source-git / libssh

Clone
Source Code
GIT

Blame src/known_hosts.c

c8 c8s master
  1.   09b8b7b8521d8ca57b923b1ca00267a8f9efa0d2
  2.   src
  3.   known_hosts.c
Blob History Raw
Packit 6c0a39 
/*
Packit 6c0a39 
 * keyfiles.c - private and public key handling for authentication.
Packit 6c0a39 
 *
Packit 6c0a39 
 * This file is part of the SSH Library
Packit 6c0a39 
 *
Packit 6c0a39 
 * Copyright (c) 2003-2009 by Aris Adamantiadis
Packit 6c0a39 
 * Copyright (c) 2009      by Andreas Schneider <asn@cryptomilk.org>
Packit 6c0a39 
 *
Packit 6c0a39 
 * The SSH Library is free software; you can redistribute it and/or modify
Packit 6c0a39 
 * it under the terms of the GNU Lesser General Public License as published by
Packit 6c0a39 
 * the Free Software Foundation; either version 2.1 of the License, or (at your
Packit 6c0a39 
 * option) any later version.
Packit 6c0a39 
 *
Packit 6c0a39 
 * The SSH Library is distributed in the hope that it will be useful, but
Packit 6c0a39 
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
Packit 6c0a39 
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
Packit 6c0a39 
 * License for more details.
Packit 6c0a39 
 *
Packit 6c0a39 
 * You should have received a copy of the GNU Lesser General Public License
Packit 6c0a39 
 * along with the SSH Library; see the file COPYING.  If not, write to
Packit 6c0a39 
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
Packit 6c0a39 
 * MA 02111-1307, USA.
Packit 6c0a39 
 */
Packit 6c0a39
Packit 6c0a39 
#include "config.h"
Packit 6c0a39
Packit 6c0a39 
#include <ctype.h>
Packit 6c0a39 
#include <errno.h>
Packit 6c0a39 
#include <stdio.h>
Packit 6c0a39
Packit 6c0a39 
#include "libssh/priv.h"
Packit 6c0a39 
#include "libssh/session.h"
Packit 6c0a39 
#include "libssh/buffer.h"
Packit 6c0a39 
#include "libssh/misc.h"
Packit 6c0a39 
#include "libssh/dh.h"
Packit 6c0a39 
#include "libssh/pki.h"
Packit 6c0a39 
#include "libssh/options.h"
Packit 6c0a39 
#include "libssh/knownhosts.h"
Packit 6c0a39 
/*todo: remove this include */
Packit 6c0a39 
#include "libssh/string.h"
Packit 6c0a39 
#include "libssh/token.h"
Packit 6c0a39
Packit 6c0a39 
#ifndef _WIN32
Packit 6c0a39 
# include <netinet/in.h>
Packit 6c0a39 
# include <arpa/inet.h>
Packit 6c0a39 
#endif
Packit 6c0a39
Packit 6c0a39 
/**
Packit 6c0a39 
 * @addtogroup libssh_session
Packit 6c0a39 
 *
Packit 6c0a39 
 * @{
Packit 6c0a39 
 */
Packit 6c0a39
Packit 6c0a39 
/**
Packit 6c0a39 
 * @internal
Packit 6c0a39 
 *
Packit 6c0a39 
 * @brief Return one line of known host file.
Packit 6c0a39 
 *
Packit 6c0a39 
 * This will return a token array containing (host|ip), keytype and key.
Packit 6c0a39 
 *
Packit 6c0a39 
 * @param[out] file     A pointer to the known host file. Could be pointing to
Packit 6c0a39 
 *                      NULL at start.
Packit 6c0a39 
 *
Packit 6c0a39 
 * @param[in]  filename The file name of the known host file.
Packit 6c0a39 
 *
Packit 6c0a39 
 * @param[out] found_type A pointer to a string to be set with the found key
Packit 6c0a39 
 *                        type.
Packit 6c0a39 
 *
Packit 6c0a39 
 * @returns             The found_type type of key (ie "dsa","ssh-rsa"). Don't
Packit 6c0a39 
 *                      free that value. NULL if no match was found or the file
Packit 6c0a39 
 *                      was not found.
Packit 6c0a39 
 */
Packit 6c0a39 
static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
Packit 6c0a39 
                                                    const char *filename,
Packit 6c0a39 
                                                    const char **found_type)
Packit 6c0a39 
{
Packit 6c0a39 
    char buffer[4096] = {0};
Packit 6c0a39 
    char *ptr;
Packit 6c0a39 
    struct ssh_tokens_st *tokens;
Packit 6c0a39
Packit 6c0a39 
    if (*file == NULL) {
Packit 6c0a39 
        *file = fopen(filename,"r");
Packit 6c0a39 
        if (*file == NULL) {
Packit 6c0a39 
            return NULL;
Packit 6c0a39 
        }
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    while (fgets(buffer, sizeof(buffer), *file)) {
Packit 6c0a39 
        ptr = strchr(buffer, '\n');
Packit 6c0a39 
        if (ptr) {
Packit 6c0a39 
            *ptr =  '\0';
Packit 6c0a39 
        }
Packit 6c0a39
Packit 6c0a39 
        ptr = strchr(buffer,'\r');
Packit 6c0a39 
        if (ptr) {
Packit 6c0a39 
            *ptr = '\0';
Packit 6c0a39 
        }
Packit 6c0a39
Packit 6c0a39 
        if (buffer[0] == '\0' || buffer[0] == '#') {
Packit 6c0a39 
            continue; /* skip empty lines */
Packit 6c0a39 
        }
Packit 6c0a39
Packit 6c0a39 
        tokens = ssh_tokenize(buffer, ' ');
Packit 6c0a39 
        if (tokens == NULL) {
Packit 6c0a39 
            fclose(*file);
Packit 6c0a39 
            *file = NULL;
Packit 6c0a39
Packit 6c0a39 
            return NULL;
Packit 6c0a39 
        }
Packit 6c0a39
Packit 6c0a39 
        if (tokens->tokens[0] == NULL ||
Packit 6c0a39 
            tokens->tokens[1] == NULL ||
Packit 6c0a39 
            tokens->tokens[2] == NULL)
Packit 6c0a39 
        {
Packit 6c0a39 
            /* it should have at least 3 tokens */
Packit 6c0a39 
            ssh_tokens_free(tokens);
Packit 6c0a39 
            continue;
Packit 6c0a39 
        }
Packit 6c0a39
Packit 6c0a39 
        *found_type = tokens->tokens[1];
Packit 6c0a39
Packit 6c0a39 
        return tokens;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    fclose(*file);
Packit 6c0a39 
    *file = NULL;
Packit 6c0a39
Packit 6c0a39 
    /* we did not find anything, end of file*/
Packit 6c0a39 
    return NULL;
Packit 6c0a39 
}
Packit 6c0a39
Packit 6c0a39 
/**
Packit 6c0a39 
 * @internal
Packit 6c0a39 
 *
Packit 6c0a39 
 * @brief Check the public key in the known host line matches the public key of
Packit 6c0a39 
 * the currently connected server.
Packit 6c0a39 
 *
Packit 6c0a39 
 * @param[in] session   The SSH session to use.
Packit 6c0a39 
 *
Packit 6c0a39 
 * @param[in] tokens    A list of tokens in the known_hosts line.
Packit 6c0a39 
 *
Packit 6c0a39 
 * @returns             1 if the key matches, 0 if the key doesn't match and -1
Packit 6c0a39 
 *                      on error.
