Commit 0b5a08cb authored by Niels Möller's avatar Niels Möller
Browse files

(read_known_hosts): Read new known-hosts file as

"~/.lsh/host-acls", and filter it through sexp-conv. Fall back to
the old file name "~/.lsh/known_hosts" if the new file doesn't
exist.
(do_lsh_lookup): Use the new spki_lookup function.
(do_lsh_lookup): Use new spki_authorize function.
(do_lsh_lookup): Disable spki fingerprinting for now.

Rev: src/lsh.c:1.172
parent 7b1c852f
...@@ -143,7 +143,8 @@ make_options(struct exception_handler *handler, ...@@ -143,7 +143,8 @@ make_options(struct exception_handler *handler,
self->algorithms = make_algorithms_options(all_symmetric_algorithms()); self->algorithms = make_algorithms_options(all_symmetric_algorithms());
self->home = home; self->home = home;
self->signature_algorithms = all_signature_algorithms(r); /* OK to init with NULL */ /* OK to init with NULL */
self->signature_algorithms = all_signature_algorithms(r);
self->sloppy = 0; self->sloppy = 0;
self->capture = NULL; self->capture = NULL;
...@@ -184,33 +185,49 @@ static struct spki_context * ...@@ -184,33 +185,49 @@ static struct spki_context *
read_known_hosts(struct lsh_options *options) read_known_hosts(struct lsh_options *options)
{ {
struct lsh_string *tmp = NULL; struct lsh_string *tmp = NULL;
const char *s;
struct lsh_string *contents; struct lsh_string *contents;
const char *s = NULL;
int fd; int fd;
struct sexp_iterator i; struct sexp_iterator i;
struct spki_context *context; struct spki_context *context;
const char *sexp_conv = getenv("SEXP_CONV");
const char *args[] = { "sexp-conv", "-s", "canonical", NULL };
context = make_spki_context(options->signature_algorithms); context = make_spki_context(options->signature_algorithms);
if (options->known_hosts) if (options->known_hosts)
s = options->known_hosts; {
s = options->known_hosts;
fd = open(s, O_RDONLY);
}
else else
{ {
tmp = ssh_format("%lz/.lsh/known_hosts", options->home); tmp = ssh_format("%lz/.lsh/host-acls", options->home);
s = lsh_get_cstring(tmp); s = lsh_get_cstring(tmp);
fd = open(s, O_RDONLY);
if (fd < 0)
{
lsh_string_free(tmp);
tmp = ssh_format("%lz/.lsh/known_hosts", options->home);
s = lsh_get_cstring(tmp);
fd = open(lsh_get_cstring(tmp), O_RDONLY);
}
} }
fd = open(s, O_RDONLY);
if (fd < 0) if (fd < 0)
{ {
lsh_string_free(tmp);
werror("Failed to open `%z' for reading %e\n", s, errno); werror("Failed to open `%z' for reading %e\n", s, errno);
lsh_string_free(tmp);
return context; return context;
} }
lsh_string_free(tmp); lsh_string_free(tmp);
contents = io_read_file_raw(fd, 5000); if (!sexp_conv)
sexp_conv = PREFIX "/bin/sexp-conv";
contents = lsh_popen_read(sexp_conv, args, fd, 5000);
if (!contents) if (!contents)
{ {
...@@ -221,8 +238,9 @@ read_known_hosts(struct lsh_options *options) ...@@ -221,8 +238,9 @@ read_known_hosts(struct lsh_options *options)
close(fd); close(fd);
/* NOTE: Modifies contents in place */ /* We could use transport syntax instead. That would have the
if (!sexp_transport_iterator_first(&i, contents->length, contents->data)) * advantage that we can read and process one entry at a time. */
if (!sexp_iterator_first(&i, contents->length, contents->data))
werror("read_known_hosts: S-expression syntax error.\n"); werror("read_known_hosts: S-expression syntax error.\n");
else else
...@@ -403,14 +421,13 @@ do_lsh_lookup(struct lookup_verifier *c, ...@@ -403,14 +421,13 @@ do_lsh_lookup(struct lookup_verifier *c,
struct lsh_string *key) struct lsh_string *key)
{ {
CAST(lsh_host_db, self, c); CAST(lsh_host_db, self, c);
struct spki_subject *subject; struct spki_principal *subject;
switch (method) switch (method)
{ {
case ATOM_SSH_DSS: case ATOM_SSH_DSS:
{ {
struct lsh_string *spki_key; struct lsh_string *spki_key;
struct sexp_iterator i;
struct verifier *v = make_ssh_dss_verifier(key->length, key->data); struct verifier *v = make_ssh_dss_verifier(key->length, key->data);
if (!v) if (!v)
...@@ -421,10 +438,8 @@ do_lsh_lookup(struct lookup_verifier *c, ...@@ -421,10 +438,8 @@ do_lsh_lookup(struct lookup_verifier *c,
/* FIXME: It seems like a waste to pick apart the sexp again */ /* FIXME: It seems like a waste to pick apart the sexp again */
spki_key = PUBLIC_SPKI_KEY(v, 0); spki_key = PUBLIC_SPKI_KEY(v, 0);
if (!sexp_iterator_first(&i, spki_key->length, spki_key->data))
fatal("Internal error.\n"); subject = spki_lookup(self->db, spki_key->length, spki_key->data, v);
subject = SPKI_LOOKUP(self->db, &i, v);
assert(subject); assert(subject);
assert(subject->verifier); assert(subject->verifier);
...@@ -434,7 +449,6 @@ do_lsh_lookup(struct lookup_verifier *c, ...@@ -434,7 +449,6 @@ do_lsh_lookup(struct lookup_verifier *c,
case ATOM_SSH_RSA: case ATOM_SSH_RSA:
{ {
struct lsh_string *spki_key; struct lsh_string *spki_key;
struct sexp_iterator i;
struct verifier *v = make_ssh_rsa_verifier(key->length, key->data); struct verifier *v = make_ssh_rsa_verifier(key->length, key->data);
if (!v) if (!v)
...@@ -445,10 +459,7 @@ do_lsh_lookup(struct lookup_verifier *c, ...@@ -445,10 +459,7 @@ do_lsh_lookup(struct lookup_verifier *c,
/* FIXME: It seems like a waste to pick apart the sexp again */ /* FIXME: It seems like a waste to pick apart the sexp again */
spki_key = PUBLIC_SPKI_KEY(v, 0); spki_key = PUBLIC_SPKI_KEY(v, 0);
if (!sexp_iterator_first(&i, spki_key->length, spki_key->data)) subject = spki_lookup(self->db, spki_key->length, spki_key->data, v);
fatal("Internal error.\n");
subject = SPKI_LOOKUP(self->db, &i, v);
assert(subject); assert(subject);
assert(subject->verifier); assert(subject->verifier);
...@@ -479,15 +490,7 @@ do_lsh_lookup(struct lookup_verifier *c, ...@@ -479,15 +490,7 @@ do_lsh_lookup(struct lookup_verifier *c,
case ATOM_SPKI_SIGN_RSA: case ATOM_SPKI_SIGN_RSA:
case ATOM_SPKI_SIGN_DSS: case ATOM_SPKI_SIGN_DSS:
{ {
struct sexp_iterator i; subject = spki_lookup(self->db, key->length, key->data, NULL);
if (!sexp_iterator_first(&i, key->length, key->data))
{
werror("do_lsh_lookup: Invalid spki s-expression.\n");
return NULL;
}
subject = SPKI_LOOKUP(self->db, &i, NULL);
if (!subject) if (!subject)
{ {
werror("do_lsh_lookup: Invalid spki key.\n"); werror("do_lsh_lookup: Invalid spki key.\n");
...@@ -509,7 +512,7 @@ do_lsh_lookup(struct lookup_verifier *c, ...@@ -509,7 +512,7 @@ do_lsh_lookup(struct lookup_verifier *c,
/* Check authorization */ /* Check authorization */
if (SPKI_AUTHORIZE(self->db, subject, self->access)) if (spki_authorize(self->db, subject, time(NULL), self->access))
{ {
verbose("SPKI host authorization successful!\n"); verbose("SPKI host authorization successful!\n");
} }
...@@ -529,10 +532,12 @@ do_lsh_lookup(struct lookup_verifier *c, ...@@ -529,10 +532,12 @@ do_lsh_lookup(struct lookup_verifier *c,
if (!quiet_flag) if (!quiet_flag)
{ {
/* Display fingerprint */ /* Display fingerprint */
/* FIXME: Rewrite to use libspki subject */
#if 0
struct lsh_string *spki_fingerprint = struct lsh_string *spki_fingerprint =
hash_string(self->hash, subject->key, 0); hash_string(self->hash, subject->key, 0);
#endif
struct lsh_string *fingerprint = struct lsh_string *fingerprint =
lsh_string_colonize( lsh_string_colonize(
ssh_format( "%lfxS", ssh_format( "%lfxS",
...@@ -558,15 +563,15 @@ do_lsh_lookup(struct lookup_verifier *c, ...@@ -558,15 +563,15 @@ do_lsh_lookup(struct lookup_verifier *c,
"Key details:\n" "Key details:\n"
"Bubble Babble: %lfS\n" "Bubble Babble: %lfS\n"
"Fingerprint: %lfS\n" "Fingerprint: %lfS\n"
"SPKI SHA1: %lfxS\n" /* "SPKI SHA1: %lfxS\n" */
"Do you trust this key? (y/n) ", "Do you trust this key? (y/n) ",
self->host->ip, babble, fingerprint, spki_fingerprint), 0, 1)) self->host->ip, babble, fingerprint /* , spki_fingerprint */), 0, 1))
return NULL; return NULL;
} }
acl = lsh_sexp_format(0, "(%0s(%0s%l(%0s%s)))", acl = lsh_sexp_format(0, "(%0s(%0s%l(%0s%s)))",
"acl", "entry", "acl", "entry",
subject->key->length, subject->key->data, subject->key_length, subject->key,
"tag", self->access->length, self->access->data); "tag", self->access->length, self->access->data);
/* FIXME: Seems awkward to pick the acl apart again. */ /* FIXME: Seems awkward to pick the acl apart again. */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment