diff options
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/cmd/ssh/include/base64.h | 6 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/include/hostfile.h | 34 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/include/key.h | 32 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/include/readconf.h | 26 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/libopenbsd-compat/common/base64.c | 6 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/libssh/common/hostfile.c | 145 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/libssh/common/key.c | 8 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/libssh/common/readconf.c | 10 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/libssh/common/uuencode.c | 2 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/ssh-keygen/ssh-keygen.c | 531 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/ssh.po | 436 | ||||
| -rw-r--r-- | usr/src/cmd/ssh/ssh/sshconnect.c | 48 |
12 files changed, 901 insertions, 383 deletions
diff --git a/usr/src/cmd/ssh/include/base64.h b/usr/src/cmd/ssh/include/base64.h index cca84b7bc3..7e2ccf7d3e 100644 --- a/usr/src/cmd/ssh/include/base64.h +++ b/usr/src/cmd/ssh/include/base64.h @@ -1,8 +1,8 @@ -/* $Id: base64.h,v 1.3 2002/02/26 16:59:59 stevesk Exp $ */ - #ifndef _BASE64_H #define _BASE64_H +/* $Id: base64.h,v 1.3 2002/02/26 16:59:59 stevesk Exp $ */ + #pragma ident "%Z%%M% %I% %E% SMI" #ifdef __cplusplus @@ -16,7 +16,7 @@ extern "C" { # ifndef HAVE_B64_NTOP int b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize); -int b64_pton(char const *src, u_char *target, size_t targsize); +int b64_pton(u_char const *src, u_char *target, size_t targsize); # endif /* !HAVE_B64_NTOP */ # define __b64_ntop b64_ntop # define __b64_pton b64_pton diff --git a/usr/src/cmd/ssh/include/hostfile.h b/usr/src/cmd/ssh/include/hostfile.h index 8c41856bec..3a2c7e6a06 100644 --- a/usr/src/cmd/ssh/include/hostfile.h +++ b/usr/src/cmd/ssh/include/hostfile.h @@ -1,15 +1,3 @@ -/* $OpenBSD: hostfile.h,v 1.12 2002/09/08 20:24:08 markus Exp $ */ - -#ifndef _HOSTFILE_H -#define _HOSTFILE_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - - /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -22,17 +10,33 @@ extern "C" { * called by a name other than "ssh" or "Secure Shell". */ +#ifndef _HOSTFILE_H +#define _HOSTFILE_H + +/* $OpenBSD: hostfile.h,v 1.12 2002/09/08 20:24:08 markus Exp $ */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +#ifdef __cplusplus +extern "C" { +#endif + typedef enum { HOST_OK, HOST_NEW, HOST_CHANGED, HOST_FOUND } HostStatus; int hostfile_read_key(char **, u_int *, Key *); HostStatus -check_host_in_hostfile(const char *, const char *, Key *, Key *, int *); -int add_host_to_hostfile(const char *, const char *, Key *); -int +check_host_in_hostfile(const char *, const char *, const Key *, Key *, int *); +int add_host_to_hostfile(const char *, const char *, const Key *, int); +int lookup_key_in_hostfile_by_type(const char *, const char *, int , Key *, int *); +#define HASH_MAGIC "|1|" +#define HASH_DELIM '|' + +char *host_hash(const char *, const char *, u_int); + #ifdef __cplusplus } #endif diff --git a/usr/src/cmd/ssh/include/key.h b/usr/src/cmd/ssh/include/key.h index 33f96eeec9..862b2d81d4 100644 --- a/usr/src/cmd/ssh/include/key.h +++ b/usr/src/cmd/ssh/include/key.h @@ -1,15 +1,3 @@ -/* $OpenBSD: key.h,v 1.19 2002/03/18 17:23:31 markus Exp $ */ - -#ifndef _KEY_H -#define _KEY_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - - /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -34,6 +22,18 @@ extern "C" { * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifndef _KEY_H +#define _KEY_H + +/* $OpenBSD: key.h,v 1.19 2002/03/18 17:23:31 markus Exp $ */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +#ifdef __cplusplus +extern "C" { +#endif + + #include <openssl/rsa.h> #include <openssl/dsa.h> @@ -68,10 +68,10 @@ Key *key_new(int); Key *key_new_private(int); void key_free(Key *); Key *key_demote(Key *); -int key_equal(Key *, Key *); +int key_equal(const Key *, const Key *); char *key_fingerprint(Key *, enum fp_type, enum fp_rep); char *key_type(Key *); -int key_write(Key *, FILE *); +int key_write(const Key *, FILE *); int key_read(Key *, char **); u_int key_size(Key *); @@ -80,8 +80,8 @@ Key *key_from_private(Key *); int key_type_from_name(char *); Key *key_from_blob(u_char *, int); -int key_to_blob(Key *, u_char **, u_int *); -char *key_ssh_name(Key *); +int key_to_blob(const Key *, u_char **, u_int *); +char *key_ssh_name(const Key *); int key_names_valid2(const char *); int key_sign(Key *, u_char **, u_int *, u_char *, u_int); diff --git a/usr/src/cmd/ssh/include/readconf.h b/usr/src/cmd/ssh/include/readconf.h index e47098f3bf..a81048c0da 100644 --- a/usr/src/cmd/ssh/include/readconf.h +++ b/usr/src/cmd/ssh/include/readconf.h @@ -1,15 +1,3 @@ -/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */ - -#ifndef _READCONF_H -#define _READCONF_H - -#pragma ident "%Z%%M% %I% %E% SMI" - -#ifdef __cplusplus -extern "C" { -#endif - - /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -27,6 +15,18 @@ extern "C" { * Use is subject to license terms. */ +#ifndef _READCONF_H +#define _READCONF_H + +/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +#ifdef __cplusplus +extern "C" { +#endif + + #include "key.h" /* Data structure for representing a forwarding request. */ @@ -129,6 +129,8 @@ typedef struct { int no_host_authentication_for_localhost; int server_alive_interval; int server_alive_count_max; + + int hash_known_hosts; } Options; diff --git a/usr/src/cmd/ssh/libopenbsd-compat/common/base64.c b/usr/src/cmd/ssh/libopenbsd-compat/common/base64.c index 9fe91f2208..62776ce4e0 100644 --- a/usr/src/cmd/ssh/libopenbsd-compat/common/base64.c +++ b/usr/src/cmd/ssh/libopenbsd-compat/common/base64.c @@ -42,6 +42,8 @@ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. */ +#pragma ident "%Z%%M% %I% %E% SMI" + #include "includes.h" #if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) @@ -198,7 +200,7 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) */ int -b64_pton(char const *src, u_char *target, size_t targsize) +b64_pton(u_char const *src, u_char *target, size_t targsize) { int tarindex, state, ch; char *pos; @@ -315,5 +317,3 @@ b64_pton(char const *src, u_char *target, size_t targsize) } #endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */ - -#pragma ident "%Z%%M% %I% %E% SMI" diff --git a/usr/src/cmd/ssh/libssh/common/hostfile.c b/usr/src/cmd/ssh/libssh/common/hostfile.c index 129030b9ea..f71463a973 100644 --- a/usr/src/cmd/ssh/libssh/common/hostfile.c +++ b/usr/src/cmd/ssh/libssh/common/hostfile.c @@ -35,18 +35,117 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.30 2002/07/24 16:11:18 markus Exp $"); +/* $OpenBSD: hostfile.c,v 1.45 2006/08/03 03:34:42 deraadt Exp $ */ #pragma ident "%Z%%M% %I% %E% SMI" +#include "includes.h" + +#include <openssl/hmac.h> +#include <openssl/sha.h> + #include "packet.h" +#include "xmalloc.h" #include "match.h" #include "key.h" #include "hostfile.h" #include "log.h" /* + * Format of a hashed hostname is <MAGIC><SALT>|<HASHED_HOSTNAME>. <MAGIC> is + * "|1|". As in non-hashed hostnames this whole string is then followed by a + * space, a key type and the key (which is out of scope of this function). + * + * Example what can be in 's': + * + * |1|t17NtsuXSLwP0H0eYdd8vJeNakM=|9XFVPh3jZUrfY6YCWn8Ua5eGZtA= + */ +static int +extract_salt(const char *s, u_int l, char *salt, size_t salt_len) +{ + char *p; + u_char *b64salt; + u_int b64len; + int ret; + + if (l < sizeof(HASH_MAGIC) - 1) { + debug2("extract_salt: string too short"); + return (-1); + } + if (strncmp(s, HASH_MAGIC, sizeof(HASH_MAGIC) - 1) != 0) { + debug2("extract_salt: invalid magic identifier"); + return (-1); + } + s += sizeof(HASH_MAGIC) - 1; + l -= sizeof(HASH_MAGIC) - 1; + if ((p = memchr(s, HASH_DELIM, l)) == NULL) { + debug2("extract_salt: missing salt termination character"); + return (-1); + } + + b64len = p - s; + /* Sanity check */ + if (b64len == 0 || b64len > 1024) { + debug2("extract_salt: bad encoded salt length %u", b64len); + return (-1); + } + b64salt = xmalloc(1 + b64len); + memcpy(b64salt, s, b64len); + b64salt[b64len] = '\0'; + + ret = __b64_pton(b64salt, (u_char *) salt, salt_len); + xfree(b64salt); + if (ret == -1) { + debug2("extract_salt: salt decode error"); + return (-1); + } + if (ret != SHA_DIGEST_LENGTH) { + debug2("extract_salt: expected salt len %d, got %d", + SHA_DIGEST_LENGTH, ret); + return (-1); + } + + return (0); +} + +char * +host_hash(const char *host, const char *name_from_hostfile, u_int src_len) +{ + const EVP_MD *md = EVP_sha1(); + HMAC_CTX mac_ctx; + char salt[256], result[256], uu_salt[512], uu_result[512]; + static char encoded[1024]; + u_int i, len; + + len = EVP_MD_size(md); + + if (name_from_hostfile == NULL) { + /* Create new salt */ + for (i = 0; i < len; i++) + salt[i] = arc4random(); + } else { + /* Extract salt from known host entry */ + if (extract_salt(name_from_hostfile, src_len, salt, + sizeof(salt)) == -1) + return (NULL); + } + + HMAC_Init(&mac_ctx, salt, len, md); + HMAC_Update(&mac_ctx, (u_char *) host, strlen(host)); + HMAC_Final(&mac_ctx, (u_char *) result, NULL); + HMAC_cleanup(&mac_ctx); + + if (__b64_ntop((u_char *) salt, len, uu_salt, sizeof(uu_salt)) == -1 || + __b64_ntop((u_char *) result, len, uu_result, sizeof(uu_result)) == -1) + fatal("host_hash: __b64_ntop failed"); + + snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, + HASH_DELIM, uu_result); + + return (encoded); +} + +/* * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the * pointer over the key. Skips any whitespace at the beginning and at end. */ @@ -74,7 +173,7 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) } static int -hostfile_check_key(int bits, Key *key, const char *host, const char *filename, int linenum) +hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, int linenum) { if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL) return 1; @@ -100,13 +199,13 @@ hostfile_check_key(int bits, Key *key, const char *host, const char *filename, i static HostStatus check_host_in_hostfile_by_key_or_type(const char *filename, - const char *host, Key *key, int keytype, Key *found, int *numret) + const char *host, const Key *key, int keytype, Key *found, int *numret) { FILE *f; char line[8192]; int linenum = 0; u_int kbits; - char *cp, *cp2; + char *cp, *cp2, *hashed_host; HostStatus end_return; debug3("check_host_in_hostfile: filename %s", filename); @@ -139,8 +238,18 @@ check_host_in_hostfile_by_key_or_type(const char *filename, ; /* Check if the host name matches. */ - if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) - continue; + if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) { + if (*cp != HASH_DELIM) + continue; + hashed_host = host_hash(host, cp, (u_int) (cp2 - cp)); + if (hashed_host == NULL) { + debug("Invalid hashed host line %d of %s", + linenum, filename); + continue; + } + if (strncmp(hashed_host, cp, (u_int) (cp2 - cp)) != 0) + continue; + } /* Got a match. Skip host name. */ cp = cp2; @@ -157,8 +266,10 @@ check_host_in_hostfile_by_key_or_type(const char *filename, if (key == NULL) { /* we found a key of the requested type */ - if (found->type == keytype) + if (found->type == keytype) { + fclose(f); return HOST_FOUND; + } continue; } @@ -190,7 +301,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename, } HostStatus -check_host_in_hostfile(const char *filename, const char *host, Key *key, +check_host_in_hostfile(const char *filename, const char *host, const Key *key, Key *found, int *numret) { if (key == NULL) @@ -213,16 +324,28 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host, */ int -add_host_to_hostfile(const char *filename, const char *host, Key *key) +add_host_to_hostfile(const char *filename, const char *host, const Key *key, + int store_hash) { FILE *f; int success = 0; + char *hashed_host = NULL; + if (key == NULL) return 1; /* XXX ? */ f = fopen(filename, "a"); if (!f) return 0; - fprintf(f, "%s ", host); + + if (store_hash) { + if ((hashed_host = host_hash(host, NULL, 0)) == NULL) { + error("add_host_to_hostfile: host_hash failed"); + fclose(f); + return 0; + } + } + fprintf(f, "%s ", store_hash ? hashed_host : host); + if (key_write(key, f)) { success = 1; } else { diff --git a/usr/src/cmd/ssh/libssh/common/key.c b/usr/src/cmd/ssh/libssh/common/key.c index 105fa6ee43..f648d3b640 100644 --- a/usr/src/cmd/ssh/libssh/common/key.c +++ b/usr/src/cmd/ssh/libssh/common/key.c @@ -148,7 +148,7 @@ key_free(Key *k) xfree(k); } int -key_equal(Key *a, Key *b) +key_equal(const Key *a, const Key *b) { if (a == NULL || b == NULL || a->type != b->type) return 0; @@ -492,7 +492,7 @@ key_read(Key *ret, char **cpp) } int -key_write(Key *key, FILE *f) +key_write(const Key *key, FILE *f) { int n, success = 0; u_int len, bits = 0; @@ -542,7 +542,7 @@ key_type(Key *k) } char * -key_ssh_name(Key *k) +key_ssh_name(const Key *k) { switch (k->type) { case KEY_RSA: @@ -746,7 +746,7 @@ key_from_blob(u_char *blob, int blen) } int -key_to_blob(Key *key, u_char **blobp, u_int *lenp) +key_to_blob(const Key *key, u_char **blobp, u_int *lenp) { Buffer b; int len; diff --git a/usr/src/cmd/ssh/libssh/common/readconf.c b/usr/src/cmd/ssh/libssh/common/readconf.c index 09afd7cca9..dda93df0cc 100644 --- a/usr/src/cmd/ssh/libssh/common/readconf.c +++ b/usr/src/cmd/ssh/libssh/common/readconf.c @@ -127,7 +127,7 @@ typedef enum { oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oFallBackToRsh, oUseRsh, oConnectTimeout, + oFallBackToRsh, oUseRsh, oConnectTimeout, oHashKnownHosts, oServerAliveInterval, oServerAliveCountMax, oDisableBanner, oDeprecated } OpCodes; @@ -219,6 +219,7 @@ static struct { { "serveraliveinterval", oServerAliveInterval }, { "serveralivecountmax", oServerAliveCountMax }, { "disablebanner", oDisableBanner }, + { "hashknownhosts", oHashKnownHosts }, { NULL, oBadOption } }; @@ -757,6 +758,10 @@ parse_int: intptr = &options->server_alive_count_max; goto parse_int; + case oHashKnownHosts: + intptr = &options->hash_known_hosts; + goto parse_flag; + case oDisableBanner: arg = strdelim(&s); if (get_yes_no_flag(&options->disable_banner, arg, filename, @@ -909,6 +914,7 @@ initialize_options(Options * options) options->use_rsh = -1; options->server_alive_interval = -1; options->server_alive_count_max = -1; + options->hash_known_hosts = -1; options->disable_banner = -1; } @@ -1050,6 +1056,8 @@ fill_default_options(Options * options) options->server_alive_interval = 0; if (options->server_alive_count_max == -1) options->server_alive_count_max = 3; + if (options->hash_known_hosts == -1) + options->hash_known_hosts = 0; if (options->disable_banner == -1) options->disable_banner = 0; /* options->proxy_command should not be set by default */ diff --git a/usr/src/cmd/ssh/libssh/common/uuencode.c b/usr/src/cmd/ssh/libssh/common/uuencode.c index 30547a0c3a..432f5c4369 100644 --- a/usr/src/cmd/ssh/libssh/common/uuencode.c +++ b/usr/src/cmd/ssh/libssh/common/uuencode.c @@ -52,7 +52,7 @@ uudecode(const char *src, u_char *target, size_t targsize) ; /* and remove trailing whitespace because __b64_pton needs this */ *p = '\0'; - len = __b64_pton(encoded, target, targsize); + len = __b64_pton((u_char *) encoded, target, targsize); xfree(encoded); return len; } diff --git a/usr/src/cmd/ssh/ssh-keygen/ssh-keygen.c b/usr/src/cmd/ssh/ssh-keygen/ssh-keygen.c index 57eb19d321..29b47a0ecd 100644 --- a/usr/src/cmd/ssh/ssh-keygen/ssh-keygen.c +++ b/usr/src/cmd/ssh/ssh-keygen/ssh-keygen.c @@ -1,8 +1,4 @@ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -/* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -15,11 +11,11 @@ * called by a name other than "ssh" or "Secure Shell". */ -#include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $"); +/* $OpenBSD: ssh-keygen.c,v 1.160 2007/01/21 01:41:54 stevesk Exp $ */ #pragma ident "%Z%%M% %I% %E% SMI" +#include "includes.h" #include <openssl/evp.h> #include <openssl/pem.h> @@ -35,13 +31,16 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $"); #include "readpass.h" #include "misc.h" #include <langinfo.h> +#include "match.h" +#include "hostfile.h" +#include "tildexpand.h" #ifdef SMARTCARD #include "scard.h" #endif -/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ -int bits = 1024; +/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ +u_int32_t bits = 1024; /* * Flag indicating that we just want to change the passphrase. This can be @@ -57,6 +56,13 @@ int change_comment = 0; int quiet = 0; +/* Flag indicating that we want to hash a known_hosts file */ +int hash_hosts = 0; +/* Flag indicating that we want to lookup a host in known_hosts file */ +int find_host = 0; +/* Flag indicating that we want to delete a host from a known_hosts file */ +int delete_host = 0; + /* Flag indicating that we just want to see the key fingerprint */ int print_fingerprint = 0; int print_bubblebabble = 0; @@ -98,7 +104,7 @@ ask_filename(struct passwd *pw, const char *prompt) if (key_type_name == NULL) name = _PATH_SSH_CLIENT_ID_RSA; - else + else { switch (key_type_from_name(key_type_name)) { case KEY_RSA1: name = _PATH_SSH_CLIENT_IDENTITY; @@ -110,20 +116,19 @@ ask_filename(struct passwd *pw, const char *prompt) name = _PATH_SSH_CLIENT_ID_RSA; break; default: - (void) fprintf(stderr, gettext("bad key type")); + fprintf(stderr, gettext("bad key type")); exit(1); break; } - - (void) snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); - (void) fprintf(stderr, "%s (%s): ", gettext(prompt), identity_file); - (void) fflush(stderr); + } + snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); + fprintf(stderr, "%s (%s): ", gettext(prompt), identity_file); if (fgets(buf, sizeof(buf), stdin) == NULL) exit(1); if (strchr(buf, '\n')) *strchr(buf, '\n') = 0; if (strcmp(buf, "") != 0) - (void) strlcpy(identity_file, buf, sizeof(identity_file)); + strlcpy(identity_file, buf, sizeof(identity_file)); have_identity = 1; } @@ -141,7 +146,7 @@ load_identity(char *filename) pass = read_passphrase(gettext("Enter passphrase: "), RP_ALLOW_STDIN); prv = key_load_private(filename, pass, NULL); - (void) memset(pass, 0, strlen(pass)); + memset(pass, 0, strlen(pass)); xfree(pass); } return prv; @@ -168,21 +173,21 @@ do_convert_to_ssh2(struct passwd *pw) } if ((k = key_load_public(identity_file, NULL)) == NULL) { if ((k = load_identity(identity_file)) == NULL) { - (void) fprintf(stderr, gettext("load failed\n")); + fprintf(stderr, gettext("load failed\n")); exit(1); } } if (key_to_blob(k, &blob, &len) <= 0) { - (void) fprintf(stderr, gettext("key_to_blob failed\n")); + fprintf(stderr, gettext("key_to_blob failed\n")); exit(1); } - (void) fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); - (void) fprintf(stdout, gettext( + fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); + fprintf(stdout, gettext( "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n"), key_size(k), key_type(k), pw->pw_name, hostname); dump_base64(stdout, blob, len); - (void) fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); + fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); key_free(k); xfree(blob); exit(0); @@ -191,13 +196,14 @@ do_convert_to_ssh2(struct passwd *pw) static void buffer_get_bignum_bits(Buffer *b, BIGNUM *value) { - int bits = buffer_get_int(b); - int bytes = (bits + 7) / 8; + u_int bignum_bits = buffer_get_int(b); + u_int bytes = (bignum_bits + 7) / 8; if (buffer_len(b) < bytes) fatal("buffer_get_bignum_bits: input buffer too small: " "need %d have %d", bytes, buffer_len(b)); - (void) BN_bin2bn(buffer_ptr(b), bytes, value); + if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL) + fatal("buffer_get_bignum_bits: BN_bin2bn failed"); buffer_consume(b, bytes); } @@ -227,7 +233,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) i2 = buffer_get_int(&b); i3 = buffer_get_int(&b); i4 = buffer_get_int(&b); - debug("ignore (%d %d %d %d)", i1,i2,i3,i4); + debug("ignore (%d %d %d %d)", i1, i2, i3, i4); if (strcmp(cipher, "none") != 0) { error("unsupported cipher %s", cipher); xfree(cipher); @@ -242,6 +248,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) } else if (strstr(type, "rsa")) { ktype = KEY_RSA; } else { + buffer_free(&b); xfree(type); return NULL; } @@ -287,19 +294,49 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) buffer_free(&b); /* try the key */ - (void) key_sign(key, &sig, &slen, data, sizeof(data)); + key_sign(key, &sig, &slen, data, sizeof(data)); key_verify(key, sig, slen, data, sizeof(data)); xfree(sig); return key; } +static int +get_line(FILE *fp, char *line, size_t len) +{ + int c; + size_t pos = 0; + + line[0] = '\0'; + while ((c = fgetc(fp)) != EOF) { + if (pos >= len - 1) { + fprintf(stderr, "input line too long.\n"); + exit(1); + } + switch (c) { + case '\r': + c = fgetc(fp); + if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) { + fprintf(stderr, "unget: %s\n", strerror(errno)); + exit(1); + } + return pos; + case '\n': + return pos; + } + line[pos++] = c; + line[pos] = '\0'; + } + /* We reached EOF */ + return -1; +} + static void do_convert_from_ssh2(struct passwd *pw) { Key *k; int blen; u_int len; - char line[1024], *p; + char line[1024]; u_char blob[8096]; char encoded[8096]; struct stat st; @@ -318,12 +355,8 @@ do_convert_from_ssh2(struct passwd *pw) exit(1); } encoded[0] = '\0'; - while (fgets(line, sizeof(line), fp)) { - if (!(p = strchr(line, '\n'))) { - (void) fprintf(stderr, gettext("input line too long.\n")); - exit(1); - } - if (p > line && p[-1] == '\\') + while ((blen = get_line(fp, line, sizeof(line))) != -1) { + if (line[blen - 1] == '\\') escaped++; if (strncmp(line, "----", 4) == 0 || strstr(line, ": ") != NULL) { @@ -340,8 +373,7 @@ do_convert_from_ssh2(struct passwd *pw) /* fprintf(stderr, "escaped: %s", line); */ continue; } - *p = '\0'; - (void) strlcat(encoded, line, sizeof(encoded)); + strlcat(encoded, line, sizeof(encoded)); } len = strlen(encoded); if (((len % 4) == 3) && @@ -351,14 +383,14 @@ do_convert_from_ssh2(struct passwd *pw) encoded[len-3] = '\0'; blen = uudecode(encoded, blob, sizeof(blob)); if (blen < 0) { - (void) fprintf(stderr, gettext("uudecode failed.\n")); + fprintf(stderr, gettext("uudecode failed.\n")); exit(1); } k = private ? do_convert_private_ssh2_from_blob(blob, blen) : key_from_blob(blob, blen); if (k == NULL) { - (void) fprintf(stderr, gettext("decode blob failed.\n")); + fprintf(stderr, gettext("decode blob failed.\n")); exit(1); } ok = private ? @@ -367,13 +399,13 @@ do_convert_from_ssh2(struct passwd *pw) PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) : key_write(k, stdout); if (!ok) { - (void) fprintf(stderr, gettext("key write failed")); + fprintf(stderr, gettext("key write failed")); exit(1); } key_free(k); if (!private) - (void) fprintf(stdout, "\n"); - (void) fclose(fp); + fprintf(stdout, "\n"); + fclose(fp); exit(0); } @@ -391,13 +423,13 @@ do_print_public(struct passwd *pw) } prv = load_identity(identity_file); if (prv == NULL) { - (void) fprintf(stderr, gettext("load failed\n")); + fprintf(stderr, gettext("load failed\n")); exit(1); } if (!key_write(prv, stdout)) - (void) fprintf(stderr, gettext("key_write failed")); + fprintf(stderr, gettext("key_write failed")); key_free(prv); - (void) fprintf(stdout, "\n"); + fprintf(stdout, "\n"); exit(0); } @@ -440,7 +472,7 @@ do_download(struct passwd *pw, const char *sc_reader_id) for (i = 0; keys[i]; i++) { key_write(keys[i], stdout); key_free(keys[i]); - (void) fprintf(stdout, "\n"); + fprintf(stdout, "\n"); } xfree(keys); exit(0); @@ -470,14 +502,16 @@ do_fingerprint(struct passwd *pw) public = key_load_public(identity_file, &comment); if (public != NULL) { fp = key_fingerprint(public, fptype, rep); - (void) printf("%u %s %s\n", key_size(public), fp, comment); + printf("%u %s %s\n", key_size(public), fp, comment); key_free(public); xfree(comment); xfree(fp); exit(0); } - if (comment) + if (comment) { xfree(comment); + comment = NULL; + } f = fopen(identity_file, "r"); if (f != NULL) { @@ -499,7 +533,7 @@ do_fingerprint(struct passwd *pw) for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; if (!*cp || *cp == '\n' || *cp == '#') - continue ; + continue; i = strtol(cp, &ep, 10); if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { int quoted = 0; @@ -528,22 +562,217 @@ do_fingerprint(struct passwd *pw) } comment = *cp ? cp : comment; fp = key_fingerprint(public, fptype, rep); - (void) printf("%u %s %s\n", key_size(public), fp, + printf("%u %s %s\n", key_size(public), fp, comment ? comment : gettext("no comment")); xfree(fp); key_free(public); invalid = 0; } - (void) fclose(f); + fclose(f); } if (invalid) { - (void) printf(gettext("%s is not a public key file.\n"), + printf(gettext("%s is not a public key file.\n"), identity_file); exit(1); } exit(0); } +static void +print_host(FILE *f, const char *name, Key *public, int hash) +{ + if (hash && (name = host_hash(name, NULL, 0)) == NULL) + fatal("hash_host failed"); + fprintf(f, "%s ", name); + if (!key_write(public, f)) + fatal("key_write failed"); + fprintf(f, "\n"); +} + +static void +do_known_hosts(struct passwd *pw, const char *name) +{ + FILE *in, *out = stdout; + Key *public; + char *cp, *cp2, *kp, *kp2; + char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN]; + int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0; + + if (!have_identity) { + cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); + if (strlcpy(identity_file, cp, sizeof(identity_file)) >= + sizeof(identity_file)) + fatal("Specified known hosts path too long"); + xfree(cp); + have_identity = 1; + } + if ((in = fopen(identity_file, "r")) == NULL) + fatal("fopen: %s", strerror(errno)); + + /* + * Find hosts goes to stdout, hash and deletions happen in-place + * A corner case is ssh-keygen -HF foo, which should go to stdout + */ + if (!find_host && (hash_hosts || delete_host)) { + if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) || + strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) || + strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) || + strlcat(old, ".old", sizeof(old)) >= sizeof(old)) + fatal("known_hosts path too long"); + umask(077); + if ((c = mkstemp(tmp)) == -1) + fatal("mkstemp: %s", strerror(errno)); + if ((out = fdopen(c, "w")) == NULL) { + c = errno; + unlink(tmp); + fatal("fdopen: %s", strerror(c)); + } + inplace = 1; + } + + while (fgets(line, sizeof(line), in)) { + num++; + i = strlen(line) - 1; + if (line[i] != '\n') { + error("line %d too long: %.40s...", num, line); + skip = 1; + invalid = 1; + continue; + } + if (skip) { + skip = 0; + continue; + } + line[i] = '\0'; + + /* Skip leading whitespace, empty and comment lines. */ + for (cp = line; *cp == ' ' || *cp == '\t'; cp++) + ; + if (!*cp || *cp == '\n' || *cp == '#') { + if (inplace) + fprintf(out, "%s\n", cp); + continue; + } + /* Find the end of the host name portion. */ + for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++) + ; + if (*kp == '\0' || *(kp + 1) == '\0') { + error("line %d missing key: %.40s...", + num, line); + invalid = 1; + continue; + } + *kp++ = '\0'; + kp2 = kp; + + public = key_new(KEY_RSA1); + if (key_read(public, &kp) != 1) { + kp = kp2; + key_free(public); + public = key_new(KEY_UNSPEC); + if (key_read(public, &kp) != 1) { + error("line %d invalid key: %.40s...", + num, line); + key_free(public); + invalid = 1; + continue; + } + } + + if (*cp == HASH_DELIM) { + if (find_host || delete_host) { + cp2 = host_hash(name, cp, strlen(cp)); + if (cp2 == NULL) { + error("line %d: invalid hashed " + "name: %.64s...", num, line); + invalid = 1; + continue; + } + c = (strcmp(cp2, cp) == 0); + if (find_host && c) { + printf(gettext("# Host %s found: " + "line %d type %s\n"), name, + num, key_type(public)); + print_host(out, cp, public, 0); + } + if (delete_host && !c) + print_host(out, cp, public, 0); + } else if (hash_hosts) + print_host(out, cp, public, 0); + } else { + if (find_host || delete_host) { + c = (match_hostname(name, cp, + strlen(cp)) == 1); + if (find_host && c) { + printf(gettext("# Host %s found: " + "line %d type %s\n"), name, + num, key_type(public)); + print_host(out, name, public, hash_hosts); + } + if (delete_host && !c) + print_host(out, cp, public, 0); + } else if (hash_hosts) { + for (cp2 = strsep(&cp, ","); + cp2 != NULL && *cp2 != '\0'; + cp2 = strsep(&cp, ",")) { + if (strcspn(cp2, "*?!") != strlen(cp2)) + fprintf(stderr, gettext("Warning: " + "ignoring host name with " + "metacharacters: %.64s\n"), + cp2); + else + print_host(out, cp2, public, 1); + } + has_unhashed = 1; + } + } + key_free(public); + } + fclose(in); + + if (invalid) { + fprintf(stderr, gettext("%s is not a valid known_host file.\n"), + identity_file); + if (inplace) { + fprintf(stderr, gettext("Not replacing existing known_hosts " + "file because of errors\n")); + fclose(out); + unlink(tmp); + } + exit(1); + } + + if (inplace) { + fclose(out); + + /* Backup existing file */ + if (unlink(old) == -1 && errno != ENOENT) + fatal("unlink %.100s: %s", old, strerror(errno)); + if (link(identity_file, old) == -1) + fatal("link %.100s to %.100s: %s", identity_file, old, + strerror(errno)); + /* Move new one into place */ + if (rename(tmp, identity_file) == -1) { + error("rename\"%s\" to \"%s\": %s", tmp, identity_file, + strerror(errno)); + unlink(tmp); + unlink(old); + exit(1); + } + + fprintf(stderr, gettext("%s updated.\n"), identity_file); + fprintf(stderr, gettext("Original contents retained as %s\n"), old); + if (has_unhashed) { + fprintf(stderr, gettext("WARNING: %s contains unhashed " + "entries\n"), old); + fprintf(stderr, gettext("Delete this file to ensure privacy " + "of hostnames\n")); + } + } + + exit(0); +} + /* * Perform changing a passphrase. The argument is the passwd structure * for the current user. @@ -573,14 +802,14 @@ do_change_passphrase(struct passwd *pw) RP_ALLOW_STDIN); private = key_load_private(identity_file, old_passphrase, &comment); - (void) memset(old_passphrase, 0, strlen(old_passphrase)); + memset(old_passphrase, 0, strlen(old_passphrase)); xfree(old_passphrase); if (private == NULL) { - (void) printf(gettext("Bad passphrase.\n")); + printf(gettext("Bad passphrase.\n")); exit(1); } } - (void) printf(gettext("Key has comment '%s'\n"), comment); + printf(gettext("Key has comment '%s'\n"), comment); /* Ask the new passphrase (twice). */ if (identity_new_passphrase) { @@ -595,36 +824,36 @@ do_change_passphrase(struct passwd *pw) /* Verify that they are the same. */ if (strcmp(passphrase1, passphrase2) != 0) { - (void) memset(passphrase1, 0, strlen(passphrase1)); - (void) memset(passphrase2, 0, strlen(passphrase2)); + memset(passphrase1, 0, strlen(passphrase1)); + memset(passphrase2, 0, strlen(passphrase2)); xfree(passphrase1); xfree(passphrase2); - (void) printf(gettext("Pass phrases do not match. Try " - "again.\n")); + printf(gettext("Pass phrases do not match. Try " + "again.\n")); exit(1); } /* Destroy the other copy. */ - (void) memset(passphrase2, 0, strlen(passphrase2)); + memset(passphrase2, 0, strlen(passphrase2)); xfree(passphrase2); } /* Save the file using the new passphrase. */ if (!key_save_private(private, identity_file, passphrase1, comment)) { - (void) printf(gettext("Saving the key failed: %s.\n"), identity_file); - (void) memset(passphrase1, 0, strlen(passphrase1)); + printf(gettext("Saving the key failed: %s.\n"), identity_file); + memset(passphrase1, 0, strlen(passphrase1)); xfree(passphrase1); key_free(private); xfree(comment); exit(1); } /* Destroy the passphrase and the copy of the key in memory. */ - (void) memset(passphrase1, 0, strlen(passphrase1)); + memset(passphrase1, 0, strlen(passphrase1)); xfree(passphrase1); key_free(private); /* Destroys contents */ xfree(comment); - (void) printf(gettext("Your identification has been saved with the new " - "passphrase.\n")); + printf(gettext("Your identification has been saved with the new " + "passphrase.\n")); exit(0); } @@ -656,33 +885,33 @@ do_change_comment(struct passwd *pw) else passphrase = read_passphrase(gettext("Enter passphrase: "), - RP_ALLOW_STDIN); + RP_ALLOW_STDIN); /* Try to load using the passphrase. */ private = key_load_private(identity_file, passphrase, &comment); if (private == NULL) { - (void) memset(passphrase, 0, strlen(passphrase)); + memset(passphrase, 0, strlen(passphrase)); xfree(passphrase); - (void) printf(gettext("Bad passphrase.\n")); + printf(gettext("Bad passphrase.\n")); exit(1); } } else { passphrase = xstrdup(""); } if (private->type != KEY_RSA1) { - (void) fprintf(stderr, gettext("Comments are only supported for " - "RSA1 keys.\n")); + fprintf(stderr, gettext("Comments are only supported for " + "RSA1 keys.\n")); key_free(private); exit(1); } - (void) printf(gettext("Key now has comment '%s'\n"), comment); + printf(gettext("Key now has comment '%s'\n"), comment); if (identity_comment) { - (void) strlcpy(new_comment, identity_comment, sizeof(new_comment)); + strlcpy(new_comment, identity_comment, sizeof(new_comment)); } else { - (void) printf(gettext("Enter new comment: ")); - (void) fflush(stdout); + printf(gettext("Enter new comment: ")); + fflush(stdout); if (!fgets(new_comment, sizeof(new_comment), stdin)) { - (void) memset(passphrase, 0, strlen(passphrase)); + memset(passphrase, 0, strlen(passphrase)); key_free(private); exit(1); } @@ -692,66 +921,71 @@ do_change_comment(struct passwd *pw) /* Save the file using the new passphrase. */ if (!key_save_private(private, identity_file, passphrase, new_comment)) { - (void) printf(gettext("Saving the key failed: %s.\n"), identity_file); - (void) memset(passphrase, 0, strlen(passphrase)); + printf(gettext("Saving the key failed: %s.\n"), identity_file); + memset(passphrase, 0, strlen(passphrase)); xfree(passphrase); key_free(private); xfree(comment); exit(1); } - (void) memset(passphrase, 0, strlen(passphrase)); + memset(passphrase, 0, strlen(passphrase)); xfree(passphrase); public = key_from_private(private); key_free(private); - (void) strlcat(identity_file, ".pub", sizeof(identity_file)); + strlcat(identity_file, ".pub", sizeof(identity_file)); fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (fd == -1) { - (void) printf(gettext("Could not save your public key in %s\n"), - identity_file); + printf(gettext("Could not save your public key in %s\n"), + identity_file); exit(1); } f = fdopen(fd, "w"); if (f == NULL) { - (void) printf(gettext("fdopen %s failed"), identity_file); + printf(gettext("fdopen %s failed"), identity_file); exit(1); } if (!key_write(public, f)) - (void) fprintf(stderr, gettext("write key failed")); + fprintf(stderr, gettext("write key failed")); key_free(public); - (void) fprintf(f, " %s\n", new_comment); - (void) fclose(f); + fprintf(f, " %s\n", new_comment); + fclose(f); xfree(comment); - (void) printf(gettext("The comment in your key file has been changed.\n")); + printf(gettext("The comment in your key file has been changed.\n")); exit(0); } static void usage(void) { - (void) fprintf(stderr, gettext( + fprintf(stderr, gettext( "Usage: %s [options]\n" "Options:\n" " -b bits Number of bits in the key to create.\n" + " -B Show bubblebabble digest of key file.\n" " -c Change comment in private and public key files.\n" + " -C comment Provide new comment.\n" +#ifdef SMARTCARD + " -D reader Download public key from smartcard.\n" +#endif /* SMARTCARD */ " -e Convert OpenSSH to IETF SECSH key file.\n" " -f filename Filename of the key file.\n" + " -F hostname Find hostname in known hosts file.\n" + " -H Hash names in known_hosts file.\n" " -i Convert IETF SECSH to OpenSSH key file.\n" " -l Show fingerprint of key file.\n" + " -N phrase Provide new passphrase.\n" " -p Change passphrase of private key file.\n" + " -P phrase Provide old passphrase.\n" " -q Quiet.\n" - " -y Read private key file and print public key.\n" + " -R hostname Remove host from known_hosts file.\n" " -t type Specify type of key to create.\n" - " -B Show bubblebabble digest of key file.\n" - " -C comment Provide new comment.\n" - " -N phrase Provide new passphrase.\n" - " -P phrase Provide old passphrase.\n" #ifdef SMARTCARD - " -D reader Download public key from smartcard.\n" " -U reader Upload private key to smartcard.\n" #endif /* SMARTCARD */ + " -y Read private key file and print public key.\n" ), __progname); exit(1); @@ -761,10 +995,11 @@ usage(void) * Main program for key management. */ int -main(int ac, char **av) +main(int argc, char **argv) { char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; char *reader_id = NULL; + char *rr_hostname = NULL; Key *private, *public; struct passwd *pw; struct stat st; @@ -777,9 +1012,12 @@ main(int ac, char **av) extern int optind; extern char *optarg; - __progname = get_progname(av[0]); + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); - (void) g11n_setlocale(LC_ALL, ""); + __progname = get_progname(argv[0]); + + g11n_setlocale(LC_ALL, ""); SSLeay_add_all_algorithms(); init_rng(); @@ -788,7 +1026,7 @@ main(int ac, char **av) /* we need this for the home * directory. */ pw = getpwuid(getuid()); if (!pw) { - (void) printf(gettext("You don't exist, go away!\n")); + printf(gettext("You don't exist, go away!\n")); exit(1); } if (gethostname(hostname, sizeof(hostname)) < 0) { @@ -797,19 +1035,30 @@ main(int ac, char **av) } #ifdef SMARTCARD -#define GETOPT_ARGS "deiqpclBRxXyb:f:t:U:D:P:N:C:" +#define GETOPT_ARGS "deiqpclBHRxXyb:f:F:t:U:D:P:N:C:" #else -#define GETOPT_ARGS "deiqpclBRxXyb:f:t:P:N:C:" +#define GETOPT_ARGS "BcdeHilpqxXyb:C:f:F:N:P:R:t:" #endif /* SMARTCARD */ - while ((opt = getopt(ac, av, GETOPT_ARGS)) != -1) { + while ((opt = getopt(argc, argv, GETOPT_ARGS)) != -1) { switch (opt) { case 'b': bits = atoi(optarg); if (bits < 512 || bits > 32768) { - (void) printf(gettext("Bits has bad value.\n")); + printf(gettext("Bits has bad value.\n")); exit(1); } break; + case 'F': + find_host = 1; + rr_hostname = optarg; + break; + case 'H': + hash_hosts = 1; + break; + case 'R': + delete_host = 1; + rr_hostname = optarg; + break; case 'l': print_fingerprint = 1; break; @@ -823,7 +1072,7 @@ main(int ac, char **av) change_comment = 1; break; case 'f': - (void) strlcpy(identity_file, optarg, sizeof(identity_file)); + strlcpy(identity_file, optarg, sizeof(identity_file)); have_identity = 1; break; case 'P': @@ -838,10 +1087,6 @@ main(int ac, char **av) case 'q': quiet = 1; break; - case 'R': - /* unused */ - exit(0); - break; case 'e': case 'x': /* export key */ @@ -873,14 +1118,16 @@ main(int ac, char **av) usage(); } } - if (optind < ac) { - (void) printf(gettext("Too many arguments.\n")); + if (optind < argc) { + printf(gettext("Too many arguments.\n")); usage(); } if (change_passphrase && change_comment) { - (void) printf(gettext("Can only have one of -p and -c.\n")); + printf(gettext("Can only have one of -p and -c.\n")); usage(); } + if (delete_host || hash_hosts || find_host) + do_known_hosts(pw, rr_hostname); if (print_fingerprint || print_bubblebabble) do_fingerprint(pw); if (change_passphrase) @@ -907,21 +1154,21 @@ main(int ac, char **av) arc4random_stir(); if (key_type_name == NULL) { - (void) printf(gettext("You must specify a key type (-t).\n")); + printf(gettext("You must specify a key type (-t).\n")); usage(); } type = key_type_from_name(key_type_name); if (type == KEY_UNSPEC) { - (void) fprintf(stderr, gettext("unknown key type %s\n"), - key_type_name); + fprintf(stderr, gettext("unknown key type %s\n"), + key_type_name); exit(1); } if (!quiet) - (void) printf(gettext("Generating public/private %s key pair.\n"), - key_type_name); + printf(gettext("Generating public/private %s key pair.\n"), + key_type_name); private = key_generate(type, bits); if (private == NULL) { - (void) fprintf(stderr, gettext("key_generate failed")); + fprintf(stderr, gettext("key_generate failed")); exit(1); } public = key_from_private(private); @@ -929,22 +1176,22 @@ main(int ac, char **av) if (!have_identity) ask_filename(pw, gettext("Enter file in which to save the key")); - /* Create ~/.ssh directory if it doesn\'t already exist. */ - (void) snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); + /* Create ~/.ssh directory if it doesn't already exist. */ + snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); if (strstr(identity_file, dotsshdir) != NULL && stat(dotsshdir, &st) < 0) { if (mkdir(dotsshdir, 0700) < 0) error("Could not create directory '%s'.", dotsshdir); else if (!quiet) - (void) printf(gettext("Created directory '%s'.\n"), dotsshdir); + printf(gettext("Created directory '%s'.\n"), dotsshdir); } /* If the file already exists, ask the user to confirm. */ if (stat(identity_file, &st) >= 0) { char yesno[128]; - (void) printf(gettext("%s already exists.\n"), identity_file); - (void) printf(gettext("Overwrite (%s/%s)? "), - nl_langinfo(YESSTR), nl_langinfo(NOSTR)); - (void) fflush(stdout); + printf(gettext("%s already exists.\n"), identity_file); + printf(gettext("Overwrite (%s/%s)? "), + nl_langinfo(YESSTR), nl_langinfo(NOSTR)); + fflush(stdout); if (fgets(yesno, sizeof(yesno), stdin) == NULL) exit(1); if (strcasecmp(chop(yesno), nl_langinfo(YESSTR)) != 0) @@ -967,35 +1214,35 @@ passphrase_again: * The passphrases do not match. Clear them and * retry. */ - (void) memset(passphrase1, 0, strlen(passphrase1)); - (void) memset(passphrase2, 0, strlen(passphrase2)); + memset(passphrase1, 0, strlen(passphrase1)); + memset(passphrase2, 0, strlen(passphrase2)); xfree(passphrase1); xfree(passphrase2); - (void) printf(gettext("Passphrases do not match. Try " - "again.\n")); + printf(gettext("Passphrases do not match. Try " + "again.\n")); goto passphrase_again; } /* Clear the other copy of the passphrase. */ - (void) memset(passphrase2, 0, strlen(passphrase2)); + memset(passphrase2, 0, strlen(passphrase2)); xfree(passphrase2); } if (identity_comment) { - (void) strlcpy(comment, identity_comment, sizeof(comment)); + strlcpy(comment, identity_comment, sizeof(comment)); } else { /* Create default commend field for the passphrase. */ - (void) snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); + snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); } /* Save the key with the given passphrase and comment. */ if (!key_save_private(private, identity_file, passphrase1, comment)) { - (void) printf(gettext("Saving the key failed: %s.\n"), identity_file); - (void) memset(passphrase1, 0, strlen(passphrase1)); + printf(gettext("Saving the key failed: %s.\n"), identity_file); + memset(passphrase1, 0, strlen(passphrase1)); xfree(passphrase1); exit(1); } /* Clear the passphrase. */ - (void) memset(passphrase1, 0, strlen(passphrase1)); + memset(passphrase1, 0, strlen(passphrase1)); xfree(passphrase1); /* Clear the private key and the random number generator. */ @@ -1003,32 +1250,32 @@ passphrase_again: arc4random_stir(); if (!quiet) - (void) printf(gettext("Your identification has been saved in %s.\n"), - identity_file); + printf(gettext("Your identification has been saved in %s.\n"), + identity_file); - (void) strlcat(identity_file, ".pub", sizeof(identity_file)); + strlcat(identity_file, ".pub", sizeof(identity_file)); fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (fd == -1) { - (void) printf(gettext("Could not save your public key in %s\n"), - identity_file); + printf(gettext("Could not save your public key in %s\n"), + identity_file); exit(1); } f = fdopen(fd, "w"); if (f == NULL) { - (void) printf(gettext("fdopen %s failed"), identity_file); + printf(gettext("fdopen %s failed"), identity_file); exit(1); } if (!key_write(public, f)) - (void) fprintf(stderr, gettext("write key failed")); - (void) fprintf(f, " %s\n", comment); - (void) fclose(f); + fprintf(stderr, gettext("write key failed")); + fprintf(f, " %s\n", comment); + fclose(f); if (!quiet) { char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); - (void) printf(gettext("Your public key has been saved in %s.\n"), + printf(gettext("Your public key has been saved in %s.\n"), identity_file); - (void) printf(gettext("The key fingerprint is:\n")); - (void) printf("%s %s\n", fp, comment); + printf(gettext("The key fingerprint is:\n")); + printf("%s %s\n", fp, comment); xfree(fp); } diff --git a/usr/src/cmd/ssh/ssh.po b/usr/src/cmd/ssh/ssh.po index 0bb056d810..7c7b4f1a15 100644 --- a/usr/src/cmd/ssh/ssh.po +++ b/usr/src/cmd/ssh/ssh.po @@ -2,7 +2,7 @@ # Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # -#pragma ident "%Z%%M% %I% %E% SMI" +# ident "%Z%%M% %I% %E% SMI" # # @@ -439,12 +439,12 @@ msgstr "" # File: auth2-pubkey.c, line: 130 # File: auth2-pubkey.c, line: 163 # File: auth2.c, line: 139 -# File: clientloop.c, line: 1294 -# File: clientloop.c, line: 1304 -# File: clientloop.c, line: 1313 -# File: clientloop.c, line: 1340 -# File: clientloop.c, line: 1380 -# File: clientloop.c, line: 1495 +# File: clientloop.c, line: 1292 +# File: clientloop.c, line: 1302 +# File: clientloop.c, line: 1311 +# File: clientloop.c, line: 1338 +# File: clientloop.c, line: 1378 +# File: clientloop.c, line: 1493 # File: serverloop.c, line: 1024 # File: serverloop.c, line: 1040 # File: serverloop.c, line: 1053 @@ -666,12 +666,12 @@ msgid "connect %.100s port %d: %.100s" msgstr "" # # File: ../common/channels.c, line: 2789 -# File: clientloop.c, line: 1403 +# File: clientloop.c, line: 1401 msgid "Warning: ssh server tried agent forwarding." msgstr "" # # File: ../common/channels.c, line: 2792 -# File: clientloop.c, line: 1369 +# File: clientloop.c, line: 1367 msgid "Warning: ssh server tried X11 forwarding." msgstr "" # @@ -681,8 +681,8 @@ msgid "deny_input_open: type %d" msgstr "" # # File: ../common/channels.c, line: 2798 -# File: clientloop.c, line: 1370 -# File: clientloop.c, line: 1404 +# File: clientloop.c, line: 1368 +# File: clientloop.c, line: 1402 msgid "" "Warning: this is probably a break in attempt by a malicious server." msgstr "" @@ -766,7 +766,7 @@ msgstr "" msgid "ssh_aes_ctr_iv: no context" msgstr "" # -# File: ../common/compat.c, line: 249 +# File: ../common/compat.c, line: 247 msgid "No available ciphers found." msgstr "" # @@ -883,11 +883,19 @@ msgstr "" msgid "ssh_msg_recv: read: %ld != msg_len" msgstr "" # -# File: ../common/hostfile.c, line: 203 +# File: ../common/hostfile.c, line: 141 +msgid "host_hash: __b64_ntop failed" +msgstr "" +# +# File: ../common/hostfile.c, line: 315 msgid "no key to look up" msgstr "" # -# File: ../common/hostfile.c, line: 236 +# File: ../common/hostfile.c, line: 350 +msgid "add_host_to_hostfile: host_hash failed" +msgstr "" +# +# File: ../common/hostfile.c, line: 360 #, c-format msgid "add_host_to_hostfile: saving key in %s failed" msgstr "" @@ -1375,15 +1383,15 @@ msgid "replacearg: tried to replace invalid arg %d >= %d" msgstr "" # # File: ../common/misc.c, line: 549 -# File: ../common/readconf.c, line: 466 -# File: ../common/readconf.c, line: 487 -# File: ../common/readconf.c, line: 547 -# File: ../common/readconf.c, line: 567 -# File: ../common/readconf.c, line: 579 -# File: ../common/readconf.c, line: 590 -# File: ../common/readconf.c, line: 601 -# File: ../common/readconf.c, line: 613 -# File: ../common/readconf.c, line: 695 +# File: ../common/readconf.c, line: 467 +# File: ../common/readconf.c, line: 488 +# File: ../common/readconf.c, line: 548 +# File: ../common/readconf.c, line: 568 +# File: ../common/readconf.c, line: 580 +# File: ../common/readconf.c, line: 591 +# File: ../common/readconf.c, line: 602 +# File: ../common/readconf.c, line: 614 +# File: ../common/readconf.c, line: 696 #, c-format msgid "%.200s line %d: Missing argument." msgstr "" @@ -2002,152 +2010,152 @@ msgstr "" msgid "%s: no fd" msgstr "" # -# File: ../common/readconf.c, line: 214 +# File: ../common/readconf.c, line: 215 msgid "Privileged ports can only be forwarded by root." msgstr "" # -# File: ../common/readconf.c, line: 217 +# File: ../common/readconf.c, line: 218 #, c-format msgid "Too many local forwards (max %d)." msgstr "" # -# File: ../common/readconf.c, line: 236 +# File: ../common/readconf.c, line: 237 #, c-format msgid "Too many remote forwards (max %d)." msgstr "" # -# File: ../common/readconf.c, line: 271 +# File: ../common/readconf.c, line: 272 # File: servconf.c, line: 482 #, c-format msgid "%s: line %d: Bad configuration option: %s" msgstr "" # -# File: ../common/readconf.c, line: 313 +# File: ../common/readconf.c, line: 314 # File: servconf.c, line: 587 #, c-format msgid "%s line %d: missing time value." msgstr "" # -# File: ../common/readconf.c, line: 316 +# File: ../common/readconf.c, line: 317 # File: servconf.c, line: 590 #, c-format msgid "%s line %d: invalid time value." msgstr "" # -# File: ../common/readconf.c, line: 327 +# File: ../common/readconf.c, line: 328 #, c-format msgid "%.200s line %d: Missing yes/no argument." msgstr "" # -# File: ../common/readconf.c, line: 334 +# File: ../common/readconf.c, line: 335 #, c-format msgid "%.200s line %d: Bad yes/no argument." msgstr "" # -# File: ../common/readconf.c, line: 428 +# File: ../common/readconf.c, line: 429 #, c-format msgid "%.200s line %d: Missing yes/no/ask argument." msgstr "" # -# File: ../common/readconf.c, line: 438 +# File: ../common/readconf.c, line: 439 #, c-format msgid "%.200s line %d: Bad yes/no/ask argument." msgstr "" # -# File: ../common/readconf.c, line: 470 +# File: ../common/readconf.c, line: 471 #, c-format msgid "%.200s line %d: Too many identity files specified (max %d)." msgstr "" # -# File: ../common/readconf.c, line: 549 -# File: ../common/readconf.c, line: 554 +# File: ../common/readconf.c, line: 550 +# File: ../common/readconf.c, line: 555 #, c-format msgid "%.200s line %d: Bad number." msgstr "" # -# File: ../common/readconf.c, line: 570 +# File: ../common/readconf.c, line: 571 #, c-format msgid "%.200s line %d: Bad cipher '%s'." msgstr "" # -# File: ../common/readconf.c, line: 581 +# File: ../common/readconf.c, line: 582 #, c-format msgid "%.200s line %d: Bad SSH2 cipher spec '%s'." msgstr "" # -# File: ../common/readconf.c, line: 592 +# File: ../common/readconf.c, line: 593 #, c-format msgid "%.200s line %d: Bad SSH2 Mac spec '%s'." msgstr "" # -# File: ../common/readconf.c, line: 603 +# File: ../common/readconf.c, line: 604 #, c-format msgid "%.200s line %d: Bad protocol 2 host key algorithms '%s'." msgstr "" # -# File: ../common/readconf.c, line: 616 +# File: ../common/readconf.c, line: 617 #, c-format msgid "%.200s line %d: Bad protocol spec '%s'." msgstr "" # -# File: ../common/readconf.c, line: 627 +# File: ../common/readconf.c, line: 628 # File: servconf.c, line: 826 #, c-format msgid "%.200s line %d: unsupported log level '%s'" msgstr "" # -# File: ../common/readconf.c, line: 637 -# File: ../common/readconf.c, line: 666 +# File: ../common/readconf.c, line: 638 +# File: ../common/readconf.c, line: 667 #, c-format msgid "%.200s line %d: Missing port argument." msgstr "" # -# File: ../common/readconf.c, line: 640 +# File: ../common/readconf.c, line: 641 #, c-format msgid "%.200s line %d: Bad listen port." msgstr "" # -# File: ../common/readconf.c, line: 644 +# File: ../common/readconf.c, line: 645 #, c-format msgid "%.200s line %d: Missing second argument." msgstr "" # -# File: ../common/readconf.c, line: 648 +# File: ../common/readconf.c, line: 649 #, c-format msgid "%.200s line %d: Bad forwarding specification." msgstr "" # -# File: ../common/readconf.c, line: 651 +# File: ../common/readconf.c, line: 652 #, c-format msgid "%.200s line %d: Bad forwarding port." msgstr "" # -# File: ../common/readconf.c, line: 670 +# File: ../common/readconf.c, line: 671 #, c-format msgid "%.200s line %d: Badly formatted port number." msgstr "" # -# File: ../common/readconf.c, line: 704 +# File: ../common/readconf.c, line: 705 #, c-format msgid "%.200s line %d: Bad escape character." msgstr "" # -# File: ../common/readconf.c, line: 730 +# File: ../common/readconf.c, line: 735 #, c-format msgid "%.200s line %d: Bad yes/no/in-exec-mode argument." msgstr "" # -# File: ../common/readconf.c, line: 740 +# File: ../common/readconf.c, line: 745 #, c-format msgid "process_config_line: Unimplemented opcode %d" msgstr "" # -# File: ../common/readconf.c, line: 745 +# File: ../common/readconf.c, line: 750 #, c-format msgid "%.200s line %d: garbage at end of line; \"%.200s\"." msgstr "" # -# File: ../common/readconf.c, line: 789 +# File: ../common/readconf.c, line: 794 # File: servconf.c, line: 1035 #, c-format msgid "%s: terminating, %d bad configuration options" @@ -2368,12 +2376,12 @@ msgstr "" msgid "Protocol error waiting for X11 forwarding" msgstr "" # -# File: clientloop.c, line: 1294 -# File: clientloop.c, line: 1304 -# File: clientloop.c, line: 1313 -# File: clientloop.c, line: 1340 -# File: clientloop.c, line: 1380 -# File: clientloop.c, line: 1495 +# File: clientloop.c, line: 1292 +# File: clientloop.c, line: 1302 +# File: clientloop.c, line: 1311 +# File: clientloop.c, line: 1338 +# File: clientloop.c, line: 1378 +# File: clientloop.c, line: 1493 # File: ssh.c, line: 929 # File: ssh.c, line: 977 # File: sshconnect1.c, line: 122 @@ -2550,26 +2558,26 @@ msgid "" "but keys of different type are already known for this host." msgstr "" # -# File: sshconnect.c, line: 792 +# File: sshconnect.c, line: 808 #, c-format msgid "Failed to add the host to the list of known hosts (%.500s)." msgstr "" # -# File: sshconnect.c, line: 795 +# File: sshconnect.c, line: 811 #, c-format msgid "" "Warning: Permanently added '%.200s' (%s) to the list of known hosts." msgstr "" # -# File: sshconnect.c, line: 800 -# File: sshconnect.c, line: 804 +# File: sshconnect.c, line: 816 +# File: sshconnect.c, line: 820 #, c-format msgid "" "Warning: The host key for host %s has changed; please update your " "known hosts file(s) (%s:%d)" msgstr "" # -# File: sshconnect.c, line: 820 +# File: sshconnect.c, line: 836 #, c-format msgid "" "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" @@ -2582,12 +2590,12 @@ msgid "" "and its host key have changed at the same time.\n" msgstr "" # -# File: sshconnect.c, line: 830 +# File: sshconnect.c, line: 846 #, c-format msgid "Offending key for IP in %s:%d" msgstr "" # -# File: sshconnect.c, line: 834 +# File: sshconnect.c, line: 850 #, c-format msgid "" "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" @@ -2604,36 +2612,36 @@ msgid "" "Offending key in %s:%d\n" msgstr "" # -# File: sshconnect.c, line: 853 +# File: sshconnect.c, line: 869 #, c-format msgid "" "%s host key for %.200s has changed and you have requested strict " "checking." msgstr "" # -# File: sshconnect.c, line: 865 +# File: sshconnect.c, line: 881 msgid "" "Password authentication is disabled to avoid man-in-the-middle " "attacks." msgstr "" # -# File: sshconnect.c, line: 870 +# File: sshconnect.c, line: 886 msgid "Agent forwarding is disabled to avoid man-in-the-middle attacks." msgstr "" # -# File: sshconnect.c, line: 875 +# File: sshconnect.c, line: 891 msgid "X11 forwarding is disabled to avoid man-in-the-middle attacks." msgstr "" # -# File: sshconnect.c, line: 881 +# File: sshconnect.c, line: 897 msgid "Port forwarding is disabled to avoid man-in-the-middle attacks." msgstr "" # -# File: sshconnect.c, line: 896 +# File: sshconnect.c, line: 912 msgid "internal error" msgstr "" # -# File: sshconnect.c, line: 903 +# File: sshconnect.c, line: 919 #, c-format msgid "" "Warning: the %s host key for '%.200s' differs from the key for the IP " @@ -2641,18 +2649,18 @@ msgid "" "Offending key for IP in %s:%d" msgstr "" # -# File: sshconnect.c, line: 915 +# File: sshconnect.c, line: 931 msgid "Exiting, you have requested strict checking." msgstr "" # -# File: sshconnect.c, line: 920 +# File: sshconnect.c, line: 936 #, c-format msgid "" "\n" "Are you sure you want to continue connecting (%s/%s)" msgstr "" # -# File: sshconnect.c, line: 1040 +# File: sshconnect.c, line: 1056 #, c-format msgid "" "WARNING: %s key found for host %s\n" @@ -3064,35 +3072,35 @@ msgstr "" msgid "client_channel_closed: id %d != session_ident %d" msgstr "" # -# File: clientloop.c, line: 1228 +# File: clientloop.c, line: 1226 #, c-format msgid "Killed by signal %d." msgstr "" # -# File: clientloop.c, line: 1238 +# File: clientloop.c, line: 1236 #, c-format msgid "Connection to %.64s closed.\r\n" msgstr "" # -# File: clientloop.c, line: 1248 +# File: clientloop.c, line: 1246 msgid "Write failed flushing stdout buffer." msgstr "" # -# File: clientloop.c, line: 1260 +# File: clientloop.c, line: 1258 msgid "Write failed flushing stderr buffer." msgstr "" # -# File: clientloop.c, line: 1484 +# File: clientloop.c, line: 1482 #, c-format msgid "client_input_channel_req: no channel %d" msgstr "" # -# File: clientloop.c, line: 1486 +# File: clientloop.c, line: 1484 #, c-format msgid "client_input_channel_req: channel %d: wrong channel: %d" msgstr "" # -# File: clientloop.c, line: 1491 +# File: clientloop.c, line: 1489 #, c-format msgid "client_input_channel_req: channel %d: unknown channel" msgstr "" @@ -3652,6 +3660,16 @@ msgstr "" msgid "login_init_entry: Cannot find user \"%s\"" msgstr "" # +# File: loginrec.c, line: 979 +#, c-format +msgid "%s: Error reading from %s: %s" +msgstr "" +# +# File: loginrec.c, line: 983 +#, c-format +msgid "%s: Error reading from %s: Expecting %d, got %d" +msgstr "" +# # File: monitor.c, line: 296 #, c-format msgid "%s: unexpected authentication from %d" @@ -4529,7 +4547,8 @@ msgid "Could not add identity: %s\n" msgstr "" # # File: ssh-add.c, line: 221 -# File: ssh-keygen.c, line: 393 +# File: ssh-keygen.c, line: 425 +# File: ssh-keygen.c, line: 539 msgid "key_write failed" msgstr "" # @@ -4688,263 +4707,362 @@ msgstr "" msgid "select: %s" msgstr "" # -# File: ssh-keygen.c, line: 111 +# File: ssh-keygen.c, line: 117 msgid "bad key type" msgstr "" # -# File: ssh-keygen.c, line: 139 -# File: ssh-keygen.c, line: 611 +# File: ssh-keygen.c, line: 144 +# File: ssh-keygen.c, line: 841 msgid "Enter passphrase: " msgstr "" # -# File: ssh-keygen.c, line: 159 -# File: ssh-keygen.c, line: 305 -# File: ssh-keygen.c, line: 382 -# File: ssh-keygen.c, line: 416 -# File: ssh-keygen.c, line: 512 -# File: ssh-keygen.c, line: 598 +# File: ssh-keygen.c, line: 164 +# File: ssh-keygen.c, line: 342 +# File: ssh-keygen.c, line: 414 +# File: ssh-keygen.c, line: 448 +# File: ssh-keygen.c, line: 742 +# File: ssh-keygen.c, line: 828 msgid "Enter file in which the key is" msgstr "" # -# File: ssh-keygen.c, line: 166 -# File: ssh-keygen.c, line: 389 +# File: ssh-keygen.c, line: 171 +# File: ssh-keygen.c, line: 421 msgid "load failed\n" msgstr "" # -# File: ssh-keygen.c, line: 171 +# File: ssh-keygen.c, line: 176 msgid "key_to_blob failed\n" msgstr "" # -# File: ssh-keygen.c, line: 176 +# File: ssh-keygen.c, line: 181 #, c-format msgid "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n" msgstr "" # -# File: ssh-keygen.c, line: 193 +# File: ssh-keygen.c, line: 198 #, c-format msgid "buffer_get_bignum_bits: input buffer too small: need %d have %d" msgstr "" # -# File: ssh-keygen.c, line: 215 +# File: ssh-keygen.c, line: 201 +msgid "buffer_get_bignum_bits: BN_bin2bn failed" +msgstr "" +# +# File: ssh-keygen.c, line: 221 #, c-format msgid "bad magic 0x%x != 0x%x" msgstr "" # -# File: ssh-keygen.c, line: 227 +# File: ssh-keygen.c, line: 233 #, c-format msgid "unsupported cipher %s" msgstr "" # -# File: ssh-keygen.c, line: 280 +# File: ssh-keygen.c, line: 287 #, c-format msgid "" "do_convert_private_ssh2_from_blob: remaining bytes in key blob %d" msgstr "" # -# File: ssh-keygen.c, line: 318 -msgid "input line too long.\n" -msgstr "" -# -# File: ssh-keygen.c, line: 349 +# File: ssh-keygen.c, line: 381 msgid "uudecode failed.\n" msgstr "" # -# File: ssh-keygen.c, line: 356 +# File: ssh-keygen.c, line: 388 msgid "decode blob failed.\n" msgstr "" # -# File: ssh-keygen.c, line: 365 +# File: ssh-keygen.c, line: 397 msgid "key write failed" msgstr "" # -# File: ssh-keygen.c, line: 438 +# File: ssh-keygen.c, line: 472 +# File: ssh-keygen.c, line: 589 #, c-format msgid "line %d too long: %.40s..." msgstr "" # -# File: ssh-keygen.c, line: 483 +# File: ssh-keygen.c, line: 517 msgid "no comment" msgstr "" # -# File: ssh-keygen.c, line: 491 +# File: ssh-keygen.c, line: 525 #, c-format msgid "%s is not a public key file.\n" msgstr "" # -# File: ssh-keygen.c, line: 524 +# File: ssh-keygen.c, line: 536 +msgid "hash_host failed" +msgstr "" +# +# File: ssh-keygen.c, line: 556 +msgid "Specified known hosts path too long" +msgstr "" +# +# File: ssh-keygen.c, line: 561 +#, c-format +msgid "fopen: %s" +msgstr "" +# +# File: ssh-keygen.c, line: 573 +msgid "known_hosts path too long" +msgstr "" +# +# File: ssh-keygen.c, line: 576 +#, c-format +msgid "mkstemp: %s" +msgstr "" +# +# File: ssh-keygen.c, line: 580 +#, c-format +msgid "fdopen: %s" +msgstr "" +# +# File: ssh-keygen.c, line: 612 +#, c-format +msgid "line %d missing key: %.40s..." +msgstr "" +# +# File: ssh-keygen.c, line: 626 +#, c-format +msgid "line %d invalid key: %.40s..." +msgstr "" +# +# File: ssh-keygen.c, line: 638 +#, c-format +msgid "line %d: invalid hashed name: %.64s..." +msgstr "" +# +# File: ssh-keygen.c, line: 659 +#, c-format +msgid "# Host %s found: line %d type %s\n" +msgstr "" +# +# File: ssh-keygen.c, line: 671 +#, c-format +msgid "Warning: ignoring host name with metacharacters: %.64s\n" +msgstr "" +# +# File: ssh-keygen.c, line: 686 +#, c-format +msgid "%s is not a valid known_host file.\n" +msgstr "" +# +# File: ssh-keygen.c, line: 689 +msgid "Not replacing existing known_hosts file because of errors\n" +msgstr "" +# +# File: ssh-keygen.c, line: 702 +#, c-format +msgid "unlink %.100s: %s" +msgstr "" +# +# File: ssh-keygen.c, line: 704 +#, c-format +msgid "link %.100s to %.100s: %s" +msgstr "" +# +# File: ssh-keygen.c, line: 708 +#, c-format +msgid "rename\"%s\" to \"%s\": %s" +msgstr "" +# +# File: ssh-keygen.c, line: 715 +#, c-format +msgid "%s updated.\n" +msgstr "" +# +# File: ssh-keygen.c, line: 716 +#, c-format +msgid "Original contents retained as %s\n" +msgstr "" +# +# File: ssh-keygen.c, line: 718 +#, c-format +msgid "WARNING: %s contains unhashed entries\n" +msgstr "" +# +# File: ssh-keygen.c, line: 720 +msgid "Delete this file to ensure privacy of hostnames\n" +msgstr "" +# +# File: ssh-keygen.c, line: 754 msgid "Enter old passphrase: " msgstr "" # -# File: ssh-keygen.c, line: 531 -# File: ssh-keygen.c, line: 618 +# File: ssh-keygen.c, line: 761 +# File: ssh-keygen.c, line: 848 msgid "Bad passphrase.\n" msgstr "" # -# File: ssh-keygen.c, line: 535 +# File: ssh-keygen.c, line: 765 #, c-format msgid "Key has comment '%s'\n" msgstr "" # -# File: ssh-keygen.c, line: 543 +# File: ssh-keygen.c, line: 773 msgid "Enter new passphrase (empty for no passphrase): " msgstr "" # -# File: ssh-keygen.c, line: 545 -# File: ssh-keygen.c, line: 897 +# File: ssh-keygen.c, line: 775 +# File: ssh-keygen.c, line: 1144 msgid "Enter same passphrase again: " msgstr "" # -# File: ssh-keygen.c, line: 554 +# File: ssh-keygen.c, line: 784 msgid "Pass phrases do not match. Try again.\n" msgstr "" # -# File: ssh-keygen.c, line: 565 -# File: ssh-keygen.c, line: 648 -# File: ssh-keygen.c, line: 927 +# File: ssh-keygen.c, line: 795 +# File: ssh-keygen.c, line: 878 +# File: ssh-keygen.c, line: 1174 #, c-format msgid "Saving the key failed: %s.\n" msgstr "" # -# File: ssh-keygen.c, line: 578 +# File: ssh-keygen.c, line: 808 msgid "Your identification has been saved with the new passphrase.\n" msgstr "" # -# File: ssh-keygen.c, line: 625 +# File: ssh-keygen.c, line: 855 msgid "Comments are only supported for RSA1 keys.\n" msgstr "" # -# File: ssh-keygen.c, line: 630 +# File: ssh-keygen.c, line: 860 #, c-format msgid "Key now has comment '%s'\n" msgstr "" # -# File: ssh-keygen.c, line: 635 +# File: ssh-keygen.c, line: 865 msgid "Enter new comment: " msgstr "" # -# File: ssh-keygen.c, line: 663 -# File: ssh-keygen.c, line: 947 +# File: ssh-keygen.c, line: 893 +# File: ssh-keygen.c, line: 1194 #, c-format msgid "Could not save your public key in %s\n" msgstr "" # -# File: ssh-keygen.c, line: 669 -# File: ssh-keygen.c, line: 953 +# File: ssh-keygen.c, line: 899 +# File: ssh-keygen.c, line: 1200 #, c-format msgid "fdopen %s failed" msgstr "" # -# File: ssh-keygen.c, line: 673 -# File: ssh-keygen.c, line: 957 +# File: ssh-keygen.c, line: 903 +# File: ssh-keygen.c, line: 1204 msgid "write key failed" msgstr "" # -# File: ssh-keygen.c, line: 680 +# File: ssh-keygen.c, line: 910 msgid "The comment in your key file has been changed.\n" msgstr "" # -# File: ssh-keygen.c, line: 688 +# File: ssh-keygen.c, line: 918 #, c-format msgid "" "Usage: %s [options]\n" "Options:\n" " -b bits Number of bits in the key to create.\n" +" -B Show bubblebabble digest of key file.\n" " -c Change comment in private and public key files.\n" +" -C comment Provide new comment.\n" " -e Convert OpenSSH to IETF SECSH key file.\n" " -f filename Filename of the key file.\n" +" -F hostname Find hostname in known hosts file.\n" +" -H Hash names in known_hosts file.\n" " -i Convert IETF SECSH to OpenSSH key file.\n" " -l Show fingerprint of key file.\n" +" -N phrase Provide new passphrase.\n" " -p Change passphrase of private key file.\n" +" -P phrase Provide old passphrase.\n" " -q Quiet.\n" -" -y Read private key file and print public key.\n" +" -R hostname Remove host from known_hosts file.\n" " -t type Specify type of key to create.\n" -" -B Show bubblebabble digest of key file.\n" -" -C comment Provide new comment.\n" -" -N phrase Provide new passphrase.\n" -" -P phrase Provide old passphrase.\n" +" -y Read private key file and print public key.\n" msgstr "" # -# File: ssh-keygen.c, line: 740 +# File: ssh-keygen.c, line: 978 msgid "You don't exist, go away!\n" msgstr "" # -# File: ssh-keygen.c, line: 754 +# File: ssh-keygen.c, line: 992 msgid "Bits has bad value.\n" msgstr "" # -# File: ssh-keygen.c, line: 816 +# File: ssh-keygen.c, line: 1061 msgid "Too many arguments.\n" msgstr "" # -# File: ssh-keygen.c, line: 820 +# File: ssh-keygen.c, line: 1065 msgid "Can only have one of -p and -c.\n" msgstr "" # -# File: ssh-keygen.c, line: 837 +# File: ssh-keygen.c, line: 1084 msgid "no support for smartcards." msgstr "" # -# File: ssh-keygen.c, line: 844 +# File: ssh-keygen.c, line: 1091 msgid "You must specify a key type (-t).\n" msgstr "" # -# File: ssh-keygen.c, line: 849 +# File: ssh-keygen.c, line: 1096 #, c-format msgid "unknown key type %s\n" msgstr "" # -# File: ssh-keygen.c, line: 854 +# File: ssh-keygen.c, line: 1101 #, c-format msgid "Generating public/private %s key pair.\n" msgstr "" # -# File: ssh-keygen.c, line: 858 +# File: ssh-keygen.c, line: 1105 msgid "key_generate failed" msgstr "" # -# File: ssh-keygen.c, line: 864 +# File: ssh-keygen.c, line: 1111 msgid "Enter file in which to save the key" msgstr "" # -# File: ssh-keygen.c, line: 871 +# File: ssh-keygen.c, line: 1118 #, c-format msgid "Could not create directory '%s'." msgstr "" # -# File: ssh-keygen.c, line: 873 +# File: ssh-keygen.c, line: 1120 #, c-format msgid "Created directory '%s'.\n" msgstr "" # -# File: ssh-keygen.c, line: 878 +# File: ssh-keygen.c, line: 1125 #, c-format msgid "%s already exists.\n" msgstr "" # -# File: ssh-keygen.c, line: 879 +# File: ssh-keygen.c, line: 1126 #, c-format msgid "Overwrite (%s/%s)? " msgstr "" # -# File: ssh-keygen.c, line: 895 +# File: ssh-keygen.c, line: 1142 msgid "Enter passphrase (empty for no passphrase): " msgstr "" # -# File: ssh-keygen.c, line: 909 +# File: ssh-keygen.c, line: 1156 msgid "Passphrases do not match. Try again.\n" msgstr "" # -# File: ssh-keygen.c, line: 941 +# File: ssh-keygen.c, line: 1188 #, c-format msgid "Your identification has been saved in %s.\n" msgstr "" # -# File: ssh-keygen.c, line: 963 +# File: ssh-keygen.c, line: 1210 #, c-format msgid "Your public key has been saved in %s.\n" msgstr "" # -# File: ssh-keygen.c, line: 965 +# File: ssh-keygen.c, line: 1212 msgid "The key fingerprint is:\n" msgstr "" # diff --git a/usr/src/cmd/ssh/ssh/sshconnect.c b/usr/src/cmd/ssh/ssh/sshconnect.c index 4a6b1a3b11..8201887baf 100644 --- a/usr/src/cmd/ssh/ssh/sshconnect.c +++ b/usr/src/cmd/ssh/ssh/sshconnect.c @@ -1,8 +1,4 @@ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -/* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -15,6 +11,10 @@ * incompatible with the protocol description in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". */ +/* + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ #include "includes.h" RCSID("$OpenBSD: sshconnect.c,v 1.135 2002/09/19 01:58:18 djm Exp $"); @@ -584,7 +584,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, int char hostline[1000], *hostp, *fp; HostStatus host_status; HostStatus ip_status; - int local = 0, host_ip_differ = 0; + int r, local = 0, host_ip_differ = 0; int salen; char ntop[NI_MAXHOST]; char msg[1024]; @@ -662,7 +662,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, int file_key = key_new(host_key->type); /* - * Check if the host key is present in the user\'s list of known + * Check if the host key is present in the user's list of known * hosts or in the systemwide list. */ host_file = user_hostfile; @@ -702,8 +702,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, int case HOST_OK: /* The host is known and the key matches. */ if (validated) - debug("Host '%.200s' is known and matches the " - "advertised %s host" "key.", host, type); + debug("Host '%.200s' is known and matches the %s host key.", + host, type); else debug("Host '%.200s' is known and matches the %s host " "key.", host, type); @@ -714,7 +714,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, int "'%.128s' not in list of known hosts.", type, ip); else if (!add_host_to_hostfile(user_hostfile, ip, - host_key)) + host_key, options.hash_known_hosts)) log("Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.30s).", type, ip, user_hostfile); @@ -756,17 +756,33 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, int if (!confirm(msg)) goto fail; } - if (options.check_host_ip && ip_status == HOST_NEW) { - snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); - hostp = hostline; - } else - hostp = host; - /* * If not in strict mode, add the key automatically to the * local known_hosts file. */ - if (!add_host_to_hostfile(user_hostfile, hostp, host_key)) + if (options.check_host_ip && ip_status == HOST_NEW) { + snprintf(hostline, sizeof(hostline), "%s,%s", + host, ip); + hostp = hostline; + if (options.hash_known_hosts) { + /* Add hash of host and IP separately */ + r = add_host_to_hostfile(user_hostfile, host, + host_key, options.hash_known_hosts) && + add_host_to_hostfile(user_hostfile, ip, + host_key, options.hash_known_hosts); + } else { + /* Add unhashed "host,ip" */ + r = add_host_to_hostfile(user_hostfile, + hostline, host_key, + options.hash_known_hosts); + } + } else { + r = add_host_to_hostfile(user_hostfile, host, host_key, + options.hash_known_hosts); + hostp = host; + } + + if (!r) log("Failed to add the host to the list of known " "hosts (%.500s).", user_hostfile); else |