diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2000-12-22 01:43:59 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2000-12-22 01:43:59 +0000 |
| commit | 46c162204b5a6f7471525c2f75cb2c607c88b83f (patch) | |
| tree | 9041b006ab612c18bdb16b606601839a00ca5b2c /sshconnect.c | |
| parent | a074feb65d6f1fcad02e80b751e2287fd6230b09 (diff) | |
One way to massive patch. <sigh> It compiles and works under Linux..
And I think I have all the bits right from the OpenBSD tree.
20001222
- Updated RCSID for pty.c
- (bal) OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/12/21 15:10:16
[auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
- markus@cvs.openbsd.org 2000/12/20 19:26:56
[authfile.c]
allow ssh -i userkey for root
- markus@cvs.openbsd.org 2000/12/20 19:37:21
[authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
fix prototypes; from stevesk@pobox.com
- markus@cvs.openbsd.org 2000/12/20 19:32:08
[sshd.c]
init pointer to NULL; report from Jan.Ivan@cern.ch
- markus@cvs.openbsd.org 2000/12/19 23:17:54
[auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
unsigned' with u_char.
Diffstat (limited to 'sshconnect.c')
| -rw-r--r-- | sshconnect.c | 50 |
1 files changed, 36 insertions, 14 deletions
diff --git a/sshconnect.c b/sshconnect.c index b54e75a8a..647aec797 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.85 2000/12/21 15:10:17 markus Exp $"); |
| 17 | 17 | ||
| 18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
| 19 | #include <openssl/dsa.h> | 19 | #include <openssl/dsa.h> |
| @@ -472,6 +472,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 472 | int local = 0, host_ip_differ = 0; | 472 | int local = 0, host_ip_differ = 0; |
| 473 | int salen; | 473 | int salen; |
| 474 | char ntop[NI_MAXHOST]; | 474 | char ntop[NI_MAXHOST]; |
| 475 | int host_line = -1, ip_line = -1; | ||
| 476 | const char *host_file = NULL, *ip_file = NULL; | ||
| 475 | 477 | ||
| 476 | /* | 478 | /* |
| 477 | * Force accepting of the host key for loopback/localhost. The | 479 | * Force accepting of the host key for loopback/localhost. The |
| @@ -508,11 +510,17 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 508 | if (options.proxy_command != NULL && options.check_host_ip) | 510 | if (options.proxy_command != NULL && options.check_host_ip) |
| 509 | options.check_host_ip = 0; | 511 | options.check_host_ip = 0; |
| 510 | 512 | ||
| 511 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), | 513 | |
| 512 | NULL, 0, NI_NUMERICHOST) != 0) | 514 | |
| 513 | fatal("check_host_key: getnameinfo failed"); | 515 | if (options.proxy_command == NULL) { |
| 514 | ip = xstrdup(ntop); | 516 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), |
| 515 | 517 | NULL, 0, NI_NUMERICHOST) != 0) | |
| 518 | fatal("check_host_key: getnameinfo failed"); | ||
| 519 | ip = xstrdup(ntop); | ||
| 520 | } else { | ||
| 521 | ip = xstrdup("<no hostip for proxy command>"); | ||
| 522 | } | ||
| 523 | |||
| 516 | /* | 524 | /* |
| 517 | * Store the host key from the known host file in here so that we can | 525 | * Store the host key from the known host file in here so that we can |
| 518 | * compare it with the key for the IP address. | 526 | * compare it with the key for the IP address. |
| @@ -523,19 +531,25 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 523 | * Check if the host key is present in the user\'s list of known | 531 | * Check if the host key is present in the user\'s list of known |
| 524 | * hosts or in the systemwide list. | 532 | * hosts or in the systemwide list. |
| 525 | */ | 533 | */ |
| 526 | host_status = check_host_in_hostfile(user_hostfile, host, host_key, file_key); | 534 | host_file = user_hostfile; |
| 527 | if (host_status == HOST_NEW) | 535 | host_status = check_host_in_hostfile(host_file, host, host_key, file_key, &host_line); |
| 528 | host_status = check_host_in_hostfile(system_hostfile, host, host_key, file_key); | 536 | if (host_status == HOST_NEW) { |
| 537 | host_file = system_hostfile; | ||
| 538 | host_status = check_host_in_hostfile(host_file, host, host_key, file_key, &host_line); | ||
| 539 | } | ||
| 529 | /* | 540 | /* |
| 530 | * Also perform check for the ip address, skip the check if we are | 541 | * Also perform check for the ip address, skip the check if we are |
| 531 | * localhost or the hostname was an ip address to begin with | 542 | * localhost or the hostname was an ip address to begin with |
