diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2000-12-22 01:43:59 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2000-12-22 01:43:59 +0000 |
commit | 46c162204b5a6f7471525c2f75cb2c607c88b83f (patch) | |
tree | 9041b006ab612c18bdb16b606601839a00ca5b2c /sshconnect.c | |
parent | a074feb65d6f1fcad02e80b751e2287fd6230b09 (diff) |
One way to massive patch. <sigh> It compiles and works under Linux..
And I think I have all the bits right from the OpenBSD tree.
20001222
- Updated RCSID for pty.c
- (bal) OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/12/21 15:10:16
[auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
- markus@cvs.openbsd.org 2000/12/20 19:26:56
[authfile.c]
allow ssh -i userkey for root
- markus@cvs.openbsd.org 2000/12/20 19:37:21
[authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
fix prototypes; from stevesk@pobox.com
- markus@cvs.openbsd.org 2000/12/20 19:32:08
[sshd.c]
init pointer to NULL; report from Jan.Ivan@cern.ch
- markus@cvs.openbsd.org 2000/12/19 23:17:54
[auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
unsigned' with u_char.
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 50 |
1 files changed, 36 insertions, 14 deletions
diff --git a/sshconnect.c b/sshconnect.c index b54e75a8a..647aec797 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.85 2000/12/21 15:10:17 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/dsa.h> | 19 | #include <openssl/dsa.h> |
@@ -472,6 +472,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
472 | int local = 0, host_ip_differ = 0; | 472 | int local = 0, host_ip_differ = 0; |
473 | int salen; | 473 | int salen; |
474 | char ntop[NI_MAXHOST]; | 474 | char ntop[NI_MAXHOST]; |
475 | int host_line = -1, ip_line = -1; | ||
476 | const char *host_file = NULL, *ip_file = NULL; | ||
475 | 477 | ||
476 | /* | 478 | /* |
477 | * Force accepting of the host key for loopback/localhost. The | 479 | * Force accepting of the host key for loopback/localhost. The |
@@ -508,11 +510,17 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
508 | if (options.proxy_command != NULL && options.check_host_ip) | 510 | if (options.proxy_command != NULL && options.check_host_ip) |
509 | options.check_host_ip = 0; | 511 | options.check_host_ip = 0; |
510 | 512 | ||
511 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), | 513 | |
512 | NULL, 0, NI_NUMERICHOST) != 0) | 514 | |
513 | fatal("check_host_key: getnameinfo failed"); | 515 | if (options.proxy_command == NULL) { |
514 | ip = xstrdup(ntop); | 516 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), |
515 | 517 | NULL, 0, NI_NUMERICHOST) != 0) | |
518 | fatal("check_host_key: getnameinfo failed"); | ||
519 | ip = xstrdup(ntop); | ||
520 | } else { | ||
521 | ip = xstrdup("<no hostip for proxy command>"); | ||
522 | } | ||
523 | |||
516 | /* | 524 | /* |
517 | * Store the host key from the known host file in here so that we can | 525 | * Store the host key from the known host file in here so that we can |
518 | * compare it with the key for the IP address. | 526 | * compare it with the key for the IP address. |
@@ -523,19 +531,25 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
523 | * Check if the host key is present in the user\'s list of known | 531 | * Check if the host key is present in the user\'s list of known |
524 | * hosts or in the systemwide list. | 532 | * hosts or in the systemwide list. |
525 | */ | 533 | */ |
526 | host_status = check_host_in_hostfile(user_hostfile, host, host_key, file_key); | 534 | host_file = user_hostfile; |
527 | if (host_status == HOST_NEW) | 535 | host_status = check_host_in_hostfile(host_file, host, host_key, file_key, &host_line); |
528 | host_status = check_host_in_hostfile(system_hostfile, host, host_key, file_key); | 536 | if (host_status == HOST_NEW) { |
537 | host_file = system_hostfile; | ||
538 | host_status = check_host_in_hostfile(host_file, host, host_key, file_key, &host_line); | ||
539 | } | ||
529 | /* | 540 | /* |
530 | * Also perform check for the ip address, skip the check if we are | 541 | * Also perform check for the ip address, skip the check if we are |
531 | * localhost or the hostname was an ip address to begin with | 542 | * localhost or the hostname was an ip address to begin with |
532 | */ | 543 | */ |
533 | if (options.check_host_ip && !local && strcmp(host, ip)) { | 544 | if (options.check_host_ip && !local && strcmp(host, ip)) { |
534 | Key *ip_key = key_new(host_key->type); | 545 | Key *ip_key = key_new(host_key->type); |
535 | ip_status = check_host_in_hostfile(user_hostfile, ip, host_key, ip_key); | ||
536 | 546 | ||
537 | if (ip_status == HOST_NEW) | 547 | ip_file = user_hostfile; |
538 | ip_status = check_host_in_hostfile(system_hostfile, ip, host_key, ip_key); | 548 | ip_status = check_host_in_hostfile(ip_file, ip, host_key, ip_key, &ip_line); |
549 | if (ip_status == HOST_NEW) { | ||
550 | ip_file = system_hostfile; | ||
551 | ip_status = check_host_in_hostfile(ip_file, ip, host_key, ip_key, &ip_line); | ||
552 | } | ||
539 | if (host_status == HOST_CHANGED && | 553 | if (host_status == HOST_CHANGED && |
540 | (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key))) | 554 | (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key))) |
541 | host_ip_differ = 1; | 555 | host_ip_differ = 1; |
@@ -551,6 +565,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
551 | /* The host is known and the key matches. */ | 565 | /* The host is known and the key matches. */ |
552 | debug("Host '%.200s' is known and matches the %s host key.", | 566 | debug("Host '%.200s' is known and matches the %s host key.", |
553 | host, type); | 567 | host, type); |
568 | debug("Found key in %s:%d", host_file, host_line); | ||
554 | if (options.check_host_ip) { | 569 | if (options.check_host_ip) { |
555 | if (ip_status == HOST_NEW) { | 570 | if (ip_status == HOST_NEW) { |
556 | if (!add_host_to_hostfile(user_hostfile, ip, host_key)) | 571 | if (!add_host_to_hostfile(user_hostfile, ip, host_key)) |
@@ -559,9 +574,13 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
559 | else | 574 | else |
560 | log("Warning: Permanently added the %s host key for IP address '%.30s' to the list of known hosts.", | 575 | log("Warning: Permanently added the %s host key for IP address '%.30s' to the list of known hosts.", |
561 | type, ip); | 576 | type, ip); |
562 | } else if (ip_status != HOST_OK) | 577 | } else if (ip_status != HOST_OK) { |
563 | log("Warning: the %s host key for '%.200s' differs from the key for the IP address '%.30s'", | 578 | log("Warning: the %s host key for '%.200s' differs from the key for the IP address '%.30s'", |
564 | type, host, ip); | 579 | type, host, ip); |
580 | log("Found key in %s:%d", host_file, host_line); | ||
581 | if (ip_line != -1) | ||
582 | log("Offending key for IP in %s:%d", ip_file, ip_line); | ||
583 | } | ||
565 | } | 584 | } |
566 | break; | 585 | break; |
567 | case HOST_NEW: | 586 | case HOST_NEW: |
@@ -612,7 +631,9 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
612 | error("and the key for the according IP address %s", ip); | 631 | error("and the key for the according IP address %s", ip); |
613 | error("%s. This could either mean that", msg); | 632 | error("%s. This could either mean that", msg); |
614 | error("DNS SPOOFING is happening or the IP address for the host"); | 633 | error("DNS SPOOFING is happening or the IP address for the host"); |
615 | error("and its host key have changed at the same time"); | 634 | error("and its host key have changed at the same time."); |
635 | if (ip_line != -1) | ||
636 | error("Offending key for IP in %s:%d", ip_file, ip_line); | ||
616 | } | 637 | } |
617 | /* The host key has changed. */ | 638 | /* The host key has changed. */ |
618 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 639 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
@@ -624,6 +645,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
624 | error("Please contact your system administrator."); | 645 | error("Please contact your system administrator."); |
625 | error("Add correct host key in %.100s to get rid of this message.", | 646 | error("Add correct host key in %.100s to get rid of this message.", |
626 | user_hostfile); | 647 | user_hostfile); |
648 | error("Offending key in %s:%d", host_file, host_line); | ||
627 | 649 | ||
628 | /* | 650 | /* |
629 | * If strict host key checking is in use, the user will have | 651 | * If strict host key checking is in use, the user will have |