aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh
diff options
context:
space:
mode:
authorMicael Karlberg <[email protected]>2011-03-07 13:23:00 +0100
committerMicael Karlberg <[email protected]>2011-03-07 13:23:00 +0100
commit0674fe5dfde78dd611ee17d97541c4f02fddf774 (patch)
treeef23074d46e14a2af8b983315986d97226aca419 /lib/ssh
parentd9ca1a4e66bed40b4bf4ed7b9e734192d6f6d00a (diff)
parent29a6063aadd2b3b81442a711ee262ff347ca88fc (diff)
downloadotp-0674fe5dfde78dd611ee17d97541c4f02fddf774.tar.gz
otp-0674fe5dfde78dd611ee17d97541c4f02fddf774.tar.bz2
otp-0674fe5dfde78dd611ee17d97541c4f02fddf774.zip
Merge branch 'dev' into bmk/snmp/snmpc/OTP-9004
Diffstat (limited to 'lib/ssh')
-rw-r--r--lib/ssh/doc/src/notes.xml41
-rw-r--r--lib/ssh/doc/src/ssh.xml32
-rw-r--r--lib/ssh/src/ssh.appup.src28
-rw-r--r--lib/ssh/src/ssh.erl49
-rw-r--r--lib/ssh/src/ssh_acceptor.erl6
-rw-r--r--lib/ssh/src/ssh_connection_manager.erl6
-rwxr-xr-xlib/ssh/src/ssh_file.erl23
-rwxr-xr-xlib/ssh/src/ssh_rsa.erl3
-rw-r--r--lib/ssh/src/ssh_transport.erl4
-rw-r--r--lib/ssh/vsn.mk2
10 files changed, 176 insertions, 18 deletions
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index 9bedd446f4..af667b1a71 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -4,7 +4,7 @@
<chapter>
<header>
<copyright>
- <year>2004</year><year>2010</year>
+ <year>2004</year><year>2011</year>
<holder>Ericsson AB. All Rights Reserved.</holder>
</copyright>
<legalnotice>
@@ -29,6 +29,45 @@
<file>notes.xml</file>
</header>
+<section><title>Ssh 2.0.4</title>
+ <section><title>Fixed Bugs and Malfunctions</title>
+ <list>
+ <item>
+ <p>In some cases SSH returned {error, normal} when a channel was terminated
+ unexpectedly. This has now been changed to {error, channel_closed}.</p>
+ <p>
+ *** POTENTIAL INCOMPATIBILITY ***</p>
+ <p>
+ Own Id: OTP-8987 Aux Id: seq11748</p>
+ </item>
+ <item>
+ <p>
+ SSH did not handle the error reason enetunreach
+ when trying to open a IPv6 connection.</p>
+ <p>
+ Own Id: OTP-9031</p>
+ </item>
+ </list>
+ </section>
+ <section><title>Improvements and New Features</title>
+ <list>
+ <item>
+ <p>
+ It is now possible to use SSH to sign and verify binary data.</p>
+ <p>
+ Own Id: OTP-8986</p>
+ </item>
+ <item>
+ <p>
+ SSH now ensures that the .ssh directory exists before trying
+ to access files located in that directory.</p>
+ <p>
+ Own Id: OTP-9010</p>
+ </item>
+ </list>
+ </section>
+</section>
+
<section><title>Ssh 2.0.3</title>
<section><title>Fixed Bugs and Malfunctions</title>
<list>
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 71e6b2cd3d..2c5096a25f 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -283,6 +283,22 @@
</func>
<func>
+ <name>sign_data(Data, Algorithm) -> Signature | {error, Reason}</name>
+ <fsummary> </fsummary>
+ <type>
+ <v> Data = binary()</v>
+ <v> Algorithm = "ssh-rsa"</v>
+ <v> Signature = binary()</v>
+ <v> Reason = term()</v>
+ </type>
+ <desc>
+ <p>Signs the supplied binary using the SSH key.
+ </p>
+ </desc>
+ </func>
+
+
+ <func>
<name>start() -> </name>
<name>start(Type) -> ok | {error, Reason}</name>
<fsummary>Starts the Ssh application. </fsummary>
@@ -339,6 +355,22 @@
by the listener up and running.</p>
</desc>
</func>
+
+ <func>
+ <name>verify_data(Data, Signature, Algorithm) -> ok | {error, Reason}</name>
+ <fsummary> </fsummary>
+ <type>
+ <v> Data = binary()</v>
+ <v> Algorithm = "ssh-rsa"</v>
+ <v> Signature = binary()</v>
+ <v> Reason = term()</v>
+ </type>
+ <desc>
+ <p>Verifies the supplied binary against the binary signature.
+ </p>
+ </desc>
+ </func>
+
</funcs>
</erlref>
diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src
index 9c806bcd03..501da8ceb9 100644
--- a/lib/ssh/src/ssh.appup.src
+++ b/lib/ssh/src/ssh.appup.src
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -19,11 +19,33 @@
{"%VSN%",
[
- {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}]},
+ {"2.0.3", [{load_module, ssh_file, soft_purge, soft_purge, []},
+ {load_module, ssh, soft_purge, soft_purge, []},
+ {load_module, ssh_rsa, soft_purge, soft_purge, []},
+ {load_module, ssh_acceptor, soft_purge, soft_purge, []},
+ {load_module, ssh_transport, soft_purge, soft_purge, []},
+ {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]},
+ {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []},
+ {load_module, ssh, soft_purge, soft_purge, []},
+ {load_module, ssh_rsa, soft_purge, soft_purge, []},
+ {load_module, ssh_acceptor, soft_purge, soft_purge, []},
+ {load_module, ssh_transport, soft_purge, soft_purge, []},
+ {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]},
{"2.0.1", [{restart_application, ssh}]}
],
[
- {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}]},
+ {"2.0.3", [{load_module, ssh_file, soft_purge, soft_purge, []},
+ {load_module, ssh, soft_purge, soft_purge, []},
+ {load_module, ssh_rsa, soft_purge, soft_purge, []},
+ {load_module, ssh_acceptor, soft_purge, soft_purge, []},
+ {load_module, ssh_transport, soft_purge, soft_purge, []},
+ {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]},
+ {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []},
+ {load_module, ssh, soft_purge, soft_purge, []},
+ {load_module, ssh_rsa, soft_purge, soft_purge, []},
+ {load_module, ssh_acceptor, soft_purge, soft_purge, []},
+ {load_module, ssh_transport, soft_purge, soft_purge, []},
+ {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]},
{"2.0.1", [{restart_application, ssh}]}
]
}.
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index 994c77436a..cada109df0 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -30,6 +30,8 @@
stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2,
shell/1, shell/2, shell/3]).
+-export([sign_data/2, verify_data/3]).
+
%%--------------------------------------------------------------------
%% Function: start([, Type]) -> ok
%%
@@ -94,11 +96,17 @@ connect(Host, Port, Options, Timeout) ->
do_demonitor(MRef, Manager),
{error, Other};
{'DOWN', MRef, _, Manager, Reason} when is_pid(Manager) ->
+ error_logger:warning_report([{ssh, connect},
+ {diagnose,
+ "Connection was closed before properly set up."},
+ {host, Host},
+ {port, Port},
+ {reason, Reason}]),
receive %% Clear EXIT message from queue
{'EXIT', Manager, _What} ->
- {error, Reason}
+ {error, channel_closed}
after 0 ->
- {error, Reason}
+ {error, channel_closed}
end
after Timeout ->
do_demonitor(MRef, Manager),
@@ -239,6 +247,43 @@ shell(Host, Port, Options) ->
Error
end.
+
+%%--------------------------------------------------------------------
+%% Function: sign_data(Data, Algorithm) -> binary() |
+%% {error, Reason}
+%%
+%% Data = binary()
+%% Algorithm = "ssh-rsa"
+%%
+%% Description: Use SSH key to sign data.
+%%--------------------------------------------------------------------
+sign_data(Data, Algorithm) when is_binary(Data) ->
+ case ssh_file:private_identity_key(Algorithm,[]) of
+ {ok, Key} when Algorithm == "ssh-rsa" ->
+ ssh_rsa:sign(Key, Data);
+ Error ->
+ Error
+ end.
+
+%%--------------------------------------------------------------------
+%% Function: verify_data(Data, Signature, Algorithm) -> ok |
+%% {error, Reason}
+%%
+%% Data = binary()
+%% Signature = binary()
+%% Algorithm = "ssh-rsa"
+%%
+%% Description: Use SSH signature to verify data.
+%%--------------------------------------------------------------------
+verify_data(Data, Signature, Algorithm) when is_binary(Data), is_binary(Signature) ->
+ case ssh_file:public_identity_key(Algorithm, []) of
+ {ok, Key} when Algorithm == "ssh-rsa" ->
+ ssh_rsa:verify(Key, Data, Signature);
+ Error ->
+ Error
+ end.
+
+
%%--------------------------------------------------------------------
%%% Internal functions
%%--------------------------------------------------------------------
diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl
index 9060626ab3..59fbd24cf5 100644
--- a/lib/ssh/src/ssh_acceptor.erl
+++ b/lib/ssh/src/ssh_acceptor.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -55,6 +55,10 @@ acceptor_init(Parent, Port, Address, SockOpts, Opts, AcceptTimeout) ->
do_socket_listen(Callback, Port, Opts) ->
case Callback:listen(Port, Opts) of
+ {error, nxdomain} ->
+ Callback:listen(Port, lists:delete(inet6, Opts));
+ {error, enetunreach} ->
+ Callback:listen(Port, lists:delete(inet6, Opts));
{error, eafnosupport} ->
Callback:listen(Port, lists:delete(inet6, Opts));
Other ->
diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl
index 6bf89224cf..9bfd5270da 100644
--- a/lib/ssh/src/ssh_connection_manager.erl
+++ b/lib/ssh/src/ssh_connection_manager.erl
@@ -147,7 +147,7 @@ close(ConnectionManager, ChannelId) ->
try call(ConnectionManager, {close, ChannelId}) of
ok ->
ok;
- {error,normal} ->
+ {error, channel_closed} ->
ok
catch
exit:{noproc, _} ->
@@ -158,7 +158,7 @@ stop(ConnectionManager) ->
try call(ConnectionManager, stop) of
ok ->
ok;
- {error,normal} ->
+ {error, channel_closed} ->
ok
catch
exit:{noproc, _} ->
@@ -604,7 +604,7 @@ call(Pid, Msg, Timeout) ->
exit:{timeout, _} ->
{error, timeout};
exit:{normal, _} ->
- {error, normal}
+ {error, channel_closed}
end.
cast(Pid, Msg) ->
diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl
index 13722656db..ff23f714cd 100755
--- a/lib/ssh/src/ssh_file.erl
+++ b/lib/ssh/src/ssh_file.erl
@@ -27,14 +27,16 @@
-include("PKCS-1.hrl").
-include("DSS.hrl").
+-include_lib("kernel/include/file.hrl").
+
-export([public_host_dsa_key/2,private_host_dsa_key/2,
public_host_rsa_key/2,private_host_rsa_key/2,
public_host_key/2,private_host_key/2,
lookup_host_key/3, add_host_key/3, % del_host_key/2,
lookup_user_key/3, ssh_dir/2, file_name/3]).
--export([private_identity_key/2]).
-%% , public_identity_key/2,
+-export([private_identity_key/2,
+ public_identity_key/2]).
%% identity_keys/2]).
-export([encode_public_key/1, decode_public_key_v2/2]).
@@ -43,6 +45,9 @@
-define(DBG_PATHS, true).
+-define(PERM_700, 8#700).
+-define(PERM_644, 8#644).
+
%% API
public_host_dsa_key(Type, Opts) ->
File = file_name(Type, "ssh_host_dsa_key.pub", Opts),
@@ -113,8 +118,10 @@ do_lookup_host_key(Host, Alg, Opts) ->
add_host_key(Host, Key, Opts) ->
Host1 = add_ip(replace_localhost(Host)),
- case file:open(file_name(user, "known_hosts", Opts),[write,append]) of
+ KnownHosts = file_name(user, "known_hosts", Opts),
+ case file:open(KnownHosts, [write,append]) of
{ok, Fd} ->
+ ok = file:change_mode(KnownHosts, ?PERM_644),
Res = add_key_fd(Fd, Host1, Key),
file:close(Fd),
Res;
@@ -140,6 +147,11 @@ private_identity_key(Alg, Opts) ->
Path = file_name(user, identity_key_filename(Alg), Opts),
read_private_key_v2(Path, Alg).
+public_identity_key(Alg, Opts) ->
+ Path = file_name(user, identity_key_filename(Alg) ++ ".pub", Opts),
+ read_public_key_v2(Path, Alg).
+
+
read_public_key_v2(File, Type) ->
case file:read_file(File) of
{ok,Bin} ->
@@ -532,4 +544,7 @@ file_name(Type, Name, Opts) ->
default_user_dir()->
{ok,[[Home|_]]} = init:get_argument(home),
- filename:join(Home, ".ssh").
+ UserDir = filename:join(Home, ".ssh"),
+ ok = filelib:ensure_dir(filename:join(UserDir, "dummy")),
+ ok = file:change_mode(UserDir, ?PERM_700),
+ UserDir.
diff --git a/lib/ssh/src/ssh_rsa.erl b/lib/ssh/src/ssh_rsa.erl
index e27cdcf7bd..91b8285b2e 100755
--- a/lib/ssh/src/ssh_rsa.erl
+++ b/lib/ssh/src/ssh_rsa.erl
@@ -202,8 +202,7 @@ rsassa_pkcs1_v1_5_verify(Public=#ssh_key { public={N,_E}}, Mb, Sb) ->
case emsa_pkcs1_v1_5_encode(Mb, K) of
EM -> ok;
_S ->
- io:format("S: ~p~n", [_S]),
- {error, invalid_signature} % exit(invalid_signature)
+ {error, invalid_signature}
end.
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index e79ccdda0c..de3e29e2f1 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -169,6 +169,8 @@ do_connect(Callback, Address, Port, SocketOpts, Timeout) ->
Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout);
{error, eafnosupport} ->
Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout);
+ {error, enetunreach} ->
+ Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout);
Other ->
Other
end.
diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk
index db03168ad9..51f9f47446 100644
--- a/lib/ssh/vsn.mk
+++ b/lib/ssh/vsn.mk
@@ -1,5 +1,5 @@
#-*-makefile-*- ; force emacs to enter makefile-mode
-SSH_VSN = 2.0.3
+SSH_VSN = 2.0.4
APP_VSN = "ssh-$(SSH_VSN)"