| 532 | */ | 543 | */ |
| 533 | if (options.check_host_ip && !local && strcmp(host, ip)) { | 544 | if (options.check_host_ip && !local && strcmp(host, ip)) { |
| 534 | Key *ip_key = key_new(host_key->type); | 545 | Key *ip_key = key_new(host_key->type); |
| 535 | ip_status = check_host_in_hostfile(user_hostfile, ip, host_key, ip_key); | ||
| 536 | 546 | ||
| 537 | if (ip_status == HOST_NEW) | 547 | ip_file = user_hostfile; |
| 538 | ip_status = check_host_in_hostfile(system_hostfile, ip, host_key, ip_key); | 548 | ip_status = check_host_in_hostfile(ip_file, ip, host_key, ip_key, &ip_line); |
| 549 | if (ip_status == HOST_NEW) { | ||
| 550 | ip_file = system_hostfile; | ||
| 551 | ip_status = check_host_in_hostfile(ip_file, ip, host_key, ip_key, &ip_line); | ||
| 552 | } | ||
| 539 | if (host_status == HOST_CHANGED && | 553 | if (host_status == HOST_CHANGED && |
| 540 | (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key))) | 554 | (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key))) |
| 541 | host_ip_differ = 1; | 555 | host_ip_differ = 1; |
| @@ -551,6 +565,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 551 | /* The host is known and the key matches. */ | 565 | /* The host is known and the key matches. */ |
| 552 | debug("Host '%.200s' is known and matches the %s host key.", | 566 | debug("Host '%.200s' is known and matches the %s host key.", |
| 553 | host, type); | 567 | host, type); |
| 568 | debug("Found key in %s:%d", host_file, host_line); | ||
| 554 | if (options.check_host_ip) { | 569 | if (options.check_host_ip) { |
| 555 | if (ip_status == HOST_NEW) { | 570 | if (ip_status == HOST_NEW) { |
| 556 | if (!add_host_to_hostfile(user_hostfile, ip, host_key)) | 571 | if (!add_host_to_hostfile(user_hostfile, ip, host_key)) |
| @@ -559,9 +574,13 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 559 | else | 574 | else |
| 560 | log("Warning: Permanently added the %s host key for IP address '%.30s' to the list of known hosts.", | 575 | log("Warning: Permanently added the %s host key for IP address '%.30s' to the list of known hosts.", |
| 561 | type, ip); | 576 | type, ip); |
| 562 | } else if (ip_status != HOST_OK) | 577 | } else if (ip_status != HOST_OK) { |
| 563 | log("Warning: the %s host key for '%.200s' differs from the key for the IP address '%.30s'", | 578 | log("Warning: the %s host key for '%.200s' differs from the key for the IP address '%.30s'", |
| 564 | type, host, ip); | 579 | type, host, ip); |
| 580 | log("Found key in %s:%d", host_file, host_line); | ||
| 581 | if (ip_line != -1) | ||
| 582 | log("Offending key for IP in %s:%d", ip_file, ip_line); | ||
| 583 | } | ||
| 565 | } | 584 | } |
| 566 | break; | 585 | break; |
| 567 | case HOST_NEW: | 586 | case HOST_NEW: |
| @@ -612,7 +631,9 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 612 | error("and the key for the according IP address %s", ip); | 631 | error("and the key for the according IP address %s", ip); |
| 613 | error("%s. This could either mean that", msg); | 632 | error("%s. This could either mean that", msg); |
| 614 | error("DNS SPOOFING is happening or the IP address for the host"); | 633 | error("DNS SPOOFING is happening or the IP address for the host"); |
| 615 | error("and its host key have changed at the same time"); | 634 | error("and its host key have changed at the same time."); |
| 635 | if (ip_line != -1) | ||
| 636 | error("Offending key for IP in %s:%d", ip_file, ip_line); | ||
| 616 | } | 637 | } |
| 617 | /* The host key has changed. */ | 638 | /* The host key has changed. */ |
| 618 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 639 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| @@ -624,6 +645,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 624 | error("Please contact your system administrator."); | 645 | error("Please contact your system administrator."); |
| 625 | error("Add correct host key in %.100s to get rid of this message.", | 646 | error("Add correct host key in %.100s to get rid of this message.", |
| 626 | user_hostfile); | 647 | user_hostfile); |
| 648 | error("Offending key in %s:%d", host_file, host_line); | ||
| 627 | 649 | ||
| 628 | /* | 650 | /* |
| 629 | * If strict host key checking is in use, the user will have | 651 | * If strict host key checking is in use, the user will have |