/usr/src/usr.bin/ssh/ssh/../sshconnect.c

Bug Summary

File:	src/usr.bin/ssh/ssh/../sshconnect.c
Warning:	line 994, column 36 Access to field 'key' results in a dereference of a null pointer (loaded from variable 'host_found')
Annotated Source Code

Press '?' to see keyboard shortcuts
Show analyzer invocation
clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name sshconnect.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/ssh/ssh/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/usr.bin/ssh/ssh/.. -D WITH_OPENSSL -D WITH_ZLIB -D ENABLE_PKCS11 -D HAVE_DLOPEN -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -fdebug-compilation-dir=/usr/src/usr.bin/ssh/ssh/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.bin/ssh/ssh/../sshconnect.c
1/* $OpenBSD: sshconnect.c,v 1.356 2021/12/19 22:10:24 djm Exp $ */
2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 *                    All rights reserved
6 * Code to connect to a remote host, and to perform the client side of the
7 * login (authentication) dialog.
8 *
9 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose.  Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 */
15 
16#include <sys/types.h>
17#include <sys/wait.h>
18#include <sys/stat.h>
19#include <sys/socket.h>
20#include <sys/time.h>
21 
22#include <net/if.h>
23#include <netinet/in.h>
24 
25#include <ctype.h>
26#include <errno(*__errno()).h>
27#include <fcntl.h>
28#include <netdb.h>
29#include <limits.h>
30#include <paths.h>
31#include <signal.h>
32#include <pwd.h>
33#include <stdio.h>
34#include <stdlib.h>
35#include <stdarg.h>
36#include <string.h>
37#include <unistd.h>
38#include <ifaddrs.h>
39 
40#include "xmalloc.h"
41#include "ssh.h"
42#include "sshbuf.h"
43#include "packet.h"
44#include "compat.h"
45#include "sshkey.h"
46#include "sshconnect.h"
47#include "hostfile.h"
48#include "log.h"
49#include "misc.h"
50#include "readconf.h"
51#include "atomicio.h"
52#include "dns.h"
53#include "monitor_fdpass.h"
54#include "ssh2.h"
55#include "version.h"
56#include "authfile.h"
57#include "ssherr.h"
58#include "authfd.h"
59#include "kex.h"
60 
61struct sshkey *previous_host_key = NULL((void *)0);
62 
63static int matching_host_key_dns = 0;
64 
65static pid_t proxy_command_pid = 0;
66 
67/* import */
68extern int debug_flag;
69extern Options options;
70extern char *__progname;
71 
72static int show_other_keys(struct hostkeys *, struct sshkey *);
73static void warn_changed_key(struct sshkey *);
74 
75/* Expand a proxy command */
76static char *
77expand_proxy_command(const char *proxy_command, const char *user,
78    const char *host, const char *host_arg, int port)
79{
80	char *tmp, *ret, strport[NI_MAXSERV32];
81	const char *keyalias = options.host_key_alias ?
82	    options.host_key_alias : host_arg;
83 
84	snprintf(strport, sizeof strport, "%d", port);
85	xasprintf(&tmp, "exec %s", proxy_command);
86	ret = percent_expand(tmp,
87	    "h", host,
88	    "k", keyalias,
89	    "n", host_arg,
90	    "p", strport,
91	    "r", options.user,
92	    (char *)NULL((void *)0));
93	free(tmp);
94	return ret;
95}
96 
97/*
98 * Connect to the given ssh server using a proxy command that passes a
99 * a connected fd back to us.
100 */
101static int
102ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
103    const char *host_arg, u_short port, const char *proxy_command)
104{
105	char *command_string;
106	int sp[2], sock;
107	pid_t pid;
108	char *shell;
109 
110	if ((shell = getenv("SHELL")) == NULL((void *)0))
111		shell = _PATH_BSHELL"/bin/sh";
112 
113	if (socketpair(AF_UNIX1, SOCK_STREAM1, 0, sp) == -1)
114		fatal("Could not create socketpair to communicate with "sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 115, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create socketpair to communicate with "
 "proxy dialer: %.100s", strerror((*__errno())))
115		    "proxy dialer: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 115, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create socketpair to communicate with "
 "proxy dialer: %.100s", strerror((*__errno())));
116 
117	command_string = expand_proxy_command(proxy_command, options.user,
118	    host, host_arg, port);
119	debug("Executing proxy dialer command: %.500s", command_string)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 119
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Executing proxy dialer command: %.500s"
, command_string);
120 
121	/* Fork and execute the proxy command. */
122	if ((pid = fork()) == 0) {
123		char *argv[10];
124 
125		close(sp[1]);
126		/* Redirect stdin and stdout. */
127		if (sp[0] != 0) {
128			if (dup2(sp[0], 0) == -1)
129				perror("dup2 stdin");
130		}
131		if (sp[0] != 1) {
132			if (dup2(sp[0], 1) == -1)
133				perror("dup2 stdout");
134		}
135		if (sp[0] >= 2)
136			close(sp[0]);
137 
138		/*
139		 * Stderr is left for non-ControlPersist connections is so
140		 * error messages may be printed on the user's terminal.
141		 */
142		if (!debug_flag && options.control_path != NULL((void *)0) &&
143		    options.control_persist && stdfd_devnull(0, 0, 1) == -1)
144			error_f("stdfd_devnull failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 144
, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "stdfd_devnull failed");
145 
146		argv[0] = shell;
147		argv[1] = "-c";
148		argv[2] = command_string;
149		argv[3] = NULL((void *)0);
150 
151		/*
152		 * Execute the proxy command.
153		 * Note that we gave up any extra privileges above.
154		 */
155		execv(argv[0], argv);
156		perror(argv[0]);
157		exit(1);
158	}
159	/* Parent. */
160	if (pid == -1)
161		fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 161, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fork failed: %.100s"
, strerror((*__errno())));
162	close(sp[0]);
163	free(command_string);
164 
165	if ((sock = mm_receive_fd(sp[1])) == -1)
166		fatal("proxy dialer did not pass back a connection")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 166, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "proxy dialer did not pass back a connection"
);
167	close(sp[1]);
168 
169	while (waitpid(pid, NULL((void *)0), 0) == -1)
170		if (errno(*__errno()) != EINTR4)
171			fatal("Couldn't wait for child: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 171, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Couldn't wait for child: %s"
, strerror((*__errno())));
172 
173	/* Set the connection file descriptors. */
174	if (ssh_packet_set_connection(ssh, sock, sock) == NULL((void *)0))
175		return -1; /* ssh_packet_set_connection logs error */
176 
177	return 0;
178}
179 
180/*
181 * Connect to the given ssh server using a proxy command.
182 */
183static int
184ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
185    u_short port, const char *proxy_command)
186{
187	char *command_string;
188	int pin[2], pout[2];
189	pid_t pid;
190	char *shell;
191 
192	if ((shell = getenv("SHELL")) == NULL((void *)0) || *shell == '\0')
193		shell = _PATH_BSHELL"/bin/sh";
194 
195	/* Create pipes for communicating with the proxy. */
196	if (pipe(pin) == -1 || pipe(pout) == -1)
197		fatal("Could not create pipes to communicate with the proxy: %.100s",sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 198, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create pipes to communicate with the proxy: %.100s"
, strerror((*__errno())))
198		    strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 198, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create pipes to communicate with the proxy: %.100s"
, strerror((*__errno())));
199 
200	command_string = expand_proxy_command(proxy_command, options.user,
201	    host, host_arg, port);
202	debug("Executing proxy command: %.500s", command_string)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 202
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Executing proxy command: %.500s"
, command_string);
203 
204	/* Fork and execute the proxy command. */
205	if ((pid = fork()) == 0) {
206		char *argv[10];
207 
208		/* Redirect stdin and stdout. */
209		close(pin[1]);
210		if (pin[0] != 0) {
211			if (dup2(pin[0], 0) == -1)
212				perror("dup2 stdin");
213			close(pin[0]);
214		}
215		close(pout[0]);
216		if (dup2(pout[1], 1) == -1)
217			perror("dup2 stdout");
218		/* Cannot be 1 because pin allocated two descriptors. */
219		close(pout[1]);
220 
221		/*
222		 * Stderr is left for non-ControlPersist connections is so
223		 * error messages may be printed on the user's terminal.
224		 */
225		if (!debug_flag && options.control_path != NULL((void *)0) &&
226		    options.control_persist && stdfd_devnull(0, 0, 1) == -1)
227			error_f("stdfd_devnull failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 227
, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "stdfd_devnull failed");
228 
229		argv[0] = shell;
230		argv[1] = "-c";
231		argv[2] = command_string;
232		argv[3] = NULL((void *)0);
233 
234		/*
235		 * Execute the proxy command.  Note that we gave up any
236		 * extra privileges above.
237		 */
238		ssh_signal(SIGPIPE13, SIG_DFL(void (*)(int))0);
239		execv(argv[0], argv);
240		perror(argv[0]);
241		exit(1);
242	}
243	/* Parent. */
244	if (pid == -1)
245		fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 245, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fork failed: %.100s"
, strerror((*__errno())));
246	else
247		proxy_command_pid = pid; /* save pid to clean up later */
248 
249	/* Close child side of the descriptors. */
250	close(pin[0]);
251	close(pout[1]);
252 
253	/* Free the command name. */
254	free(command_string);
255 
256	/* Set the connection file descriptors. */
257	if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == NULL((void *)0))
258		return -1; /* ssh_packet_set_connection logs error */
259 
260	return 0;
261}
262 
263void
264ssh_kill_proxy_command(void)
265{
266	/*
267	 * Send SIGHUP to proxy command if used. We don't wait() in
268	 * case it hangs and instead rely on init to reap the child
269	 */
270	if (proxy_command_pid > 1)
271		kill(proxy_command_pid, SIGHUP1);
272}
273 
274/*
275 * Search a interface address list (returned from getifaddrs(3)) for an
276 * address that matches the desired address family on the specified interface.
277 * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure.
278 */
279static int
280check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs,
281    struct sockaddr_storage *resultp, socklen_t *rlenp)
282{
283	struct sockaddr_in6 *sa6;
284	struct sockaddr_in *sa;
285	struct in6_addr *v6addr;
286	const struct ifaddrs *ifa;
287	int allow_local;
288 
289	/*
290	 * Prefer addresses that are not loopback or linklocal, but use them
291	 * if nothing else matches.
292	 */
293	for (allow_local = 0; allow_local < 2; allow_local++) {
294		for (ifa = ifaddrs; ifa != NULL((void *)0); ifa = ifa->ifa_next) {
295			if (ifa->ifa_addr == NULL((void *)0) || ifa->ifa_name == NULL((void *)0) ||
296			    (ifa->ifa_flags & IFF_UP0x1) == 0 ||
297			    ifa->ifa_addr->sa_family != af ||
298			    strcmp(ifa->ifa_name, options.bind_interface) != 0)
299				continue;
300			switch (ifa->ifa_addr->sa_family) {
301			case AF_INET2:
302				sa = (struct sockaddr_in *)ifa->ifa_addr;
303				if (!allow_local && sa->sin_addr.s_addr ==
304				    htonl(INADDR_LOOPBACK)(__uint32_t)(__builtin_constant_p(((u_int32_t)(0x7f000001))) ?
 (__uint32_t)(((__uint32_t)(((u_int32_t)(0x7f000001))) & 0xff
) << 24 | ((__uint32_t)(((u_int32_t)(0x7f000001))) &
 0xff00) << 8 | ((__uint32_t)(((u_int32_t)(0x7f000001))
) & 0xff0000) >> 8 | ((__uint32_t)(((u_int32_t)(0x7f000001
))) & 0xff000000) >> 24) : __swap32md(((u_int32_t)(
0x7f000001)))))
305					continue;
306				if (*rlenp < sizeof(struct sockaddr_in)) {
307					error_f("v4 addr doesn't fit")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 307
, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "v4 addr doesn't fit");
308					return -1;
309				}
310				*rlenp = sizeof(struct sockaddr_in);
311				memcpy(resultp, sa, *rlenp);
312				return 0;
313			case AF_INET624:
314				sa6 = (struct sockaddr_in6 *)ifa->ifa_addr;
315				v6addr = &sa6->sin6_addr;
316				if (!allow_local &&
317				    (IN6_IS_ADDR_LINKLOCAL(v6addr)(((v6addr)->__u6_addr.__u6_addr8[0] == 0xfe) && ((
(v6addr)->__u6_addr.__u6_addr8[1] & 0xc0) == 0x80)) ||
318				    IN6_IS_ADDR_LOOPBACK(v6addr)((*(const u_int32_t *)(const void *)(&(v6addr)->__u6_addr
.__u6_addr8[0]) == 0) && (*(const u_int32_t *)(const void
 *)(&(v6addr)->__u6_addr.__u6_addr8[4]) == 0) &&
 (*(const u_int32_t *)(const void *)(&(v6addr)->__u6_addr
.__u6_addr8[8]) == 0) && (*(const u_int32_t *)(const void
 *)(&(v6addr)->__u6_addr.__u6_addr8[12]) == (__uint32_t
)(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) &
 0xff) << 24 | ((__uint32_t)(1) & 0xff00) << 8
 | ((__uint32_t)(1) & 0xff0000) >> 8 | ((__uint32_t
)(1) & 0xff000000) >> 24) : __swap32md(1))))))
319					continue;
320				if (*rlenp < sizeof(struct sockaddr_in6)) {
321					error_f("v6 addr doesn't fit")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 321
, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "v6 addr doesn't fit");
322					return -1;
323				}
324				*rlenp = sizeof(struct sockaddr_in6);
325				memcpy(resultp, sa6, *rlenp);
326				return 0;
327			}
328		}
329	}
330	return -1;
331}
332 
333/*
334 * Creates a socket for use as the ssh connection.
335 */
336static int
337ssh_create_socket(struct addrinfo *ai)
338{
339	int sock, r;
340	struct sockaddr_storage bindaddr;
341	socklen_t bindaddrlen = 0;
342	struct addrinfo hints, *res = NULL((void *)0);
343	struct ifaddrs *ifaddrs = NULL((void *)0);
344	char ntop[NI_MAXHOST256];
345 
346	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
347	if (sock == -1) {
348		error("socket: %s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 348
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "socket: %s", strerror(
(*__errno())));
349		return -1;
350	}
351	fcntl(sock, F_SETFD2, FD_CLOEXEC1);
352 
353	/* Use interactive QOS (if specified) until authentication completed */
354	if (options.ip_qos_interactive != INT_MAX2147483647)
355		set_sock_tos(sock, options.ip_qos_interactive);
356 
357	/* Bind the socket to an alternative local IP address */
358	if (options.bind_address == NULL((void *)0) && options.bind_interface == NULL((void *)0))
359		return sock;
360 
361	if (options.bind_address != NULL((void *)0)) {
362		memset(&hints, 0, sizeof(hints));
363		hints.ai_family = ai->ai_family;
364		hints.ai_socktype = ai->ai_socktype;
365		hints.ai_protocol = ai->ai_protocol;
366		hints.ai_flags = AI_PASSIVE1;
367		if ((r = getaddrinfo(options.bind_address, NULL((void *)0),
368		    &hints, &res)) != 0) {
369			error("getaddrinfo: %s: %s", options.bind_address,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 370
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: %s: %s", options
.bind_address, ssh_gai_strerror(r))
370			    ssh_gai_strerror(r))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 370
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: %s: %s", options
.bind_address, ssh_gai_strerror(r));
371			goto fail;
372		}
373		if (res == NULL((void *)0)) {
374			error("getaddrinfo: no addrs")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 374
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: no addrs"
);
375			goto fail;
376		}
377		memcpy(&bindaddr, res->ai_addr, res->ai_addrlen);
378		bindaddrlen = res->ai_addrlen;
379	} else if (options.bind_interface != NULL((void *)0)) {
380		if ((r = getifaddrs(&ifaddrs)) != 0) {
381			error("getifaddrs: %s: %s", options.bind_interface,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 382
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getifaddrs: %s: %s", options
.bind_interface, strerror((*__errno())))
382			    strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 382
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getifaddrs: %s: %s", options
.bind_interface, strerror((*__errno())));
383			goto fail;
384		}
385		bindaddrlen = sizeof(bindaddr);
386		if (check_ifaddrs(options.bind_interface, ai->ai_family,
387		    ifaddrs, &bindaddr, &bindaddrlen) != 0) {
388			logit("getifaddrs: %s: no suitable addresses",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 389
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "getifaddrs: %s: no suitable addresses"
, options.bind_interface)
389			    options.bind_interface)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 389
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "getifaddrs: %s: no suitable addresses"
, options.bind_interface);
390			goto fail;
391		}
392	}
393	if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen,
394	    ntop, sizeof(ntop), NULL((void *)0), 0, NI_NUMERICHOST1)) != 0) {
395		error_f("getnameinfo failed: %s", ssh_gai_strerror(r))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 395
, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "getnameinfo failed: %s"
, ssh_gai_strerror(r));
396		goto fail;
397	}
398	if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
399		error("bind %s: %s", ntop, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 399
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "bind %s: %s", ntop, strerror
((*__errno())));
400		goto fail;
401	}
402	debug_f("bound to %s", ntop)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 402
, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "bound to %s", ntop);
403	/* success */
404	goto out;
405fail:
406	close(sock);
407	sock = -1;
408 out:
409	if (res != NULL((void *)0))
410		freeaddrinfo(res);
411	if (ifaddrs != NULL((void *)0))
412		freeifaddrs(ifaddrs);
413	return sock;
414}
415 
416/*
417 * Opens a TCP/IP connection to the remote server on the given host.
418 * The address of the remote host will be returned in hostaddr.
419 * If port is 0, the default port will be used.
420 * Connection_attempts specifies the maximum number of tries (one per
421 * second).  If proxy_command is non-NULL, it specifies the command (with %h
422 * and %p substituted for host and port, respectively) to use to contact
423 * the daemon.
424 */
425static int
426ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
427    struct sockaddr_storage *hostaddr, u_short port, int connection_attempts,
428    int *timeout_ms, int want_keepalive)
429{
430	int on = 1, saved_timeout_ms = *timeout_ms;
431	int oerrno, sock = -1, attempt;
432	char ntop[NI_MAXHOST256], strport[NI_MAXSERV32];
433	struct addrinfo *ai;
434 
435	debug3_f("entering")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 435
, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "entering");
436	memset(ntop, 0, sizeof(ntop));
437	memset(strport, 0, sizeof(strport));
438 
439	for (attempt = 0; attempt < connection_attempts; attempt++) {
440		if (attempt > 0) {
441			/* Sleep a moment before retrying. */
442			sleep(1);
443			debug("Trying again...")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 443
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Trying again...");
444		}
445		/*
446		 * Loop through addresses for this host, and try each one in
447		 * sequence until the connection succeeds.
448		 */
449		for (ai = aitop; ai; ai = ai->ai_next) {
450			if (ai->ai_family != AF_INET2 &&
451			    ai->ai_family != AF_INET624) {
452				errno(*__errno()) = EAFNOSUPPORT47;
453				continue;
454			}
455			if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
456			    ntop, sizeof(ntop), strport, sizeof(strport),
457			    NI_NUMERICHOST1|NI_NUMERICSERV2) != 0) {
458				oerrno = errno(*__errno());
459				error_f("getnameinfo failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 459
, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "getnameinfo failed");
460				errno(*__errno()) = oerrno;
461				continue;
462			}
463			debug("Connecting to %.200s [%.100s] port %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 464
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connecting to %.200s [%.100s] port %s."
, host, ntop, strport)
464				host, ntop, strport)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 464
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connecting to %.200s [%.100s] port %s."
, host, ntop, strport);
465 
466			/* Create a socket for connecting. */
467			sock = ssh_create_socket(ai);
468			if (sock < 0) {
469				/* Any error is already output */
470				errno(*__errno()) = 0;
471				continue;
472			}
473 
474			*timeout_ms = saved_timeout_ms;
475			if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
476			    timeout_ms) >= 0) {
477				/* Successful connection. */
478				memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
479				break;
480			} else {
481				oerrno = errno(*__errno());
482				debug("connect to address %s port %s: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 483
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "connect to address %s port %s: %s"
, ntop, strport, strerror((*__errno())))
483				    ntop, strport, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 483
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "connect to address %s port %s: %s"
, ntop, strport, strerror((*__errno())));
484				close(sock);
485				sock = -1;
486				errno(*__errno()) = oerrno;
487			}
488		}
489		if (sock != -1)
490			break;	/* Successful connection. */
491	}
492 
493	/* Return failure if we didn't get a successful connection. */
494	if (sock == -1) {
495		error("ssh: connect to host %s port %s: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 496
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "ssh: connect to host %s port %s: %s"
, host, strport, (*__errno()) == 0 ? "failure" : strerror((*__errno
())))
496		    host, strport, errno == 0 ? "failure" : strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 496
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "ssh: connect to host %s port %s: %s"
, host, strport, (*__errno()) == 0 ? "failure" : strerror((*__errno
())));
497		return -1;
498	}
499 
500	debug("Connection established.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 500
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connection established."
);
501 
502	/* Set SO_KEEPALIVE if requested. */
503	if (want_keepalive &&
504	    setsockopt(sock, SOL_SOCKET0xffff, SO_KEEPALIVE0x0008, (void *)&on,
505	    sizeof(on)) == -1)
506		error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 506
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "setsockopt SO_KEEPALIVE: %.100s"
, strerror((*__errno())));
507 
508	/* Set the connection. */
509	if (ssh_packet_set_connection(ssh, sock, sock) == NULL((void *)0))
510		return -1; /* ssh_packet_set_connection logs error */
511 
512	return 0;
513}
514 
515int
516ssh_connect(struct ssh *ssh, const char *host, const char *host_arg,
517    struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port,
518    int connection_attempts, int *timeout_ms, int want_keepalive)
519{
520	int in, out;
521 
522	if (options.proxy_command == NULL((void *)0)) {
523		return ssh_connect_direct(ssh, host, addrs, hostaddr, port,
524		    connection_attempts, timeout_ms, want_keepalive);
525	} else if (strcmp(options.proxy_command, "-") == 0) {
526		if ((in = dup(STDIN_FILENO0)) == -1 ||
527		    (out = dup(STDOUT_FILENO1)) == -1) {
528			if (in >= 0)
529				close(in);
530			error_f("dup() in/out failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 530
, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "dup() in/out failed");
531			return -1; /* ssh_packet_set_connection logs error */
532		}
533		if ((ssh_packet_set_connection(ssh, in, out)) == NULL((void *)0))
534			return -1; /* ssh_packet_set_connection logs error */
535		return 0;
536	} else if (options.proxy_use_fdpass) {
537		return ssh_proxy_fdpass_connect(ssh, host, host_arg, port,
538		    options.proxy_command);
539	}
540	return ssh_proxy_connect(ssh, host, host_arg, port,
541	    options.proxy_command);
542}
543 
544/* defaults to 'no' */
545static int
546confirm(const char *prompt, const char *fingerprint)
547{
548	const char *msg, *again = "Please type 'yes' or 'no': ";
549	const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
550	char *p, *cp;
551	int ret = -1;
552 
553	if (options.batch_mode)
554		return 0;
555	for (msg = prompt;;msg = fingerprint ? again_fp : again) {
556		cp = p = read_passphrase(msg, RP_ECHO0x0001);
557		if (p == NULL((void *)0))
558			return 0;
559		p += strspn(p, " \t"); /* skip leading whitespace */
560		p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */
561		if (p[0] == '\0' || strcasecmp(p, "no") == 0)
562			ret = 0;
563		else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL((void *)0) &&
564		    strcmp(p, fingerprint) == 0))
565			ret = 1;
566		free(cp);
567		if (ret != -1)
568			return ret;
569	}
570}
571 
572static int
573sockaddr_is_local(struct sockaddr *hostaddr)
574{
575	switch (hostaddr->sa_family) {
576	case AF_INET2:
577		return (ntohl(((struct sockaddr_in *)hostaddr)->(__uint32_t)(__builtin_constant_p(((struct sockaddr_in *)hostaddr
)-> sin_addr.s_addr) ? (__uint32_t)(((__uint32_t)(((struct
 sockaddr_in *)hostaddr)-> sin_addr.s_addr) & 0xff) <<
 24 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr
.s_addr) & 0xff00) << 8 | ((__uint32_t)(((struct sockaddr_in
 *)hostaddr)-> sin_addr.s_addr) & 0xff0000) >> 8
 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr
.s_addr) & 0xff000000) >> 24) : __swap32md(((struct
 sockaddr_in *)hostaddr)-> sin_addr.s_addr))
578		    sin_addr.s_addr)(__uint32_t)(__builtin_constant_p(((struct sockaddr_in *)hostaddr
)-> sin_addr.s_addr) ? (__uint32_t)(((__uint32_t)(((struct
 sockaddr_in *)hostaddr)-> sin_addr.s_addr) & 0xff) <<
 24 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr
.s_addr) & 0xff00) << 8 | ((__uint32_t)(((struct sockaddr_in
 *)hostaddr)-> sin_addr.s_addr) & 0xff0000) >> 8
 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr
.s_addr) & 0xff000000) >> 24) : __swap32md(((struct
 sockaddr_in *)hostaddr)-> sin_addr.s_addr)) >> 24) == IN_LOOPBACKNET127;
579	case AF_INET624:
580		return IN6_IS_ADDR_LOOPBACK(((*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6
 *)hostaddr)->sin6_addr))->__u6_addr.__u6_addr8[0]) == 0
) && (*(const u_int32_t *)(const void *)(&(&(
((struct sockaddr_in6 *)hostaddr)->sin6_addr))->__u6_addr
.__u6_addr8[4]) == 0) && (*(const u_int32_t *)(const void
 *)(&(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr
))->__u6_addr.__u6_addr8[8]) == 0) && (*(const u_int32_t
 *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr
)->sin6_addr))->__u6_addr.__u6_addr8[12]) == (__uint32_t
)(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) &
 0xff) << 24 | ((__uint32_t)(1) & 0xff00) << 8
 | ((__uint32_t)(1) & 0xff0000) >> 8 | ((__uint32_t
)(1) & 0xff000000) >> 24) : __swap32md(1))))
581		    &(((struct sockaddr_in6 *)hostaddr)->sin6_addr))((*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6
 *)hostaddr)->sin6_addr))->__u6_addr.__u6_addr8[0]) == 0
) && (*(const u_int32_t *)(const void *)(&(&(
((struct sockaddr_in6 *)hostaddr)->sin6_addr))->__u6_addr
.__u6_addr8[4]) == 0) && (*(const u_int32_t *)(const void
 *)(&(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr
))->__u6_addr.__u6_addr8[8]) == 0) && (*(const u_int32_t
 *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr
)->sin6_addr))->__u6_addr.__u6_addr8[12]) == (__uint32_t
)(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) &
 0xff) << 24 | ((__uint32_t)(1) & 0xff00) << 8
 | ((__uint32_t)(1) & 0xff0000) >> 8 | ((__uint32_t
)(1) & 0xff000000) >> 24) : __swap32md(1))));
582	default:
583		return 0;
584	}
585}
586 
587/*
588 * Prepare the hostname and ip address strings that are used to lookup
589 * host keys in known_hosts files. These may have a port number appended.
590 */
591void
592get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
593    u_short port, char **hostfile_hostname, char **hostfile_ipaddr)
594{
595	char ntop[NI_MAXHOST256];
596 
597	/*
598	 * We don't have the remote ip-address for connections
599	 * using a proxy command
600	 */
601	if (hostfile_ipaddr != NULL((void *)0)) {
602		if (options.proxy_command == NULL((void *)0)) {
603			if (getnameinfo(hostaddr, hostaddr->sa_len,
604			    ntop, sizeof(ntop), NULL((void *)0), 0, NI_NUMERICHOST1) != 0)
605			fatal_f("getnameinfo failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 605, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "getnameinfo failed"
);
606			*hostfile_ipaddr = put_host_port(ntop, port);
607		} else {
608			*hostfile_ipaddr = xstrdup("<no hostip for proxy "
609			    "command>");
610		}
611	}
612 
613	/*
614	 * Allow the user to record the key under a different name or
615	 * differentiate a non-standard port.  This is useful for ssh
616	 * tunneling over forwarded connections or if you run multiple
617	 * sshd's on different ports on the same machine.
618	 */
619	if (hostfile_hostname != NULL((void *)0)) {
620		if (options.host_key_alias != NULL((void *)0)) {
621			*hostfile_hostname = xstrdup(options.host_key_alias);
622			debug("using hostkeyalias: %s", *hostfile_hostname)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 622
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "using hostkeyalias: %s"
, *hostfile_hostname);
623		} else {
624			*hostfile_hostname = put_host_port(hostname, port);
625		}
626	}
627}
628 
629/* returns non-zero if path appears in hostfiles, or 0 if not. */
630static int
631path_in_hostfiles(const char *path, char **hostfiles, u_int num_hostfiles)
632{
633	u_int i;
634 
635	for (i = 0; i < num_hostfiles; i++) {
636		if (strcmp(path, hostfiles[i]) == 0)
637			return 1;
638	}
639	return 0;
640}
641 
642struct find_by_key_ctx {
643	const char *host, *ip;
644	const struct sshkey *key;
645	char **names;
646	u_int nnames;
647};
648 
649/* Try to replace home directory prefix (per $HOME) with a ~/ sequence */
650static char *
651try_tilde_unexpand(const char *path)
652{
653	char *home, *ret = NULL((void *)0);
654	size_t l;
655 
656	if (*path != '/')
657		return xstrdup(path);
658	if ((home = getenv("HOME")) == NULL((void *)0) || (l = strlen(home)) == 0)
659		return xstrdup(path);
660	if (strncmp(path, home, l) != 0)
661		return xstrdup(path);
662	/*
663	 * ensure we have matched on a path boundary: either the $HOME that
664	 * we just compared ends with a '/' or the next character of the path
665	 * must be a '/'.
666	 */
667	if (home[l - 1] != '/' && path[l] != '/')
668		return xstrdup(path);
669	if (path[l] == '/')
670		l++;
671	xasprintf(&ret, "~/%s", path + l);
672	return ret;
673}
674 
675static int
676hostkeys_find_by_key_cb(struct hostkey_foreach_line *l, void *_ctx)
677{
678	struct find_by_key_ctx *ctx = (struct find_by_key_ctx *)_ctx;
679	char *path;
680 
681	/* we are looking for keys with names that *do not* match */
682	if ((l->match & HKF_MATCH_HOST(1)) != 0)
683		return 0;
684	/* not interested in marker lines */
685	if (l->marker != MRK_NONE)
686		return 0;
687	/* we are only interested in exact key matches */
688	if (l->key == NULL((void *)0) || !sshkey_equal(ctx->key, l->key))
689		return 0;
690	path = try_tilde_unexpand(l->path);
691	debug_f("found matching key in %s:%lu", path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 691
, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "found matching key in %s:%lu"
, path, l->linenum);
692	ctx->names = xrecallocarray(ctx->names,
693	    ctx->nnames, ctx->nnames + 1, sizeof(*ctx->names));
694	xasprintf(&ctx->names[ctx->nnames], "%s:%lu: %s", path, l->linenum,
695	    strncmp(l->hosts, HASH_MAGIC"|1|", strlen(HASH_MAGIC"|1|")) == 0 ?
696	    "[hashed name]" : l->hosts);
697	ctx->nnames++;
698	free(path);
699	return 0;
700}
701 
702static int
703hostkeys_find_by_key_hostfile(const char *file, const char *which,
704    struct find_by_key_ctx *ctx)
705{
706	int r;
707 
708	debug3_f("trying %s hostfile \"%s\"", which, file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 708
, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "trying %s hostfile \"%s\""
, which, file);
709	if ((r = hostkeys_foreach(file, hostkeys_find_by_key_cb, ctx,
710	    ctx->host, ctx->ip, HKF_WANT_PARSE_KEY(1<<1), 0)) != 0) {
711		if (r == SSH_ERR_SYSTEM_ERROR-24 && errno(*__errno()) == ENOENT2) {
712			debug_f("hostkeys file %s does not exist", file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 712
, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkeys file %s does not exist"
, file);
713			return 0;
714		}
715		error_fr(r, "hostkeys_foreach failed for %s", file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 715
, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hostkeys_foreach failed for %s"
, file);
716		return r;
717	}
718	return 0;
719}
720 
721/*
722 * Find 'key' in known hosts file(s) that do not match host/ip.
723 * Used to display also-known-as information for previously-unseen hostkeys.
724 */
725static void
726hostkeys_find_by_key(const char *host, const char *ip, const struct sshkey *key,
727    char **user_hostfiles, u_int num_user_hostfiles,
728    char **system_hostfiles, u_int num_system_hostfiles,
729    char ***names, u_int *nnames)
730{
731	struct find_by_key_ctx ctx = {0, 0, 0, 0, 0};
732	u_int i;
733 
734	*names = NULL((void *)0);
735	*nnames = 0;
736 
737	if (key == NULL((void *)0) || sshkey_is_cert(key))
738		return;
739 
740	ctx.host = host;
741	ctx.ip = ip;
742	ctx.key = key;
743 
744	for (i = 0; i < num_user_hostfiles; i++) {
745		if (hostkeys_find_by_key_hostfile(user_hostfiles[i],
746		    "user", &ctx) != 0)
747			goto fail;
748	}
749	for (i = 0; i < num_system_hostfiles; i++) {
750		if (hostkeys_find_by_key_hostfile(system_hostfiles[i],
751		    "system", &ctx) != 0)
752			goto fail;
753	}
754	/* success */
755	*names = ctx.names;
756	*nnames = ctx.nnames;
757	ctx.names = NULL((void *)0);
758	ctx.nnames = 0;
759	return;
760 fail:
761	for (i = 0; i < ctx.nnames; i++)
762		free(ctx.names[i]);
763	free(ctx.names);
764}
765 
766#define MAX_OTHER_NAMES8	8 /* Maximum number of names to list */
767static char *
768other_hostkeys_message(const char *host, const char *ip,
769    const struct sshkey *key,
770    char **user_hostfiles, u_int num_user_hostfiles,
771    char **system_hostfiles, u_int num_system_hostfiles)
772{
773	char *ret = NULL((void *)0), **othernames = NULL((void *)0);
774	u_int i, n, num_othernames = 0;
775 
776	hostkeys_find_by_key(host, ip, key,
777	    user_hostfiles, num_user_hostfiles,
778	    system_hostfiles, num_system_hostfiles,
779	    &othernames, &num_othernames);
780	if (num_othernames == 0)
781		return xstrdup("This key is not known by any other names");
782 
783	xasprintf(&ret, "This host key is known by the following other "
784	    "names/addresses:");
785 
786	n = num_othernames;
787	if (n > MAX_OTHER_NAMES8)
788		n = MAX_OTHER_NAMES8;
789	for (i = 0; i < n; i++) {
790		xextendf(&ret, "\n", "    %s", othernames[i]);
791	}
792	if (n < num_othernames) {
793		xextendf(&ret, "\n", "    (%d additional names omitted)",
794		    num_othernames - n);
795	}
796	for (i = 0; i < num_othernames; i++)
797		free(othernames[i]);
798	free(othernames);
799	return ret;
800}
801 
802void
803load_hostkeys_command(struct hostkeys *hostkeys, const char *command_template,
804    const char *invocation, const struct ssh_conn_info *cinfo,
805    const struct sshkey *host_key, const char *hostfile_hostname)
806{
807	int r, i, ac = 0;
808	char *key_fp = NULL((void *)0), *keytext = NULL((void *)0), *tmp;
809	char *command = NULL((void *)0), *tag = NULL((void *)0), **av = NULL((void *)0);
810	FILE *f = NULL((void *)0);
811	pid_t pid;
812	void (*osigchld)(int);
813 
814	xasprintf(&tag, "KnownHostsCommand-%s", invocation);
815 
816	if (host_key != NULL((void *)0)) {
817		if ((key_fp = sshkey_fingerprint(host_key,
818		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0))
819			fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 819, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed"
);
820		if ((r = sshkey_to_base64(host_key, &keytext)) != 0)
821			fatal_fr(r, "sshkey_to_base64 failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 821, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshkey_to_base64 failed"
);
822	}
823	/*
824	 * NB. all returns later this function should go via "out" to
825	 * ensure the original SIGCHLD handler is restored properly.
826	 */
827	osigchld = ssh_signal(SIGCHLD20, SIG_DFL(void (*)(int))0);
828 
829	/* Turn the command into an argument vector */
830	if (argv_split(command_template, &ac, &av, 0) != 0) {
831		error("%s \"%s\" contains invalid quotes", tag,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 832
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" contains invalid quotes"
, tag, command_template)
832		    command_template)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 832
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" contains invalid quotes"
, tag, command_template);
833		goto out;
834	}
835	if (ac == 0) {
836		error("%s \"%s\" yielded no arguments", tag,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 837
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" yielded no arguments"
, tag, command_template)
837		    command_template)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 837
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" yielded no arguments"
, tag, command_template);
838		goto out;
839	}
840	for (i = 1; i < ac; i++) {
841		tmp = percent_dollar_expand(av[i],
842		    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo)"C", cinfo->conn_hash_hex, "L", cinfo->shorthost, "i", cinfo
->uidstr, "k", cinfo->keyalias, "l", cinfo->thishost
, "n", cinfo->host_arg, "p", cinfo->portstr, "d", cinfo
->homedir, "h", cinfo->remhost, "r", cinfo->remuser,
 "u", cinfo->locuser,
843		    "H", hostfile_hostname,
844		    "I", invocation,
845		    "t", host_key == NULL((void *)0) ? "NONE" : sshkey_ssh_name(host_key),
846		    "f", key_fp == NULL((void *)0) ? "NONE" : key_fp,
847		    "K", keytext == NULL((void *)0) ? "NONE" : keytext,
848		    (char *)NULL((void *)0));
849		if (tmp == NULL((void *)0))
850			fatal_f("percent_expand failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 850, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "percent_expand failed"
);
851		free(av[i]);
852		av[i] = tmp;
853	}
854	/* Prepare a printable command for logs, etc. */
855	command = argv_assemble(ac, av);
856 
857	if ((pid = subprocess(tag, command, ac, av, &f,
858	    SSH_SUBPROCESS_STDOUT_CAPTURE(1<<1)|SSH_SUBPROCESS_UNSAFE_PATH(1<<3)|
859	    SSH_SUBPROCESS_PRESERVE_ENV(1<<4), NULL((void *)0), NULL((void *)0), NULL((void *)0))) == 0)
860		goto out;
861 
862	load_hostkeys_file(hostkeys, hostfile_hostname, tag, f, 1);
863 
864	if (exited_cleanly(pid, tag, command, 0) != 0)
865		fatal("KnownHostsCommand failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 865, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "KnownHostsCommand failed"
);
866 
867 out:
868	if (f != NULL((void *)0))
869		fclose(f);
870	ssh_signal(SIGCHLD20, osigchld);
871	for (i = 0; i < ac; i++)
872		free(av[i]);
873	free(av);
874	free(tag);
875	free(command);
876	free(key_fp);
877	free(keytext);
878}
879 
880/*
881 * check whether the supplied host key is valid, return -1 if the key
882 * is not valid. user_hostfile[0] will not be updated if 'readonly' is true.
883 */
884#define RDRW0	0
885#define RDONLY1	1
886#define ROQUIET2	2
887static int
888check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
889    struct sockaddr *hostaddr, u_short port,
890    struct sshkey *host_key, int readonly, int clobber_port,
891    char **user_hostfiles, u_int num_user_hostfiles,
892    char **system_hostfiles, u_int num_system_hostfiles,
893    const char *hostfile_command)
894{
895	HostStatus host_status = -1, ip_status = -1;
896	struct sshkey *raw_key = NULL((void *)0);
897	char *ip = NULL((void *)0), *host = NULL((void *)0);
898	char hostline[1000], *hostp, *fp, *ra;
899	char msg[1024];
900	const char *type, *fail_reason;
901	const struct hostkey_entry *host_found = NULL((void *)0), *ip_found = NULL((void *)0);
902	int len, cancelled_forwarding = 0, confirmed;
903	int local = sockaddr_is_local(hostaddr);
904	int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
905	int hostkey_trusted = 0; /* Known or explicitly accepted by user */
906	struct hostkeys *host_hostkeys, *ip_hostkeys;
907	u_int i;
908 
909	/*
910	 * Force accepting of the host key for loopback/localhost. The
911	 * problem is that if the home directory is NFS-mounted to multiple
912	 * machines, localhost will refer to a different machine in each of
913	 * them, and the user will get bogus HOST_CHANGED warnings.  This
914	 * essentially disables host authentication for localhost; however,
915	 * this is probably not a real problem.
916	 */
917	if (options.no_host_authentication_for_localhost == 1 && local &&
1
Assuming field 'no_host_authentication_for_localhost' is not equal to 1→
918	    options.host_key_alias == NULL((void *)0)) {
919		debug("Forcing accepting of host key for "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 920
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Forcing accepting of host key for "
 "loopback/localhost.")
920		    "loopback/localhost.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 920
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Forcing accepting of host key for "
 "loopback/localhost.");
921		options.update_hostkeys = 0;
922		return 0;
923	}
924 
925	/*
926	 * Prepare the hostname and address strings used for hostkey lookup.
927	 * In some cases, these will have a port number appended.
928	 */
929	get_hostfile_hostname_ipaddr(hostname, hostaddr,
930	    clobber_port ? 0 : port, &host, &ip);
2
←
Assuming 'clobber_port' is 0→
3
←
'?' condition is false→
931 
932	/*
933	 * Turn off check_host_ip if the connection is to localhost, via proxy
934	 * command or if we don't have a hostname to compare with
935	 */
936	if (options.check_host_ip && (local ||
4
←
Assuming field 'check_host_ip' is 0→
937	    strcmp(hostname, ip) == 0 || options.proxy_command != NULL((void *)0)))
938		options.check_host_ip = 0;
939 
940	host_hostkeys = init_hostkeys();
941	for (i = 0; i < num_user_hostfiles; i++)
5
←
Assuming 'i' is < 'num_user_hostfiles'→
6
←
Loop condition is true.  Entering loop body→
7
←
Assuming 'i' is >= 'num_user_hostfiles'→
8
←
Loop condition is false. Execution continues on line 943→
942		load_hostkeys(host_hostkeys, host, user_hostfiles[i], 0);
943	for (i = 0; i < num_system_hostfiles; i++)
9
←
Assuming 'i' is >= 'num_system_hostfiles'→
10
←
Loop condition is false. Execution continues on line 945→
944		load_hostkeys(host_hostkeys, host, system_hostfiles[i], 0);
945	if (hostfile_command != NULL((void *)0) && !clobber_port) {
11
←
Assuming 'hostfile_command' is equal to NULL→
946		load_hostkeys_command(host_hostkeys, hostfile_command,
947		    "HOSTNAME", cinfo, host_key, host);
948	}
949 
950	ip_hostkeys = NULL((void *)0);
951	if (!want_cert && options.check_host_ip) {
12
←
Assuming 'want_cert' is 0→
13
←
Assuming field 'check_host_ip' is not equal to 0→
14
←
Taking true branch→
952		ip_hostkeys = init_hostkeys();
953		for (i = 0; i < num_user_hostfiles; i++)
15
←
Loop condition is true.  Entering loop body→
16
←
Loop condition is false. Execution continues on line 955→
954			load_hostkeys(ip_hostkeys, ip, user_hostfiles[i], 0);
955		for (i = 0; i < num_system_hostfiles; i++)
17
←
Loop condition is false. Execution continues on line 957→
956			load_hostkeys(ip_hostkeys, ip, system_hostfiles[i], 0);
957		if (hostfile_command17.1
'hostfile_command' is equal to NULL
 != NULL((void *)0) && !clobber_port) {
958			load_hostkeys_command(ip_hostkeys, hostfile_command,
959			    "ADDRESS", cinfo, host_key, ip);
960		}
961	}
962 
963 retry:
964	/* Reload these as they may have changed on cert->key downgrade */
965	want_cert = sshkey_is_cert(host_key);
966	type = sshkey_type(host_key);
967 
968	/*
969	 * Check if the host key is present in the user's list of known
970	 * hosts or in the systemwide list.
971	 */
972	host_status = check_key_in_hostkeys(host_hostkeys, host_key,
18
←
Value assigned to 'host_found'→
973	    &host_found);
974 
975	/*
976	 * If there are no hostfiles, or if the hostkey was found via
977	 * KnownHostsCommand, then don't try to touch the disk.
978	 */
979	if (!readonly && (num_user_hostfiles19.1
'num_user_hostfiles' is not equal to 0
 == 0 ||
19
←
Assuming 'readonly' is 0→
980	    (host_found != NULL((void *)0) && host_found->note != 0)))
20
←
Assuming 'host_found' is equal to NULL→
981		readonly = RDONLY1;
982 
983	/*
984	 * Also perform check for the ip address, skip the check if we are
985	 * localhost, looking for a certificate, or the hostname was an ip
986	 * address to begin with.
987	 */
988	if (!want_cert && ip_hostkeys != NULL((void *)0)) {
21
←
Assuming 'want_cert' is 0→
22
←
Assuming 'ip_hostkeys' is not equal to NULL→
23
←
Taking true branch→
989		ip_status = check_key_in_hostkeys(ip_hostkeys, host_key,
990		    &ip_found);
991		if (host_status == HOST_CHANGED &&
24
←
Assuming 'host_status' is equal to HOST_CHANGED→
992		    (ip_status != HOST_CHANGED ||
25
←
Assuming 'ip_status' is equal to HOST_CHANGED→
993		    (ip_found != NULL((void *)0) &&
26
←
Assuming 'ip_found' is not equal to NULL→
994		    !sshkey_equal(ip_found->key, host_found->key))))
27
←
Access to field 'key' results in a dereference of a null pointer (loaded from variable 'host_found')
995			host_ip_differ = 1;
996	} else
997		ip_status = host_status;
998 
999	switch (host_status) {
1000	case HOST_OK:
1001		/* The host is known and the key matches. */
1002		debug("Host '%.200s' is known and matches the %s host %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1003
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host '%.200s' is known and matches the %s host %s."
, host, type, want_cert ? "certificate" : "key")
1003		    host, type, want_cert ? "certificate" : "key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1003
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host '%.200s' is known and matches the %s host %s."
, host, type, want_cert ? "certificate" : "key");
1004		debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1005
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Found %s in %s:%lu", want_cert
 ? "CA key" : "key", host_found->file, host_found->line
)
1005		    host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1005
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Found %s in %s:%lu", want_cert
 ? "CA key" : "key", host_found->file, host_found->line
);
1006		if (want_cert) {
1007			if (sshkey_cert_check_host(host_key,
1008			    options.host_key_alias == NULL((void *)0) ?
1009			    hostname : options.host_key_alias, 0,
1010			    options.ca_sign_algorithms, &fail_reason) != 0) {
1011				error("%s", fail_reason)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1011
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s", fail_reason);
1012				goto fail;
1013			}
1014			/*
1015			 * Do not attempt hostkey update if a certificate was
1016			 * successfully matched.
1017			 */
1018			if (options.update_hostkeys != 0) {
1019				options.update_hostkeys = 0;
1020				debug3_f("certificate host key in use; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1021
, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "certificate host key in use; "
 "disabling UpdateHostkeys")
1021				    "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1021
, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "certificate host key in use; "
 "disabling UpdateHostkeys");
1022			}
1023		}
1024		/* Turn off UpdateHostkeys if key was in system known_hosts */
1025		if (options.update_hostkeys != 0 &&
1026		    (path_in_hostfiles(host_found->file,
1027		    system_hostfiles, num_system_hostfiles) ||
1028		    (ip_status == HOST_OK && ip_found != NULL((void *)0) &&
1029		    path_in_hostfiles(ip_found->file,
1030		    system_hostfiles, num_system_hostfiles)))) {
1031			options.update_hostkeys = 0;
1032			debug3_f("host key found in GlobalKnownHostsFile; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1033
, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found in GlobalKnownHostsFile; "
 "disabling UpdateHostkeys")
1033			    "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1033
, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found in GlobalKnownHostsFile; "
 "disabling UpdateHostkeys");
1034		}
1035		if (options.update_hostkeys != 0 && host_found->note) {
1036			options.update_hostkeys = 0;
1037			debug3_f("host key found via KnownHostsCommand; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1038
, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found via KnownHostsCommand; "
 "disabling UpdateHostkeys")
1038			    "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1038
, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found via KnownHostsCommand; "
 "disabling UpdateHostkeys");
1039		}
1040		if (options.check_host_ip && ip_status == HOST_NEW) {
1041			if (readonly || want_cert)
1042				logit("%s host key for IP address "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1044
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address "
 "'%.128s' not in list of known hosts.", type, ip)
1043				    "'%.128s' not in list of known hosts.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1044
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address "
 "'%.128s' not in list of known hosts.", type, ip)
1044				    type, ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1044
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address "
 "'%.128s' not in list of known hosts.", type, ip);
1045			else if (!add_host_to_hostfile(user_hostfiles[0], ip,
1046			    host_key, options.hash_known_hosts))
1047				logit("Failed to add the %s host key for IP "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1050
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP "
 "address '%.128s' to the list of known " "hosts (%.500s).", type
, ip, user_hostfiles[0])
1048				    "address '%.128s' to the list of known "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1050
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP "
 "address '%.128s' to the list of known " "hosts (%.500s).", type
, ip, user_hostfiles[0])
1049				    "hosts (%.500s).", type, ip,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1050
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP "
 "address '%.128s' to the list of known " "hosts (%.500s).", type
, ip, user_hostfiles[0])
1050				    user_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1050
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP "
 "address '%.128s' to the list of known " "hosts (%.500s).", type
, ip, user_hostfiles[0]);
1051			else
1052				logit("Warning: Permanently added the %s host "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1054
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host "
 "key for IP address '%.128s' to the list " "of known hosts."
, type, ip)
1053				    "key for IP address '%.128s' to the list "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1054
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host "
 "key for IP address '%.128s' to the list " "of known hosts."
, type, ip)
1054				    "of known hosts.", type, ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1054
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host "
 "key for IP address '%.128s' to the list " "of known hosts."
, type, ip);
1055		} else if (options.visual_host_key) {
1056			fp = sshkey_fingerprint(host_key,
1057			    options.fingerprint_hash, SSH_FP_DEFAULT);
1058			ra = sshkey_fingerprint(host_key,
1059			    options.fingerprint_hash, SSH_FP_RANDOMART);
1060			if (fp == NULL((void *)0) || ra == NULL((void *)0))
1061				fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1061, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed"
);
1062			logit("Host key fingerprint is %s\n%s", fp, ra)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1062
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Host key fingerprint is %s\n%s"
, fp, ra);
1063			free(ra);
1064			free(fp);
1065		}
1066		hostkey_trusted = 1;
1067		break;
1068	case HOST_NEW:
1069		if (options.host_key_alias == NULL((void *)0) && port != 0 &&
1070		    port != SSH_DEFAULT_PORT22 && !clobber_port) {
1071			debug("checking without port identifier")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1071
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "checking without port identifier"
);
1072			if (check_host_key(hostname, cinfo, hostaddr, 0,
1073			    host_key, ROQUIET2, 1,
1074			    user_hostfiles, num_user_hostfiles,
1075			    system_hostfiles, num_system_hostfiles,
1076			    hostfile_command) == 0) {
1077				debug("found matching key w/out port")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1077
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "found matching key w/out port"
);
1078				break;
1079			}
1080		}
1081		if (readonly || want_cert)
1082			goto fail;
1083		/* The host is new. */
1084		if (options.strict_host_key_checking ==
1085		    SSH_STRICT_HOSTKEY_YES2) {
1086			/*
1087			 * User has requested strict host key checking.  We
1088			 * will not add the host key automatically.  The only
1089			 * alternative left is to abort.
1090			 */
1091			error("No %s host key is known for %.200s and you "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1092
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "No %s host key is known for %.200s and you "
 "have requested strict checking.", type, host)
1092			    "have requested strict checking.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1092
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "No %s host key is known for %.200s and you "
 "have requested strict checking.", type, host);
1093			goto fail;
1094		} else if (options.strict_host_key_checking ==
1095		    SSH_STRICT_HOSTKEY_ASK3) {
1096			char *msg1 = NULL((void *)0), *msg2 = NULL((void *)0);
1097 
1098			xasprintf(&msg1, "The authenticity of host "
1099			    "'%.200s (%s)' can't be established", host, ip);
1100 
1101			if (show_other_keys(host_hostkeys, host_key)) {
1102				xextendf(&msg1, "\n", "but keys of different "
1103				    "type are already known for this host.");
1104			} else
1105				xextendf(&msg1, "", ".");
1106 
1107			fp = sshkey_fingerprint(host_key,
1108			    options.fingerprint_hash, SSH_FP_DEFAULT);
1109			ra = sshkey_fingerprint(host_key,
1110			    options.fingerprint_hash, SSH_FP_RANDOMART);
1111			if (fp == NULL((void *)0) || ra == NULL((void *)0))
1112				fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1112, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed"
);
1113			xextendf(&msg1, "\n", "%s key fingerprint is %s.",
1114			    type, fp);
1115			if (options.visual_host_key)
1116				xextendf(&msg1, "\n", "%s", ra);
1117			if (options.verify_host_key_dns) {
1118				xextendf(&msg1, "\n",
1119				    "%s host key fingerprint found in DNS.",
1120				    matching_host_key_dns ?
1121				    "Matching" : "No matching");
1122			}
1123			/* msg2 informs for other names matching this key */
1124			if ((msg2 = other_hostkeys_message(host, ip, host_key,
1125			    user_hostfiles, num_user_hostfiles,
1126			    system_hostfiles, num_system_hostfiles)) != NULL((void *)0))
1127				xextendf(&msg1, "\n", "%s", msg2);
1128 
1129			xextendf(&msg1, "\n",
1130			    "Are you sure you want to continue connecting "
1131			    "(yes/no/[fingerprint])? ");
1132 
1133			confirmed = confirm(msg1, fp);
1134			free(ra);
1135			free(fp);
1136			free(msg1);
1137			free(msg2);
1138			if (!confirmed)
1139				goto fail;
1140			hostkey_trusted = 1; /* user explicitly confirmed */
1141		}
1142		/*
1143		 * If in "new" or "off" strict mode, add the key automatically
1144		 * to the local known_hosts file.
1145		 */
1146		if (options.check_host_ip && ip_status == HOST_NEW) {
1147			snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
1148			hostp = hostline;
1149			if (options.hash_known_hosts) {
1150				/* Add hash of host and IP separately */
1151				r = add_host_to_hostfile(user_hostfiles[0],
1152				    host, host_key, options.hash_known_hosts) &&
1153				    add_host_to_hostfile(user_hostfiles[0], ip,
1154				    host_key, options.hash_known_hosts);
1155			} else {
1156				/* Add unhashed "host,ip" */
1157				r = add_host_to_hostfile(user_hostfiles[0],
1158				    hostline, host_key,
1159				    options.hash_known_hosts);
1160			}
1161		} else {
1162			r = add_host_to_hostfile(user_hostfiles[0], host,
1163			    host_key, options.hash_known_hosts);
1164			hostp = host;
1165		}
1166 
1167		if (!r)
1168			logit("Failed to add the host to the list of known "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1169
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the host to the list of known "
 "hosts (%.500s).", user_hostfiles[0])
1169			    "hosts (%.500s).", user_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1169
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the host to the list of known "
 "hosts (%.500s).", user_hostfiles[0]);
1170		else
1171			logit("Warning: Permanently added '%.200s' (%s) to the "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1172
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added '%.200s' (%s) to the "
 "list of known hosts.", hostp, type)
1172			    "list of known hosts.", hostp, type)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1172
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added '%.200s' (%s) to the "
 "list of known hosts.", hostp, type);
1173		break;
1174	case HOST_REVOKED:
1175		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1175
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
);
1176		error("@       WARNING: REVOKED HOST KEY DETECTED!               @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1176
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@       WARNING: REVOKED HOST KEY DETECTED!               @"
);
1177		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1177
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
);
1178		error("The %s host key for %s is marked as revoked.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1178
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The %s host key for %s is marked as revoked."
, type, host);
1179		error("This could mean that a stolen key is being used to")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1179
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "This could mean that a stolen key is being used to"
);
1180		error("impersonate this host.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1180
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "impersonate this host."
);
1181 
1182		/*
1183		 * If strict host key checking is in use, the user will have
1184		 * to edit the key manually and we can only abort.
1185		 */
1186		if (options.strict_host_key_checking !=
1187		    SSH_STRICT_HOSTKEY_OFF0) {
1188			error("%s host key for %.200s was revoked and you have "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1189
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s host key for %.200s was revoked and you have "
 "requested strict checking.", type, host)
1189			    "requested strict checking.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1189
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s host key for %.200s was revoked and you have "
 "requested strict checking.", type, host);
1190			goto fail;
1191		}
1192		goto continue_unsafe;
1193 
1194	case HOST_CHANGED:
1195		if (want_cert) {
1196			/*
1197			 * This is only a debug() since it is valid to have
1198			 * CAs with wildcard DNS matches that don't match
1199			 * all hosts that one might visit.
1200			 */
1201			debug("Host certificate authority does not "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1203
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not "
 "match %s in %s:%lu", "@cert-authority", host_found->file
, host_found->line)
1202			    "match %s in %s:%lu", CA_MARKER,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1203
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not "
 "match %s in %s:%lu", "@cert-authority", host_found->file
, host_found->line)
1203			    host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1203
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not "
 "match %s in %s:%lu", "@cert-authority", host_found->file
, host_found->line);
1204			goto fail;
1205		}
1206		if (readonly == ROQUIET2)
1207			goto fail;
1208		if (options.check_host_ip && host_ip_differ) {
1209			char *key_msg;
1210			if (ip_status == HOST_NEW)
1211				key_msg = "is unknown";
1212			else if (ip_status == HOST_OK)
1213				key_msg = "is unchanged";
1214			else
1215				key_msg = "has a different value";
1216			error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1216
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
);
1217			error("@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1217
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @"
);
1218			error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1218
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
);
1219			error("The %s host key for %s has changed,", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1219
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The %s host key for %s has changed,"
, type, host);
1220			error("and the key for the corresponding IP address %s", ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1220
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "and the key for the corresponding IP address %s"
, ip);
1221			error("%s. This could either mean that", key_msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1221
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s. This could either mean that"
, key_msg);
1222			error("DNS SPOOFING is happening or the IP address for the host")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1222
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "DNS SPOOFING is happening or the IP address for the host"
);
1223			error("and its host key have changed at the same time.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1223
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "and its host key have changed at the same time."
);
1224			if (ip_status != HOST_NEW)
1225				error("Offending key for IP in %s:%lu",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1226
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending key for IP in %s:%lu"
, ip_found->file, ip_found->line)
1226				    ip_found->file, ip_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1226
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending key for IP in %s:%lu"
, ip_found->file, ip_found->line);
1227		}
1228		/* The host key has changed. */
1229		warn_changed_key(host_key);
1230		error("Add correct host key in %.100s to get rid of this message.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1231
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid of this message."
, user_hostfiles[0])
1231		    user_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1231
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid of this message."
, user_hostfiles[0]);
1232		error("Offending %s key in %s:%lu",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1234
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu"
, sshkey_type(host_found->key), host_found->file, host_found
->line)
1233		    sshkey_type(host_found->key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1234
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu"
, sshkey_type(host_found->key), host_found->file, host_found
->line)
1234		    host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1234
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu"
, sshkey_type(host_found->key), host_found->file, host_found
->line);
1235 
1236		/*
1237		 * If strict host key checking is in use, the user will have
1238		 * to edit the key manually and we can only abort.
1239		 */
1240		if (options.strict_host_key_checking !=
1241		    SSH_STRICT_HOSTKEY_OFF0) {
1242			error("Host key for %.200s has changed and you have "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1243
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key for %.200s has changed and you have "
 "requested strict checking.", host)
1243			    "requested strict checking.", host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1243
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key for %.200s has changed and you have "
 "requested strict checking.", host);
1244			goto fail;
1245		}
1246 
1247 continue_unsafe:
1248		/*
1249		 * If strict host key checking has not been requested, allow
1250		 * the connection but without MITM-able authentication or
1251		 * forwarding.
1252		 */
1253		if (options.password_authentication) {
1254			error("Password authentication is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Password authentication is disabled to avoid "
 "man-in-the-middle attacks.")
1255			    "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Password authentication is disabled to avoid "
 "man-in-the-middle attacks.");
1256			options.password_authentication = 0;
1257			cancelled_forwarding = 1;
1258		}
1259		if (options.kbd_interactive_authentication) {
1260			error("Keyboard-interactive authentication is disabled"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1261
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Keyboard-interactive authentication is disabled"
 " to avoid man-in-the-middle attacks.")
1261			    " to avoid man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1261
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Keyboard-interactive authentication is disabled"
 " to avoid man-in-the-middle attacks.");
1262			options.kbd_interactive_authentication = 0;
1263			cancelled_forwarding = 1;
1264		}
1265		if (options.forward_agent) {
1266			error("Agent forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1267
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Agent forwarding is disabled to avoid "
 "man-in-the-middle attacks.")
1267			    "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1267
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Agent forwarding is disabled to avoid "
 "man-in-the-middle attacks.");
1268			options.forward_agent = 0;
1269			cancelled_forwarding = 1;
1270		}
1271		if (options.forward_x11) {
1272			error("X11 forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1273
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "X11 forwarding is disabled to avoid "
 "man-in-the-middle attacks.")
1273			    "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1273
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "X11 forwarding is disabled to avoid "
 "man-in-the-middle attacks.");
1274			options.forward_x11 = 0;
1275			cancelled_forwarding = 1;
1276		}
1277		if (options.num_local_forwards > 0 ||
1278		    options.num_remote_forwards > 0) {
1279			error("Port forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1280
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Port forwarding is disabled to avoid "
 "man-in-the-middle attacks.")
1280			    "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1280
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Port forwarding is disabled to avoid "
 "man-in-the-middle attacks.");
1281			options.num_local_forwards =
1282			    options.num_remote_forwards = 0;
1283			cancelled_forwarding = 1;
1284		}
1285		if (options.tun_open != SSH_TUNMODE_NO0x00) {
1286			error("Tunnel forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1287
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Tunnel forwarding is disabled to avoid "
 "man-in-the-middle attacks.")
1287			    "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1287
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Tunnel forwarding is disabled to avoid "
 "man-in-the-middle attacks.");
1288			options.tun_open = SSH_TUNMODE_NO0x00;
1289			cancelled_forwarding = 1;
1290		}
1291		if (options.update_hostkeys != 0) {
1292			error("UpdateHostkeys is disabled because the host "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1293
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "UpdateHostkeys is disabled because the host "
 "key is not trusted.")
1293			    "key is not trusted.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1293
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "UpdateHostkeys is disabled because the host "
 "key is not trusted.");
1294			options.update_hostkeys = 0;
1295		}
1296		if (options.exit_on_forward_failure && cancelled_forwarding)
1297			fatal("Error: forwarding disabled due to host key "sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1298, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Error: forwarding disabled due to host key "
 "check failure")
1298			    "check failure")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1298, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Error: forwarding disabled due to host key "
 "check failure");
1299		
1300		/*
1301		 * XXX Should permit the user to change to use the new id.
1302		 * This could be done by converting the host key to an
1303		 * identifying sentence, tell that the host identifies itself
1304		 * by that sentence, and ask the user if they wish to
1305		 * accept the authentication.
1306		 */
1307		break;
1308	case HOST_FOUND:
1309		fatal("internal error")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1309, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "internal error");
1310		break;
1311	}
1312 
1313	if (options.check_host_ip && host_status != HOST_CHANGED &&
1314	    ip_status == HOST_CHANGED) {
1315		snprintf(msg, sizeof(msg),
1316		    "Warning: the %s host key for '%.200s' "
1317		    "differs from the key for the IP address '%.128s'"
1318		    "\nOffending key for IP in %s:%lu",
1319		    type, host, ip, ip_found->file, ip_found->line);
1320		if (host_status == HOST_OK) {
1321			len = strlen(msg);
1322			snprintf(msg + len, sizeof(msg) - len,
1323			    "\nMatching host key in %s:%lu",
1324			    host_found->file, host_found->line);
1325		}
1326		if (options.strict_host_key_checking ==
1327		    SSH_STRICT_HOSTKEY_ASK3) {
1328			strlcat(msg, "\nAre you sure you want "
1329			    "to continue connecting (yes/no)? ", sizeof(msg));
1330			if (!confirm(msg, NULL((void *)0)))
1331				goto fail;
1332		} else if (options.strict_host_key_checking !=
1333		    SSH_STRICT_HOSTKEY_OFF0) {
1334			logit("%s", msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1334
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", msg);
1335			error("Exiting, you have requested strict checking.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1335
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Exiting, you have requested strict checking."
);
1336			goto fail;
1337		} else {
1338			logit("%s", msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1338
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", msg);
1339		}
1340	}
1341 
1342	if (!hostkey_trusted && options.update_hostkeys) {
1343		debug_f("hostkey not known or explicitly trusted: "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1344
, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkey not known or explicitly trusted: "
 "disabling UpdateHostkeys")
1344		    "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1344
, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkey not known or explicitly trusted: "
 "disabling UpdateHostkeys");
1345		options.update_hostkeys = 0;
1346	}
1347 
1348	free(ip);
1349	free(host);
1350	if (host_hostkeys != NULL((void *)0))
1351		free_hostkeys(host_hostkeys);
1352	if (ip_hostkeys != NULL((void *)0))
1353		free_hostkeys(ip_hostkeys);
1354	return 0;
1355 
1356fail:
1357	if (want_cert && host_status != HOST_REVOKED) {
1358		/*
1359		 * No matching certificate. Downgrade cert to raw key and
1360		 * search normally.
1361		 */
1362		debug("No matching CA found. Retry with plain key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1362
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "No matching CA found. Retry with plain key"
);
1363		if ((r = sshkey_from_private(host_key, &raw_key)) != 0)
1364			fatal_fr(r, "decode key")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1364, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "decode key");
1365		if ((r = sshkey_drop_cert(raw_key)) != 0)
1366			fatal_r(r, "Couldn't drop certificate")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1366, 0, SYSLOG_LEVEL_FATAL, ssh_err(r), "Couldn't drop certificate"
);
1367		host_key = raw_key;
1368		goto retry;
1369	}
1370	sshkey_free(raw_key);
1371	free(ip);
1372	free(host);
1373	if (host_hostkeys != NULL((void *)0))
1374		free_hostkeys(host_hostkeys);
1375	if (ip_hostkeys != NULL((void *)0))
1376		free_hostkeys(ip_hostkeys);
1377	return -1;
1378}
1379 
1380/* returns 0 if key verifies or -1 if key does NOT verify */
1381int
1382verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
1383    const struct ssh_conn_info *cinfo)
1384{
1385	u_int i;
1386	int r = -1, flags = 0;
1387	char valid[64], *fp = NULL((void *)0), *cafp = NULL((void *)0);
1388	struct sshkey *plain = NULL((void *)0);
1389 
1390	if ((fp = sshkey_fingerprint(host_key,
1391	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) {
1392		error_fr(r, "fingerprint host key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1392
, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "fingerprint host key");
1393		r = -1;
1394		goto out;
1395	}
1396 
1397	if (sshkey_is_cert(host_key)) {
1398		if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
1399		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) {
1400			error_fr(r, "fingerprint CA key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1400
, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "fingerprint CA key");
1401			r = -1;
1402			goto out;
1403		}
1404		sshkey_format_cert_validity(host_key->cert,
1405		    valid, sizeof(valid));
1406		debug("Server host certificate: %s %s, serial %llu "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1412
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu "
 "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp
, (unsigned long long)host_key->cert->serial, host_key->
cert->key_id, sshkey_ssh_name(host_key->cert->signature_key
), cafp, valid)
1407		    "ID \"%s\" CA %s %s valid %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1412
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu "
 "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp
, (unsigned long long)host_key->cert->serial, host_key->
cert->key_id, sshkey_ssh_name(host_key->cert->signature_key
), cafp, valid)
1408		    sshkey_ssh_name(host_key), fp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1412
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu "
 "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp
, (unsigned long long)host_key->cert->serial, host_key->
cert->key_id, sshkey_ssh_name(host_key->cert->signature_key
), cafp, valid)
1409		    (unsigned long long)host_key->cert->serial,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1412
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu "
 "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp
, (unsigned long long)host_key->cert->serial, host_key->
cert->key_id, sshkey_ssh_name(host_key->cert->signature_key
), cafp, valid)
1410		    host_key->cert->key_id,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1412
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu "
 "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp
, (unsigned long long)host_key->cert->serial, host_key->
cert->key_id, sshkey_ssh_name(host_key->cert->signature_key
), cafp, valid)
1411		    sshkey_ssh_name(host_key->cert->signature_key), cafp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1412
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu "
 "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp
, (unsigned long long)host_key->cert->serial, host_key->
cert->key_id, sshkey_ssh_name(host_key->cert->signature_key
), cafp, valid)
1412		    valid)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1412
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu "
 "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp
, (unsigned long long)host_key->cert->serial, host_key->
cert->key_id, sshkey_ssh_name(host_key->cert->signature_key
), cafp, valid);
1413		for (i = 0; i < host_key->cert->nprincipals; i++) {
1414			debug2("Server host certificate hostname: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1415
, 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "Server host certificate hostname: %s"
, host_key->cert->principals[i])
1415			    host_key->cert->principals[i])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1415
, 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "Server host certificate hostname: %s"
, host_key->cert->principals[i]);
1416		}
1417	} else {
1418		debug("Server host key: %s %s", sshkey_ssh_name(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1418
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host key: %s %s"
, sshkey_ssh_name(host_key), fp);
1419	}
1420 
1421	if (sshkey_equal(previous_host_key, host_key)) {
1422		debug2_f("server host key %s %s matches cached key",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1423
, 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "server host key %s %s matches cached key"
, sshkey_type(host_key), fp)
1423		    sshkey_type(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1423
, 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "server host key %s %s matches cached key"
, sshkey_type(host_key), fp);
1424		r = 0;
1425		goto out;
1426	}
1427 
1428	/* Check in RevokedHostKeys file if specified */
1429	if (options.revoked_host_keys != NULL((void *)0)) {
1430		r = sshkey_check_revoked(host_key, options.revoked_host_keys);
1431		switch (r) {
1432		case 0:
1433			break; /* not revoked */
1434		case SSH_ERR_KEY_REVOKED-51:
1435			error("Host key %s %s revoked by file %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1437
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s"
, sshkey_type(host_key), fp, options.revoked_host_keys)
1436			    sshkey_type(host_key), fp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1437
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s"
, sshkey_type(host_key), fp, options.revoked_host_keys)
1437			    options.revoked_host_keys)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1437
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s"
, sshkey_type(host_key), fp, options.revoked_host_keys);
1438			r = -1;
1439			goto out;
1440		default:
1441			error_r(r, "Error checking host key %s %s in "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1443
, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in "
 "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys
)
1442			    "revoked keys file %s", sshkey_type(host_key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1443
, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in "
 "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys
)
1443			    fp, options.revoked_host_keys)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1443
, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in "
 "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys
);
1444			r = -1;
1445			goto out;
1446		}
1447	}
1448 
1449	if (options.verify_host_key_dns) {
1450		/*
1451		 * XXX certs are not yet supported for DNS, so downgrade
1452		 * them and try the plain key.
