crypto/openssh/ssh-keyscan.c

193323Sed/* $OpenBSD: ssh-keyscan.c,v 1.86 2012/04/11 13:34:17 djm Exp $ */
193323Sed/*
193323Sed * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
193323Sed *
193323Sed * Modification and redistribution in source and binary forms is
193323Sed * permitted provided that due credit is given to the author and the
193323Sed * OpenBSD project by leaving this copyright notice intact.
193323Sed */
193323Sed
193323Sed#include "includes.h"
193323Sed
193323Sed#include "openbsd-compat/sys-queue.h"
193323Sed#include <sys/resource.h>
193323Sed#ifdef HAVE_SYS_TIME_H
193323Sed# include <sys/time.h>
193323Sed#endif
193323Sed
193323Sed#include <netinet/in.h>
193323Sed#include <arpa/inet.h>
249423Sdim
249423Sdim#include <openssl/bn.h>
193323Sed
198090Srdivacky#include <netdb.h>
193323Sed#include <errno.h>
193323Sed#include <setjmp.h>
193323Sed#include <stdarg.h>
193323Sed#include <stdio.h>
249423Sdim#include <stdlib.h>
193323Sed#include <signal.h>
193323Sed#include <string.h>
193323Sed#include <unistd.h>
193323Sed
201360Srdivacky#include "xmalloc.h"
193323Sed#include "ssh.h"
206083Srdivacky#include "ssh1.h"
201360Srdivacky#include "buffer.h"
205218Srdivacky#include "key.h"
201360Srdivacky#include "cipher.h"
208599Srdivacky#include "kex.h"
249423Sdim#include "compat.h"
193323Sed#include "myproposal.h"
193323Sed#include "packet.h"
193323Sed#include "dispatch.h"
198090Srdivacky#include "log.h"
193323Sed#include "atomicio.h"
193323Sed#include "misc.h"
193323Sed#include "hostfile.h"
193323Sed
193323Sed/* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
193323Sed   Default value is AF_UNSPEC means both IPv4 and IPv6. */
193323Sedint IPv4or6 = AF_UNSPEC;
193323Sed
193323Sedint ssh_port = SSH_DEFAULT_PORT;
193323Sed
193323Sed#define KT_RSA1		1
234353Sdim#define KT_DSA		2
193323Sed#define KT_RSA		4
193323Sed#define KT_ECDSA	8
193323Sed
193323Sedint get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */
193323Sed
205218Srdivackyint hash_hosts = 0;		/* Hash hostname on output */
205218Srdivacky
206083Srdivacky#define MAXMAXFD 256
206083Srdivacky
206083Srdivacky/* The number of seconds after which to give up on a TCP connection */
207618Srdivackyint timeout = 5;
207618Srdivacky
207618Srdivackyint maxfd;
207618Srdivacky#define MAXCON (maxfd - 10)
207618Srdivacky
207618Srdivackyextern char *__progname;
205218Srdivackyfd_set *read_wait;
206083Srdivackysize_t read_wait_nfdset;
207618Srdivackyint ncon;
206083Srdivackyint nonfatal_fatal = 0;
205218Srdivackyjmp_buf kexjmp;
243830SdimKey *kexjmp_key;
243830Sdim
205218Srdivacky/*
205218Srdivacky * Keep a connection structure for each file descriptor.  The state
205218Srdivacky * associated with file descriptor n is held in fdcon[n].
