/usr/src/usr.bin/ssh/ssh/../sshconnect.c

Bug Summary

File:	src/usr.bin/ssh/ssh/../sshconnect.c
Warning:	line 1672, column 7 Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name sshconnect.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/ssh/ssh/obj -resource-dir /usr/local/llvm16/lib/clang/16 -I /usr/src/usr.bin/ssh/ssh/.. -D WITH_OPENSSL -D WITH_ZLIB -D WITH_DSA -D ENABLE_PKCS11 -D HAVE_DLOPEN -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -fdebug-compilation-dir=/usr/src/usr.bin/ssh/ssh/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/usr.bin/ssh/ssh/../sshconnect.c

1	/* $OpenBSD: sshconnect.c,v 1.366 2024/01/11 01:45:36 djm Exp $ */
2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5	* All rights reserved
6	* Code to connect to a remote host, and to perform the client side of the
7	* login (authentication) dialog.
8	*
9	* As far as I am concerned, the code I have written for this software
10	* can be used freely for any purpose. Any derived versions of this
11	* software must be clearly marked as such, and if the derived work is
12	* incompatible with the protocol description in the RFC file, it must be
13	* called by a name other than "ssh" or "Secure Shell".
14	*/
15
16	#include <sys/types.h>
17	#include <sys/wait.h>
18	#include <sys/stat.h>
19	#include <sys/socket.h>
20	#include <sys/time.h>
21
22	#include <net/if.h>
23	#include <netinet/in.h>
24
25	#include <ctype.h>
26	#include <errno(*__errno()).h>
27	#include <fcntl.h>
28	#include <netdb.h>
29	#include <limits.h>
30	#include <paths.h>
31	#include <signal.h>
32	#include <pwd.h>
33	#include <stdio.h>
34	#include <stdlib.h>
35	#include <stdarg.h>
36	#include <string.h>
37	#include <unistd.h>
38	#include <ifaddrs.h>
39
40	#include "xmalloc.h"
41	#include "ssh.h"
42	#include "sshbuf.h"
43	#include "packet.h"
44	#include "sshkey.h"
45	#include "sshconnect.h"
46	#include "hostfile.h"
47	#include "log.h"
48	#include "misc.h"
49	#include "readconf.h"
50	#include "atomicio.h"
51	#include "dns.h"
52	#include "monitor_fdpass.h"
53	#include "ssh2.h"
54	#include "version.h"
55	#include "authfile.h"
56	#include "ssherr.h"
57	#include "authfd.h"
58	#include "kex.h"
59
60	struct sshkey previous_host_key = NULL((void )0);
61
62	static int matching_host_key_dns = 0;
63
64	static pid_t proxy_command_pid = 0;
65
66	/* import */
67	extern int debug_flag;
68	extern Options options;
69	extern char *__progname;
70
71	static int show_other_keys(struct hostkeys , struct sshkey );
72	static void warn_changed_key(struct sshkey *);
73
74	/* Expand a proxy command */
75	static char *
76	expand_proxy_command(const char proxy_command, const char user,
77	const char host, const char host_arg, int port)
78	{
79	char tmp, ret, strport[NI_MAXSERV32];
80	const char *keyalias = options.host_key_alias ?
81	options.host_key_alias : host_arg;
82
83	snprintf(strport, sizeof strport, "%d", port);
84	xasprintf(&tmp, "exec %s", proxy_command);
85	ret = percent_expand(tmp,
86	"h", host,
87	"k", keyalias,
88	"n", host_arg,
89	"p", strport,
90	"r", options.user,
91	(char )NULL((void )0));
92	free(tmp);
93	return ret;
94	}
95
96	/*
97	* Connect to the given ssh server using a proxy command that passes a
98	* a connected fd back to us.
