From dda19d63ffeed569c57f4b9359bc358abe690d23 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 15 Oct 2003 16:00:47 +1000 Subject: [PATCH] - jakob@cvs.openbsd.org 2003/10/14 19:42:10 [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] include SSHFP lookup code (not enabled by default). ok markus@ --- ChangeLog | 5 ++++- dns.c | 7 ++----- dns.h | 4 +--- readconf.c | 6 +----- ssh-keygen.c | 12 +----------- sshconnect.c | 10 +--------- 6 files changed, 10 insertions(+), 34 deletions(-) diff --git a/ChangeLog b/ChangeLog index 486a2a981..414a51f25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ - markus@cvs.openbsd.org 2003/10/13 08:22:25 [scp.1 sftp.1] don't refer to options related to forwarding; ok jmc@ + - jakob@cvs.openbsd.org 2003/10/14 19:42:10 + [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] + include SSHFP lookup code (not enabled by default). ok markus@ 20031009 - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ @@ -1347,4 +1350,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3076 2003/10/15 05:59:26 dtucker Exp $ +$Id: ChangeLog,v 1.3077 2003/10/15 06:00:47 dtucker Exp $ diff --git a/dns.c b/dns.c index 90ab5601a..2fff1b802 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $ */ +/* $OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -28,7 +28,6 @@ #include "includes.h" -#ifdef DNS #include #ifdef LWRES #include @@ -44,7 +43,7 @@ #include "uuencode.h" extern char *__progname; -RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $"); +RCSID("$OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $"); #ifndef LWRES static const char *errset_text[] = { @@ -286,5 +285,3 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) return success; } - -#endif /* DNS */ diff --git a/dns.h b/dns.h index ba0ea9fb4..1eb07d96e 100644 --- a/dns.h +++ b/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $ */ +/* $OpenBSD: dns.h,v 1.4 2003/10/14 19:42:10 jakob Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -28,7 +28,6 @@ #include "includes.h" -#ifdef DNS #ifndef DNS_H #define DNS_H @@ -54,4 +53,3 @@ int verify_host_key_dns(const char *, struct sockaddr *, Key *); int export_dns_rr(const char *, Key *, FILE *, int); #endif /* DNS_H */ -#endif /* DNS */ diff --git a/readconf.c b/readconf.c index e5f2620a7..86d28bc8d 100644 --- a/readconf.c +++ b/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.123 2003/10/11 08:24:07 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.124 2003/10/14 19:42:10 jakob Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -183,11 +183,7 @@ static struct { #endif { "clearallforwardings", oClearAllForwardings }, { "enablesshkeysign", oEnableSSHKeysign }, -#ifdef DNS { "verifyhostkeydns", oVerifyHostKeyDNS }, -#else - { "verifyhostkeydns", oUnsupported }, -#endif { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, { "rekeylimit", oRekeyLimit }, { "connecttimeout", oConnectTimeout }, diff --git a/ssh-keygen.c b/ssh-keygen.c index 5b7bc400a..4a3cf241a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.110 2003/10/14 19:42:10 jakob Exp $"); #include #include @@ -32,9 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $"); #ifdef SMARTCARD #include "scard.h" #endif -#ifdef DNS #include "dns.h" -#endif /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ int bits = 1024; @@ -625,7 +623,6 @@ do_change_passphrase(struct passwd *pw) exit(0); } -#ifdef DNS /* * Print the SSHFP RR. */ @@ -655,7 +652,6 @@ do_print_resource_record(struct passwd *pw, char *hostname) printf("failed to read v2 public key from %s.\n", identity_file); exit(1); } -#endif /* DNS */ /* * Change the comment of a private key file. @@ -774,9 +770,7 @@ usage(void) fprintf(stderr, " -C comment Provide new comment.\n"); fprintf(stderr, " -N phrase Provide new passphrase.\n"); fprintf(stderr, " -P phrase Provide old passphrase.\n"); -#ifdef DNS fprintf(stderr, " -r hostname Print DNS resource record.\n"); -#endif /* DNS */ #ifdef SMARTCARD fprintf(stderr, " -D reader Download public key from smartcard.\n"); fprintf(stderr, " -U reader Upload private key to smartcard.\n"); @@ -959,11 +953,7 @@ main(int ac, char **av) if (print_public) do_print_public(pw); if (resource_record_hostname != NULL) { -#ifdef DNS do_print_resource_record(pw, resource_record_hostname); -#else /* DNS */ - fatal("no DNS support."); -#endif /* DNS */ } if (reader_id != NULL) { #ifdef SMARTCARD diff --git a/sshconnect.c b/sshconnect.c index f29ac8088..2c028f3a6 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $"); #include @@ -33,16 +33,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $"); #include "misc.h" #include "readpass.h" -#ifdef DNS #include "dns.h" -#endif char *client_version_string = NULL; char *server_version_string = NULL; -#ifdef DNS int verified_host_key_dns = 0; -#endif /* import */ extern Options options; @@ -730,7 +726,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, /* The default */ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); msg2[0] = '\0'; -#ifdef DNS if (options.verify_host_key_dns) { if (verified_host_key_dns) snprintf(msg2, sizeof(msg2), @@ -741,7 +736,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, "No matching host key fingerprint" " found in DNS.\n"); } -#endif snprintf(msg, sizeof(msg), "The authenticity of host '%.200s (%s)' can't be " "established%s\n" @@ -908,7 +902,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) { struct stat st; -#ifdef DNS if (options.verify_host_key_dns) { switch(verify_host_key_dns(host, hostaddr, host_key)) { case DNS_VERIFY_OK: @@ -927,7 +920,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) break; } } -#endif /* DNS */ /* return ok if the key can be found in an old keyfile */ if (stat(options.system_hostfile2, &st) == 0 ||