5 Author: Tatu Ylonen <ylo@cs.hut.fi>
7 Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
10 Created: Thu Jun 29 07:10:56 1995 ylo
12 Functions for manipulating the known hosts files.
22 /* Reads a multiple-precision integer in hex from the buffer, and advances the
23 pointer. The integer must already be initialized. This function is
24 permitted to modify the buffer. This leaves *cpp to point just beyond
25 the last processed (and maybe modified) character. Note that this may
26 modify the buffer containing the number. */
29 auth_rsa_read_bignum(char **cpp, BIGNUM *value)
34 /* Skip any leading whitespace. */
35 for (; *cp == ' ' || *cp == '\t'; cp++)
38 /* Check that it begins with a hex digit. */
39 if (*cp < '0' || *cp > '9')
42 /* Save starting position. */
45 /* Move forward until all hex digits skipped. */
46 for (; *cp >= '0' && *cp <= '9'; cp++)
49 /* Compute the length of the hex number. */
52 /* Save the old terminating character, and replace it by \0. */
57 /* Parse the number. */
58 if (BN_dec2bn(&value, *cpp) == 0)
61 /* Restore old terminating character. */
64 /* Move beyond the number and return success. */
69 /* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
70 over the key. Skips any whitespace at the beginning and at end. */
73 auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM *e, BIGNUM *n)
78 /* Skip leading whitespace. */
79 for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++)
82 /* Get number of bits. */
83 if (*cp < '0' || *cp > '9')
84 return 0; /* Bad bit count... */
85 for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
86 bits = 10 * bits + *cp - '0';
88 /* Get public exponent. */
89 if (!auth_rsa_read_bignum(&cp, e))
92 /* Get public modulus. */
93 if (!auth_rsa_read_bignum(&cp, n))
96 /* Skip trailing whitespace. */
97 for (; *cp == ' ' || *cp == '\t'; cp++)
100 /* Return results. */
106 /* Tries to match the host name (which must be in all lowercase) against the
107 comma-separated sequence of subpatterns (each possibly preceded by ! to
108 indicate negation). Returns true if there is a positive match; zero
112 match_hostname(const char *host, const char *pattern, unsigned int len)
117 unsigned int i, subi;
120 for (i = 0; i < len;)
122 /* Check if the subpattern is negated. */
123 if (pattern[i] == '!')
131 /* Extract the subpattern up to a comma or end. Convert the subpattern
134 i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
136 sub[subi] = isupper(pattern[i]) ? tolower(pattern[i]) : pattern[i];
137 /* If subpattern too long, return failure (no match). */
138 if (subi >= sizeof(sub) - 1)
141 /* If the subpattern was terminated by a comma, skip the comma. */
142 if (i < len && pattern[i] == ',')
145 /* Null-terminate the subpattern. */
148 /* Try to match the subpattern against the host name. */
149 if (match_pattern(host, sub)) {
151 return 0; /* Fail if host matches any negated subpattern. */
157 /* Return success if got a positive match. If there was a negative match,
158 we have already returned zero and never get here. */
162 /* Checks whether the given host (which must be in all lowercase) is
163 already in the list of our known hosts.
164 Returns HOST_OK if the host is known and has the specified key,
165 HOST_NEW if the host is not known, and HOST_CHANGED if the host is known
166 but used to have a different host key. */
169 check_host_in_hostfile(const char *filename,
170 const char *host, unsigned int bits,
171 BIGNUM *e, BIGNUM *n,
172 BIGNUM *ke, BIGNUM *kn)
176 unsigned int kbits, hostlen;
178 HostStatus end_return;
181 /* Open the file containing the list of known hosts. */
182 f = fopen(filename, "r");
185 if (stat(filename, &st) >= 0)
187 packet_send_debug("Could not open %.900s for reading.", filename);
188 packet_send_debug("If your home directory is on an NFS volume, it may need to be world-readable.");
193 /* Cache the length of the host name. */
194 hostlen = strlen(host);
196 /* Return value when the loop terminates. This is set to HOST_CHANGED if
197 we have seen a different key for the host and have not found the proper
199 end_return = HOST_NEW;
201 /* Go trough the file. */
202 while (fgets(line, sizeof(line), f))
206 /* Skip any leading whitespace. */
207 for (; *cp == ' ' || *cp == '\t'; cp++)
210 /* Ignore comment lines and empty lines. */
211 if (!*cp || *cp == '#' || *cp == '\n')
214 /* Find the end of the host name portion. */
215 for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++)
218 /* Check if the host name matches. */
219 if (!match_hostname(host, cp, (unsigned int)(cp2 - cp)))
222 /* Got a match. Skip host name. */
225 /* Extract the key from the line. This will skip any leading
226 whitespace. Ignore badly formatted lines. */
227 if (!auth_rsa_read_key(&cp, &kbits, ke, kn))
230 /* Check if the current key is the same as the previous one. */
231 if (kbits == bits && BN_cmp(ke, e) == 0 && BN_cmp(kn, n) == 0)
233 /* Ok, they match. */
238 /* They do not match. We will continue to go through the file; however,
239 we note that we will not return that it is new. */
240 end_return = HOST_CHANGED;
242 /* Clear variables and close the file. */
245 /* Return either HOST_NEW or HOST_CHANGED, depending on whether we saw a
246 different key for the host. */
250 /* Appends an entry to the host file. Returns false if the entry
251 could not be appended. */
254 add_host_to_hostfile(const char *filename, const char *host,
255 unsigned int bits, BIGNUM *e, BIGNUM *n)
260 /* Open the file for appending. */
261 f = fopen(filename, "a");
265 /* Print the host name and key to the file. */
266 fprintf(f, "%s %u ", host, bits);
269 error("add_host_to_hostfile: BN_bn2dec #1 failed");
273 fprintf(f, "%s ", buf);
277 error("add_host_to_hostfile: BN_bn2dec #2 failed");
281 fprintf(f, "%s\n", buf);
284 /* Close the file. */
andersk / openssh.git / blob