1453		 */
1454		if ((r = sshkey_from_private(host_key, &plain)) != 0)
1455			goto out;
1456		if (sshkey_is_cert(plain))
1457			sshkey_drop_cert(plain);
1458		if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
1459			if (flags & DNS_VERIFY_FOUND0x00000001) {
1460				if (options.verify_host_key_dns == 1 &&
1461				    flags & DNS_VERIFY_MATCH0x00000002 &&
1462				    flags & DNS_VERIFY_SECURE0x00000004) {
1463					r = 0;
1464					goto out;
1465				}
1466				if (flags & DNS_VERIFY_MATCH0x00000002) {
1467					matching_host_key_dns = 1;
1468				} else {
1469					warn_changed_key(plain);
1470					error("Update the SSHFP RR in DNS "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1472
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS "
 "with the new host key to get rid " "of this message.")
1471					    "with the new host key to get rid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1472
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS "
 "with the new host key to get rid " "of this message.")
1472					    "of this message.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1472
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS "
 "with the new host key to get rid " "of this message.");
1473				}
1474			}
1475		}
1476	}
1477	r = check_host_key(host, cinfo, hostaddr, options.port, host_key,
1478	    RDRW0, 0, options.user_hostfiles, options.num_user_hostfiles,
1479	    options.system_hostfiles, options.num_system_hostfiles,
1480	    options.known_hosts_command);
1481 
1482out:
1483	sshkey_free(plain);
1484	free(fp);
1485	free(cafp);
1486	if (r == 0 && host_key != NULL((void *)0)) {
1487		sshkey_free(previous_host_key);
1488		r = sshkey_from_private(host_key, &previous_host_key);
1489	}
1490 
1491	return r;
1492}
1493 
1494/*
1495 * Starts a dialog with the server, and authenticates the current user on the
1496 * server.  This does not need any extra privileges.  The basic connection
1497 * to the server must already have been established before this is called.
1498 * If login fails, this function prints an error and never returns.
1499 * This function does not require super-user privileges.
1500 */
1501void
1502ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
1503    struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms,
1504    const struct ssh_conn_info *cinfo)
1505{
1506	char *host;
1507	char *server_user, *local_user;
1508	int r;
1509 
1510	local_user = xstrdup(pw->pw_name);
1511	server_user = options.user ? options.user : local_user;
1512 
1513	/* Convert the user-supplied hostname into all lowercase. */
1514	host = xstrdup(orighost);
1515	lowercase(host);
1516 
1517	/* Exchange protocol version identification strings with the server. */
1518	if ((r = kex_exchange_identification(ssh, timeout_ms, NULL((void *)0))) != 0)
1519		sshpkt_fatal(ssh, r, "banner exchange");
1520 
1521	/* Put the connection into non-blocking mode. */
1522	ssh_packet_set_nonblocking(ssh);
1523 
1524	/* key exchange */
1525	/* authenticate user */
1526	debug("Authenticating to %s:%d as '%s'", host, port, server_user)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1526
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Authenticating to %s:%d as '%s'"
, host, port, server_user);
1527	ssh_kex2(ssh, host, hostaddr, port, cinfo);
1528	ssh_userauth2(ssh, local_user, server_user, host, sensitive);
1529	free(local_user);
1530	free(host);
1531}
1532 
1533/* print all known host keys for a given host, but skip keys of given type */
1534static int
1535show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
1536{
1537	int type[] = {
1538		KEY_RSA,
1539		KEY_DSA,
1540		KEY_ECDSA,
1541		KEY_ED25519,
1542		KEY_XMSS,
1543		-1
1544	};
1545	int i, ret = 0;
1546	char *fp, *ra;
1547	const struct hostkey_entry *found;
1548 
1549	for (i = 0; type[i] != -1; i++) {
1550		if (type[i] == key->type)
1551			continue;
1552		if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i],
1553		    -1, &found))
1554			continue;
1555		fp = sshkey_fingerprint(found->key,
1556		    options.fingerprint_hash, SSH_FP_DEFAULT);
1557		ra = sshkey_fingerprint(found->key,
1558		    options.fingerprint_hash, SSH_FP_RANDOMART);
1559		if (fp == NULL((void *)0) || ra == NULL((void *)0))
1560			fatal_f("sshkey_fingerprint fail")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1560, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint fail"
);
1561		logit("WARNING: %s key found for host %s\n"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1566
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n"
 "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found->
key), found->host, found->file, found->line, sshkey_type
(found->key), fp)
1562		    "in %s:%lu\n"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1566
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n"
 "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found->
key), found->host, found->file, found->line, sshkey_type
(found->key), fp)
1563		    "%s key fingerprint %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1566
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n"
 "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found->
key), found->host, found->file, found->line, sshkey_type
(found->key), fp)
1564		    sshkey_type(found->key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1566
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n"
 "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found->
key), found->host, found->file, found->line, sshkey_type
(found->key), fp)
1565		    found->host, found->file, found->line,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1566
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n"
 "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found->
key), found->host, found->file, found->line, sshkey_type
(found->key), fp)
1566		    sshkey_type(found->key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1566
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n"
 "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found->
key), found->host, found->file, found->line, sshkey_type
(found->key), fp);
1567		if (options.visual_host_key)
1568			logit("%s", ra)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1568
, 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", ra);
1569		free(ra);
1570		free(fp);
1571		ret = 1;
1572	}
1573	return ret;
1574}
1575 
1576static void
1577warn_changed_key(struct sshkey *host_key)
1578{
1579	char *fp;
1580 
1581	fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
1582	    SSH_FP_DEFAULT);
1583	if (fp == NULL((void *)0))
1584		fatal_f("sshkey_fingerprint fail")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1584, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint fail"
);
1585 
1586	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1586
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
);
1587	error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1587
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @"
);
1588	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1588
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
);
1589	error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"
);
1590	error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1590
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Someone could be eavesdropping on you right now (man-in-the-middle attack)!"
);
1591	error("It is also possible that a host key has just been changed.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1591
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "It is also possible that a host key has just been changed."
);
1592	error("The fingerprint for the %s key sent by the remote host is\n%s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1593
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The fingerprint for the %s key sent by the remote host is\n%s."
, sshkey_type(host_key), fp)
1593	    sshkey_type(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1593
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The fingerprint for the %s key sent by the remote host is\n%s."
, sshkey_type(host_key), fp);
1594	error("Please contact your system administrator.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1594
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Please contact your system administrator."
);
1595 
1596	free(fp);
1597}
1598 
1599/*
1600 * Execute a local command
1601 */
1602int
1603ssh_local_cmd(const char *args)
1604{
1605	char *shell;
1606	pid_t pid;
1607	int status;
1608	void (*osighand)(int);
1609 
1610	if (!options.permit_local_command ||
1611	    args == NULL((void *)0) || !*args)
1612		return (1);
1613 
1614	if ((shell = getenv("SHELL")) == NULL((void *)0) || *shell == '\0')
1615		shell = _PATH_BSHELL"/bin/sh";
1616 
1617	osighand = ssh_signal(SIGCHLD20, SIG_DFL(void (*)(int))0);
1618	pid = fork();
1619	if (pid == 0) {
1620		ssh_signal(SIGPIPE13, SIG_DFL(void (*)(int))0);
1621		debug3("Executing %s -c \"%s\"", shell, args)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1621
, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "Executing %s -c \"%s\""
, shell, args);
1622		execl(shell, shell, "-c", args, (char *)NULL((void *)0));
1623		error("Couldn't execute %s -c \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1624
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't execute %s -c \"%s\": %s"
, shell, args, strerror((*__errno())))
1624		    shell, args, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1624
, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't execute %s -c \"%s\": %s"
, shell, args, strerror((*__errno())));
1625		_exit(1);
1626	} else if (pid == -1)
1627		fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1627, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fork failed: %.100s"
, strerror((*__errno())));
1628	while (waitpid(pid, &status, 0) == -1)
1629		if (errno(*__errno()) != EINTR4)
1630			fatal("Couldn't wait for child: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__
, 1630, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Couldn't wait for child: %s"
, strerror((*__errno())));
1631	ssh_signal(SIGCHLD20, osighand);
1632 
1633	if (!WIFEXITED(status)(((status) & 0177) == 0))
1634		return (1);
1635 
1636	return (WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff));
1637}
1638 
1639void
1640maybe_add_key_to_agent(const char *authfile, struct sshkey *private,
1641    const char *comment, const char *passphrase)
1642{
1643	int auth_sock = -1, r;
1644	const char *skprovider = NULL((void *)0);
1645 
1646	if (options.add_keys_to_agent == 0)
1647		return;
1648 
1649	if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
1650		debug3("no authentication agent, not adding key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1650
, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "no authentication agent, not adding key"
);
1651		return;
1652	}
1653 
1654	if (options.add_keys_to_agent == 2 &&
1655	    !ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
1656		debug3("user denied adding this key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1656
, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "user denied adding this key"
);
1657		close(auth_sock);
1658		return;
1659	}
1660	if (sshkey_is_sk(private))
1661		skprovider = options.sk_provider;
1662	if ((r = ssh_add_identity_constrained(auth_sock, private,
1663	    comment == NULL((void *)0) ? authfile : comment,
1664	    options.add_keys_to_agent_lifespan,
1665	    (options.add_keys_to_agent == 3), 0, skprovider, NULL((void *)0), 0)) == 0)
1666		debug("identity added to agent: %s", authfile)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1666
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "identity added to agent: %s"
, authfile);
1667	else
1668		debug("could not add identity to agent: %s (%d)", authfile, r)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1668
, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "could not add identity to agent: %s (%d)"
, authfile, r);
1669	close(auth_sock);
1670}