]>
Commit | Line | Data |
---|---|---|
1 | typedef unsigned int __u_int; | |
2 | typedef unsigned long int __u_long; | |
3 | __extension__ typedef unsigned int __uid_t; | |
4 | __extension__ typedef long int __time_t; | |
5 | __extension__ typedef int __ssize_t; | |
6 | typedef __u_int u_int; | |
7 | typedef __u_long u_long; | |
8 | typedef __ssize_t ssize_t; | |
9 | typedef __time_t time_t; | |
10 | typedef unsigned int size_t; | |
11 | typedef unsigned int u_int32_t __attribute__ ((__mode__(__SI__))); | |
12 | typedef unsigned int u_int64_t __attribute__ ((__mode__(__DI__))); | |
13 | struct stat { | |
14 | }; | |
15 | extern int *__errno_location(void) __attribute__ ((__nothrow__, __leaf__)) | |
16 | __attribute__ ((__const__)); | |
17 | struct passwd { | |
18 | char *pw_name; | |
19 | __uid_t pw_uid; | |
20 | char *pw_dir; | |
21 | }; | |
22 | typedef struct _IO_FILE FILE; | |
23 | extern struct _IO_FILE *stdin; | |
24 | extern struct _IO_FILE *stdout; | |
25 | extern struct _IO_FILE *stderr; | |
26 | typedef struct { | |
27 | } Buffer; | |
28 | typedef struct bignum_st BIGNUM; | |
29 | extern ssize_t write(int __fd, const void *__buf, size_t __n) | |
30 | __attribute__ ((__warn_unused_result__)); | |
31 | typedef struct Key Key; | |
32 | enum types { | |
33 | KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, KEY_ED25519, KEY_RSA_CERT, | |
34 | KEY_DSA_CERT, KEY_ECDSA_CERT, KEY_ED25519_CERT, KEY_RSA_CERT_V00, | |
35 | KEY_DSA_CERT_V00, KEY_UNSPEC | |
36 | }; | |
37 | enum fp_type { | |
38 | SSH_FP_SHA1, SSH_FP_MD5, SSH_FP_SHA256 | |
39 | }; | |
40 | enum fp_rep { | |
41 | SSH_FP_HEX, SSH_FP_BUBBLEBABBLE, SSH_FP_RANDOMART | |
42 | }; | |
43 | struct KeyCert { | |
44 | u_int64_t serial; | |
45 | char *key_id; | |
46 | u_int nprincipals; | |
47 | char **principals; | |
48 | u_int64_t valid_after, valid_before; | |
49 | Buffer critical; | |
50 | Buffer extensions; | |
51 | Key *signature_key; | |
52 | }; | |
53 | struct Key { | |
54 | int type; | |
55 | struct KeyCert *cert; | |
56 | }; | |
57 | typedef enum { | |
58 | SYSLOG_FACILITY_DAEMON, SYSLOG_FACILITY_USER, SYSLOG_FACILITY_AUTH, | |
59 | SYSLOG_FACILITY_LOCAL0, SYSLOG_FACILITY_LOCAL1, | |
60 | SYSLOG_FACILITY_LOCAL2, SYSLOG_FACILITY_LOCAL3, | |
61 | SYSLOG_FACILITY_LOCAL4, SYSLOG_FACILITY_LOCAL5, | |
62 | SYSLOG_FACILITY_LOCAL6, SYSLOG_FACILITY_LOCAL7, | |
63 | SYSLOG_FACILITY_NOT_SET = -1 | |
64 | } SyslogFacility; | |
65 | typedef enum { | |
66 | SYSLOG_LEVEL_QUIET, SYSLOG_LEVEL_FATAL, SYSLOG_LEVEL_ERROR, | |
67 | SYSLOG_LEVEL_INFO, SYSLOG_LEVEL_VERBOSE, SYSLOG_LEVEL_DEBUG1, | |
68 | SYSLOG_LEVEL_DEBUG2, SYSLOG_LEVEL_DEBUG3, SYSLOG_LEVEL_NOT_SET = -1 | |
69 | } LogLevel; | |
70 | u_int32_t bits = 0; | |
71 | int change_passphrase = 0; | |
72 | int change_comment = 0; | |
73 | int quiet = 0; | |
74 | int log_level = SYSLOG_LEVEL_INFO; | |
75 | int hash_hosts = 0; | |
76 | int find_host = 0; | |
77 | int delete_host = 0; | |
78 | int show_cert = 0; | |
79 | int print_fingerprint = 0; | |
80 | int print_bubblebabble = 0; | |
81 | char identity_file[1024]; | |
82 | int have_identity = 0; | |
83 | char *identity_passphrase = ((void *)0); | |
84 | char *identity_new_passphrase = ((void *)0); | |
85 | char *identity_comment = ((void *)0); | |
86 | char *ca_key_path = ((void *)0); | |
87 | unsigned long long cert_serial = 0; | |
88 | u_int cert_key_type = 1; | |
89 | char *cert_key_id = ((void *)0); | |
90 | char *cert_principals = ((void *)0); | |
91 | u_int32_t certflags_flags = ((1) | (1 << 1) | (1 << 2) | (1 << 3) | (1 << 4)); | |
92 | int convert_to = 0; | |
93 | int convert_from = 0; | |
94 | enum { | |
95 | FMT_RFC4716, FMT_PKCS8, FMT_PEM | |
96 | } convert_format = FMT_RFC4716; | |
97 | int print_public = 0; | |
98 | int print_generic = 0; | |
99 | char *key_type_name = ((void *)0); | |
100 | char *pkcs11provider = ((void *)0); | |
101 | int use_new_format = 0; | |
102 | char *new_format_cipher = ((void *)0); | |
103 | int rounds = 0; | |
104 | extern char *__progname; | |
105 | char hostname[64]; | |
106 | static void do_download(struct passwd *pw) | |
107 | { | |
108 | Key **keys = ((void *)0); | |
109 | int i, nkeys; | |
110 | enum fp_rep rep; | |
111 | enum fp_type fptype; | |
112 | char *fp, *ra; | |
113 | fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; | |
114 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; | |
115 | pkcs11_init(0); | |
116 | nkeys = pkcs11_add_provider(pkcs11provider, ((void *)0), &keys); | |
117 | if (nkeys <= 0) | |
118 | fatal("cannot read public key from pkcs11"); | |
119 | for (i = 0; i < nkeys; i++) { | |
120 | if (print_fingerprint) { | |
121 | fp = key_fingerprint(keys[i], fptype, rep); | |
122 | ra = key_fingerprint(keys[i], SSH_FP_MD5, | |
123 | SSH_FP_RANDOMART); | |
124 | printf("%u %s %s (PKCS11 key)\n", key_size(keys[i]), fp, | |
125 | key_type(keys[i])); | |
126 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | |
127 | printf("%s\n", ra); | |
128 | free(ra); | |
129 | free(fp); | |
130 | key_write(keys[i], stdout); | |
131 | fprintf(stdout, "\n"); | |
132 | } | |
133 | key_free(keys[i]); | |
134 | } | |
135 | free(keys); | |
136 | exit(0); | |
137 | } | |
138 | ||
139 | static void do_fingerprint(struct passwd *pw) | |
140 | { | |
141 | FILE *f; | |
142 | Key *public; | |
143 | char *comment = ((void *)0), *cp, *ep, line[16 * 1024], *fp, *ra; | |
144 | int i, skip = 0, num = 0, invalid = 1; | |
145 | enum fp_rep rep; | |
146 | enum fp_type fptype; | |
147 | struct stat st; | |
148 | fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; | |
149 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; | |
150 | if (!have_identity) | |
151 | ask_filename(pw, "Enter file in which the key is"); | |
152 | if (stat(identity_file, &st) < 0) { | |
153 | perror(identity_file); | |
154 | exit(1); | |
155 | } | |
156 | public = key_load_public(identity_file, &comment); | |
157 | if (public != ((void *)0)) { | |
158 | fp = key_fingerprint(public, fptype, rep); | |
159 | ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); | |
160 | printf("%u %s %s (%s)\n", key_size(public), fp, comment, | |
161 | key_type(public)); | |
162 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | |
163 | printf("%s\n", ra); | |
164 | key_free(public); | |
165 | free(comment); | |
166 | free(ra); | |
167 | free(fp); | |
168 | exit(0); | |
169 | } | |
170 | if (comment) { | |
171 | free(comment); | |
172 | } | |
173 | if ((f = fopen(identity_file, "r")) == ((void *)0)) | |
174 | fatal("%s: %s: %s", __progname, identity_file, | |
175 | strerror((*__errno_location()))); | |
176 | while (fgets(line, sizeof(line), f)) { | |
177 | if ((cp = | |
178 | (__extension__ | |
179 | (__builtin_constant_p('\n') && !__builtin_constant_p(line) | |
180 | && ('\n') == '\0' ? (char *)__rawmemchr(line, | |
181 | '\n') : | |
182 | __builtin_strchr(line, '\n')))) == ((void *)0)) { | |
183 | error("line %d too long: %.40s...", num + 1, line); | |
184 | skip = 1; | |
185 | } | |
186 | num++; | |
187 | if (skip) { | |
188 | continue; | |
189 | } | |
190 | *cp = '\0'; | |
191 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; | |
192 | if (!*cp || *cp == '\n' || *cp == '#') | |
193 | continue; | |
194 | i = strtol(cp, &ep, 10); | |
195 | if (i == 0 || ep == ((void *)0) || (*ep != ' ' && *ep != '\t')) { | |
196 | int quoted = 0; | |
197 | comment = cp; | |
198 | for (; | |
199 | *cp && (quoted || (*cp != ' ' && *cp != '\t')); | |
200 | cp++) { | |
201 | if (*cp == '\\' && cp[1] == '"') | |
202 | cp++; | |
203 | else if (*cp == '"') | |
204 | quoted = !quoted; | |
205 | } | |
206 | if (!*cp) | |
207 | continue; | |
208 | *cp++ = '\0'; | |
209 | } | |
210 | ep = cp; | |
211 | public = key_new(KEY_RSA1); | |
212 | if (key_read(public, &cp) != 1) { | |
213 | cp = ep; | |
214 | key_free(public); | |
215 | public = key_new(KEY_UNSPEC); | |
216 | if (key_read(public, &cp) != 1) { | |
217 | key_free(public); | |
218 | } | |
219 | } | |
220 | comment = *cp ? cp : comment; | |
221 | fp = key_fingerprint(public, fptype, rep); | |
222 | ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); | |
223 | printf("%u %s %s (%s)\n", key_size(public), fp, | |
224 | comment ? comment : "no comment", key_type(public)); | |
225 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | |
226 | printf("%s\n", ra); | |
227 | free(ra); | |
228 | free(fp); | |
229 | key_free(public); | |
230 | invalid = 0; | |
231 | } | |
232 | fclose(f); | |
233 | if (invalid) { | |
234 | printf("%s is not a public key file.\n", identity_file); | |
235 | exit(1); | |
236 | } | |
237 | } | |
238 | ||
239 | static void do_gen_all_hostkeys(struct passwd *pw) | |
240 | { | |
241 | struct { | |
242 | char *key_type; | |
243 | char *key_type_display; | |
244 | char *path; | |
245 | } key_types[] = { | |
246 | { | |
247 | "rsa1", "RSA1", "/etc/ssh" "/ssh_host_key"} | |
248 | , { | |
249 | "rsa", "RSA", "/etc/ssh" "/ssh_host_rsa_key"} | |
250 | , { | |
251 | ((void *)0), ((void *)0), ((void *)0)} | |
252 | }; | |
253 | int first = 0; | |
254 | struct stat st; | |
255 | Key *private, *public; | |
256 | char comment[1024]; | |
257 | int i, type, fd; | |
258 | FILE *f; | |
259 | for (i = 0; key_types[i].key_type; i++) { | |
260 | if (stat(key_types[i].path, &st) == 0) | |
261 | continue; | |
262 | if ((*__errno_location()) != 2) { | |
263 | printf("Could not stat %s: %s", key_types[i].path, | |
264 | strerror((*__errno_location()))); | |
265 | } | |
266 | if (first == 0) { | |
267 | first = 1; | |
268 | printf("%s: generating new host keys: ", __progname); | |
269 | } | |
270 | printf("%s ", key_types[i].key_type_display); | |
271 | fflush(stdout); | |
272 | type = key_type_from_name(key_types[i].key_type); | |
273 | strlcpy(identity_file, key_types[i].path, | |
274 | sizeof(identity_file)); | |
275 | bits = 0; | |
276 | type_bits_valid(type, &bits); | |
277 | private = key_generate(type, bits); | |
278 | if (private == ((void *)0)) { | |
279 | fprintf(stderr, "key_generate failed\n"); | |
280 | } | |
281 | public = key_from_private(private); | |
282 | snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, | |
283 | hostname); | |
284 | if (!key_save_private | |
285 | (private, identity_file, "", comment, use_new_format, | |
286 | new_format_cipher, rounds)) { | |
287 | printf("Saving the key failed: %s.\n", identity_file); | |
288 | key_free(private); | |
289 | key_free(public); | |
290 | } | |
291 | key_free(private); | |
292 | strlcat(identity_file, ".pub", sizeof(identity_file)); | |
293 | fd = open(identity_file, 01 | 00000400 | 01000, 0644); | |
294 | if (fd == -1) { | |
295 | printf("Could not save your public key in %s\n", | |
296 | identity_file); | |
297 | key_free(public); | |
298 | } | |
299 | f = fdopen(fd, "w"); | |
300 | if (f == ((void *)0)) { | |
301 | printf("fdopen %s failed\n", identity_file); | |
302 | key_free(public); | |
303 | } | |
304 | if (!key_write(public, f)) { | |
305 | fprintf(stderr, "write key failed\n"); | |
306 | key_free(public); | |
307 | } | |
308 | fprintf(f, " %s\n", comment); | |
309 | fclose(f); | |
310 | key_free(public); | |
311 | } | |
312 | if (first != 0) | |
313 | printf("\n"); | |
314 | } | |
315 | ||
316 | static void do_known_hosts(struct passwd *pw, const char *name) | |
317 | { | |
318 | FILE *in, *out = stdout; | |
319 | Key *pub; | |
320 | char *cp, *cp2, *kp, *kp2; | |
321 | char line[16 * 1024], tmp[4096], old[4096]; | |
322 | int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0; | |
323 | int ca; | |
324 | int found_key = 0; | |
325 | if (!have_identity) { | |
326 | cp = tilde_expand_filename("~/" ".ssh" "/known_hosts", | |
327 | pw->pw_uid); | |
328 | if (strlcpy(identity_file, cp, sizeof(identity_file)) >= | |
329 | sizeof(identity_file)) | |
330 | fatal("Specified known hosts path too long"); | |
331 | free(cp); | |
332 | } | |
333 | if ((in = fopen(identity_file, "r")) == ((void *)0)) | |
334 | fatal("%s: %s: %s", __progname, identity_file, | |
335 | strerror((*__errno_location()))); | |
336 | if (!find_host && (hash_hosts || delete_host)) { | |
337 | if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) | |
338 | || strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) | |
339 | || strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) | |
340 | || strlcat(old, ".old", sizeof(old)) >= sizeof(old)) | |
341 | fatal("known_hosts path too long"); | |
342 | umask(077); | |
343 | if ((c = mkstemp(tmp)) == -1) | |
344 | fatal("mkstemp: %s", strerror((*__errno_location()))); | |
345 | if ((out = fdopen(c, "w")) == ((void *)0)) { | |
346 | c = (*__errno_location()); | |
347 | unlink(tmp); | |
348 | fatal("fdopen: %s", strerror(c)); | |
349 | } | |
350 | inplace = 1; | |
351 | } | |
352 | while (fgets(line, sizeof(line), in)) { | |
353 | if ((cp = | |
354 | (__extension__ | |
355 | (__builtin_constant_p('\n') && !__builtin_constant_p(line) | |
356 | && ('\n') == '\0' ? (char *)__rawmemchr(line, | |
357 | '\n') : | |
358 | __builtin_strchr(line, '\n')))) == ((void *)0)) { | |
359 | error("line %d too long: %.40s...", num + 1, line); | |
360 | skip = 1; | |
361 | invalid = 1; | |
362 | continue; | |
363 | } | |
364 | num++; | |
365 | if (skip) { | |
366 | continue; | |
367 | } | |
368 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; | |
369 | if (!*cp || *cp == '\n' || *cp == '#') { | |
370 | if (inplace) | |
371 | fprintf(out, "%s\n", cp); | |
372 | } | |
373 | if (strncasecmp | |
374 | (cp, "@cert-authority", sizeof("@cert-authority") - 1) == 0 | |
375 | && (cp[sizeof("@cert-authority") - 1] == ' ' | |
376 | || cp[sizeof("@cert-authority") - 1] == '\t')) { | |
377 | ca = 1; | |
378 | cp += sizeof("@cert-authority"); | |
379 | } else | |
380 | ca = 0; | |
381 | for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++) ; | |
382 | if (*kp == '\0' || *(kp + 1) == '\0') { | |
383 | error("line %d missing key: %.40s...", num, line); | |
384 | } | |
385 | *kp++ = '\0'; | |
386 | pub = key_new(KEY_RSA1); | |
387 | if (key_read(pub, &kp) != 1) { | |
388 | kp = kp2; | |
389 | key_free(pub); | |
390 | pub = key_new(KEY_UNSPEC); | |
391 | if (key_read(pub, &kp) != 1) { | |
392 | error("line %d invalid key: %.40s...", num, | |
393 | line); | |
394 | key_free(pub); | |
395 | } | |
396 | } | |
397 | if (*cp == '|') { | |
398 | if (find_host || delete_host) { | |
399 | cp2 = host_hash(name, cp, strlen(cp)); | |
400 | if (cp2 == ((void *)0)) { | |
401 | error("line %d: invalid hashed " | |
402 | "name: %.64s...", num, line); | |
403 | } | |
404 | c = (__extension__( { | |
405 | size_t __s1_len, __s2_len; | |
406 | (__builtin_constant_p(cp2) | |
407 | && __builtin_constant_p(cp) | |
408 | && (__s1_len = | |
409 | strlen(cp2), __s2_len = | |
410 | strlen(cp), | |
411 | (!((size_t) | |
412 | (const void *)((cp2) | |
413 | + 1) - | |
414 | (size_t) (const void | |
415 | *)(cp2) == | |
416 | 1) || __s1_len >= 4) | |
417 | && | |
418 | (!((size_t) | |
419 | (const void *)((cp) + | |
420 | 1) - | |
421 | (size_t) (const void | |
422 | *)(cp) == | |
423 | 1) | |
424 | || __s2_len >= | |
425 | 4)) ? | |
426 | __builtin_strcmp(cp2, | |
427 | cp) | |
428 | : (__builtin_constant_p(cp2) | |
429 | && | |
430 | ((size_t) (const void *) | |
431 | ((cp2) + 1) - | |
432 | (size_t) (const void | |
433 | *)(cp2) == 1) | |
434 | && (__s1_len = | |
435 | strlen(cp2), | |
436 | __s1_len < | |
437 | 4) | |
438 | ? (__builtin_constant_p | |
439 | (cp) | |
440 | && | |
441 | ((size_t) | |
442 | (const void *)((cp) + | |
443 | 1) - | |
444 | (size_t) (const void | |
445 | *)(cp) == | |
446 | 1) ? | |
447 | __builtin_strcmp(cp2, | |
448 | cp) | |
449 | : (__extension__( { | |
450 | const | |
451 | unsigned | |
452 | char | |
453 | *__s2 | |
454 | = | |
455 | (const | |
456 | unsigned | |
457 | char | |
458 | *) | |
459 | (const | |
460 | char | |
461 | *) | |
462 | (cp); | |
463 | register | |
464 | int | |
465 | __result | |
466 | = | |
467 | (((const unsigned char *)(const char *)(cp2))[0] - __s2[0]); if (__s1_len > 0 && __result == 0) { | |
468 | } | |
469 | __result;} | |
470 | ))): | |
471 | (__builtin_constant_p(cp) | |
472 | && | |
473 | ((size_t) (const void *) | |
474 | ((cp) + 1) - | |
475 | (size_t) (const void | |
476 | *)(cp) == 1) | |
477 | && (__s2_len = | |
478 | strlen(cp), | |
479 | __s2_len < | |
480 | 4) | |
481 | ? (__builtin_constant_p | |
482 | (cp2) | |
483 | && | |
484 | ((size_t) | |
485 | (const void *)((cp2) | |
486 | + | |
487 | 1) - | |
488 | (size_t) (const void | |
489 | *)(cp2) == | |
490 | 1) ? | |
491 | __builtin_strcmp(cp2, | |
492 | cp) | |
493 | : (__extension__( { | |
494 | const | |
495 | unsigned | |
496 | char | |
497 | *__s1 | |
498 | = | |
499 | (const | |
500 | unsigned | |
501 | char | |
502 | *) | |
503 | (const | |
504 | char | |
505 | *) | |
506 | (cp2); | |
507 | register | |
508 | int | |
509 | __result | |
510 | = | |
511 | __s1 | |
512 | [0] | |
513 | - | |
514 | ((const unsigned char *)(const char *)(cp))[0]; __result;} | |
515 | ))): | |
516 | __builtin_strcmp(cp2, | |
517 | cp))));} | |
518 | ) == 0) ; | |
519 | if (find_host && c) { | |
520 | if (!quiet) | |
521 | printf("# Host %s found: " | |
522 | "line %d type %s%s\n", | |
523 | name, num, key_type(pub), | |
524 | ca ? " (CA key)" : ""); | |
525 | printhost(out, cp, pub, ca, 0); | |
526 | found_key = 1; | |
527 | } | |
528 | if (delete_host) { | |
529 | if (!c && !ca) | |
530 | printhost(out, cp, pub, ca, 0); | |
531 | else | |
532 | printf("# Host %s found: " | |
533 | "line %d type %s\n", | |
534 | name, num, | |
535 | key_type(pub)); | |
536 | } | |
537 | } else if (hash_hosts) | |
538 | printhost(out, cp, pub, ca, 0); | |
539 | if (find_host || delete_host) { | |
540 | c = (match_hostname(name, cp, strlen(cp)) == 1); | |
541 | if (find_host && c) { | |
542 | if (!quiet) | |
543 | printf("# Host %s found: " | |
544 | "line %d type %s%s\n", | |
545 | name, num, key_type(pub), | |
546 | ca ? " (CA key)" : ""); | |
547 | printhost(out, name, pub, ca, hash_hosts | |
548 | && !ca); | |
549 | } | |
550 | if (delete_host) { | |
551 | if (!c && !ca) | |
552 | printhost(out, cp, pub, ca, 0); | |
553 | else | |
554 | printf("# Host %s found: " | |
555 | "line %d type %s\n", | |
556 | name, num, | |
557 | key_type(pub)); | |
558 | } | |
559 | } else if (hash_hosts) { | |
560 | for (cp2 = __extension__( { | |
561 | char __r0, __r1, __r2; | |
562 | (__builtin_constant_p | |
563 | (",") | |
564 | && | |
565 | ((size_t) | |
566 | (const void *)((",") | |
567 | + 1) - | |
568 | (size_t) (const void | |
569 | *)(",") == | |
570 | 1) | |
571 | && (__r0 = | |
572 | ((const char | |
573 | *)(","))[0], | |
574 | ((const char | |
575 | *)(","))[0] != | |
576 | '\0') ? ((__r1 = | |
577 | ((const | |
578 | char | |
579 | *) | |
580 | (",")) | |
581 | [1], | |
582 | ((const | |
583 | char | |
584 | *) | |
585 | (",")) | |
586 | [1] == | |
587 | '\0') ? | |
588 | __strsep_1c | |
589 | (&cp, | |
590 | __r0) | |
591 | : ((__r2 | |
592 | = | |
593 | ((const char *)(","))[2], __r2 == '\0') ? __strsep_2c(&cp, __r0, __r1) : (((const char *)(","))[3] == '\0' ? __strsep_3c(&cp, __r0, __r1, __r2) : __strsep_g(&cp, ",")))) : __strsep_g(&cp, ","));} | |
594 | ); cp2 != ((void *)0) && *cp2 != '\0'; | |
595 | cp2 = __extension__( { | |
596 | char __r0, __r1, __r2; | |
597 | (__builtin_constant_p | |
598 | (",") | |
599 | && | |
600 | ((size_t) | |
601 | (const void *)((",") | |
602 | + 1) - | |
603 | (size_t) (const void | |
604 | *)(",") == | |
605 | 1) | |
606 | && (__r0 = | |
607 | ((const char | |
608 | *)(","))[0], | |
609 | ((const char | |
610 | *)(","))[0] != | |
611 | '\0') ? ((__r1 = | |
612 | ((const | |
613 | char | |
614 | *) | |
615 | (",")) | |
616 | [1], | |
617 | ((const | |
618 | char | |
619 | *) | |
620 | (",")) | |
621 | [1] == | |
622 | '\0') ? | |
623 | __strsep_1c | |
624 | (&cp, | |
625 | __r0) | |
626 | : ((__r2 | |
627 | = | |
628 | ((const char *)(","))[2], __r2 == '\0') ? __strsep_2c(&cp, __r0, __r1) : (((const char *)(","))[3] == '\0' ? __strsep_3c(&cp, __r0, __r1, __r2) : __strsep_g(&cp, ",")))) : __strsep_g(&cp, ","));} | |
629 | )) { | |
630 | if (ca) { | |
631 | fprintf(stderr, | |
632 | "Warning: " | |
633 | "ignoring CA key for host: " | |
634 | "%.64s\n", cp2); | |
635 | printhost(out, cp2, pub, ca, 0); | |
636 | } else if (__extension__( { | |
637 | char __r0, | |
638 | __r1, __r2; | |
639 | (__builtin_constant_p | |
640 | ("*?!") | |
641 | && | |
642 | ((size_t) | |
643 | (const void | |
644 | *)(("*?!") + | |
645 | 1) - | |
646 | (size_t) | |
647 | (const void | |
648 | *)("*?!") == | |
649 | 1) | |
650 | ? ((__builtin_constant_p(cp2) && ((size_t) (const void *)((cp2) + 1) - (size_t) (const void *)(cp2) == 1)) ? __builtin_strcspn(cp2, "*?!") : ((__r0 = ((const char *)("*?!"))[0], __r0 == '\0') ? strlen(cp2) : ((__r1 = ((const char *)("*?!"))[1], __r1 == '\0') ? __strcspn_c1(cp2, __r0) : ((__r2 = ((const char *)("*?!"))[2], __r2 == '\0') ? __strcspn_c2(cp2, __r0, __r1) : (((const char *)("*?!"))[3] == '\0' ? __strcspn_c3(cp2, __r0, __r1, __r2) : __builtin_strcspn(cp2, "*?!")))))) : __builtin_strcspn(cp2, "*?!"));} | |
651 | ) != strlen(cp2)) { | |
652 | fprintf(stderr, | |
653 | "Warning: " | |
654 | "ignoring host name with " | |
655 | "metacharacters: %.64s\n", | |
656 | cp2); | |
657 | printhost(out, cp2, pub, ca, 0); | |
658 | } else | |
659 | printhost(out, cp2, pub, ca, 1); | |
660 | } | |
661 | has_unhashed = 1; | |
662 | } | |
663 | } | |
664 | key_free(pub); | |
665 | } | |
666 | fclose(in); | |
667 | if (invalid) { | |
668 | fprintf(stderr, "%s is not a valid known_hosts file.\n", | |
669 | identity_file); | |
670 | if (inplace) { | |
671 | fprintf(stderr, | |
672 | "Not replacing existing known_hosts " | |
673 | "file because of errors\n"); | |
674 | fclose(out); | |
675 | unlink(tmp); | |
676 | } | |
677 | exit(1); | |
678 | } | |
679 | if (inplace) { | |
680 | fclose(out); | |
681 | if (unlink(old) == -1 && (*__errno_location()) != 2) | |
682 | fatal("unlink %.100s: %s", old, | |
683 | strerror((*__errno_location()))); | |
684 | if (link(identity_file, old) == -1) | |
685 | fatal("link %.100s to %.100s: %s", identity_file, old, | |
686 | strerror((*__errno_location()))); | |
687 | if (rename(tmp, identity_file) == -1) { | |
688 | error("rename\"%s\" to \"%s\": %s", tmp, identity_file, | |
689 | strerror((*__errno_location()))); | |
690 | unlink(tmp); | |
691 | unlink(old); | |
692 | exit(1); | |
693 | } | |
694 | fprintf(stderr, "%s updated.\n", identity_file); | |
695 | fprintf(stderr, "Original contents retained as %s\n", old); | |
696 | if (has_unhashed) { | |
697 | fprintf(stderr, | |
698 | "WARNING: %s contains unhashed " "entries\n", | |
699 | old); | |
700 | fprintf(stderr, | |
701 | "Delete this file to ensure privacy " | |
702 | "of hostnames\n"); | |
703 | } | |
704 | } | |
705 | exit(find_host && !found_key); | |
706 | } | |
707 | ||
708 | static void do_change_passphrase(struct passwd *pw) | |
709 | { | |
710 | char *comment; | |
711 | char *old_passphrase, *passphrase1, *passphrase2; | |
712 | struct stat st; | |
713 | Key *private; | |
714 | if (!have_identity) | |
715 | ask_filename(pw, "Enter file in which the key is"); | |
716 | if (stat(identity_file, &st) < 0) { | |
717 | perror(identity_file); | |
718 | exit(1); | |
719 | } | |
720 | private = key_load_private(identity_file, "", &comment); | |
721 | if (private == ((void *)0)) { | |
722 | if (identity_passphrase) | |
723 | old_passphrase = xstrdup(identity_passphrase); | |
724 | else | |
725 | old_passphrase = | |
726 | read_passphrase("Enter old passphrase: ", 0x0002); | |
727 | private = | |
728 | key_load_private(identity_file, old_passphrase, &comment); | |
729 | explicit_bzero(old_passphrase, strlen(old_passphrase)); | |
730 | free(old_passphrase); | |
731 | if (private == ((void *)0)) { | |
732 | printf("Bad passphrase.\n"); | |
733 | exit(1); | |
734 | } | |
735 | } | |
736 | printf("Key has comment '%s'\n", comment); | |
737 | if (identity_new_passphrase) { | |
738 | passphrase1 = xstrdup(identity_new_passphrase); | |
739 | } else { | |
740 | passphrase1 = | |
741 | read_passphrase("Enter new passphrase (empty for no " | |
742 | "passphrase): ", 0x0002); | |
743 | passphrase2 = | |
744 | read_passphrase("Enter same passphrase again: ", 0x0002); | |
745 | if (__extension__( { | |
746 | size_t __s1_len, __s2_len; | |
747 | (__builtin_constant_p(passphrase1) | |
748 | && __builtin_constant_p(passphrase2) | |
749 | && (__s1_len = | |
750 | strlen(passphrase1), __s2_len = | |
751 | strlen(passphrase2), | |
752 | (!((size_t) (const void *) | |
753 | ((passphrase1) + 1) - | |
754 | (size_t) (const void *)(passphrase1) | |
755 | == 1) || __s1_len >= 4) | |
756 | && | |
757 | (!((size_t) (const void *) | |
758 | ((passphrase2) + 1) - | |
759 | (size_t) (const void *)(passphrase2) | |
760 | == 1) | |
761 | || __s2_len >= | |
762 | 4)) ? __builtin_strcmp(passphrase1, | |
763 | passphrase2) | |
764 | : (__builtin_constant_p(passphrase1) | |
765 | && | |
766 | ((size_t) (const void *) | |
767 | ((passphrase1) + 1) - | |
768 | (size_t) (const void *)(passphrase1) == | |
769 | 1) | |
770 | && (__s1_len = | |
771 | strlen(passphrase1), | |
772 | __s1_len < | |
773 | 4) | |
774 | ? (__builtin_constant_p(passphrase2) | |
775 | && | |
776 | ((size_t) (const void *) | |
777 | ((passphrase2) + 1) - | |
778 | (size_t) (const void *)(passphrase2) | |
779 | == 1) ? __builtin_strcmp(passphrase1, | |
780 | passphrase2) | |
781 | : (__extension__( { | |
782 | const unsigned char | |
783 | *__s2 = | |
784 | (const unsigned char | |
785 | *)(const char | |
786 | *)(passphrase2); | |
787 | register int __result | |
788 | = | |
789 | (((const unsigned char | |
790 | *)(const char | |
791 | *)(passphrase1)) | |
792 | [0] - __s2[0]); | |
793 | __result;} | |
794 | ))): (__builtin_constant_p(passphrase2) | |
795 | && | |
796 | ((size_t) (const void *) | |
797 | ((passphrase2) + 1) - | |
798 | (size_t) (const void | |
799 | *)(passphrase2) == 1) | |
800 | && (__s2_len = | |
801 | strlen(passphrase2), | |
802 | __s2_len < | |
803 | 4) | |
804 | ? (__builtin_constant_p | |
805 | (passphrase1) | |
806 | && | |
807 | ((size_t) (const void *) | |
808 | ((passphrase1) + 1) - | |
809 | (size_t) (const void | |
810 | *)(passphrase1) == | |
811 | 1) ? | |
812 | __builtin_strcmp(passphrase1, | |
813 | passphrase2) | |
814 | : (__extension__( { | |
815 | const unsigned | |
816 | char *__s1 = | |
817 | (const unsigned | |
818 | char *)(const | |
819 | char | |
820 | *) | |
821 | (passphrase1); | |
822 | register int | |
823 | __result = | |
824 | __s1[0] - | |
825 | ((const | |
826 | unsigned char | |
827 | *)(const char | |
828 | *) | |
829 | (passphrase2)) | |
830 | [0]; | |
831 | if (__s2_len > | |
832 | 0 | |
833 | && __result | |
834 | == 0) { | |
835 | } | |
836 | __result;} | |
837 | ))): __builtin_strcmp(passphrase1, | |
838 | passphrase2))));} | |
839 | ) != 0) { | |
840 | explicit_bzero(passphrase1, strlen(passphrase1)); | |
841 | explicit_bzero(passphrase2, strlen(passphrase2)); | |
842 | free(passphrase1); | |
843 | free(passphrase2); | |
844 | printf("Pass phrases do not match. Try again.\n"); | |
845 | exit(1); | |
846 | } | |
847 | explicit_bzero(passphrase2, strlen(passphrase2)); | |
848 | free(passphrase2); | |
849 | } | |
850 | if (!key_save_private | |
851 | (private, identity_file, passphrase1, comment, use_new_format, | |
852 | new_format_cipher, rounds)) { | |
853 | printf("Saving the key failed: %s.\n", identity_file); | |
854 | explicit_bzero(passphrase1, strlen(passphrase1)); | |
855 | free(passphrase1); | |
856 | key_free(private); | |
857 | free(comment); | |
858 | exit(1); | |
859 | } | |
860 | explicit_bzero(passphrase1, strlen(passphrase1)); | |
861 | free(passphrase1); | |
862 | key_free(private); | |
863 | free(comment); | |
864 | printf("Your identification has been saved with the new passphrase.\n"); | |
865 | exit(0); | |
866 | } | |
867 | ||
868 | static void do_change_comment(struct passwd *pw) | |
869 | { | |
870 | char new_comment[1024], *comment, *passphrase; | |
871 | Key *private; | |
872 | Key *public; | |
873 | struct stat st; | |
874 | FILE *f; | |
875 | int fd; | |
876 | if (!have_identity) | |
877 | ask_filename(pw, "Enter file in which the key is"); | |
878 | if (stat(identity_file, &st) < 0) { | |
879 | perror(identity_file); | |
880 | exit(1); | |
881 | } | |
882 | private = key_load_private(identity_file, "", &comment); | |
883 | if (private == ((void *)0)) { | |
884 | if (identity_passphrase) | |
885 | passphrase = xstrdup(identity_passphrase); | |
886 | else if (identity_new_passphrase) | |
887 | passphrase = xstrdup(identity_new_passphrase); | |
888 | else | |
889 | passphrase = | |
