[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
     include SSHFP lookup code (not enabled by default). ok markus@
This commit is contained in:
Darren Tucker 2003-10-15 16:00:47 +10:00
parent b370ca9313
commit dda19d63ff
6 changed files with 10 additions and 34 deletions

View File

@ -30,6 +30,9 @@
- markus@cvs.openbsd.org 2003/10/13 08:22:25
[scp.1 sftp.1]
don't refer to options related to forwarding; ok jmc@
- jakob@cvs.openbsd.org 2003/10/14 19:42:10
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
include SSHFP lookup code (not enabled by default). ok markus@
20031009
- (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@
@ -1347,4 +1350,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.3076 2003/10/15 05:59:26 dtucker Exp $
$Id: ChangeLog,v 1.3077 2003/10/15 06:00:47 dtucker Exp $

7
dns.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $ */
/* $OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -28,7 +28,6 @@
#include "includes.h"
#ifdef DNS
#include <openssl/bn.h>
#ifdef LWRES
#include <lwres/netdb.h>
@ -44,7 +43,7 @@
#include "uuencode.h"
extern char *__progname;
RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $");
RCSID("$OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $");
#ifndef LWRES
static const char *errset_text[] = {
@ -286,5 +285,3 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
return success;
}
#endif /* DNS */

4
dns.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $ */
/* $OpenBSD: dns.h,v 1.4 2003/10/14 19:42:10 jakob Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -28,7 +28,6 @@
#include "includes.h"
#ifdef DNS
#ifndef DNS_H
#define DNS_H
@ -54,4 +53,3 @@ int verify_host_key_dns(const char *, struct sockaddr *, Key *);
int export_dns_rr(const char *, Key *, FILE *, int);
#endif /* DNS_H */
#endif /* DNS */

View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.123 2003/10/11 08:24:07 markus Exp $");
RCSID("$OpenBSD: readconf.c,v 1.124 2003/10/14 19:42:10 jakob Exp $");
#include "ssh.h"
#include "xmalloc.h"
@ -183,11 +183,7 @@ static struct {
#endif
{ "clearallforwardings", oClearAllForwardings },
{ "enablesshkeysign", oEnableSSHKeysign },
#ifdef DNS
{ "verifyhostkeydns", oVerifyHostKeyDNS },
#else
{ "verifyhostkeydns", oUnsupported },
#endif
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
{ "rekeylimit", oRekeyLimit },
{ "connecttimeout", oConnectTimeout },

View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.110 2003/10/14 19:42:10 jakob Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -32,9 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
#ifdef SMARTCARD
#include "scard.h"
#endif
#ifdef DNS
#include "dns.h"
#endif
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
int bits = 1024;
@ -625,7 +623,6 @@ do_change_passphrase(struct passwd *pw)
exit(0);
}
#ifdef DNS
/*
* Print the SSHFP RR.
*/
@ -655,7 +652,6 @@ do_print_resource_record(struct passwd *pw, char *hostname)
printf("failed to read v2 public key from %s.\n", identity_file);
exit(1);
}
#endif /* DNS */
/*
* Change the comment of a private key file.
@ -774,9 +770,7 @@ usage(void)
fprintf(stderr, " -C comment Provide new comment.\n");
fprintf(stderr, " -N phrase Provide new passphrase.\n");
fprintf(stderr, " -P phrase Provide old passphrase.\n");
#ifdef DNS
fprintf(stderr, " -r hostname Print DNS resource record.\n");
#endif /* DNS */
#ifdef SMARTCARD
fprintf(stderr, " -D reader Download public key from smartcard.\n");
fprintf(stderr, " -U reader Upload private key to smartcard.\n");
@ -959,11 +953,7 @@ main(int ac, char **av)
if (print_public)
do_print_public(pw);
if (resource_record_hostname != NULL) {
#ifdef DNS
do_print_resource_record(pw, resource_record_hostname);
#else /* DNS */
fatal("no DNS support.");
#endif /* DNS */
}
if (reader_id != NULL) {
#ifdef SMARTCARD

View File

@ -13,7 +13,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $");
#include <openssl/bn.h>
@ -33,16 +33,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
#include "misc.h"
#include "readpass.h"
#ifdef DNS
#include "dns.h"
#endif
char *client_version_string = NULL;
char *server_version_string = NULL;
#ifdef DNS
int verified_host_key_dns = 0;
#endif
/* import */
extern Options options;
@ -730,7 +726,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
/* The default */
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
msg2[0] = '\0';
#ifdef DNS
if (options.verify_host_key_dns) {
if (verified_host_key_dns)
snprintf(msg2, sizeof(msg2),
@ -741,7 +736,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
"No matching host key fingerprint"
" found in DNS.\n");
}
#endif
snprintf(msg, sizeof(msg),
"The authenticity of host '%.200s (%s)' can't be "
"established%s\n"
@ -908,7 +902,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
{
struct stat st;
#ifdef DNS
if (options.verify_host_key_dns) {
switch(verify_host_key_dns(host, hostaddr, host_key)) {
case DNS_VERIFY_OK:
@ -927,7 +920,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
break;
}
}
#endif /* DNS */
/* return ok if the key can be found in an old keyfile */
if (stat(options.system_hostfile2, &st) == 0 ||