Packit 6c0a39 
 */
Packit 6c0a39 
static int check_public_key(ssh_session session, char **tokens) {
Packit 6c0a39 
  ssh_string pubkey_blob = NULL;
Packit 6c0a39 
  ssh_buffer pubkey_buffer;
Packit 6c0a39 
  char *pubkey_64;
Packit 6c0a39 
  int rc;
Packit 6c0a39
Packit 6c0a39 
    /* ssh-dss or ssh-rsa */
Packit 6c0a39 
    pubkey_64 = tokens[2];
Packit 6c0a39 
    pubkey_buffer = base64_to_bin(pubkey_64);
Packit 6c0a39
Packit 6c0a39 
  if (pubkey_buffer == NULL) {
Packit 6c0a39 
    ssh_set_error(session, SSH_FATAL,
Packit 6c0a39 
        "Verifying that server is a known host: base64 error");
Packit 6c0a39 
    return -1;
Packit 6c0a39 
  }
Packit 6c0a39
Packit 6c0a39 
  rc = ssh_dh_get_current_server_publickey_blob(session, &pubkey_blob);
Packit 6c0a39 
  if (rc != 0) {
Packit 6c0a39 
      ssh_buffer_free(pubkey_buffer);
Packit 6c0a39 
      return -1;
Packit 6c0a39 
  }
Packit 6c0a39
Packit 6c0a39 
  if (ssh_buffer_get_len(pubkey_buffer) != ssh_string_len(pubkey_blob)) {
Packit 6c0a39 
    ssh_string_free(pubkey_blob);
Packit 6c0a39 
    ssh_buffer_free(pubkey_buffer);
Packit 6c0a39 
    return 0;
Packit 6c0a39 
  }
Packit 6c0a39
Packit 6c0a39 
  /* now test that they are identical */
Packit 6c0a39 
  if (memcmp(ssh_buffer_get(pubkey_buffer), ssh_string_data(pubkey_blob),
Packit 6c0a39 
        ssh_buffer_get_len(pubkey_buffer)) != 0) {
Packit 6c0a39 
    ssh_string_free(pubkey_blob);
Packit 6c0a39 
    ssh_buffer_free(pubkey_buffer);
Packit 6c0a39 
    return 0;
Packit 6c0a39 
  }
Packit 6c0a39
Packit 6c0a39 
  ssh_string_free(pubkey_blob);
Packit 6c0a39 
  ssh_buffer_free(pubkey_buffer);
Packit 6c0a39 
  return 1;
Packit 6c0a39 
}
Packit 6c0a39
Packit 6c0a39 
/**
Packit 6c0a39 
 * @internal
Packit 6c0a39 
 * @brief Check if a hostname matches a openssh-style hashed known host.
Packit 6c0a39 
 *
Packit 6c0a39 
 * @param[in]  host     The host to check.
Packit 6c0a39 
 *
Packit 6c0a39 
 * @param[in]  hashed   The hashed value.
Packit 6c0a39 
 *
Packit 6c0a39 
 * @returns             1 if it matches, 0 otherwise.
Packit 6c0a39 
 */
Packit 6c0a39 
static int match_hashed_host(const char *host, const char *sourcehash)
Packit 6c0a39 
{
Packit 6c0a39 
  /* Openssh hash structure :
Packit 6c0a39 
   * |1|base64 encoded salt|base64 encoded hash
Packit 6c0a39 
   * hash is produced that way :
Packit 6c0a39 
   * hash := HMAC_SHA1(key=salt,data=host)
Packit 6c0a39 
   */
Packit 6c0a39 
  unsigned char buffer[256] = {0};
Packit 6c0a39 
  ssh_buffer salt;
Packit 6c0a39 
  ssh_buffer hash;
Packit 6c0a39 
  HMACCTX mac;
Packit 6c0a39 
  char *source;
Packit 6c0a39 
  char *b64hash;
Packit 6c0a39 
  int match;
Packit 6c0a39 
  unsigned int size;
Packit 6c0a39
Packit 6c0a39 
  if (strncmp(sourcehash, "|1|", 3) != 0) {
Packit 6c0a39 
    return 0;
Packit 6c0a39 
  }
Packit 6c0a39
Packit 6c0a39 
  source = strdup(sourcehash + 3);
Packit 6c0a39 
  if (source == NULL) {
Packit 6c0a39 
    return 0;
Packit 6c0a39 
  }
Packit 6c0a39
Packit 6c0a39 
  b64hash = strchr(source, '|');
Packit 6c0a39 
  if (b64hash == NULL) {
Packit 6c0a39 
    /* Invalid hash */
Packit 6c0a39 
    SAFE_FREE(source);
Packit 6c0a39
Packit 6c0a39 
    return 0;
Packit 6c0a39 
  }
Packit 6c0a39
Packit 6c0a39 
  *b64hash = '\0';
Packit 6c0a39 
  b64hash++;
Packit 6c0a39
Packit 6c0a39 
  salt = base64_to_bin(source);
Packit 6c0a39 
  if (salt == NULL) {
Packit 6c0a39 
    SAFE_FREE(source);
Packit 6c0a39
Packit 6c0a39 
    return 0;
Packit 6c0a39 
  }
Packit 6c0a39
Packit 6c0a39 
  hash = base64_to_bin(b64hash);
Packit 6c0a39 
  SAFE_FREE(source);
Packit 6c0a39 
  if (hash == NULL) {
Packit 6c0a39 
    ssh_buffer_free(salt);
Packit 6c0a39
Packit 6c0a39 
    return 0;
Packit 6c0a39 
  }
Packit 6c0a39
Packit 6c0a39 
  mac = hmac_init(ssh_buffer_get(salt), ssh_buffer_get_len(salt), SSH_HMAC_SHA1);
Packit 6c0a39 
  if (mac == NULL) {
Packit 6c0a39 
    ssh_buffer_free(salt);
Packit 6c0a39 
    ssh_buffer_free(hash);
Packit 6c0a39
Packit 6c0a39 
    return 0;
Packit 6c0a39 
  }
Packit 6c0a39 
  size = sizeof(buffer);
Packit 6c0a39 
  hmac_update(mac, host, strlen(host));
Packit 6c0a39 
  hmac_final(mac, buffer, &size);
Packit 6c0a39
Packit 6c0a39 
  if (size == ssh_buffer_get_len(hash) &&
Packit 6c0a39 
      memcmp(buffer, ssh_buffer_get(hash), size) == 0) {
Packit 6c0a39 
    match = 1;
Packit 6c0a39 
  } else {
Packit 6c0a39 
    match = 0;
Packit 6c0a39 
  }
Packit 6c0a39
Packit 6c0a39 
  ssh_buffer_free(salt);
Packit 6c0a39 
  ssh_buffer_free(hash);
Packit 6c0a39
Packit 6c0a39 
  SSH_LOG(SSH_LOG_PACKET,
Packit 6c0a39 
      "Matching a hashed host: %s match=%d", host, match);
Packit 6c0a39
Packit 6c0a39 
  return match;
Packit 6c0a39 
}
Packit 6c0a39
Packit 6c0a39 
/* How it's working :
Packit 6c0a39 
 * 1- we open the known host file and bitch if it doesn't exist
Packit 6c0a39 
 * 2- we need to examine each line of the file, until going on state SSH_SERVER_KNOWN_OK:
Packit 6c0a39 
 *  - there's a match. if the key is good, state is SSH_SERVER_KNOWN_OK,
Packit 6c0a39 
 *    else it's SSH_SERVER_KNOWN_CHANGED (or SSH_SERVER_FOUND_OTHER)
Packit 6c0a39 
 *  - there's no match : no change
Packit 6c0a39 
 */
Packit 6c0a39
Packit 6c0a39 
/**
Packit 6c0a39 
 * @brief This function is deprecated
Packit 6c0a39 
 *
Packit 6c0a39 
 * @deprecated          Please use ssh_session_is_known_server()
Packit 6c0a39 
 * @see ssh_session_is_known_server()
Packit 6c0a39 
 */
Packit 6c0a39 
int ssh_is_server_known(ssh_session session)
Packit 6c0a39 
{
Packit 6c0a39 
    FILE *file = NULL;
Packit 6c0a39 
    char *host;
Packit 6c0a39 
    char *hostport;
Packit 6c0a39 
    const char *type;
Packit 6c0a39 
    int match;
Packit 6c0a39 
    int i = 0;
Packit 6c0a39 
    char *files[3];
Packit 6c0a39
Packit 6c0a39 
    struct ssh_tokens_st *tokens;
Packit 6c0a39
Packit 6c0a39 
    int ret = SSH_SERVER_NOT_KNOWN;
Packit 6c0a39
Packit 6c0a39 
    if (session->opts.knownhosts == NULL) {
Packit 6c0a39 
        if (ssh_options_apply(session) < 0) {
Packit 6c0a39 
            ssh_set_error(session, SSH_REQUEST_DENIED,
Packit 6c0a39 
                    "Can't find a known_hosts file");
Packit 6c0a39
Packit 6c0a39 
            return SSH_SERVER_FILE_NOT_FOUND;
Packit 6c0a39 
        }
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    if (session->opts.host == NULL) {
Packit 6c0a39 
        ssh_set_error(session, SSH_FATAL,
Packit 6c0a39 
                "Can't verify host in known hosts if the hostname isn't known");
Packit 6c0a39
Packit 6c0a39 
        return SSH_SERVER_ERROR;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    if (session->current_crypto == NULL){
Packit 6c0a39 
        ssh_set_error(session, SSH_FATAL,
Packit 6c0a39 
                "ssh_is_host_known called without cryptographic context");
Packit 6c0a39
Packit 6c0a39 
        return SSH_SERVER_ERROR;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    host = ssh_lowercase(session->opts.host);
Packit 6c0a39 
    hostport = ssh_hostport(host, session->opts.port > 0 ? session->opts.port : 22);
Packit 6c0a39 
    if (host == NULL || hostport == NULL) {
Packit 6c0a39 
        ssh_set_error_oom(session);
Packit 6c0a39 
        SAFE_FREE(host);
Packit 6c0a39 
        SAFE_FREE(hostport);
Packit 6c0a39
Packit 6c0a39 
        return SSH_SERVER_ERROR;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    /* Set the list of known hosts files */
Packit 6c0a39 
    i = 0;
Packit 6c0a39 
    if (session->opts.global_knownhosts != NULL){
Packit 6c0a39 
        files[i++] = session->opts.global_knownhosts;
Packit 6c0a39 
    }
Packit 6c0a39 
    files[i++] = session->opts.knownhosts;
Packit 6c0a39 
    files[i] = NULL;
Packit 6c0a39 
    i = 0;
Packit 6c0a39
Packit 6c0a39 
    do {
Packit 6c0a39 
        tokens = ssh_get_knownhost_line(&file,
Packit 6c0a39 
                                        files[i],
Packit 6c0a39 
                                        &type);
Packit 6c0a39
Packit 6c0a39 
        /* End of file, return the current state or use next file */
Packit 6c0a39 
        if (tokens == NULL) {
Packit 6c0a39 
            ++i;
Packit 6c0a39 
            if(files[i] == NULL)
Packit 6c0a39 
                break;
Packit 6c0a39 
            else
Packit 6c0a39 
                continue;
Packit 6c0a39 
        }
Packit 6c0a39 
        match = match_hashed_host(host, tokens->tokens[0]);
Packit 6c0a39 
        if (match == 0){
Packit 6c0a39 
            match = match_hostname(hostport, tokens->tokens[0],
Packit 6c0a39 
                                   strlen(tokens->tokens[0]));
Packit 6c0a39 
        }
Packit 6c0a39 
        if (match == 0) {
Packit 6c0a39 
            match = match_hostname(host, tokens->tokens[0],
Packit 6c0a39 
                                   strlen(tokens->tokens[0]));
Packit 6c0a39 
        }
Packit 6c0a39 
        if (match == 0) {
Packit 6c0a39 
            match = match_hashed_host(hostport, tokens->tokens[0]);
Packit 6c0a39 
        }
Packit 6c0a39 
        if (match) {
Packit 6c0a39 
            ssh_key pubkey = ssh_dh_get_current_server_publickey(session);
Packit 6c0a39 
            const char *pubkey_type = ssh_key_type_to_char(ssh_key_type(pubkey));
Packit 6c0a39
Packit 6c0a39 
            /* We got a match. Now check the key type */
Packit 6c0a39 
            if (strcmp(pubkey_type, type) != 0) {
Packit 6c0a39 
                SSH_LOG(SSH_LOG_PACKET,
Packit 6c0a39 
                        "ssh_is_server_known: server type [%s] doesn't match the "
Packit 6c0a39 
                        "type [%s] in known_hosts file",
Packit 6c0a39 
                        pubkey_type,
Packit 6c0a39 
                        type);
Packit 6c0a39 
                /* Different type. We don't override the known_changed error which is
Packit 6c0a39 
                 * more important */
Packit 6c0a39 
                if (ret != SSH_SERVER_KNOWN_CHANGED)
Packit 6c0a39 
                    ret = SSH_SERVER_FOUND_OTHER;
Packit 6c0a39 
                ssh_tokens_free(tokens);
Packit 6c0a39 
                continue;
Packit 6c0a39 
            }
Packit 6c0a39 
            /* so we know the key type is good. We may get a good key or a bad key. */
Packit 6c0a39 
            match = check_public_key(session, tokens->tokens);
Packit 6c0a39 
            ssh_tokens_free(tokens);
Packit 6c0a39
Packit 6c0a39 
            if (match < 0) {
Packit 6c0a39 
                ret = SSH_SERVER_ERROR;
Packit 6c0a39 
                break;
Packit 6c0a39 
            } else if (match == 1) {
Packit 6c0a39 
                ret = SSH_SERVER_KNOWN_OK;
Packit 6c0a39 
                break;
Packit 6c0a39 
            } else if(match == 0) {
Packit 6c0a39 
                /* We override the status with the wrong key state */
Packit 6c0a39 
                ret = SSH_SERVER_KNOWN_CHANGED;
Packit 6c0a39 
            }
Packit 6c0a39 
        } else {
Packit 6c0a39 
            ssh_tokens_free(tokens);
Packit 6c0a39 
        }
Packit 6c0a39 
    } while (1);
Packit 6c0a39
Packit 6c0a39 
    if ((ret == SSH_SERVER_NOT_KNOWN) &&
Packit 6c0a39 
            (session->opts.StrictHostKeyChecking == 0)) {
Packit 6c0a39 
        ssh_write_knownhost(session);
Packit 6c0a39 
        ret = SSH_SERVER_KNOWN_OK;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    SAFE_FREE(host);
Packit 6c0a39 
    SAFE_FREE(hostport);
Packit 6c0a39 
    if (file != NULL) {
Packit 6c0a39 
        fclose(file);
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    /* Return the current state at end of file */
Packit 6c0a39 
    return ret;
Packit 6c0a39 
}
Packit 6c0a39
Packit 6c0a39 
/**
Packit 6c0a39 
 * @deprecated Please use ssh_session_export_known_hosts_entry()
Packit 6c0a39 
 * @brief This function is deprecated.
Packit 6c0a39 
 */
Packit 6c0a39 
char * ssh_dump_knownhost(ssh_session session) {
Packit 6c0a39 
    ssh_key server_pubkey = NULL;
Packit 6c0a39 
    char *host;
Packit 6c0a39 
    char *hostport;
Packit 6c0a39 
    size_t len = 4096;
Packit 6c0a39 
    char *buffer;
Packit 6c0a39 
    char *b64_key;
Packit 6c0a39 
    int rc;
Packit 6c0a39
Packit 6c0a39 
    if (session->opts.host == NULL) {
Packit 6c0a39 
        ssh_set_error(session, SSH_FATAL,
Packit 6c0a39 
                "Can't write host in known hosts if the hostname isn't known");
Packit 6c0a39 
        return NULL;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    host = ssh_lowercase(session->opts.host);
Packit 6c0a39 
    /* If using a nonstandard port, save the host in the [host]:port format */
Packit 6c0a39 
    if (session->opts.port > 0 && session->opts.port != 22) {
Packit 6c0a39 
        hostport = ssh_hostport(host, session->opts.port);
Packit 6c0a39 
        SAFE_FREE(host);
Packit 6c0a39 
        if (hostport == NULL) {
Packit 6c0a39 
            return NULL;
Packit 6c0a39 
        }
Packit 6c0a39 
        host = hostport;
Packit 6c0a39 
        hostport = NULL;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    if (session->current_crypto==NULL) {
Packit 6c0a39 
        ssh_set_error(session, SSH_FATAL, "No current crypto context");
Packit 6c0a39 
        SAFE_FREE(host);
Packit 6c0a39 
        return NULL;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    server_pubkey = ssh_dh_get_current_server_publickey(session);
Packit 6c0a39 
    if (server_pubkey == NULL){
Packit 6c0a39 
        ssh_set_error(session, SSH_FATAL, "No public key present");
Packit 6c0a39 
        SAFE_FREE(host);
Packit 6c0a39 
        return NULL;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    buffer = calloc (1, 4096);
