diff options
Diffstat (limited to 'usr.bin/ssh/hostfile.c')
-rw-r--r-- | usr.bin/ssh/hostfile.c | 193 |
1 files changed, 49 insertions, 144 deletions
diff --git a/usr.bin/ssh/hostfile.c b/usr.bin/ssh/hostfile.c index ea92fa04855..eca68da730d 100644 --- a/usr.bin/ssh/hostfile.c +++ b/usr.bin/ssh/hostfile.c @@ -14,63 +14,23 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.13 2000/02/18 10:20:20 markus Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.14 2000/03/23 22:15:33 markus Exp $"); #include "packet.h" +#include "match.h" #include "ssh.h" +#include <ssl/rsa.h> +#include <ssl/dsa.h> +#include "key.h" +#include "hostfile.h" /* - * Reads a multiple-precision integer in decimal from the buffer, and advances - * the pointer. The integer must already be initialized. This function is - * permitted to modify the buffer. This leaves *cpp to point just beyond the - * last processed (and maybe modified) character. Note that this may modify - * the buffer containing the number. + * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the + * pointer over the key. Skips any whitespace at the beginning and at end. */ int -auth_rsa_read_bignum(char **cpp, BIGNUM * value) -{ - char *cp = *cpp; - int old; - - /* Skip any leading whitespace. */ - for (; *cp == ' ' || *cp == '\t'; cp++) - ; - - /* Check that it begins with a decimal digit. */ - if (*cp < '0' || *cp > '9') - return 0; - - /* Save starting position. */ - *cpp = cp; - - /* Move forward until all decimal digits skipped. */ - for (; *cp >= '0' && *cp <= '9'; cp++) - ; - - /* Save the old terminating character, and replace it by \0. */ - old = *cp; - *cp = 0; - - /* Parse the number. */ - if (BN_dec2bn(&value, *cpp) == 0) - return 0; - - /* Restore old terminating character. */ - *cp = old; - - /* Move beyond the number and return success. */ - *cpp = cp; - return 1; -} - -/* - * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer - * over the key. Skips any whitespace at the beginning and at end. - */ - -int -auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n) +hostfile_read_key(char **cpp, unsigned int *bitsp, Key *ret) { unsigned int bits; char *cp; @@ -85,12 +45,7 @@ auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n) for (bits = 0; *cp >= '0' && *cp <= '9'; cp++) bits = 10 * bits + *cp - '0'; - /* Get public exponent. */ - if (!auth_rsa_read_bignum(&cp, e)) - return 0; - - /* Get public modulus. */ - if (!auth_rsa_read_bignum(&cp, n)) + if (!key_read(ret, bits, &cp)) return 0; /* Skip trailing whitespace. */ @@ -103,63 +58,30 @@ auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n) return 1; } -/* - * Tries to match the host name (which must be in all lowercase) against the - * comma-separated sequence of subpatterns (each possibly preceded by ! to - * indicate negation). Returns true if there is a positive match; zero - * otherwise. - */ - int -match_hostname(const char *host, const char *pattern, unsigned int len) +auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n) { - char sub[1024]; - int negated; - int got_positive; - unsigned int i, subi; - - got_positive = 0; - for (i = 0; i < len;) { - /* Check if the subpattern is negated. */ - if (pattern[i] == '!') { - negated = 1; - i++; - } else - negated = 0; - - /* - * Extract the subpattern up to a comma or end. Convert the - * subpattern to lowercase. - */ - for (subi = 0; - i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; - subi++, i++) - sub[subi] = isupper(pattern[i]) ? tolower(pattern[i]) : pattern[i]; - /* If subpattern too long, return failure (no match). */ - if (subi >= sizeof(sub) - 1) - return 0; - - /* If the subpattern was terminated by a comma, skip the comma. */ - if (i < len && pattern[i] == ',') - i++; - - /* Null-terminate the subpattern. */ - sub[subi] = '\0'; + Key *k = key_new(KEY_RSA); + int ret = hostfile_read_key(cpp, bitsp, k); + BN_copy(e, k->rsa->e); + BN_copy(n, k->rsa->n); + key_free(k); + return ret; +} - /* Try to match the subpattern against the host name. */ - if (match_pattern(host, sub)) { - if (negated) - return 0; /* Fail */ - else - got_positive = 1; - } +int +hostfile_check_key(int bits, Key *key, const char *host, const char *filename, int linenum) +{ + if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) + return 1; + if (bits != BN_num_bits(key->rsa->n)) { + error("Warning: %s, line %d: keysize mismatch for host %s: " + "actual %d vs. announced %d.", + filename, linenum, host, BN_num_bits(key->rsa->n), bits); + error("Warning: replace %d with %d in %s, line %d.", + bits, BN_num_bits(key->rsa->n), filename, linenum); } - - /* - * Return success if got a positive match. If there was a negative - * match, we have already returned zero and never get here. - */ - return got_positive; + return 1; } /* @@ -170,8 +92,7 @@ match_hostname(const char *host, const char *pattern, unsigned int len) */ HostStatus -check_host_in_hostfile(const char *filename, const char *host, - BIGNUM * e, BIGNUM * n, BIGNUM * ke, BIGNUM * kn) +check_host_in_hostfile(const char *filename, const char *host, Key *key, Key *found) { FILE *f; char line[8192]; @@ -180,6 +101,8 @@ check_host_in_hostfile(const char *filename, const char *host, char *cp, *cp2; HostStatus end_return; + if (key == NULL) + fatal("no key to look up"); /* Open the file containing the list of known hosts. */ f = fopen(filename, "r"); if (!f) @@ -221,18 +144,13 @@ check_host_in_hostfile(const char *filename, const char *host, * Extract the key from the line. This will skip any leading * whitespace. Ignore badly formatted lines. */ - if (!auth_rsa_read_key(&cp, &kbits, ke, kn)) + if (!hostfile_read_key(&cp, &kbits, found)) + continue; + if (!hostfile_check_key(kbits, found, host, filename, linenum)) continue; - if (kbits != BN_num_bits(kn)) { - error("Warning: %s, line %d: keysize mismatch for host %s: " - "actual %d vs. announced %d.", - filename, linenum, host, BN_num_bits(kn), kbits); - error("Warning: replace %d with %d in %s, line %d.", - kbits, BN_num_bits(kn), filename, linenum); - } /* Check if the current key is the same as the given key. */ - if (BN_cmp(ke, e) == 0 && BN_cmp(kn, n) == 0) { + if (key_equal(key, found)) { /* Ok, they match. */ fclose(f); return HOST_OK; @@ -260,41 +178,28 @@ check_host_in_hostfile(const char *filename, const char *host, */ int -add_host_to_hostfile(const char *filename, const char *host, - BIGNUM * e, BIGNUM * n) +add_host_to_hostfile(const char *filename, const char *host, Key *key) { FILE *f; - char *buf; - unsigned int bits; + int success = 0; + + if (key == NULL) + return 1; /* Open the file for appending. */ f = fopen(filename, "a"); if (!f) return 0; - /* size of modulus 'n' */ - bits = BN_num_bits(n); - - /* Print the host name and key to the file. */ - fprintf(f, "%s %u ", host, bits); - buf = BN_bn2dec(e); - if (buf == NULL) { - error("add_host_to_hostfile: BN_bn2dec(e) failed"); - fclose(f); - return 0; + fprintf(f, "%s ", host); + if (key_write(key, f)) { + fprintf(f, "\n"); + success = 1; + } else { + error("add_host_to_hostfile: saving key failed"); } - fprintf(f, "%s ", buf); - free(buf); - buf = BN_bn2dec(n); - if (buf == NULL) { - error("add_host_to_hostfile: BN_bn2dec(n) failed"); - fclose(f); - return 0; - } - fprintf(f, "%s\n", buf); - free(buf); /* Close the file. */ fclose(f); - return 1; + return success; } |