mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-31 23:02:05 +00:00
- jakob@cvs.openbsd.org 2003/10/14 19:42:10
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] include SSHFP lookup code (not enabled by default). ok markus@
This commit is contained in:
parent
b370ca9313
commit
dda19d63ff
@ -30,6 +30,9 @@
|
||||
- markus@cvs.openbsd.org 2003/10/13 08:22:25
|
||||
[scp.1 sftp.1]
|
||||
don't refer to options related to forwarding; ok jmc@
|
||||
- jakob@cvs.openbsd.org 2003/10/14 19:42:10
|
||||
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
|
||||
include SSHFP lookup code (not enabled by default). ok markus@
|
||||
|
||||
20031009
|
||||
- (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@
|
||||
@ -1347,4 +1350,4 @@
|
||||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.3076 2003/10/15 05:59:26 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3077 2003/10/15 06:00:47 dtucker Exp $
|
||||
|
7
dns.c
7
dns.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $ */
|
||||
/* $OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
@ -28,7 +28,6 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef DNS
|
||||
#include <openssl/bn.h>
|
||||
#ifdef LWRES
|
||||
#include <lwres/netdb.h>
|
||||
@ -44,7 +43,7 @@
|
||||
#include "uuencode.h"
|
||||
|
||||
extern char *__progname;
|
||||
RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $");
|
||||
RCSID("$OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $");
|
||||
|
||||
#ifndef LWRES
|
||||
static const char *errset_text[] = {
|
||||
@ -286,5 +285,3 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
#endif /* DNS */
|
||||
|
4
dns.h
4
dns.h
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $ */
|
||||
/* $OpenBSD: dns.h,v 1.4 2003/10/14 19:42:10 jakob Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
@ -28,7 +28,6 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef DNS
|
||||
#ifndef DNS_H
|
||||
#define DNS_H
|
||||
|
||||
@ -54,4 +53,3 @@ int verify_host_key_dns(const char *, struct sockaddr *, Key *);
|
||||
int export_dns_rr(const char *, Key *, FILE *, int);
|
||||
|
||||
#endif /* DNS_H */
|
||||
#endif /* DNS */
|
||||
|
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: readconf.c,v 1.123 2003/10/11 08:24:07 markus Exp $");
|
||||
RCSID("$OpenBSD: readconf.c,v 1.124 2003/10/14 19:42:10 jakob Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
@ -183,11 +183,7 @@ static struct {
|
||||
#endif
|
||||
{ "clearallforwardings", oClearAllForwardings },
|
||||
{ "enablesshkeysign", oEnableSSHKeysign },
|
||||
#ifdef DNS
|
||||
{ "verifyhostkeydns", oVerifyHostKeyDNS },
|
||||
#else
|
||||
{ "verifyhostkeydns", oUnsupported },
|
||||
#endif
|
||||
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
|
||||
{ "rekeylimit", oRekeyLimit },
|
||||
{ "connecttimeout", oConnectTimeout },
|
||||
|
12
ssh-keygen.c
12
ssh-keygen.c
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.110 2003/10/14 19:42:10 jakob Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
@ -32,9 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
|
||||
#ifdef SMARTCARD
|
||||
#include "scard.h"
|
||||
#endif
|
||||
#ifdef DNS
|
||||
#include "dns.h"
|
||||
#endif
|
||||
|
||||
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
|
||||
int bits = 1024;
|
||||
@ -625,7 +623,6 @@ do_change_passphrase(struct passwd *pw)
|
||||
exit(0);
|
||||
}
|
||||
|
||||
#ifdef DNS
|
||||
/*
|
||||
* Print the SSHFP RR.
|
||||
*/
|
||||
@ -655,7 +652,6 @@ do_print_resource_record(struct passwd *pw, char *hostname)
|
||||
printf("failed to read v2 public key from %s.\n", identity_file);
|
||||
exit(1);
|
||||
}
|
||||
#endif /* DNS */
|
||||
|
||||
/*
|
||||
* Change the comment of a private key file.
|
||||
@ -774,9 +770,7 @@ usage(void)
|
||||
fprintf(stderr, " -C comment Provide new comment.\n");
|
||||
fprintf(stderr, " -N phrase Provide new passphrase.\n");
|
||||
fprintf(stderr, " -P phrase Provide old passphrase.\n");
|
||||
#ifdef DNS
|
||||
fprintf(stderr, " -r hostname Print DNS resource record.\n");
|
||||
#endif /* DNS */
|
||||
#ifdef SMARTCARD
|
||||
fprintf(stderr, " -D reader Download public key from smartcard.\n");
|
||||
fprintf(stderr, " -U reader Upload private key to smartcard.\n");
|
||||
@ -959,11 +953,7 @@ main(int ac, char **av)
|
||||
if (print_public)
|
||||
do_print_public(pw);
|
||||
if (resource_record_hostname != NULL) {
|
||||
#ifdef DNS
|
||||
do_print_resource_record(pw, resource_record_hostname);
|
||||
#else /* DNS */
|
||||
fatal("no DNS support.");
|
||||
#endif /* DNS */
|
||||
}
|
||||
if (reader_id != NULL) {
|
||||
#ifdef SMARTCARD
|
||||
|
10
sshconnect.c
10
sshconnect.c
@ -13,7 +13,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
@ -33,16 +33,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
|
||||
#include "misc.h"
|
||||
#include "readpass.h"
|
||||
|
||||
#ifdef DNS
|
||||
#include "dns.h"
|
||||
#endif
|
||||
|
||||
char *client_version_string = NULL;
|
||||
char *server_version_string = NULL;
|
||||
|
||||
#ifdef DNS
|
||||
int verified_host_key_dns = 0;
|
||||
#endif
|
||||
|
||||
/* import */
|
||||
extern Options options;
|
||||
@ -730,7 +726,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
||||
/* The default */
|
||||
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
|
||||
msg2[0] = '\0';
|
||||
#ifdef DNS
|
||||
if (options.verify_host_key_dns) {
|
||||
if (verified_host_key_dns)
|
||||
snprintf(msg2, sizeof(msg2),
|
||||
@ -741,7 +736,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
||||
"No matching host key fingerprint"
|
||||
" found in DNS.\n");
|
||||
}
|
||||
#endif
|
||||
snprintf(msg, sizeof(msg),
|
||||
"The authenticity of host '%.200s (%s)' can't be "
|
||||
"established%s\n"
|
||||
@ -908,7 +902,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
|
||||
{
|
||||
struct stat st;
|
||||
|
||||
#ifdef DNS
|
||||
if (options.verify_host_key_dns) {
|
||||
switch(verify_host_key_dns(host, hostaddr, host_key)) {
|
||||
case DNS_VERIFY_OK:
|
||||
@ -927,7 +920,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif /* DNS */
|
||||
|
||||
/* return ok if the key can be found in an old keyfile */
|
||||
if (stat(options.system_hostfile2, &st) == 0 ||
|
||||
|
Loading…
Reference in New Issue
Block a user