diff options
author | Micael Karlberg <[email protected]> | 2011-03-07 13:23:00 +0100 |
---|---|---|
committer | Micael Karlberg <[email protected]> | 2011-03-07 13:23:00 +0100 |
commit | 0674fe5dfde78dd611ee17d97541c4f02fddf774 (patch) | |
tree | ef23074d46e14a2af8b983315986d97226aca419 /lib/ssh | |
parent | d9ca1a4e66bed40b4bf4ed7b9e734192d6f6d00a (diff) | |
parent | 29a6063aadd2b3b81442a711ee262ff347ca88fc (diff) | |
download | otp-0674fe5dfde78dd611ee17d97541c4f02fddf774.tar.gz otp-0674fe5dfde78dd611ee17d97541c4f02fddf774.tar.bz2 otp-0674fe5dfde78dd611ee17d97541c4f02fddf774.zip |
Merge branch 'dev' into bmk/snmp/snmpc/OTP-9004
Diffstat (limited to 'lib/ssh')
-rw-r--r-- | lib/ssh/doc/src/notes.xml | 41 | ||||
-rw-r--r-- | lib/ssh/doc/src/ssh.xml | 32 | ||||
-rw-r--r-- | lib/ssh/src/ssh.appup.src | 28 | ||||
-rw-r--r-- | lib/ssh/src/ssh.erl | 49 | ||||
-rw-r--r-- | lib/ssh/src/ssh_acceptor.erl | 6 | ||||
-rw-r--r-- | lib/ssh/src/ssh_connection_manager.erl | 6 | ||||
-rwxr-xr-x | lib/ssh/src/ssh_file.erl | 23 | ||||
-rwxr-xr-x | lib/ssh/src/ssh_rsa.erl | 3 | ||||
-rw-r--r-- | lib/ssh/src/ssh_transport.erl | 4 | ||||
-rw-r--r-- | lib/ssh/vsn.mk | 2 |
10 files changed, 176 insertions, 18 deletions
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 9bedd446f4..af667b1a71 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -4,7 +4,7 @@ <chapter> <header> <copyright> - <year>2004</year><year>2010</year> + <year>2004</year><year>2011</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -29,6 +29,45 @@ <file>notes.xml</file> </header> +<section><title>Ssh 2.0.4</title> + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p>In some cases SSH returned {error, normal} when a channel was terminated + unexpectedly. This has now been changed to {error, channel_closed}.</p> + <p> + *** POTENTIAL INCOMPATIBILITY ***</p> + <p> + Own Id: OTP-8987 Aux Id: seq11748</p> + </item> + <item> + <p> + SSH did not handle the error reason enetunreach + when trying to open a IPv6 connection.</p> + <p> + Own Id: OTP-9031</p> + </item> + </list> + </section> + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + It is now possible to use SSH to sign and verify binary data.</p> + <p> + Own Id: OTP-8986</p> + </item> + <item> + <p> + SSH now ensures that the .ssh directory exists before trying + to access files located in that directory.</p> + <p> + Own Id: OTP-9010</p> + </item> + </list> + </section> +</section> + <section><title>Ssh 2.0.3</title> <section><title>Fixed Bugs and Malfunctions</title> <list> diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 71e6b2cd3d..2c5096a25f 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -283,6 +283,22 @@ </func> <func> + <name>sign_data(Data, Algorithm) -> Signature | {error, Reason}</name> + <fsummary> </fsummary> + <type> + <v> Data = binary()</v> + <v> Algorithm = "ssh-rsa"</v> + <v> Signature = binary()</v> + <v> Reason = term()</v> + </type> + <desc> + <p>Signs the supplied binary using the SSH key. + </p> + </desc> + </func> + + + <func> <name>start() -> </name> <name>start(Type) -> ok | {error, Reason}</name> <fsummary>Starts the Ssh application. </fsummary> @@ -339,6 +355,22 @@ by the listener up and running.</p> </desc> </func> + + <func> + <name>verify_data(Data, Signature, Algorithm) -> ok | {error, Reason}</name> + <fsummary> </fsummary> + <type> + <v> Data = binary()</v> + <v> Algorithm = "ssh-rsa"</v> + <v> Signature = binary()</v> + <v> Reason = term()</v> + </type> + <desc> + <p>Verifies the supplied binary against the binary signature. + </p> + </desc> + </func> + </funcs> </erlref> diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 9c806bcd03..501da8ceb9 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2010. All Rights Reserved. +%% Copyright Ericsson AB 2004-2011. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -19,11 +19,33 @@ {"%VSN%", [ - {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}]}, + {"2.0.3", [{load_module, ssh_file, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}, + {load_module, ssh_transport, soft_purge, soft_purge, []}, + {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, + {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}, + {load_module, ssh_transport, soft_purge, soft_purge, []}, + {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, {"2.0.1", [{restart_application, ssh}]} ], [ - {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}]}, + {"2.0.3", [{load_module, ssh_file, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}, + {load_module, ssh_transport, soft_purge, soft_purge, []}, + {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, + {"2.0.2", [{load_module, ssh_file, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_rsa, soft_purge, soft_purge, []}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}, + {load_module, ssh_transport, soft_purge, soft_purge, []}, + {load_module, ssh_connection_manager, soft_purge, soft_purge, []}]}, {"2.0.1", [{restart_application, ssh}]} ] }. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 994c77436a..cada109df0 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -30,6 +30,8 @@ stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2, shell/1, shell/2, shell/3]). +-export([sign_data/2, verify_data/3]). + %%-------------------------------------------------------------------- %% Function: start([, Type]) -> ok %% @@ -94,11 +96,17 @@ connect(Host, Port, Options, Timeout) -> do_demonitor(MRef, Manager), {error, Other}; {'DOWN', MRef, _, Manager, Reason} when is_pid(Manager) -> + error_logger:warning_report([{ssh, connect}, + {diagnose, + "Connection was closed before properly set up."}, + {host, Host}, + {port, Port}, + {reason, Reason}]), receive %% Clear EXIT message from queue {'EXIT', Manager, _What} -> - {error, Reason} + {error, channel_closed} after 0 -> - {error, Reason} + {error, channel_closed} end after Timeout -> do_demonitor(MRef, Manager), @@ -239,6 +247,43 @@ shell(Host, Port, Options) -> Error end. + +%%-------------------------------------------------------------------- +%% Function: sign_data(Data, Algorithm) -> binary() | +%% {error, Reason} +%% +%% Data = binary() +%% Algorithm = "ssh-rsa" +%% +%% Description: Use SSH key to sign data. +%%-------------------------------------------------------------------- +sign_data(Data, Algorithm) when is_binary(Data) -> + case ssh_file:private_identity_key(Algorithm,[]) of + {ok, Key} when Algorithm == "ssh-rsa" -> + ssh_rsa:sign(Key, Data); + Error -> + Error + end. + +%%-------------------------------------------------------------------- +%% Function: verify_data(Data, Signature, Algorithm) -> ok | +%% {error, Reason} +%% +%% Data = binary() +%% Signature = binary() +%% Algorithm = "ssh-rsa" +%% +%% Description: Use SSH signature to verify data. +%%-------------------------------------------------------------------- +verify_data(Data, Signature, Algorithm) when is_binary(Data), is_binary(Signature) -> + case ssh_file:public_identity_key(Algorithm, []) of + {ok, Key} when Algorithm == "ssh-rsa" -> + ssh_rsa:verify(Key, Data, Signature); + Error -> + Error + end. + + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index 9060626ab3..59fbd24cf5 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2011. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -55,6 +55,10 @@ acceptor_init(Parent, Port, Address, SockOpts, Opts, AcceptTimeout) -> do_socket_listen(Callback, Port, Opts) -> case Callback:listen(Port, Opts) of + {error, nxdomain} -> + Callback:listen(Port, lists:delete(inet6, Opts)); + {error, enetunreach} -> + Callback:listen(Port, lists:delete(inet6, Opts)); {error, eafnosupport} -> Callback:listen(Port, lists:delete(inet6, Opts)); Other -> diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl index 6bf89224cf..9bfd5270da 100644 --- a/lib/ssh/src/ssh_connection_manager.erl +++ b/lib/ssh/src/ssh_connection_manager.erl @@ -147,7 +147,7 @@ close(ConnectionManager, ChannelId) -> try call(ConnectionManager, {close, ChannelId}) of ok -> ok; - {error,normal} -> + {error, channel_closed} -> ok catch exit:{noproc, _} -> @@ -158,7 +158,7 @@ stop(ConnectionManager) -> try call(ConnectionManager, stop) of ok -> ok; - {error,normal} -> + {error, channel_closed} -> ok catch exit:{noproc, _} -> @@ -604,7 +604,7 @@ call(Pid, Msg, Timeout) -> exit:{timeout, _} -> {error, timeout}; exit:{normal, _} -> - {error, normal} + {error, channel_closed} end. cast(Pid, Msg) -> diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index 13722656db..ff23f714cd 100755 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -27,14 +27,16 @@ -include("PKCS-1.hrl"). -include("DSS.hrl"). +-include_lib("kernel/include/file.hrl"). + -export([public_host_dsa_key/2,private_host_dsa_key/2, public_host_rsa_key/2,private_host_rsa_key/2, public_host_key/2,private_host_key/2, lookup_host_key/3, add_host_key/3, % del_host_key/2, lookup_user_key/3, ssh_dir/2, file_name/3]). --export([private_identity_key/2]). -%% , public_identity_key/2, +-export([private_identity_key/2, + public_identity_key/2]). %% identity_keys/2]). -export([encode_public_key/1, decode_public_key_v2/2]). @@ -43,6 +45,9 @@ -define(DBG_PATHS, true). +-define(PERM_700, 8#700). +-define(PERM_644, 8#644). + %% API public_host_dsa_key(Type, Opts) -> File = file_name(Type, "ssh_host_dsa_key.pub", Opts), @@ -113,8 +118,10 @@ do_lookup_host_key(Host, Alg, Opts) -> add_host_key(Host, Key, Opts) -> Host1 = add_ip(replace_localhost(Host)), - case file:open(file_name(user, "known_hosts", Opts),[write,append]) of + KnownHosts = file_name(user, "known_hosts", Opts), + case file:open(KnownHosts, [write,append]) of {ok, Fd} -> + ok = file:change_mode(KnownHosts, ?PERM_644), Res = add_key_fd(Fd, Host1, Key), file:close(Fd), Res; @@ -140,6 +147,11 @@ private_identity_key(Alg, Opts) -> Path = file_name(user, identity_key_filename(Alg), Opts), read_private_key_v2(Path, Alg). +public_identity_key(Alg, Opts) -> + Path = file_name(user, identity_key_filename(Alg) ++ ".pub", Opts), + read_public_key_v2(Path, Alg). + + read_public_key_v2(File, Type) -> case file:read_file(File) of {ok,Bin} -> @@ -532,4 +544,7 @@ file_name(Type, Name, Opts) -> default_user_dir()-> {ok,[[Home|_]]} = init:get_argument(home), - filename:join(Home, ".ssh"). + UserDir = filename:join(Home, ".ssh"), + ok = filelib:ensure_dir(filename:join(UserDir, "dummy")), + ok = file:change_mode(UserDir, ?PERM_700), + UserDir. diff --git a/lib/ssh/src/ssh_rsa.erl b/lib/ssh/src/ssh_rsa.erl index e27cdcf7bd..91b8285b2e 100755 --- a/lib/ssh/src/ssh_rsa.erl +++ b/lib/ssh/src/ssh_rsa.erl @@ -202,8 +202,7 @@ rsassa_pkcs1_v1_5_verify(Public=#ssh_key { public={N,_E}}, Mb, Sb) -> case emsa_pkcs1_v1_5_encode(Mb, K) of EM -> ok; _S -> - io:format("S: ~p~n", [_S]), - {error, invalid_signature} % exit(invalid_signature) + {error, invalid_signature} end. diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index e79ccdda0c..de3e29e2f1 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2010. All Rights Reserved. +%% Copyright Ericsson AB 2004-2011. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -169,6 +169,8 @@ do_connect(Callback, Address, Port, SocketOpts, Timeout) -> Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout); {error, eafnosupport} -> Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout); + {error, enetunreach} -> + Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout); Other -> Other end. diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index db03168ad9..51f9f47446 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 2.0.3 +SSH_VSN = 2.0.4 APP_VSN = "ssh-$(SSH_VSN)" |