Annotation of src/usr.bin/ssh/ssh-keyscan.c, Revision 1.34
1.1 markus 1: /*
2: * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
3: *
4: * Modification and redistribution in source and binary forms is
5: * permitted provided that due credit is given to the author and the
1.23 pvalchev 6: * OpenBSD project by leaving this copyright notice intact.
1.1 markus 7: */
8:
9: #include "includes.h"
1.34 ! markus 10: RCSID("$OpenBSD: ssh-keyscan.c,v 1.33 2001/12/10 20:34:31 markus Exp $");
1.1 markus 11:
12: #include <sys/queue.h>
13: #include <errno.h>
14:
1.5 markus 15: #include <openssl/bn.h>
1.1 markus 16:
1.26 markus 17: #include <setjmp.h>
1.1 markus 18: #include "xmalloc.h"
19: #include "ssh.h"
1.10 markus 20: #include "ssh1.h"
1.1 markus 21: #include "key.h"
1.26 markus 22: #include "kex.h"
23: #include "compat.h"
24: #include "myproposal.h"
25: #include "packet.h"
26: #include "dispatch.h"
1.1 markus 27: #include "buffer.h"
28: #include "bufaux.h"
1.11 markus 29: #include "log.h"
1.18 deraadt 30: #include "atomicio.h"
1.26 markus 31: #include "misc.h"
1.1 markus 32:
1.26 markus 33: /* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
34: Default value is AF_UNSPEC means both IPv4 and IPv6. */
35: int IPv4or6 = AF_UNSPEC;
36:
37: int ssh_port = SSH_DEFAULT_PORT;
1.1 markus 38:
1.26 markus 39: #define KT_RSA1 1
40: #define KT_DSA 2
41: #define KT_RSA 4
42:
43: int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */
1.1 markus 44:
45: #define MAXMAXFD 256
46:
47: /* The number of seconds after which to give up on a TCP connection */
48: int timeout = 5;
49:
50: int maxfd;
1.18 deraadt 51: #define MAXCON (maxfd - 10)
1.1 markus 52:
1.3 markus 53: extern char *__progname;
1.19 millert 54: fd_set *read_wait;
55: size_t read_wait_size;
1.1 markus 56: int ncon;
1.26 markus 57: int nonfatal_fatal = 0;
58: jmp_buf kexjmp;
1.29 markus 59: Key *kexjmp_key;
1.1 markus 60:
61: /*
62: * Keep a connection structure for each file descriptor. The state
63: * associated with file descriptor n is held in fdcon[n].
64: */
65: typedef struct Connection {
1.6 markus 66: u_char c_status; /* State of connection on this file desc. */
1.1 markus 67: #define CS_UNUSED 0 /* File descriptor unused */
68: #define CS_CON 1 /* Waiting to connect/read greeting */
69: #define CS_SIZE 2 /* Waiting to read initial packet size */
70: #define CS_KEYS 3 /* Waiting to read public key packet */
71: int c_fd; /* Quick lookup: c->c_fd == c - fdcon */
72: int c_plen; /* Packet length field for ssh packet */
73: int c_len; /* Total bytes which must be read. */
74: int c_off; /* Length of data read so far. */
1.26 markus 75: int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */
1.1 markus 76: char *c_namebase; /* Address to free for c_name and c_namelist */
77: char *c_name; /* Hostname of connection for errors */
78: char *c_namelist; /* Pointer to other possible addresses */
79: char *c_output_name; /* Hostname of connection for output */
80: char *c_data; /* Data read from this fd */
1.26 markus 81: Kex *c_kex; /* The key-exchange struct for ssh2 */
1.1 markus 82: struct timeval c_tv; /* Time at which connection gets aborted */
83: TAILQ_ENTRY(Connection) c_link; /* List of connections in timeout order. */
84: } con;
85:
86: TAILQ_HEAD(conlist, Connection) tq; /* Timeout Queue */
87: con *fdcon;
88:
89: /*
90: * This is just a wrapper around fgets() to make it usable.
91: */
92:
93: /* Stress-test. Increase this later. */
94: #define LINEBUF_SIZE 16
95:
96: typedef struct {
97: char *buf;
1.6 markus 98: u_int size;
1.1 markus 99: int lineno;
100: const char *filename;
101: FILE *stream;
102: void (*errfun) (const char *,...);
103: } Linebuf;
104:
1.24 itojun 105: static Linebuf *
1.1 markus 106: Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
107: {
108: Linebuf *lb;
109:
110: if (!(lb = malloc(sizeof(*lb)))) {
111: if (errfun)
112: (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
113: return (NULL);
114: }
115: if (filename) {
116: lb->filename = filename;
117: if (!(lb->stream = fopen(filename, "r"))) {
1.9 markus 118: xfree(lb);
1.1 markus 119: if (errfun)
120: (*errfun) ("%s: %s\n", filename, strerror(errno));
121: return (NULL);
122: }
123: } else {
124: lb->filename = "(stdin)";
125: lb->stream = stdin;
126: }
127:
128: if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) {
129: if (errfun)
130: (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
1.9 markus 131: xfree(lb);
1.1 markus 132: return (NULL);
133: }
134: lb->errfun = errfun;
135: lb->lineno = 0;
136: return (lb);
137: }
138:
1.24 itojun 139: static void
1.1 markus 140: Linebuf_free(Linebuf * lb)
141: {
142: fclose(lb->stream);
1.9 markus 143: xfree(lb->buf);
144: xfree(lb);
1.1 markus 145: }
146:
1.24 itojun 147: #if 0
148: static void
1.1 markus 149: Linebuf_restart(Linebuf * lb)
150: {
151: clearerr(lb->stream);
152: rewind(lb->stream);
153: lb->lineno = 0;
154: }
155:
1.24 itojun 156: static int
1.1 markus 157: Linebuf_lineno(Linebuf * lb)
158: {
159: return (lb->lineno);
160: }
1.24 itojun 161: #endif
1.1 markus 162:
1.24 itojun 163: static char *
1.14 markus 164: Linebuf_getline(Linebuf * lb)
1.1 markus 165: {
166: int n = 0;
167:
168: lb->lineno++;
169: for (;;) {
170: /* Read a line */
171: if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) {
172: if (ferror(lb->stream) && lb->errfun)
1.17 deraadt 173: (*lb->errfun) ("%s: %s\n", lb->filename,
174: strerror(errno));
1.1 markus 175: return (NULL);
176: }
177: n = strlen(lb->buf);
178:
179: /* Return it or an error if it fits */
180: if (n > 0 && lb->buf[n - 1] == '\n') {
181: lb->buf[n - 1] = '\0';
182: return (lb->buf);
183: }
184: if (n != lb->size - 1) {
185: if (lb->errfun)
1.17 deraadt 186: (*lb->errfun) ("%s: skipping incomplete last line\n",
187: lb->filename);
1.1 markus 188: return (NULL);
189: }
190: /* Double the buffer if we need more space */
191: if (!(lb->buf = realloc(lb->buf, (lb->size *= 2)))) {
192: if (lb->errfun)
1.17 deraadt 193: (*lb->errfun) ("linebuf (%s): realloc failed\n",
194: lb->filename);
1.1 markus 195: return (NULL);
196: }
197: }
198: }
199:
1.24 itojun 200: static int
1.1 markus 201: fdlim_get(int hard)
202: {
203: struct rlimit rlfd;
1.17 deraadt 204:
1.1 markus 205: if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
206: return (-1);
207: if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
208: return 10000;
209: else
210: return hard ? rlfd.rlim_max : rlfd.rlim_cur;
211: }
212:
1.24 itojun 213: static int
1.1 markus 214: fdlim_set(int lim)
215: {
216: struct rlimit rlfd;
217: if (lim <= 0)
218: return (-1);
219: if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
220: return (-1);
221: rlfd.rlim_cur = lim;
222: if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0)
223: return (-1);
224: return (0);
225: }
226:
227: /*
228: * This is an strsep function that returns a null field for adjacent
229: * separators. This is the same as the 4.4BSD strsep, but different from the
230: * one in the GNU libc.
231: */
1.24 itojun 232: static char *
1.1 markus 233: xstrsep(char **str, const char *delim)
234: {
235: char *s, *e;
236:
237: if (!**str)
238: return (NULL);
239:
240: s = *str;
241: e = s + strcspn(s, delim);
242:
243: if (*e != '\0')
244: *e++ = '\0';
245: *str = e;
246:
247: return (s);
248: }
249:
250: /*
251: * Get the next non-null token (like GNU strsep). Strsep() will return a
252: * null token for two adjacent separators, so we may have to loop.
253: */
1.24 itojun 254: static char *
1.1 markus 255: strnnsep(char **stringp, char *delim)
256: {
257: char *tok;
258:
259: do {
260: tok = xstrsep(stringp, delim);
261: } while (tok && *tok == '\0');
262: return (tok);
263: }
264:
1.26 markus 265: static Key *
266: keygrab_ssh1(con *c)
1.1 markus 267: {
268: static Key *rsa;
269: static Buffer msg;
270:
271: if (rsa == NULL) {
272: buffer_init(&msg);
273: rsa = key_new(KEY_RSA1);
274: }
1.26 markus 275: buffer_append(&msg, c->c_data, c->c_plen);
276: buffer_consume(&msg, 8 - (c->c_plen & 7)); /* padding */
1.1 markus 277: if (buffer_get_char(&msg) != (int) SSH_SMSG_PUBLIC_KEY) {
1.26 markus 278: error("%s: invalid packet type", c->c_name);
1.1 markus 279: buffer_clear(&msg);
1.26 markus 280: return NULL;
1.1 markus 281: }
282: buffer_consume(&msg, 8); /* cookie */
283:
284: /* server key */
285: (void) buffer_get_int(&msg);
286: buffer_get_bignum(&msg, rsa->rsa->e);
287: buffer_get_bignum(&msg, rsa->rsa->n);
288:
289: /* host key */
290: (void) buffer_get_int(&msg);
291: buffer_get_bignum(&msg, rsa->rsa->e);
292: buffer_get_bignum(&msg, rsa->rsa->n);
1.26 markus 293:
1.1 markus 294: buffer_clear(&msg);
295:
1.26 markus 296: return (rsa);
297: }
298:
299: static int
300: hostjump(Key *hostkey)
301: {
1.29 markus 302: kexjmp_key = hostkey;
303: longjmp(kexjmp, 1);
1.26 markus 304: }
305:
306: static int
307: ssh2_capable(int remote_major, int remote_minor)
308: {
309: switch (remote_major) {
310: case 1:
311: if (remote_minor == 99)
312: return 1;
313: break;
314: case 2:
315: return 1;
316: default:
317: break;
318: }
319: return 0;
320: }
321:
322: static Key *
323: keygrab_ssh2(con *c)
324: {
325: int j;
326:
327: packet_set_connection(c->c_fd, c->c_fd);
328: enable_compat20();
329: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
330: "ssh-dss": "ssh-rsa";
331: c->c_kex = kex_setup(myproposal);
332: c->c_kex->verify_host_key = hostjump;
333:
334: if (!(j = setjmp(kexjmp))) {
335: nonfatal_fatal = 1;
336: dispatch_run(DISPATCH_BLOCK, &c->c_kex->done, c->c_kex);
337: fprintf(stderr, "Impossible! dispatch_run() returned!\n");
338: exit(1);
339: }
340: nonfatal_fatal = 0;
341: xfree(c->c_kex);
342: c->c_kex = NULL;
343: packet_close();
344:
1.29 markus 345: return j < 0? NULL : kexjmp_key;
1.26 markus 346: }
347:
348: static void
349: keyprint(con *c, Key *key)
350: {
351: if (!key)
352: return;
353:
354: fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name);
355: key_write(key, stdout);
1.1 markus 356: fputs("\n", stdout);
357: }
358:
1.24 itojun 359: static int
1.1 markus 360: tcpconnect(char *host)
361: {
362: struct addrinfo hints, *ai, *aitop;
363: char strport[NI_MAXSERV];
364: int gaierr, s = -1;
365:
1.26 markus 366: snprintf(strport, sizeof strport, "%d", ssh_port);
1.1 markus 367: memset(&hints, 0, sizeof(hints));
1.26 markus 368: hints.ai_family = IPv4or6;
1.1 markus 369: hints.ai_socktype = SOCK_STREAM;
370: if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
371: fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
372: for (ai = aitop; ai; ai = ai->ai_next) {
373: s = socket(ai->ai_family, SOCK_STREAM, 0);
374: if (s < 0) {
375: error("socket: %s", strerror(errno));
376: continue;
377: }
1.7 markus 378: if (fcntl(s, F_SETFL, O_NONBLOCK) < 0)
1.1 markus 379: fatal("F_SETFL: %s", strerror(errno));
380: if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 &&
381: errno != EINPROGRESS)
382: error("connect (`%s'): %s", host, strerror(errno));
383: else
384: break;
385: close(s);
386: s = -1;
387: }
388: freeaddrinfo(aitop);
389: return s;
390: }
391:
1.24 itojun 392: static int
1.26 markus 393: conalloc(char *iname, char *oname, int keytype)
1.1 markus 394: {
395: int s;
396: char *namebase, *name, *namelist;
397:
398: namebase = namelist = xstrdup(iname);
399:
400: do {
401: name = xstrsep(&namelist, ",");
402: if (!name) {
1.9 markus 403: xfree(namebase);
1.1 markus 404: return (-1);
405: }
406: } while ((s = tcpconnect(name)) < 0);
407:
408: if (s >= maxfd)
1.4 markus 409: fatal("conalloc: fdno %d too high", s);
1.1 markus 410: if (fdcon[s].c_status)
1.4 markus 411: fatal("conalloc: attempt to reuse fdno %d", s);
1.1 markus 412:
413: fdcon[s].c_fd = s;
414: fdcon[s].c_status = CS_CON;
415: fdcon[s].c_namebase = namebase;
416: fdcon[s].c_name = name;
417: fdcon[s].c_namelist = namelist;
418: fdcon[s].c_output_name = xstrdup(oname);
419: fdcon[s].c_data = (char *) &fdcon[s].c_plen;
420: fdcon[s].c_len = 4;
421: fdcon[s].c_off = 0;
1.26 markus 422: fdcon[s].c_keytype = keytype;
1.1 markus 423: gettimeofday(&fdcon[s].c_tv, NULL);
424: fdcon[s].c_tv.tv_sec += timeout;
425: TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
1.19 millert 426: FD_SET(s, read_wait);
1.1 markus 427: ncon++;
428: return (s);
429: }
430:
1.24 itojun 431: static void
1.1 markus 432: confree(int s)
433: {
434: if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
1.4 markus 435: fatal("confree: attempt to free bad fdno %d", s);
1.18 deraadt 436: close(s);
1.9 markus 437: xfree(fdcon[s].c_namebase);
438: xfree(fdcon[s].c_output_name);
1.1 markus 439: if (fdcon[s].c_status == CS_KEYS)
1.9 markus 440: xfree(fdcon[s].c_data);
1.1 markus 441: fdcon[s].c_status = CS_UNUSED;
1.26 markus 442: fdcon[s].c_keytype = 0;
1.1 markus 443: TAILQ_REMOVE(&tq, &fdcon[s], c_link);
1.19 millert 444: FD_CLR(s, read_wait);
1.1 markus 445: ncon--;
446: }
447:
1.24 itojun 448: static void
1.1 markus 449: contouch(int s)
450: {
451: TAILQ_REMOVE(&tq, &fdcon[s], c_link);
452: gettimeofday(&fdcon[s].c_tv, NULL);
453: fdcon[s].c_tv.tv_sec += timeout;
454: TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
455: }
456:
1.24 itojun 457: static int
1.1 markus 458: conrecycle(int s)
459: {
460: int ret;
461: con *c = &fdcon[s];
462:
1.26 markus 463: ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype);
1.1 markus 464: confree(s);
465: return (ret);
466: }
467:
1.24 itojun 468: static void
1.1 markus 469: congreet(int s)
470: {
1.26 markus 471: char buf[256], *cp;
1.33 markus 472: char remote_version[sizeof buf];
1.21 millert 473: size_t bufsiz;
1.33 markus 474: int remote_major, remote_minor, n = 0;
1.1 markus 475: con *c = &fdcon[s];
476:
1.21 millert 477: bufsiz = sizeof(buf);
478: cp = buf;
1.27 markus 479: while (bufsiz-- && (n = read(s, cp, 1)) == 1 && *cp != '\n') {
480: if (*cp == '\r')
481: *cp = '\n';
1.21 millert 482: cp++;
1.27 markus 483: }
1.1 markus 484: if (n < 0) {
485: if (errno != ECONNREFUSED)
486: error("read (%s): %s", c->c_name, strerror(errno));
487: conrecycle(s);
488: return;
489: }
1.21 millert 490: if (*cp != '\n' && *cp != '\r') {
1.1 markus 491: error("%s: bad greeting", c->c_name);
492: confree(s);
493: return;
494: }
1.21 millert 495: *cp = '\0';
1.33 markus 496: if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
497: &remote_major, &remote_minor, remote_version) == 3)
498: compat_datafellows(remote_version);
499: else
500: datafellows = 0;
1.26 markus 501: if (c->c_keytype != KT_RSA1) {
502: if (!ssh2_capable(remote_major, remote_minor)) {
503: debug("%s doesn't support ssh2", c->c_name);
504: confree(s);
505: return;
506: }
1.33 markus 507: } else if (remote_major != 1) {
508: debug("%s doesn't support ssh1", c->c_name);
509: confree(s);
510: return;
1.26 markus 511: }
1.27 markus 512: fprintf(stderr, "# %s %s\n", c->c_name, chop(buf));
1.26 markus 513: n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
514: c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
515: c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
1.18 deraadt 516: if (atomicio(write, s, buf, n) != n) {
1.1 markus 517: error("write (%s): %s", c->c_name, strerror(errno));
518: confree(s);
519: return;
520: }
1.26 markus 521: if (c->c_keytype != KT_RSA1) {
522: keyprint(c, keygrab_ssh2(c));
523: confree(s);
524: return;
525: }
1.1 markus 526: c->c_status = CS_SIZE;
527: contouch(s);
528: }
529:
1.24 itojun 530: static void
1.1 markus 531: conread(int s)
532: {
533: int n;
534: con *c = &fdcon[s];
535:
536: if (c->c_status == CS_CON) {
537: congreet(s);
538: return;
539: }
540: n = read(s, c->c_data + c->c_off, c->c_len - c->c_off);
541: if (n < 0) {
542: error("read (%s): %s", c->c_name, strerror(errno));
543: confree(s);
544: return;
545: }
546: c->c_off += n;
547:
548: if (c->c_off == c->c_len)
549: switch (c->c_status) {
550: case CS_SIZE:
551: c->c_plen = htonl(c->c_plen);
552: c->c_len = c->c_plen + 8 - (c->c_plen & 7);
553: c->c_off = 0;
554: c->c_data = xmalloc(c->c_len);
555: c->c_status = CS_KEYS;
556: break;
557: case CS_KEYS:
1.26 markus 558: keyprint(c, keygrab_ssh1(c));
1.1 markus 559: confree(s);
560: return;
561: break;
562: default:
1.4 markus 563: fatal("conread: invalid status %d", c->c_status);
1.1 markus 564: break;
565: }
566:
567: contouch(s);
568: }
569:
1.24 itojun 570: static void
1.1 markus 571: conloop(void)
572: {
1.19 millert 573: fd_set *r, *e;
1.1 markus 574: struct timeval seltime, now;
575: int i;
576: con *c;
577:
578: gettimeofday(&now, NULL);
579: c = tq.tqh_first;
580:
1.18 deraadt 581: if (c && (c->c_tv.tv_sec > now.tv_sec ||
582: (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec > now.tv_usec))) {
1.1 markus 583: seltime = c->c_tv;
584: seltime.tv_sec -= now.tv_sec;
585: seltime.tv_usec -= now.tv_usec;
1.13 itojun 586: if (seltime.tv_usec < 0) {
1.1 markus 587: seltime.tv_usec += 1000000;
588: seltime.tv_sec--;
589: }
590: } else
591: seltime.tv_sec = seltime.tv_usec = 0;
592:
1.19 millert 593: r = xmalloc(read_wait_size);
594: memcpy(r, read_wait, read_wait_size);
595: e = xmalloc(read_wait_size);
596: memcpy(e, read_wait, read_wait_size);
597:
598: while (select(maxfd, r, NULL, e, &seltime) == -1 &&
1.16 deraadt 599: (errno == EAGAIN || errno == EINTR))
600: ;
601:
1.18 deraadt 602: for (i = 0; i < maxfd; i++) {
1.19 millert 603: if (FD_ISSET(i, e)) {
1.1 markus 604: error("%s: exception!", fdcon[i].c_name);
605: confree(i);
1.19 millert 606: } else if (FD_ISSET(i, r))
1.1 markus 607: conread(i);
1.18 deraadt 608: }
1.19 millert 609: xfree(r);
610: xfree(e);
1.1 markus 611:
612: c = tq.tqh_first;
1.18 deraadt 613: while (c && (c->c_tv.tv_sec < now.tv_sec ||
614: (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
1.1 markus 615: int s = c->c_fd;
1.18 deraadt 616:
1.1 markus 617: c = c->c_link.tqe_next;
618: conrecycle(s);
619: }
620: }
621:
1.26 markus 622: static void
623: do_host(char *host)
1.1 markus 624: {
1.26 markus 625: char *name = strnnsep(&host, " \t\n");
626: int j;
1.1 markus 627:
1.31 markus 628: if (name == NULL)
629: return;
1.26 markus 630: for (j = KT_RSA1; j <= KT_RSA; j *= 2) {
631: if (get_keytypes & j) {
632: while (ncon >= MAXCON)
633: conloop();
634: conalloc(name, *host ? host : name, j);
1.1 markus 635: }
636: }
637: }
638:
1.34 ! markus 639: void
! 640: fatal(const char *fmt,...)
1.26 markus 641: {
1.34 ! markus 642: va_list args;
! 643: va_start(args, fmt);
! 644: do_log(SYSLOG_LEVEL_FATAL, fmt, args);
! 645: va_end(args);
1.26 markus 646: if (nonfatal_fatal)
647: longjmp(kexjmp, -1);
1.34 ! markus 648: else
! 649: fatal_cleanup();
1.26 markus 650: }
651:
652: static void
1.1 markus 653: usage(void)
654: {
1.26 markus 655: fprintf(stderr, "Usage: %s [options] host ...\n",
1.25 jakob 656: __progname);
657: fprintf(stderr, "Options:\n");
658: fprintf(stderr, " -f file Read hosts or addresses from file.\n");
1.26 markus 659: fprintf(stderr, " -p port Connect to the specified port.\n");
660: fprintf(stderr, " -t keytype Specify the host key type.\n");
661: fprintf(stderr, " -T timeout Set connection timeout.\n");
1.34 ! markus 662: fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
! 663: fprintf(stderr, " -4 Use IPv4 only.\n");
! 664: fprintf(stderr, " -6 Use IPv6 only.\n");
1.25 jakob 665: exit(1);
1.1 markus 666: }
667:
668: int
669: main(int argc, char **argv)
670: {
1.26 markus 671: int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO;
672: int opt, fopt_count = 0;
673: char *tname;
674:
675: extern int optind;
676: extern char *optarg;
1.1 markus 677:
678: TAILQ_INIT(&tq);
679:
1.26 markus 680: if (argc <= 1)
1.1 markus 681: usage();
682:
1.26 markus 683: while ((opt = getopt(argc, argv, "v46p:T:t:f:")) != -1) {
684: switch (opt) {
685: case 'p':
686: ssh_port = a2port(optarg);
687: if (ssh_port == 0) {
688: fprintf(stderr, "Bad port '%s'\n", optarg);
689: exit(1);
690: }
691: break;
692: case 'T':
693: timeout = atoi(optarg);
694: if (timeout <= 0)
1.1 markus 695: usage();
1.26 markus 696: break;
697: case 'v':
698: if (!debug_flag) {
699: debug_flag = 1;
700: log_level = SYSLOG_LEVEL_DEBUG1;
701: }
702: else if (log_level < SYSLOG_LEVEL_DEBUG3)
703: log_level++;
704: else
705: fatal("Too high debugging level.");
706: break;
707: case 'f':
708: if (strcmp(optarg, "-") == 0)
709: optarg = NULL;
710: argv[fopt_count++] = optarg;
711: break;
712: case 't':
713: get_keytypes = 0;
714: tname = strtok(optarg, ",");
715: while (tname) {
716: int type = key_type_from_name(tname);
717: switch (type) {
718: case KEY_RSA1:
719: get_keytypes |= KT_RSA1;
720: break;
721: case KEY_DSA:
722: get_keytypes |= KT_DSA;
723: break;
724: case KEY_RSA:
725: get_keytypes |= KT_RSA;
726: break;
727: case KEY_UNSPEC:
1.32 stevesk 728: fatal("unknown key type %s", tname);
1.26 markus 729: }
730: tname = strtok(NULL, ",");
731: }
732: break;
733: case '4':
734: IPv4or6 = AF_INET;
735: break;
736: case '6':
737: IPv4or6 = AF_INET6;
738: break;
739: case '?':
740: default:
741: usage();
1.1 markus 742: }
743: }
1.26 markus 744: if (optind == argc && !fopt_count)
1.1 markus 745: usage();
746:
1.26 markus 747: log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1);
748:
1.1 markus 749: maxfd = fdlim_get(1);
750: if (maxfd < 0)
1.4 markus 751: fatal("%s: fdlim_get: bad value", __progname);
1.1 markus 752: if (maxfd > MAXMAXFD)
753: maxfd = MAXMAXFD;
1.18 deraadt 754: if (MAXCON <= 0)
1.4 markus 755: fatal("%s: not enough file descriptors", __progname);
1.1 markus 756: if (maxfd > fdlim_get(0))
757: fdlim_set(maxfd);
758: fdcon = xmalloc(maxfd * sizeof(con));
1.15 itojun 759: memset(fdcon, 0, maxfd * sizeof(con));
1.19 millert 760:
761: read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
762: read_wait = xmalloc(read_wait_size);
763: memset(read_wait, 0, read_wait_size);
1.1 markus 764:
1.26 markus 765: if (fopt_count) {
766: Linebuf *lb;
767: char *line;
768: int j;
769:
770: for (j = 0; j < fopt_count; j++) {
771: lb = Linebuf_alloc(argv[j], error);
1.28 danh 772: if (!lb)
773: continue;
1.26 markus 774: while ((line = Linebuf_getline(lb)) != NULL)
775: do_host(line);
776: Linebuf_free(lb);
777: }
778: }
779:
780: while (optind < argc)
781: do_host(argv[optind++]);
1.1 markus 782:
783: while (ncon > 0)
784: conloop();
785:
786: return (0);
787: }