diff options
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 54 |
1 files changed, 28 insertions, 26 deletions
diff --git a/sshconnect.c b/sshconnect.c index 11008e544..49190560d 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.158 2004/06/21 17:36:31 avsm Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | 19 | ||
@@ -297,12 +297,6 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, | |||
297 | * second). If proxy_command is non-NULL, it specifies the command (with %h | 297 | * second). If proxy_command is non-NULL, it specifies the command (with %h |
298 | * and %p substituted for host and port, respectively) to use to contact | 298 | * and %p substituted for host and port, respectively) to use to contact |
299 | * the daemon. | 299 | * the daemon. |
300 | * Return values: | ||
301 | * 0 for OK | ||
302 | * ECONNREFUSED if we got a "Connection Refused" by the peer on any address | ||
303 | * ECONNABORTED if we failed without a "Connection refused" | ||
304 | * Suitable error messages for the connection failure will already have been | ||
305 | * printed. | ||
306 | */ | 300 | */ |
307 | int | 301 | int |
308 | ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | 302 | ssh_connect(const char *host, struct sockaddr_storage * hostaddr, |
@@ -315,12 +309,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
315 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; | 309 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
316 | struct addrinfo hints, *ai, *aitop; | 310 | struct addrinfo hints, *ai, *aitop; |
317 | struct servent *sp; | 311 | struct servent *sp; |
318 | /* | ||
319 | * Did we get only other errors than "Connection refused" (which | ||
320 | * should block fallback to rsh and similar), or did we get at least | ||
321 | * one "Connection refused"? | ||
322 | */ | ||
323 | int full_failure = 1; | ||
324 | 312 | ||
325 | debug2("ssh_connect: needpriv %d", needpriv); | 313 | debug2("ssh_connect: needpriv %d", needpriv); |
326 | 314 | ||
@@ -381,8 +369,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
381 | memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); | 369 | memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); |
382 | break; | 370 | break; |
383 | } else { | 371 | } else { |
384 | if (errno == ECONNREFUSED) | ||
385 | full_failure = 0; | ||
386 | debug("connect to address %s port %s: %s", | 372 | debug("connect to address %s port %s: %s", |
387 | ntop, strport, strerror(errno)); | 373 | ntop, strport, strerror(errno)); |
388 | /* | 374 | /* |
@@ -408,9 +394,9 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
408 | 394 | ||
409 | /* Return failure if we didn't get a successful connection. */ | 395 | /* Return failure if we didn't get a successful connection. */ |
410 | if (attempt >= connection_attempts) { | 396 | if (attempt >= connection_attempts) { |
411 | logit("ssh: connect to host %s port %s: %s", | 397 | error("ssh: connect to host %s port %s: %s", |
412 | host, strport, strerror(errno)); | 398 | host, strport, strerror(errno)); |
413 | return full_failure ? ECONNABORTED : ECONNREFUSED; | 399 | return (-1); |
414 | } | 400 | } |
415 | 401 | ||
416 | debug("Connection established."); | 402 | debug("Connection established."); |
@@ -568,7 +554,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
568 | char hostline[1000], *hostp, *fp; | 554 | char hostline[1000], *hostp, *fp; |
569 | HostStatus host_status; | 555 | HostStatus host_status; |
570 | HostStatus ip_status; | 556 | HostStatus ip_status; |
571 | int local = 0, host_ip_differ = 0; | 557 | int r, local = 0, host_ip_differ = 0; |
572 | int salen; | 558 | int salen; |
573 | char ntop[NI_MAXHOST]; | 559 | char ntop[NI_MAXHOST]; |
574 | char msg[1024]; | 560 | char msg[1024]; |
@@ -692,7 +678,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
692 | "'%.128s' not in list of known hosts.", | 678 | "'%.128s' not in list of known hosts.", |
693 | type, ip); | 679 | type, ip); |
694 | else if (!add_host_to_hostfile(user_hostfile, ip, | 680 | else if (!add_host_to_hostfile(user_hostfile, ip, |
695 | host_key)) | 681 | host_key, options.hash_known_hosts)) |
696 | logit("Failed to add the %s host key for IP " | 682 | logit("Failed to add the %s host key for IP " |
697 | "address '%.128s' to the list of known " | 683 | "address '%.128s' to the list of known " |
698 | "hosts (%.30s).", type, ip, user_hostfile); | 684 | "hosts (%.30s).", type, ip, user_hostfile); |
@@ -748,17 +734,33 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
748 | if (!confirm(msg)) | 734 | if (!confirm(msg)) |
749 | goto fail; | 735 | goto fail; |
750 | } | 736 | } |
751 | if (options.check_host_ip && ip_status == HOST_NEW) { | ||
752 | snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); | ||
753 | hostp = hostline; | ||
754 | } else | ||
755 | hostp = host; | ||
756 | |||
757 | /* | 737 | /* |
758 | * If not in strict mode, add the key automatically to the | 738 | * If not in strict mode, add the key automatically to the |
759 | * local known_hosts file. | 739 | * local known_hosts file. |
760 | */ | 740 | */ |
761 | if (!add_host_to_hostfile(user_hostfile, hostp, host_key)) | 741 | if (options.check_host_ip && ip_status == HOST_NEW) { |
742 | snprintf(hostline, sizeof(hostline), "%s,%s", | ||
743 | host, ip); | ||
744 | hostp = hostline; | ||
745 | if (options.hash_known_hosts) { | ||
746 | /* Add hash of host and IP separately */ | ||
747 | r = add_host_to_hostfile(user_hostfile, host, | ||
748 | host_key, options.hash_known_hosts) && | ||
749 | add_host_to_hostfile(user_hostfile, ip, | ||
750 | host_key, options.hash_known_hosts); | ||
751 | } else { | ||
752 | /* Add unhashed "host,ip" */ | ||
753 | r = add_host_to_hostfile(user_hostfile, | ||
754 | hostline, host_key, | ||
755 | options.hash_known_hosts); | ||
756 | } | ||
757 | } else { | ||
758 | r = add_host_to_hostfile(user_hostfile, host, host_key, | ||
759 | options.hash_known_hosts); | ||
760 | hostp = host; | ||
761 | } | ||
762 | |||
763 | if (!r) | ||
762 | logit("Failed to add the host to the list of known " | 764 | logit("Failed to add the host to the list of known " |
763 | "hosts (%.500s).", user_hostfile); | 765 | "hosts (%.500s).", user_hostfile); |
764 | else | 766 | else |