Attachment #3009 for bug #2561

Lines 126-131 Link Here

(-)a/ssh-keygen.1 (+5 lines)
126	.Op Fl f Ar input_keyfile	126	.Op Fl f Ar input_keyfile
127	.Nm ssh-keygen	127	.Nm ssh-keygen
128	.Fl A	128	.Fl A
		129	.Op Fl f Ar prefix_path
129	.Nm ssh-keygen	130	.Nm ssh-keygen
130	.Fl k	131	.Fl k
131	.Fl f Ar krl_file	132	.Fl f Ar krl_file
Lines 224-229 For each of the key types (rsa, dsa, ecdsa and ed25519) Link Here
224	for which host keys	225	for which host keys
225	do not exist, generate the host keys with the default key file path,	226	do not exist, generate the host keys with the default key file path,
226	an empty passphrase, default bits for the key type, and default comment.	227	an empty passphrase, default bits for the key type, and default comment.
		228	If a
		229	.Fl f
		230	option has been specified, then its argument is used as a prefix to the
		231	default path for the resulting host key files.
227	This is used by	232	This is used by
228	.Pa /etc/rc	233	.Pa /etc/rc
229	to generate new host keys.	234	to generate new host keys.




	int first = 0;
	struct stat st;
	struct sshkey *private, *public;
	char comment[1024], *prv_tmp, *pub_tmp, *prv_file, *pub_file;
	int i, type, fd, r;
	FILE *f;

	for (i = 0; key_types[i].key_type; i++) {
		public = private = NULL;
		prv_tmp = pub_tmp = prv_file = pub_file = NULL;

		xasprintf(&prv_file, "%s%s",
		    identity_file, key_types[i].path);

		/* Check whether private key exists and is not zero-length */
		if (stat(prv_file, &st) == 0) {
			if (st.st_size != 0)
				goto next;
		} else if (errno != ENOENT) {
			error("Could not stat %s: %s", key_types[i].path,
			    strerror(errno));
			goto failnext;
			continue;
		}

		/*
		 * Private key doesn't exist or is invalid; proceed with
		 * key generation.
		 */
		xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX",
		    identity_file, key_types[i].path);
		xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX",
		    identity_file, key_types[i].path);
		xasprintf(&pub_file, "%s%s.pub",
		    identity_file, key_types[i].path);

		if (first == 0) {
			first = 1;
			printf("%s: generating new host keys: ", __progname);

		printf("%s ", key_types[i].key_type_display);
		fflush(stdout);
		type = sshkey_type_from_name(key_types[i].key_type);
		if ((fd = mkstemp(prv_tmp)) == -1) {
			error("Could not save your public key in %s: %s",
			    prv_tmp, strerror(errno));
			goto failnext;
		}
		close(fd); /* just using mkstemp() to generate/reserve a name */
		bits = 0;
		type_bits_valid(type, NULL, &bits);
		if ((r = sshkey_generate(type, bits, &private)) != 0) {
			error("sshkey_generate failed: %s", ssh_err(r));
			goto failnext;
			continue;
		}
		if ((r = sshkey_from_private(private, &public)) != 0)
			fatal("sshkey_from_private failed: %s", ssh_err(r));
		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
		    hostname);
		if ((r = sshkey_save_private(private, prv_tmp, "",
		    comment, use_new_format, new_format_cipher, rounds)) != 0) {
			error("Saving key \"%s\" failed: %s",
			    prv_tmp, ssh_err(r));
			goto failnext;
			sshkey_free(public);
			first = 0;
			continue;
		}
		if ((fd = mkstemp(pub_tmp)) == -1) {
			error("Could not save your public key in %s: %s",
			    pub_tmp, strerror(errno));
			goto failnext;
			error("Could not save your public key in %s",
			    identity_file);
			sshkey_free(public);
			first = 0;
			continue;
		}
		(void)fchmod(fd, 0644);
		f = fdopen(fd, "w");
		if (f == NULL) {
			error("fdopen %s failed: %s", pub_tmp, strerror(errno));
			close(fd);
			goto failnext;
			first = 0;
			continue;
		}
		if ((r = sshkey_write(public, f)) != 0) {
			error("write key failed: %s", ssh_err(r));
			fclose(f);
			goto failnext;
			first = 0;
			continue;
		}
		fprintf(f, " %s\n", comment);
		if (ferror(f) != 0) {
			error("write key failed: %s", strerror(errno));
			fclose(f);
			goto failnext;
		}
		if (fclose(f) != 0) {
			error("key close failed: %s", strerror(errno));
			goto failnext;
		}

		/* Rename temporary files to their permanent locations. */
		if (rename(pub_tmp, pub_file) != 0) {
			error("Unable to move %s into position: %s",
			    pub_file, strerror(errno));
			goto failnext;
		}
		if (rename(prv_tmp, prv_file) != 0) {
			error("Unable to move %s into position: %s",
			    key_types[i].path, strerror(errno));
 failnext:
			first = 0;
			goto next;
		}
 next:
		sshkey_free(private);
		sshkey_free(public);
		free(prv_tmp);
		free(pub_tmp);
		free(prv_file);
		free(pub_file);
	}
	if (first != 0)
		printf("\n");

Return to bug 2561

Lines 981-1000 do_gen_all_hostkeys(struct passwd *pw) Link Here

(-)a/ssh-keygen.c (-33 / +71 lines)
981	int first = 0;	981	int first = 0;
982	struct stat st;	982	struct stat st;
983	struct sshkey private, public;	983	struct sshkey private, public;
984	char comment[1024];	984	char comment[1024], prv_tmp, pub_tmp, prv_file, pub_file;
985	int i, type, fd, r;	985	int i, type, fd, r;
986	FILE *f;	986	FILE *f;
987		987
988	for (i = 0; key_types[i].key_type; i++) {	988	for (i = 0; key_types[i].key_type; i++) {
989	if (stat(key_types[i].path, &st) == 0)	989	public = private = NULL;
990	continue;	990	prv_tmp = pub_tmp = prv_file = pub_file = NULL;
991	if (errno != ENOENT) {	991
		992	xasprintf(&prv_file, "%s%s",
		993	identity_file, key_types[i].path);
		994
		995	/* Check whether private key exists and is not zero-length */
		996	if (stat(prv_file, &st) == 0) {
		997	if (st.st_size != 0)
		998	goto next;
		999	} else if (errno != ENOENT) {
992	error("Could not stat %s: %s", key_types[i].path,	1000	error("Could not stat %s: %s", key_types[i].path,
993	strerror(errno));	1001	strerror(errno));
994	first = 0;	1002	goto failnext;
995	continue;
996	}	1003	}
997		1004
		1005	/*
		1006	* Private key doesn't exist or is invalid; proceed with
		1007	* key generation.
		1008	*/
		1009	xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX",
		1010	identity_file, key_types[i].path);
		1011	xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX",
		1012	identity_file, key_types[i].path);
		1013	xasprintf(&pub_file, "%s%s.pub",
		1014	identity_file, key_types[i].path);
		1015
998	if (first == 0) {	1016	if (first == 0) {
999	first = 1;	1017	first = 1;
1000	printf("%s: generating new host keys: ", __progname);	1018	printf("%s: generating new host keys: ", __progname);
Lines 1002-1057 do_gen_all_hostkeys(struct passwd *pw) Link Here
1002	printf("%s ", key_types[i].key_type_display);	1020	printf("%s ", key_types[i].key_type_display);
1003	fflush(stdout);	1021	fflush(stdout);
1004	type = sshkey_type_from_name(key_types[i].key_type);	1022	type = sshkey_type_from_name(key_types[i].key_type);
1005	strlcpy(identity_file, key_types[i].path, sizeof(identity_file));	1023	if ((fd = mkstemp(prv_tmp)) == -1) {
		1024	error("Could not save your public key in %s: %s",
		1025	prv_tmp, strerror(errno));
		1026	goto failnext;
		1027	}
		1028	close(fd); /* just using mkstemp() to generate/reserve a name */
1006	bits = 0;	1029	bits = 0;
1007	type_bits_valid(type, NULL, &bits);	1030	type_bits_valid(type, NULL, &bits);
1008	if ((r = sshkey_generate(type, bits, &private)) != 0) {	1031	if ((r = sshkey_generate(type, bits, &private)) != 0) {
1009	error("sshkey_generate failed: %s", ssh_err(r));	1032	error("sshkey_generate failed: %s", ssh_err(r));
1010	first = 0;	1033	goto failnext;
1011	continue;
1012	}	1034	}
1013	if ((r = sshkey_from_private(private, &public)) != 0)	1035	if ((r = sshkey_from_private(private, &public)) != 0)
1014	fatal("sshkey_from_private failed: %s", ssh_err(r));	1036	fatal("sshkey_from_private failed: %s", ssh_err(r));
1015	snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,	1037	snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
1016	hostname);	1038	hostname);
1017	if ((r = sshkey_save_private(private, identity_file, "",	1039	if ((r = sshkey_save_private(private, prv_tmp, "",
1018	comment, use_new_format, new_format_cipher, rounds)) != 0) {	1040	comment, use_new_format, new_format_cipher, rounds)) != 0) {
1019	error("Saving key \"%s\" failed: %s",	1041	error("Saving key \"%s\" failed: %s",
1020	identity_file, ssh_err(r));	1042	prv_tmp, ssh_err(r));
1021	sshkey_free(private);	1043	goto failnext;
1022	sshkey_free(public);
1023	first = 0;
1024	continue;
1025	}	1044	}
1026	sshkey_free(private);	1045	if ((fd = mkstemp(pub_tmp)) == -1) {
1027	strlcat(identity_file, ".pub", sizeof(identity_file));	1046	error("Could not save your public key in %s: %s",
1028	fd = open(identity_file, O_WRONLY \| O_CREAT \| O_TRUNC, 0644);	1047	pub_tmp, strerror(errno));
1029	if (fd == -1) {	1048	goto failnext;
1030	error("Could not save your public key in %s",
1031	identity_file);
1032	sshkey_free(public);
1033	first = 0;
1034	continue;
1035	}	1049	}
		1050	(void)fchmod(fd, 0644);
1036	f = fdopen(fd, "w");	1051	f = fdopen(fd, "w");
1037	if (f == NULL) {	1052	if (f == NULL) {
1038	error("fdopen %s failed", identity_file);	1053	error("fdopen %s failed: %s", pub_tmp, strerror(errno));
1039	close(fd);	1054	close(fd);
1040	sshkey_free(public);	1055	goto failnext;
1041	first = 0;
1042	continue;
1043	}	1056	}
1044	if ((r = sshkey_write(public, f)) != 0) {	1057	if ((r = sshkey_write(public, f)) != 0) {
1045	error("write key failed: %s", ssh_err(r));	1058	error("write key failed: %s", ssh_err(r));
1046	fclose(f);	1059	fclose(f);
1047	sshkey_free(public);	1060	goto failnext;
1048	first = 0;
1049	continue;
1050	}	1061	}
1051	fprintf(f, " %s\n", comment);	1062	fprintf(f, " %s\n", comment);
1052	fclose(f);	1063	if (ferror(f) != 0) {
1053	sshkey_free(public);	1064	error("write key failed: %s", strerror(errno));
		1065	fclose(f);
		1066	goto failnext;
		1067	}
		1068	if (fclose(f) != 0) {
		1069	error("key close failed: %s", strerror(errno));
		1070	goto failnext;
		1071	}
1054		1072
		1073	/* Rename temporary files to their permanent locations. */
		1074	if (rename(pub_tmp, pub_file) != 0) {
		1075	error("Unable to move %s into position: %s",
		1076	pub_file, strerror(errno));
		1077	goto failnext;
		1078	}
		1079	if (rename(prv_tmp, prv_file) != 0) {
		1080	error("Unable to move %s into position: %s",
		1081	key_types[i].path, strerror(errno));
		1082	failnext:
		1083	first = 0;
		1084	goto next;
		1085	}
		1086	next:
		1087	sshkey_free(private);
		1088	sshkey_free(public);
		1089	free(prv_tmp);
		1090	free(pub_tmp);
		1091	free(prv_file);
		1092	free(pub_file);
1055	}	1093	}
1056	if (first != 0)	1094	if (first != 0)
1057	printf("\n");	1095	printf("\n");