Return-Path: Received: from alpha.sggw.waw.pl (148.81.184.5) by nic.lp.se (MX V5.1-X VnHj) with ESMTP for ; Thu, 9 Sep 1999 23:35:38 +0200 X-Listname: SSH for VMS Discussion List Received: from nic.lp.se (212.109.2.185) by alpha.sggw.waw.pl (MX V5.1-X AnBj) with ESMTP for ; Thu, 9 Sep 1999 23:34:51 +0200 Received: from NIC.LP.SE (127.0.0.1) by nic.lp.se (MX V5.1-X VnHj) with SMTP for ; Thu, 9 Sep 1999 23:31:02 +0200 Date: Thu, 9 Sep 1999 23:30:59 +0200 Message-ID: <1855-Thu09Sep1999233059+0200-levitte@lp.se> From: Richard Levitte - VMS Whacker Reply-To: VMS-SSH@alpha.sggw.waw.pl To: vms-ssh@alpha.sggw.waw.pl Subject: FISH using some logical names... MIME-Version: 1.0 Content-Type: Text/Plain; Charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-URL: http://richard.levitte.org/ X-PGP-Key-ID: Length=2048; ID=0xE06D2CB1 X-PGP-Key-Fingerprint: 35 3E 6C 9E 8C 97 85 24 BD 9F D1 9E 8F 75 23 6B X-PGP-Key-URL: X-Date-Of-Birth: Setting Orange,the 63rd day of The Aftermath in the YOLD 3130 X-AKA: bastard@bofh.se, richard@levitte.org, levitte@lp.se X-Waved: dead chicken, dms-sig 2.2 RL1 (enhanced), rl-head 1.01, feedmail 7-beta-11/RL-mods-2 (enhanced), vmsmail2 (enhanced) X-List-Archives: List-Subscribe: List-Unsubscribe: List-Help: I've played around with Ken's ideas around logical names. The part that would allow RSA-rhosts authentication is not yet done, but the rest of his ideas are. To get what I've done so far, apply the following patches (given in unified diff format): Index: news.txt =================================================================== RCS file: /src/RemoteRepository/fish/news.txt,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- news.txt 1999/09/08 15:04:50 1.17 +++ news.txt 1999/09/09 21:12:33 1.18 @@ -116,3 +116,14 @@ - A few bug fixes. +0.6-2 beta1 + + - SSH will now look at the following logical names: + + FISH_PASSPHRASE_MIN (minimum passphrase length + for certificates. Must be + defined in executive mode) + SSH_KNOWN_HOSTS (global file of known hosts. + Must be defined in executive + mode) + Index: src/fish-keygen.c =================================================================== RCS file: /src/RemoteRepository/fish/src/fish-keygen.c,v retrieving revision 1.25 retrieving revision 1.27 diff -u -r1.25 -r1.27 --- fish-keygen.c 1999/08/19 23:33:10 1.25 +++ fish-keygen.c 1999/09/09 21:09:55 1.27 @@ -1,4 +1,4 @@ -/* $Id: fish-keygen.c,v 1.25 1999/08/19 23:33:10 levitte Exp $ */ +/* $Id: fish-keygen.c,v 1.27 1999/09/09 21:09:55 levitte Exp $ */ #include "gnu_extras.h" @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -140,6 +141,20 @@ memset(ret2, 0, sizeof(ret2)); lib$signal(FISH_M_PWDNOTVER); goto passphrase_again; + } + status = sys_trnlnm("FISH_PASSPHRASE_MIN", 0, PSL$C_EXEC, + buf, sizeof(buf)); + if (status != SS$_NOLOGNAM) { + if (!$VMS_STATUS_SUCCESS(status)) + lib$signal(status); + status = atoi(buf); + if (strlen(ret) < status) { + /* Passphrases is too short. Zero passphrases and exit! */ + memset(ret, 0, sizeof(ret)); + memset(ret2, 0, sizeof(ret2)); + lib$signal(FISH_M_PWDTOOSHRT, 1, status); + goto passphrase_again; + } } passphrase = buf_init(strlen(ret)); buf_append_chars_nocount(passphrase, ret); Index: src/fish.msg =================================================================== RCS file: /src/RemoteRepository/fish/src/fish.msg,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- fish.msg 1999/08/10 13:12:39 1.16 +++ fish.msg 1999/09/09 18:12:07 1.17 @@ -29,6 +29,7 @@ RSAFAIL2 /ident=RSAFAIL PSSFAIL1 /ident=PSSFAIL PWDNOTVER +PWDTOOSHRT /fao=1 NOOVERWR INTERRUPT Index: src/ssh.c =================================================================== RCS file: /src/RemoteRepository/fish/src/ssh.c,v retrieving revision 1.56 retrieving revision 1.58 diff -u -r1.56 -r1.58 --- ssh.c 1999/08/10 13:13:09 1.56 +++ ssh.c 1999/09/09 21:09:56 1.58 @@ -1,4 +1,4 @@ -/* $Id: ssh.c,v 1.56 1999/08/10 13:13:09 levitte Exp $ */ +/* $Id: ssh.c,v 1.58 1999/09/09 21:09:56 levitte Exp $ */ #include "gnu_extras.h" @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -596,9 +597,20 @@ return status | 0x10000000; } - sprintf(tmpbuf, "%s%s", state->sshprefs->default_directory, - "KNOWN_HOSTS.DAT"); - status = find_host(state->sshprefs->host, servkey.hostkey, tmpbuf); + status = sys_trnlnm("SSH_KNOWN_HOSTS", 0, PSL$C_EXEC, + tmpbuf, sizeof(tmpbuf)); + if (status != SS$_NOLOGNAM) { + if (!$VMS_STATUS_SUCCESS(status)) + lib$signal(status); + status = find_host(state->sshprefs->host, servkey.hostkey, + tmpbuf); + } + if (status == SS$_NOLOGNAM) { + sprintf(tmpbuf, "%s%s", state->sshprefs->default_directory, + "KNOWN_HOSTS.DAT"); + status = find_host(state->sshprefs->host, servkey.hostkey, + tmpbuf); + } if (status == FISH_M_HOSTOK) { on_state(ssh_infof("Host %s is known and matches the host key", state->sshprefs->host)); @@ -810,6 +822,20 @@ case SSH_AUTH_RHOSTS_RSA: /* Not supported, so just trickle through */ state->authphase = SSH_AUTH_RSA; + +#if 0 + status = sys_trnlnm("SSH_HOST_KEY", 0, PSL$C_EXEC, + tmpbuf, sizeof(tmpbuf)); + if (status != SS$_NOLOGNAM) { + if (!$VMS_STATUS_SUCCESS(status)) + lib$signal(status); + } + + /* Beside this, I must also support both SSH private key + format 1.1 and PEM format, and the SSH PEM format as + well (the kind that SSHv2 does. But PEM will come first, + since that's what SSH_SERVER uses... */ +#endif case SSH_AUTH_RSA: /* Default to go to next method */ Index: src/version.opt =================================================================== RCS file: /src/RemoteRepository/fish/src/version.opt,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- version.opt 1999/08/30 22:24:26 1.20 +++ version.opt 1999/09/09 21:14:20 1.21 @@ -1,3 +1,3 @@ -! $Id: version.opt,v 1.20 1999/08/30 22:24:26 levitte Exp $ +! $Id: version.opt,v 1.21 1999/09/09 21:14:20 levitte Exp $ NAME="FISH" -IDENT="V0.6-1" +IDENT="V0.6-2 beta1" Index: src/vms.c =================================================================== RCS file: /src/RemoteRepository/fish/src/vms.c,v retrieving revision 1.11 retrieving revision 1.14 diff -u -r1.11 -r1.14 --- vms.c 1999/06/22 12:32:07 1.11 +++ vms.c 1999/09/09 21:03:42 1.14 @@ -1,4 +1,4 @@ -/* $Id: vms.c,v 1.11 1999/06/22 12:32:07 levitte Exp $ */ +/* $Id: vms.c,v 1.14 1999/09/09 21:03:42 levitte Exp $ */ /* This file contains all the VMS-specific things we might need */ @@ -10,21 +10,42 @@ #include #include #include +#include +#include #include #include #include "fish.h" #include "vms.h" #include "util.h" +struct iosb_t { + unsigned short status; + unsigned short buflen; + unsigned short terminator; + unsigned short terminatorsize; +}; + +#define INIT_DSC2(dsc,str,len) do { (dsc).dsc$w_length = (len); \ + (dsc).dsc$b_dtype = DSC$K_DTYPE_T; \ + (dsc).dsc$b_class = DSC$K_CLASS_S; \ + (dsc).dsc$a_pointer = (str); } while(0) +#define INIT_DSC(dsc,str) INIT_DSC2((dsc), (str), (strlen(str))) + +struct itemlist3_t { + unsigned short buflen; + unsigned short itemcode; + void *bufaddr; + unsigned long *resultlen; +}; + + /* TTY specific things */ tty_s *tty_open(const char *name, int *status) { tty_s *tty = xmalloc(sizeof(tty_s)); - tty->name.dsc$w_length = strlen(name); - tty->name.dsc$b_dtype = DSC$K_DTYPE_T; - tty->name.dsc$b_class = DSC$K_CLASS_S; - tty->name.dsc$a_pointer = xstrdup(name); + INIT_DSC2(tty->name, xstrdup(name), strlen(name)); + *status = sys$assign(&(tty->name),&(tty->channel),0,0); if (!(*status & 1)) { xfree(tty); @@ -142,18 +163,8 @@ int function = (purged ? IO$M_PURGE : 0) | (echo ? 0 : IO$M_NOECHO) | IO$_READPROMPT; unsigned long buflen; - struct { - unsigned short status; - unsigned short buflen; - unsigned short terminator; - unsigned short terminatorsize; - } iosb; - struct itemlist3 { - unsigned short buflen; - unsigned short itemcode; - void *bufaddr; - unsigned long *resultlen; - } il3[] = { + struct iosb_t iosb; + struct itemlist3_t il3[] = { { 0, SYI$_MAXBUF, 0, 0 }, { 0, 0, 0, 0 }, }; @@ -194,13 +205,40 @@ int lib_put_output(char *str) { struct dsc$descriptor_s dsc; - - dsc.dsc$b_dtype = DSC$K_DTYPE_T; - dsc.dsc$b_class = DSC$K_CLASS_S; - dsc.dsc$w_length = strlen(str); - dsc.dsc$a_pointer = str; + INIT_DSC(dsc, str); return lib$put_output(&dsc); +} + +/* like sys$trnlnm(), but only takes the simplest cases */ +int sys_trnlnm(char *lognam, char *table, int acmode, + char *value, int valuesize) +{ + struct itemlist3_t il3[] = { + { 0, LNM$_STRING, 0, 0 }, + { 0, 0, 0, 0 }, + }; + struct dsc$descriptor_s lognam_dsc; + struct dsc$descriptor_s table_dsc; + int status; + unsigned long resultlen = 0; + + if (table == 0) + table = "LNM$FILE_DEV"; + + if (lognam == 0) + return SS$_BADPARAM; + + INIT_DSC(table_dsc, table); + INIT_DSC(lognam_dsc, lognam); + il3[0].buflen = valuesize; + il3[0].bufaddr = value; + il3[0].resultlen = &resultlen; + + status = sys$trnlnm(0, &table_dsc, &lognam_dsc, &acmode, il3); + value[resultlen] = '\0'; + + return status; } /* Emacs local variables -- R Levitte, Levitte Programming; Spannv. 38, I; S-168 35 Bromma; SWEDEN Tel: +46-8-26 52 47; Cell: +46-708-26 53 44; Fax: +46-708-26 53 88 PGP key fingerprint = 35 3E 6C 9E 8C 97 85 24 BD 9F D1 9E 8F 75 23 6B http://richard.levitte.org/pubkey2.asc for my public key. levitte@lp.se "price, performance, quality. Choose any two you like"