diff options
author | Colin Watson <cjwatson@debian.org> | 2005-05-25 11:01:01 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2005-05-25 11:01:01 +0000 |
commit | e88de75a1a236779a10e8ccbcc51d25308be8840 (patch) | |
tree | 7495477a2a7d0cac17a9fcded020b6ea816182ef /sshconnect.c | |
parent | 30a0f9443782cd9d7308acd09430bf586186aa55 (diff) | |
parent | 5d05471f6657646d1d6500c7c43134462c407ee6 (diff) |
Merge 4.0p1 to the trunk.
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 54 |
1 files changed, 28 insertions, 26 deletions
diff --git a/sshconnect.c b/sshconnect.c index 5158416f0..f8ebd9875 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.158 2004/06/21 17:36:31 avsm Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | 19 | ||
@@ -304,12 +304,6 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, | |||
304 | * second). If proxy_command is non-NULL, it specifies the command (with %h | 304 | * second). If proxy_command is non-NULL, it specifies the command (with %h |
305 | * and %p substituted for host and port, respectively) to use to contact | 305 | * and %p substituted for host and port, respectively) to use to contact |
306 | * the daemon. | 306 | * the daemon. |
307 | * Return values: | ||
308 | * 0 for OK | ||
309 | * ECONNREFUSED if we got a "Connection Refused" by the peer on any address | ||
310 | * ECONNABORTED if we failed without a "Connection refused" | ||
311 | * Suitable error messages for the connection failure will already have been | ||
312 | * printed. | ||
313 | */ | 307 | */ |
314 | int | 308 | int |
315 | ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | 309 | ssh_connect(const char *host, struct sockaddr_storage * hostaddr, |
@@ -322,12 +316,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
322 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; | 316 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
323 | struct addrinfo hints, *ai, *aitop; | 317 | struct addrinfo hints, *ai, *aitop; |
324 | struct servent *sp; | 318 | struct servent *sp; |
325 | /* | ||
326 | * Did we get only other errors than "Connection refused" (which | ||
327 | * should block fallback to rsh and similar), or did we get at least | ||
328 | * one "Connection refused"? | ||
329 | */ | ||
330 | int full_failure = 1; | ||
331 | 319 | ||
332 | debug2("ssh_connect: needpriv %d", needpriv); | 320 | debug2("ssh_connect: needpriv %d", needpriv); |
333 | 321 | ||
@@ -388,8 +376,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
388 | memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); | 376 | memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); |
389 | break; | 377 | break; |
390 | } else { | 378 | } else { |
391 | if (errno == ECONNREFUSED) | ||
392 | full_failure = 0; | ||
393 | debug("connect to address %s port %s: %s", | 379 | debug("connect to address %s port %s: %s", |
394 | ntop, strport, strerror(errno)); | 380 | ntop, strport, strerror(errno)); |
395 | /* | 381 | /* |
@@ -415,9 +401,9 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
415 | 401 | ||
416 | /* Return failure if we didn't get a successful connection. */ | 402 | /* Return failure if we didn't get a successful connection. */ |
417 | if (attempt >= connection_attempts) { | 403 | if (attempt >= connection_attempts) { |
418 | logit("ssh: connect to host %s port %s: %s", | 404 | error("ssh: connect to host %s port %s: %s", |
419 | host, strport, strerror(errno)); | 405 | host, strport, strerror(errno)); |
420 | return full_failure ? ECONNABORTED : ECONNREFUSED; | 406 | return (-1); |
421 | } | 407 | } |
422 | 408 | ||
423 | debug("Connection established."); | 409 | debug("Connection established."); |
@@ -600,7 +586,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
600 | char hostline[1000], *hostp, *fp; | 586 | char hostline[1000], *hostp, *fp; |
601 | HostStatus host_status; | 587 | HostStatus host_status; |
602 | HostStatus ip_status; | 588 | HostStatus ip_status; |
603 | int local = 0, host_ip_differ = 0; | 589 | int r, local = 0, host_ip_differ = 0; |
604 | int salen; | 590 | int salen; |
605 | char ntop[NI_MAXHOST]; | 591 | char ntop[NI_MAXHOST]; |
606 | char msg[1024]; | 592 | char msg[1024]; |
@@ -724,7 +710,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
724 | "'%.128s' not in list of known hosts.", | 710 | "'%.128s' not in list of known hosts.", |
725 | type, ip); | 711 | type, ip); |
726 | else if (!add_host_to_hostfile(user_hostfile, ip, | 712 | else if (!add_host_to_hostfile(user_hostfile, ip, |
727 | host_key)) | 713 | host_key, options.hash_known_hosts)) |
728 | logit("Failed to add the %s host key for IP " | 714 | logit("Failed to add the %s host key for IP " |
729 | "address '%.128s' to the list of known " | 715 | "address '%.128s' to the list of known " |
730 | "hosts (%.30s).", type, ip, user_hostfile); | 716 | "hosts (%.30s).", type, ip, user_hostfile); |
@@ -780,17 +766,33 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
780 | if (!confirm(msg)) | 766 | if (!confirm(msg)) |
781 | goto fail; | 767 | goto fail; |
782 | } | 768 | } |
783 | if (options.check_host_ip && ip_status == HOST_NEW) { | ||
784 | snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); | ||
785 | hostp = hostline; | ||
786 | } else | ||
787 | hostp = host; | ||
788 | |||
789 | /* | 769 | /* |
790 | * If not in strict mode, add the key automatically to the | 770 | * If not in strict mode, add the key automatically to the |
791 | * local known_hosts file. | 771 | * local known_hosts file. |
792 | */ | 772 | */ |
793 | if (!add_host_to_hostfile(user_hostfile, hostp, host_key)) | 773 | if (options.check_host_ip && ip_status == HOST_NEW) { |
774 | snprintf(hostline, sizeof(hostline), "%s,%s", | ||
775 | host, ip); | ||
776 | hostp = hostline; | ||
777 | if (options.hash_known_hosts) { | ||
778 | /* Add hash of host and IP separately */ | ||
779 | r = add_host_to_hostfile(user_hostfile, host, | ||
780 | host_key, options.hash_known_hosts) && | ||
781 | add_host_to_hostfile(user_hostfile, ip, | ||
782 | host_key, options.hash_known_hosts); | ||
783 | } else { | ||
784 | /* Add unhashed "host,ip" */ | ||
785 | r = add_host_to_hostfile(user_hostfile, | ||
786 | hostline, host_key, | ||
787 | options.hash_known_hosts); | ||
788 | } | ||
789 | } else { | ||
790 | r = add_host_to_hostfile(user_hostfile, host, host_key, | ||
791 | options.hash_known_hosts); | ||
792 | hostp = host; | ||
793 | } | ||
794 | |||
795 | if (!r) | ||
794 | logit("Failed to add the host to the list of known " | 796 | logit("Failed to add the host to the list of known " |
795 | "hosts (%.500s).", user_hostfile); | 797 | "hosts (%.500s).", user_hostfile); |
796 | else | 798 | else |