Annotation of src/usr.bin/ssh/ssh-keyscan.c, Revision 1.30
1.1 markus 1: /*
2: * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
3: *
4: * Modification and redistribution in source and binary forms is
5: * permitted provided that due credit is given to the author and the
1.23 pvalchev 6: * OpenBSD project by leaving this copyright notice intact.
1.1 markus 7: */
8:
9: #include "includes.h"
1.30 ! markus 10: RCSID("$OpenBSD: ssh-keyscan.c,v 1.29 2001/08/30 22:22:32 markus Exp $");
1.1 markus 11:
12: #include <sys/queue.h>
13: #include <errno.h>
14:
1.5 markus 15: #include <openssl/bn.h>
1.1 markus 16:
1.26 markus 17: #include <setjmp.h>
1.1 markus 18: #include "xmalloc.h"
19: #include "ssh.h"
1.10 markus 20: #include "ssh1.h"
1.1 markus 21: #include "key.h"
1.26 markus 22: #include "kex.h"
23: #include "compat.h"
24: #include "myproposal.h"
25: #include "packet.h"
26: #include "dispatch.h"
1.1 markus 27: #include "buffer.h"
28: #include "bufaux.h"
1.11 markus 29: #include "log.h"
1.18 deraadt 30: #include "atomicio.h"
1.26 markus 31: #include "misc.h"
1.1 markus 32:
1.26 markus 33: /* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
34: Default value is AF_UNSPEC means both IPv4 and IPv6. */
35: int IPv4or6 = AF_UNSPEC;
36:
37: int ssh_port = SSH_DEFAULT_PORT;
1.1 markus 38:
1.26 markus 39: #define KT_RSA1 1
40: #define KT_DSA 2
41: #define KT_RSA 4
42:
43: int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */
1.1 markus 44:
45: #define MAXMAXFD 256
46:
47: /* The number of seconds after which to give up on a TCP connection */
48: int timeout = 5;
49:
50: int maxfd;
1.18 deraadt 51: #define MAXCON (maxfd - 10)
1.1 markus 52:
1.3 markus 53: extern char *__progname;
1.19 millert 54: fd_set *read_wait;
55: size_t read_wait_size;
1.1 markus 56: int ncon;
1.26 markus 57: int nonfatal_fatal = 0;
58: jmp_buf kexjmp;
1.29 markus 59: Key *kexjmp_key;
1.1 markus 60:
61: /*
62: * Keep a connection structure for each file descriptor. The state
63: * associated with file descriptor n is held in fdcon[n].
64: */
65: typedef struct Connection {
1.6 markus 66: u_char c_status; /* State of connection on this file desc. */
1.1 markus 67: #define CS_UNUSED 0 /* File descriptor unused */
68: #define CS_CON 1 /* Waiting to connect/read greeting */
69: #define CS_SIZE 2 /* Waiting to read initial packet size */
70: #define CS_KEYS 3 /* Waiting to read public key packet */
71: int c_fd; /* Quick lookup: c->c_fd == c - fdcon */
72: int c_plen; /* Packet length field for ssh packet */
73: int c_len; /* Total bytes which must be read. */
74: int c_off; /* Length of data read so far. */
1.26 markus 75: int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */
1.1 markus 76: char *c_namebase; /* Address to free for c_name and c_namelist */
77: char *c_name; /* Hostname of connection for errors */
78: char *c_namelist; /* Pointer to other possible addresses */
79: char *c_output_name; /* Hostname of connection for output */
80: char *c_data; /* Data read from this fd */
1.26 markus 81: Kex *c_kex; /* The key-exchange struct for ssh2 */
1.1 markus 82: struct timeval c_tv; /* Time at which connection gets aborted */
83: TAILQ_ENTRY(Connection) c_link; /* List of connections in timeout order. */
84: } con;
85:
86: TAILQ_HEAD(conlist, Connection) tq; /* Timeout Queue */
87: con *fdcon;
88:
89: /*
90: * This is just a wrapper around fgets() to make it usable.
91: */
92:
93: /* Stress-test. Increase this later. */
94: #define LINEBUF_SIZE 16
95:
96: typedef struct {
97: char *buf;
1.6 markus 98: u_int size;
1.1 markus 99: int lineno;
100: const char *filename;
101: FILE *stream;
102: void (*errfun) (const char *,...);
103: } Linebuf;
104:
1.24 itojun 105: static Linebuf *
1.1 markus 106: Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
107: {
108: Linebuf *lb;
109:
110: if (!(lb = malloc(sizeof(*lb)))) {
111: if (errfun)
112: (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
113: return (NULL);
114: }
115: if (filename) {
116: lb->filename = filename;
117: if (!(lb->stream = fopen(filename, "r"))) {
1.9 markus 118: xfree(lb);
1.1 markus 119: if (errfun)
120: (*errfun) ("%s: %s\n", filename, strerror(errno));
121: return (NULL);
122: }
123: } else {
124: lb->filename = "(stdin)";
125: lb->stream = stdin;
126: }
127:
128: if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) {
129: if (errfun)
130: (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
1.9 markus 131: xfree(lb);
1.1 markus 132: return (NULL);
133: }
134: lb->errfun = errfun;
135: lb->lineno = 0;
136: return (lb);
137: }
138:
1.24 itojun 139: static void
1.1 markus 140: Linebuf_free(Linebuf * lb)
141: {
142: fclose(lb->stream);
1.9 markus 143: xfree(lb->buf);
144: xfree(lb);
1.1 markus 145: }
146:
1.24 itojun 147: #if 0
148: static void
1.1 markus 149: Linebuf_restart(Linebuf * lb)
150: {
151: clearerr(lb->stream);
152: rewind(lb->stream);
153: lb->lineno = 0;
154: }
155:
1.24 itojun 156: static int
1.1 markus 157: Linebuf_lineno(Linebuf * lb)
158: {
159: return (lb->lineno);
160: }
1.24 itojun 161: #endif
1.1 markus 162:
1.24 itojun 163: static char *
1.14 markus 164: Linebuf_getline(Linebuf * lb)
1.1 markus 165: {
166: int n = 0;
167:
168: lb->lineno++;
169: for (;;) {
170: /* Read a line */
171: if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) {
172: if (ferror(lb->stream) && lb->errfun)
1.17 deraadt 173: (*lb->errfun) ("%s: %s\n", lb->filename,
174: strerror(errno));
1.1 markus 175: return (NULL);
176: }
177: n = strlen(lb->buf);
178:
179: /* Return it or an error if it fits */
180: if (n > 0 && lb->buf[n - 1] == '\n') {
181: lb->buf[n - 1] = '\0';
182: return (lb->buf);
183: }
184: if (n != lb->size - 1) {
185: if (lb->errfun)
1.17 deraadt 186: (*lb->errfun) ("%s: skipping incomplete last line\n",
187: lb->filename);
1.1 markus 188: return (NULL);
189: }
190: /* Double the buffer if we need more space */
191: if (!(lb->buf = realloc(lb->buf, (lb->size *= 2)))) {
192: if (lb->errfun)
1.17 deraadt 193: (*lb->errfun) ("linebuf (%s): realloc failed\n",
194: lb->filename);
1.1 markus 195: return (NULL);
196: }
197: }
198: }
199:
1.24 itojun 200: static int
1.1 markus 201: fdlim_get(int hard)
202: {
203: struct rlimit rlfd;
1.17 deraadt 204:
1.1 markus 205: if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
206: return (-1);
207: if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
208: return 10000;
209: else
210: return hard ? rlfd.rlim_max : rlfd.rlim_cur;
211: }
212:
1.24 itojun 213: static int
1.1 markus 214: fdlim_set(int lim)
215: {
216: struct rlimit rlfd;
217: if (lim <= 0)
218: return (-1);
219: if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
220: return (-1);
221: rlfd.rlim_cur = lim;
222: if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0)
223: return (-1);
224: return (0);
225: }
226:
227: /*
228: * This is an strsep function that returns a null field for adjacent
229: * separators. This is the same as the 4.4BSD strsep, but different from the
230: * one in the GNU libc.
231: */
1.24 itojun 232: static char *
1.1 markus 233: xstrsep(char **str, const char *delim)
234: {
235: char *s, *e;
236:
237: if (!**str)
238: return (NULL);
239:
240: s = *str;
241: e = s + strcspn(s, delim);
242:
243: if (*e != '\0')
244: *e++ = '\0';
245: *str = e;
246:
247: return (s);
248: }
249:
250: /*
251: * Get the next non-null token (like GNU strsep). Strsep() will return a
252: * null token for two adjacent separators, so we may have to loop.
253: */
1.24 itojun 254: static char *
1.1 markus 255: strnnsep(char **stringp, char *delim)
256: {
257: char *tok;
258:
259: do {
260: tok = xstrsep(stringp, delim);
261: } while (tok && *tok == '\0');
262: return (tok);
263: }
264:
1.26 markus 265: static Key *
266: keygrab_ssh1(con *c)
1.1 markus 267: {
268: static Key *rsa;
269: static Buffer msg;
270:
271: if (rsa == NULL) {
272: buffer_init(&msg);
273: rsa = key_new(KEY_RSA1);
274: }
1.26 markus 275: buffer_append(&msg, c->c_data, c->c_plen);
276: buffer_consume(&msg, 8 - (c->c_plen & 7)); /* padding */
1.1 markus 277: if (buffer_get_char(&msg) != (int) SSH_SMSG_PUBLIC_KEY) {
1.26 markus 278: error("%s: invalid packet type", c->c_name);
1.1 markus 279: buffer_clear(&msg);
1.26 markus 280: return NULL;
1.1 markus 281: }
282: buffer_consume(&msg, 8); /* cookie */
283:
284: /* server key */
285: (void) buffer_get_int(&msg);
286: buffer_get_bignum(&msg, rsa->rsa->e);
287: buffer_get_bignum(&msg, rsa->rsa->n);
288:
289: /* host key */
290: (void) buffer_get_int(&msg);
291: buffer_get_bignum(&msg, rsa->rsa->e);
292: buffer_get_bignum(&msg, rsa->rsa->n);
1.26 markus 293:
1.1 markus 294: buffer_clear(&msg);
295:
1.26 markus 296: return (rsa);
297: }
298:
299: static int
300: hostjump(Key *hostkey)
301: {
1.29 markus 302: kexjmp_key = hostkey;
303: longjmp(kexjmp, 1);
1.26 markus 304: }
305:
306: static int
307: ssh2_capable(int remote_major, int remote_minor)
308: {
309: switch (remote_major) {
310: case 1:
311: if (remote_minor == 99)
312: return 1;
313: break;
314: case 2:
315: return 1;
316: default:
317: break;
318: }
319: return 0;
320: }
321:
322: static Key *
323: keygrab_ssh2(con *c)
324: {
325: int j;
326:
327: packet_set_connection(c->c_fd, c->c_fd);
328: enable_compat20();
329: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
330: "ssh-dss": "ssh-rsa";
331: c->c_kex = kex_setup(myproposal);
332: c->c_kex->verify_host_key = hostjump;
333:
334: if (!(j = setjmp(kexjmp))) {
335: nonfatal_fatal = 1;
336: dispatch_run(DISPATCH_BLOCK, &c->c_kex->done, c->c_kex);
337: fprintf(stderr, "Impossible! dispatch_run() returned!\n");
338: exit(1);
339: }
340: nonfatal_fatal = 0;
341: xfree(c->c_kex);
342: c->c_kex = NULL;
343: packet_close();
344:
1.29 markus 345: return j < 0? NULL : kexjmp_key;
1.26 markus 346: }
347:
348: static void
349: keyprint(con *c, Key *key)
350: {
351: if (!key)
352: return;
353:
354: fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name);
355: key_write(key, stdout);
1.1 markus 356: fputs("\n", stdout);
357: }
358:
1.24 itojun 359: static int
1.1 markus 360: tcpconnect(char *host)
361: {
362: struct addrinfo hints, *ai, *aitop;
363: char strport[NI_MAXSERV];
364: int gaierr, s = -1;
365:
1.26 markus 366: snprintf(strport, sizeof strport, "%d", ssh_port);
1.1 markus 367: memset(&hints, 0, sizeof(hints));
1.26 markus 368: hints.ai_family = IPv4or6;
1.1 markus 369: hints.ai_socktype = SOCK_STREAM;
370: if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
371: fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
372: for (ai = aitop; ai; ai = ai->ai_next) {
373: s = socket(ai->ai_family, SOCK_STREAM, 0);
374: if (s < 0) {
375: error("socket: %s", strerror(errno));
376: continue;
377: }
1.7 markus 378: if (fcntl(s, F_SETFL, O_NONBLOCK) < 0)
1.1 markus 379: fatal("F_SETFL: %s", strerror(errno));
380: if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 &&
381: errno != EINPROGRESS)
382: error("connect (`%s'): %s", host, strerror(errno));
383: else
384: break;
385: close(s);
386: s = -1;
387: }
388: freeaddrinfo(aitop);
389: return s;
390: }
391:
1.24 itojun 392: static int
1.26 markus 393: conalloc(char *iname, char *oname, int keytype)
1.1 markus 394: {
395: int s;
396: char *namebase, *name, *namelist;
397:
398: namebase = namelist = xstrdup(iname);
399:
400: do {
401: name = xstrsep(&namelist, ",");
402: if (!name) {
1.9 markus 403: xfree(namebase);
1.1 markus 404: return (-1);
405: }
406: } while ((s = tcpconnect(name)) < 0);
407:
408: if (s >= maxfd)
1.4 markus 409: fatal("conalloc: fdno %d too high", s);
1.1 markus 410: if (fdcon[s].c_status)
1.4 markus 411: fatal("conalloc: attempt to reuse fdno %d", s);
1.1 markus 412:
413: fdcon[s].c_fd = s;
414: fdcon[s].c_status = CS_CON;
415: fdcon[s].c_namebase = namebase;
416: fdcon[s].c_name = name;
417: fdcon[s].c_namelist = namelist;
418: fdcon[s].c_output_name = xstrdup(oname);
419: fdcon[s].c_data = (char *) &fdcon[s].c_plen;
420: fdcon[s].c_len = 4;
421: fdcon[s].c_off = 0;
1.26 markus 422: fdcon[s].c_keytype = keytype;
1.1 markus 423: gettimeofday(&fdcon[s].c_tv, NULL);
424: fdcon[s].c_tv.tv_sec += timeout;
425: TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
1.19 millert 426: FD_SET(s, read_wait);
1.1 markus 427: ncon++;
428: return (s);
429: }
430:
1.24 itojun 431: static void
1.1 markus 432: confree(int s)
433: {
434: if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
1.4 markus 435: fatal("confree: attempt to free bad fdno %d", s);
1.18 deraadt 436: close(s);
1.9 markus 437: xfree(fdcon[s].c_namebase);
438: xfree(fdcon[s].c_output_name);
1.1 markus 439: if (fdcon[s].c_status == CS_KEYS)
1.9 markus 440: xfree(fdcon[s].c_data);
1.1 markus 441: fdcon[s].c_status = CS_UNUSED;
1.26 markus 442: fdcon[s].c_keytype = 0;
1.1 markus 443: TAILQ_REMOVE(&tq, &fdcon[s], c_link);
1.19 millert 444: FD_CLR(s, read_wait);
1.1 markus 445: ncon--;
446: }
447:
1.24 itojun 448: static void
1.1 markus 449: contouch(int s)
450: {
451: TAILQ_REMOVE(&tq, &fdcon[s], c_link);
452: gettimeofday(&fdcon[s].c_tv, NULL);
453: fdcon[s].c_tv.tv_sec += timeout;
454: TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
455: }
456:
1.24 itojun 457: static int
1.1 markus 458: conrecycle(int s)
459: {
460: int ret;
461: con *c = &fdcon[s];
462:
1.26 markus 463: ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype);
1.1 markus 464: confree(s);
465: return (ret);
466: }
467:
1.24 itojun 468: static void
1.1 markus 469: congreet(int s)
470: {
1.26 markus 471: char buf[256], *cp;
1.21 millert 472: size_t bufsiz;
1.22 deraadt 473: int n = 0;
1.1 markus 474: con *c = &fdcon[s];
475:
1.21 millert 476: bufsiz = sizeof(buf);
477: cp = buf;
1.27 markus 478: while (bufsiz-- && (n = read(s, cp, 1)) == 1 && *cp != '\n') {
479: if (*cp == '\r')
480: *cp = '\n';
1.21 millert 481: cp++;
1.27 markus 482: }
1.1 markus 483: if (n < 0) {
484: if (errno != ECONNREFUSED)
485: error("read (%s): %s", c->c_name, strerror(errno));
486: conrecycle(s);
487: return;
488: }
1.21 millert 489: if (*cp != '\n' && *cp != '\r') {
1.1 markus 490: error("%s: bad greeting", c->c_name);
491: confree(s);
492: return;
493: }
1.21 millert 494: *cp = '\0';
1.26 markus 495: if (c->c_keytype != KT_RSA1) {
496: int remote_major, remote_minor;
497: char remote_version[sizeof buf];
498:
499: if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
500: &remote_major, &remote_minor, remote_version) == 3)
501: compat_datafellows(remote_version);
502: else
503: datafellows = 0;
504: if (!ssh2_capable(remote_major, remote_minor)) {
505: debug("%s doesn't support ssh2", c->c_name);
506: confree(s);
507: return;
508: }
509: }
1.27 markus 510: fprintf(stderr, "# %s %s\n", c->c_name, chop(buf));
1.26 markus 511: n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
512: c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
513: c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
1.18 deraadt 514: if (atomicio(write, s, buf, n) != n) {
1.1 markus 515: error("write (%s): %s", c->c_name, strerror(errno));
516: confree(s);
517: return;
518: }
1.26 markus 519: if (c->c_keytype != KT_RSA1) {
520: keyprint(c, keygrab_ssh2(c));
521: confree(s);
522: return;
523: }
1.1 markus 524: c->c_status = CS_SIZE;
525: contouch(s);
526: }
527:
1.24 itojun 528: static void
1.1 markus 529: conread(int s)
530: {
531: int n;
532: con *c = &fdcon[s];
533:
534: if (c->c_status == CS_CON) {
535: congreet(s);
536: return;
537: }
538: n = read(s, c->c_data + c->c_off, c->c_len - c->c_off);
539: if (n < 0) {
540: error("read (%s): %s", c->c_name, strerror(errno));
541: confree(s);
542: return;
543: }
544: c->c_off += n;
545:
546: if (c->c_off == c->c_len)
547: switch (c->c_status) {
548: case CS_SIZE:
549: c->c_plen = htonl(c->c_plen);
550: c->c_len = c->c_plen + 8 - (c->c_plen & 7);
551: c->c_off = 0;
552: c->c_data = xmalloc(c->c_len);
553: c->c_status = CS_KEYS;
554: break;
555: case CS_KEYS:
1.26 markus 556: keyprint(c, keygrab_ssh1(c));
1.1 markus 557: confree(s);
558: return;
559: break;
560: default:
1.4 markus 561: fatal("conread: invalid status %d", c->c_status);
1.1 markus 562: break;
563: }
564:
565: contouch(s);
566: }
567:
1.24 itojun 568: static void
1.1 markus 569: conloop(void)
570: {
1.19 millert 571: fd_set *r, *e;
1.1 markus 572: struct timeval seltime, now;
573: int i;
574: con *c;
575:
576: gettimeofday(&now, NULL);
577: c = tq.tqh_first;
578:
1.18 deraadt 579: if (c && (c->c_tv.tv_sec > now.tv_sec ||
580: (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec > now.tv_usec))) {
1.1 markus 581: seltime = c->c_tv;
582: seltime.tv_sec -= now.tv_sec;
583: seltime.tv_usec -= now.tv_usec;
1.13 itojun 584: if (seltime.tv_usec < 0) {
1.1 markus 585: seltime.tv_usec += 1000000;
586: seltime.tv_sec--;
587: }
588: } else
589: seltime.tv_sec = seltime.tv_usec = 0;
590:
1.19 millert 591: r = xmalloc(read_wait_size);
592: memcpy(r, read_wait, read_wait_size);
593: e = xmalloc(read_wait_size);
594: memcpy(e, read_wait, read_wait_size);
595:
596: while (select(maxfd, r, NULL, e, &seltime) == -1 &&
1.16 deraadt 597: (errno == EAGAIN || errno == EINTR))
598: ;
599:
1.18 deraadt 600: for (i = 0; i < maxfd; i++) {
1.19 millert 601: if (FD_ISSET(i, e)) {
1.1 markus 602: error("%s: exception!", fdcon[i].c_name);
603: confree(i);
1.19 millert 604: } else if (FD_ISSET(i, r))
1.1 markus 605: conread(i);
1.18 deraadt 606: }
1.19 millert 607: xfree(r);
608: xfree(e);
1.1 markus 609:
610: c = tq.tqh_first;
1.18 deraadt 611: while (c && (c->c_tv.tv_sec < now.tv_sec ||
612: (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
1.1 markus 613: int s = c->c_fd;
1.18 deraadt 614:
1.1 markus 615: c = c->c_link.tqe_next;
616: conrecycle(s);
617: }
618: }
619:
1.26 markus 620: static void
621: do_host(char *host)
1.1 markus 622: {
1.26 markus 623: char *name = strnnsep(&host, " \t\n");
624: int j;
1.1 markus 625:
1.26 markus 626: for (j = KT_RSA1; j <= KT_RSA; j *= 2) {
627: if (get_keytypes & j) {
628: while (ncon >= MAXCON)
629: conloop();
630: conalloc(name, *host ? host : name, j);
1.1 markus 631: }
632: }
633: }
634:
1.24 itojun 635: static void
1.26 markus 636: fatal_callback(void *arg)
637: {
638: if (nonfatal_fatal)
639: longjmp(kexjmp, -1);
640: }
641:
642: static void
1.1 markus 643: usage(void)
644: {
1.26 markus 645: fprintf(stderr, "Usage: %s [options] host ...\n",
1.25 jakob 646: __progname);
647: fprintf(stderr, "Options:\n");
648: fprintf(stderr, " -f file Read hosts or addresses from file.\n");
1.26 markus 649: fprintf(stderr, " -p port Connect to the specified port.\n");
650: fprintf(stderr, " -t keytype Specify the host key type.\n");
651: fprintf(stderr, " -T timeout Set connection timeout.\n");
652: fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
653: fprintf(stderr, " -4 Use IPv4 only.\n");
654: fprintf(stderr, " -6 Use IPv6 only.\n");
1.25 jakob 655: exit(1);
1.1 markus 656: }
657:
658: int
659: main(int argc, char **argv)
660: {
1.26 markus 661: int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO;
662: int opt, fopt_count = 0;
663: char *tname;
664:
665: extern int optind;
666: extern char *optarg;
1.1 markus 667:
668: TAILQ_INIT(&tq);
669:
1.26 markus 670: if (argc <= 1)
1.1 markus 671: usage();
672:
1.26 markus 673: while ((opt = getopt(argc, argv, "v46p:T:t:f:")) != -1) {
674: switch (opt) {
675: case 'p':
676: ssh_port = a2port(optarg);
677: if (ssh_port == 0) {
678: fprintf(stderr, "Bad port '%s'\n", optarg);
679: exit(1);
680: }
681: break;
682: case 'T':
683: timeout = atoi(optarg);
684: if (timeout <= 0)
1.1 markus 685: usage();
1.26 markus 686: break;
687: case 'v':
688: if (!debug_flag) {
689: debug_flag = 1;
690: log_level = SYSLOG_LEVEL_DEBUG1;
691: }
692: else if (log_level < SYSLOG_LEVEL_DEBUG3)
693: log_level++;
694: else
695: fatal("Too high debugging level.");
696: break;
697: case 'f':
698: if (strcmp(optarg, "-") == 0)
699: optarg = NULL;
700: argv[fopt_count++] = optarg;
701: break;
702: case 't':
703: get_keytypes = 0;
704: tname = strtok(optarg, ",");
705: while (tname) {
706: int type = key_type_from_name(tname);
707: switch (type) {
708: case KEY_RSA1:
709: get_keytypes |= KT_RSA1;
710: break;
711: case KEY_DSA:
712: get_keytypes |= KT_DSA;
713: break;
714: case KEY_RSA:
715: get_keytypes |= KT_RSA;
716: break;
717: case KEY_UNSPEC:
718: fatal("unknown key type %s\n", tname);
719: }
720: tname = strtok(NULL, ",");
721: }
722: break;
723: case '4':
724: IPv4or6 = AF_INET;
725: break;
726: case '6':
727: IPv4or6 = AF_INET6;
728: break;
729: case '?':
730: default:
731: usage();
1.1 markus 732: }
733: }
1.26 markus 734: if (optind == argc && !fopt_count)
1.1 markus 735: usage();
736:
1.26 markus 737: log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1);
738: fatal_add_cleanup(fatal_callback, NULL);
739:
1.1 markus 740: maxfd = fdlim_get(1);
741: if (maxfd < 0)
1.4 markus 742: fatal("%s: fdlim_get: bad value", __progname);
1.1 markus 743: if (maxfd > MAXMAXFD)
744: maxfd = MAXMAXFD;
1.18 deraadt 745: if (MAXCON <= 0)
1.4 markus 746: fatal("%s: not enough file descriptors", __progname);
1.1 markus 747: if (maxfd > fdlim_get(0))
748: fdlim_set(maxfd);
749: fdcon = xmalloc(maxfd * sizeof(con));
1.15 itojun 750: memset(fdcon, 0, maxfd * sizeof(con));
1.19 millert 751:
752: read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
753: read_wait = xmalloc(read_wait_size);
754: memset(read_wait, 0, read_wait_size);
1.1 markus 755:
1.26 markus 756: if (fopt_count) {
757: Linebuf *lb;
758: char *line;
759: int j;
760:
761: for (j = 0; j < fopt_count; j++) {
762: lb = Linebuf_alloc(argv[j], error);
1.28 danh 763: if (!lb)
764: continue;
1.26 markus 765: while ((line = Linebuf_getline(lb)) != NULL)
766: do_host(line);
767: Linebuf_free(lb);
768: }
769: }
770:
771: while (optind < argc)
772: do_host(argv[optind++]);
1.1 markus 773:
774: while (ncon > 0)
775: conloop();
776:
777: return (0);
778: }