diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | misc.c | 20 | ||||
-rw-r--r-- | misc.h | 3 | ||||
-rw-r--r-- | sshconnect.c | 25 | ||||
-rw-r--r-- | sshd.8 | 9 |
5 files changed, 53 insertions, 14 deletions
@@ -96,6 +96,14 @@ | |||
96 | [channels.c] | 96 | [channels.c] |
97 | fix misparsing of SOCKS 5 packets that could result in a crash; | 97 | fix misparsing of SOCKS 5 packets that could result in a crash; |
98 | reported by mk@ ok markus@ | 98 | reported by mk@ ok markus@ |
99 | - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 | ||
100 | [misc.c misc.h sshd.8 sshconnect.c] | ||
101 | Add port identifier to known_hosts for non-default ports, based originally | ||
102 | on a patch from Devin Nate in bz#910. | ||
103 | For any connection using the default port or using a HostKeyAlias the | ||
104 | format is unchanged, otherwise the host name or address is enclosed | ||
105 | within square brackets in the same format as sshd's ListenAddress. | ||
106 | Tested by many, ok markus@. | ||
99 | 107 | ||
100 | 20060706 | 108 | 20060706 |
101 | - (dtucker) [configure.ac] Try AIX blibpath test in different order when | 109 | - (dtucker) [configure.ac] Try AIX blibpath test in different order when |
@@ -4829,4 +4837,4 @@ | |||
4829 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 4837 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
4830 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 4838 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
4831 | 4839 | ||
4832 | $Id: ChangeLog,v 1.4383 2006/07/10 12:21:02 djm Exp $ | 4840 | $Id: ChangeLog,v 1.4384 2006/07/10 13:04:19 dtucker Exp $ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.c,v 1.55 2006/07/09 15:15:10 stevesk Exp $ */ | 1 | /* $OpenBSD: misc.c,v 1.56 2006/07/10 12:46:51 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. |
@@ -45,6 +45,7 @@ | |||
45 | #include "misc.h" | 45 | #include "misc.h" |
46 | #include "log.h" | 46 | #include "log.h" |
47 | #include "xmalloc.h" | 47 | #include "xmalloc.h" |
48 | #include "ssh.h" | ||
48 | 49 | ||
49 | /* remove newline at end of string */ | 50 | /* remove newline at end of string */ |
50 | char * | 51 | char * |
@@ -337,6 +338,23 @@ convtime(const char *s) | |||
337 | } | 338 | } |
338 | 339 | ||
339 | /* | 340 | /* |
341 | * Returns a standardized host+port identifier string. | ||
342 | * Caller must free returned string. | ||
343 | */ | ||
344 | char * | ||
345 | put_host_port(const char *host, u_short port) | ||
346 | { | ||
347 | char *hoststr; | ||
348 | |||
349 | if (port == 0 || port == SSH_DEFAULT_PORT) | ||
350 | return(xstrdup(host)); | ||
351 | if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) | ||
352 | fatal("put_host_port: asprintf: %s", strerror(errno)); | ||
353 | debug3("put_host_port: %s", hoststr); | ||
354 | return hoststr; | ||
355 | } | ||
356 | |||
357 | /* | ||
340 | * Search for next delimiter between hostnames/addresses and ports. | 358 | * Search for next delimiter between hostnames/addresses and ports. |
341 | * Argument may be modified (for termination). | 359 | * Argument may be modified (for termination). |
342 | * Returns *cp if parsing succeeds. | 360 | * Returns *cp if parsing succeeds. |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.h,v 1.32 2006/07/06 16:03:53 stevesk Exp $ */ | 1 | /* $OpenBSD: misc.h,v 1.33 2006/07/10 12:46:51 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -28,6 +28,7 @@ int unset_nonblock(int); | |||
28 | void set_nodelay(int); | 28 | void set_nodelay(int); |
29 | int a2port(const char *); | 29 | int a2port(const char *); |
30 | int a2tun(const char *, int *); | 30 | int a2tun(const char *, int *); |
31 | char *put_host_port(const char *, u_short); | ||
31 | char *hpdelim(char **); | 32 | char *hpdelim(char **); |
32 | char *cleanhostname(char *); | 33 | char *cleanhostname(char *); |
33 | char *colon(char *); | 34 | char *colon(char *); |
diff --git a/sshconnect.c b/sshconnect.c index 3bc455eb4..f8450eadf 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.188 2006/07/06 16:03:53 stevesk Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.189 2006/07/10 12:46:51 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -514,12 +514,12 @@ confirm(const char *prompt) | |||
514 | * is not valid. the user_hostfile will not be updated if 'readonly' is true. | 514 | * is not valid. the user_hostfile will not be updated if 'readonly' is true. |
515 | */ | 515 | */ |
516 | static int | 516 | static int |
517 | check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | 517 | check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, |
518 | int readonly, const char *user_hostfile, const char *system_hostfile) | 518 | int readonly, const char *user_hostfile, const char *system_hostfile) |
519 | { | 519 | { |
520 | Key *file_key; | 520 | Key *file_key; |
521 | const char *type = key_type(host_key); | 521 | const char *type = key_type(host_key); |
522 | char *ip = NULL; | 522 | char *ip = NULL, *host = NULL; |
523 | char hostline[1000], *hostp, *fp; | 523 | char hostline[1000], *hostp, *fp; |
524 | HostStatus host_status; | 524 | HostStatus host_status; |
525 | HostStatus ip_status; | 525 | HostStatus ip_status; |
@@ -570,7 +570,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
570 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), | 570 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), |
571 | NULL, 0, NI_NUMERICHOST) != 0) | 571 | NULL, 0, NI_NUMERICHOST) != 0) |
572 | fatal("check_host_key: getnameinfo failed"); | 572 | fatal("check_host_key: getnameinfo failed"); |
573 | ip = xstrdup(ntop); | 573 | ip = put_host_port(ntop, options.port); |
574 | } else { | 574 | } else { |
575 | ip = xstrdup("<no hostip for proxy command>"); | 575 | ip = xstrdup("<no hostip for proxy command>"); |
576 | } | 576 | } |
@@ -578,18 +578,21 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
578 | * Turn off check_host_ip if the connection is to localhost, via proxy | 578 | * Turn off check_host_ip if the connection is to localhost, via proxy |
579 | * command or if we don't have a hostname to compare with | 579 | * command or if we don't have a hostname to compare with |
580 | */ | 580 | */ |
581 | if (options.check_host_ip && | 581 | if (options.check_host_ip && (local || |
582 | (local || strcmp(host, ip) == 0 || options.proxy_command != NULL)) | 582 | strcmp(hostname, ip) == 0 || options.proxy_command != NULL)) |
583 | options.check_host_ip = 0; | 583 | options.check_host_ip = 0; |
584 | 584 | ||
585 | /* | 585 | /* |
586 | * Allow the user to record the key under a different name. This is | 586 | * Allow the user to record the key under a different name or |
587 | * useful for ssh tunneling over forwarded connections or if you run | 587 | * differentiate a non-standard port. This is useful for ssh |
588 | * multiple sshd's on different ports on the same machine. | 588 | * tunneling over forwarded connections or if you run multiple |
589 | * sshd's on different ports on the same machine. | ||
589 | */ | 590 | */ |
590 | if (options.host_key_alias != NULL) { | 591 | if (options.host_key_alias != NULL) { |
591 | host = options.host_key_alias; | 592 | host = xstrdup(options.host_key_alias); |
592 | debug("using hostkeyalias: %s", host); | 593 | debug("using hostkeyalias: %s", host); |
594 | } else { | ||
595 | host = put_host_port(hostname, options.port); | ||
593 | } | 596 | } |
594 | 597 | ||
595 | /* | 598 | /* |
@@ -851,10 +854,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
851 | } | 854 | } |
852 | 855 | ||
853 | xfree(ip); | 856 | xfree(ip); |
857 | xfree(host); | ||
854 | return 0; | 858 | return 0; |
855 | 859 | ||
856 | fail: | 860 | fail: |
857 | xfree(ip); | 861 | xfree(ip); |
862 | xfree(host); | ||
858 | return -1; | 863 | return -1; |
859 | } | 864 | } |
860 | 865 | ||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.230 2006/02/24 20:31:31 jmc Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.231 2006/07/10 12:46:52 dtucker Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -588,6 +588,13 @@ A pattern may also be preceded by | |||
588 | to indicate negation: if the host name matches a negated | 588 | to indicate negation: if the host name matches a negated |
589 | pattern, it is not accepted (by that line) even if it matched another | 589 | pattern, it is not accepted (by that line) even if it matched another |
590 | pattern on the line. | 590 | pattern on the line. |
591 | A hostname or address may optionally be enclosed within | ||
592 | .Ql \&[ | ||
593 | and | ||
594 | .Ql \&] | ||
595 | brackets then followed by | ||
596 | .Ql \&: | ||
597 | and and a non-standard port number. | ||
591 | .Pp | 598 | .Pp |
592 | Alternately, hostnames may be stored in a hashed form which hides host names | 599 | Alternately, hostnames may be stored in a hashed form which hides host names |
593 | and addresses should the file's contents be disclosed. | 600 | and addresses should the file's contents be disclosed. |