[openssh-commits] [openssh] 07/25: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Apr 29 19:54:47 AEST 2015
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 3038a191872d2882052306098c1810d14835e704
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Apr 17 13:19:22 2015 +0000
upstream commit
use error/logit/fatal instead of fprintf(stderr, ...)
and exit(0), fix a few errors that were being printed to stdout instead of
stderr and a few non-errors that were going to stderr instead of stdout
bz#2325; ok dtucker
---
ssh-keygen.c | 247 +++++++++++++++++++++++------------------------------------
1 file changed, 94 insertions(+), 153 deletions(-)
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 0518638..d3c4122 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.268 2015/03/31 11:06:49 tobias Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.269 2015/04/17 13:19:22 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -187,10 +187,8 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
int nid;
#endif
- if (type == KEY_UNSPEC) {
- fprintf(stderr, "unknown key type %s\n", key_type_name);
- exit(1);
- }
+ if (type == KEY_UNSPEC)
+ fatal("unknown key type %s", key_type_name);
if (*bitsp == 0) {
#ifdef WITH_OPENSSL
if (type == KEY_DSA)
@@ -208,10 +206,8 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
#ifdef WITH_OPENSSL
maxbits = (type == KEY_DSA) ?
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
- if (*bitsp > maxbits) {
- fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
- exit(1);
- }
+ if (*bitsp > maxbits)
+ fatal("key bits exceeds maximum %d", maxbits);
if (type == KEY_DSA && *bitsp != 1024)
fatal("DSA keys must be 1024 bits");
else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
@@ -256,13 +252,13 @@ ask_filename(struct passwd *pw, const char *prompt)
name = _PATH_SSH_CLIENT_ID_ED25519;
break;
default:
- fprintf(stderr, "bad key type\n");
- exit(1);
- break;
+ fatal("bad key type");
}
}
- snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
- fprintf(stderr, "%s (%s): ", prompt, identity_file);
+ snprintf(identity_file, sizeof(identity_file),
+ "%s/%s", pw->pw_dir, name);
+ printf("%s (%s): ", prompt, identity_file);
+ fflush(stdout);
if (fgets(buf, sizeof(buf), stdin) == NULL)
exit(1);
buf[strcspn(buf, "\n")] = '\0';
@@ -308,14 +304,10 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
char comment[61];
int r;
- if (k->type == KEY_RSA1) {
- fprintf(stderr, "version 1 keys are not supported\n");
- exit(1);
- }
- if ((r = sshkey_to_blob(k, &blob, &len)) != 0) {
- fprintf(stderr, "key_to_blob failed: %s\n", ssh_err(r));
- exit(1);
- }
+ if (k->type == KEY_RSA1)
+ fatal("version 1 keys are not supported");
+ if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
+ fatal("key_to_blob failed: %s", ssh_err(r));
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
snprintf(comment, sizeof(comment),
"%u-bit %s, converted by %s@%s from OpenSSH",
@@ -544,17 +536,13 @@ get_line(FILE *fp, char *line, size_t len)
line[0] = '\0';
while ((c = fgetc(fp)) != EOF) {
- if (pos >= len - 1) {
- fprintf(stderr, "input line too long.\n");
- exit(1);
- }
+ if (pos >= len - 1)
+ fatal("input line too long.");
switch (c) {
case '\r':
c = fgetc(fp);
- if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) {
- fprintf(stderr, "unget: %s\n", strerror(errno));
- exit(1);
- }
+ if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
+ fatal("unget: %s", strerror(errno));
return pos;
case '\n':
return pos;
@@ -606,16 +594,12 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
(encoded[len-3] == '='))
encoded[len-3] = '\0';
blen = uudecode(encoded, blob, sizeof(blob));
- if (blen < 0) {
- fprintf(stderr, "uudecode failed.\n");
- exit(1);
- }
+ if (blen < 0)
+ fatal("uudecode failed.");
if (*private)
*k = do_convert_private_ssh2_from_blob(blob, blen);
- else if ((r = sshkey_from_blob(blob, blen, k)) != 0) {
- fprintf(stderr, "decode blob failed: %s\n", ssh_err(r));
- exit(1);
- }
+ else if ((r = sshkey_from_blob(blob, blen, k)) != 0)
+ fatal("decode blob failed: %s", ssh_err(r));
fclose(fp);
}
@@ -749,10 +733,8 @@ do_convert_from(struct passwd *pw)
}
}
- if (!ok) {
- fprintf(stderr, "key write failed\n");
- exit(1);
- }
+ if (!ok)
+ fatal("key write failed");
sshkey_free(k);
exit(0);
}
@@ -767,13 +749,11 @@ do_print_public(struct passwd *pw)
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
prv = load_identity(identity_file);
if ((r = sshkey_write(prv, stdout)) != 0)
- fprintf(stderr, "key_write failed: %s", ssh_err(r));
+ error("key_write failed: %s", ssh_err(r));
sshkey_free(prv);
fprintf(stdout, "\n");
exit(0);
@@ -838,10 +818,8 @@ do_fingerprint(struct passwd *pw)
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0)
debug2("Error loading public key \"%s\": %s",
identity_file, ssh_err(r));
@@ -933,10 +911,8 @@ do_fingerprint(struct passwd *pw)
}
fclose(f);
- if (invalid) {
- printf("%s is not a public key file.\n", identity_file);
- exit(1);
- }
+ if (invalid)
+ fatal("%s is not a public key file.", identity_file);
exit(0);
}
@@ -973,7 +949,7 @@ do_gen_all_hostkeys(struct passwd *pw)
if (stat(key_types[i].path, &st) == 0)
continue;
if (errno != ENOENT) {
- printf("Could not stat %s: %s", key_types[i].path,
+ error("Could not stat %s: %s", key_types[i].path,
strerror(errno));
first = 0;
continue;
@@ -990,8 +966,7 @@ do_gen_all_hostkeys(struct passwd *pw)
bits = 0;
type_bits_valid(type, NULL, &bits);
if ((r = sshkey_generate(type, bits, &private)) != 0) {
- fprintf(stderr, "key_generate failed: %s\n",
- ssh_err(r));
+ error("key_generate failed: %s", ssh_err(r));
first = 0;
continue;
}
@@ -1001,8 +976,8 @@ do_gen_all_hostkeys(struct passwd *pw)
hostname);
if ((r = sshkey_save_private(private, identity_file, "",
comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s\n", identity_file,
- ssh_err(r));
+ error("Saving key \"%s\" failed: %s",
+ identity_file, ssh_err(r));
sshkey_free(private);
sshkey_free(public);
first = 0;
@@ -1012,7 +987,7 @@ do_gen_all_hostkeys(struct passwd *pw)
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) {
- printf("Could not save your public key in %s\n",
+ error("Could not save your public key in %s",
identity_file);
sshkey_free(public);
first = 0;
@@ -1020,14 +995,14 @@ do_gen_all_hostkeys(struct passwd *pw)
}
f = fdopen(fd, "w");
if (f == NULL) {
- printf("fdopen %s failed\n", identity_file);
+ error("fdopen %s failed", identity_file);
close(fd);
sshkey_free(public);
first = 0;
continue;
}
if ((r = sshkey_write(public, f)) != 0) {
- fprintf(stderr, "write key failed: %s\n", ssh_err(r));
+ error("write key failed: %s", ssh_err(r));
fclose(f);
sshkey_free(public);
first = 0;
@@ -1068,8 +1043,8 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
has_wild || l->marker != MRK_NONE) {
fprintf(ctx->out, "%s\n", l->line);
if (has_wild && !find_host) {
- fprintf(stderr, "%s:%ld: ignoring host name "
- "with wildcard: %.64s\n", l->path,
+ logit("%s:%ld: ignoring host name "
+ "with wildcard: %.64s", l->path,
l->linenum, l->hosts);
}
return 0;
@@ -1090,7 +1065,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
case HKF_STATUS_INVALID:
/* Retain invalid lines, but mark file as invalid. */
ctx->invalid = 1;
- fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum);
+ logit("%s:%ld: invalid line", l->path, l->linenum);
/* FALLTHROUGH */
default:
fprintf(ctx->out, "%s\n", l->line);
@@ -1140,8 +1115,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
/* Retain non-matching hosts when deleting */
if (l->status == HKF_STATUS_INVALID) {
ctx->invalid = 1;
- fprintf(stderr, "%s:%ld: invalid line\n",
- l->path, l->linenum);
+ logit("%s:%ld: invalid line", l->path, l->linenum);
}
fprintf(ctx->out, "%s\n", l->line);
}
@@ -1199,17 +1173,15 @@ do_known_hosts(struct passwd *pw, const char *name)
fclose(ctx.out);
if (ctx.invalid) {
- fprintf(stderr, "%s is not a valid known_hosts file.\n",
- identity_file);
+ error("%s is not a valid known_hosts file.", identity_file);
if (inplace) {
- fprintf(stderr, "Not replacing existing known_hosts "
- "file because of errors\n");
+ error("Not replacing existing known_hosts "
+ "file because of errors");
unlink(tmp);
}
exit(1);
} else if (delete_host && !ctx.found_key) {
- fprintf(stderr, "Host %s not found in %s\n",
- name, identity_file);
+ logit("Host %s not found in %s", name, identity_file);
unlink(tmp);
} else if (inplace) {
/* Backup existing file */
@@ -1227,13 +1199,12 @@ do_known_hosts(struct passwd *pw, const char *name)
exit(1);
}
- fprintf(stderr, "%s updated.\n", identity_file);
- fprintf(stderr, "Original contents retained as %s\n", old);
+ printf("%s updated.\n", identity_file);
+ printf("Original contents retained as %s\n", old);
if (ctx.has_unhashed) {
- fprintf(stderr, "WARNING: %s contains unhashed "
- "entries\n", old);
- fprintf(stderr, "Delete this file to ensure privacy "
- "of hostnames\n");
+ logit("WARNING: %s contains unhashed entries", old);
+ logit("Delete this file to ensure privacy "
+ "of hostnames");
}
}
@@ -1255,10 +1226,8 @@ do_change_passphrase(struct passwd *pw)
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
/* Try to load the file with empty passphrase. */
r = sshkey_load_private(identity_file, "", &private, &comment);
if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
@@ -1276,9 +1245,7 @@ do_change_passphrase(struct passwd *pw)
goto badkey;
} else if (r != 0) {
badkey:
- fprintf(stderr, "Failed to load key \"%s\": %s\n",
- identity_file, ssh_err(r));
- exit(1);
+ fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
}
if (comment)
printf("Key has comment '%s'\n", comment);
@@ -1311,7 +1278,7 @@ do_change_passphrase(struct passwd *pw)
/* Save the file using the new passphrase. */
if ((r = sshkey_save_private(private, identity_file, passphrase1,
comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s.\n",
+ error("Saving key \"%s\" failed: %s.",
identity_file, ssh_err(r));
explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
@@ -1345,14 +1312,11 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname)
if (stat(fname, &st) < 0) {
if (errno == ENOENT)
return 0;
- perror(fname);
- exit(1);
+ fatal("%s: %s", fname, strerror(errno));
}
- if ((r = sshkey_load_public(fname, &public, &comment)) != 0) {
- printf("Failed to read v2 public key from \"%s\": %s.\n",
+ if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
+ fatal("Failed to read v2 public key from \"%s\": %s.",
fname, ssh_err(r));
- exit(1);
- }
export_dns_rr(hname, public, stdout, print_generic);
sshkey_free(public);
free(comment);
@@ -1374,18 +1338,15 @@ do_change_comment(struct passwd *pw)
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
if ((r = sshkey_load_private(identity_file, "",
&private, &comment)) == 0)
passphrase = xstrdup("");
- else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) {
- printf("Cannot load private key \"%s\": %s.\n",
+ else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Cannot load private key \"%s\": %s.",
identity_file, ssh_err(r));
- exit(1);
- } else {
+ else {
if (identity_passphrase)
passphrase = xstrdup(identity_passphrase);
else if (identity_new_passphrase)
@@ -1398,13 +1359,13 @@ do_change_comment(struct passwd *pw)
&private, &comment)) != 0) {
explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
- printf("Cannot load private key \"%s\": %s.\n",
+ fatal("Cannot load private key \"%s\": %s.",
identity_file, ssh_err(r));
- exit(1);
}
}
+ /* XXX what about new-format keys? */
if (private->type != KEY_RSA1) {
- fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
+ error("Comments are only supported for RSA1 keys.");
explicit_bzero(passphrase, strlen(passphrase));
sshkey_free(private);
exit(1);
@@ -1427,7 +1388,7 @@ do_change_comment(struct passwd *pw)
/* Save the file using the new passphrase. */
if ((r = sshkey_save_private(private, identity_file, passphrase,
new_comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s\n",
+ error("Saving key \"%s\" failed: %s",
identity_file, ssh_err(r));
explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
@@ -1443,17 +1404,13 @@ do_change_comment(struct passwd *pw)
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
- if (fd == -1) {
- printf("Could not save your public key in %s\n", identity_file);
- exit(1);
- }
+ if (fd == -1)
+ fatal("Could not save your public key in %s", identity_file);
f = fdopen(fd, "w");
- if (f == NULL) {
- printf("fdopen %s failed\n", identity_file);
- exit(1);
- }
+ if (f == NULL)
+ fatal("fdopen %s failed: %s", identity_file, strerror(errno));
if ((r = sshkey_write(public, f)) != 0)
- fprintf(stderr, "write key failed: %s\n", ssh_err(r));
+ fatal("write key failed: %s", ssh_err(r));
sshkey_free(public);
fprintf(f, " %s\n", new_comment);
fclose(f);
@@ -1613,8 +1570,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
break;
/* FALLTHROUGH */
default:
- fprintf(stderr, "unknown key type %s\n", key_type_name);
- exit(1);
+ fatal("unknown key type %s", key_type_name);
}
}
@@ -2272,14 +2228,10 @@ main(int argc, char **argv)
/* we need this for the home * directory. */
pw = getpwuid(getuid());
- if (!pw) {
- printf("No user exists for uid %lu\n", (u_long)getuid());
- exit(1);
- }
- if (gethostname(hostname, sizeof(hostname)) < 0) {
- perror("gethostname");
- exit(1);
- }
+ if (!pw)
+ fatal("No user exists for uid %lu", (u_long)getuid());
+ if (gethostname(hostname, sizeof(hostname)) < 0)
+ fatal("gethostname: %s", strerror(errno));
/* Remaining characters: UYdw */
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy"
@@ -2496,19 +2448,19 @@ main(int argc, char **argv)
if (ca_key_path != NULL) {
if (argc < 1 && !gen_krl) {
- printf("Too few arguments.\n");
+ error("Too few arguments.");
usage();
}
} else if (argc > 0 && !gen_krl && !check_krl) {
- printf("Too many arguments.\n");
+ error("Too many arguments.");
usage();
}
if (change_passphrase && change_comment) {
- printf("Can only have one of -p and -c.\n");
+ error("Can only have one of -p and -c.");
usage();
}
if (print_fingerprint && (delete_host || hash_hosts)) {
- printf("Cannot use -l with -H or -R.\n");
+ error("Cannot use -l with -H or -R.");
usage();
}
if (gen_krl) {
@@ -2550,10 +2502,8 @@ main(int argc, char **argv)
if (have_identity) {
n = do_print_resource_record(pw,
identity_file, rr_hostname);
- if (n == 0) {
- perror(identity_file);
- exit(1);
- }
+ if (n == 0)
+ fatal("%s: %s", identity_file, strerror(errno));
exit(0);
} else {
@@ -2625,14 +2575,10 @@ main(int argc, char **argv)
if (!quiet)
printf("Generating public/private %s key pair.\n",
key_type_name);
- if ((r = sshkey_generate(type, bits, &private)) != 0) {
- fprintf(stderr, "key_generate failed\n");
- exit(1);
- }
- if ((r = sshkey_from_private(private, &public)) != 0) {
- fprintf(stderr, "key_from_private failed: %s\n", ssh_err(r));
- exit(1);
- }
+ if ((r = sshkey_generate(type, bits, &private)) != 0)
+ fatal("key_generate failed");
+ if ((r = sshkey_from_private(private, &public)) != 0)
+ fatal("key_from_private failed: %s\n", ssh_err(r));
if (!have_identity)
ask_filename(pw, "Enter file in which to save the key");
@@ -2702,7 +2648,7 @@ passphrase_again:
/* Save the key with the given passphrase and comment. */
if ((r = sshkey_save_private(private, identity_file, passphrase1,
comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s\n",
+ error("Saving key \"%s\" failed: %s",
identity_file, ssh_err(r));
explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
@@ -2719,18 +2665,13 @@ passphrase_again:
printf("Your identification has been saved in %s.\n", identity_file);
strlcat(identity_file, ".pub", sizeof(identity_file));
- fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
- if (fd == -1) {
- printf("Could not save your public key in %s\n", identity_file);
- exit(1);
- }
- f = fdopen(fd, "w");
- if (f == NULL) {
- printf("fdopen %s failed\n", identity_file);
- exit(1);
- }
+ if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
+ fatal("Unable to save public key to %s: %s",
+ identity_file, strerror(errno));
+ if ((f = fdopen(fd, "w")) == NULL)
+ fatal("fdopen %s failed: %s", identity_file, strerror(errno));
if ((r = sshkey_write(public, f)) != 0)
- fprintf(stderr, "write key failed: %s\n", ssh_err(r));
+ error("write key failed: %s", ssh_err(r));
fprintf(f, " %s\n", comment);
fclose(f);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list