Annotation of src/usr.bin/ssh/ssh-keyscan.c, Revision 1.19
1.1 markus 1: /*
2: * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
3: *
4: * Modification and redistribution in source and binary forms is
5: * permitted provided that due credit is given to the author and the
6: * OpenBSD project (for instance by leaving this copyright notice
7: * intact).
8: */
9:
10: #include "includes.h"
1.19 ! millert 11: RCSID("$OpenBSD: ssh-keyscan.c,v 1.18 2001/03/03 06:53:12 deraadt Exp $");
1.1 markus 12:
13: #include <sys/queue.h>
14: #include <errno.h>
15:
1.5 markus 16: #include <openssl/bn.h>
1.1 markus 17:
18: #include "xmalloc.h"
19: #include "ssh.h"
1.10 markus 20: #include "ssh1.h"
1.1 markus 21: #include "key.h"
22: #include "buffer.h"
23: #include "bufaux.h"
1.11 markus 24: #include "log.h"
1.18 deraadt 25: #include "atomicio.h"
1.1 markus 26:
27: static int argno = 1; /* Number of argument currently being parsed */
28:
29: int family = AF_UNSPEC; /* IPv4, IPv6 or both */
30:
31: #define MAXMAXFD 256
32:
33: /* The number of seconds after which to give up on a TCP connection */
34: int timeout = 5;
35:
36: int maxfd;
1.18 deraadt 37: #define MAXCON (maxfd - 10)
1.1 markus 38:
1.3 markus 39: extern char *__progname;
1.19 ! millert 40: fd_set *read_wait;
! 41: size_t read_wait_size;
1.1 markus 42: int ncon;
43:
44: /*
45: * Keep a connection structure for each file descriptor. The state
46: * associated with file descriptor n is held in fdcon[n].
47: */
48: typedef struct Connection {
1.6 markus 49: u_char c_status; /* State of connection on this file desc. */
1.1 markus 50: #define CS_UNUSED 0 /* File descriptor unused */
51: #define CS_CON 1 /* Waiting to connect/read greeting */
52: #define CS_SIZE 2 /* Waiting to read initial packet size */
53: #define CS_KEYS 3 /* Waiting to read public key packet */
54: int c_fd; /* Quick lookup: c->c_fd == c - fdcon */
55: int c_plen; /* Packet length field for ssh packet */
56: int c_len; /* Total bytes which must be read. */
57: int c_off; /* Length of data read so far. */
58: char *c_namebase; /* Address to free for c_name and c_namelist */
59: char *c_name; /* Hostname of connection for errors */
60: char *c_namelist; /* Pointer to other possible addresses */
61: char *c_output_name; /* Hostname of connection for output */
62: char *c_data; /* Data read from this fd */
63: struct timeval c_tv; /* Time at which connection gets aborted */
64: TAILQ_ENTRY(Connection) c_link; /* List of connections in timeout order. */
65: } con;
66:
67: TAILQ_HEAD(conlist, Connection) tq; /* Timeout Queue */
68: con *fdcon;
69:
70: /*
71: * This is just a wrapper around fgets() to make it usable.
72: */
73:
74: /* Stress-test. Increase this later. */
75: #define LINEBUF_SIZE 16
76:
77: typedef struct {
78: char *buf;
1.6 markus 79: u_int size;
1.1 markus 80: int lineno;
81: const char *filename;
82: FILE *stream;
83: void (*errfun) (const char *,...);
84: } Linebuf;
85:
1.17 deraadt 86: static __inline__ Linebuf *
1.1 markus 87: Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
88: {
89: Linebuf *lb;
90:
91: if (!(lb = malloc(sizeof(*lb)))) {
92: if (errfun)
93: (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
94: return (NULL);
95: }
96: if (filename) {
97: lb->filename = filename;
98: if (!(lb->stream = fopen(filename, "r"))) {
1.9 markus 99: xfree(lb);
1.1 markus 100: if (errfun)
101: (*errfun) ("%s: %s\n", filename, strerror(errno));
102: return (NULL);
103: }
104: } else {
105: lb->filename = "(stdin)";
106: lb->stream = stdin;
107: }
108:
109: if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) {
110: if (errfun)
111: (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
1.9 markus 112: xfree(lb);
1.1 markus 113: return (NULL);
114: }
115: lb->errfun = errfun;
116: lb->lineno = 0;
117: return (lb);
118: }
119:
1.17 deraadt 120: static __inline__ void
1.1 markus 121: Linebuf_free(Linebuf * lb)
122: {
123: fclose(lb->stream);
1.9 markus 124: xfree(lb->buf);
125: xfree(lb);
1.1 markus 126: }
127:
1.17 deraadt 128: static __inline__ void
1.1 markus 129: Linebuf_restart(Linebuf * lb)
130: {
131: clearerr(lb->stream);
132: rewind(lb->stream);
133: lb->lineno = 0;
134: }
135:
1.17 deraadt 136: static __inline__ int
1.1 markus 137: Linebuf_lineno(Linebuf * lb)
138: {
139: return (lb->lineno);
140: }
141:
1.17 deraadt 142: static __inline__ char *
1.14 markus 143: Linebuf_getline(Linebuf * lb)
1.1 markus 144: {
145: int n = 0;
146:
147: lb->lineno++;
148: for (;;) {
149: /* Read a line */
150: if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) {
151: if (ferror(lb->stream) && lb->errfun)
1.17 deraadt 152: (*lb->errfun) ("%s: %s\n", lb->filename,
153: strerror(errno));
1.1 markus 154: return (NULL);
155: }
156: n = strlen(lb->buf);
157:
158: /* Return it or an error if it fits */
159: if (n > 0 && lb->buf[n - 1] == '\n') {
160: lb->buf[n - 1] = '\0';
161: return (lb->buf);
162: }
163: if (n != lb->size - 1) {
164: if (lb->errfun)
1.17 deraadt 165: (*lb->errfun) ("%s: skipping incomplete last line\n",
166: lb->filename);
1.1 markus 167: return (NULL);
168: }
169: /* Double the buffer if we need more space */
170: if (!(lb->buf = realloc(lb->buf, (lb->size *= 2)))) {
171: if (lb->errfun)
1.17 deraadt 172: (*lb->errfun) ("linebuf (%s): realloc failed\n",
173: lb->filename);
1.1 markus 174: return (NULL);
175: }
176: }
177: }
178:
179: static int
180: fdlim_get(int hard)
181: {
182: struct rlimit rlfd;
1.17 deraadt 183:
1.1 markus 184: if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
185: return (-1);
186: if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
187: return 10000;
188: else
189: return hard ? rlfd.rlim_max : rlfd.rlim_cur;
190: }
191:
192: static int
193: fdlim_set(int lim)
194: {
195: struct rlimit rlfd;
196: if (lim <= 0)
197: return (-1);
198: if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
199: return (-1);
200: rlfd.rlim_cur = lim;
201: if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0)
202: return (-1);
203: return (0);
204: }
205:
206: /*
207: * This is an strsep function that returns a null field for adjacent
208: * separators. This is the same as the 4.4BSD strsep, but different from the
209: * one in the GNU libc.
210: */
1.17 deraadt 211: static __inline__ char *
1.1 markus 212: xstrsep(char **str, const char *delim)
213: {
214: char *s, *e;
215:
216: if (!**str)
217: return (NULL);
218:
219: s = *str;
220: e = s + strcspn(s, delim);
221:
222: if (*e != '\0')
223: *e++ = '\0';
224: *str = e;
225:
226: return (s);
227: }
228:
229: /*
230: * Get the next non-null token (like GNU strsep). Strsep() will return a
231: * null token for two adjacent separators, so we may have to loop.
232: */
233: char *
234: strnnsep(char **stringp, char *delim)
235: {
236: char *tok;
237:
238: do {
239: tok = xstrsep(stringp, delim);
240: } while (tok && *tok == '\0');
241: return (tok);
242: }
243:
244: void
245: keyprint(char *host, char *output_name, char *kd, int len)
246: {
247: static Key *rsa;
248: static Buffer msg;
249:
250: if (rsa == NULL) {
251: buffer_init(&msg);
252: rsa = key_new(KEY_RSA1);
253: }
254: buffer_append(&msg, kd, len);
255: buffer_consume(&msg, 8 - (len & 7)); /* padding */
256: if (buffer_get_char(&msg) != (int) SSH_SMSG_PUBLIC_KEY) {
257: error("%s: invalid packet type", host);
258: buffer_clear(&msg);
259: return;
260: }
261: buffer_consume(&msg, 8); /* cookie */
262:
263: /* server key */
264: (void) buffer_get_int(&msg);
265: buffer_get_bignum(&msg, rsa->rsa->e);
266: buffer_get_bignum(&msg, rsa->rsa->n);
267:
268: /* host key */
269: (void) buffer_get_int(&msg);
270: buffer_get_bignum(&msg, rsa->rsa->e);
271: buffer_get_bignum(&msg, rsa->rsa->n);
272: buffer_clear(&msg);
273:
274: fprintf(stdout, "%s ", output_name ? output_name : host);
275: key_write(rsa, stdout);
276: fputs("\n", stdout);
277: }
278:
279: int
280: tcpconnect(char *host)
281: {
282: struct addrinfo hints, *ai, *aitop;
283: char strport[NI_MAXSERV];
284: int gaierr, s = -1;
285:
1.8 markus 286: snprintf(strport, sizeof strport, "%d", SSH_DEFAULT_PORT);
1.1 markus 287: memset(&hints, 0, sizeof(hints));
288: hints.ai_family = family;
289: hints.ai_socktype = SOCK_STREAM;
290: if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
291: fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
292: for (ai = aitop; ai; ai = ai->ai_next) {
293: s = socket(ai->ai_family, SOCK_STREAM, 0);
294: if (s < 0) {
295: error("socket: %s", strerror(errno));
296: continue;
297: }
1.7 markus 298: if (fcntl(s, F_SETFL, O_NONBLOCK) < 0)
1.1 markus 299: fatal("F_SETFL: %s", strerror(errno));
300: if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 &&
301: errno != EINPROGRESS)
302: error("connect (`%s'): %s", host, strerror(errno));
303: else
304: break;
305: close(s);
306: s = -1;
307: }
308: freeaddrinfo(aitop);
309: return s;
310: }
311:
312: int
313: conalloc(char *iname, char *oname)
314: {
315: int s;
316: char *namebase, *name, *namelist;
317:
318: namebase = namelist = xstrdup(iname);
319:
320: do {
321: name = xstrsep(&namelist, ",");
322: if (!name) {
1.9 markus 323: xfree(namebase);
1.1 markus 324: return (-1);
325: }
326: } while ((s = tcpconnect(name)) < 0);
327:
328: if (s >= maxfd)
1.4 markus 329: fatal("conalloc: fdno %d too high", s);
1.1 markus 330: if (fdcon[s].c_status)
1.4 markus 331: fatal("conalloc: attempt to reuse fdno %d", s);
1.1 markus 332:
333: fdcon[s].c_fd = s;
334: fdcon[s].c_status = CS_CON;
335: fdcon[s].c_namebase = namebase;
336: fdcon[s].c_name = name;
337: fdcon[s].c_namelist = namelist;
338: fdcon[s].c_output_name = xstrdup(oname);
339: fdcon[s].c_data = (char *) &fdcon[s].c_plen;
340: fdcon[s].c_len = 4;
341: fdcon[s].c_off = 0;
342: gettimeofday(&fdcon[s].c_tv, NULL);
343: fdcon[s].c_tv.tv_sec += timeout;
344: TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
1.19 ! millert 345: FD_SET(s, read_wait);
1.1 markus 346: ncon++;
347: return (s);
348: }
349:
350: void
351: confree(int s)
352: {
353: if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
1.4 markus 354: fatal("confree: attempt to free bad fdno %d", s);
1.18 deraadt 355: close(s);
1.9 markus 356: xfree(fdcon[s].c_namebase);
357: xfree(fdcon[s].c_output_name);
1.1 markus 358: if (fdcon[s].c_status == CS_KEYS)
1.9 markus 359: xfree(fdcon[s].c_data);
1.1 markus 360: fdcon[s].c_status = CS_UNUSED;
361: TAILQ_REMOVE(&tq, &fdcon[s], c_link);
1.19 ! millert 362: FD_CLR(s, read_wait);
1.1 markus 363: ncon--;
364: }
365:
366: void
367: contouch(int s)
368: {
369: TAILQ_REMOVE(&tq, &fdcon[s], c_link);
370: gettimeofday(&fdcon[s].c_tv, NULL);
371: fdcon[s].c_tv.tv_sec += timeout;
372: TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
373: }
374:
375: int
376: conrecycle(int s)
377: {
378: int ret;
379: con *c = &fdcon[s];
380: char *iname, *oname;
381:
382: iname = xstrdup(c->c_namelist);
1.9 markus 383: oname = xstrdup(c->c_output_name);
1.1 markus 384: confree(s);
385: ret = conalloc(iname, oname);
1.9 markus 386: xfree(iname);
387: xfree(oname);
1.1 markus 388: return (ret);
389: }
390:
391: void
392: congreet(int s)
393: {
394: char buf[80];
395: int n;
396: con *c = &fdcon[s];
397:
398: n = read(s, buf, sizeof(buf));
399: if (n < 0) {
400: if (errno != ECONNREFUSED)
401: error("read (%s): %s", c->c_name, strerror(errno));
402: conrecycle(s);
403: return;
404: }
405: if (buf[n - 1] != '\n') {
406: error("%s: bad greeting", c->c_name);
407: confree(s);
408: return;
409: }
410: buf[n - 1] = '\0';
411: fprintf(stderr, "# %s %s\n", c->c_name, buf);
412: n = snprintf(buf, sizeof buf, "SSH-1.5-OpenSSH-keyscan\r\n");
1.18 deraadt 413: if (atomicio(write, s, buf, n) != n) {
1.1 markus 414: error("write (%s): %s", c->c_name, strerror(errno));
415: confree(s);
416: return;
417: }
418: c->c_status = CS_SIZE;
419: contouch(s);
420: }
421:
422: void
423: conread(int s)
424: {
425: int n;
426: con *c = &fdcon[s];
427:
428: if (c->c_status == CS_CON) {
429: congreet(s);
430: return;
431: }
432: n = read(s, c->c_data + c->c_off, c->c_len - c->c_off);
433: if (n < 0) {
434: error("read (%s): %s", c->c_name, strerror(errno));
435: confree(s);
436: return;
437: }
438: c->c_off += n;
439:
440: if (c->c_off == c->c_len)
441: switch (c->c_status) {
442: case CS_SIZE:
443: c->c_plen = htonl(c->c_plen);
444: c->c_len = c->c_plen + 8 - (c->c_plen & 7);
445: c->c_off = 0;
446: c->c_data = xmalloc(c->c_len);
447: c->c_status = CS_KEYS;
448: break;
449: case CS_KEYS:
450: keyprint(c->c_name, c->c_output_name, c->c_data, c->c_plen);
451: confree(s);
452: return;
453: break;
454: default:
1.4 markus 455: fatal("conread: invalid status %d", c->c_status);
1.1 markus 456: break;
457: }
458:
459: contouch(s);
460: }
461:
462: void
463: conloop(void)
464: {
1.19 ! millert 465: fd_set *r, *e;
1.1 markus 466: struct timeval seltime, now;
467: int i;
468: con *c;
469:
470: gettimeofday(&now, NULL);
471: c = tq.tqh_first;
472:
1.18 deraadt 473: if (c && (c->c_tv.tv_sec > now.tv_sec ||
474: (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec > now.tv_usec))) {
1.1 markus 475: seltime = c->c_tv;
476: seltime.tv_sec -= now.tv_sec;
477: seltime.tv_usec -= now.tv_usec;
1.13 itojun 478: if (seltime.tv_usec < 0) {
1.1 markus 479: seltime.tv_usec += 1000000;
480: seltime.tv_sec--;
481: }
482: } else
483: seltime.tv_sec = seltime.tv_usec = 0;
484:
1.19 ! millert 485: r = xmalloc(read_wait_size);
! 486: memcpy(r, read_wait, read_wait_size);
! 487: e = xmalloc(read_wait_size);
! 488: memcpy(e, read_wait, read_wait_size);
! 489:
! 490: while (select(maxfd, r, NULL, e, &seltime) == -1 &&
1.16 deraadt 491: (errno == EAGAIN || errno == EINTR))
492: ;
493:
1.18 deraadt 494: for (i = 0; i < maxfd; i++) {
1.19 ! millert 495: if (FD_ISSET(i, e)) {
1.1 markus 496: error("%s: exception!", fdcon[i].c_name);
497: confree(i);
1.19 ! millert 498: } else if (FD_ISSET(i, r))
1.1 markus 499: conread(i);
1.18 deraadt 500: }
1.19 ! millert 501: xfree(r);
! 502: xfree(e);
1.1 markus 503:
504: c = tq.tqh_first;
1.18 deraadt 505: while (c && (c->c_tv.tv_sec < now.tv_sec ||
506: (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
1.1 markus 507: int s = c->c_fd;
1.18 deraadt 508:
1.1 markus 509: c = c->c_link.tqe_next;
510: conrecycle(s);
511: }
512: }
513:
514: char *
515: nexthost(int argc, char **argv)
516: {
517: static Linebuf *lb;
518:
519: for (;;) {
520: if (!lb) {
521: if (argno >= argc)
522: return (NULL);
523: if (argv[argno][0] != '-')
524: return (argv[argno++]);
525: if (!strcmp(argv[argno], "--")) {
526: if (++argno >= argc)
527: return (NULL);
528: return (argv[argno++]);
529: } else if (!strncmp(argv[argno], "-f", 2)) {
530: char *fname;
1.18 deraadt 531:
1.1 markus 532: if (argv[argno][2])
533: fname = &argv[argno++][2];
534: else if (++argno >= argc) {
535: error("missing filename for `-f'");
536: return (NULL);
537: } else
538: fname = argv[argno++];
539: if (!strcmp(fname, "-"))
540: fname = NULL;
1.2 markus 541: lb = Linebuf_alloc(fname, error);
1.1 markus 542: } else
1.18 deraadt 543: error("ignoring invalid/misplaced option `%s'",
544: argv[argno++]);
1.1 markus 545: } else {
546: char *line;
1.18 deraadt 547:
1.14 markus 548: line = Linebuf_getline(lb);
1.1 markus 549: if (line)
550: return (line);
551: Linebuf_free(lb);
552: lb = NULL;
553: }
554: }
555: }
556:
557: static void
558: usage(void)
559: {
1.4 markus 560: fatal("usage: %s [-t timeout] { [--] host | -f file } ...", __progname);
1.1 markus 561: return;
562: }
563:
564: int
565: main(int argc, char **argv)
566: {
567: char *host = NULL;
568:
569: TAILQ_INIT(&tq);
570:
571: if (argc <= argno)
572: usage();
573:
574: if (argv[1][0] == '-' && argv[1][1] == 't') {
575: argno++;
576: if (argv[1][2])
577: timeout = atoi(&argv[1][2]);
578: else {
579: if (argno >= argc)
580: usage();
581: timeout = atoi(argv[argno++]);
582: }
583: if (timeout <= 0)
584: usage();
585: }
586: if (argc <= argno)
587: usage();
588:
589: maxfd = fdlim_get(1);
590: if (maxfd < 0)
1.4 markus 591: fatal("%s: fdlim_get: bad value", __progname);
1.1 markus 592: if (maxfd > MAXMAXFD)
593: maxfd = MAXMAXFD;
1.18 deraadt 594: if (MAXCON <= 0)
1.4 markus 595: fatal("%s: not enough file descriptors", __progname);
1.1 markus 596: if (maxfd > fdlim_get(0))
597: fdlim_set(maxfd);
598: fdcon = xmalloc(maxfd * sizeof(con));
1.15 itojun 599: memset(fdcon, 0, maxfd * sizeof(con));
1.19 ! millert 600:
! 601: read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
! 602: read_wait = xmalloc(read_wait_size);
! 603: memset(read_wait, 0, read_wait_size);
1.1 markus 604:
605: do {
1.18 deraadt 606: while (ncon < MAXCON) {
1.1 markus 607: char *name;
608:
609: host = nexthost(argc, argv);
610: if (host == NULL)
611: break;
612: name = strnnsep(&host, " \t\n");
613: conalloc(name, *host ? host : name);
614: }
615: conloop();
616: } while (host);
617: while (ncon > 0)
618: conloop();
619:
620: return (0);
621: }
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keyscan.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh