Annotation of src/usr.bin/ssh/ssh-keyscan.c, Revision 1.23
1.1 markus 1: /*
2: * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
3: *
4: * Modification and redistribution in source and binary forms is
5: * permitted provided that due credit is given to the author and the
1.23 ! pvalchev 6: * OpenBSD project by leaving this copyright notice intact.
1.1 markus 7: */
8:
9: #include "includes.h"
1.23 ! pvalchev 10: RCSID("$OpenBSD: ssh-keyscan.c,v 1.22 2001/03/06 06:11:18 deraadt Exp $");
1.1 markus 11:
12: #include <sys/queue.h>
13: #include <errno.h>
14:
1.5 markus 15: #include <openssl/bn.h>
1.1 markus 16:
17: #include "xmalloc.h"
18: #include "ssh.h"
1.10 markus 19: #include "ssh1.h"
1.1 markus 20: #include "key.h"
21: #include "buffer.h"
22: #include "bufaux.h"
1.11 markus 23: #include "log.h"
1.18 deraadt 24: #include "atomicio.h"
1.1 markus 25:
26: static int argno = 1; /* Number of argument currently being parsed */
27:
28: int family = AF_UNSPEC; /* IPv4, IPv6 or both */
29:
30: #define MAXMAXFD 256
31:
32: /* The number of seconds after which to give up on a TCP connection */
33: int timeout = 5;
34:
35: int maxfd;
1.18 deraadt 36: #define MAXCON (maxfd - 10)
1.1 markus 37:
1.3 markus 38: extern char *__progname;
1.19 millert 39: fd_set *read_wait;
40: size_t read_wait_size;
1.1 markus 41: int ncon;
42:
43: /*
44: * Keep a connection structure for each file descriptor. The state
45: * associated with file descriptor n is held in fdcon[n].
46: */
47: typedef struct Connection {
1.6 markus 48: u_char c_status; /* State of connection on this file desc. */
1.1 markus 49: #define CS_UNUSED 0 /* File descriptor unused */
50: #define CS_CON 1 /* Waiting to connect/read greeting */
51: #define CS_SIZE 2 /* Waiting to read initial packet size */
52: #define CS_KEYS 3 /* Waiting to read public key packet */
53: int c_fd; /* Quick lookup: c->c_fd == c - fdcon */
54: int c_plen; /* Packet length field for ssh packet */
55: int c_len; /* Total bytes which must be read. */
56: int c_off; /* Length of data read so far. */
57: char *c_namebase; /* Address to free for c_name and c_namelist */
58: char *c_name; /* Hostname of connection for errors */
59: char *c_namelist; /* Pointer to other possible addresses */
60: char *c_output_name; /* Hostname of connection for output */
61: char *c_data; /* Data read from this fd */
62: struct timeval c_tv; /* Time at which connection gets aborted */
63: TAILQ_ENTRY(Connection) c_link; /* List of connections in timeout order. */
64: } con;
65:
66: TAILQ_HEAD(conlist, Connection) tq; /* Timeout Queue */
67: con *fdcon;
68:
69: /*
70: * This is just a wrapper around fgets() to make it usable.
71: */
72:
73: /* Stress-test. Increase this later. */
74: #define LINEBUF_SIZE 16
75:
76: typedef struct {
77: char *buf;
1.6 markus 78: u_int size;
1.1 markus 79: int lineno;
80: const char *filename;
81: FILE *stream;
82: void (*errfun) (const char *,...);
83: } Linebuf;
84:
1.20 deraadt 85: Linebuf *
1.1 markus 86: Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
87: {
88: Linebuf *lb;
89:
90: if (!(lb = malloc(sizeof(*lb)))) {
91: if (errfun)
92: (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
93: return (NULL);
94: }
95: if (filename) {
96: lb->filename = filename;
97: if (!(lb->stream = fopen(filename, "r"))) {
1.9 markus 98: xfree(lb);
1.1 markus 99: if (errfun)
100: (*errfun) ("%s: %s\n", filename, strerror(errno));
101: return (NULL);
102: }
103: } else {
104: lb->filename = "(stdin)";
105: lb->stream = stdin;
106: }
107:
108: if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) {
109: if (errfun)
110: (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
1.9 markus 111: xfree(lb);
1.1 markus 112: return (NULL);
113: }
114: lb->errfun = errfun;
115: lb->lineno = 0;
116: return (lb);
117: }
118:
1.20 deraadt 119: void
1.1 markus 120: Linebuf_free(Linebuf * lb)
121: {
122: fclose(lb->stream);
1.9 markus 123: xfree(lb->buf);
124: xfree(lb);
1.1 markus 125: }
126:
1.20 deraadt 127: void
1.1 markus 128: Linebuf_restart(Linebuf * lb)
129: {
130: clearerr(lb->stream);
131: rewind(lb->stream);
132: lb->lineno = 0;
133: }
134:
1.20 deraadt 135: int
1.1 markus 136: Linebuf_lineno(Linebuf * lb)
137: {
138: return (lb->lineno);
139: }
140:
1.20 deraadt 141: char *
1.14 markus 142: Linebuf_getline(Linebuf * lb)
1.1 markus 143: {
144: int n = 0;
145:
146: lb->lineno++;
147: for (;;) {
148: /* Read a line */
149: if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) {
150: if (ferror(lb->stream) && lb->errfun)
1.17 deraadt 151: (*lb->errfun) ("%s: %s\n", lb->filename,
152: strerror(errno));
1.1 markus 153: return (NULL);
154: }
155: n = strlen(lb->buf);
156:
157: /* Return it or an error if it fits */
158: if (n > 0 && lb->buf[n - 1] == '\n') {
159: lb->buf[n - 1] = '\0';
160: return (lb->buf);
161: }
162: if (n != lb->size - 1) {
163: if (lb->errfun)
1.17 deraadt 164: (*lb->errfun) ("%s: skipping incomplete last line\n",
165: lb->filename);
1.1 markus 166: return (NULL);
167: }
168: /* Double the buffer if we need more space */
169: if (!(lb->buf = realloc(lb->buf, (lb->size *= 2)))) {
170: if (lb->errfun)
1.17 deraadt 171: (*lb->errfun) ("linebuf (%s): realloc failed\n",
172: lb->filename);
1.1 markus 173: return (NULL);
174: }
175: }
176: }
177:
1.20 deraadt 178: int
1.1 markus 179: fdlim_get(int hard)
180: {
181: struct rlimit rlfd;
1.17 deraadt 182:
1.1 markus 183: if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
184: return (-1);
185: if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
186: return 10000;
187: else
188: return hard ? rlfd.rlim_max : rlfd.rlim_cur;
189: }
190:
1.20 deraadt 191: int
1.1 markus 192: fdlim_set(int lim)
193: {
194: struct rlimit rlfd;
195: if (lim <= 0)
196: return (-1);
197: if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
198: return (-1);
199: rlfd.rlim_cur = lim;
200: if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0)
201: return (-1);
202: return (0);
203: }
204:
205: /*
206: * This is an strsep function that returns a null field for adjacent
207: * separators. This is the same as the 4.4BSD strsep, but different from the
208: * one in the GNU libc.
209: */
1.20 deraadt 210: char *
1.1 markus 211: xstrsep(char **str, const char *delim)
212: {
213: char *s, *e;
214:
215: if (!**str)
216: return (NULL);
217:
218: s = *str;
219: e = s + strcspn(s, delim);
220:
221: if (*e != '\0')
222: *e++ = '\0';
223: *str = e;
224:
225: return (s);
226: }
227:
228: /*
229: * Get the next non-null token (like GNU strsep). Strsep() will return a
230: * null token for two adjacent separators, so we may have to loop.
231: */
232: char *
233: strnnsep(char **stringp, char *delim)
234: {
235: char *tok;
236:
237: do {
238: tok = xstrsep(stringp, delim);
239: } while (tok && *tok == '\0');
240: return (tok);
241: }
242:
243: void
244: keyprint(char *host, char *output_name, char *kd, int len)
245: {
246: static Key *rsa;
247: static Buffer msg;
248:
249: if (rsa == NULL) {
250: buffer_init(&msg);
251: rsa = key_new(KEY_RSA1);
252: }
253: buffer_append(&msg, kd, len);
254: buffer_consume(&msg, 8 - (len & 7)); /* padding */
255: if (buffer_get_char(&msg) != (int) SSH_SMSG_PUBLIC_KEY) {
256: error("%s: invalid packet type", host);
257: buffer_clear(&msg);
258: return;
259: }
260: buffer_consume(&msg, 8); /* cookie */
261:
262: /* server key */
263: (void) buffer_get_int(&msg);
264: buffer_get_bignum(&msg, rsa->rsa->e);
265: buffer_get_bignum(&msg, rsa->rsa->n);
266:
267: /* host key */
268: (void) buffer_get_int(&msg);
269: buffer_get_bignum(&msg, rsa->rsa->e);
270: buffer_get_bignum(&msg, rsa->rsa->n);
271: buffer_clear(&msg);
272:
273: fprintf(stdout, "%s ", output_name ? output_name : host);
274: key_write(rsa, stdout);
275: fputs("\n", stdout);
276: }
277:
278: int
279: tcpconnect(char *host)
280: {
281: struct addrinfo hints, *ai, *aitop;
282: char strport[NI_MAXSERV];
283: int gaierr, s = -1;
284:
1.8 markus 285: snprintf(strport, sizeof strport, "%d", SSH_DEFAULT_PORT);
1.1 markus 286: memset(&hints, 0, sizeof(hints));
287: hints.ai_family = family;
288: hints.ai_socktype = SOCK_STREAM;
289: if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
290: fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
291: for (ai = aitop; ai; ai = ai->ai_next) {
292: s = socket(ai->ai_family, SOCK_STREAM, 0);
293: if (s < 0) {
294: error("socket: %s", strerror(errno));
295: continue;
296: }
1.7 markus 297: if (fcntl(s, F_SETFL, O_NONBLOCK) < 0)
1.1 markus 298: fatal("F_SETFL: %s", strerror(errno));
299: if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 &&
300: errno != EINPROGRESS)
301: error("connect (`%s'): %s", host, strerror(errno));
302: else
303: break;
304: close(s);
305: s = -1;
306: }
307: freeaddrinfo(aitop);
308: return s;
309: }
310:
311: int
312: conalloc(char *iname, char *oname)
313: {
314: int s;
315: char *namebase, *name, *namelist;
316:
317: namebase = namelist = xstrdup(iname);
318:
319: do {
320: name = xstrsep(&namelist, ",");
321: if (!name) {
1.9 markus 322: xfree(namebase);
1.1 markus 323: return (-1);
324: }
325: } while ((s = tcpconnect(name)) < 0);
326:
327: if (s >= maxfd)
1.4 markus 328: fatal("conalloc: fdno %d too high", s);
1.1 markus 329: if (fdcon[s].c_status)
1.4 markus 330: fatal("conalloc: attempt to reuse fdno %d", s);
1.1 markus 331:
332: fdcon[s].c_fd = s;
333: fdcon[s].c_status = CS_CON;
334: fdcon[s].c_namebase = namebase;
335: fdcon[s].c_name = name;
336: fdcon[s].c_namelist = namelist;
337: fdcon[s].c_output_name = xstrdup(oname);
338: fdcon[s].c_data = (char *) &fdcon[s].c_plen;
339: fdcon[s].c_len = 4;
340: fdcon[s].c_off = 0;
341: gettimeofday(&fdcon[s].c_tv, NULL);
342: fdcon[s].c_tv.tv_sec += timeout;
343: TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
1.19 millert 344: FD_SET(s, read_wait);
1.1 markus 345: ncon++;
346: return (s);
347: }
348:
349: void
350: confree(int s)
351: {
352: if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
1.4 markus 353: fatal("confree: attempt to free bad fdno %d", s);
1.18 deraadt 354: close(s);
1.9 markus 355: xfree(fdcon[s].c_namebase);
356: xfree(fdcon[s].c_output_name);
1.1 markus 357: if (fdcon[s].c_status == CS_KEYS)
1.9 markus 358: xfree(fdcon[s].c_data);
1.1 markus 359: fdcon[s].c_status = CS_UNUSED;
360: TAILQ_REMOVE(&tq, &fdcon[s], c_link);
1.19 millert 361: FD_CLR(s, read_wait);
1.1 markus 362: ncon--;
363: }
364:
365: void
366: contouch(int s)
367: {
368: TAILQ_REMOVE(&tq, &fdcon[s], c_link);
369: gettimeofday(&fdcon[s].c_tv, NULL);
370: fdcon[s].c_tv.tv_sec += timeout;
371: TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
372: }
373:
374: int
375: conrecycle(int s)
376: {
377: int ret;
378: con *c = &fdcon[s];
379: char *iname, *oname;
380:
381: iname = xstrdup(c->c_namelist);
1.9 markus 382: oname = xstrdup(c->c_output_name);
1.1 markus 383: confree(s);
384: ret = conalloc(iname, oname);
1.9 markus 385: xfree(iname);
386: xfree(oname);
1.1 markus 387: return (ret);
388: }
389:
390: void
391: congreet(int s)
392: {
1.21 millert 393: char buf[80], *cp;
394: size_t bufsiz;
1.22 deraadt 395: int n = 0;
1.1 markus 396: con *c = &fdcon[s];
397:
1.21 millert 398: bufsiz = sizeof(buf);
399: cp = buf;
400: while (bufsiz-- && (n = read(s, cp, 1)) == 1 && *cp != '\n' && *cp != '\r')
401: cp++;
1.1 markus 402: if (n < 0) {
403: if (errno != ECONNREFUSED)
404: error("read (%s): %s", c->c_name, strerror(errno));
405: conrecycle(s);
406: return;
407: }
1.21 millert 408: if (*cp != '\n' && *cp != '\r') {
1.1 markus 409: error("%s: bad greeting", c->c_name);
410: confree(s);
411: return;
412: }
1.21 millert 413: *cp = '\0';
1.1 markus 414: fprintf(stderr, "# %s %s\n", c->c_name, buf);
415: n = snprintf(buf, sizeof buf, "SSH-1.5-OpenSSH-keyscan\r\n");
1.18 deraadt 416: if (atomicio(write, s, buf, n) != n) {
1.1 markus 417: error("write (%s): %s", c->c_name, strerror(errno));
418: confree(s);
419: return;
420: }
421: c->c_status = CS_SIZE;
422: contouch(s);
423: }
424:
425: void
426: conread(int s)
427: {
428: int n;
429: con *c = &fdcon[s];
430:
431: if (c->c_status == CS_CON) {
432: congreet(s);
433: return;
434: }
435: n = read(s, c->c_data + c->c_off, c->c_len - c->c_off);
436: if (n < 0) {
437: error("read (%s): %s", c->c_name, strerror(errno));
438: confree(s);
439: return;
440: }
441: c->c_off += n;
442:
443: if (c->c_off == c->c_len)
444: switch (c->c_status) {
445: case CS_SIZE:
446: c->c_plen = htonl(c->c_plen);
447: c->c_len = c->c_plen + 8 - (c->c_plen & 7);
448: c->c_off = 0;
449: c->c_data = xmalloc(c->c_len);
450: c->c_status = CS_KEYS;
451: break;
452: case CS_KEYS:
453: keyprint(c->c_name, c->c_output_name, c->c_data, c->c_plen);
454: confree(s);
455: return;
456: break;
457: default:
1.4 markus 458: fatal("conread: invalid status %d", c->c_status);
1.1 markus 459: break;
460: }
461:
462: contouch(s);
463: }
464:
465: void
466: conloop(void)
467: {
1.19 millert 468: fd_set *r, *e;
1.1 markus 469: struct timeval seltime, now;
470: int i;
471: con *c;
472:
473: gettimeofday(&now, NULL);
474: c = tq.tqh_first;
475:
1.18 deraadt 476: if (c && (c->c_tv.tv_sec > now.tv_sec ||
477: (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec > now.tv_usec))) {
1.1 markus 478: seltime = c->c_tv;
479: seltime.tv_sec -= now.tv_sec;
480: seltime.tv_usec -= now.tv_usec;
1.13 itojun 481: if (seltime.tv_usec < 0) {
1.1 markus 482: seltime.tv_usec += 1000000;
483: seltime.tv_sec--;
484: }
485: } else
486: seltime.tv_sec = seltime.tv_usec = 0;
487:
1.19 millert 488: r = xmalloc(read_wait_size);
489: memcpy(r, read_wait, read_wait_size);
490: e = xmalloc(read_wait_size);
491: memcpy(e, read_wait, read_wait_size);
492:
493: while (select(maxfd, r, NULL, e, &seltime) == -1 &&
1.16 deraadt 494: (errno == EAGAIN || errno == EINTR))
495: ;
496:
1.18 deraadt 497: for (i = 0; i < maxfd; i++) {
1.19 millert 498: if (FD_ISSET(i, e)) {
1.1 markus 499: error("%s: exception!", fdcon[i].c_name);
500: confree(i);
1.19 millert 501: } else if (FD_ISSET(i, r))
1.1 markus 502: conread(i);
1.18 deraadt 503: }
1.19 millert 504: xfree(r);
505: xfree(e);
1.1 markus 506:
507: c = tq.tqh_first;
1.18 deraadt 508: while (c && (c->c_tv.tv_sec < now.tv_sec ||
509: (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
1.1 markus 510: int s = c->c_fd;
1.18 deraadt 511:
1.1 markus 512: c = c->c_link.tqe_next;
513: conrecycle(s);
514: }
515: }
516:
517: char *
518: nexthost(int argc, char **argv)
519: {
520: static Linebuf *lb;
521:
522: for (;;) {
523: if (!lb) {
524: if (argno >= argc)
525: return (NULL);
526: if (argv[argno][0] != '-')
527: return (argv[argno++]);
528: if (!strcmp(argv[argno], "--")) {
529: if (++argno >= argc)
530: return (NULL);
531: return (argv[argno++]);
532: } else if (!strncmp(argv[argno], "-f", 2)) {
533: char *fname;
1.18 deraadt 534:
1.1 markus 535: if (argv[argno][2])
536: fname = &argv[argno++][2];
537: else if (++argno >= argc) {
538: error("missing filename for `-f'");
539: return (NULL);
540: } else
541: fname = argv[argno++];
542: if (!strcmp(fname, "-"))
543: fname = NULL;
1.2 markus 544: lb = Linebuf_alloc(fname, error);
1.1 markus 545: } else
1.18 deraadt 546: error("ignoring invalid/misplaced option `%s'",
547: argv[argno++]);
1.1 markus 548: } else {
549: char *line;
1.18 deraadt 550:
1.14 markus 551: line = Linebuf_getline(lb);
1.1 markus 552: if (line)
553: return (line);
554: Linebuf_free(lb);
555: lb = NULL;
556: }
557: }
558: }
559:
1.20 deraadt 560: void
1.1 markus 561: usage(void)
562: {
1.4 markus 563: fatal("usage: %s [-t timeout] { [--] host | -f file } ...", __progname);
1.1 markus 564: return;
565: }
566:
567: int
568: main(int argc, char **argv)
569: {
570: char *host = NULL;
571:
572: TAILQ_INIT(&tq);
573:
574: if (argc <= argno)
575: usage();
576:
577: if (argv[1][0] == '-' && argv[1][1] == 't') {
578: argno++;
579: if (argv[1][2])
580: timeout = atoi(&argv[1][2]);
581: else {
582: if (argno >= argc)
583: usage();
584: timeout = atoi(argv[argno++]);
585: }
586: if (timeout <= 0)
587: usage();
588: }
589: if (argc <= argno)
590: usage();
591:
592: maxfd = fdlim_get(1);
593: if (maxfd < 0)
1.4 markus 594: fatal("%s: fdlim_get: bad value", __progname);
1.1 markus 595: if (maxfd > MAXMAXFD)
596: maxfd = MAXMAXFD;
1.18 deraadt 597: if (MAXCON <= 0)
1.4 markus 598: fatal("%s: not enough file descriptors", __progname);
1.1 markus 599: if (maxfd > fdlim_get(0))
600: fdlim_set(maxfd);
601: fdcon = xmalloc(maxfd * sizeof(con));
1.15 itojun 602: memset(fdcon, 0, maxfd * sizeof(con));
1.19 millert 603:
604: read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
605: read_wait = xmalloc(read_wait_size);
606: memset(read_wait, 0, read_wait_size);
1.1 markus 607:
608: do {
1.18 deraadt 609: while (ncon < MAXCON) {
1.1 markus 610: char *name;
611:
612: host = nexthost(argc, argv);
613: if (host == NULL)
614: break;
615: name = strnnsep(&host, " \t\n");
616: conalloc(name, *host ? host : name);
617: }
618: conloop();
619: } while (host);
620: while (ncon > 0)
621: conloop();
622:
623: return (0);
624: }