svnno****@sourc*****
svnno****@sourc*****
2015年 5月 1日 (金) 16:44:22 JST
Tera TermRevision: 5843
http://sourceforge.jp/projects/ttssh2/scm/svn/commits/5843
Author: yutakapon
Date: 2015-05-01 16:44:21 +0900 (Fri, 01 May 2015)
Log Message:
-----------
チケット #35047 SSH サーバホスト公開鍵の自動更新
公開鍵の重複チェックを行う関数を HOSTS_compare_public_key() として切り出した。
Ticket Links:
------------
http://sourceforge.jp/projects/ttssh2/tracker/detail/35047
Modified Paths:
--------------
trunk/ttssh2/ttxssh/hosts.c
trunk/ttssh2/ttxssh/hosts.h
trunk/ttssh2/ttxssh/key.c
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/hosts.c
===================================================================
--- trunk/ttssh2/ttxssh/hosts.c 2015-05-01 07:39:45 UTC (rev 5842)
+++ trunk/ttssh2/ttxssh/hosts.c 2015-05-01 07:44:21 UTC (rev 5843)
@@ -781,11 +781,14 @@
}
}
-// \x8C\xF6\x8AJ\x8C\xAE\x82\xAA\x93\x99\x82\xB5\x82\xA2\x82\xA9\x82\xF0\x8C\x9F\x8F\xB7\x82\xE9
+
+// \x8C\xF6\x8AJ\x8C\xAE\x82̔\xE4\x8Ar\x82\xF0\x8Ds\x82\xA4\x81B
+//
+// return
// -1 ... \x8C\xAE\x82̌^\x82\xAA\x88Ⴄ
// 0 ... \x93\x99\x82\xB5\x82\xAD\x82Ȃ\xA2
// 1 ... \x93\x99\x82\xB5\x82\xA2
-static int match_key(PTInstVar pvar, Key *key)
+int HOSTS_compare_public_key(Key *src, Key *key)
{
int bits;
unsigned char FAR * exp;
@@ -794,7 +797,7 @@
const EC_POINT *pa, *pb;
Key *a, *b;
- if (pvar->hosts_state.hostkey.type != key->type) {
+ if (src->type != key->type) {
return -1;
}
@@ -805,46 +808,55 @@
mod = key->mod;
/* just check for equal exponent and modulus */
- return equal_mp_ints(exp, pvar->hosts_state.hostkey.exp)
- && equal_mp_ints(mod, pvar->hosts_state.hostkey.mod);
+ return equal_mp_ints(exp, src->exp)
+ && equal_mp_ints(mod, src->mod);
/*
return equal_mp_ints(exp, pvar->hosts_state.key_exp)
- && equal_mp_ints(mod, pvar->hosts_state.key_mod);
- */
+ && equal_mp_ints(mod, pvar->hosts_state.key_mod);
+ */
case KEY_RSA: // SSH2 RSA host public key
- return key->rsa != NULL && pvar->hosts_state.hostkey.rsa != NULL &&
- BN_cmp(key->rsa->e, pvar->hosts_state.hostkey.rsa->e) == 0 &&
- BN_cmp(key->rsa->n, pvar->hosts_state.hostkey.rsa->n) == 0;
+ return key->rsa != NULL && src->rsa != NULL &&
+ BN_cmp(key->rsa->e, src->rsa->e) == 0 &&
+ BN_cmp(key->rsa->n, src->rsa->n) == 0;
case KEY_DSA: // SSH2 DSA host public key
- return key->dsa != NULL && pvar->hosts_state.hostkey.dsa &&
- BN_cmp(key->dsa->p, pvar->hosts_state.hostkey.dsa->p) == 0 &&
- BN_cmp(key->dsa->q, pvar->hosts_state.hostkey.dsa->q) == 0 &&
- BN_cmp(key->dsa->g, pvar->hosts_state.hostkey.dsa->g) == 0 &&
- BN_cmp(key->dsa->pub_key, pvar->hosts_state.hostkey.dsa->pub_key) == 0;
+ return key->dsa != NULL && src->dsa &&
+ BN_cmp(key->dsa->p, src->dsa->p) == 0 &&
+ BN_cmp(key->dsa->q, src->dsa->q) == 0 &&
+ BN_cmp(key->dsa->g, src->dsa->g) == 0 &&
+ BN_cmp(key->dsa->pub_key, src->dsa->pub_key) == 0;
case KEY_ECDSA256:
case KEY_ECDSA384:
case KEY_ECDSA521:
- if (key->ecdsa == NULL || pvar->hosts_state.hostkey.ecdsa == NULL) {
+ if (key->ecdsa == NULL || src->ecdsa == NULL) {
return FALSE;
}
group = EC_KEY_get0_group(key->ecdsa);
pa = EC_KEY_get0_public_key(key->ecdsa),
- pb = EC_KEY_get0_public_key(pvar->hosts_state.hostkey.ecdsa);
+ pb = EC_KEY_get0_public_key(src->ecdsa);
return EC_POINT_cmp(group, pa, pb, NULL) == 0;
case KEY_ED25519:
a = key;
- b = &pvar->hosts_state.hostkey;
+ b = src;
return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
- memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
+ memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
default:
return FALSE;
}
+}
+
+// \x8C\xF6\x8AJ\x8C\xAE\x82\xAA\x93\x99\x82\xB5\x82\xA2\x82\xA9\x82\xF0\x8C\x9F\x8F\xB7\x82\xE9
+// -1 ... \x8C\xAE\x82̌^\x82\xAA\x88Ⴄ
+// 0 ... \x93\x99\x82\xB5\x82\xAD\x82Ȃ\xA2
+// 1 ... \x93\x99\x82\xB5\x82\xA2
+static int match_key(PTInstVar pvar, Key *key)
+{
+ return HOSTS_compare_public_key(&pvar->hosts_state.hostkey, key);
}
static void init_hosts_dlg(PTInstVar pvar, HWND dlg)
Modified: trunk/ttssh2/ttxssh/hosts.h
===================================================================
--- trunk/ttssh2/ttxssh/hosts.h 2015-05-01 07:39:45 UTC (rev 5842)
+++ trunk/ttssh2/ttxssh/hosts.h 2015-05-01 07:44:21 UTC (rev 5843)
@@ -71,4 +71,6 @@
int uudecode(unsigned char *src, int srclen, unsigned char *target, int targsize);
+int HOSTS_compare_public_key(Key *src, Key *key);
+
#endif
Modified: trunk/ttssh2/ttxssh/key.c
===================================================================
--- trunk/ttssh2/ttxssh/key.c 2015-05-01 07:39:45 UTC (rev 5842)
+++ trunk/ttssh2/ttxssh/key.c 2015-05-01 07:44:21 UTC (rev 5843)
@@ -1883,18 +1883,19 @@
int success = 1; // OpenSSH 6.8\x82̎\xC0\x91\x95\x82ł́A\x8F\xED\x82ɐ\xAC\x8C\xF7\x82ŕԂ\xB7\x82悤\x82ɂȂ\xC1\x82Ă\xA2\x82邽\x82߁A
// \x82\xBB\x82\xEA\x82ɍ\x87\x82킹\x82\xC4 Tera Term \x82ł\xE0\x90\xAC\x8C\xF7\x82ƕԂ\xB7\x82\xB1\x82Ƃɂ\xB7\x82\xE9\x81B
int len;
+ size_t i;
char *cp, *fp;
char msg[128];
unsigned char *blob = NULL;
buffer_t *b = NULL;
struct hostkeys_update_ctx *ctx = NULL;
- Key *key = NULL;
+ Key *key = NULL, **tmp;
// Tera Term\x82̐ݒ\xE8\x82ŁA\x93\x96\x8AY\x8B@\x94\\x82̃I\x83\x93\x83I\x83t\x82𐧌\xE4\x82ł\xAB\x82\xE9\x82悤\x82ɂ\xB7\x82\xE9\x81B
if (pvar->settings.UpdateHostkeys == 0) {
_snprintf_s(msg, sizeof(msg), _TRUNCATE, "Hostkey was not updated because ts.UpdateHostkeys is disabled.");
notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
- goto error;
+ return 1;
}
ctx = calloc(1, sizeof(struct hostkeys_update_ctx));
@@ -1916,7 +1917,7 @@
key = key_from_blob(blob, len);
if (key == NULL) {
_snprintf_s(msg, sizeof(msg), _TRUNCATE, "Not found host key into blob %p (%d)", blob, len);
- notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
+ notify_verbose_message(pvar, msg, LOG_LEVEL_ERROR);
goto error;
}
free(blob);
@@ -1936,9 +1937,37 @@
continue;
}
+ // Skip certs: Tera Term\x82ł͏ؖ\xBE\x8F\x91\x94F\x8F͖\xA2\x83T\x83|\x81[\x83g\x81B
+ // \x8Fd\x95\xA1\x82\xB5\x82\xBD\x83L\x81[\x82\xF0\x8E\xF3\x90M\x82\xB5\x82\xBD\x82\xE7\x83G\x83\x89\x81[\x82Ƃ\xB7\x82\xE9\x81B
+ for (i = 0; i < ctx->nkeys; i++) {
+ if (HOSTS_compare_public_key(key, ctx->keys[i]) == 1) {
+ _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Received duplicated %s host key",
+ get_sshname_from_key(key));
+ notify_verbose_message(pvar, msg, LOG_LEVEL_ERROR);
+ goto error;
+ }
+ }
+
+ // \x83L\x81[\x82\xF0\x93o\x98^\x82\xB7\x82\xE9\x81B
+ tmp = realloc(ctx->keys, (ctx->nkeys + 1)*sizeof(*ctx->keys));
+ if (tmp == NULL) {
+ _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Not memory: realloc ctx->keys %d",
+ ctx->nkeys);
+ notify_verbose_message(pvar, msg, LOG_LEVEL_FATAL);
+ goto error;
+ }
+ ctx->keys = tmp;
+ ctx->keys[ctx->nkeys++] = key;
+ key = NULL;
}
+ if (ctx->nkeys == 0) {
+ _snprintf_s(msg, sizeof(msg), _TRUNCATE, "No host rotation key");
+ notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
+ goto error;
+ }
+
success = 1;
error: