diff options
Diffstat (limited to 'sshconnect.c')
| -rw-r--r-- | sshconnect.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/sshconnect.c b/sshconnect.c index b33f20958..b54e75a8a 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: sshconnect.c,v 1.81 2000/11/06 23:16:35 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.83 2000/11/30 22:53:35 markus Exp $"); |
| 17 | 17 | ||
| 18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
| 19 | #include <openssl/dsa.h> | 19 | #include <openssl/dsa.h> |
| @@ -508,13 +508,11 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 508 | if (options.proxy_command != NULL && options.check_host_ip) | 508 | if (options.proxy_command != NULL && options.check_host_ip) |
| 509 | options.check_host_ip = 0; | 509 | options.check_host_ip = 0; |
| 510 | 510 | ||
| 511 | if (options.check_host_ip) { | 511 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), |
| 512 | if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), | 512 | NULL, 0, NI_NUMERICHOST) != 0) |
| 513 | NULL, 0, NI_NUMERICHOST) != 0) | 513 | fatal("check_host_key: getnameinfo failed"); |
| 514 | fatal("check_host_key: getnameinfo failed"); | 514 | ip = xstrdup(ntop); |
| 515 | ip = xstrdup(ntop); | 515 | |
| 516 | } | ||
| 517 | |||
| 518 | /* | 516 | /* |
| 519 | * Store the host key from the known host file in here so that we can | 517 | * Store the host key from the known host file in here so that we can |
| 520 | * compare it with the key for the IP address. | 518 | * compare it with the key for the IP address. |
| @@ -577,10 +575,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 577 | char prompt[1024]; | 575 | char prompt[1024]; |
| 578 | char *fp = key_fingerprint(host_key); | 576 | char *fp = key_fingerprint(host_key); |
| 579 | snprintf(prompt, sizeof(prompt), | 577 | snprintf(prompt, sizeof(prompt), |
| 580 | "The authenticity of host '%.200s' can't be established.\n" | 578 | "The authenticity of host '%.200s (%s)' can't be established.\n" |
| 581 | "%s key fingerprint is %s.\n" | 579 | "%s key fingerprint is %s.\n" |
| 582 | "Are you sure you want to continue connecting (yes/no)? ", | 580 | "Are you sure you want to continue connecting (yes/no)? ", |
| 583 | host, type, fp); | 581 | host, ip, type, fp); |
| 584 | if (!read_yes_or_no(prompt, -1)) | 582 | if (!read_yes_or_no(prompt, -1)) |
| 585 | fatal("Aborted by user!\n"); | 583 | fatal("Aborted by user!\n"); |
| 586 | } | 584 | } |
| @@ -647,6 +645,14 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 647 | error("Agent forwarding is disabled to avoid trojan horses."); | 645 | error("Agent forwarding is disabled to avoid trojan horses."); |
| 648 | options.forward_agent = 0; | 646 | options.forward_agent = 0; |
| 649 | } | 647 | } |
| 648 | if (options.forward_x11) { | ||
| 649 | error("X11 forwarding is disabled to avoid trojan horses."); | ||
| 650 | options.forward_x11 = 0; | ||
| 651 | } | ||
| 652 | if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) { | ||
| 653 | error("Port forwarding is disabled to avoid trojan horses."); | ||
| 654 | options.num_local_forwards = options.num_remote_forwards = 0; | ||
| 655 | } | ||
| 650 | /* | 656 | /* |
| 651 | * XXX Should permit the user to change to use the new id. | 657 | * XXX Should permit the user to change to use the new id. |
| 652 | * This could be done by converting the host key to an | 658 | * This could be done by converting the host key to an |
| @@ -656,8 +662,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 656 | */ | 662 | */ |
| 657 | break; | 663 | break; |
| 658 | } | 664 | } |
| 659 | if (options.check_host_ip) | 665 | |
| 660 | xfree(ip); | 666 | xfree(ip); |
| 661 | } | 667 | } |
| 662 | 668 | ||
| 663 | /* | 669 | /* |