Packit 6c0a39 
    if (!buffer) {
Packit 6c0a39 
        SAFE_FREE(host);
Packit 6c0a39 
        return NULL;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    rc = ssh_pki_export_pubkey_base64(server_pubkey, &b64_key);
Packit 6c0a39 
    if (rc < 0) {
Packit 6c0a39 
        SAFE_FREE(buffer);
Packit 6c0a39 
        SAFE_FREE(host);
Packit 6c0a39 
        return NULL;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    snprintf(buffer, len,
Packit 6c0a39 
            "%s %s %s\n",
Packit 6c0a39 
            host,
Packit 6c0a39 
            server_pubkey->type_c,
Packit 6c0a39 
            b64_key);
Packit 6c0a39
Packit 6c0a39 
    SAFE_FREE(host);
Packit 6c0a39 
    SAFE_FREE(b64_key);
Packit 6c0a39
Packit 6c0a39 
    return buffer;
Packit 6c0a39 
}
Packit 6c0a39
Packit 6c0a39 
/**
Packit 6c0a39 
 * @deprecated Please use ssh_session_update_known_hosts()
Packit 6c0a39 
 * @brief This function is deprecated
Packit 6c0a39 
 */
Packit 6c0a39 
int ssh_write_knownhost(ssh_session session) {
Packit 6c0a39 
    FILE *file;
Packit 6c0a39 
    char *buffer;
Packit 6c0a39 
    char *dir;
Packit 6c0a39
Packit 6c0a39 
    if (session->opts.knownhosts == NULL) {
Packit 6c0a39 
        if (ssh_options_apply(session) < 0) {
Packit 6c0a39 
            ssh_set_error(session, SSH_FATAL, "Can't find a known_hosts file");
Packit 6c0a39 
            return SSH_ERROR;
Packit 6c0a39 
        }
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    /* Check if directory exists and create it if not */
Packit 6c0a39 
    dir = ssh_dirname(session->opts.knownhosts);
Packit 6c0a39 
    if (dir == NULL) {
Packit 6c0a39 
        ssh_set_error(session, SSH_FATAL, "%s", strerror(errno));
Packit 6c0a39 
        return SSH_ERROR;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    if (!ssh_file_readaccess_ok(dir)) {
Packit 6c0a39 
        if (ssh_mkdir(dir, 0700) < 0) {
Packit 6c0a39 
            ssh_set_error(session, SSH_FATAL,
Packit 6c0a39 
                    "Cannot create %s directory.", dir);
Packit 6c0a39 
            SAFE_FREE(dir);
Packit 6c0a39 
            return SSH_ERROR;
Packit 6c0a39 
        }
Packit 6c0a39 
    }
Packit 6c0a39 
    SAFE_FREE(dir);
Packit 6c0a39
Packit 6c0a39 
    file = fopen(session->opts.knownhosts, "a");
Packit 6c0a39 
    if (file == NULL) {
Packit 6c0a39 
        ssh_set_error(session, SSH_FATAL,
Packit 6c0a39 
                "Couldn't open known_hosts file %s for appending: %s",
Packit 6c0a39 
                session->opts.knownhosts, strerror(errno));
Packit 6c0a39 
        return SSH_ERROR;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    buffer = ssh_dump_knownhost(session);
Packit 6c0a39 
    if (buffer == NULL) {
Packit 6c0a39 
        fclose(file);
Packit 6c0a39 
        return SSH_ERROR;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    if (fwrite(buffer, strlen(buffer), 1, file) != 1 || ferror(file)) {
Packit 6c0a39 
        SAFE_FREE(buffer);
Packit 6c0a39 
        fclose(file);
Packit 6c0a39 
        return -1;
Packit 6c0a39 
    }
Packit 6c0a39
Packit 6c0a39 
    SAFE_FREE(buffer);
Packit 6c0a39 
    fclose(file);
Packit 6c0a39 
    return 0;
Packit 6c0a39 
}
Packit 6c0a39
Packit 6c0a39 
#define KNOWNHOSTS_MAXTYPES 10
Packit 6c0a39
Packit 6c0a39 
/** @} */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation