1 From 59c773c11e5c0bf249e270fc4658513834a754e1 Mon Sep 17 00:00:00 2001
2 From: Alex Wilson <alex.wilson@joyent.com>
3 Date: Wed, 9 Sep 2015 10:36:05 -0700
4 Subject: [PATCH 33/36] Temporarily set ssh-keygen and ssh-add to old FP format
5
6 SDC and its users have a lot of scripts that expect ssh-add
7 and ssh-keygen to return fingerprints in the old format.
8 As a temporary measure, make us default to producing this
9 same output until we have migrated everything over.
10 ---
11 ssh-add.c | 13 +++++++++++--
12 ssh-keygen.c | 21 ++++++++++++++++++---
13 2 files changed, 29 insertions(+), 5 deletions(-)
14
15 diff --git a/ssh-add.c b/ssh-add.c
16 index d6271d7..2eb723f 100644
17 --- a/ssh-add.c
18 +++ b/ssh-add.c
19 @@ -52,6 +52,7 @@
20 #include <string.h>
21 #include <unistd.h>
22 #include <limits.h>
23 +#include <assert.h>
24
25 #include "xmalloc.h"
26 #include "ssh.h"
27 @@ -85,7 +86,8 @@ static char *default_files[] = {
28 NULL
29 };
30
31 -static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
32 +static int fingerprint_hash = SSH_DIGEST_MD5;
33 +static int fingerprint_compat = 1;
34
35 /* Default lifetime (0 == forever) */
36 static int lifetime = 0;
37 @@ -364,6 +366,7 @@ static int
38 list_identities(int agent_fd, int do_fp)
39 {
40 char *fp;
41 + char *fpp;
42 int r, had_identities = 0;
43 struct ssh_identitylist *idlist;
44 size_t i;
45 @@ -386,9 +389,14 @@ list_identities(int agent_fd, int do_fp)
46 if (do_fp) {
47 fp = sshkey_fingerprint(idlist->keys[i],
48 fingerprint_hash, SSH_FP_DEFAULT);
49 + fpp = fp;
50 + if (fingerprint_compat == 1) {
51 + assert(strncmp(fp, "MD5:", 4) == 0);
52 + fpp += 4;
53 + }
54 printf("%d %s %s (%s)\n",
55 sshkey_size(idlist->keys[i]),
56 - fp == NULL ? "(null)" : fp,
57 + fp == NULL ? "(null)" : fpp,
58 idlist->comments[i],
59 sshkey_type(idlist->keys[i]));
60 free(fp);
61 @@ -514,6 +522,7 @@ main(int argc, char **argv)
62 switch (ch) {
63 case 'E':
64 fingerprint_hash = ssh_digest_alg_by_name(optarg);
65 + fingerprint_compat = 0;
66 if (fingerprint_hash == -1)
67 fatal("Invalid hash algorithm \"%s\"", optarg);
68 break;
69 diff --git a/ssh-keygen.c b/ssh-keygen.c
70 index 4e0a855..75b3734 100644
71 --- a/ssh-keygen.c
72 +++ b/ssh-keygen.c
73 @@ -37,6 +37,7 @@
74 #include <string.h>
75 #include <unistd.h>
76 #include <limits.h>
77 +#include <assert.h>
78
79 #include "xmalloc.h"
80 #include "sshkey.h"
81 @@ -101,7 +102,8 @@ int print_fingerprint = 0;
82 int print_bubblebabble = 0;
83
84 /* Hash algorithm to use for fingerprints. */
85 -int fingerprint_hash = SSH_FP_HASH_DEFAULT;
86 +int fingerprint_hash = SSH_DIGEST_MD5;
87 +int fingerprint_compat = 1;
88
89 /* The identity file name, given on the command line or entered by the user. */
90 char identity_file[1024];
91 @@ -773,6 +775,7 @@ do_download(struct passwd *pw)
92 enum sshkey_fp_rep rep;
93 int fptype;
94 char *fp, *ra;
95 + char *fpp;
96
97 fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
98 rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
99 @@ -788,8 +791,13 @@ do_download(struct passwd *pw)
100 SSH_FP_RANDOMART);
101 if (fp == NULL || ra == NULL)
102 fatal("%s: sshkey_fingerprint fail", __func__);
103 + fpp = fp;
104 + if (fingerprint_compat == 1) {
105 + assert(strncmp(fp, "MD5:", 4) == 0);
106 + fpp += 4;
107 + }
108 printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
109 - fp, sshkey_type(keys[i]));
110 + fpp, sshkey_type(keys[i]));
111 if (log_level >= SYSLOG_LEVEL_VERBOSE)
112 printf("%s\n", ra);
113 free(ra);
114 @@ -814,6 +822,7 @@ do_fingerprint(struct passwd *pw)
115 FILE *f;
116 struct sshkey *public;
117 char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra;
118 + char *fpp;
119 int r, i, skip = 0, num = 0, invalid = 1;
120 enum sshkey_fp_rep rep;
121 int fptype;
122 @@ -834,7 +843,12 @@ do_fingerprint(struct passwd *pw)
123 SSH_FP_RANDOMART);
124 if (fp == NULL || ra == NULL)
125 fatal("%s: sshkey_fingerprint fail", __func__);
126 - printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment,
127 + fpp = fp;
128 + if (fingerprint_compat == 1) {
129 + assert(strncmp(fp, "MD5:", 4) == 0);
130 + fpp += 4;
131 + }
132 + printf("%u %s %s (%s)\n", sshkey_size(public), fpp, comment,
133 sshkey_type(public));
134 if (log_level >= SYSLOG_LEVEL_VERBOSE)
135 printf("%s\n", ra);
136 @@ -2243,6 +2257,7 @@ main(int argc, char **argv)
137 break;
138 case 'E':
139 fingerprint_hash = ssh_digest_alg_by_name(optarg);
140 + fingerprint_compat = 0;
141 if (fingerprint_hash == -1)
142 fatal("Invalid hash algorithm \"%s\"", optarg);
143 break;
144 --
145 2.5.4 (Apple Git-61)
146