207618Srdivacky */
207618Srdivackytypedef struct Connection {
207618Srdivacky	u_char c_status;	/* State of connection on this file desc. */
207618Srdivacky#define CS_UNUSED 0		/* File descriptor unused */
206083Srdivacky#define CS_CON 1		/* Waiting to connect/read greeting */
206083Srdivacky#define CS_SIZE 2		/* Waiting to read initial packet size */
205218Srdivacky#define CS_KEYS 3		/* Waiting to read public key packet */
206083Srdivacky	int c_fd;		/* Quick lookup: c->c_fd == c - fdcon */
205218Srdivacky	int c_plen;		/* Packet length field for ssh packet */
206083Srdivacky	int c_len;		/* Total bytes which must be read. */
206083Srdivacky	int c_off;		/* Length of data read so far. */
207618Srdivacky	int c_keytype;		/* Only one of KT_RSA1, KT_DSA, or KT_RSA */
205218Srdivacky	char *c_namebase;	/* Address to free for c_name and c_namelist */
206083Srdivacky	char *c_name;		/* Hostname of connection for errors */
206083Srdivacky	char *c_namelist;	/* Pointer to other possible addresses */
207618Srdivacky	char *c_output_name;	/* Hostname of connection for output */
205218Srdivacky	char *c_data;		/* Data read from this fd */
206083Srdivacky	Kex *c_kex;		/* The key-exchange struct for ssh2 */
224145Sdim	struct timeval c_tv;	/* Time at which connection gets aborted */
224145Sdim	TAILQ_ENTRY(Connection) c_link;	/* List of connections in timeout order. */
224145Sdim} con;
224145Sdim
224145SdimTAILQ_HEAD(conlist, Connection) tq;	/* Timeout Queue */
224145Sdimcon *fdcon;
206083Srdivacky
206083Srdivackystatic int
206083Srdivackyfdlim_get(int hard)
206083Srdivacky{
206083Srdivacky#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
207618Srdivacky	struct rlimit rlfd;
207618Srdivacky
205218Srdivacky	if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
205218Srdivacky		return (-1);
202878Srdivacky	if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
202878Srdivacky		return SSH_SYSFDMAX;
202878Srdivacky	else
202878Srdivacky		return hard ? rlfd.rlim_max : rlfd.rlim_cur;
193323Sed#else
193323Sed	return SSH_SYSFDMAX;
193323Sed#endif
193323Sed}
193323Sed
193323Sedstatic int
193323Sedfdlim_set(int lim)
193323Sed{
193323Sed#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
193323Sed	struct rlimit rlfd;
193323Sed#endif
193323Sed
207618Srdivacky	if (lim <= 0)
207618Srdivacky		return (-1);
208599Srdivacky#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
249423Sdim	if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
193323Sed		return (-1);
206274Srdivacky	rlfd.rlim_cur = lim;
234353Sdim	if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0)
193323Sed		return (-1);
193323Sed#elif defined (HAVE_SETDTABLESIZE)
193323Sed	setdtablesize(lim);
193323Sed#endif
193323Sed	return (0);
193323Sed}
193323Sed
193323Sed/*
193323Sed * This is an strsep function that returns a null field for adjacent
193323Sed * separators.  This is the same as the 4.4BSD strsep, but different from the
193323Sed * one in the GNU libc.
193323Sed */
193323Sedstatic char *
193323Sedxstrsep(char **str, const char *delim)
193323Sed{
193323Sed	char *s, *e;
193323Sed
193323Sed	if (!**str)
193323Sed		return (NULL);
193323Sed
198090Srdivacky	s = *str;
193323Sed	e = s + strcspn(s, delim);
193323Sed
193323Sed	if (*e != '\0')
193323Sed		*e++ = '\0';
193323Sed	*str = e;
193323Sed
193323Sed	return (s);
193323Sed}
193323Sed
201360Srdivacky/*
201360Srdivacky * Get the next non-null token (like GNU strsep).  Strsep() will return a
201360Srdivacky * null token for two adjacent separators, so we may have to loop.
200581Srdivacky */
205218Srdivackystatic char *
205218Srdivackystrnnsep(char **stringp, char *delim)
205218Srdivacky{
239462Sdim	char *tok;
239462Sdim
239462Sdim	do {
239462Sdim		tok = xstrsep(stringp, delim);
239462Sdim	} while (tok && *tok == '\0');
239462Sdim	return (tok);
239462Sdim}
239462Sdim
239462Sdimstatic Key *
239462Sdimkeygrab_ssh1(con *c)
239462Sdim{
239462Sdim	static Key *rsa;
239462Sdim	static Buffer msg;
239462Sdim
239462Sdim	if (rsa == NULL) {
239462Sdim		buffer_init(&msg);
239462Sdim		rsa = key_new(KEY_RSA1);
239462Sdim	}
239462Sdim	buffer_append(&msg, c->c_data, c->c_plen);
239462Sdim	buffer_consume(&msg, 8 - (c->c_plen & 7));	/* padding */
239462Sdim	if (buffer_get_char(&msg) != (int) SSH_SMSG_PUBLIC_KEY) {
239462Sdim		error("%s: invalid packet type", c->c_name);
239462Sdim		buffer_clear(&msg);
239462Sdim		return NULL;
239462Sdim	}
239462Sdim	buffer_consume(&msg, 8);		/* cookie */
239462Sdim
239462Sdim	/* server key */
239462Sdim	(void) buffer_get_int(&msg);
239462Sdim	buffer_get_bignum(&msg, rsa->rsa->e);
239462Sdim	buffer_get_bignum(&msg, rsa->rsa->n);
239462Sdim
239462Sdim	/* host key */
239462Sdim	(void) buffer_get_int(&msg);
239462Sdim	buffer_get_bignum(&msg, rsa->rsa->e);
239462Sdim	buffer_get_bignum(&msg, rsa->rsa->n);
239462Sdim
239462Sdim	buffer_clear(&msg);
193323Sed
193323Sed	return (rsa);
193323Sed}
193323Sed
193323Sedstatic int
193323Sedhostjump(Key *hostkey)
193323Sed{
243830Sdim	kexjmp_key = hostkey;
243830Sdim	longjmp(kexjmp, 1);
200581Srdivacky}
193323Sed
234353Sdimstatic int
193323Sedssh2_capable(int remote_major, int remote_minor)
193323Sed{
193323Sed	switch (remote_major) {
193323Sed	case 1:
193323Sed		if (remote_minor == 99)
249423Sdim			return 1;
193323Sed		break;
193323Sed	case 2:
193323Sed		return 1;
193323Sed	default:
193323Sed		break;
193323Sed	}
193323Sed	return 0;
207618Srdivacky}
207618Srdivacky
208599Srdivackystatic Key *
249423Sdimkeygrab_ssh2(con *c)
198090Srdivacky{
193323Sed	int j;
193323Sed
193323Sed	packet_set_connection(c->c_fd, c->c_fd);
193323Sed	enable_compat20();
193323Sed	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
193323Sed	    "ssh-dss" : (c->c_keytype == KT_RSA ? "ssh-rsa" :
193323Sed	    "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521");
193323Sed	c->c_kex = kex_setup(myproposal);
193323Sed	c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
193323Sed	c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
193323Sed	c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
193323Sed	c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
193323Sed	c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
193323Sed	c->c_kex->verify_host_key = hostjump;
193323Sed
193323Sed	if (!(j = setjmp(kexjmp))) {
193323Sed		nonfatal_fatal = 1;
193323Sed		dispatch_run(DISPATCH_BLOCK, &c->c_kex->done, c->c_kex);
193323Sed		fprintf(stderr, "Impossible! dispatch_run() returned!\n");
193323Sed		exit(1);
193323Sed	}
193323Sed	nonfatal_fatal = 0;
193323Sed	xfree(c->c_kex);
193323Sed	c->c_kex = NULL;
193323Sed	packet_close();
193323Sed
193323Sed	return j < 0? NULL : kexjmp_key;
193323Sed}
193323Sed
193323Sedstatic void
193323Sedkeyprint(con *c, Key *key)
193323Sed{
193323Sed	char *host = c->c_output_name ? c->c_output_name : c->c_name;
193323Sed
193323Sed	if (!key)
193323Sed		return;
193323Sed	if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
193323Sed		fatal("host_hash failed");
193323Sed
193323Sed	fprintf(stdout, "%s ", host);
193323Sed	key_write(key, stdout);
193323Sed	fputs("\n", stdout);
193323Sed}
193323Sed
193323Sedstatic int
193323Sedtcpconnect(char *host)
193323Sed{
193323Sed	struct addrinfo hints, *ai, *aitop;
193323Sed	char strport[NI_MAXSERV];
193323Sed	int gaierr, s = -1;
193323Sed
193323Sed	snprintf(strport, sizeof strport, "%d", ssh_port);
193323Sed	memset(&hints, 0, sizeof(hints));
193323Sed	hints.ai_family = IPv4or6;
193323Sed	hints.ai_socktype = SOCK_STREAM;
202878Srdivacky	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
202878Srdivacky		fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr));
202878Srdivacky	for (ai = aitop; ai; ai = ai->ai_next) {
202878Srdivacky		s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
202878Srdivacky		if (s < 0) {
202878Srdivacky			error("socket: %s", strerror(errno));
193323Sed			continue;
193323Sed		}
193323Sed		if (set_nonblock(s) == -1)
193323Sed			fatal("%s: set_nonblock(%d)", __func__, s);
193323Sed		if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 &&
193323Sed		    errno != EINPROGRESS)
193323Sed			error("connect (`%s'): %s", host, strerror(errno));
193323Sed		else
193323Sed			break;
193323Sed		close(s);
193323Sed		s = -1;
193323Sed	}
193323Sed	freeaddrinfo(aitop);
193323Sed	return s;
193323Sed}
193323Sed
193323Sedstatic int
193323Sedconalloc(char *iname, char *oname, int keytype)
193323Sed{
193323Sed	char *namebase, *name, *namelist;
193323Sed	int s;
193323Sed
193323Sed	namebase = namelist = xstrdup(iname);
223017Sdim
193323Sed	do {
193323Sed		name = xstrsep(&namelist, ",");
193323Sed		if (!name) {
193323Sed			xfree(namebase);
193323Sed			return (-1);
193323Sed		}
193323Sed	} while ((s = tcpconnect(name)) < 0);
193323Sed
193323Sed	if (s >= maxfd)
193323Sed		fatal("conalloc: fdno %d too high", s);
193323Sed	if (fdcon[s].c_status)
193323Sed		fatal("conalloc: attempt to reuse fdno %d", s);
193323Sed
193323Sed	fdcon[s].c_fd = s;
193323Sed	fdcon[s].c_status = CS_CON;
193323Sed	fdcon[s].c_namebase = namebase;
193323Sed	fdcon[s].c_name = name;
193323Sed	fdcon[s].c_namelist = namelist;
193323Sed	fdcon[s].c_output_name = xstrdup(oname);
193323Sed	fdcon[s].c_data = (char *) &fdcon[s].c_plen;
193323Sed	fdcon[s].c_len = 4;
193323Sed	fdcon[s].c_off = 0;
193323Sed	fdcon[s].c_keytype = keytype;
193323Sed	gettimeofday(&fdcon[s].c_tv, NULL);
198090Srdivacky	fdcon[s].c_tv.tv_sec += timeout;
198090Srdivacky	TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
198090Srdivacky	FD_SET(s, read_wait);
198090Srdivacky	ncon++;
198090Srdivacky	return (s);
193323Sed}
193323Sed
193323Sedstatic void
193323Sedconfree(int s)
198090Srdivacky{
198090Srdivacky	if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
198090Srdivacky		fatal("confree: attempt to free bad fdno %d", s);
193323Sed	close(s);
198090Srdivacky	xfree(fdcon[s].c_namebase);
193323Sed	xfree(fdcon[s].c_output_name);
193323Sed	if (fdcon[s].c_status == CS_KEYS)
198090Srdivacky		xfree(fdcon[s].c_data);
193323Sed	fdcon[s].c_status = CS_UNUSED;
193323Sed	fdcon[s].c_keytype = 0;
198090Srdivacky	TAILQ_REMOVE(&tq, &fdcon[s], c_link);
193323Sed	FD_CLR(s, read_wait);
193323Sed	ncon--;
208599Srdivacky}
208599Srdivacky
198090Srdivackystatic void
198090Srdivackycontouch(int s)
198090Srdivacky{
198090Srdivacky	TAILQ_REMOVE(&tq, &fdcon[s], c_link);
193323Sed	gettimeofday(&fdcon[s].c_tv, NULL);
193323Sed	fdcon[s].c_tv.tv_sec += timeout;
198090Srdivacky	TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
193323Sed}
193323Sed
198090Srdivackystatic int
193323Sedconrecycle(int s)
193323Sed{
210299Sed	con *c = &fdcon[s];
195098Sed	int ret;
195098Sed
210299Sed	ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype);
195098Sed	confree(s);
195098Sed	return (ret);
210299Sed}
193323Sed
198090Srdivackystatic void
198090Srdivackycongreet(int s)
193323Sed{
193323Sed	int n = 0, remote_major = 0, remote_minor = 0;
198090Srdivacky	char buf[256], *cp;
195098Sed	char remote_version[sizeof buf];
198090Srdivacky	size_t bufsiz;
195098Sed	con *c = &fdcon[s];
193323Sed
207618Srdivacky	for (;;) {
195098Sed		memset(buf, '\0', sizeof(buf));
195098Sed		bufsiz = sizeof(buf);
207618Srdivacky		cp = buf;
195098Sed		while (bufsiz-- &&
195098Sed		    (n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') {
195098Sed			if (*cp == '\r')
193323Sed				*cp = '\n';
198090Srdivacky			cp++;
195098Sed		}
195098Sed		if (n != 1 || strncmp(buf, "SSH-", 4) == 0)
193323Sed			break;
198090Srdivacky	}
195098Sed	if (n == 0) {
195098Sed		switch (errno) {
193323Sed		case EPIPE:
239462Sdim			error("%s: Connection closed by remote host", c->c_name);
239462Sdim			break;
193323Sed		case ECONNREFUSED:
193323Sed			break;
193323Sed		default:
193323Sed			error("read (%s): %s", c->c_name, strerror(errno));
198090Srdivacky			break;
198090Srdivacky		}
198090Srdivacky		conrecycle(s);
195098Sed		return;
198090Srdivacky	}
198090Srdivacky	if (*cp != '\n' && *cp != '\r') {
234353Sdim		error("%s: bad greeting", c->c_name);
205218Srdivacky		confree(s);
207618Srdivacky		return;
243830Sdim	}
243830Sdim	*cp = '\0';
243830Sdim	if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
243830Sdim	    &remote_major, &remote_minor, remote_version) == 3)
243830Sdim		compat_datafellows(remote_version);
243830Sdim	else
243830Sdim		datafellows = 0;
193323Sed	if (c->c_keytype != KT_RSA1) {
193323Sed		if (!ssh2_capable(remote_major, remote_minor)) {
193323Sed			debug("%s doesn't support ssh2", c->c_name);
193323Sed			confree(s);
193323Sed			return;
193323Sed		}
193323Sed	} else if (remote_major != 1) {
218893Sdim		debug("%s doesn't support ssh1", c->c_name);
218893Sdim		confree(s);
193323Sed		return;
218893Sdim	}
218893Sdim	fprintf(stderr, "# %s %s\n", c->c_name, chop(buf));
218893Sdim	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
218893Sdim	    c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
193323Sed	    c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
193323Sed	if (n < 0 || (size_t)n >= sizeof(buf)) {
193323Sed		error("snprintf: buffer too small");
193323Sed		confree(s);
218893Sdim		return;
218893Sdim	}
218893Sdim	if (atomicio(vwrite, s, buf, n) != (size_t)n) {
218893Sdim		error("write (%s): %s", c->c_name, strerror(errno));
193323Sed		confree(s);
193323Sed		return;
198090Srdivacky	}
193323Sed	if (c->c_keytype != KT_RSA1) {
193323Sed		keyprint(c, keygrab_ssh2(c));
193323Sed		confree(s);
193323Sed		return;
193323Sed	}
193323Sed	c->c_status = CS_SIZE;
218893Sdim	contouch(s);
218893Sdim}
198090Srdivacky
218893Sdimstatic void
218893Sdimconread(int s)
218893Sdim{
218893Sdim	con *c = &fdcon[s];
193323Sed	size_t n;
193323Sed
193323Sed	if (c->c_status == CS_CON) {
193323Sed		congreet(s);
193323Sed		return;
193323Sed	}
198090Srdivacky	n = atomicio(read, s, c->c_data + c->c_off, c->c_len - c->c_off);
193323Sed	if (n == 0) {
193323Sed		error("read (%s): %s", c->c_name, strerror(errno));
221345Sdim		confree(s);
193323Sed		return;
193323Sed	}
193323Sed	c->c_off += n;
193323Sed
221345Sdim	if (c->c_off == c->c_len)
193323Sed		switch (c->c_status) {
193323Sed		case CS_SIZE:
226633Sdim			c->c_plen = htonl(c->c_plen);
226633Sdim			c->c_len = c->c_plen + 8 - (c->c_plen & 7);
226633Sdim			c->c_off = 0;
226633Sdim			c->c_data = xmalloc(c->c_len);
198090Srdivacky			c->c_status = CS_KEYS;
198090Srdivacky			break;
198090Srdivacky		case CS_KEYS:
198090Srdivacky			keyprint(c, keygrab_ssh1(c));
198090Srdivacky			confree(s);
198090Srdivacky			return;
198090Srdivacky		default:
198090Srdivacky			fatal("conread: invalid status %d", c->c_status);
193323Sed			break;
193323Sed		}
198090Srdivacky
193323Sed	contouch(s);
193323Sed}
198090Srdivacky
193323Sedstatic void
193323Sedconloop(void)
218893Sdim{
193323Sed	struct timeval seltime, now;
193323Sed	fd_set *r, *e;
218893Sdim	con *c;
193323Sed	int i;
206124Srdivacky
193323Sed	gettimeofday(&now, NULL);
193323Sed	c = TAILQ_FIRST(&tq);
193323Sed
218893Sdim	if (c && (c->c_tv.tv_sec > now.tv_sec ||
193323Sed	    (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec > now.tv_usec))) {
193323Sed		seltime = c->c_tv;
218893Sdim		seltime.tv_sec -= now.tv_sec;
218893Sdim		seltime.tv_usec -= now.tv_usec;
193323Sed		if (seltime.tv_usec < 0) {
193323Sed			seltime.tv_usec += 1000000;
193323Sed			seltime.tv_sec--;
193323Sed		}
218893Sdim	} else
206124Srdivacky		timerclear(&seltime);
218893Sdim
193323Sed	r = xcalloc(read_wait_nfdset, sizeof(fd_mask));
193323Sed	e = xcalloc(read_wait_nfdset, sizeof(fd_mask));
193323Sed	memcpy(r, read_wait, read_wait_nfdset * sizeof(fd_mask));
198090Srdivacky	memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask));
206124Srdivacky
193323Sed	while (select(maxfd, r, NULL, e, &seltime) == -1 &&
193323Sed	    (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
193323Sed		;
193323Sed
198090Srdivacky	for (i = 0; i < maxfd; i++) {
206124Srdivacky		if (FD_ISSET(i, e)) {
193323Sed			error("%s: exception!", fdcon[i].c_name);
193323Sed			confree(i);
193323Sed		} else if (FD_ISSET(i, r))
193323Sed			conread(i);
198090Srdivacky	}
198090Srdivacky	xfree(r);
198090Srdivacky	xfree(e);
198090Srdivacky
193323Sed	c = TAILQ_FIRST(&tq);
198090Srdivacky	while (c && (c->c_tv.tv_sec < now.tv_sec ||
193323Sed	    (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
198090Srdivacky		int s = c->c_fd;
193323Sed
193323Sed		c = TAILQ_NEXT(c, c_link);
198090Srdivacky		conrecycle(s);
193323Sed	}
198090Srdivacky}
193323Sed
193323Sedstatic void
249423Sdimdo_host(char *host)
193323Sed{
198090Srdivacky	char *name = strnnsep(&host, " \t\n");
193323Sed	int j;
193323Sed
193323Sed	if (name == NULL)
193323Sed		return;
193323Sed	for (j = KT_RSA1; j <= KT_ECDSA; j *= 2) {
193323Sed		if (get_keytypes & j) {
193323Sed			while (ncon >= MAXCON)
193323Sed				conloop();
193323Sed			conalloc(name, *host ? host : name, j);
193323Sed		}
193323Sed	}
193323Sed}
193323Sed
193323Sedvoid
193323Sedfatal(const char *fmt,...)
198090Srdivacky{
198090Srdivacky	va_list args;
198090Srdivacky
198090Srdivacky	va_start(args, fmt);
198090Srdivacky	do_log(SYSLOG_LEVEL_FATAL, fmt, args);
198090Srdivacky	va_end(args);
193323Sed	if (nonfatal_fatal)
206274Srdivacky		longjmp(kexjmp, -1);
218893Sdim	else
218893Sdim		exit(255);
193323Sed}
193323Sed
206274Srdivackystatic void
218893Sdimusage(void)
218893Sdim{
193323Sed	fprintf(stderr,
193323Sed	    "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n"
206274Srdivacky	    "\t\t   [host | addrlist namelist] ...\n",
218893Sdim	    __progname);
193323Sed	exit(1);
193323Sed}
193323Sed
193323Sedint
198090Srdivackymain(int argc, char **argv)
193323Sed{
226633Sdim	int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO;
226633Sdim	int opt, fopt_count = 0, j;
226633Sdim	char *tname, *cp, line[NI_MAXHOST];
226633Sdim	FILE *fp;
193323Sed	u_long linenum;
193323Sed
193323Sed	extern int optind;
193323Sed	extern char *optarg;
193323Sed
193323Sed	__progname = ssh_get_progname(argv[0]);
193323Sed	seed_rng();
193323Sed	TAILQ_INIT(&tq);
193323Sed
193323Sed	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
193323Sed	sanitise_stdfd();
193323Sed
193323Sed	if (argc <= 1)
193323Sed		usage();
198090Srdivacky
210299Sed	while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) {
193323Sed		switch (opt) {
193323Sed		case 'H':
193323Sed			hash_hosts = 1;
198090Srdivacky			break;
218893Sdim		case 'p':
226633Sdim			ssh_port = a2port(optarg);
226633Sdim			if (ssh_port <= 0) {
226633Sdim				fprintf(stderr, "Bad port '%s'\n", optarg);
198090Srdivacky				exit(1);
198090Srdivacky			}
226633Sdim			break;
226633Sdim		case 'T':
226633Sdim			timeout = convtime(optarg);
193323Sed			if (timeout == -1 || timeout == 0) {
226633Sdim				fprintf(stderr, "Bad timeout '%s'\n", optarg);
226633Sdim				usage();
198090Srdivacky			}
193323Sed			break;
226633Sdim		case 'v':
226633Sdim			if (!debug_flag) {
198090Srdivacky				debug_flag = 1;
226633Sdim				log_level = SYSLOG_LEVEL_DEBUG1;
226633Sdim			}
226633Sdim			else if (log_level < SYSLOG_LEVEL_DEBUG3)
193323Sed				log_level++;
226633Sdim			else
226633Sdim				fatal("Too high debugging level.");
226633Sdim			break;
226633Sdim		case 'f':
226633Sdim			if (strcmp(optarg, "-") == 0)
226633Sdim				optarg = NULL;
226633Sdim			argv[fopt_count++] = optarg;
226633Sdim			break;
226633Sdim		case 't':
226633Sdim			get_keytypes = 0;
226633Sdim			tname = strtok(optarg, ",");
226633Sdim			while (tname) {
193323Sed				int type = key_type_from_name(tname);
198090Srdivacky				switch (type) {
198090Srdivacky				case KEY_RSA1:
198090Srdivacky					get_keytypes |= KT_RSA1;
193323Sed					break;
198090Srdivacky				case KEY_DSA:
193323Sed					get_keytypes |= KT_DSA;
218893Sdim					break;
193323Sed				case KEY_ECDSA:
193323Sed					get_keytypes |= KT_ECDSA;
193323Sed					break;
193323Sed				case KEY_RSA:
193323Sed					get_keytypes |= KT_RSA;
218893Sdim					break;
193323Sed				case KEY_UNSPEC:
193323Sed					fatal("unknown key type %s", tname);
193323Sed				}
198090Srdivacky				tname = strtok(NULL, ",");
198090Srdivacky			}
198090Srdivacky			break;
198090Srdivacky		case '4':
193323Sed			IPv4or6 = AF_INET;
193323Sed			break;
193323Sed		case '6':
193323Sed			IPv4or6 = AF_INET6;
193323Sed			break;
193323Sed		case '?':
198090Srdivacky		default:
218893Sdim			usage();
234353Sdim		}
234353Sdim	}
218893Sdim	if (optind == argc && !fopt_count)
218893Sdim		usage();
218893Sdim
218893Sdim	log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1);
218893Sdim
193323Sed	maxfd = fdlim_get(1);
210299Sed	if (maxfd < 0)
210299Sed		fatal("%s: fdlim_get: bad value", __progname);
210299Sed	if (maxfd > MAXMAXFD)
210299Sed		maxfd = MAXMAXFD;
218893Sdim	if (MAXCON <= 0)
234353Sdim		fatal("%s: not enough file descriptors", __progname);
234353Sdim	if (maxfd > fdlim_get(0))
234353Sdim		fdlim_set(maxfd);
210299Sed	fdcon = xcalloc(maxfd, sizeof(con));
210299Sed
210299Sed	read_wait_nfdset = howmany(maxfd, NFDBITS);
198090Srdivacky	read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask));
193323Sed
193323Sed	for (j = 0; j < fopt_count; j++) {
193323Sed		if (argv[j] == NULL)
193323Sed			fp = stdin;
218893Sdim		else if ((fp = fopen(argv[j], "r")) == NULL)
218893Sdim			fatal("%s: %s: %s", __progname, argv[j],
218893Sdim			    strerror(errno));
198090Srdivacky		linenum = 0;
198090Srdivacky
193323Sed		while (read_keyfile_line(fp,
218893Sdim		    argv[j] == NULL ? "(stdin)" : argv[j], line, sizeof(line),
203954Srdivacky		    &linenum) != -1) {
218893Sdim			/* Chomp off trailing whitespace and comments */
218893Sdim			if ((cp = strchr(line, '#')) == NULL)
198090Srdivacky				cp = line + strlen(line) - 1;
198090Srdivacky			while (cp >= line) {
193323Sed				if (*cp == ' ' || *cp == '\t' ||
193323Sed				    *cp == '\n' || *cp == '#')
193323Sed					*cp-- = '\0';
193323Sed				else
193323Sed					break;
193323Sed			}
207618Srdivacky
207618Srdivacky			/* Skip empty lines */
221345Sdim			if (*line == '\0')
193323Sed				continue;
193323Sed
221345Sdim			do_host(line);
193323Sed		}
193323Sed
193323Sed		if (ferror(fp))
193323Sed			fatal("%s: %s: %s", __progname, argv[j],
193323Sed			    strerror(errno));
193323Sed
193323Sed		fclose(fp);
210299Sed	}
210299Sed
210299Sed	while (optind < argc)
193323Sed		do_host(argv[optind++]);
210299Sed
193323Sed	while (ncon > 0)
210299Sed		conloop();
193323Sed
210299Sed	return (0);
193323Sed}
193323Sed