summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog7
-rw-r--r--sshconnect.c34
2 files changed, 31 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 74dfec38f..a97e77aaf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,11 @@
35 avoid confusing wording in HashKnownHosts: 35 avoid confusing wording in HashKnownHosts:
36 originally spotted by alan amesbury; 36 originally spotted by alan amesbury;
37 ok deraadt 37 ok deraadt
38 - dtucker@cvs.openbsd.org 2006/08/01 11:34:36
39 [sshconnect.c]
40 Allow fallback to known_hosts entries without port qualifiers for
41 non-standard ports too, so that all existing known_hosts entries will be
42 recognised. Requested by, feedback and ok markus@
38 43
3920060804 4420060804
40 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent 45 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent
@@ -5105,4 +5110,4 @@
5105 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 5110 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
5106 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 5111 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
5107 5112
5108$Id: ChangeLog,v 1.4448 2006/08/05 01:35:23 djm Exp $ 5113$Id: ChangeLog,v 1.4449 2006/08/05 01:35:45 djm Exp $
diff --git a/sshconnect.c b/sshconnect.c
index d70410a8e..54e664830 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.196 2006/07/26 13:57:17 stevesk Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.197 2006/08/01 11:34:36 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -521,9 +521,13 @@ confirm(const char *prompt)
521 * check whether the supplied host key is valid, return -1 if the key 521 * check whether the supplied host key is valid, return -1 if the key
522 * is not valid. the user_hostfile will not be updated if 'readonly' is true. 522 * is not valid. the user_hostfile will not be updated if 'readonly' is true.
523 */ 523 */
524#define RDRW 0
525#define RDONLY 1
526#define ROQUIET 2
524static int 527static int
525check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, 528check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
526 int readonly, const char *user_hostfile, const char *system_hostfile) 529 Key *host_key, int readonly, const char *user_hostfile,
530 const char *system_hostfile)
527{ 531{
528 Key *file_key; 532 Key *file_key;
529 const char *type = key_type(host_key); 533 const char *type = key_type(host_key);
@@ -578,7 +582,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
578 if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), 582 if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
579 NULL, 0, NI_NUMERICHOST) != 0) 583 NULL, 0, NI_NUMERICHOST) != 0)
580 fatal("check_host_key: getnameinfo failed"); 584 fatal("check_host_key: getnameinfo failed");
581 ip = put_host_port(ntop, options.port); 585 ip = put_host_port(ntop, port);
582 } else { 586 } else {
583 ip = xstrdup("<no hostip for proxy command>"); 587 ip = xstrdup("<no hostip for proxy command>");
584 } 588 }
@@ -600,7 +604,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
600 host = xstrdup(options.host_key_alias); 604 host = xstrdup(options.host_key_alias);
601 debug("using hostkeyalias: %s", host); 605 debug("using hostkeyalias: %s", host);
602 } else { 606 } else {
603 host = put_host_port(hostname, options.port); 607 host = put_host_port(hostname, port);
604 } 608 }
605 609
606 /* 610 /*
@@ -669,6 +673,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
669 } 673 }
670 break; 674 break;
671 case HOST_NEW: 675 case HOST_NEW:
676 if (options.host_key_alias == NULL && port != 0 &&
677 port != SSH_DEFAULT_PORT) {
678 debug("checking without port identifier");
679 if (check_host_key(hostname, hostaddr, 0, host_key, 2,
680 user_hostfile, system_hostfile) == 0) {
681 debug("found matching key w/out port");
682 break;
683 }
684 }
672 if (readonly) 685 if (readonly)
673 goto fail; 686 goto fail;
674 /* The host is new. */ 687 /* The host is new. */
@@ -748,6 +761,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
748 "list of known hosts.", hostp, type); 761 "list of known hosts.", hostp, type);
749 break; 762 break;
750 case HOST_CHANGED: 763 case HOST_CHANGED:
764 if (readonly == ROQUIET)
765 goto fail;
751 if (options.check_host_ip && host_ip_differ) { 766 if (options.check_host_ip && host_ip_differ) {
752 char *key_msg; 767 char *key_msg;
753 if (ip_status == HOST_NEW) 768 if (ip_status == HOST_NEW)
@@ -906,12 +921,13 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
906 /* return ok if the key can be found in an old keyfile */ 921 /* return ok if the key can be found in an old keyfile */
907 if (stat(options.system_hostfile2, &st) == 0 || 922 if (stat(options.system_hostfile2, &st) == 0 ||
908 stat(options.user_hostfile2, &st) == 0) { 923 stat(options.user_hostfile2, &st) == 0) {
909 if (check_host_key(host, hostaddr, host_key, /*readonly*/ 1, 924 if (check_host_key(host, hostaddr, options.port, host_key,
910 options.user_hostfile2, options.system_hostfile2) == 0) 925 RDONLY, options.user_hostfile2,
926 options.system_hostfile2) == 0)
911 return 0; 927 return 0;
912 } 928 }
913 return check_host_key(host, hostaddr, host_key, /*readonly*/ 0, 929 return check_host_key(host, hostaddr, options.port, host_key,
914 options.user_hostfile, options.system_hostfile); 930 RDRW, options.user_hostfile, options.system_hostfile);
915} 931}
916 932
917/* 933/*
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-27 14:45:26 +0000