summaryrefslogtreecommitdiff
path: root/clientloop.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2015-02-20 22:17:21 +0000
committerDamien Miller <djm@mindrot.org>2015-02-21 09:20:28 +1100
commit44732de06884238049f285f1455b2181baa7dc82 (patch)
treedeb3c48176195cfc4028b55d2a1a71607e9f7fb0 /clientloop.c
parent13a39414d25646f93e6d355521d832a03aaaffe2 (diff)
upstream commit
UpdateHostKeys fixes: I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
Diffstat (limited to 'clientloop.c')
-rw-r--r--clientloop.c23
1 files changed, 13 insertions, 10 deletions
diff --git a/clientloop.c b/clientloop.c
index a19d9d06f..ca3a4595b 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.269 2015/02/16 22:13:32 djm Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.270 2015/02/20 22:17:21 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2265,10 +2265,10 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx)
2265 continue; 2265 continue;
2266 /* Prepare data to be signed: session ID, unique string, key */ 2266 /* Prepare data to be signed: session ID, unique string, key */
2267 sshbuf_reset(signdata); 2267 sshbuf_reset(signdata);
2268 if ((r = sshbuf_put_string(signdata, ssh->kex->session_id, 2268 if ( (r = sshbuf_put_cstring(signdata,
2269 "hostkeys-prove-00@openssh.com")) != 0 ||
2270 (r = sshbuf_put_string(signdata, ssh->kex->session_id,
2269 ssh->kex->session_id_len)) != 0 || 2271 ssh->kex->session_id_len)) != 0 ||
2270 (r = sshbuf_put_cstring(signdata,
2271 "hostkeys-prove@openssh.com")) != 0 ||
2272 (r = sshkey_puts(ctx->keys[i], signdata)) != 0) 2272 (r = sshkey_puts(ctx->keys[i], signdata)) != 0)
2273 fatal("%s: failed to prepare signature: %s", 2273 fatal("%s: failed to prepare signature: %s",
2274 __func__, ssh_err(r)); 2274 __func__, ssh_err(r));
@@ -2300,7 +2300,7 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx)
2300} 2300}
2301 2301
2302/* 2302/*
2303 * Handle hostkeys@openssh.com global request to inform the client of all 2303 * Handle hostkeys-00@openssh.com global request to inform the client of all
2304 * the server's hostkeys. The keys are checked against the user's 2304 * the server's hostkeys. The keys are checked against the user's
2305 * HostkeyAlgorithms preference before they are accepted. 2305 * HostkeyAlgorithms preference before they are accepted.
2306 */ 2306 */
@@ -2335,8 +2335,10 @@ client_input_hostkeys(void)
2335 __func__, ssh_err(r)); 2335 __func__, ssh_err(r));
2336 goto out; 2336 goto out;
2337 } 2337 }
2338 if ((r = sshkey_from_blob(blob, len, &key)) != 0) 2338 if ((r = sshkey_from_blob(blob, len, &key)) != 0) {
2339 fatal("%s: parse key: %s", __func__, ssh_err(r)); 2339 error("%s: parse key: %s", __func__, ssh_err(r));
2340 goto out;
2341 }
2340 fp = sshkey_fingerprint(key, options.fingerprint_hash, 2342 fp = sshkey_fingerprint(key, options.fingerprint_hash,
2341 SSH_FP_DEFAULT); 2343 SSH_FP_DEFAULT);
2342 debug3("%s: received %s key %s", __func__, 2344 debug3("%s: received %s key %s", __func__,
@@ -2376,9 +2378,10 @@ client_input_hostkeys(void)
2376 } 2378 }
2377 2379
2378 if (ctx->nkeys == 0) { 2380 if (ctx->nkeys == 0) {
2379 error("%s: server sent no hostkeys", __func__); 2381 debug("%s: server sent no hostkeys", __func__);
2380 goto out; 2382 goto out;
2381 } 2383 }
2384
2382 if ((ctx->keys_seen = calloc(ctx->nkeys, 2385 if ((ctx->keys_seen = calloc(ctx->nkeys,
2383 sizeof(*ctx->keys_seen))) == NULL) 2386 sizeof(*ctx->keys_seen))) == NULL)
2384 fatal("%s: calloc failed", __func__); 2387 fatal("%s: calloc failed", __func__);
@@ -2418,7 +2421,7 @@ client_input_hostkeys(void)
2418 __func__, ctx->nnew); 2421 __func__, ctx->nnew);
2419 if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || 2422 if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
2420 (r = sshpkt_put_cstring(ssh, 2423 (r = sshpkt_put_cstring(ssh,
2421 "hostkeys-prove@openssh.com")) != 0 || 2424 "hostkeys-prove-00@openssh.com")) != 0 ||
2422 (r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */ 2425 (r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */
2423 fatal("%s: cannot prepare packet: %s", 2426 fatal("%s: cannot prepare packet: %s",
2424 __func__, ssh_err(r)); 2427 __func__, ssh_err(r));
@@ -2465,7 +2468,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
2465 want_reply = packet_get_char(); 2468 want_reply = packet_get_char();
2466 debug("client_input_global_request: rtype %s want_reply %d", 2469 debug("client_input_global_request: rtype %s want_reply %d",
2467 rtype, want_reply); 2470 rtype, want_reply);
2468 if (strcmp(rtype, "hostkeys@openssh.com") == 0) 2471 if (strcmp(rtype, "hostkeys-00@openssh.com") == 0)
2469 success = client_input_hostkeys(); 2472 success = client_input_hostkeys();
2470 if (want_reply) { 2473 if (want_reply) {
2471 packet_start(success ? 2474 packet_start(success ?
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-20 11:50:07 +0000