "metacharacters: %.64s\n", - cp2); - else - print_host(out, cp2, public, 1); - } - has_unhashed = 1; - } - } - key_free(public); - } - fclose(in); - - if (invalid) { - fprintf(stderr, "%s is not a valid known_host file.\n", - identity_file); - if (inplace) { - fprintf(stderr, "Not replacing existing known_hosts " - "file because of errors\n"); - fclose(out); - unlink(tmp); - } - exit(1); - } - - if (inplace) { - fclose(out); - - /* Backup existing file */ - if (unlink(old) == -1 && errno != ENOENT) - fatal("unlink %.100s: %s", old, strerror(errno)); - if (link(identity_file, old) == -1) - fatal("link %.100s to %.100s: %s", identity_file, old, - strerror(errno)); - /* Move new one into place */ - if (rename(tmp, identity_file) == -1) { - error("rename\"%s\" to \"%s\": %s", tmp, identity_file, - strerror(errno)); - unlink(tmp); - unlink(old); - exit(1); - } - - fprintf(stderr, "%s updated.\n", identity_file); - fprintf(stderr, "Original contents retained as %s\n", old); - if (has_unhashed) { - fprintf(stderr, "WARNING: %s contains unhashed " - "entries\n", old); - fprintf(stderr, "Delete this file to ensure privacy " - "of hostnames\n"); - } - } - - exit(0); -} - /* * Perform changing a passphrase. The argument is the passwd structure * for the current user. @@ -959,39 +755,30 @@ { fprintf(stderr, "Usage: %s [options]\n", __progname); fprintf(stderr, "Options:\n"); - fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n"); - fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); fprintf(stderr, " -b bits Number of bits in the key to create.\n"); - fprintf(stderr, " -C comment Provide new comment.\n"); fprintf(stderr, " -c Change comment in private and public key files.\n"); -#ifdef SMARTCARD - fprintf(stderr, " -D reader Download public key from smartcard.\n"); -#endif /* SMARTCARD */ fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n"); - fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); fprintf(stderr, " -f filename Filename of the key file.\n"); - fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); fprintf(stderr, " -g Use generic DNS resource record format.\n"); - fprintf(stderr, " -H Hash names in known_hosts file.\n"); fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n"); fprintf(stderr, " -l Show fingerprint of key file.\n"); - fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); - fprintf(stderr, " -N phrase Provide new passphrase.\n"); - fprintf(stderr, " -P phrase Provide old passphrase.\n"); fprintf(stderr, " -p Change passphrase of private key file.\n"); fprintf(stderr, " -q Quiet.\n"); - fprintf(stderr, " -R hostname Remove host from known_hosts file.\n"); - fprintf(stderr, " -r hostname Print DNS resource record.\n"); - fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); - fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); + fprintf(stderr, " -y Read private key file and print public key.\n"); fprintf(stderr, " -t type Specify type of key to create.\n"); + fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); + fprintf(stderr, " -C comment Provide new comment.\n"); + fprintf(stderr, " -N phrase Provide new passphrase.\n"); + fprintf(stderr, " -P phrase Provide old passphrase.\n"); + fprintf(stderr, " -r hostname Print DNS resource record.\n"); #ifdef SMARTCARD + fprintf(stderr, " -D reader Download public key from smartcard.\n"); fprintf(stderr, " -U reader Upload private key to smartcard.\n"); #endif /* SMARTCARD */ - fprintf(stderr, " -v Verbose.\n"); - fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); - fprintf(stderr, " -y Read private key file and print public key.\n"); + fprintf(stderr, " -G file Generate candidates for DH-GEX moduli\n"); + fprintf(stderr, " -T file Screen candidates for DH-GEX moduli\n"); + exit(1); } @@ -1003,17 +790,16 @@ { char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; char out_file[MAXPATHLEN], *reader_id = NULL; - char *rr_hostname = NULL; + char *resource_record_hostname = NULL; Key *private, *public; struct passwd *pw; struct stat st; - int opt, type, fd, download = 0; - u_int32_t memory = 0, generator_wanted = 0, trials = 100; + int opt, type, fd, download = 0, memory = 0; + int generator_wanted = 0, trials = 100; int do_gen_candidates = 0, do_screen_candidates = 0; int log_level = SYSLOG_LEVEL_INFO; BIGNUM *start = NULL; FILE *f; - const char *errstr; extern int optind; extern char *optarg; @@ -1033,25 +819,15 @@ } while ((opt = getopt(ac, av, - "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { + "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': - bits = strtonum(optarg, 512, 32768, &errstr); - if (errstr) - fatal("Bits has bad value %s (%s)", - optarg, errstr); + bits = atoi(optarg); + if (bits < 512 || bits > 32768) { + printf("Bits has bad value.\n"); + exit(1); + } break; - case 'F': - find_host = 1; - rr_hostname = optarg; - break; - case 'H': - hash_hosts = 1; - break; - case 'R': - delete_host = 1; - rr_hostname = optarg; - break; case 'l': print_fingerprint = 1; break; @@ -1065,9 +841,7 @@ change_comment = 1; break; case 'f': - if (strlcpy(identity_file, optarg, sizeof(identity_file)) >= - sizeof(identity_file)) - fatal("Identity filename too long"); + strlcpy(identity_file, optarg, sizeof(identity_file)); have_identity = 1; break; case 'g': @@ -1085,6 +859,10 @@ case 'q': quiet = 1; break; + case 'R': + /* unused */ + exit(0); + break; case 'e': case 'x': /* export key */ @@ -1119,37 +897,26 @@ } break; case 'r': - rr_hostname = optarg; + resource_record_hostname = optarg; break; case 'W': - generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr); - if (errstr) - fatal("Desired generator has bad value: %s (%s)", - optarg, errstr); + generator_wanted = atoi(optarg); + if (generator_wanted < 1) + fatal("Desired generator has bad value."); break; case 'a': - trials = strtonum(optarg, 1, UINT_MAX, &errstr); - if (errstr) - fatal("Invalid number of trials: %s (%s)", - optarg, errstr); + trials = atoi(optarg); break; case 'M': - memory = strtonum(optarg, 1, UINT_MAX, &errstr); - if (errstr) { - fatal("Memory limit is %s: %s", errstr, optarg); - } + memory = atoi(optarg); break; case 'G': do_gen_candidates = 1; - if (strlcpy(out_file, optarg, sizeof(out_file)) >= - sizeof(out_file)) - fatal("Output filename too long"); + strlcpy(out_file, optarg, sizeof(out_file)); break; case 'T': do_screen_candidates = 1; - if (strlcpy(out_file, optarg, sizeof(out_file)) >= - sizeof(out_file)) - fatal("Output filename too long"); + strlcpy(out_file, optarg, sizeof(out_file)); break; case 'S': /* XXX - also compare length against bits */ @@ -1173,8 +940,6 @@ printf("Can only have one of -p and -c.\n"); usage(); } - if (delete_host || hash_hosts || find_host) - do_known_hosts(pw, rr_hostname); if (print_fingerprint || print_bubblebabble) do_fingerprint(pw); if (change_passphrase) @@ -1187,8 +952,8 @@ do_convert_from_ssh2(pw); if (print_public) do_print_public(pw); - if (rr_hostname != NULL) { - do_print_resource_record(pw, rr_hostname); + if (resource_record_hostname != NULL) { + do_print_resource_record(pw, resource_record_hostname); } if (reader_id != NULL) { #ifdef SMARTCARD