summaryrefslogtreecommitdiff
path: root/sshconnect.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c54
1 files changed, 28 insertions, 26 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 11008e544..49190560d 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect.c,v 1.158 2004/06/21 17:36:31 avsm Exp $"); 16RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19 19
@@ -297,12 +297,6 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
297 * second). If proxy_command is non-NULL, it specifies the command (with %h 297 * second). If proxy_command is non-NULL, it specifies the command (with %h
298 * and %p substituted for host and port, respectively) to use to contact 298 * and %p substituted for host and port, respectively) to use to contact
299 * the daemon. 299 * the daemon.
300 * Return values:
301 * 0 for OK
302 * ECONNREFUSED if we got a "Connection Refused" by the peer on any address
303 * ECONNABORTED if we failed without a "Connection refused"
304 * Suitable error messages for the connection failure will already have been
305 * printed.
306 */ 300 */
307int 301int
308ssh_connect(const char *host, struct sockaddr_storage * hostaddr, 302ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
@@ -315,12 +309,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
315 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; 309 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
316 struct addrinfo hints, *ai, *aitop; 310 struct addrinfo hints, *ai, *aitop;
317 struct servent *sp; 311 struct servent *sp;
318 /*
319 * Did we get only other errors than "Connection refused" (which
320 * should block fallback to rsh and similar), or did we get at least
321 * one "Connection refused"?
322 */
323 int full_failure = 1;
324 312
325 debug2("ssh_connect: needpriv %d", needpriv); 313 debug2("ssh_connect: needpriv %d", needpriv);
326 314
@@ -381,8 +369,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
381 memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); 369 memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
382 break; 370 break;
383 } else { 371 } else {
384 if (errno == ECONNREFUSED)
385 full_failure = 0;
386 debug("connect to address %s port %s: %s", 372 debug("connect to address %s port %s: %s",
387 ntop, strport, strerror(errno)); 373 ntop, strport, strerror(errno));
388 /* 374 /*
@@ -408,9 +394,9 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
408 394
409 /* Return failure if we didn't get a successful connection. */ 395 /* Return failure if we didn't get a successful connection. */
410 if (attempt >= connection_attempts) { 396 if (attempt >= connection_attempts) {
411 logit("ssh: connect to host %s port %s: %s", 397 error("ssh: connect to host %s port %s: %s",
412 host, strport, strerror(errno)); 398 host, strport, strerror(errno));
413 return full_failure ? ECONNABORTED : ECONNREFUSED; 399 return (-1);
414 } 400 }
415 401
416 debug("Connection established."); 402 debug("Connection established.");
@@ -568,7 +554,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
568 char hostline[1000], *hostp, *fp; 554 char hostline[1000], *hostp, *fp;
569 HostStatus host_status; 555 HostStatus host_status;
570 HostStatus ip_status; 556 HostStatus ip_status;
571 int local = 0, host_ip_differ = 0; 557 int r, local = 0, host_ip_differ = 0;
572 int salen; 558 int salen;
573 char ntop[NI_MAXHOST]; 559 char ntop[NI_MAXHOST];
574 char msg[1024]; 560 char msg[1024];
@@ -692,7 +678,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
692 "'%.128s' not in list of known hosts.", 678 "'%.128s' not in list of known hosts.",
693 type, ip); 679 type, ip);
694 else if (!add_host_to_hostfile(user_hostfile, ip, 680 else if (!add_host_to_hostfile(user_hostfile, ip,
695 host_key)) 681 host_key, options.hash_known_hosts))
696 logit("Failed to add the %s host key for IP " 682 logit("Failed to add the %s host key for IP "
697 "address '%.128s' to the list of known " 683 "address '%.128s' to the list of known "
698 "hosts (%.30s).", type, ip, user_hostfile); 684 "hosts (%.30s).", type, ip, user_hostfile);
@@ -748,17 +734,33 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
748 if (!confirm(msg)) 734 if (!confirm(msg))
749 goto fail; 735 goto fail;
750 } 736 }
751 if (options.check_host_ip && ip_status == HOST_NEW) {
752 snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
753 hostp = hostline;
754 } else
755 hostp = host;
756
757 /* 737 /*
758 * If not in strict mode, add the key automatically to the 738 * If not in strict mode, add the key automatically to the
759 * local known_hosts file. 739 * local known_hosts file.
760 */ 740 */
761 if (!add_host_to_hostfile(user_hostfile, hostp, host_key)) 741 if (options.check_host_ip && ip_status == HOST_NEW) {
742 snprintf(hostline, sizeof(hostline), "%s,%s",
743 host, ip);
744 hostp = hostline;
745 if (options.hash_known_hosts) {
746 /* Add hash of host and IP separately */
747 r = add_host_to_hostfile(user_hostfile, host,
748 host_key, options.hash_known_hosts) &&
749 add_host_to_hostfile(user_hostfile, ip,
750 host_key, options.hash_known_hosts);
751 } else {
752 /* Add unhashed "host,ip" */
753 r = add_host_to_hostfile(user_hostfile,
754 hostline, host_key,
755 options.hash_known_hosts);
756 }
757 } else {
758 r = add_host_to_hostfile(user_hostfile, host, host_key,
759 options.hash_known_hosts);
760 hostp = host;
761 }
762
763 if (!r)
762 logit("Failed to add the host to the list of known " 764 logit("Failed to add the host to the list of known "
763 "hosts (%.500s).", user_hostfile); 765 "hosts (%.500s).", user_hostfile);
764 else 766 else
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 04:45:18 +0000