diff options
| author | Colin Watson <cjwatson@debian.org> | 2005-05-25 11:01:01 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2005-05-25 11:01:01 +0000 |
| commit | e88de75a1a236779a10e8ccbcc51d25308be8840 (patch) | |
| tree | 7495477a2a7d0cac17a9fcded020b6ea816182ef /sshconnect.c | |
| parent | 30a0f9443782cd9d7308acd09430bf586186aa55 (diff) | |
| parent | 5d05471f6657646d1d6500c7c43134462c407ee6 (diff) | |
Merge 4.0p1 to the trunk.
Diffstat (limited to 'sshconnect.c')
| -rw-r--r-- | sshconnect.c | 54 |
1 files changed, 28 insertions, 26 deletions
diff --git a/sshconnect.c b/sshconnect.c index 5158416f0..f8ebd9875 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: sshconnect.c,v 1.158 2004/06/21 17:36:31 avsm Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $"); |
| 17 | 17 | ||
| 18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
| 19 | 19 | ||
| @@ -304,12 +304,6 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, | |||
| 304 | * second). If proxy_command is non-NULL, it specifies the command (with %h | 304 | * second). If proxy_command is non-NULL, it specifies the command (with %h |
| 305 | * and %p substituted for host and port, respectively) to use to contact | 305 | * and %p substituted for host and port, respectively) to use to contact |
| 306 | * the daemon. | 306 | * the daemon. |
| 307 | * Return values: | ||
| 308 | * 0 for OK | ||
| 309 | * ECONNREFUSED if we got a "Connection Refused" by the peer on any address | ||
| 310 | * ECONNABORTED if we failed without a "Connection refused" | ||
| 311 | * Suitable error messages for the connection failure will already have been | ||
| 312 | * printed. | ||
| 313 | */ | 307 | */ |
| 314 | int | 308 | int |
| 315 | ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | 309 | ssh_connect(const char *host, struct sockaddr_storage * hostaddr, |
| @@ -322,12 +316,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
| 322 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; | 316 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
| 323 | struct addrinfo hints, *ai, *aitop; | 317 | struct addrinfo hints, *ai, *aitop; |
| 324 | struct servent *sp; | 318 | struct servent *sp; |
| 325 | /* | ||
| 326 | * Did we get only other errors than "Connection refused" (which | ||
| 327 | * should block fallback to rsh and similar), or did we get at least | ||
| 328 | * one "Connection refused"? | ||
| 329 | */ | ||
| 330 | int full_failure = 1; | ||
| 331 | 319 | ||
| 332 | debug2("ssh_connect: needpriv %d", needpriv); | 320 | debug2("ssh_connect: needpriv %d", needpriv); |
| 333 | 321 | ||
| @@ -388,8 +376,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
| 388 | memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); | 376 | memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); |
| 389 | break; | 377 | break; |
| 390 | } else { | 378 | } else { |
| 391 | if (errno == ECONNREFUSED) | ||
| 392 | full_failure = 0; | ||
| 393 | debug("connect to address %s port %s: %s", | 379 | debug("connect to address %s port %s: %s", |
| 394 | ntop, strport, strerror(errno)); | 380 | ntop, strport, strerror(errno)); |
| 395 | /* | 381 | /* |
| @@ -415,9 +401,9 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
| 415 | 401 | ||
| 416 | /* Return failure if we didn't get a successful connection. */ | 402 | /* Return failure if we didn't get a successful connection. */ |
| 417 | if (attempt >= connection_attempts) { | 403 | if (attempt >= connection_attempts) { |
| 418 | logit("ssh: connect to host %s port %s: %s", | 404 | error("ssh: connect to host %s port %s: %s", |
| 419 | host, strport, strerror(errno)); | 405 | host, strport, strerror(errno)); |
| 420 | return full_failure ? ECONNABORTED : ECONNREFUSED; | 406 | return (-1); |
| 421 | } | 407 | } |
| 422 | 408 | ||
| 423 | debug("Connection established."); | 409 | debug("Connection established."); |
| @@ -600,7 +586,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 600 | char hostline[1000], *hostp, *fp; | 586 | char hostline[1000], *hostp, *fp; |
| 601 | HostStatus host_status; | 587 | HostStatus host_status; |
| 602 | HostStatus ip_status; | 588 | HostStatus ip_status; |
| 603 | int local = 0, host_ip_differ = 0; | 589 | int r, local = 0, host_ip_differ = 0; |
| 604 | int salen; | 590 | int salen; |
| 605 | char ntop[NI_MAXHOST]; | 591 | char ntop[NI_MAXHOST]; |
| 606 | char msg[1024]; | 592 | char msg[1024]; |
| @@ -724,7 +710,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 724 | "'%.128s' not in list of known hosts.", | 710 | "'%.128s' not in list of known hosts.", |
| 725 | type, ip); | 711 | type, ip); |
| 726 | else if (!add_host_to_hostfile(user_hostfile, ip, | 712 | else if (!add_host_to_hostfile(user_hostfile, ip, |
| 727 | host_key)) | 713 | host_key, options.hash_known_hosts)) |
| 728 | logit("Failed to add the %s host key for IP " | 714 | logit("Failed to add the %s host key for IP " |
| 729 | "address '%.128s' to the list of known " | 715 | "address '%.128s' to the list of known " |
| 730 | "hosts (%.30s).", type, ip, user_hostfile); | 716 | "hosts (%.30s).", type, ip, user_hostfile); |
| @@ -780,17 +766,33 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 780 | if (!confirm(msg)) | 766 | if (!confirm(msg)) |
| 781 | goto fail; | 767 | goto fail; |
| 782 | } | 768 | } |
| 783 | if (options.check_host_ip && ip_status == HOST_NEW) { | ||
| 784 | snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); | ||
| 785 | hostp = hostline; | ||
| 786 | } else | ||
| 787 | hostp = host; | ||
| 788 | |||
| 789 | /* | 769 | /* |
| 790 | * If not in strict mode, add the key automatically to the | 770 | * If not in strict mode, add the key automatically to the |
| 791 | * local known_hosts file. | 771 | * local known_hosts file. |
| 792 | */ | 772 | */ |
| 793 | if (!add_host_to_hostfile(user_hostfile, hostp, host_key)) | 773 | if (options.check_host_ip && ip_status == HOST_NEW) { |
| 774 | snprintf(hostline, sizeof(hostline), "%s,%s", | ||
| 775 | host, ip); | ||
| 776 | hostp = hostline; | ||
| 777 | if (options.hash_known_hosts) { | ||
| 778 | /* Add hash of host and IP separately */ | ||
| 779 | r = add_host_to_hostfile(user_hostfile, host, | ||
| 780 | host_key, options.hash_known_hosts) && | ||
| 781 | add_host_to_hostfile(user_hostfile, ip, | ||
| 782 | host_key, options.hash_known_hosts); | ||
| 783 | } else { | ||
| 784 | /* Add unhashed "host,ip" */ | ||
| 785 | r = add_host_to_hostfile(user_hostfile, | ||
| 786 | hostline, host_key, | ||
| 787 | options.hash_known_hosts); | ||
| 788 | } | ||
| 789 | } else { | ||
| 790 | r = add_host_to_hostfile(user_hostfile, host, host_key, | ||
| 791 | options.hash_known_hosts); | ||
| 792 | hostp = host; | ||
| 793 | } | ||
| 794 | |||
| 795 | if (!r) | ||
| 794 | logit("Failed to add the host to the list of known " | 796 | logit("Failed to add the host to the list of known " |
| 795 | "hosts (%.500s).", user_hostfile); | 797 | "hosts (%.500s).", user_hostfile); |
| 796 | else | 798 | else |