890 | read_passphrase("Enter passphrase: ", 0x0002); | |
891 | private = key_load_private(identity_file, passphrase, &comment); | |
892 | if (private == ((void *)0)) { | |
893 | explicit_bzero(passphrase, strlen(passphrase)); | |
894 | free(passphrase); | |
895 | printf("Bad passphrase.\n"); | |
896 | exit(1); | |
897 | } | |
898 | passphrase = xstrdup(""); | |
899 | } | |
900 | if (private->type != KEY_RSA1) { | |
901 | fprintf(stderr, "Comments are only supported for RSA1 keys.\n"); | |
902 | key_free(private); | |
903 | exit(1); | |
904 | } | |
905 | printf("Key now has comment '%s'\n", comment); | |
906 | if (identity_comment) { | |
907 | strlcpy(new_comment, identity_comment, sizeof(new_comment)); | |
908 | printf("Enter new comment: "); | |
909 | fflush(stdout); | |
910 | if (!fgets(new_comment, sizeof(new_comment), stdin)) { | |
911 | explicit_bzero(passphrase, strlen(passphrase)); | |
912 | key_free(private); | |
913 | exit(1); | |
914 | } | |
915 | new_comment[__extension__( { | |
916 | char __r0, __r1, __r2; | |
917 | (__builtin_constant_p("\n") | |
918 | && | |
919 | ((size_t) (const void *)(("\n") + 1) | |
920 | - (size_t) (const void *)("\n") == | |
921 | 1) | |
922 | ? ((__builtin_constant_p(new_comment) | |
923 | && | |
924 | ((size_t) (const void *) | |
925 | ((new_comment) + 1) - | |
926 | (size_t) (const void | |
927 | *)(new_comment) == | |
928 | 1)) ? | |
929 | __builtin_strcspn(new_comment, | |
930 | "\n") : ((__r0 = | |
931 | ((const char *)("\n"))[0], __r0 == '\0') ? strlen(new_comment) : ((__r1 = ((const char *)("\n"))[1], __r1 == '\0') ? __strcspn_c1(new_comment, __r0) : ((__r2 = ((const char *)("\n"))[2], __r2 == '\0') ? __strcspn_c2(new_comment, __r0, __r1) : (((const char *)("\n"))[3] == '\0' ? __strcspn_c3(new_comment, __r0, __r1, __r2) : __builtin_strcspn(new_comment, "\n")))))) : __builtin_strcspn(new_comment, "\n"));} | |
932 | )] = '\0'; | |
933 | } | |
934 | if (!key_save_private | |
935 | (private, identity_file, passphrase, new_comment, use_new_format, | |
936 | new_format_cipher, rounds)) { | |
937 | printf("Saving the key failed: %s.\n", identity_file); | |
938 | explicit_bzero(passphrase, strlen(passphrase)); | |
939 | free(passphrase); | |
940 | key_free(private); | |
941 | free(comment); | |
942 | exit(1); | |
943 | } | |
944 | explicit_bzero(passphrase, strlen(passphrase)); | |
945 | free(passphrase); | |
946 | public = key_from_private(private); | |
947 | key_free(private); | |
948 | strlcat(identity_file, ".pub", sizeof(identity_file)); | |
949 | fd = open(identity_file, 01 | 00000400 | 01000, 0644); | |
950 | if (fd == -1) { | |
951 | printf("Could not save your public key in %s\n", identity_file); | |
952 | exit(1); | |
953 | } | |
954 | f = fdopen(fd, "w"); | |
955 | if (f == ((void *)0)) { | |
956 | printf("fdopen %s failed\n", identity_file); | |
957 | exit(1); | |
958 | } | |
959 | if (!key_write(public, f)) | |
960 | fprintf(stderr, "write key failed\n"); | |
961 | key_free(public); | |
962 | fprintf(f, " %s\n", new_comment); | |
963 | fclose(f); | |
964 | free(comment); | |
965 | printf("The comment in your key file has been changed.\n"); | |
966 | exit(0); | |
967 | } | |
968 | ||
969 | static const char *fmt_validity(u_int64_t valid_from, u_int64_t valid_to) | |
970 | { | |
971 | char from[32], to[32]; | |
972 | static char ret[64]; | |
973 | time_t tt; | |
974 | struct tm *tm; | |
975 | *from = *to = '\0'; | |
976 | if (valid_from == 0 && valid_to == 0xffffffffffffffffULL) | |
977 | return "forever"; | |
978 | if (valid_from != 0) { | |
979 | tt = valid_from > 2147483647 ? 2147483647 : valid_from; | |
980 | tm = localtime(&tt); | |
981 | strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); | |
982 | } | |
983 | if (valid_to != 0xffffffffffffffffULL) { | |
984 | tt = valid_to > 2147483647 ? 2147483647 : valid_to; | |
985 | tm = localtime(&tt); | |
986 | strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); | |
987 | } | |
988 | if (valid_from == 0) { | |
989 | snprintf(ret, sizeof(ret), "before %s", to); | |
990 | } | |
991 | if (valid_to == 0xffffffffffffffffULL) { | |
992 | snprintf(ret, sizeof(ret), "after %s", from); | |
993 | } | |
994 | snprintf(ret, sizeof(ret), "from %s to %s", from, to); | |
995 | } | |
996 | ||
997 | static void do_show_cert(struct passwd *pw) | |
998 | { | |
999 | Key *key; | |
1000 | struct stat st; | |
1001 | char *key_fp, *ca_fp; | |
1002 | u_int i, v00; | |
1003 | if (!have_identity) | |
1004 | ask_filename(pw, "Enter file in which the key is"); | |
1005 | if (stat(identity_file, &st) < 0) | |
1006 | fatal("%s: %s: %s", __progname, identity_file, | |
1007 | strerror((*__errno_location()))); | |
1008 | if ((key = key_load_public(identity_file, ((void *)0))) == ((void *)0)) | |
1009 | fatal("%s is not a public key", identity_file); | |
1010 | if (!key_is_cert(key)) | |
1011 | fatal("%s is not a certificate", identity_file); | |
1012 | v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00; | |
1013 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | |
1014 | ca_fp = | |
1015 | key_fingerprint(key->cert->signature_key, SSH_FP_MD5, SSH_FP_HEX); | |
1016 | printf("%s:\n", identity_file); | |
1017 | printf(" Type: %s %s certificate\n", key_ssh_name(key), | |
1018 | key_cert_type(key)); | |
1019 | printf(" Public key: %s %s\n", key_type(key), key_fp); | |
1020 | printf(" Signing CA: %s %s\n", | |
1021 | key_type(key->cert->signature_key), ca_fp); | |
1022 | printf(" Key ID: \"%s\"\n", key->cert->key_id); | |
1023 | if (!v00) { | |
1024 | printf(" Serial: %llu\n", | |
1025 | (unsigned long long)key->cert->serial); | |
1026 | } | |
1027 | printf(" Valid: %s\n", | |
1028 | fmt_validity(key->cert->valid_after, key->cert->valid_before)); | |
1029 | printf(" Principals: "); | |
1030 | if (key->cert->nprincipals == 0) | |
1031 | printf("(none)\n"); | |
1032 | else { | |
1033 | for (i = 0; i < key->cert->nprincipals; i++) | |
1034 | printf("\n %s", | |
1035 | key->cert->principals[i]); | |
1036 | printf("\n"); | |
1037 | } | |
1038 | printf(" Critical Options: "); | |
1039 | if (buffer_len(&key->cert->critical) == 0) | |
1040 | printf("(none)\n"); | |
1041 | else { | |
1042 | printf("\n"); | |
1043 | show_options(&key->cert->critical, v00, 1); | |
1044 | } | |
1045 | if (!v00) { | |
1046 | printf(" Extensions: "); | |
1047 | if (buffer_len(&key->cert->extensions) == 0) | |
1048 | printf("(none)\n"); | |
1049 | else { | |
1050 | printf("\n"); | |
1051 | show_options(&key->cert->extensions, v00, 0); | |
1052 | } | |
1053 | } | |
1054 | exit(0); | |
1055 | } | |
1056 | ||
1057 | static void do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) | |
1058 | { | |
1059 | struct ssh_krl *krl; | |
1060 | struct stat sb; | |
1061 | Key *ca = ((void *)0); | |
1062 | int fd, i; | |
1063 | char *tmp; | |
1064 | Buffer kbuf; | |
1065 | if (*identity_file == '\0') | |
1066 | fatal("KRL generation requires an output file"); | |
1067 | if (stat(identity_file, &sb) == -1) { | |
1068 | if ((*__errno_location()) != 2) | |
1069 | fatal("Cannot access KRL \"%s\": %s", identity_file, | |
1070 | strerror((*__errno_location()))); | |
1071 | if (updating) | |
1072 | fatal("KRL \"%s\" does not exist", identity_file); | |
1073 | } | |
1074 | if (ca_key_path != ((void *)0)) { | |
1075 | tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); | |
1076 | if ((ca = key_load_public(tmp, ((void *)0))) == ((void *)0)) | |
1077 | fatal("Cannot load CA public key %s", tmp); | |
1078 | free(tmp); | |
1079 | } | |
1080 | if (updating) | |
1081 | load_krl(identity_file, &krl); | |
1082 | else if ((krl = ssh_krl_init()) == ((void *)0)) | |
1083 | fatal("couldn't create KRL"); | |
1084 | if (cert_serial != 0) | |
1085 | ssh_krl_set_version(krl, cert_serial); | |
1086 | if (identity_comment != ((void *)0)) | |
1087 | ssh_krl_set_comment(krl, identity_comment); | |
1088 | for (i = 0; i < argc; i++) | |
1089 | update_krl_from_file(pw, argv[i], ca, krl); | |
1090 | buffer_init(&kbuf); | |
1091 | if (ssh_krl_to_blob(krl, &kbuf, ((void *)0), 0) != 0) | |
1092 | fatal("Couldn't generate KRL"); | |
1093 | if ((fd = open(identity_file, 01 | 00000400 | 01000, 0644)) == -1) | |
1094 | fatal("open %s: %s", identity_file, | |
1095 | strerror((*__errno_location()))); | |
1096 | if (atomicio | |
1097 | ((ssize_t(*)(int, void *, size_t))write, fd, buffer_ptr(&kbuf), | |
1098 | buffer_len(&kbuf)) != buffer_len(&kbuf)) | |
1099 | fatal("write %s: %s", identity_file, | |
1100 | strerror((*__errno_location()))); | |
1101 | close(fd); | |
1102 | buffer_free(&kbuf); | |
1103 | ssh_krl_free(krl); | |
1104 | if (ca != ((void *)0)) | |
1105 | key_free(ca); | |
1106 | } | |
1107 | ||
1108 | static void usage(void) | |
1109 | { | |
1110 | exit(1); | |
1111 | } | |
1112 | ||
1113 | int main(int argc, char **argv) | |
1114 | { | |
1115 | char dotsshdir[4096], comment[1024], *passphrase1, *passphrase2; | |
1116 | char *checkpoint = ((void *)0); | |
1117 | char out_file[4096], *ep, *rr_hostname = ((void *)0); | |
1118 | Key *private, *public; | |
1119 | struct passwd *pw; | |
1120 | struct stat st; | |
1121 | int opt, type, fd; | |
1122 | u_int32_t memory = 0, generator_wanted = 0; | |
1123 | int do_gen_candidates = 0, do_screen_candidates = 0; | |
1124 | int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; | |
1125 | unsigned long start_lineno = 0, lines_to_process = 0; | |
1126 | BIGNUM *start = ((void *)0); | |
1127 | FILE *f; | |
1128 | const char *errstr; | |
1129 | extern char *BSDoptarg; | |
1130 | sanitise_stdfd(); | |
1131 | __progname = ssh_get_progname(argv[0]); | |
1132 | ssh_OpenSSL_add_all_algorithms(); | |
1133 | log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); | |
1134 | seed_rng(); | |
1135 | pw = getpwuid(getuid()); | |
1136 | if (!pw) { | |
1137 | printf("No user exists for uid %lu\n", (u_long) getuid()); | |
1138 | exit(1); | |
1139 | } | |
1140 | if (gethostname(hostname, sizeof(hostname)) < 0) { | |
1141 | perror("gethostname"); | |
1142 | exit(1); | |
1143 | } | |
1144 | while ((opt = | |
1145 | BSDgetopt(argc, argv, | |
1146 | "ABHLQXceghiklopquvxy" | |
1147 | "C:D:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:a:b:f:g:j:m:n:r:s:t:z:")) | |
1148 | != -1) { | |
1149 | switch (opt) { | |
1150 | case 'A': | |
1151 | gen_all_hostkeys = 1; | |
1152 | case 'b': | |
1153 | bits = | |
1154 | (u_int32_t) strtonum(BSDoptarg, 256, 32768, | |
1155 | &errstr); | |
1156 | if (errstr) | |
1157 | fatal("Bits has bad value %s (%s)", BSDoptarg, | |
1158 | errstr); | |
1159 | case 'F': | |
1160 | find_host = 1; | |
1161 | rr_hostname = BSDoptarg; | |
1162 | break; | |
1163 | case 'H': | |
1164 | hash_hosts = 1; | |
1165 | case 'I': | |
1166 | cert_key_id = BSDoptarg; | |
1167 | case 'J': | |
1168 | lines_to_process = strtoul(BSDoptarg, ((void *)0), 10); | |
1169 | case 'j': | |
1170 | start_lineno = strtoul(BSDoptarg, ((void *)0), 10); | |
1171 | case 'R': | |
1172 | delete_host = 1; | |
1173 | rr_hostname = BSDoptarg; | |
1174 | break; | |
1175 | case 'L': | |
1176 | show_cert = 1; | |
1177 | case 'l': | |
1178 | print_fingerprint = 1; | |
1179 | case 'B': | |
1180 | print_bubblebabble = 1; | |
1181 | case 'm': | |
1182 | if (strcasecmp(BSDoptarg, "RFC4716") == 0 | |
1183 | || strcasecmp(BSDoptarg, "ssh2") == 0) { | |
1184 | convert_format = FMT_RFC4716; | |
1185 | } | |
1186 | if (strcasecmp(BSDoptarg, "PKCS8") == 0) { | |
1187 | convert_format = FMT_PKCS8; | |
1188 | } | |
1189 | if (strcasecmp(BSDoptarg, "PEM") == 0) { | |
1190 | convert_format = FMT_PEM; | |
1191 | } | |
1192 | fatal("Unsupported conversion format \"%s\"", | |
1193 | BSDoptarg); | |
1194 | case 'n': | |
1195 | cert_principals = BSDoptarg; | |
1196 | case 'o': | |
1197 | use_new_format = 1; | |
1198 | case 'p': | |
1199 | change_passphrase = 1; | |
1200 | case 'c': | |
1201 | change_comment = 1; | |
1202 | case 'f': | |
1203 | if (strlcpy | |
1204 | (identity_file, BSDoptarg, | |
1205 | sizeof(identity_file)) >= sizeof(identity_file)) | |
1206 | fatal("Identity filename too long"); | |
1207 | have_identity = 1; | |
1208 | case 'g': | |
1209 | print_generic = 1; | |
1210 | case 'P': | |
1211 | identity_passphrase = BSDoptarg; | |
1212 | case 'N': | |
1213 | identity_new_passphrase = BSDoptarg; | |
1214 | case 'Q': | |
1215 | check_krl = 1; | |
1216 | case 'O': | |
1217 | add_cert_option(BSDoptarg); | |
1218 | case 'Z': | |
1219 | new_format_cipher = BSDoptarg; | |
1220 | case 'C': | |
1221 | identity_comment = BSDoptarg; | |
1222 | case 'q': | |
1223 | quiet = 1; | |
1224 | case 'e': | |
1225 | case 'x': | |
1226 | convert_to = 1; | |
1227 | case 'h': | |
1228 | cert_key_type = 2; | |
1229 | certflags_flags = 0; | |
1230 | case 'k': | |
1231 | gen_krl = 1; | |
1232 | case 'i': | |
1233 | case 'X': | |
1234 | convert_from = 1; | |
1235 | case 'y': | |
1236 | print_public = 1; | |
1237 | case 's': | |
1238 | ca_key_path = BSDoptarg; | |
1239 | case 't': | |
1240 | key_type_name = BSDoptarg; | |
1241 | case 'D': | |
1242 | pkcs11provider = BSDoptarg; | |
1243 | case 'u': | |
1244 | update_krl = 1; | |
1245 | case 'v': | |
1246 | if (log_level == SYSLOG_LEVEL_INFO) | |
1247 | log_level = SYSLOG_LEVEL_DEBUG1; | |
1248 | else { | |
1249 | if (log_level >= SYSLOG_LEVEL_DEBUG1 | |
1250 | && log_level < SYSLOG_LEVEL_DEBUG3) | |
1251 | log_level++; | |
1252 | } | |
1253 | case 'r': | |
1254 | rr_hostname = BSDoptarg; | |
1255 | case 'W': | |
1256 | generator_wanted = | |
1257 | (u_int32_t) strtonum(BSDoptarg, 1, | |
1258 | (2147483647 * 2U + 1U), | |
1259 | &errstr); | |
1260 | if (errstr) | |
1261 | fatal | |
1262 | ("Desired generator has bad value: %s (%s)", | |
1263 | BSDoptarg, errstr); | |
1264 | case 'a': | |
1265 | rounds = | |
1266 | (int)strtonum(BSDoptarg, 1, 2147483647, &errstr); | |
1267 | if (errstr) | |
1268 | fatal("Invalid number: %s (%s)", BSDoptarg, | |
1269 | errstr); | |
1270 | case 'M': | |
1271 | memory = | |
1272 | (u_int32_t) strtonum(BSDoptarg, 1, | |
1273 | (2147483647 * 2U + 1U), | |
1274 | &errstr); | |
1275 | if (errstr) | |
1276 | fatal("Memory limit is %s: %s", errstr, | |
1277 | BSDoptarg); | |
1278 | case 'G': | |
1279 | do_gen_candidates = 1; | |
1280 | if (strlcpy(out_file, BSDoptarg, sizeof(out_file)) >= | |
1281 | sizeof(out_file)) | |
1282 | fatal("Output filename too long"); | |
1283 | case 'T': | |
1284 | do_screen_candidates = 1; | |
1285 | if (strlcpy(out_file, BSDoptarg, sizeof(out_file)) >= | |
1286 | sizeof(out_file)) | |
1287 | fatal("Output filename too long"); | |
1288 | case 'K': | |
1289 | if (strlen(BSDoptarg) >= 4096) | |
1290 | fatal("Checkpoint filename too long"); | |
1291 | checkpoint = xstrdup(BSDoptarg); | |
1292 | break; | |
1293 | case 'S': | |
1294 | if (BN_hex2bn(&start, BSDoptarg) == 0) | |
1295 | fatal("Invalid start point."); | |
1296 | case 'V': | |
1297 | parse_cert_times(BSDoptarg); | |
1298 | case 'z': | |
1299 | (*__errno_location()) = 0; | |
1300 | cert_serial = strtoull(BSDoptarg, &ep, 10); | |
1301 | if (*BSDoptarg < '0' || *BSDoptarg > '9' || *ep != '\0' | |
1302 | || ((*__errno_location()) == 34 | |
1303 | && cert_serial == | |
1304 | (9223372036854775807LL * 2ULL + 1))) | |
1305 | fatal("Invalid serial number \"%s\"", | |
1306 | BSDoptarg); | |
1307 | case '?': | |
1308 | default: | |
1309 | usage(); | |
1310 | } | |
1311 | } | |
1312 | log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1); | |
1313 | if (ca_key_path != ((void *)0)) { | |
1314 | if (argc < 1 && !gen_krl) { | |
1315 | printf("Too few arguments.\n"); | |
1316 | usage(); | |
1317 | } | |
1318 | } else if (argc > 0 && !gen_krl && !check_krl) { | |
1319 | printf("Too many arguments.\n"); | |
1320 | } | |
1321 | if (change_passphrase && change_comment) { | |
1322 | printf("Can only have one of -p and -c.\n"); | |
1323 | usage(); | |
1324 | } | |
1325 | if (print_fingerprint && (delete_host || hash_hosts)) { | |
1326 | printf("Cannot use -l with -H or -R.\n"); | |
1327 | usage(); | |
1328 | } | |
1329 | if (gen_krl) { | |
1330 | do_gen_krl(pw, update_krl, argc, argv); | |
1331 | return (0); | |
1332 | } | |
1333 | if (check_krl) { | |
1334 | do_check_krl(pw, argc, argv); | |
1335 | } | |
1336 | if (ca_key_path != ((void *)0)) { | |
1337 | if (cert_key_id == ((void *)0)) | |
1338 | fatal("Must specify key id (-I) when certifying"); | |
1339 | do_ca_sign(pw, argc, argv); | |
1340 | } | |
1341 | if (show_cert) | |
1342 | do_show_cert(pw); | |
1343 | if (delete_host || hash_hosts || find_host) | |
1344 | do_known_hosts(pw, rr_hostname); | |
1345 | if (pkcs11provider != ((void *)0)) | |
1346 | do_download(pw); | |
1347 | if (print_fingerprint || print_bubblebabble) | |
1348 | do_fingerprint(pw); | |
1349 | if (change_passphrase) | |
1350 | do_change_passphrase(pw); | |
1351 | if (change_comment) | |
1352 | do_change_comment(pw); | |
1353 | if (convert_to) | |
1354 | do_convert_to(pw); | |
1355 | if (convert_from) | |
1356 | do_convert_from(pw); | |
1357 | if (print_public) | |
1358 | do_print_public(pw); | |
1359 | if (rr_hostname != ((void *)0)) { | |
1360 | unsigned int n = 0; | |
1361 | if (have_identity) { | |
1362 | n = do_print_resource_record(pw, identity_file, | |
1363 | rr_hostname); | |
1364 | if (n == 0) { | |
1365 | perror(identity_file); | |
1366 | exit(1); | |
1367 | } | |
1368 | exit(0); | |
1369 | } else { | |
1370 | n += do_print_resource_record(pw, | |
1371 | "/etc/ssh" | |
1372 | "/ssh_host_rsa_key", | |
1373 | rr_hostname); | |
1374 | n += do_print_resource_record(pw, | |
1375 | "/etc/ssh" | |
1376 | "/ssh_host_dsa_key", | |
1377 | rr_hostname); | |
1378 | n += do_print_resource_record(pw, | |
1379 | "/etc/ssh" | |
1380 | "/ssh_host_ecdsa_key", | |
1381 | rr_hostname); | |
1382 | if (n == 0) | |
1383 | fatal("no keys found."); | |
1384 | exit(0); | |
1385 | } | |
1386 | } | |
1387 | if (do_gen_candidates) { | |
1388 | FILE *out = fopen(out_file, "w"); | |
1389 | if (out == ((void *)0)) { | |
1390 | error("Couldn't open modulus candidate file \"%s\": %s", | |
1391 | out_file, strerror((*__errno_location()))); | |
1392 | } | |
1393 | if (bits == 0) | |
1394 | bits = 2048; | |
1395 | if (gen_candidates(out, memory, bits, start) != 0) | |
1396 | fatal("modulus candidate generation failed"); | |
1397 | } | |
1398 | if (do_screen_candidates) { | |
1399 | FILE *in; | |
1400 | FILE *out = fopen(out_file, "a"); | |
1401 | if (have_identity && __extension__( { | |
1402 | size_t __s1_len, __s2_len; | |
1403 | (__builtin_constant_p | |
1404 | (identity_file) | |
1405 | && __builtin_constant_p("-") | |
1406 | && (__s1_len = | |
1407 | strlen(identity_file), | |
1408 | __s2_len = | |
1409 | strlen("-"), | |
1410 | (!((size_t) | |
1411 | (const void | |
1412 | *)((identity_file) + | |
1413 | 1) - | |
1414 | (size_t) (const void | |
1415 | *) | |
1416 | (identity_file) == 1) | |
1417 | || __s1_len >= 4) | |
1418 | && | |
1419 | (!((size_t) | |
1420 | (const void *)(("-") | |
1421 | + 1) - | |
1422 | (size_t) (const void | |
1423 | *)("-") == | |
1424 | 1) | |
1425 | || __s2_len >= | |
1426 | 4)) ? | |
1427 | __builtin_strcmp | |
1428 | (identity_file, | |
1429 | "-") | |
1430 | : (__builtin_constant_p | |
1431 | (identity_file) | |
1432 | && | |
1433 | ((size_t) (const void *) | |
1434 | ((identity_file) + 1) - | |
1435 | (size_t) (const void | |
1436 | *) | |
1437 | (identity_file) == 1) | |
1438 | && (__s1_len = | |
1439 | strlen | |
1440 | (identity_file), | |
1441 | __s1_len < | |
1442 | 4) | |
1443 | ? (__builtin_constant_p | |
1444 | ("-") | |
1445 | && | |
1446 | ((size_t) | |
1447 | (const void *)(("-") | |
1448 | + 1) - | |
1449 | (size_t) (const void | |
1450 | *)("-") == | |
1451 | 1) ? | |
1452 | __builtin_strcmp | |
1453 | (identity_file, | |
1454 | "-") | |
1455 | : (__extension__( { | |
1456 | const | |
1457 | unsigned | |
1458 | char | |
1459 | *__s2 | |
1460 | = | |
1461 | (const | |
1462 | unsigned | |
1463 | char | |
1464 | *) | |
1465 | (const | |
1466 | char | |
1467 | *) | |
1468 | ("-"); | |
1469 | register | |
1470 | int | |
1471 | __result | |
1472 | = | |
1473 | (((const unsigned char *)(const char *)(identity_file))[0] - __s2[0]); __result;} | |
1474 | ))): | |
1475 | (__builtin_constant_p | |
1476 | ("-") | |
1477 | && | |
1478 | ((size_t) (const void *) | |
1479 | (("-") + 1) - | |
1480 | (size_t) (const void | |
1481 | *)("-") == 1) | |
1482 | && (__s2_len = | |
1483 | strlen("-"), | |
1484 | __s2_len < | |
1485 | 4) | |
1486 | ? (__builtin_constant_p | |
1487 | (identity_file) | |
1488 | && | |
1489 | ((size_t) | |
1490 | (const void | |
1491 | *)((identity_file) | |
1492 | + 1) - | |
1493 | (size_t) (const void | |
1494 | *) | |
1495 | (identity_file) == | |
1496 | 1) ? | |
1497 | __builtin_strcmp | |
1498 | (identity_file, | |
1499 | "-") | |
1500 | : (__extension__( { | |
1501 | const | |
1502 | unsigned | |
1503 | char | |
1504 | *__s1 | |
1505 | = | |
1506 | (const | |
1507 | unsigned | |
1508 | char | |
1509 | *) | |
1510 | (const | |
1511 | char | |
1512 | *) | |
1513 | (identity_file); | |
1514 | register | |
1515 | int | |
1516 | __result | |
1517 | = | |
1518 | __s1 | |
1519 | [0] | |
1520 | - | |
1521 | ((const unsigned char *)(const char *)("-"))[0]; if (__s2_len > 0 && __result == 0) { | |
1522 | __result | |
1523 | = | |
1524 | (__s1 | |
1525 | [1] | |
1526 | - | |
1527 | ((const unsigned char *)(const char *)("-"))[1]);} | |
1528 | __result;} | |
1529 | ))): | |
1530 | __builtin_strcmp | |
1531 | (identity_file, | |
1532 | "-"))));} | |
1533 | ) != 0) { | |
1534 | if ((in = fopen(identity_file, "r")) == ((void *)0)) { | |
