diff options
| author | Damien Miller <djm@mindrot.org> | 2006-08-05 11:35:45 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2006-08-05 11:35:45 +1000 |
| commit | da828395979bad8b4b5019b7b08c7477c706cc94 (patch) | |
| tree | 94b581bb5ed05e0a32ad7b2d8907d014c84557cf /sshconnect.c | |
| parent | 1a5b4041fbe92b13bea046bd683a1dd887514605 (diff) | |
- dtucker@cvs.openbsd.org 2006/08/01 11:34:36
[sshconnect.c]
Allow fallback to known_hosts entries without port qualifiers for
non-standard ports too, so that all existing known_hosts entries will be
recognised. Requested by, feedback and ok markus@
Diffstat (limited to 'sshconnect.c')
| -rw-r--r-- | sshconnect.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/sshconnect.c b/sshconnect.c index d70410a8e..54e664830 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect.c,v 1.196 2006/07/26 13:57:17 stevesk Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.197 2006/08/01 11:34:36 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -521,9 +521,13 @@ confirm(const char *prompt) | |||
| 521 | * check whether the supplied host key is valid, return -1 if the key | 521 | * check whether the supplied host key is valid, return -1 if the key |
| 522 | * is not valid. the user_hostfile will not be updated if 'readonly' is true. | 522 | * is not valid. the user_hostfile will not be updated if 'readonly' is true. |
| 523 | */ | 523 | */ |
| 524 | #define RDRW 0 | ||
| 525 | #define RDONLY 1 | ||
| 526 | #define ROQUIET 2 | ||
| 524 | static int | 527 | static int |
| 525 | check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, | 528 | check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, |
| 526 | int readonly, const char *user_hostfile, const char *system_hostfile) | 529 | Key *host_key, int readonly, const char *user_hostfile, |
| 530 | const char *system_hostfile) | ||
| 527 | { | 531 | { |
| 528 | Key *file_key; | 532 | Key *file_key; |
| 529 | const char *type = key_type(host_key); | 533 | const char *type = key_type(host_key); |
| @@ -578,7 +582,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, | |||
| 578 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), | 582 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), |
| 579 | NULL, 0, NI_NUMERICHOST) != 0) | 583 | NULL, 0, NI_NUMERICHOST) != 0) |
| 580 | fatal("check_host_key: getnameinfo failed"); | 584 | fatal("check_host_key: getnameinfo failed"); |
| 581 | ip = put_host_port(ntop, options.port); | 585 | ip = put_host_port(ntop, port); |
| 582 | } else { | 586 | } else { |
| 583 | ip = xstrdup("<no hostip for proxy command>"); | 587 | ip = xstrdup("<no hostip for proxy command>"); |
| 584 | } | 588 | } |
| @@ -600,7 +604,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, | |||
| 600 | host = xstrdup(options.host_key_alias); | 604 | host = xstrdup(options.host_key_alias); |
| 601 | debug("using hostkeyalias: %s", host); | 605 | debug("using hostkeyalias: %s", host); |
| 602 | } else { | 606 | } else { |
| 603 | host = put_host_port(hostname, options.port); | 607 | host = put_host_port(hostname, port); |
| 604 | } | 608 | } |
| 605 | 609 | ||
| 606 | /* | 610 | /* |
| @@ -669,6 +673,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, | |||
| 669 | } | 673 | } |
| 670 | break; | 674 | break; |
| 671 | case HOST_NEW: | 675 | case HOST_NEW: |
| 676 | if (options.host_key_alias == NULL && port != 0 && | ||
| 677 | port != SSH_DEFAULT_PORT) { | ||
| 678 | debug("checking without port identifier"); | ||
| 679 | if (check_host_key(hostname, hostaddr, 0, host_key, 2, | ||
| 680 | user_hostfile, system_hostfile) == 0) { | ||
| 681 | debug("found matching key w/out port"); | ||
| 682 | break; | ||
| 683 | } | ||
| 684 | } | ||
| 672 | if (readonly) | 685 | if (readonly) |
| 673 | goto fail; | 686 | goto fail; |
| 674 | /* The host is new. */ | 687 | /* The host is new. */ |
| @@ -748,6 +761,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, | |||
| 748 | "list of known hosts.", hostp, type); | 761 | "list of known hosts.", hostp, type); |
| 749 | break; | 762 | break; |
| 750 | case HOST_CHANGED: | 763 | case HOST_CHANGED: |
| 764 | if (readonly == ROQUIET) | ||
| 765 | goto fail; | ||
| 751 | if (options.check_host_ip && host_ip_differ) { | 766 | if (options.check_host_ip && host_ip_differ) { |
| 752 | char *key_msg; | 767 | char *key_msg; |
| 753 | if (ip_status == HOST_NEW) | 768 | if (ip_status == HOST_NEW) |
| @@ -906,12 +921,13 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) | |||
| 906 | /* return ok if the key can be found in an old keyfile */ | 921 | /* return ok if the key can be found in an old keyfile */ |
| 907 | if (stat(options.system_hostfile2, &st) == 0 || | 922 | if (stat(options.system_hostfile2, &st) == 0 || |
| 908 | stat(options.user_hostfile2, &st) == 0) { | 923 | stat(options.user_hostfile2, &st) == 0) { |
| 909 | if (check_host_key(host, hostaddr, host_key, /*readonly*/ 1, | 924 | if (check_host_key(host, hostaddr, options.port, host_key, |
| 910 | options.user_hostfile2, options.system_hostfile2) == 0) | 925 | RDONLY, options.user_hostfile2, |
| 926 | options.system_hostfile2) == 0) | ||
| 911 | return 0; | 927 | return 0; |
| 912 | } | 928 | } |
| 913 | return check_host_key(host, hostaddr, host_key, /*readonly*/ 0, | 929 | return check_host_key(host, hostaddr, options.port, host_key, |
| 914 | options.user_hostfile, options.system_hostfile); | 930 | RDRW, options.user_hostfile, options.system_hostfile); |
| 915 | } | 931 | } |
| 916 | 932 | ||
| 917 | /* | 933 | /* |