X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/700318f39b6ee399768d0ed0ee2b2935410c8b0b..a7045e2e7435a176522df49a644f13d47b5291af:/openssh/ssh-keyscan.c

diff --git a/openssh/ssh-keyscan.c b/openssh/ssh-keyscan.c
index 744f802..46f0636 100644
--- a/openssh/ssh-keyscan.c
+++ b/openssh/ssh-keyscan.c
@@ -7,9 +7,9 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.35 2002/03/04 18:30:23 stevesk Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
 
-#include "openbsd-compat/fake-queue.h"
+#include "openbsd-compat/sys-queue.h"
 
 #include <openssl/bn.h>
 
@@ -28,14 +28,11 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.35 2002/03/04 18:30:23 stevesk Exp $");
 #include "log.h"
 #include "atomicio.h"
 #include "misc.h"
+#include "hostfile.h"
 
 /* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
    Default value is AF_UNSPEC means both IPv4 and IPv6. */
-#ifdef IPV4_DEFAULT
-int IPv4or6 = AF_INET;
-#else
 int IPv4or6 = AF_UNSPEC;
-#endif
 
 int ssh_port = SSH_DEFAULT_PORT;
 
@@ -45,6 +42,8 @@ int ssh_port = SSH_DEFAULT_PORT;
 
 int get_keytypes = KT_RSA1;	/* Get only RSA1 keys by default */
 
+int hash_hosts = 0;		/* Hash hostname on output */
+
 #define MAXMAXFD 256
 
 /* The number of seconds after which to give up on a TCP connection */
@@ -53,11 +52,7 @@ int timeout = 5;
 int maxfd;
 #define MAXCON (maxfd - 10)
 
-#ifdef HAVE___PROGNAME
 extern char *__progname;
-#else
-char *__progname;
-#endif
 fd_set *read_wait;
 size_t read_wait_size;
 int ncon;
@@ -116,7 +111,8 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
 
 	if (!(lb = malloc(sizeof(*lb)))) {
 		if (errfun)
-			(*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
+			(*errfun) ("linebuf (%s): malloc failed\n",
+			    filename ? filename : "(stdin)");
 		return (NULL);
 	}
 	if (filename) {
@@ -170,14 +166,15 @@ Linebuf_lineno(Linebuf * lb)
 static char *
 Linebuf_getline(Linebuf * lb)
 {
-	int n = 0;
+	size_t n = 0;
+	void *p;
 
 	lb->lineno++;
 	for (;;) {
 		/* Read a line */
 		if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) {
 			if (ferror(lb->stream) && lb->errfun)
-				(*lb->errfun) ("%s: %s\n", lb->filename,
+				(*lb->errfun)("%s: %s\n", lb->filename,
 				    strerror(errno));
 			return (NULL);
 		}
@@ -190,17 +187,20 @@ Linebuf_getline(Linebuf * lb)
 		}
 		if (n != lb->size - 1) {
 			if (lb->errfun)
-				(*lb->errfun) ("%s: skipping incomplete last line\n",
+				(*lb->errfun)("%s: skipping incomplete last line\n",
 				    lb->filename);
 			return (NULL);
 		}
 		/* Double the buffer if we need more space */
-		if (!(lb->buf = realloc(lb->buf, (lb->size *= 2)))) {
+		lb->size *= 2;
+		if ((p = realloc(lb->buf, lb->size)) == NULL) {
+			lb->size /= 2;
 			if (lb->errfun)
-				(*lb->errfun) ("linebuf (%s): realloc failed\n",
+				(*lb->errfun)("linebuf (%s): realloc failed\n",
 				    lb->filename);
 			return (NULL);
 		}
+		lb->buf = p;
 	}
 }
 
@@ -213,13 +213,11 @@ fdlim_get(int hard)
 	if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
 		return (-1);
 	if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
-		return 10000;
+		return SSH_SYSFDMAX;
 	else
 		return hard ? rlfd.rlim_max : rlfd.rlim_cur;
-#elif defined (HAVE_SYSCONF)
-	return sysconf (_SC_OPEN_MAX);
 #else
-	return 10000;
+	return SSH_SYSFDMAX;
 #endif
 }
 
@@ -229,6 +227,7 @@ fdlim_set(int lim)
 #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
 	struct rlimit rlfd;
 #endif
+
 	if (lim <= 0)
 		return (-1);
 #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
@@ -348,6 +347,9 @@ keygrab_ssh2(con *c)
 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
 	    "ssh-dss": "ssh-rsa";
 	c->c_kex = kex_setup(myproposal);
+	c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+	c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
+	c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
 	c->c_kex->verify_host_key = hostjump;
 
 	if (!(j = setjmp(kexjmp))) {
@@ -367,10 +369,14 @@ keygrab_ssh2(con *c)
 static void
 keyprint(con *c, Key *key)
 {
+	char *host = c->c_output_name ? c->c_output_name : c->c_name;
+
 	if (!key)
 		return;
+	if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
+		fatal("host_hash failed");
 
-	fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name);
+	fprintf(stdout, "%s ", host);
 	key_write(key, stdout);
 	fputs("\n", stdout);
 }
@@ -389,13 +395,13 @@ tcpconnect(char *host)
 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
 		fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
 	for (ai = aitop; ai; ai = ai->ai_next) {
-		s = socket(ai->ai_family, SOCK_STREAM, 0);
+		s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
 		if (s < 0) {
 			error("socket: %s", strerror(errno));
 			continue;
 		}
-		if (fcntl(s, F_SETFL, O_NONBLOCK) < 0)
-			fatal("F_SETFL: %s", strerror(errno));
+		if (set_nonblock(s) == -1)
+			fatal("%s: set_nonblock(%d)", __func__, s);
 		if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 &&
 		    errno != EINPROGRESS)
 			error("connect (`%s'): %s", host, strerror(errno));
@@ -411,8 +417,8 @@ tcpconnect(char *host)
 static int
 conalloc(char *iname, char *oname, int keytype)
 {
-	int s;
 	char *namebase, *name, *namelist;
+	int s;
 
 	namebase = namelist = xstrdup(iname);
 
@@ -476,8 +482,8 @@ contouch(int s)
 static int
 conrecycle(int s)
 {
-	int ret;
 	con *c = &fdcon[s];
+	int ret;
 
 	ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype);
 	confree(s);
@@ -487,27 +493,30 @@ conrecycle(int s)
 static void
 congreet(int s)
 {
+	int n = 0, remote_major = 0, remote_minor = 0;
 	char buf[256], *cp;
 	char remote_version[sizeof buf];
 	size_t bufsiz;
-	int remote_major, remote_minor, n = 0;
 	con *c = &fdcon[s];
 
 	bufsiz = sizeof(buf);
 	cp = buf;
-	while (bufsiz-- && (n = read(s, cp, 1)) == 1 && *cp != '\n') {
+	while (bufsiz-- && (n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') {
 		if (*cp == '\r')
 			*cp = '\n';
 		cp++;
 	}
-	if (n < 0) {
-		if (errno != ECONNREFUSED)
-			error("read (%s): %s", c->c_name, strerror(errno));
-		conrecycle(s);
-		return;
-	}
 	if (n == 0) {
-		error("%s: Connection closed by remote host", c->c_name);
+		switch (errno) {
+		case EPIPE:
+			error("%s: Connection closed by remote host", c->c_name);
+			break;
+		case ECONNREFUSED:
+			break;
+		default:
+			error("read (%s): %s", c->c_name, strerror(errno));
+			break;
+		}
 		conrecycle(s);
 		return;
 	}
@@ -537,7 +546,12 @@ congreet(int s)
 	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
 	    c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
 	    c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
-	if (atomicio(write, s, buf, n) != n) {
+	if (n < 0 || (size_t)n >= sizeof(buf)) {
+		error("snprintf: buffer too small");
+		confree(s);
+		return;
+	}
+	if (atomicio(vwrite, s, buf, n) != (size_t)n) {
 		error("write (%s): %s", c->c_name, strerror(errno));
 		confree(s);
 		return;
@@ -554,15 +568,15 @@ congreet(int s)
 static void
 conread(int s)
 {
-	int n;
 	con *c = &fdcon[s];
+	size_t n;
 
 	if (c->c_status == CS_CON) {
 		congreet(s);
 		return;
 	}
-	n = read(s, c->c_data + c->c_off, c->c_len - c->c_off);
-	if (n < 0) {
+	n = atomicio(read, s, c->c_data + c->c_off, c->c_len - c->c_off);
+	if (n == 0) {
 		error("read (%s): %s", c->c_name, strerror(errno));
 		confree(s);
 		return;
@@ -594,13 +608,13 @@ conread(int s)
 static void
 conloop(void)
 {
-	fd_set *r, *e;
 	struct timeval seltime, now;
-	int i;
+	fd_set *r, *e;
 	con *c;
+	int i;
 
 	gettimeofday(&now, NULL);
-	c = tq.tqh_first;
+	c = TAILQ_FIRST(&tq);
 
 	if (c && (c->c_tv.tv_sec > now.tv_sec ||
 	    (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec > now.tv_usec))) {
@@ -633,12 +647,12 @@ conloop(void)
 	xfree(r);
 	xfree(e);
 
-	c = tq.tqh_first;
+	c = TAILQ_FIRST(&tq);
 	while (c && (c->c_tv.tv_sec < now.tv_sec ||
 	    (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
 		int s = c->c_fd;
 
-		c = c->c_link.tqe_next;
+		c = TAILQ_NEXT(c, c_link);
 		conrecycle(s);
 	}
 }
@@ -664,28 +678,22 @@ void
 fatal(const char *fmt,...)
 {
 	va_list args;
+
 	va_start(args, fmt);
 	do_log(SYSLOG_LEVEL_FATAL, fmt, args);
 	va_end(args);
 	if (nonfatal_fatal)
 		longjmp(kexjmp, -1);
 	else
-		fatal_cleanup();
+		exit(255);
 }
 
 static void
 usage(void)
 {
-	fprintf(stderr, "Usage: %s [options] host ...\n",
+	fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n"
+	    "\t\t   [host | addrlist namelist] [...]\n",
 	    __progname);
-	fprintf(stderr, "Options:\n");
-	fprintf(stderr, "  -f file     Read hosts or addresses from file.\n");
-	fprintf(stderr, "  -p port     Connect to the specified port.\n");
-	fprintf(stderr, "  -t keytype  Specify the host key type.\n");
-	fprintf(stderr, "  -T timeout  Set connection timeout.\n");
-	fprintf(stderr, "  -v          Verbose; display verbose debugging messages.\n");
-	fprintf(stderr, "  -4          Use IPv4 only.\n");
-	fprintf(stderr, "  -6          Use IPv6 only.\n");
 	exit(1);
 }
 
@@ -699,7 +707,7 @@ main(int argc, char **argv)
 	extern int optind;
 	extern char *optarg;
 
-	__progname = get_progname(argv[0]);
+	__progname = ssh_get_progname(argv[0]);
 	init_rng();
 	seed_rng();
 	TAILQ_INIT(&tq);
@@ -707,8 +715,11 @@ main(int argc, char **argv)
 	if (argc <= 1)
 		usage();
 
-	while ((opt = getopt(argc, argv, "v46p:T:t:f:")) != -1) {
+	while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) {
 		switch (opt) {
+		case 'H':
+			hash_hosts = 1;
+			break;
 		case 'p':
 			ssh_port = a2port(optarg);
 			if (ssh_port == 0) {
@@ -717,9 +728,11 @@ main(int argc, char **argv)
 			}
 			break;
 		case 'T':
-			timeout = atoi(optarg);
-			if (timeout <= 0)
+			timeout = convtime(optarg);
+			if (timeout == -1 || timeout == 0) {
+				fprintf(stderr, "Bad timeout '%s'\n", optarg);
 				usage();
+			}
 			break;
 		case 'v':
 			if (!debug_flag) {