svnno****@sourc*****
svnno****@sourc*****
2015年 5月 1日 (金) 16:44:22 JST
Revision: 5843 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/5843 Author: yutakapon Date: 2015-05-01 16:44:21 +0900 (Fri, 01 May 2015) Log Message: ----------- チケット #35047 SSH サーバホスト公開鍵の自動更新 公開鍵の重複チェックを行う関数を HOSTS_compare_public_key() として切り出した。 Ticket Links: ------------ http://sourceforge.jp/projects/ttssh2/tracker/detail/35047 Modified Paths: -------------- trunk/ttssh2/ttxssh/hosts.c trunk/ttssh2/ttxssh/hosts.h trunk/ttssh2/ttxssh/key.c -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/hosts.c =================================================================== --- trunk/ttssh2/ttxssh/hosts.c 2015-05-01 07:39:45 UTC (rev 5842) +++ trunk/ttssh2/ttxssh/hosts.c 2015-05-01 07:44:21 UTC (rev 5843) @@ -781,11 +781,14 @@ } } -// \x8C\xF6\x8AJ\x8C\xAE\x82\xAA\x93\x99\x82\xB5\x82\xA2\x82\xA9\x82\xF0\x8C\x9F\x8F\xB7\x82\xE9 + +// \x8C\xF6\x8AJ\x8C\xAE\x82̔\xE4\x8Ar\x82\xF0\x8Ds\x82\xA4\x81B +// +// return // -1 ... \x8C\xAE\x82̌^\x82\xAA\x88Ⴄ // 0 ... \x93\x99\x82\xB5\x82\xAD\x82Ȃ\xA2 // 1 ... \x93\x99\x82\xB5\x82\xA2 -static int match_key(PTInstVar pvar, Key *key) +int HOSTS_compare_public_key(Key *src, Key *key) { int bits; unsigned char FAR * exp; @@ -794,7 +797,7 @@ const EC_POINT *pa, *pb; Key *a, *b; - if (pvar->hosts_state.hostkey.type != key->type) { + if (src->type != key->type) { return -1; } @@ -805,46 +808,55 @@ mod = key->mod; /* just check for equal exponent and modulus */ - return equal_mp_ints(exp, pvar->hosts_state.hostkey.exp) - && equal_mp_ints(mod, pvar->hosts_state.hostkey.mod); + return equal_mp_ints(exp, src->exp) + && equal_mp_ints(mod, src->mod); /* return equal_mp_ints(exp, pvar->hosts_state.key_exp) - && equal_mp_ints(mod, pvar->hosts_state.key_mod); - */ + && equal_mp_ints(mod, pvar->hosts_state.key_mod); + */ case KEY_RSA: // SSH2 RSA host public key - return key->rsa != NULL && pvar->hosts_state.hostkey.rsa != NULL && - BN_cmp(key->rsa->e, pvar->hosts_state.hostkey.rsa->e) == 0 && - BN_cmp(key->rsa->n, pvar->hosts_state.hostkey.rsa->n) == 0; + return key->rsa != NULL && src->rsa != NULL && + BN_cmp(key->rsa->e, src->rsa->e) == 0 && + BN_cmp(key->rsa->n, src->rsa->n) == 0; case KEY_DSA: // SSH2 DSA host public key - return key->dsa != NULL && pvar->hosts_state.hostkey.dsa && - BN_cmp(key->dsa->p, pvar->hosts_state.hostkey.dsa->p) == 0 && - BN_cmp(key->dsa->q, pvar->hosts_state.hostkey.dsa->q) == 0 && - BN_cmp(key->dsa->g, pvar->hosts_state.hostkey.dsa->g) == 0 && - BN_cmp(key->dsa->pub_key, pvar->hosts_state.hostkey.dsa->pub_key) == 0; + return key->dsa != NULL && src->dsa && + BN_cmp(key->dsa->p, src->dsa->p) == 0 && + BN_cmp(key->dsa->q, src->dsa->q) == 0 && + BN_cmp(key->dsa->g, src->dsa->g) == 0 && + BN_cmp(key->dsa->pub_key, src->dsa->pub_key) == 0; case KEY_ECDSA256: case KEY_ECDSA384: case KEY_ECDSA521: - if (key->ecdsa == NULL || pvar->hosts_state.hostkey.ecdsa == NULL) { + if (key->ecdsa == NULL || src->ecdsa == NULL) { return FALSE; } group = EC_KEY_get0_group(key->ecdsa); pa = EC_KEY_get0_public_key(key->ecdsa), - pb = EC_KEY_get0_public_key(pvar->hosts_state.hostkey.ecdsa); + pb = EC_KEY_get0_public_key(src->ecdsa); return EC_POINT_cmp(group, pa, pb, NULL) == 0; case KEY_ED25519: a = key; - b = &pvar->hosts_state.hostkey; + b = src; return a->ed25519_pk != NULL && b->ed25519_pk != NULL && - memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0; + memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0; default: return FALSE; } +} + +// \x8C\xF6\x8AJ\x8C\xAE\x82\xAA\x93\x99\x82\xB5\x82\xA2\x82\xA9\x82\xF0\x8C\x9F\x8F\xB7\x82\xE9 +// -1 ... \x8C\xAE\x82̌^\x82\xAA\x88Ⴄ +// 0 ... \x93\x99\x82\xB5\x82\xAD\x82Ȃ\xA2 +// 1 ... \x93\x99\x82\xB5\x82\xA2 +static int match_key(PTInstVar pvar, Key *key) +{ + return HOSTS_compare_public_key(&pvar->hosts_state.hostkey, key); } static void init_hosts_dlg(PTInstVar pvar, HWND dlg) Modified: trunk/ttssh2/ttxssh/hosts.h =================================================================== --- trunk/ttssh2/ttxssh/hosts.h 2015-05-01 07:39:45 UTC (rev 5842) +++ trunk/ttssh2/ttxssh/hosts.h 2015-05-01 07:44:21 UTC (rev 5843) @@ -71,4 +71,6 @@ int uudecode(unsigned char *src, int srclen, unsigned char *target, int targsize); +int HOSTS_compare_public_key(Key *src, Key *key); + #endif Modified: trunk/ttssh2/ttxssh/key.c =================================================================== --- trunk/ttssh2/ttxssh/key.c 2015-05-01 07:39:45 UTC (rev 5842) +++ trunk/ttssh2/ttxssh/key.c 2015-05-01 07:44:21 UTC (rev 5843) @@ -1883,18 +1883,19 @@ int success = 1; // OpenSSH 6.8\x82̎\xC0\x91\x95\x82ł́A\x8F\xED\x82ɐ\xAC\x8C\xF7\x82ŕԂ\xB7\x82悤\x82ɂȂ\xC1\x82Ă\xA2\x82邽\x82߁A // \x82\xBB\x82\xEA\x82ɍ\x87\x82킹\x82\xC4 Tera Term \x82ł\xE0\x90\xAC\x8C\xF7\x82ƕԂ\xB7\x82\xB1\x82Ƃɂ\xB7\x82\xE9\x81B int len; + size_t i; char *cp, *fp; char msg[128]; unsigned char *blob = NULL; buffer_t *b = NULL; struct hostkeys_update_ctx *ctx = NULL; - Key *key = NULL; + Key *key = NULL, **tmp; // Tera Term\x82̐ݒ\xE8\x82ŁA\x93\x96\x8AY\x8B@\x94\\x82̃I\x83\x93\x83I\x83t\x82𐧌\xE4\x82ł\xAB\x82\xE9\x82悤\x82ɂ\xB7\x82\xE9\x81B if (pvar->settings.UpdateHostkeys == 0) { _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Hostkey was not updated because ts.UpdateHostkeys is disabled."); notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE); - goto error; + return 1; } ctx = calloc(1, sizeof(struct hostkeys_update_ctx)); @@ -1916,7 +1917,7 @@ key = key_from_blob(blob, len); if (key == NULL) { _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Not found host key into blob %p (%d)", blob, len); - notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE); + notify_verbose_message(pvar, msg, LOG_LEVEL_ERROR); goto error; } free(blob); @@ -1936,9 +1937,37 @@ continue; } + // Skip certs: Tera Term\x82ł͏ؖ\xBE\x8F\x91\x94F\x8F͖\xA2\x83T\x83|\x81[\x83g\x81B + // \x8Fd\x95\xA1\x82\xB5\x82\xBD\x83L\x81[\x82\xF0\x8E\xF3\x90M\x82\xB5\x82\xBD\x82\xE7\x83G\x83\x89\x81[\x82Ƃ\xB7\x82\xE9\x81B + for (i = 0; i < ctx->nkeys; i++) { + if (HOSTS_compare_public_key(key, ctx->keys[i]) == 1) { + _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Received duplicated %s host key", + get_sshname_from_key(key)); + notify_verbose_message(pvar, msg, LOG_LEVEL_ERROR); + goto error; + } + } + + // \x83L\x81[\x82\xF0\x93o\x98^\x82\xB7\x82\xE9\x81B + tmp = realloc(ctx->keys, (ctx->nkeys + 1)*sizeof(*ctx->keys)); + if (tmp == NULL) { + _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Not memory: realloc ctx->keys %d", + ctx->nkeys); + notify_verbose_message(pvar, msg, LOG_LEVEL_FATAL); + goto error; + } + ctx->keys = tmp; + ctx->keys[ctx->nkeys++] = key; + key = NULL; } + if (ctx->nkeys == 0) { + _snprintf_s(msg, sizeof(msg), _TRUNCATE, "No host rotation key"); + notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE); + goto error; + } + success = 1; error: