|
Lines 178-187
type_bits_valid(int type, const char *name, u_int32_t *bitsp)
Link Here
|
| 178 |
{ |
178 |
{ |
| 179 |
u_int maxbits, nid; |
179 |
u_int maxbits, nid; |
| 180 |
|
180 |
|
| 181 |
if (type == KEY_UNSPEC) { |
181 |
if (type == KEY_UNSPEC) |
| 182 |
fprintf(stderr, "unknown key type %s\n", key_type_name); |
182 |
fatal("unknown key type %s", key_type_name); |
| 183 |
exit(1); |
|
|
| 184 |
} |
| 185 |
if (*bitsp == 0) { |
183 |
if (*bitsp == 0) { |
| 186 |
if (type == KEY_DSA) |
184 |
if (type == KEY_DSA) |
| 187 |
*bitsp = DEFAULT_BITS_DSA; |
185 |
*bitsp = DEFAULT_BITS_DSA; |
|
Lines 197-206
type_bits_valid(int type, const char *name, u_int32_t *bitsp)
Link Here
|
| 197 |
} |
195 |
} |
| 198 |
maxbits = (type == KEY_DSA) ? |
196 |
maxbits = (type == KEY_DSA) ? |
| 199 |
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
197 |
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
| 200 |
if (*bitsp > maxbits) { |
198 |
if (*bitsp > maxbits) |
| 201 |
fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); |
199 |
fatal("key bits exceeds maximum %d", maxbits); |
| 202 |
exit(1); |
|
|
| 203 |
} |
| 204 |
#ifdef WITH_OPENSSL |
200 |
#ifdef WITH_OPENSSL |
| 205 |
if (type == KEY_DSA && *bitsp != 1024) |
201 |
if (type == KEY_DSA && *bitsp != 1024) |
| 206 |
fatal("DSA keys must be 1024 bits"); |
202 |
fatal("DSA keys must be 1024 bits"); |
|
Lines 244-256
ask_filename(struct passwd *pw, const char *prompt)
Link Here
|
| 244 |
name = _PATH_SSH_CLIENT_ID_ED25519; |
240 |
name = _PATH_SSH_CLIENT_ID_ED25519; |
| 245 |
break; |
241 |
break; |
| 246 |
default: |
242 |
default: |
| 247 |
fprintf(stderr, "bad key type\n"); |
243 |
fatal("bad key type"); |
| 248 |
exit(1); |
|
|
| 249 |
break; |
| 250 |
} |
244 |
} |
| 251 |
} |
245 |
} |
| 252 |
snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); |
246 |
snprintf(identity_file, sizeof(identity_file), |
| 253 |
fprintf(stderr, "%s (%s): ", prompt, identity_file); |
247 |
"%s/%s", pw->pw_dir, name); |
|
|
248 |
printf("%s (%s): ", prompt, identity_file); |
| 249 |
fflush(stdout); |
| 254 |
if (fgets(buf, sizeof(buf), stdin) == NULL) |
250 |
if (fgets(buf, sizeof(buf), stdin) == NULL) |
| 255 |
exit(1); |
251 |
exit(1); |
| 256 |
buf[strcspn(buf, "\n")] = '\0'; |
252 |
buf[strcspn(buf, "\n")] = '\0'; |
|
Lines 296-309
do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
Link Here
|
| 296 |
char comment[61]; |
292 |
char comment[61]; |
| 297 |
int r; |
293 |
int r; |
| 298 |
|
294 |
|
| 299 |
if (k->type == KEY_RSA1) { |
295 |
if (k->type == KEY_RSA1) |
| 300 |
fprintf(stderr, "version 1 keys are not supported\n"); |
296 |
fatal("version 1 keys are not supported"); |
| 301 |
exit(1); |
297 |
if ((r = sshkey_to_blob(k, &blob, &len)) != 0) |
| 302 |
} |
298 |
fatal("key_to_blob failed: %s", ssh_err(r)); |
| 303 |
if ((r = sshkey_to_blob(k, &blob, &len)) != 0) { |
|
|
| 304 |
fprintf(stderr, "key_to_blob failed: %s\n", ssh_err(r)); |
| 305 |
exit(1); |
| 306 |
} |
| 307 |
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ |
299 |
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ |
| 308 |
snprintf(comment, sizeof(comment), |
300 |
snprintf(comment, sizeof(comment), |
| 309 |
"%u-bit %s, converted by %s@%s from OpenSSH", |
301 |
"%u-bit %s, converted by %s@%s from OpenSSH", |
|
Lines 530-546
get_line(FILE *fp, char *line, size_t len)
Link Here
|
| 530 |
|
522 |
|
| 531 |
line[0] = '\0'; |
523 |
line[0] = '\0'; |
| 532 |
while ((c = fgetc(fp)) != EOF) { |
524 |
while ((c = fgetc(fp)) != EOF) { |
| 533 |
if (pos >= len - 1) { |
525 |
if (pos >= len - 1) |
| 534 |
fprintf(stderr, "input line too long.\n"); |
526 |
fatal("input line too long."); |
| 535 |
exit(1); |
|
|
| 536 |
} |
| 537 |
switch (c) { |
527 |
switch (c) { |
| 538 |
case '\r': |
528 |
case '\r': |
| 539 |
c = fgetc(fp); |
529 |
c = fgetc(fp); |
| 540 |
if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) { |
530 |
if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) |
| 541 |
fprintf(stderr, "unget: %s\n", strerror(errno)); |
531 |
fatal("unget: %s", strerror(errno)); |
| 542 |
exit(1); |
|
|
| 543 |
} |
| 544 |
return pos; |
532 |
return pos; |
| 545 |
case '\n': |
533 |
case '\n': |
| 546 |
return pos; |
534 |
return pos; |
|
Lines 592-607
do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
Link Here
|
| 592 |
(encoded[len-3] == '=')) |
580 |
(encoded[len-3] == '=')) |
| 593 |
encoded[len-3] = '\0'; |
581 |
encoded[len-3] = '\0'; |
| 594 |
blen = uudecode(encoded, blob, sizeof(blob)); |
582 |
blen = uudecode(encoded, blob, sizeof(blob)); |
| 595 |
if (blen < 0) { |
583 |
if (blen < 0) |
| 596 |
fprintf(stderr, "uudecode failed.\n"); |
584 |
fatal("uudecode failed."); |
| 597 |
exit(1); |
|
|
| 598 |
} |
| 599 |
if (*private) |
585 |
if (*private) |
| 600 |
*k = do_convert_private_ssh2_from_blob(blob, blen); |
586 |
*k = do_convert_private_ssh2_from_blob(blob, blen); |
| 601 |
else if ((r = sshkey_from_blob(blob, blen, k)) != 0) { |
587 |
else if ((r = sshkey_from_blob(blob, blen, k)) != 0) |
| 602 |
fprintf(stderr, "decode blob failed: %s\n", ssh_err(r)); |
588 |
fatal("decode blob failed: %s", ssh_err(r)); |
| 603 |
exit(1); |
|
|
| 604 |
} |
| 605 |
fclose(fp); |
589 |
fclose(fp); |
| 606 |
} |
590 |
} |
| 607 |
|
591 |
|
|
Lines 731-740
do_convert_from(struct passwd *pw)
Link Here
|
| 731 |
} |
715 |
} |
| 732 |
} |
716 |
} |
| 733 |
|
717 |
|
| 734 |
if (!ok) { |
718 |
if (!ok) |
| 735 |
fprintf(stderr, "key write failed\n"); |
719 |
fatal("key write failed"); |
| 736 |
exit(1); |
|
|
| 737 |
} |
| 738 |
sshkey_free(k); |
720 |
sshkey_free(k); |
| 739 |
exit(0); |
721 |
exit(0); |
| 740 |
} |
722 |
} |
|
Lines 749-761
do_print_public(struct passwd *pw)
Link Here
|
| 749 |
|
731 |
|
| 750 |
if (!have_identity) |
732 |
if (!have_identity) |
| 751 |
ask_filename(pw, "Enter file in which the key is"); |
733 |
ask_filename(pw, "Enter file in which the key is"); |
| 752 |
if (stat(identity_file, &st) < 0) { |
734 |
if (stat(identity_file, &st) < 0) |
| 753 |
perror(identity_file); |
735 |
fatal("%s: %s", identity_file, strerror(errno)); |
| 754 |
exit(1); |
|
|
| 755 |
} |
| 756 |
prv = load_identity(identity_file); |
736 |
prv = load_identity(identity_file); |
| 757 |
if ((r = sshkey_write(prv, stdout)) != 0) |
737 |
if ((r = sshkey_write(prv, stdout)) != 0) |
| 758 |
fprintf(stderr, "key_write failed: %s", ssh_err(r)); |
738 |
error("key_write failed: %s", ssh_err(r)); |
| 759 |
sshkey_free(prv); |
739 |
sshkey_free(prv); |
| 760 |
fprintf(stdout, "\n"); |
740 |
fprintf(stdout, "\n"); |
| 761 |
exit(0); |
741 |
exit(0); |
|
Lines 820-829
do_fingerprint(struct passwd *pw)
Link Here
|
| 820 |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
800 |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
| 821 |
if (!have_identity) |
801 |
if (!have_identity) |
| 822 |
ask_filename(pw, "Enter file in which the key is"); |
802 |
ask_filename(pw, "Enter file in which the key is"); |
| 823 |
if (stat(identity_file, &st) < 0) { |
803 |
if (stat(identity_file, &st) < 0) |
| 824 |
perror(identity_file); |
804 |
fatal("%s: %s", identity_file, strerror(errno)); |
| 825 |
exit(1); |
|
|
| 826 |
} |
| 827 |
if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0) |
805 |
if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0) |
| 828 |
debug2("Error loading public key \"%s\": %s", |
806 |
debug2("Error loading public key \"%s\": %s", |
| 829 |
identity_file, ssh_err(r)); |
807 |
identity_file, ssh_err(r)); |
|
Lines 915-924
do_fingerprint(struct passwd *pw)
Link Here
|
| 915 |
} |
893 |
} |
| 916 |
fclose(f); |
894 |
fclose(f); |
| 917 |
|
895 |
|
| 918 |
if (invalid) { |
896 |
if (invalid) |
| 919 |
printf("%s is not a public key file.\n", identity_file); |
897 |
fatal("%s is not a public key file.", identity_file); |
| 920 |
exit(1); |
|
|
| 921 |
} |
| 922 |
exit(0); |
898 |
exit(0); |
| 923 |
} |
899 |
} |
| 924 |
|
900 |
|
|
Lines 953-959
do_gen_all_hostkeys(struct passwd *pw)
Link Here
|
| 953 |
if (stat(key_types[i].path, &st) == 0) |
929 |
if (stat(key_types[i].path, &st) == 0) |
| 954 |
continue; |
930 |
continue; |
| 955 |
if (errno != ENOENT) { |
931 |
if (errno != ENOENT) { |
| 956 |
printf("Could not stat %s: %s", key_types[i].path, |
932 |
error("Could not stat %s: %s", key_types[i].path, |
| 957 |
strerror(errno)); |
933 |
strerror(errno)); |
| 958 |
first = 0; |
934 |
first = 0; |
| 959 |
continue; |
935 |
continue; |
|
Lines 970-977
do_gen_all_hostkeys(struct passwd *pw)
Link Here
|
| 970 |
bits = 0; |
946 |
bits = 0; |
| 971 |
type_bits_valid(type, NULL, &bits); |
947 |
type_bits_valid(type, NULL, &bits); |
| 972 |
if ((r = sshkey_generate(type, bits, &private)) != 0) { |
948 |
if ((r = sshkey_generate(type, bits, &private)) != 0) { |
| 973 |
fprintf(stderr, "key_generate failed: %s\n", |
949 |
error("key_generate failed: %s", ssh_err(r)); |
| 974 |
ssh_err(r)); |
|
|
| 975 |
first = 0; |
950 |
first = 0; |
| 976 |
continue; |
951 |
continue; |
| 977 |
} |
952 |
} |
|
Lines 981-988
do_gen_all_hostkeys(struct passwd *pw)
Link Here
|
| 981 |
hostname); |
956 |
hostname); |
| 982 |
if ((r = sshkey_save_private(private, identity_file, "", |
957 |
if ((r = sshkey_save_private(private, identity_file, "", |
| 983 |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
958 |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
| 984 |
printf("Saving key \"%s\" failed: %s\n", identity_file, |
959 |
error("Saving key \"%s\" failed: %s", |
| 985 |
ssh_err(r)); |
960 |
identity_file, ssh_err(r)); |
| 986 |
sshkey_free(private); |
961 |
sshkey_free(private); |
| 987 |
sshkey_free(public); |
962 |
sshkey_free(public); |
| 988 |
first = 0; |
963 |
first = 0; |
|
Lines 992-998
do_gen_all_hostkeys(struct passwd *pw)
Link Here
|
| 992 |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
967 |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
| 993 |
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
968 |
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
| 994 |
if (fd == -1) { |
969 |
if (fd == -1) { |
| 995 |
printf("Could not save your public key in %s\n", |
970 |
error("Could not save your public key in %s", |
| 996 |
identity_file); |
971 |
identity_file); |
| 997 |
sshkey_free(public); |
972 |
sshkey_free(public); |
| 998 |
first = 0; |
973 |
first = 0; |
|
Lines 1000-1013
do_gen_all_hostkeys(struct passwd *pw)
Link Here
|
| 1000 |
} |
975 |
} |
| 1001 |
f = fdopen(fd, "w"); |
976 |
f = fdopen(fd, "w"); |
| 1002 |
if (f == NULL) { |
977 |
if (f == NULL) { |
| 1003 |
printf("fdopen %s failed\n", identity_file); |
978 |
error("fdopen %s failed", identity_file); |
| 1004 |
close(fd); |
979 |
close(fd); |
| 1005 |
sshkey_free(public); |
980 |
sshkey_free(public); |
| 1006 |
first = 0; |
981 |
first = 0; |
| 1007 |
continue; |
982 |
continue; |
| 1008 |
} |
983 |
} |
| 1009 |
if ((r = sshkey_write(public, f)) != 0) { |
984 |
if ((r = sshkey_write(public, f)) != 0) { |
| 1010 |
fprintf(stderr, "write key failed: %s\n", ssh_err(r)); |
985 |
error("write key failed: %s", ssh_err(r)); |
| 1011 |
fclose(f); |
986 |
fclose(f); |
| 1012 |
sshkey_free(public); |
987 |
sshkey_free(public); |
| 1013 |
first = 0; |
988 |
first = 0; |
|
Lines 1048-1055
known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
Link Here
|
| 1048 |
has_wild || l->marker != MRK_NONE) { |
1023 |
has_wild || l->marker != MRK_NONE) { |
| 1049 |
fprintf(ctx->out, "%s\n", l->line); |
1024 |
fprintf(ctx->out, "%s\n", l->line); |
| 1050 |
if (has_wild && !find_host) { |
1025 |
if (has_wild && !find_host) { |
| 1051 |
fprintf(stderr, "%s:%ld: ignoring host name " |
1026 |
logit("%s:%ld: ignoring host name " |
| 1052 |
"with wildcard: %.64s\n", l->path, |
1027 |
"with wildcard: %.64s", l->path, |
| 1053 |
l->linenum, l->hosts); |
1028 |
l->linenum, l->hosts); |
| 1054 |
} |
1029 |
} |
| 1055 |
return 0; |
1030 |
return 0; |
|
Lines 1070-1076
known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
Link Here
|
| 1070 |
case HKF_STATUS_INVALID: |
1045 |
case HKF_STATUS_INVALID: |
| 1071 |
/* Retain invalid lines, but mark file as invalid. */ |
1046 |
/* Retain invalid lines, but mark file as invalid. */ |
| 1072 |
ctx->invalid = 1; |
1047 |
ctx->invalid = 1; |
| 1073 |
fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum); |
1048 |
logit("%s:%ld: invalid line", l->path, l->linenum); |
| 1074 |
/* FALLTHROUGH */ |
1049 |
/* FALLTHROUGH */ |
| 1075 |
default: |
1050 |
default: |
| 1076 |
fprintf(ctx->out, "%s\n", l->line); |
1051 |
fprintf(ctx->out, "%s\n", l->line); |
|
Lines 1120-1127
known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
Link Here
|
| 1120 |
/* Retain non-matching hosts when deleting */ |
1095 |
/* Retain non-matching hosts when deleting */ |
| 1121 |
if (l->status == HKF_STATUS_INVALID) { |
1096 |
if (l->status == HKF_STATUS_INVALID) { |
| 1122 |
ctx->invalid = 1; |
1097 |
ctx->invalid = 1; |
| 1123 |
fprintf(stderr, "%s:%ld: invalid line\n", |
1098 |
logit("%s:%ld: invalid line", l->path, l->linenum); |
| 1124 |
l->path, l->linenum); |
|
|
| 1125 |
} |
1099 |
} |
| 1126 |
fprintf(ctx->out, "%s\n", l->line); |
1100 |
fprintf(ctx->out, "%s\n", l->line); |
| 1127 |
} |
1101 |
} |
|
Lines 1179-1195
do_known_hosts(struct passwd *pw, const char *name)
Link Here
|
| 1179 |
fclose(ctx.out); |
1153 |
fclose(ctx.out); |
| 1180 |
|
1154 |
|
| 1181 |
if (ctx.invalid) { |
1155 |
if (ctx.invalid) { |
| 1182 |
fprintf(stderr, "%s is not a valid known_hosts file.\n", |
1156 |
error("%s is not a valid known_hosts file.", identity_file); |
| 1183 |
identity_file); |
|
|
| 1184 |
if (inplace) { |
1157 |
if (inplace) { |
| 1185 |
fprintf(stderr, "Not replacing existing known_hosts " |
1158 |
error("Not replacing existing known_hosts " |
| 1186 |
"file because of errors\n"); |
1159 |
"file because of errors"); |
| 1187 |
unlink(tmp); |
1160 |
unlink(tmp); |
| 1188 |
} |
1161 |
} |
| 1189 |
exit(1); |
1162 |
exit(1); |
| 1190 |
} else if (delete_host && !ctx.found_key) { |
1163 |
} else if (delete_host && !ctx.found_key) { |
| 1191 |
fprintf(stderr, "Host %s not found in %s\n", |
1164 |
logit("Host %s not found in %s", name, identity_file); |
| 1192 |
name, identity_file); |
|
|
| 1193 |
unlink(tmp); |
1165 |
unlink(tmp); |
| 1194 |
} else if (inplace) { |
1166 |
} else if (inplace) { |
| 1195 |
/* Backup existing file */ |
1167 |
/* Backup existing file */ |
|
Lines 1207-1219
do_known_hosts(struct passwd *pw, const char *name)
Link Here
|
| 1207 |
exit(1); |
1179 |
exit(1); |
| 1208 |
} |
1180 |
} |
| 1209 |
|
1181 |
|
| 1210 |
fprintf(stderr, "%s updated.\n", identity_file); |
1182 |
printf("%s updated.\n", identity_file); |
| 1211 |
fprintf(stderr, "Original contents retained as %s\n", old); |
1183 |
printf("Original contents retained as %s\n", old); |
| 1212 |
if (ctx.has_unhashed) { |
1184 |
if (ctx.has_unhashed) { |
| 1213 |
fprintf(stderr, "WARNING: %s contains unhashed " |
1185 |
logit("WARNING: %s contains unhashed entries", old); |
| 1214 |
"entries\n", old); |
1186 |
logit("Delete this file to ensure privacy " |
| 1215 |
fprintf(stderr, "Delete this file to ensure privacy " |
1187 |
"of hostnames"); |
| 1216 |
"of hostnames\n"); |
|
|
| 1217 |
} |
1188 |
} |
| 1218 |
} |
1189 |
} |
| 1219 |
|
1190 |
|
|
Lines 1235-1244
do_change_passphrase(struct passwd *pw)
Link Here
|
| 1235 |
|
1206 |
|
| 1236 |
if (!have_identity) |
1207 |
if (!have_identity) |
| 1237 |
ask_filename(pw, "Enter file in which the key is"); |
1208 |
ask_filename(pw, "Enter file in which the key is"); |
| 1238 |
if (stat(identity_file, &st) < 0) { |
1209 |
if (stat(identity_file, &st) < 0) |
| 1239 |
perror(identity_file); |
1210 |
fatal("%s: %s", identity_file, strerror(errno)); |
| 1240 |
exit(1); |
|
|
| 1241 |
} |
| 1242 |
/* Try to load the file with empty passphrase. */ |
1211 |
/* Try to load the file with empty passphrase. */ |
| 1243 |
r = sshkey_load_private(identity_file, "", &private, &comment); |
1212 |
r = sshkey_load_private(identity_file, "", &private, &comment); |
| 1244 |
if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) { |
1213 |
if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) { |
|
Lines 1256-1264
do_change_passphrase(struct passwd *pw)
Link Here
|
| 1256 |
goto badkey; |
1225 |
goto badkey; |
| 1257 |
} else if (r != 0) { |
1226 |
} else if (r != 0) { |
| 1258 |
badkey: |
1227 |
badkey: |
| 1259 |
fprintf(stderr, "Failed to load key \"%s\": %s\n", |
1228 |
fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); |
| 1260 |
identity_file, ssh_err(r)); |
|
|
| 1261 |
exit(1); |
| 1262 |
} |
1229 |
} |
| 1263 |
if (comment) |
1230 |
if (comment) |
| 1264 |
printf("Key has comment '%s'\n", comment); |
1231 |
printf("Key has comment '%s'\n", comment); |
|
Lines 1291-1297
do_change_passphrase(struct passwd *pw)
Link Here
|
| 1291 |
/* Save the file using the new passphrase. */ |
1258 |
/* Save the file using the new passphrase. */ |
| 1292 |
if ((r = sshkey_save_private(private, identity_file, passphrase1, |
1259 |
if ((r = sshkey_save_private(private, identity_file, passphrase1, |
| 1293 |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
1260 |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
| 1294 |
printf("Saving key \"%s\" failed: %s.\n", |
1261 |
error("Saving key \"%s\" failed: %s.", |
| 1295 |
identity_file, ssh_err(r)); |
1262 |
identity_file, ssh_err(r)); |
| 1296 |
explicit_bzero(passphrase1, strlen(passphrase1)); |
1263 |
explicit_bzero(passphrase1, strlen(passphrase1)); |
| 1297 |
free(passphrase1); |
1264 |
free(passphrase1); |
|
Lines 1325-1338
do_print_resource_record(struct passwd *pw, char *fname, char *hname)
Link Here
|
| 1325 |
if (stat(fname, &st) < 0) { |
1292 |
if (stat(fname, &st) < 0) { |
| 1326 |
if (errno == ENOENT) |
1293 |
if (errno == ENOENT) |
| 1327 |
return 0; |
1294 |
return 0; |
| 1328 |
perror(fname); |
1295 |
fatal("%s: %s", fname, strerror(errno)); |
| 1329 |
exit(1); |
|
|
| 1330 |
} |
1296 |
} |
| 1331 |
if ((r = sshkey_load_public(fname, &public, &comment)) != 0) { |
1297 |
if ((r = sshkey_load_public(fname, &public, &comment)) != 0) |
| 1332 |
printf("Failed to read v2 public key from \"%s\": %s.\n", |
1298 |
fatal("Failed to read v2 public key from \"%s\": %s.", |
| 1333 |
fname, ssh_err(r)); |
1299 |
fname, ssh_err(r)); |
| 1334 |
exit(1); |
|
|
| 1335 |
} |
| 1336 |
export_dns_rr(hname, public, stdout, print_generic); |
1300 |
export_dns_rr(hname, public, stdout, print_generic); |
| 1337 |
sshkey_free(public); |
1301 |
sshkey_free(public); |
| 1338 |
free(comment); |
1302 |
free(comment); |
|
Lines 1354-1371
do_change_comment(struct passwd *pw)
Link Here
|
| 1354 |
|
1318 |
|
| 1355 |
if (!have_identity) |
1319 |
if (!have_identity) |
| 1356 |
ask_filename(pw, "Enter file in which the key is"); |
1320 |
ask_filename(pw, "Enter file in which the key is"); |
| 1357 |
if (stat(identity_file, &st) < 0) { |
1321 |
if (stat(identity_file, &st) < 0) |
| 1358 |
perror(identity_file); |
1322 |
fatal("%s: %s", identity_file, strerror(errno)); |
| 1359 |
exit(1); |
|
|
| 1360 |
} |
| 1361 |
if ((r = sshkey_load_private(identity_file, "", |
1323 |
if ((r = sshkey_load_private(identity_file, "", |
| 1362 |
&private, &comment)) == 0) |
1324 |
&private, &comment)) == 0) |
| 1363 |
passphrase = xstrdup(""); |
1325 |
passphrase = xstrdup(""); |
| 1364 |
else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) { |
1326 |
else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) |
| 1365 |
printf("Cannot load private key \"%s\": %s.\n", |
1327 |
fatal("Cannot load private key \"%s\": %s.", |
| 1366 |
identity_file, ssh_err(r)); |
1328 |
identity_file, ssh_err(r)); |
| 1367 |
exit(1); |
1329 |
else { |
| 1368 |
} else { |
|
|
| 1369 |
if (identity_passphrase) |
1330 |
if (identity_passphrase) |
| 1370 |
passphrase = xstrdup(identity_passphrase); |
1331 |
passphrase = xstrdup(identity_passphrase); |
| 1371 |
else if (identity_new_passphrase) |
1332 |
else if (identity_new_passphrase) |
|
Lines 1378-1390
do_change_comment(struct passwd *pw)
Link Here
|
| 1378 |
&private, &comment)) != 0) { |
1339 |
&private, &comment)) != 0) { |
| 1379 |
explicit_bzero(passphrase, strlen(passphrase)); |
1340 |
explicit_bzero(passphrase, strlen(passphrase)); |
| 1380 |
free(passphrase); |
1341 |
free(passphrase); |
| 1381 |
printf("Cannot load private key \"%s\": %s.\n", |
1342 |
fatal("Cannot load private key \"%s\": %s.", |
| 1382 |
identity_file, ssh_err(r)); |
1343 |
identity_file, ssh_err(r)); |
| 1383 |
exit(1); |
|
|
| 1384 |
} |
1344 |
} |
| 1385 |
} |
1345 |
} |
|
|
1346 |
/* XXX what about new-format keys? */ |
| 1386 |
if (private->type != KEY_RSA1) { |
1347 |
if (private->type != KEY_RSA1) { |
| 1387 |
fprintf(stderr, "Comments are only supported for RSA1 keys.\n"); |
1348 |
error("Comments are only supported for RSA1 keys."); |
| 1388 |
explicit_bzero(passphrase, strlen(passphrase)); |
1349 |
explicit_bzero(passphrase, strlen(passphrase)); |
| 1389 |
sshkey_free(private); |
1350 |
sshkey_free(private); |
| 1390 |
exit(1); |
1351 |
exit(1); |
|
Lines 1407-1413
do_change_comment(struct passwd *pw)
Link Here
|
| 1407 |
/* Save the file using the new passphrase. */ |
1368 |
/* Save the file using the new passphrase. */ |
| 1408 |
if ((r = sshkey_save_private(private, identity_file, passphrase, |
1369 |
if ((r = sshkey_save_private(private, identity_file, passphrase, |
| 1409 |
new_comment, use_new_format, new_format_cipher, rounds)) != 0) { |
1370 |
new_comment, use_new_format, new_format_cipher, rounds)) != 0) { |
| 1410 |
printf("Saving key \"%s\" failed: %s\n", |
1371 |
error("Saving key \"%s\" failed: %s", |
| 1411 |
identity_file, ssh_err(r)); |
1372 |
identity_file, ssh_err(r)); |
| 1412 |
explicit_bzero(passphrase, strlen(passphrase)); |
1373 |
explicit_bzero(passphrase, strlen(passphrase)); |
| 1413 |
free(passphrase); |
1374 |
free(passphrase); |
|
Lines 1423-1439
do_change_comment(struct passwd *pw)
Link Here
|
| 1423 |
|
1384 |
|
| 1424 |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
1385 |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
| 1425 |
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
1386 |
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
| 1426 |
if (fd == -1) { |
1387 |
if (fd == -1) |
| 1427 |
printf("Could not save your public key in %s\n", identity_file); |
1388 |
fatal("Could not save your public key in %s", identity_file); |
| 1428 |
exit(1); |
|
|
| 1429 |
} |
| 1430 |
f = fdopen(fd, "w"); |
1389 |
f = fdopen(fd, "w"); |
| 1431 |
if (f == NULL) { |
1390 |
if (f == NULL) |
| 1432 |
printf("fdopen %s failed\n", identity_file); |
1391 |
fatal("fdopen %s failed: %s", identity_file, strerror(errno)); |
| 1433 |
exit(1); |
|
|
| 1434 |
} |
| 1435 |
if ((r = sshkey_write(public, f)) != 0) |
1392 |
if ((r = sshkey_write(public, f)) != 0) |
| 1436 |
fprintf(stderr, "write key failed: %s\n", ssh_err(r)); |
1393 |
fatal("write key failed: %s", ssh_err(r)); |
| 1437 |
sshkey_free(public); |
1394 |
sshkey_free(public); |
| 1438 |
fprintf(f, " %s\n", new_comment); |
1395 |
fprintf(f, " %s\n", new_comment); |
| 1439 |
fclose(f); |
1396 |
fclose(f); |
|
Lines 1593-1600
do_ca_sign(struct passwd *pw, int argc, char **argv)
Link Here
|
| 1593 |
break; |
1550 |
break; |
| 1594 |
/* FALLTHROUGH */ |
1551 |
/* FALLTHROUGH */ |
| 1595 |
default: |
1552 |
default: |
| 1596 |
fprintf(stderr, "unknown key type %s\n", key_type_name); |
1553 |
fatal("unknown key type %s", key_type_name); |
| 1597 |
exit(1); |
|
|
| 1598 |
} |
1554 |
} |
| 1599 |
} |
1555 |
} |
| 1600 |
|
1556 |
|
|
Lines 2248-2261
main(int argc, char **argv)
Link Here
|
| 2248 |
|
2204 |
|
| 2249 |
/* we need this for the home * directory. */ |
2205 |
/* we need this for the home * directory. */ |
| 2250 |
pw = getpwuid(getuid()); |
2206 |
pw = getpwuid(getuid()); |
| 2251 |
if (!pw) { |
2207 |
if (!pw) |
| 2252 |
printf("No user exists for uid %lu\n", (u_long)getuid()); |
2208 |
fatal("No user exists for uid %lu", (u_long)getuid()); |
| 2253 |
exit(1); |
2209 |
if (gethostname(hostname, sizeof(hostname)) < 0) |
| 2254 |
} |
2210 |
fatal("gethostname: %s", strerror(errno)); |
| 2255 |
if (gethostname(hostname, sizeof(hostname)) < 0) { |
|
|
| 2256 |
perror("gethostname"); |
| 2257 |
exit(1); |
| 2258 |
} |
| 2259 |
|
2211 |
|
| 2260 |
/* Remaining characters: UYdw */ |
2212 |
/* Remaining characters: UYdw */ |
| 2261 |
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" |
2213 |
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" |
|
Lines 2470-2488
main(int argc, char **argv)
Link Here
|
| 2470 |
|
2422 |
|
| 2471 |
if (ca_key_path != NULL) { |
2423 |
if (ca_key_path != NULL) { |
| 2472 |
if (argc < 1 && !gen_krl) { |
2424 |
if (argc < 1 && !gen_krl) { |
| 2473 |
printf("Too few arguments.\n"); |
2425 |
error("Too few arguments."); |
| 2474 |
usage(); |
2426 |
usage(); |
| 2475 |
} |
2427 |
} |
| 2476 |
} else if (argc > 0 && !gen_krl && !check_krl) { |
2428 |
} else if (argc > 0 && !gen_krl && !check_krl) { |
| 2477 |
printf("Too many arguments.\n"); |
2429 |
error("Too many arguments."); |
| 2478 |
usage(); |
2430 |
usage(); |
| 2479 |
} |
2431 |
} |
| 2480 |
if (change_passphrase && change_comment) { |
2432 |
if (change_passphrase && change_comment) { |
| 2481 |
printf("Can only have one of -p and -c.\n"); |
2433 |
error("Can only have one of -p and -c."); |
| 2482 |
usage(); |
2434 |
usage(); |
| 2483 |
} |
2435 |
} |
| 2484 |
if (print_fingerprint && (delete_host || hash_hosts)) { |
2436 |
if (print_fingerprint && (delete_host || hash_hosts)) { |
| 2485 |
printf("Cannot use -l with -H or -R.\n"); |
2437 |
error("Cannot use -l with -H or -R."); |
| 2486 |
usage(); |
2438 |
usage(); |
| 2487 |
} |
2439 |
} |
| 2488 |
#ifdef WITH_OPENSSL |
2440 |
#ifdef WITH_OPENSSL |
|
Lines 2526-2535
main(int argc, char **argv)
Link Here
|
| 2526 |
if (have_identity) { |
2478 |
if (have_identity) { |
| 2527 |
n = do_print_resource_record(pw, |
2479 |
n = do_print_resource_record(pw, |
| 2528 |
identity_file, rr_hostname); |
2480 |
identity_file, rr_hostname); |
| 2529 |
if (n == 0) { |
2481 |
if (n == 0) |
| 2530 |
perror(identity_file); |
2482 |
fatal("%s: %s", identity_file, strerror(errno)); |
| 2531 |
exit(1); |
|
|
| 2532 |
} |
| 2533 |
exit(0); |
2483 |
exit(0); |
| 2534 |
} else { |
2484 |
} else { |
| 2535 |
|
2485 |
|
|
Lines 2601-2614
main(int argc, char **argv)
Link Here
|
| 2601 |
if (!quiet) |
2551 |
if (!quiet) |
| 2602 |
printf("Generating public/private %s key pair.\n", |
2552 |
printf("Generating public/private %s key pair.\n", |
| 2603 |
key_type_name); |
2553 |
key_type_name); |
| 2604 |
if ((r = sshkey_generate(type, bits, &private)) != 0) { |
2554 |
if ((r = sshkey_generate(type, bits, &private)) != 0) |
| 2605 |
fprintf(stderr, "key_generate failed\n"); |
2555 |
fatal("key_generate failed"); |
| 2606 |
exit(1); |
2556 |
if ((r = sshkey_from_private(private, &public)) != 0) |
| 2607 |
} |
2557 |
fatal("key_from_private failed: %s\n", ssh_err(r)); |
| 2608 |
if ((r = sshkey_from_private(private, &public)) != 0) { |
|
|
| 2609 |
fprintf(stderr, "key_from_private failed: %s\n", ssh_err(r)); |
| 2610 |
exit(1); |
| 2611 |
} |
| 2612 |
|
2558 |
|
| 2613 |
if (!have_identity) |
2559 |
if (!have_identity) |
| 2614 |
ask_filename(pw, "Enter file in which to save the key"); |
2560 |
ask_filename(pw, "Enter file in which to save the key"); |
|
Lines 2678-2684
passphrase_again:
Link Here
|
| 2678 |
/* Save the key with the given passphrase and comment. */ |
2624 |
/* Save the key with the given passphrase and comment. */ |
| 2679 |
if ((r = sshkey_save_private(private, identity_file, passphrase1, |
2625 |
if ((r = sshkey_save_private(private, identity_file, passphrase1, |
| 2680 |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
2626 |
comment, use_new_format, new_format_cipher, rounds)) != 0) { |
| 2681 |
printf("Saving key \"%s\" failed: %s\n", |
2627 |
error("Saving key \"%s\" failed: %s", |
| 2682 |
identity_file, ssh_err(r)); |
2628 |
identity_file, ssh_err(r)); |
| 2683 |
explicit_bzero(passphrase1, strlen(passphrase1)); |
2629 |
explicit_bzero(passphrase1, strlen(passphrase1)); |
| 2684 |
free(passphrase1); |
2630 |
free(passphrase1); |
|
Lines 2695-2712
passphrase_again:
Link Here
|
| 2695 |
printf("Your identification has been saved in %s.\n", identity_file); |
2641 |
printf("Your identification has been saved in %s.\n", identity_file); |
| 2696 |
|
2642 |
|
| 2697 |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
2643 |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
| 2698 |
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); |
2644 |
if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) |
| 2699 |
if (fd == -1) { |
2645 |
fatal("Unable to save public key to %s: %s", |
| 2700 |
printf("Could not save your public key in %s\n", identity_file); |
2646 |
identity_file, strerror(errno)); |
| 2701 |
exit(1); |
2647 |
if ((f = fdopen(fd, "w")) == NULL) |
| 2702 |
} |
2648 |
fatal("fdopen %s failed: %s", identity_file, strerror(errno)); |
| 2703 |
f = fdopen(fd, "w"); |
|
|
| 2704 |
if (f == NULL) { |
| 2705 |
printf("fdopen %s failed\n", identity_file); |
| 2706 |
exit(1); |
| 2707 |
} |
| 2708 |
if ((r = sshkey_write(public, f)) != 0) |
2649 |
if ((r = sshkey_write(public, f)) != 0) |
| 2709 |
fprintf(stderr, "write key failed: %s\n", ssh_err(r)); |
2650 |
error("write key failed: %s", ssh_err(r)); |
| 2710 |
fprintf(f, " %s\n", comment); |
2651 |
fprintf(f, " %s\n", comment); |
| 2711 |
fclose(f); |
2652 |
fclose(f); |
| 2712 |
|
2653 |
|