1535 | fatal("Couldn't open modulus candidate " | |
1536 | "file \"%s\": %s", identity_file, | |
1537 | strerror((*__errno_location()))); | |
1538 | } | |
1539 | } else | |
1540 | in = stdin; | |
1541 | if (out == ((void *)0)) { | |
1542 | fatal("Couldn't open moduli file \"%s\": %s", out_file, | |
1543 | strerror((*__errno_location()))); | |
1544 | } | |
1545 | if (prime_test | |
1546 | (in, out, rounds == 0 ? 100 : rounds, generator_wanted, | |
1547 | checkpoint, start_lineno, lines_to_process) != 0) | |
1548 | fatal("modulus screening failed"); | |
1549 | } | |
1550 | if (gen_all_hostkeys) { | |
1551 | do_gen_all_hostkeys(pw); | |
1552 | } | |
1553 | if (key_type_name == ((void *)0)) | |
1554 | key_type_name = "rsa"; | |
1555 | type = key_type_from_name(key_type_name); | |
1556 | type_bits_valid(type, &bits); | |
1557 | if (!quiet) | |
1558 | printf("Generating public/private %s key pair.\n", | |
1559 | key_type_name); | |
1560 | private = key_generate(type, bits); | |
1561 | if (private == ((void *)0)) { | |
1562 | fprintf(stderr, "key_generate failed\n"); | |
1563 | exit(1); | |
1564 | } | |
1565 | public = key_from_private(private); | |
1566 | if (!have_identity) | |
1567 | ask_filename(pw, "Enter file in which to save the key"); | |
1568 | snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, ".ssh"); | |
1569 | if (strstr(identity_file, dotsshdir) != ((void *)0)) { | |
1570 | if (stat(dotsshdir, &st) < 0) { | |
1571 | if ((*__errno_location()) != 2) { | |
1572 | error("Could not stat %s: %s", dotsshdir, | |
1573 | strerror((*__errno_location()))); | |
1574 | } else if (mkdir(dotsshdir, 0700) < 0) { | |
1575 | error("Could not create directory '%s': %s", | |
1576 | dotsshdir, | |
1577 | strerror((*__errno_location()))); | |
1578 | } else if (!quiet) | |
1579 | printf("Created directory '%s'.\n", dotsshdir); | |
1580 | } | |
1581 | } | |
1582 | if (stat(identity_file, &st) >= 0) { | |
1583 | char yesno[3]; | |
1584 | printf("%s already exists.\n", identity_file); | |
1585 | printf("Overwrite (y/n)? "); | |
1586 | fflush(stdout); | |
1587 | if (fgets(yesno, sizeof(yesno), stdin) == ((void *)0)) | |
1588 | exit(1); | |
1589 | if (yesno[0] != 'y' && yesno[0] != 'Y') | |
1590 | exit(1); | |
1591 | } | |
1592 | if (identity_passphrase) | |
1593 | passphrase1 = xstrdup(identity_passphrase); | |
1594 | else if (identity_new_passphrase) | |
1595 | passphrase1 = xstrdup(identity_new_passphrase); | |
1596 | else { | |
1597 | passphrase_again:passphrase1 = | |
1598 | read_passphrase("Enter passphrase (empty for no " | |
1599 | "passphrase): ", 0x0002); | |
1600 | passphrase2 = | |
1601 | read_passphrase("Enter same passphrase again: ", 0x0002); | |
1602 | if (__extension__( { | |
1603 | size_t __s1_len, __s2_len; | |
1604 | (__builtin_constant_p(passphrase1) | |
1605 | && __builtin_constant_p(passphrase2) | |
1606 | && (__s1_len = | |
1607 | strlen(passphrase1), __s2_len = | |
1608 | strlen(passphrase2), | |
1609 | (!((size_t) (const void *) | |
1610 | ((passphrase1) + 1) - | |
1611 | (size_t) (const void *)(passphrase1) | |
1612 | == 1) || __s1_len >= 4) | |
1613 | && | |
1614 | (!((size_t) (const void *) | |
1615 | ((passphrase2) + 1) - | |
1616 | (size_t) (const void *)(passphrase2) | |
1617 | == 1) | |
1618 | || __s2_len >= | |
1619 | 4)) ? __builtin_strcmp(passphrase1, | |
1620 | passphrase2) | |
1621 | : (__builtin_constant_p(passphrase1) | |
1622 | && | |
1623 | ((size_t) (const void *) | |
1624 | ((passphrase1) + 1) - | |
1625 | (size_t) (const void *)(passphrase1) == | |
1626 | 1) | |
1627 | && (__s1_len = | |
1628 | strlen(passphrase1), | |
1629 | __s1_len < | |
1630 | 4) | |
1631 | ? (__builtin_constant_p(passphrase2) | |
1632 | && | |
1633 | ((size_t) (const void *) | |
1634 | ((passphrase2) + 1) - | |
1635 | (size_t) (const void *)(passphrase2) | |
1636 | == 1) ? __builtin_strcmp(passphrase1, | |
1637 | passphrase2) | |
1638 | : (__extension__( { | |
1639 | const unsigned char | |
1640 | *__s2 = | |
1641 | (const unsigned char | |
1642 | *)(const char | |
1643 | *)(passphrase2); | |
1644 | register int __result | |
1645 | = | |
1646 | (((const unsigned char | |
1647 | *)(const char | |
1648 | *)(passphrase1)) | |
1649 | [0] - __s2[0]); | |
1650 | __result;} | |
1651 | ))): (__builtin_constant_p(passphrase2) | |
1652 | && | |
1653 | ((size_t) (const void *) | |
1654 | ((passphrase2) + 1) - | |
1655 | (size_t) (const void | |
1656 | *)(passphrase2) == 1) | |
1657 | && (__s2_len = | |
1658 | strlen(passphrase2), | |
1659 | __s2_len < | |
1660 | 4) | |
1661 | ? (__builtin_constant_p | |
1662 | (passphrase1) | |
1663 | && | |
1664 | ((size_t) (const void *) | |
1665 | ((passphrase1) + 1) - | |
1666 | (size_t) (const void | |
1667 | *)(passphrase1) == | |
1668 | 1) ? | |
1669 | __builtin_strcmp(passphrase1, | |
1670 | passphrase2) | |
1671 | : (__extension__( { | |
1672 | const unsigned | |
1673 | char *__s1 = | |
1674 | (const unsigned | |
1675 | char *)(const | |
1676 | char | |
1677 | *) | |
1678 | (passphrase1); | |
1679 | register int | |
1680 | __result = | |
1681 | __s1[0] - | |
1682 | ((const | |
1683 | unsigned char | |
1684 | *)(const char | |
1685 | *) | |
1686 | (passphrase2)) | |
1687 | [0]; __result;} | |
1688 | ))): __builtin_strcmp(passphrase1, | |
1689 | passphrase2))));} | |
1690 | ) != 0) { | |
1691 | explicit_bzero(passphrase1, strlen(passphrase1)); | |
1692 | explicit_bzero(passphrase2, strlen(passphrase2)); | |
1693 | free(passphrase1); | |
1694 | free(passphrase2); | |
1695 | printf("Passphrases do not match. Try again.\n"); | |
1696 | } | |
1697 | explicit_bzero(passphrase2, strlen(passphrase2)); | |
1698 | free(passphrase2); | |
1699 | } | |
1700 | if (identity_comment) { | |
1701 | strlcpy(comment, identity_comment, sizeof(comment)); | |
1702 | snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, | |
1703 | hostname); | |
1704 | } | |
1705 | if (!key_save_private | |
1706 | (private, identity_file, passphrase1, comment, use_new_format, | |
1707 | new_format_cipher, rounds)) { | |
1708 | printf("Saving the key failed: %s.\n", identity_file); | |
1709 | explicit_bzero(passphrase1, strlen(passphrase1)); | |
1710 | free(passphrase1); | |
1711 | exit(1); | |
1712 | } | |
1713 | explicit_bzero(passphrase1, strlen(passphrase1)); | |
1714 | free(passphrase1); | |
1715 | if (!quiet) | |
1716 | printf("Your identification has been saved in %s.\n", | |
1717 | identity_file); | |
1718 | strlcat(identity_file, ".pub", sizeof(identity_file)); | |
1719 | if (!key_write(public, f)) | |
1720 | fprintf(stderr, "write key failed\n"); | |
1721 | fprintf(f, " %s\n", comment); | |
1722 | fclose(f); | |
1723 | if (!quiet) { | |
1724 | char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); | |
1725 | char *ra = | |
1726 | key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); | |
1727 | printf("Your public key has been saved in %s.\n", | |
1728 | identity_file); | |
1729 | printf("The key fingerprint is:\n"); | |
1730 | printf("%s %s\n", fp, comment); | |
1731 | printf("The key's randomart image is:\n"); | |
1732 | printf("%s\n", ra); | |
1733 | free(ra); | |
1734 | free(fp); | |
1735 | } | |
1736 | } |