- jakob@cvs.openbsd.org 2003/10/14 19:42:10

     [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
     include SSHFP lookup code (not enabled by default). ok markus@

diff --git a/ChangeLog b/ChangeLog
index 43ca3622e5f4b474ef7ef723eb915f181d79c02e..e371b40e7282adb67ddfed0c461ca47754103fcf 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,9 @@
    - markus@cvs.openbsd.org 2003/10/13 08:22:25
      [scp.1 sftp.1]
      don't refer to options related to forwarding; ok jmc@
+   - jakob@cvs.openbsd.org 2003/10/14 19:42:10
+     [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
+     include SSHFP lookup code (not enabled by default). ok markus@
 
 20031009
  - (dtucker) [sshd_config.5] UsePAM defaults to "no".  ok djm@

diff --git a/dns.c b/dns.c
index 90ab5601a5429acf0fadb841780825414b990cd0..2fff1b802dad75b30038fab4cbcf1cf2be6f88ef 100644 (file)
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $   */
+/*     $OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $   */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -28,7 +28,6 @@
 
 #include "includes.h"
 
-#ifdef DNS
 #include <openssl/bn.h>
 #ifdef LWRES
 #include <lwres/netdb.h>
@@ -44,7 +43,7 @@
 #include "uuencode.h"
 
 extern char *__progname;
-RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $");
+RCSID("$OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $");
 
 #ifndef LWRES
 static const char *errset_text[] = {
@@ -286,5 +285,3 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
 
        return success;
 }
-
-#endif /* DNS */

diff --git a/dns.h b/dns.h
index ba0ea9fb4786760d49bcd2a1059a7761e3d33b5d..1eb07d96ead445043763ff3ecb856880cf9ff2af 100644 (file)
--- a/dns.h
+++ b/dns.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $   */
+/*     $OpenBSD: dns.h,v 1.4 2003/10/14 19:42:10 jakob Exp $   */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -28,7 +28,6 @@
 
 #include "includes.h"
 
-#ifdef DNS
 #ifndef DNS_H
 #define DNS_H
 
@@ -54,4 +53,3 @@ int   verify_host_key_dns(const char *, struct sockaddr *, Key *);
 int    export_dns_rr(const char *, Key *, FILE *, int);
 
 #endif /* DNS_H */
-#endif /* DNS */

diff --git a/readconf.c b/readconf.c
index e5f2620a719c30f85d83e6a4ff97eb36aad6ba5e..86d28bc8d55657e310c01b856bbe4c03ec77e8bc 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.123 2003/10/11 08:24:07 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.124 2003/10/14 19:42:10 jakob Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -183,11 +183,7 @@ static struct {
 #endif
        { "clearallforwardings", oClearAllForwardings },
        { "enablesshkeysign", oEnableSSHKeysign },
-#ifdef DNS
        { "verifyhostkeydns", oVerifyHostKeyDNS },
-#else
-       { "verifyhostkeydns", oUnsupported },
-#endif
        { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
        { "rekeylimit", oRekeyLimit },
        { "connecttimeout", oConnectTimeout },

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5b7bc400a327cc695139c87be759d9bac3a1723b..4a3cf241a5366677d5f24f766f067165bfd29999 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.110 2003/10/14 19:42:10 jakob Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -32,9 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
 #ifdef SMARTCARD
 #include "scard.h"
 #endif
-#ifdef DNS
 #include "dns.h"
-#endif
 
 /* Number of bits in the RSA/DSA key.  This value can be changed on the command line. */
 int bits = 1024;
@@ -625,7 +623,6 @@ do_change_passphrase(struct passwd *pw)
        exit(0);
 }
 
-#ifdef DNS
 /*
  * Print the SSHFP RR.
  */
@@ -655,7 +652,6 @@ do_print_resource_record(struct passwd *pw, char *hostname)
        printf("failed to read v2 public key from %s.\n", identity_file);
        exit(1);
 }
-#endif /* DNS */
 
 /*
  * Change the comment of a private key file.
@@ -774,9 +770,7 @@ usage(void)
        fprintf(stderr, "  -C comment  Provide new comment.\n");
        fprintf(stderr, "  -N phrase   Provide new passphrase.\n");
        fprintf(stderr, "  -P phrase   Provide old passphrase.\n");
-#ifdef DNS
        fprintf(stderr, "  -r hostname Print DNS resource record.\n");
-#endif /* DNS */
 #ifdef SMARTCARD
        fprintf(stderr, "  -D reader   Download public key from smartcard.\n");
        fprintf(stderr, "  -U reader   Upload private key to smartcard.\n");
@@ -959,11 +953,7 @@ main(int ac, char **av)
        if (print_public)
                do_print_public(pw);
        if (resource_record_hostname != NULL) {
-#ifdef DNS
                do_print_resource_record(pw, resource_record_hostname);
-#else /* DNS */
-               fatal("no DNS support.");
-#endif /* DNS */
        }
        if (reader_id != NULL) {
 #ifdef SMARTCARD

diff --git a/sshconnect.c b/sshconnect.c
index f29ac8088751e17fefb339fe099ee315241f03ba..2c028f3a6e39e579e96137f1fc5c56943f4afad6 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $");
 
 #include <openssl/bn.h>
 
@@ -33,16 +33,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
 #include "misc.h"
 #include "readpass.h"
 
-#ifdef DNS
 #include "dns.h"
-#endif
 
 char *client_version_string = NULL;
 char *server_version_string = NULL;
 
-#ifdef DNS
 int verified_host_key_dns = 0;
-#endif
 
 /* import */
 extern Options options;
@@ -730,7 +726,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                        /* The default */
                        fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
                        msg2[0] = '\0';
-#ifdef DNS
                        if (options.verify_host_key_dns) {
                                if (verified_host_key_dns)
                                        snprintf(msg2, sizeof(msg2),
@@ -741,7 +736,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                                            "No matching host key fingerprint"
                                            " found in DNS.\n");
                        }
-#endif
                        snprintf(msg, sizeof(msg),
                            "The authenticity of host '%.200s (%s)' can't be "
                            "established%s\n"
@@ -908,7 +902,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
 {
        struct stat st;
 
-#ifdef DNS
        if (options.verify_host_key_dns) {
                switch(verify_host_key_dns(host, hostaddr, host_key)) {
                case DNS_VERIFY_OK:
@@ -927,7 +920,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
                        break;
                }
        }
-#endif /* DNS */
 
        /* return ok if the key can be found in an old keyfile */
        if (stat(options.system_hostfile2, &st) == 0 ||