Annotation of src/usr.bin/ssh/ssh-keyscan.c, Revision 1.52.2.2
1.1 markus 1: /*
2: * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
3: *
4: * Modification and redistribution in source and binary forms is
5: * permitted provided that due credit is given to the author and the
1.23 pvalchev 6: * OpenBSD project by leaving this copyright notice intact.
1.1 markus 7: */
8:
9: #include "includes.h"
1.52.2.2! brad 10: RCSID("$OpenBSD: ssh-keyscan.c,v 1.57 2005/10/30 04:01:03 djm Exp $");
1.1 markus 11:
12: #include <sys/queue.h>
13: #include <errno.h>
14:
1.5 markus 15: #include <openssl/bn.h>
1.1 markus 16:
1.26 markus 17: #include <setjmp.h>
1.1 markus 18: #include "xmalloc.h"
19: #include "ssh.h"
1.10 markus 20: #include "ssh1.h"
1.1 markus 21: #include "key.h"
1.26 markus 22: #include "kex.h"
23: #include "compat.h"
24: #include "myproposal.h"
25: #include "packet.h"
26: #include "dispatch.h"
1.1 markus 27: #include "buffer.h"
28: #include "bufaux.h"
1.11 markus 29: #include "log.h"
1.18 deraadt 30: #include "atomicio.h"
1.26 markus 31: #include "misc.h"
1.51 djm 32: #include "hostfile.h"
1.1 markus 33:
1.26 markus 34: /* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
35: Default value is AF_UNSPEC means both IPv4 and IPv6. */
36: int IPv4or6 = AF_UNSPEC;
37:
38: int ssh_port = SSH_DEFAULT_PORT;
1.1 markus 39:
1.26 markus 40: #define KT_RSA1 1
41: #define KT_DSA 2
42: #define KT_RSA 4
43:
44: int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */
1.1 markus 45:
1.51 djm 46: int hash_hosts = 0; /* Hash hostname on output */
47:
1.1 markus 48: #define MAXMAXFD 256
49:
50: /* The number of seconds after which to give up on a TCP connection */
51: int timeout = 5;
52:
53: int maxfd;
1.18 deraadt 54: #define MAXCON (maxfd - 10)
1.1 markus 55:
1.3 markus 56: extern char *__progname;
1.19 millert 57: fd_set *read_wait;
58: size_t read_wait_size;
1.1 markus 59: int ncon;
1.26 markus 60: int nonfatal_fatal = 0;
61: jmp_buf kexjmp;
1.29 markus 62: Key *kexjmp_key;
1.1 markus 63:
64: /*
65: * Keep a connection structure for each file descriptor. The state
66: * associated with file descriptor n is held in fdcon[n].
67: */
68: typedef struct Connection {
1.6 markus 69: u_char c_status; /* State of connection on this file desc. */
1.1 markus 70: #define CS_UNUSED 0 /* File descriptor unused */
71: #define CS_CON 1 /* Waiting to connect/read greeting */
72: #define CS_SIZE 2 /* Waiting to read initial packet size */
73: #define CS_KEYS 3 /* Waiting to read public key packet */
74: int c_fd; /* Quick lookup: c->c_fd == c - fdcon */
75: int c_plen; /* Packet length field for ssh packet */
76: int c_len; /* Total bytes which must be read. */
77: int c_off; /* Length of data read so far. */
1.26 markus 78: int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */
1.1 markus 79: char *c_namebase; /* Address to free for c_name and c_namelist */
80: char *c_name; /* Hostname of connection for errors */
81: char *c_namelist; /* Pointer to other possible addresses */
82: char *c_output_name; /* Hostname of connection for output */
83: char *c_data; /* Data read from this fd */
1.26 markus 84: Kex *c_kex; /* The key-exchange struct for ssh2 */
1.1 markus 85: struct timeval c_tv; /* Time at which connection gets aborted */
86: TAILQ_ENTRY(Connection) c_link; /* List of connections in timeout order. */
87: } con;
88:
89: TAILQ_HEAD(conlist, Connection) tq; /* Timeout Queue */
90: con *fdcon;
91:
92: /*
93: * This is just a wrapper around fgets() to make it usable.
94: */
95:
96: /* Stress-test. Increase this later. */
97: #define LINEBUF_SIZE 16
98:
99: typedef struct {
100: char *buf;
1.6 markus 101: u_int size;
1.1 markus 102: int lineno;
103: const char *filename;
104: FILE *stream;
105: void (*errfun) (const char *,...);
106: } Linebuf;
107:
1.24 itojun 108: static Linebuf *
1.1 markus 109: Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
110: {
111: Linebuf *lb;
112:
113: if (!(lb = malloc(sizeof(*lb)))) {
114: if (errfun)
1.37 markus 115: (*errfun) ("linebuf (%s): malloc failed\n",
116: filename ? filename : "(stdin)");
1.1 markus 117: return (NULL);
118: }
119: if (filename) {
120: lb->filename = filename;
121: if (!(lb->stream = fopen(filename, "r"))) {
1.9 markus 122: xfree(lb);
1.1 markus 123: if (errfun)
124: (*errfun) ("%s: %s\n", filename, strerror(errno));
125: return (NULL);
126: }
127: } else {
128: lb->filename = "(stdin)";
129: lb->stream = stdin;
130: }
131:
132: if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) {
133: if (errfun)
134: (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
1.9 markus 135: xfree(lb);
1.1 markus 136: return (NULL);
137: }
138: lb->errfun = errfun;
139: lb->lineno = 0;
140: return (lb);
141: }
142:
1.24 itojun 143: static void
1.1 markus 144: Linebuf_free(Linebuf * lb)
145: {
146: fclose(lb->stream);
1.9 markus 147: xfree(lb->buf);
148: xfree(lb);
1.1 markus 149: }
150:
1.24 itojun 151: #if 0
152: static void
1.1 markus 153: Linebuf_restart(Linebuf * lb)
154: {
155: clearerr(lb->stream);
156: rewind(lb->stream);
157: lb->lineno = 0;
158: }
159:
1.24 itojun 160: static int
1.1 markus 161: Linebuf_lineno(Linebuf * lb)
162: {
163: return (lb->lineno);
164: }
1.24 itojun 165: #endif
1.1 markus 166:
1.24 itojun 167: static char *
1.14 markus 168: Linebuf_getline(Linebuf * lb)
1.1 markus 169: {
1.52.2.1 brad 170: size_t n = 0;
1.39 deraadt 171: void *p;
1.1 markus 172:
173: lb->lineno++;
174: for (;;) {
175: /* Read a line */
176: if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) {
177: if (ferror(lb->stream) && lb->errfun)
1.39 deraadt 178: (*lb->errfun)("%s: %s\n", lb->filename,
1.17 deraadt 179: strerror(errno));
1.1 markus 180: return (NULL);
181: }
182: n = strlen(lb->buf);
183:
184: /* Return it or an error if it fits */
185: if (n > 0 && lb->buf[n - 1] == '\n') {
186: lb->buf[n - 1] = '\0';
187: return (lb->buf);
188: }
189: if (n != lb->size - 1) {
190: if (lb->errfun)
1.39 deraadt 191: (*lb->errfun)("%s: skipping incomplete last line\n",
1.17 deraadt 192: lb->filename);
1.1 markus 193: return (NULL);
194: }
195: /* Double the buffer if we need more space */
1.39 deraadt 196: lb->size *= 2;
197: if ((p = realloc(lb->buf, lb->size)) == NULL) {
198: lb->size /= 2;
1.1 markus 199: if (lb->errfun)
1.39 deraadt 200: (*lb->errfun)("linebuf (%s): realloc failed\n",
1.17 deraadt 201: lb->filename);
1.1 markus 202: return (NULL);
203: }
1.39 deraadt 204: lb->buf = p;
1.1 markus 205: }
206: }
207:
1.24 itojun 208: static int
1.1 markus 209: fdlim_get(int hard)
210: {
211: struct rlimit rlfd;
1.17 deraadt 212:
1.1 markus 213: if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
214: return (-1);
215: if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
1.46 djm 216: return sysconf(_SC_OPEN_MAX);
1.1 markus 217: else
218: return hard ? rlfd.rlim_max : rlfd.rlim_cur;
219: }
220:
1.24 itojun 221: static int
1.1 markus 222: fdlim_set(int lim)
223: {
224: struct rlimit rlfd;
1.39 deraadt 225:
1.1 markus 226: if (lim <= 0)
227: return (-1);
228: if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
229: return (-1);
230: rlfd.rlim_cur = lim;
231: if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0)
232: return (-1);
233: return (0);
234: }
235:
236: /*
237: * This is an strsep function that returns a null field for adjacent
238: * separators. This is the same as the 4.4BSD strsep, but different from the
239: * one in the GNU libc.
240: */
1.24 itojun 241: static char *
1.1 markus 242: xstrsep(char **str, const char *delim)
243: {
244: char *s, *e;
245:
246: if (!**str)
247: return (NULL);
248:
249: s = *str;
250: e = s + strcspn(s, delim);
251:
252: if (*e != '\0')
253: *e++ = '\0';
254: *str = e;
255:
256: return (s);
257: }
258:
259: /*
260: * Get the next non-null token (like GNU strsep). Strsep() will return a
261: * null token for two adjacent separators, so we may have to loop.
262: */
1.24 itojun 263: static char *
1.1 markus 264: strnnsep(char **stringp, char *delim)
265: {
266: char *tok;
267:
268: do {
269: tok = xstrsep(stringp, delim);
270: } while (tok && *tok == '\0');
271: return (tok);
272: }
273:
1.26 markus 274: static Key *
275: keygrab_ssh1(con *c)
1.1 markus 276: {
277: static Key *rsa;
278: static Buffer msg;
279:
280: if (rsa == NULL) {
281: buffer_init(&msg);
282: rsa = key_new(KEY_RSA1);
283: }
1.26 markus 284: buffer_append(&msg, c->c_data, c->c_plen);
285: buffer_consume(&msg, 8 - (c->c_plen & 7)); /* padding */
1.1 markus 286: if (buffer_get_char(&msg) != (int) SSH_SMSG_PUBLIC_KEY) {
1.26 markus 287: error("%s: invalid packet type", c->c_name);
1.1 markus 288: buffer_clear(&msg);
1.26 markus 289: return NULL;
1.1 markus 290: }
291: buffer_consume(&msg, 8); /* cookie */
292:
293: /* server key */
294: (void) buffer_get_int(&msg);
295: buffer_get_bignum(&msg, rsa->rsa->e);
296: buffer_get_bignum(&msg, rsa->rsa->n);
297:
298: /* host key */
299: (void) buffer_get_int(&msg);
300: buffer_get_bignum(&msg, rsa->rsa->e);
301: buffer_get_bignum(&msg, rsa->rsa->n);
1.26 markus 302:
1.1 markus 303: buffer_clear(&msg);
304:
1.26 markus 305: return (rsa);
306: }
307:
308: static int
309: hostjump(Key *hostkey)
310: {
1.29 markus 311: kexjmp_key = hostkey;
312: longjmp(kexjmp, 1);
1.26 markus 313: }
314:
315: static int
316: ssh2_capable(int remote_major, int remote_minor)
317: {
318: switch (remote_major) {
319: case 1:
320: if (remote_minor == 99)
321: return 1;
322: break;
323: case 2:
324: return 1;
325: default:
326: break;
327: }
328: return 0;
329: }
330:
331: static Key *
332: keygrab_ssh2(con *c)
333: {
334: int j;
335:
336: packet_set_connection(c->c_fd, c->c_fd);
337: enable_compat20();
338: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
339: "ssh-dss": "ssh-rsa";
340: c->c_kex = kex_setup(myproposal);
1.41 markus 341: c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
1.48 djm 342: c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
1.41 markus 343: c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
1.26 markus 344: c->c_kex->verify_host_key = hostjump;
345:
346: if (!(j = setjmp(kexjmp))) {
347: nonfatal_fatal = 1;
348: dispatch_run(DISPATCH_BLOCK, &c->c_kex->done, c->c_kex);
349: fprintf(stderr, "Impossible! dispatch_run() returned!\n");
350: exit(1);
351: }
352: nonfatal_fatal = 0;
353: xfree(c->c_kex);
354: c->c_kex = NULL;
355: packet_close();
356:
1.29 markus 357: return j < 0? NULL : kexjmp_key;
1.26 markus 358: }
359:
360: static void
361: keyprint(con *c, Key *key)
362: {
1.51 djm 363: char *host = c->c_output_name ? c->c_output_name : c->c_name;
364:
1.26 markus 365: if (!key)
366: return;
1.51 djm 367: if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
368: fatal("host_hash failed");
1.26 markus 369:
1.51 djm 370: fprintf(stdout, "%s ", host);
1.26 markus 371: key_write(key, stdout);
1.1 markus 372: fputs("\n", stdout);
373: }
374:
1.24 itojun 375: static int
1.1 markus 376: tcpconnect(char *host)
377: {
378: struct addrinfo hints, *ai, *aitop;
379: char strport[NI_MAXSERV];
380: int gaierr, s = -1;
381:
1.26 markus 382: snprintf(strport, sizeof strport, "%d", ssh_port);
1.1 markus 383: memset(&hints, 0, sizeof(hints));
1.26 markus 384: hints.ai_family = IPv4or6;
1.1 markus 385: hints.ai_socktype = SOCK_STREAM;
386: if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
387: fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
388: for (ai = aitop; ai; ai = ai->ai_next) {
1.42 markus 389: s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1.1 markus 390: if (s < 0) {
391: error("socket: %s", strerror(errno));
392: continue;
393: }
1.49 djm 394: if (set_nonblock(s) == -1)
395: fatal("%s: set_nonblock(%d)", __func__, s);
1.1 markus 396: if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 &&
397: errno != EINPROGRESS)
398: error("connect (`%s'): %s", host, strerror(errno));
399: else
400: break;
401: close(s);
402: s = -1;
403: }
404: freeaddrinfo(aitop);
405: return s;
406: }
407:
1.24 itojun 408: static int
1.26 markus 409: conalloc(char *iname, char *oname, int keytype)
1.1 markus 410: {
1.39 deraadt 411: char *namebase, *name, *namelist;
1.1 markus 412: int s;
413:
414: namebase = namelist = xstrdup(iname);
415:
416: do {
417: name = xstrsep(&namelist, ",");
418: if (!name) {
1.9 markus 419: xfree(namebase);
1.1 markus 420: return (-1);
421: }
422: } while ((s = tcpconnect(name)) < 0);
423:
424: if (s >= maxfd)
1.4 markus 425: fatal("conalloc: fdno %d too high", s);
1.1 markus 426: if (fdcon[s].c_status)
1.4 markus 427: fatal("conalloc: attempt to reuse fdno %d", s);
1.1 markus 428:
429: fdcon[s].c_fd = s;
430: fdcon[s].c_status = CS_CON;
431: fdcon[s].c_namebase = namebase;
432: fdcon[s].c_name = name;
433: fdcon[s].c_namelist = namelist;
434: fdcon[s].c_output_name = xstrdup(oname);
435: fdcon[s].c_data = (char *) &fdcon[s].c_plen;
436: fdcon[s].c_len = 4;
437: fdcon[s].c_off = 0;
1.26 markus 438: fdcon[s].c_keytype = keytype;
1.1 markus 439: gettimeofday(&fdcon[s].c_tv, NULL);
440: fdcon[s].c_tv.tv_sec += timeout;
441: TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
1.19 millert 442: FD_SET(s, read_wait);
1.1 markus 443: ncon++;
444: return (s);
445: }
446:
1.24 itojun 447: static void
1.1 markus 448: confree(int s)
449: {
450: if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
1.4 markus 451: fatal("confree: attempt to free bad fdno %d", s);
1.18 deraadt 452: close(s);
1.9 markus 453: xfree(fdcon[s].c_namebase);
454: xfree(fdcon[s].c_output_name);
1.1 markus 455: if (fdcon[s].c_status == CS_KEYS)
1.9 markus 456: xfree(fdcon[s].c_data);
1.1 markus 457: fdcon[s].c_status = CS_UNUSED;
1.26 markus 458: fdcon[s].c_keytype = 0;
1.1 markus 459: TAILQ_REMOVE(&tq, &fdcon[s], c_link);
1.19 millert 460: FD_CLR(s, read_wait);
1.1 markus 461: ncon--;
462: }
463:
1.24 itojun 464: static void
1.1 markus 465: contouch(int s)
466: {
467: TAILQ_REMOVE(&tq, &fdcon[s], c_link);
468: gettimeofday(&fdcon[s].c_tv, NULL);
469: fdcon[s].c_tv.tv_sec += timeout;
470: TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
471: }
472:
1.24 itojun 473: static int
1.1 markus 474: conrecycle(int s)
475: {
1.39 deraadt 476: con *c = &fdcon[s];
1.1 markus 477: int ret;
478:
1.26 markus 479: ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype);
1.1 markus 480: confree(s);
481: return (ret);
482: }
483:
1.24 itojun 484: static void
1.1 markus 485: congreet(int s)
486: {
1.52.2.1 brad 487: int n = 0, remote_major = 0, remote_minor = 0;
1.26 markus 488: char buf[256], *cp;
1.33 markus 489: char remote_version[sizeof buf];
1.21 millert 490: size_t bufsiz;
1.1 markus 491: con *c = &fdcon[s];
492:
1.52.2.2! brad 493: for (;;) {
! 494: memset(buf, '\0', sizeof(buf));
! 495: bufsiz = sizeof(buf);
! 496: cp = buf;
! 497: while (bufsiz-- &&
! 498: (n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') {
! 499: if (*cp == '\r')
! 500: *cp = '\n';
! 501: cp++;
! 502: }
! 503: if (n != 1 || strncmp(buf, "SSH-", 4) == 0)
! 504: break;
1.27 markus 505: }
1.35 stevesk 506: if (n == 0) {
1.52.2.1 brad 507: switch (errno) {
508: case EPIPE:
509: error("%s: Connection closed by remote host", c->c_name);
510: break;
511: case ECONNREFUSED:
512: break;
513: default:
514: error("read (%s): %s", c->c_name, strerror(errno));
515: break;
516: }
1.1 markus 517: conrecycle(s);
518: return;
519: }
1.21 millert 520: if (*cp != '\n' && *cp != '\r') {
1.1 markus 521: error("%s: bad greeting", c->c_name);
522: confree(s);
523: return;
524: }
1.21 millert 525: *cp = '\0';
1.33 markus 526: if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
527: &remote_major, &remote_minor, remote_version) == 3)
528: compat_datafellows(remote_version);
529: else
530: datafellows = 0;
1.26 markus 531: if (c->c_keytype != KT_RSA1) {
532: if (!ssh2_capable(remote_major, remote_minor)) {
533: debug("%s doesn't support ssh2", c->c_name);
534: confree(s);
535: return;
536: }
1.33 markus 537: } else if (remote_major != 1) {
538: debug("%s doesn't support ssh1", c->c_name);
539: confree(s);
540: return;
1.26 markus 541: }
1.27 markus 542: fprintf(stderr, "# %s %s\n", c->c_name, chop(buf));
1.26 markus 543: n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
544: c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
545: c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
1.52.2.1 brad 546: if (n < 0 || (size_t)n >= sizeof(buf)) {
547: error("snprintf: buffer too small");
548: confree(s);
549: return;
550: }
551: if (atomicio(vwrite, s, buf, n) != (size_t)n) {
1.1 markus 552: error("write (%s): %s", c->c_name, strerror(errno));
553: confree(s);
554: return;
555: }
1.26 markus 556: if (c->c_keytype != KT_RSA1) {
557: keyprint(c, keygrab_ssh2(c));
558: confree(s);
559: return;
560: }
1.1 markus 561: c->c_status = CS_SIZE;
562: contouch(s);
563: }
564:
1.24 itojun 565: static void
1.1 markus 566: conread(int s)
567: {
1.39 deraadt 568: con *c = &fdcon[s];
1.52.2.1 brad 569: size_t n;
1.1 markus 570:
571: if (c->c_status == CS_CON) {
572: congreet(s);
573: return;
574: }
1.50 avsm 575: n = atomicio(read, s, c->c_data + c->c_off, c->c_len - c->c_off);
1.52.2.1 brad 576: if (n == 0) {
1.1 markus 577: error("read (%s): %s", c->c_name, strerror(errno));
578: confree(s);
579: return;
580: }
581: c->c_off += n;
582:
583: if (c->c_off == c->c_len)
584: switch (c->c_status) {
585: case CS_SIZE:
586: c->c_plen = htonl(c->c_plen);
587: c->c_len = c->c_plen + 8 - (c->c_plen & 7);
588: c->c_off = 0;
589: c->c_data = xmalloc(c->c_len);
590: c->c_status = CS_KEYS;
591: break;
592: case CS_KEYS:
1.26 markus 593: keyprint(c, keygrab_ssh1(c));
1.1 markus 594: confree(s);
595: return;
596: break;
597: default:
1.4 markus 598: fatal("conread: invalid status %d", c->c_status);
1.1 markus 599: break;
600: }
601:
602: contouch(s);
603: }
604:
1.24 itojun 605: static void
1.1 markus 606: conloop(void)
607: {
1.39 deraadt 608: struct timeval seltime, now;
1.19 millert 609: fd_set *r, *e;
1.39 deraadt 610: con *c;
1.1 markus 611: int i;
612:
613: gettimeofday(&now, NULL);
1.36 itojun 614: c = TAILQ_FIRST(&tq);
1.1 markus 615:
1.18 deraadt 616: if (c && (c->c_tv.tv_sec > now.tv_sec ||
617: (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec > now.tv_usec))) {
1.1 markus 618: seltime = c->c_tv;
619: seltime.tv_sec -= now.tv_sec;
620: seltime.tv_usec -= now.tv_usec;
1.13 itojun 621: if (seltime.tv_usec < 0) {
1.1 markus 622: seltime.tv_usec += 1000000;
623: seltime.tv_sec--;
624: }
625: } else
626: seltime.tv_sec = seltime.tv_usec = 0;
627:
1.19 millert 628: r = xmalloc(read_wait_size);
629: memcpy(r, read_wait, read_wait_size);
630: e = xmalloc(read_wait_size);
631: memcpy(e, read_wait, read_wait_size);
632:
633: while (select(maxfd, r, NULL, e, &seltime) == -1 &&
1.16 deraadt 634: (errno == EAGAIN || errno == EINTR))
635: ;
636:
1.18 deraadt 637: for (i = 0; i < maxfd; i++) {
1.19 millert 638: if (FD_ISSET(i, e)) {
1.1 markus 639: error("%s: exception!", fdcon[i].c_name);
640: confree(i);
1.19 millert 641: } else if (FD_ISSET(i, r))
1.1 markus 642: conread(i);
1.18 deraadt 643: }
1.19 millert 644: xfree(r);
645: xfree(e);
1.1 markus 646:
1.36 itojun 647: c = TAILQ_FIRST(&tq);
1.18 deraadt 648: while (c && (c->c_tv.tv_sec < now.tv_sec ||
649: (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
1.1 markus 650: int s = c->c_fd;
1.18 deraadt 651:
1.36 itojun 652: c = TAILQ_NEXT(c, c_link);
1.1 markus 653: conrecycle(s);
654: }
655: }
656:
1.26 markus 657: static void
658: do_host(char *host)
1.1 markus 659: {
1.26 markus 660: char *name = strnnsep(&host, " \t\n");
661: int j;
1.1 markus 662:
1.31 markus 663: if (name == NULL)
664: return;
1.26 markus 665: for (j = KT_RSA1; j <= KT_RSA; j *= 2) {
666: if (get_keytypes & j) {
667: while (ncon >= MAXCON)
668: conloop();
669: conalloc(name, *host ? host : name, j);
1.1 markus 670: }
671: }
672: }
673:
1.34 markus 674: void
675: fatal(const char *fmt,...)
1.26 markus 676: {
1.34 markus 677: va_list args;
1.39 deraadt 678:
1.34 markus 679: va_start(args, fmt);
680: do_log(SYSLOG_LEVEL_FATAL, fmt, args);
681: va_end(args);
1.26 markus 682: if (nonfatal_fatal)
683: longjmp(kexjmp, -1);
1.34 markus 684: else
1.45 markus 685: exit(255);
1.26 markus 686: }
687:
688: static void
1.1 markus 689: usage(void)
690: {
1.52 jmc 691: fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n"
1.39 deraadt 692: "\t\t [host | addrlist namelist] [...]\n",
1.25 jakob 693: __progname);
694: exit(1);
1.1 markus 695: }
696:
697: int
698: main(int argc, char **argv)
699: {
1.26 markus 700: int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO;
701: int opt, fopt_count = 0;
702: char *tname;
703:
704: extern int optind;
705: extern char *optarg;
1.1 markus 706:
707: TAILQ_INIT(&tq);
1.52.2.2! brad 708:
! 709: /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
! 710: sanitise_stdfd();
1.1 markus 711:
1.26 markus 712: if (argc <= 1)
1.1 markus 713: usage();
714:
1.51 djm 715: while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) {
1.26 markus 716: switch (opt) {
1.51 djm 717: case 'H':
718: hash_hosts = 1;
719: break;
1.26 markus 720: case 'p':
721: ssh_port = a2port(optarg);
722: if (ssh_port == 0) {
723: fprintf(stderr, "Bad port '%s'\n", optarg);
724: exit(1);
725: }
726: break;
727: case 'T':
1.38 stevesk 728: timeout = convtime(optarg);
729: if (timeout == -1 || timeout == 0) {
730: fprintf(stderr, "Bad timeout '%s'\n", optarg);
1.1 markus 731: usage();
1.38 stevesk 732: }
1.26 markus 733: break;
734: case 'v':
735: if (!debug_flag) {
736: debug_flag = 1;
737: log_level = SYSLOG_LEVEL_DEBUG1;
738: }
739: else if (log_level < SYSLOG_LEVEL_DEBUG3)
740: log_level++;
741: else
742: fatal("Too high debugging level.");
743: break;
744: case 'f':
745: if (strcmp(optarg, "-") == 0)
746: optarg = NULL;
747: argv[fopt_count++] = optarg;
748: break;
749: case 't':
750: get_keytypes = 0;
751: tname = strtok(optarg, ",");
752: while (tname) {
753: int type = key_type_from_name(tname);
754: switch (type) {
755: case KEY_RSA1:
756: get_keytypes |= KT_RSA1;
757: break;
758: case KEY_DSA:
759: get_keytypes |= KT_DSA;
760: break;
761: case KEY_RSA:
762: get_keytypes |= KT_RSA;
763: break;
764: case KEY_UNSPEC:
1.32 stevesk 765: fatal("unknown key type %s", tname);
1.26 markus 766: }
767: tname = strtok(NULL, ",");
768: }
769: break;
770: case '4':
771: IPv4or6 = AF_INET;
772: break;
773: case '6':
774: IPv4or6 = AF_INET6;
775: break;
776: case '?':
777: default:
778: usage();
1.1 markus 779: }
780: }
1.26 markus 781: if (optind == argc && !fopt_count)
1.1 markus 782: usage();
783:
1.26 markus 784: log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1);
785:
1.1 markus 786: maxfd = fdlim_get(1);
787: if (maxfd < 0)
1.4 markus 788: fatal("%s: fdlim_get: bad value", __progname);
1.1 markus 789: if (maxfd > MAXMAXFD)
790: maxfd = MAXMAXFD;
1.18 deraadt 791: if (MAXCON <= 0)
1.4 markus 792: fatal("%s: not enough file descriptors", __progname);
1.1 markus 793: if (maxfd > fdlim_get(0))
794: fdlim_set(maxfd);
795: fdcon = xmalloc(maxfd * sizeof(con));
1.15 itojun 796: memset(fdcon, 0, maxfd * sizeof(con));
1.19 millert 797:
798: read_wait_size = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
799: read_wait = xmalloc(read_wait_size);
800: memset(read_wait, 0, read_wait_size);
1.1 markus 801:
1.26 markus 802: if (fopt_count) {
803: Linebuf *lb;
804: char *line;
805: int j;
806:
807: for (j = 0; j < fopt_count; j++) {
808: lb = Linebuf_alloc(argv[j], error);
1.28 danh 809: if (!lb)
810: continue;
1.26 markus 811: while ((line = Linebuf_getline(lb)) != NULL)
812: do_host(line);
813: Linebuf_free(lb);
814: }
815: }
816:
817: while (optind < argc)
818: do_host(argv[optind++]);
1.1 markus 819:
820: while (ncon > 0)
821: conloop();
822:
823: return (0);
824: }