svnno****@sourc*****
svnno****@sourc*****
2015年 5月 5日 (火) 02:19:06 JST
Revision: 5847 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/5847 Author: yutakapon Date: 2015-05-05 02:18:56 +0900 (Tue, 05 May 2015) Log Message: ----------- チケット #35047 SSH サーバホスト公開鍵の自動更新 サーバから送られてきた鍵候補群と、known_hosts ファイルを検索し、 鍵のマッチングを行うようにした。 Ticket Links: ------------ http://sourceforge.jp/projects/ttssh2/tracker/detail/35047 Modified Paths: -------------- trunk/ttssh2/ttxssh/hosts.c trunk/ttssh2/ttxssh/hosts.h trunk/ttssh2/ttxssh/key.c -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/hosts.c =================================================================== --- trunk/ttssh2/ttxssh/hosts.c 2015-05-03 16:46:29 UTC (rev 5846) +++ trunk/ttssh2/ttxssh/hosts.c 2015-05-04 17:18:56 UTC (rev 5847) @@ -30,7 +30,6 @@ This code is copyright (C) 1998-1999 Robert O'Callahan. See LICENSE.TXT for the license. */ - #include "ttxssh.h" #include "util.h" #include "resource.h" @@ -778,6 +777,7 @@ int matched = 0; int keybits = 0; ssh_keytype ktype; + Key *key; *keyptr = NULL; @@ -865,16 +865,24 @@ if (!SSHv1(pvar)) { // SSH2\x90ڑ\xB1\x82ł\xA0\x82\xEA\x82Ζ\xB3\x8E\x8B\x82\xB7\x82\xE9 return index + eat_to_end_of_line(data + index); } + + key = key_new(KEY_RSA1); + key->bits = rsa1_key_bits; + index += eat_digits(data + index); index += eat_spaces(data + index); + key->exp = parse_bignum(data + index); index += eat_digits(data + index); index += eat_spaces(data + index); + key->mod = parse_bignum(data + index); + // setup + *keyptr = key; + } else { char *cp, *p; - Key *key; if (!SSHv2(pvar)) { // SSH1\x90ڑ\xB1\x82ł\xA0\x82\xEA\x82Ζ\xB3\x8E\x8B\x82\xB7\x82\xE9 return index + eat_to_end_of_line(data + index); @@ -956,11 +964,11 @@ pvar->hosts_state.file_data_index, &key); + // \x8AY\x93\x96\x82\xB7\x82錮\x82\xAA\x8C\xA9\x82\xA9\x82\xC1\x82\xBD\x82\xE7\x81A\x83R\x81[\x83\x8B\x83o\x83b\x83N\x8A\x94\x82\xF0\x8CĂяo\x82\xB7\x81B if (key != NULL) { - key = key; - key_free(key); + if (callback(key, ctx) == 0) + key_free(key); } - } success = 1; Modified: trunk/ttssh2/ttxssh/hosts.h =================================================================== --- trunk/ttssh2/ttxssh/hosts.h 2015-05-03 16:46:29 UTC (rev 5846) +++ trunk/ttssh2/ttxssh/hosts.h 2015-05-04 17:18:56 UTC (rev 5847) @@ -55,7 +55,7 @@ HWND hosts_dialog; } HOSTSState; -typedef int hostkeys_foreach_fn(void *ctx); +typedef int hostkeys_foreach_fn(Key *key, void *ctx); void HOSTS_init(PTInstVar pvar); void HOSTS_open(PTInstVar pvar); Modified: trunk/ttssh2/ttxssh/key.c =================================================================== --- trunk/ttssh2/ttxssh/key.c 2015-05-03 16:46:29 UTC (rev 5846) +++ trunk/ttssh2/ttxssh/key.c 2015-05-04 17:18:56 UTC (rev 5847) @@ -25,7 +25,6 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - #include "key.h" #include "kex.h" @@ -1872,7 +1871,48 @@ return (ret); } +// Callback function // +// argument: +// key: known_hosts\x82ɓo\x98^\x82\xB3\x82\xEA\x82Ă\xA2\x82錮 +// _ctx: \x83T\x81[\x83o\x82\xA9\x82瑗\x82\xE7\x82\xEA\x82Ă\xAB\x82\xBD\x8C\xAE\x8C\xF3\x95\xE2\x8CQ +// +// return: +// 1: deprecated key\x82̂\xBD\x82߁A\x8CĂь\xB3\x82\xC5key\x97̈\xE6\x82̉\xF0\x95\xFA\x8B֎~\x81B +// 0: \x8CĂь\xB3\x82ł\xCCkey\x97̈\xE6\x82̉\xF0\x95\xFA\x82\xAA\x95K\x97v\x81B +static int hostkeys_find(Key *key, void *_ctx) +{ + struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; + int ret = 0; + size_t i; + Key **tmp; + + // SSH1\x82͑ΏۊO\x81B + if (key->type == KEY_RSA1) + goto error; + + // \x82\xB7\x82łɓo\x98^\x8Dς݂̌\xAE\x82\xAA\x82Ȃ\xA2\x82\xA9\x82\xF0\x92T\x82\xB7\x81B + for (i = 0; i < ctx->nkeys; i++) { + if (HOSTS_compare_public_key(key, ctx->keys[i]) == 1) { + ctx->keys_seen[i] = 1; + goto error; + } + } + + // deprecated\x82Ȍ\xAE\x82́A\x8CÂ\xA2\x82\xE0\x82̃\x8A\x83X\x83g\x82ɓ\xFC\x82\xEA\x82Ă\xA8\x82\xAD\x81B + tmp = realloc(ctx->old_keys, (ctx->nold + 1)*sizeof(*ctx->old_keys)); + if (tmp != NULL) { + ctx->old_keys = tmp; + ctx->old_keys[ctx->nold++] = key; + } + + ret = 1; + +error: + return (ret); +} + +// // SSH\x83T\x81[\x83o\x83z\x83X\x83g\x8C\xAE(known_hosts)\x82̎\xA9\x93\xAE\x8DX\x90V(OpenSSH 6.8 or later: host key rotation support) // // return 1: success @@ -1968,8 +2008,15 @@ goto error; } - //HOSTS_hostkey_foreach(pvar, NULL, ctx); + if ((ctx->keys_seen = calloc(ctx->nkeys, sizeof(*ctx->keys_seen))) == NULL) { + _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Not memory: calloc ctx->keys %d", + ctx->nkeys); + notify_verbose_message(pvar, msg, LOG_LEVEL_FATAL); + goto error; + } + HOSTS_hostkey_foreach(pvar, hostkeys_find, ctx); + success = 1; error: