Attachment #3004 for bug #2561

Lines 124-129 Link Here

(-)a/ssh-keygen.1 (+5 lines)
124	.Op Fl f Ar input_keyfile	124	.Op Fl f Ar input_keyfile
125	.Nm ssh-keygen	125	.Nm ssh-keygen
126	.Fl A	126	.Fl A
		127	.Op Fl f Ar prefix_path
127	.Nm ssh-keygen	128	.Nm ssh-keygen
128	.Fl k	129	.Fl k
129	.Fl f Ar krl_file	130	.Fl f Ar krl_file
Lines 227-232 For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) Link Here
227	for which host keys	228	for which host keys
228	do not exist, generate the host keys with the default key file path,	229	do not exist, generate the host keys with the default key file path,
229	an empty passphrase, default bits for the key type, and default comment.	230	an empty passphrase, default bits for the key type, and default comment.
		231	If a
		232	.Fl f
		233	option has been specified, then its argument is used as a prefix to the
		234	default path for the resulting host key files.
230	This is used by	235	This is used by
231	.Pa /etc/rc	236	.Pa /etc/rc
232	to generate new host keys.	237	to generate new host keys.




	int first = 0;
	struct stat st;
	struct sshkey *private, *public;
	char comment[1024], *prv_tmp, *pub_tmp, *prv_file, *pub_file;
	int i, type, fd, r;
	FILE *f;

	for (i = 0; key_types[i].key_type; i++) {
		public = private = NULL;
		prv_tmp = pub_tmp = prv_file = pub_file = NULL;

		xasprintf(&prv_file, "%s%s",
		    identity_file, key_types[i].path);

		/* Check whether private key exists and is not zero-length */
		if (stat(prv_file, &st) == 0) {
			if (st.st_size != 0)
				goto next;
		} else if (errno != ENOENT) {
			error("Could not stat %s: %s", key_types[i].path,
			    strerror(errno));
			goto failnext;
			continue;
		}

		/*
		 * Private key doesn't exist or is invalid; proceed with
		 * key generation.
		 */
		xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX",
		    identity_file, key_types[i].path);
		xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX",
		    identity_file, key_types[i].path);
		xasprintf(&pub_file, "%s%s.pub",
		    identity_file, key_types[i].path);

		if (first == 0) {
			first = 1;
			printf("%s: generating new host keys: ", __progname);

		printf("%s ", key_types[i].key_type_display);
		fflush(stdout);
		type = sshkey_type_from_name(key_types[i].key_type);
		if ((fd = mkstemp(prv_tmp)) == -1) {
			error("Could not save your public key in %s: %s",
			    prv_tmp, strerror(errno));
			goto failnext;
		}
		close(fd); /* just using mkstemp() to generate/reserve a name */
		bits = 0;
		type_bits_valid(type, NULL, &bits);
		if ((r = sshkey_generate(type, bits, &private)) != 0) {
			error("key_generate failed: %s", ssh_err(r));
			goto failnext;
			continue;
		}
		if ((r = sshkey_from_private(private, &public)) != 0)
			fatal("sshkey_from_private failed: %s", ssh_err(r));
		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
		    hostname);
		if ((r = sshkey_save_private(private, prv_tmp, "",
		    comment, use_new_format, new_format_cipher, rounds)) != 0) {
			error("Saving key \"%s\" failed: %s",
			    prv_tmp, ssh_err(r));
			goto failnext;
			sshkey_free(public);
			first = 0;
			continue;
		}
		if ((fd = mkstemp(pub_tmp)) == -1) {
			error("Could not save your public key in %s: %s",
			    pub_tmp, strerror(errno));
			goto failnext;
			error("Could not save your public key in %s",
			    identity_file);
			sshkey_free(public);
			first = 0;
			continue;
		}
		(void)fchmod(fd, 0644);
		f = fdopen(fd, "w");
		if (f == NULL) {
			error("fdopen %s failed", pub_tmp);
			close(fd);
			goto failnext;
			first = 0;
			continue;
		}
		if ((r = sshkey_write(public, f)) != 0) {
			error("write key failed: %s", ssh_err(r));
			fclose(f);
			goto failnext;
			first = 0;
			continue;
		}
		fprintf(f, " %s\n", comment);
		if (ferror(f) || fclose(f) != 0) {
			error("write key failed: %s", strerror(errno));
			fclose(f);
			goto failnext;
		}

		/* Rename temporary files to their permanent locations. */
		if (rename(pub_tmp, pub_file) != 0) {
			error("Unable to move %s into position: %s",
			    pub_file, strerror(errno));
			goto failnext;
		}
		if (rename(prv_tmp, prv_file) != 0) {
			error("Unable to move %s into position: %s",
			    key_types[i].path, strerror(errno));
 failnext:
			first = 0;
			goto next;
		}
 next:
		sshkey_free(private);
		sshkey_free(public);
		free(prv_tmp);
		free(pub_tmp);
		free(prv_file);
		free(pub_file);
	}
	if (first != 0)
		printf("\n");

Return to bug 2561

Lines 976-995 do_gen_all_hostkeys(struct passwd *pw) Link Here

(-)a/ssh-keygen.c (-33 / +67 lines)
976	int first = 0;	976	int first = 0;
977	struct stat st;	977	struct stat st;
978	struct sshkey private, public;	978	struct sshkey private, public;
979	char comment[1024];	979	char comment[1024], prv_tmp, pub_tmp, prv_file, pub_file;
980	int i, type, fd, r;	980	int i, type, fd, r;
981	FILE *f;	981	FILE *f;
982		982
983	for (i = 0; key_types[i].key_type; i++) {	983	for (i = 0; key_types[i].key_type; i++) {
984	if (stat(key_types[i].path, &st) == 0)	984	public = private = NULL;
985	continue;	985	prv_tmp = pub_tmp = prv_file = pub_file = NULL;
986	if (errno != ENOENT) {	986
		987	xasprintf(&prv_file, "%s%s",
		988	identity_file, key_types[i].path);
		989
		990	/* Check whether private key exists and is not zero-length */
		991	if (stat(prv_file, &st) == 0) {
		992	if (st.st_size != 0)
		993	goto next;
		994	} else if (errno != ENOENT) {
987	error("Could not stat %s: %s", key_types[i].path,	995	error("Could not stat %s: %s", key_types[i].path,
988	strerror(errno));	996	strerror(errno));
989	first = 0;	997	goto failnext;
990	continue;
991	}	998	}
992		999
		1000	/*
		1001	* Private key doesn't exist or is invalid; proceed with
		1002	* key generation.
		1003	*/
		1004	xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX",
		1005	identity_file, key_types[i].path);
		1006	xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX",
		1007	identity_file, key_types[i].path);
		1008	xasprintf(&pub_file, "%s%s.pub",
		1009	identity_file, key_types[i].path);
		1010
993	if (first == 0) {	1011	if (first == 0) {
994	first = 1;	1012	first = 1;
995	printf("%s: generating new host keys: ", __progname);	1013	printf("%s: generating new host keys: ", __progname);
Lines 997-1052 do_gen_all_hostkeys(struct passwd *pw) Link Here
997	printf("%s ", key_types[i].key_type_display);	1015	printf("%s ", key_types[i].key_type_display);
998	fflush(stdout);	1016	fflush(stdout);
999	type = sshkey_type_from_name(key_types[i].key_type);	1017	type = sshkey_type_from_name(key_types[i].key_type);
1000	strlcpy(identity_file, key_types[i].path, sizeof(identity_file));	1018	if ((fd = mkstemp(prv_tmp)) == -1) {
		1019	error("Could not save your public key in %s: %s",
		1020	prv_tmp, strerror(errno));
		1021	goto failnext;
		1022	}
		1023	close(fd); /* just using mkstemp() to generate/reserve a name */
1001	bits = 0;	1024	bits = 0;
1002	type_bits_valid(type, NULL, &bits);	1025	type_bits_valid(type, NULL, &bits);
1003	if ((r = sshkey_generate(type, bits, &private)) != 0) {	1026	if ((r = sshkey_generate(type, bits, &private)) != 0) {
1004	error("key_generate failed: %s", ssh_err(r));	1027	error("key_generate failed: %s", ssh_err(r));
1005	first = 0;	1028	goto failnext;
1006	continue;
1007	}	1029	}
1008	if ((r = sshkey_from_private(private, &public)) != 0)	1030	if ((r = sshkey_from_private(private, &public)) != 0)
1009	fatal("sshkey_from_private failed: %s", ssh_err(r));	1031	fatal("sshkey_from_private failed: %s", ssh_err(r));
1010	snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,	1032	snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
1011	hostname);	1033	hostname);
1012	if ((r = sshkey_save_private(private, identity_file, "",	1034	if ((r = sshkey_save_private(private, prv_tmp, "",
1013	comment, use_new_format, new_format_cipher, rounds)) != 0) {	1035	comment, use_new_format, new_format_cipher, rounds)) != 0) {
1014	error("Saving key \"%s\" failed: %s",	1036	error("Saving key \"%s\" failed: %s",
1015	identity_file, ssh_err(r));	1037	prv_tmp, ssh_err(r));
1016	sshkey_free(private);	1038	goto failnext;
1017	sshkey_free(public);
1018	first = 0;
1019	continue;
1020	}	1039	}
1021	sshkey_free(private);	1040	if ((fd = mkstemp(pub_tmp)) == -1) {
1022	strlcat(identity_file, ".pub", sizeof(identity_file));	1041	error("Could not save your public key in %s: %s",
1023	fd = open(identity_file, O_WRONLY \| O_CREAT \| O_TRUNC, 0644);	1042	pub_tmp, strerror(errno));
1024	if (fd == -1) {	1043	goto failnext;
1025	error("Could not save your public key in %s",
1026	identity_file);
1027	sshkey_free(public);
1028	first = 0;
1029	continue;
1030	}	1044	}
		1045	(void)fchmod(fd, 0644);
1031	f = fdopen(fd, "w");	1046	f = fdopen(fd, "w");
1032	if (f == NULL) {	1047	if (f == NULL) {
1033	error("fdopen %s failed", identity_file);	1048	error("fdopen %s failed", pub_tmp);
1034	close(fd);	1049	close(fd);
1035	sshkey_free(public);	1050	goto failnext;
1036	first = 0;
1037	continue;
1038	}	1051	}
1039	if ((r = sshkey_write(public, f)) != 0) {	1052	if ((r = sshkey_write(public, f)) != 0) {
1040	error("write key failed: %s", ssh_err(r));	1053	error("write key failed: %s", ssh_err(r));
1041	fclose(f);	1054	fclose(f);
1042	sshkey_free(public);	1055	goto failnext;
1043	first = 0;
1044	continue;
1045	}	1056	}
1046	fprintf(f, " %s\n", comment);	1057	fprintf(f, " %s\n", comment);
1047	fclose(f);	1058	if (ferror(f) \|\| fclose(f) != 0) {
1048	sshkey_free(public);	1059	error("write key failed: %s", strerror(errno));
		1060	fclose(f);
		1061	goto failnext;
		1062	}
1049		1063
		1064	/* Rename temporary files to their permanent locations. */
		1065	if (rename(pub_tmp, pub_file) != 0) {
		1066	error("Unable to move %s into position: %s",
		1067	pub_file, strerror(errno));
		1068	goto failnext;
		1069	}
		1070	if (rename(prv_tmp, prv_file) != 0) {
		1071	error("Unable to move %s into position: %s",
		1072	key_types[i].path, strerror(errno));
		1073	failnext:
		1074	first = 0;
		1075	goto next;
		1076	}
		1077	next:
		1078	sshkey_free(private);
		1079	sshkey_free(public);
		1080	free(prv_tmp);
		1081	free(pub_tmp);
		1082	free(prv_file);
		1083	free(pub_file);
1050	}	1084	}
1051	if (first != 0)	1085	if (first != 0)
1052	printf("\n");	1086	printf("\n");