mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-07-03 04:22:47 -05:00
Move verify_ssh_manual_host_key into sshcommon.c
This is essentially trivial, because the only thing it needed from the Ssh structure was the Conf. So the version in sshcommon.c just takes an actual Conf as an argument, and now it doesn't need access to the big structure definition any more.
This commit is contained in:
55
sshcommon.c
55
sshcommon.c
@ -655,3 +655,58 @@ int ssh2_bpp_check_unimplemented(BinaryPacketProtocol *bpp, PktIn *pktin)
|
||||
#undef BITMAP_UNIVERSAL
|
||||
#undef BITMAP_CONDITIONAL
|
||||
#undef SSH1_BITMAP_WORD
|
||||
|
||||
/* ----------------------------------------------------------------------
|
||||
* Function to check a host key against any manually configured in Conf.
|
||||
*/
|
||||
|
||||
int verify_ssh_manual_host_key(
|
||||
Conf *conf, const char *fingerprint, ssh_key *key)
|
||||
{
|
||||
if (!conf_get_str_nthstrkey(conf, CONF_ssh_manual_hostkeys, 0))
|
||||
return -1; /* no manual keys configured */
|
||||
|
||||
if (fingerprint) {
|
||||
/*
|
||||
* The fingerprint string we've been given will have things
|
||||
* like 'ssh-rsa 2048' at the front of it. Strip those off and
|
||||
* narrow down to just the colon-separated hex block at the
|
||||
* end of the string.
|
||||
*/
|
||||
const char *p = strrchr(fingerprint, ' ');
|
||||
fingerprint = p ? p+1 : fingerprint;
|
||||
/* Quick sanity checks, including making sure it's in lowercase */
|
||||
assert(strlen(fingerprint) == 16*3 - 1);
|
||||
assert(fingerprint[2] == ':');
|
||||
assert(fingerprint[strspn(fingerprint, "0123456789abcdef:")] == 0);
|
||||
|
||||
if (conf_get_str_str_opt(conf, CONF_ssh_manual_hostkeys, fingerprint))
|
||||
return 1; /* success */
|
||||
}
|
||||
|
||||
if (key) {
|
||||
/*
|
||||
* Construct the base64-encoded public key blob and see if
|
||||
* that's listed.
|
||||
*/
|
||||
strbuf *binblob;
|
||||
char *base64blob;
|
||||
int atoms, i;
|
||||
binblob = strbuf_new();
|
||||
ssh_key_public_blob(key, BinarySink_UPCAST(binblob));
|
||||
atoms = (binblob->len + 2) / 3;
|
||||
base64blob = snewn(atoms * 4 + 1, char);
|
||||
for (i = 0; i < atoms; i++)
|
||||
base64_encode_atom(binblob->u + 3*i,
|
||||
binblob->len - 3*i, base64blob + 4*i);
|
||||
base64blob[atoms * 4] = '\0';
|
||||
strbuf_free(binblob);
|
||||
if (conf_get_str_str_opt(conf, CONF_ssh_manual_hostkeys, base64blob)) {
|
||||
sfree(base64blob);
|
||||
return 1; /* success */
|
||||
}
|
||||
sfree(base64blob);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
Reference in New Issue
Block a user