99	*/
100	static int
101	ssh_proxy_fdpass_connect(struct ssh ssh, const char host,
102	const char host_arg, u_short port, const char proxy_command)
103	{
104	char *command_string;
105	int sp[2], sock;
106	pid_t pid;
107	char *shell;
108
109	if ((shell = getenv("SHELL")) == NULL((void *)0))
110	shell = _PATH_BSHELL"/bin/sh";
111
112	if (socketpair(AF_UNIX1, SOCK_STREAM1, 0, sp) == -1)
113	fatal("Could not create socketpair to communicate with "sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 114, 0, SYSLOG_LEVEL_FATAL, ((void )0), "Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror((__errno())))
114	"proxy dialer: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 114, 0, SYSLOG_LEVEL_FATAL, ((void )0), "Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror((__errno())));
115
116	command_string = expand_proxy_command(proxy_command, options.user,
117	host, host_arg, port);
118	debug("Executing proxy dialer command: %.500s", command_string)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 118 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Executing proxy dialer command: %.500s" , command_string);
119
120	/* Fork and execute the proxy command. */
121	if ((pid = fork()) == 0) {
122	char *argv[10];
123
124	close(sp[1]);
125	/* Redirect stdin and stdout. */
126	if (sp[0] != 0) {
127	if (dup2(sp[0], 0) == -1)
128	perror("dup2 stdin");
129	}
130	if (sp[0] != 1) {
131	if (dup2(sp[0], 1) == -1)
132	perror("dup2 stdout");
133	}
134	if (sp[0] >= 2)
135	close(sp[0]);
136
137	/*
138	* Stderr is left for non-ControlPersist connections is so
139	* error messages may be printed on the user's terminal.
140	*/
141	if (!debug_flag && options.control_path != NULL((void *)0) &&
142	options.control_persist && stdfd_devnull(0, 0, 1) == -1)
143	error_f("stdfd_devnull failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 143 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "stdfd_devnull failed");
144
145	argv[0] = shell;
146	argv[1] = "-c";
147	argv[2] = command_string;
148	argv[3] = NULL((void *)0);
149
150	/*
151	* Execute the proxy command.
152	* Note that we gave up any extra privileges above.
153	*/
154	execv(argv[0], argv);
155	perror(argv[0]);
156	exit(1);
157	}
158	/* Parent. */
159	if (pid == -1)
160	fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 160, 0, SYSLOG_LEVEL_FATAL, ((void )0), "fork failed: %.100s" , strerror((__errno())));
161	close(sp[0]);
162	free(command_string);
163
164	if ((sock = mm_receive_fd(sp[1])) == -1)
165	fatal("proxy dialer did not pass back a connection")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 165, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "proxy dialer did not pass back a connection" );
166	close(sp[1]);
167
168	while (waitpid(pid, NULL((void *)0), 0) == -1)
169	if (errno(*__errno()) != EINTR4)
170	fatal("Couldn't wait for child: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 170, 0, SYSLOG_LEVEL_FATAL, ((void )0), "Couldn't wait for child: %s" , strerror((__errno())));
171
172	/* Set the connection file descriptors. */
173	if (ssh_packet_set_connection(ssh, sock, sock) == NULL((void *)0))
174	return -1; /* ssh_packet_set_connection logs error */
175
176	return 0;
177	}
178
179	/*
180	* Connect to the given ssh server using a proxy command.
181	*/
182	static int
183	ssh_proxy_connect(struct ssh ssh, const char host, const char *host_arg,
184	u_short port, const char *proxy_command)
185	{
186	char *command_string;
187	int pin[2], pout[2];
188	pid_t pid;
189	char *shell;
190
191	if ((shell = getenv("SHELL")) == NULL((void )0) \|\| shell == '\0')
192	shell = _PATH_BSHELL"/bin/sh";
193
194	/* Create pipes for communicating with the proxy. */
195	if (pipe(pin) == -1 \|\| pipe(pout) == -1)
196	fatal("Could not create pipes to communicate with the proxy: %.100s",sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 197, 0, SYSLOG_LEVEL_FATAL, ((void )0), "Could not create pipes to communicate with the proxy: %.100s" , strerror((__errno())))
197	strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 197, 0, SYSLOG_LEVEL_FATAL, ((void )0), "Could not create pipes to communicate with the proxy: %.100s" , strerror((__errno())));
198
199	command_string = expand_proxy_command(proxy_command, options.user,
200	host, host_arg, port);
201	debug("Executing proxy command: %.500s", command_string)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 201 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Executing proxy command: %.500s" , command_string);
202
203	/* Fork and execute the proxy command. */
204	if ((pid = fork()) == 0) {
205	char *argv[10];
206
207	/* Redirect stdin and stdout. */
208	close(pin[1]);
209	if (pin[0] != 0) {
210	if (dup2(pin[0], 0) == -1)
211	perror("dup2 stdin");
212	close(pin[0]);
213	}
214	close(pout[0]);
215	if (dup2(pout[1], 1) == -1)
216	perror("dup2 stdout");
217	/* Cannot be 1 because pin allocated two descriptors. */
218	close(pout[1]);
219
220	/*
221	* Stderr is left for non-ControlPersist connections is so
222	* error messages may be printed on the user's terminal.
223	*/
224	if (!debug_flag && options.control_path != NULL((void *)0) &&
225	options.control_persist && stdfd_devnull(0, 0, 1) == -1)
226	error_f("stdfd_devnull failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 226 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "stdfd_devnull failed");
227
228	argv[0] = shell;
229	argv[1] = "-c";
230	argv[2] = command_string;
231	argv[3] = NULL((void *)0);
232
233	/*
234	* Execute the proxy command. Note that we gave up any
235	* extra privileges above.
236	*/
237	ssh_signal(SIGPIPE13, SIG_DFL(void (*)(int))0);
238	execv(argv[0], argv);
239	perror(argv[0]);
240	exit(1);
241	}
242	/* Parent. */
243	if (pid == -1)
244	fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 244, 0, SYSLOG_LEVEL_FATAL, ((void )0), "fork failed: %.100s" , strerror((__errno())));
245	else
246	proxy_command_pid = pid; /* save pid to clean up later */
247
248	/* Close child side of the descriptors. */
249	close(pin[0]);
250	close(pout[1]);
251
252	/* Free the command name. */
253	free(command_string);
254
255	/* Set the connection file descriptors. */
256	if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == NULL((void *)0))
257	return -1; /* ssh_packet_set_connection logs error */
258
259	return 0;
260	}
261
262	void
263	ssh_kill_proxy_command(void)
264	{
265	/*
266	* Send SIGHUP to proxy command if used. We don't wait() in
267	* case it hangs and instead rely on init to reap the child
268	*/
269	if (proxy_command_pid > 1)
270	kill(proxy_command_pid, SIGHUP1);
271	}
272
273	/*
274	* Search a interface address list (returned from getifaddrs(3)) for an
275	* address that matches the desired address family on the specified interface.
276	* Returns 0 and fills in resultp and rlenp on success. Returns -1 on failure.
277	*/
278	static int
279	check_ifaddrs(const char ifname, int af, const struct ifaddrs ifaddrs,
280	struct sockaddr_storage resultp, socklen_t rlenp)
281	{
282	struct sockaddr_in6 *sa6;
283	struct sockaddr_in *sa;
284	struct in6_addr *v6addr;
285	const struct ifaddrs *ifa;
286	int allow_local;
287
288	/*
289	* Prefer addresses that are not loopback or linklocal, but use them
290	* if nothing else matches.
291	*/
292	for (allow_local = 0; allow_local < 2; allow_local++) {
293	for (ifa = ifaddrs; ifa != NULL((void *)0); ifa = ifa->ifa_next) {
294	if (ifa->ifa_addr == NULL((void )0) \|\| ifa->ifa_name == NULL((void )0) \|\|
295	(ifa->ifa_flags & IFF_UP0x1) == 0 \|\|
296	ifa->ifa_addr->sa_family != af \|\|
297	strcmp(ifa->ifa_name, options.bind_interface) != 0)
298	continue;
299	switch (ifa->ifa_addr->sa_family) {
300	case AF_INET2:
301	sa = (struct sockaddr_in *)ifa->ifa_addr;
302	if (!allow_local && sa->sin_addr.s_addr ==
303	htonl(INADDR_LOOPBACK)(__uint32_t)(__builtin_constant_p(((u_int32_t)(0x7f000001))) ? (__uint32_t)(((__uint32_t)(((u_int32_t)(0x7f000001))) & 0xff ) << 24 \| ((__uint32_t)(((u_int32_t)(0x7f000001))) & 0xff00) << 8 \| ((__uint32_t)(((u_int32_t)(0x7f000001)) ) & 0xff0000) >> 8 \| ((__uint32_t)(((u_int32_t)(0x7f000001 ))) & 0xff000000) >> 24) : __swap32md(((u_int32_t)( 0x7f000001)))))
304	continue;
305	if (*rlenp < sizeof(struct sockaddr_in)) {
306	error_f("v4 addr doesn't fit")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 306 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "v4 addr doesn't fit");
307	return -1;
308	}
309	*rlenp = sizeof(struct sockaddr_in);
310	memcpy(resultp, sa, *rlenp);
311	return 0;
312	case AF_INET624:
313	sa6 = (struct sockaddr_in6 *)ifa->ifa_addr;
314	v6addr = &sa6->sin6_addr;
315	if (!allow_local &&
316	(IN6_IS_ADDR_LINKLOCAL(v6addr)(((v6addr)->__u6_addr.__u6_addr8[0] == 0xfe) && (( (v6addr)->__u6_addr.__u6_addr8[1] & 0xc0) == 0x80)) \|\|
317	IN6_IS_ADDR_LOOPBACK(v6addr)(((const u_int32_t )(const void )(&(v6addr)->__u6_addr .__u6_addr8[0]) == 0) && ((const u_int32_t )(const void )(&(v6addr)->__u6_addr.__u6_addr8[4]) == 0) && ((const u_int32_t )(const void )(&(v6addr)->__u6_addr .__u6_addr8[8]) == 0) && ((const u_int32_t )(const void )(&(v6addr)->__u6_addr.__u6_addr8[12]) == (__uint32_t )(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) & 0xff) << 24 \| ((__uint32_t)(1) & 0xff00) << 8 \| ((__uint32_t)(1) & 0xff0000) >> 8 \| ((__uint32_t )(1) & 0xff000000) >> 24) : __swap32md(1))))))
318	continue;
319	if (*rlenp < sizeof(struct sockaddr_in6)) {
320	error_f("v6 addr doesn't fit")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 320 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "v6 addr doesn't fit");
321	return -1;
322	}
323	*rlenp = sizeof(struct sockaddr_in6);
324	memcpy(resultp, sa6, *rlenp);
325	return 0;
326	}
327	}
328	}
329	return -1;
330	}
331
332	/*
333	* Creates a socket for use as the ssh connection.
334	*/
335	static int
336	ssh_create_socket(struct addrinfo *ai)
337	{
338	int sock, r;
339	struct sockaddr_storage bindaddr;
340	socklen_t bindaddrlen = 0;
341	struct addrinfo hints, res = NULL((void )0);
342	struct ifaddrs ifaddrs = NULL((void )0);
343	char ntop[NI_MAXHOST256];
344
345	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
346	if (sock == -1) {
347	error("socket: %s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 347 , 0, SYSLOG_LEVEL_ERROR, ((void )0), "socket: %s", strerror( (__errno())));
348	return -1;
349	}
350	(void)fcntl(sock, F_SETFD2, FD_CLOEXEC1);
351
352	/* Use interactive QOS (if specified) until authentication completed */
353	if (options.ip_qos_interactive != INT_MAX0x7fffffff)
354	set_sock_tos(sock, options.ip_qos_interactive);
355
356	/* Bind the socket to an alternative local IP address */
357	if (options.bind_address == NULL((void )0) && options.bind_interface == NULL((void )0))
358	return sock;
359
360	if (options.bind_address != NULL((void *)0)) {
361	memset(&hints, 0, sizeof(hints));
362	hints.ai_family = ai->ai_family;
363	hints.ai_socktype = ai->ai_socktype;
364	hints.ai_protocol = ai->ai_protocol;
365	hints.ai_flags = AI_PASSIVE1;
366	if ((r = getaddrinfo(options.bind_address, NULL((void *)0),
367	&hints, &res)) != 0) {
368	error("getaddrinfo: %s: %s", options.bind_address,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 369 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: %s: %s", options .bind_address, ssh_gai_strerror(r))
369	ssh_gai_strerror(r))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 369 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: %s: %s", options .bind_address, ssh_gai_strerror(r));
370	goto fail;
371	}
372	if (res == NULL((void *)0)) {
373	error("getaddrinfo: no addrs")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 373 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: no addrs" );
374	goto fail;
375	}
376	memcpy(&bindaddr, res->ai_addr, res->ai_addrlen);
377	bindaddrlen = res->ai_addrlen;
378	} else if (options.bind_interface != NULL((void *)0)) {
379	if ((r = getifaddrs(&ifaddrs)) != 0) {
380	error("getifaddrs: %s: %s", options.bind_interface,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 381 , 0, SYSLOG_LEVEL_ERROR, ((void )0), "getifaddrs: %s: %s", options .bind_interface, strerror((__errno())))
381	strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 381 , 0, SYSLOG_LEVEL_ERROR, ((void )0), "getifaddrs: %s: %s", options .bind_interface, strerror((__errno())));
382	goto fail;
383	}
384	bindaddrlen = sizeof(bindaddr);
385	if (check_ifaddrs(options.bind_interface, ai->ai_family,
386	ifaddrs, &bindaddr, &bindaddrlen) != 0) {
387	logit("getifaddrs: %s: no suitable addresses",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 388 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "getifaddrs: %s: no suitable addresses" , options.bind_interface)
388	options.bind_interface)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 388 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "getifaddrs: %s: no suitable addresses" , options.bind_interface);
389	goto fail;
390	}
391	}
392	if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen,
393	ntop, sizeof(ntop), NULL((void *)0), 0, NI_NUMERICHOST1)) != 0) {
394	error_f("getnameinfo failed: %s", ssh_gai_strerror(r))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 394 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "getnameinfo failed: %s" , ssh_gai_strerror(r));
395	goto fail;
396	}
397	if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
398	error("bind %s: %s", ntop, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 398 , 0, SYSLOG_LEVEL_ERROR, ((void )0), "bind %s: %s", ntop, strerror ((__errno())));
399	goto fail;
400	}
401	debug_f("bound to %s", ntop)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 401 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "bound to %s", ntop);
402	/* success */
403	goto out;
404	fail:
405	close(sock);
406	sock = -1;
407	out:
408	if (res != NULL((void *)0))
409	freeaddrinfo(res);
410	if (ifaddrs != NULL((void *)0))
411	freeifaddrs(ifaddrs);
412	return sock;
413	}
414
415	/*
416	* Opens a TCP/IP connection to the remote server on the given host.
417	* The address of the remote host will be returned in hostaddr.
418	* If port is 0, the default port will be used.
419	* Connection_attempts specifies the maximum number of tries (one per
420	* second). If proxy_command is non-NULL, it specifies the command (with %h
421	* and %p substituted for host and port, respectively) to use to contact
422	* the daemon.
423	*/
424	static int
425	ssh_connect_direct(struct ssh ssh, const char host, struct addrinfo *aitop,
426	struct sockaddr_storage *hostaddr, u_short port, int connection_attempts,
427	int *timeout_ms, int want_keepalive)
428	{
429	int on = 1, saved_timeout_ms = *timeout_ms;
430	int oerrno, sock = -1, attempt;
431	char ntop[NI_MAXHOST256], strport[NI_MAXSERV32];
432	struct addrinfo *ai;
433
434	debug3_f("entering")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 434 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "entering");
435	memset(ntop, 0, sizeof(ntop));
436	memset(strport, 0, sizeof(strport));
437
438	for (attempt = 0; attempt < connection_attempts; attempt++) {
439	if (attempt > 0) {
440	/* Sleep a moment before retrying. */
441	sleep(1);
442	debug("Trying again...")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 442 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Trying again...");
443	}
444	/*
445	* Loop through addresses for this host, and try each one in
446	* sequence until the connection succeeds.
447	*/
448	for (ai = aitop; ai; ai = ai->ai_next) {
449	if (ai->ai_family != AF_INET2 &&
450	ai->ai_family != AF_INET624) {
451	errno(*__errno()) = EAFNOSUPPORT47;
452	continue;
453	}
454	if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
455	ntop, sizeof(ntop), strport, sizeof(strport),
456	NI_NUMERICHOST1\|NI_NUMERICSERV2) != 0) {
457	oerrno = errno(*__errno());
458	error_f("getnameinfo failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 458 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "getnameinfo failed");
459	errno(*__errno()) = oerrno;
460	continue;
461	}
462	if (options.address_family != AF_UNSPEC0 &&
463	ai->ai_family != options.address_family) {
464	debug2_f("skipping address [%s]:%s: "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 465 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "skipping address [%s]:%s: " "wrong address family", ntop, strport)
465	"wrong address family", ntop, strport)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 465 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "skipping address [%s]:%s: " "wrong address family", ntop, strport);
466	errno(*__errno()) = EAFNOSUPPORT47;
467	continue;
468	}
469
470	debug("Connecting to %.200s [%.100s] port %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 471 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connecting to %.200s [%.100s] port %s." , host, ntop, strport)
471	host, ntop, strport)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 471 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connecting to %.200s [%.100s] port %s." , host, ntop, strport);
472
473	/* Create a socket for connecting. */
474	sock = ssh_create_socket(ai);
475	if (sock < 0) {
476	/* Any error is already output */
477	errno(*__errno()) = 0;
478	continue;
479	}
480
481	*timeout_ms = saved_timeout_ms;
482	if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
483	timeout_ms) >= 0) {
484	/* Successful connection. */
485	memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
486	break;
487	} else {
488	oerrno = errno(*__errno());
489	debug("connect to address %s port %s: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 490 , 0, SYSLOG_LEVEL_DEBUG1, ((void )0), "connect to address %s port %s: %s" , ntop, strport, strerror((__errno())))
490	ntop, strport, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 490 , 0, SYSLOG_LEVEL_DEBUG1, ((void )0), "connect to address %s port %s: %s" , ntop, strport, strerror((__errno())));
491	close(sock);
492	sock = -1;
493	errno(*__errno()) = oerrno;
494	}
495	}
496	if (sock != -1)
497	break; /* Successful connection. */
498	}
499
500	/* Return failure if we didn't get a successful connection. */
501	if (sock == -1) {
502	error("ssh: connect to host %s port %s: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 503 , 0, SYSLOG_LEVEL_ERROR, ((void )0), "ssh: connect to host %s port %s: %s" , host, strport, (__errno()) == 0 ? "failure" : strerror((*__errno ())))
503	host, strport, errno == 0 ? "failure" : strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 503 , 0, SYSLOG_LEVEL_ERROR, ((void )0), "ssh: connect to host %s port %s: %s" , host, strport, (__errno()) == 0 ? "failure" : strerror((*__errno ())));
504	return -1;
505	}
506
507	debug("Connection established.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 507 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connection established." );
508
509	/* Set SO_KEEPALIVE if requested. */
510	if (want_keepalive &&
511	setsockopt(sock, SOL_SOCKET0xffff, SO_KEEPALIVE0x0008, (void *)&on,
512	sizeof(on)) == -1)
513	error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 513 , 0, SYSLOG_LEVEL_ERROR, ((void )0), "setsockopt SO_KEEPALIVE: %.100s" , strerror((__errno())));
514
515	/* Set the connection. */
516	if (ssh_packet_set_connection(ssh, sock, sock) == NULL((void *)0))
517	return -1; /* ssh_packet_set_connection logs error */
518
519	return 0;
520	}
521
522	int
523	ssh_connect(struct ssh ssh, const char host, const char *host_arg,
524	struct addrinfo addrs, struct sockaddr_storage hostaddr, u_short port,
525	int connection_attempts, int *timeout_ms, int want_keepalive)
526	{
527	int in, out;
528
529	if (options.proxy_command == NULL((void *)0)) {
530	return ssh_connect_direct(ssh, host, addrs, hostaddr, port,
531	connection_attempts, timeout_ms, want_keepalive);
532	} else if (strcmp(options.proxy_command, "-") == 0) {
533	if ((in = dup(STDIN_FILENO0)) == -1 \|\|
534	(out = dup(STDOUT_FILENO1)) == -1) {
535	if (in >= 0)
536	close(in);
537	error_f("dup() in/out failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 537 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "dup() in/out failed");
538	return -1; /* ssh_packet_set_connection logs error */
539	}
540	if ((ssh_packet_set_connection(ssh, in, out)) == NULL((void *)0))
541	return -1; /* ssh_packet_set_connection logs error */
542	return 0;
543	} else if (options.proxy_use_fdpass) {
544	return ssh_proxy_fdpass_connect(ssh, host, host_arg, port,
545	options.proxy_command);
546	}
547	return ssh_proxy_connect(ssh, host, host_arg, port,
548	options.proxy_command);
549	}
550
551	/* defaults to 'no' */
552	static int
553	confirm(const char prompt, const char fingerprint)
554	{
555	const char msg, again = "Please type 'yes' or 'no': ";
556	const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
557	char p, cp;
558	int ret = -1;
559
560	if (options.batch_mode)
561	return 0;
562	for (msg = prompt;;msg = fingerprint ? again_fp : again) {
563	cp = p = read_passphrase(msg, RP_ECHO0x0001);
564	if (p == NULL((void *)0))
565	return 0;
566	p += strspn(p, " \t"); /* skip leading whitespace */
567	p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */
568	if (p[0] == '\0' \|\| strcasecmp(p, "no") == 0)
569	ret = 0;
570	else if (strcasecmp(p, "yes") == 0 \|\| (fingerprint != NULL((void *)0) &&
571	strcmp(p, fingerprint) == 0))
572	ret = 1;
573	free(cp);
574	if (ret != -1)
575	return ret;
576	}
577	}
578
579	static int
580	sockaddr_is_local(struct sockaddr *hostaddr)
581	{
582	switch (hostaddr->sa_family) {
583	case AF_INET2:
584	return (ntohl(((struct sockaddr_in )hostaddr)->(__uint32_t)(__builtin_constant_p(((struct sockaddr_in )hostaddr )-> sin_addr.s_addr) ? (__uint32_t)(((__uint32_t)(((struct sockaddr_in )hostaddr)-> sin_addr.s_addr) & 0xff) << 24 \| ((__uint32_t)(((struct sockaddr_in )hostaddr)-> sin_addr .s_addr) & 0xff00) << 8 \| ((__uint32_t)(((struct sockaddr_in )hostaddr)-> sin_addr.s_addr) & 0xff0000) >> 8 \| ((__uint32_t)(((struct sockaddr_in )hostaddr)-> sin_addr .s_addr) & 0xff000000) >> 24) : __swap32md(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr))
585	sin_addr.s_addr)(__uint32_t)(__builtin_constant_p(((struct sockaddr_in )hostaddr )-> sin_addr.s_addr) ? (__uint32_t)(((__uint32_t)(((struct sockaddr_in )hostaddr)-> sin_addr.s_addr) & 0xff) << 24 \| ((__uint32_t)(((struct sockaddr_in )hostaddr)-> sin_addr .s_addr) & 0xff00) << 8 \| ((__uint32_t)(((struct sockaddr_in )hostaddr)-> sin_addr.s_addr) & 0xff0000) >> 8 \| ((__uint32_t)(((struct sockaddr_in )hostaddr)-> sin_addr .s_addr) & 0xff000000) >> 24) : __swap32md(((struct sockaddr_in )hostaddr)-> sin_addr.s_addr)) >> 24) == IN_LOOPBACKNET127;
586	case AF_INET624:
587	return IN6_IS_ADDR_LOOPBACK((((const u_int32_t )(const void )(&(&(((struct sockaddr_in6 )hostaddr)->sin6_addr))->__u6_addr.__u6_addr8[0]) == 0 ) && ((const u_int32_t )(const void )(&(&( ((struct sockaddr_in6 )hostaddr)->sin6_addr))->__u6_addr .__u6_addr8[4]) == 0) && ((const u_int32_t )(const void )(&(&(((struct sockaddr_in6 )hostaddr)->sin6_addr ))->__u6_addr.__u6_addr8[8]) == 0) && ((const u_int32_t )(const void )(&(&(((struct sockaddr_in6 )hostaddr )->sin6_addr))->__u6_addr.__u6_addr8[12]) == (__uint32_t )(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) & 0xff) << 24 \| ((__uint32_t)(1) & 0xff00) << 8 \| ((__uint32_t)(1) & 0xff0000) >> 8 \| ((__uint32_t )(1) & 0xff000000) >> 24) : __swap32md(1))))
588	&(((struct sockaddr_in6 )hostaddr)->sin6_addr))(((const u_int32_t )(const void )(&(&(((struct sockaddr_in6 )hostaddr)->sin6_addr))->__u6_addr.__u6_addr8[0]) == 0 ) && ((const u_int32_t )(const void )(&(&( ((struct sockaddr_in6 )hostaddr)->sin6_addr))->__u6_addr .__u6_addr8[4]) == 0) && ((const u_int32_t )(const void )(&(&(((struct sockaddr_in6 )hostaddr)->sin6_addr ))->__u6_addr.__u6_addr8[8]) == 0) && ((const u_int32_t )(const void )(&(&(((struct sockaddr_in6 *)hostaddr )->sin6_addr))->__u6_addr.__u6_addr8[12]) == (__uint32_t )(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) & 0xff) << 24 \| ((__uint32_t)(1) & 0xff00) << 8 \| ((__uint32_t)(1) & 0xff0000) >> 8 \| ((__uint32_t )(1) & 0xff000000) >> 24) : __swap32md(1))));
589	default:
590	return 0;
591	}
592	}
593
594	/*
595	* Prepare the hostname and ip address strings that are used to lookup
596	* host keys in known_hosts files. These may have a port number appended.
597	*/
598	void
599	get_hostfile_hostname_ipaddr(char hostname, struct sockaddr hostaddr,
600	u_short port, char hostfile_hostname, char hostfile_ipaddr)
601	{
602	char ntop[NI_MAXHOST256];
603
604	/*
605	* We don't have the remote ip-address for connections
606	* using a proxy command
607	*/
608	if (hostfile_ipaddr != NULL((void *)0)) {
609	if (options.proxy_command == NULL((void *)0)) {
610	if (getnameinfo(hostaddr, hostaddr->sa_len,
611	ntop, sizeof(ntop), NULL((void *)0), 0, NI_NUMERICHOST1) != 0)
612	fatal_f("getnameinfo failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 612, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "getnameinfo failed" );
613	*hostfile_ipaddr = put_host_port(ntop, port);
614	} else {
615	*hostfile_ipaddr = xstrdup("<no hostip for proxy "
616	"command>");
617	}
618	}
619
620	/*
621	* Allow the user to record the key under a different name or
622	* differentiate a non-standard port. This is useful for ssh
623	* tunneling over forwarded connections or if you run multiple
624	* sshd's on different ports on the same machine.
625	*/
626	if (hostfile_hostname != NULL((void *)0)) {
627	if (options.host_key_alias != NULL((void *)0)) {
628	*hostfile_hostname = xstrdup(options.host_key_alias);
629	debug("using hostkeyalias: %s", hostfile_hostname)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 629 , 0, SYSLOG_LEVEL_DEBUG1, ((void )0), "using hostkeyalias: %s" , *hostfile_hostname);
630	} else {
631	*hostfile_hostname = put_host_port(hostname, port);
632	}
633	}
634	}
635
636	/* returns non-zero if path appears in hostfiles, or 0 if not. */
637	static int
638	path_in_hostfiles(const char path, char *hostfiles, u_int num_hostfiles)
639	{
640	u_int i;
641
642	for (i = 0; i < num_hostfiles; i++) {
643	if (strcmp(path, hostfiles[i]) == 0)
644	return 1;
645	}
646	return 0;
647	}
648
649	struct find_by_key_ctx {
650	const char host, ip;
651	const struct sshkey *key;
652	char **names;
653	u_int nnames;
654	};
655
656	/* Try to replace home directory prefix (per $HOME) with a ~/ sequence */
657	static char *
658	try_tilde_unexpand(const char *path)
659	{
660	char home, ret = NULL((void *)0);
661	size_t l;
662
663	if (*path != '/')
664	return xstrdup(path);
665	if ((home = getenv("HOME")) == NULL((void *)0) \|\| (l = strlen(home)) == 0)
666	return xstrdup(path);
667	if (strncmp(path, home, l) != 0)
668	return xstrdup(path);
669	/*
670	* ensure we have matched on a path boundary: either the $HOME that
671	* we just compared ends with a '/' or the next character of the path
672	* must be a '/'.
673	*/
674	if (home[l - 1] != '/' && path[l] != '/')
675	return xstrdup(path);
676	if (path[l] == '/')
677	l++;
678	xasprintf(&ret, "~/%s", path + l);
679	return ret;
680	}
681
682	static int
683	hostkeys_find_by_key_cb(struct hostkey_foreach_line l, void _ctx)
684	{
685	struct find_by_key_ctx ctx = (struct find_by_key_ctx )_ctx;
686	char *path;
687
688	/* we are looking for keys with names that do not match */
689	if ((l->match & HKF_MATCH_HOST(1)) != 0)
690	return 0;
691	/* not interested in marker lines */
692	if (l->marker != MRK_NONE)
693	return 0;
694	/* we are only interested in exact key matches */
695	if (l->key == NULL((void *)0) \|\| !sshkey_equal(ctx->key, l->key))
696	return 0;
697	path = try_tilde_unexpand(l->path);
698	debug_f("found matching key in %s:%lu", path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 698 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "found matching key in %s:%lu" , path, l->linenum);
699	ctx->names = xrecallocarray(ctx->names,
700	ctx->nnames, ctx->nnames + 1, sizeof(*ctx->names));
701	xasprintf(&ctx->names[ctx->nnames], "%s:%lu: %s", path, l->linenum,
702	strncmp(l->hosts, HASH_MAGIC"\|1\|", strlen(HASH_MAGIC"\|1\|")) == 0 ?
703	"[hashed name]" : l->hosts);
704	ctx->nnames++;
705	free(path);
706	return 0;
707	}
708
709	static int
710	hostkeys_find_by_key_hostfile(const char file, const char which,
711	struct find_by_key_ctx *ctx)
712	{
713	int r;
714
715	debug3_f("trying %s hostfile \"%s\"", which, file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 715 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "trying %s hostfile \"%s\"" , which, file);
716	if ((r = hostkeys_foreach(file, hostkeys_find_by_key_cb, ctx,
717	ctx->host, ctx->ip, HKF_WANT_PARSE_KEY(1<<1), 0)) != 0) {
718	if (r == SSH_ERR_SYSTEM_ERROR-24 && errno(*__errno()) == ENOENT2) {
719	debug_f("hostkeys file %s does not exist", file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 719 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkeys file %s does not exist" , file);
720	return 0;
721	}
722	error_fr(r, "hostkeys_foreach failed for %s", file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 722 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hostkeys_foreach failed for %s" , file);
723	return r;
724	}
725	return 0;
726	}
727
728	/*
729	* Find 'key' in known hosts file(s) that do not match host/ip.
730	* Used to display also-known-as information for previously-unseen hostkeys.
731	*/
732	static void
733	hostkeys_find_by_key(const char host, const char ip, const struct sshkey *key,
734	char **user_hostfiles, u_int num_user_hostfiles,
735	char **system_hostfiles, u_int num_system_hostfiles,
736	char **names, u_int nnames)
737	{
738	struct find_by_key_ctx ctx = {0, 0, 0, 0, 0};
739	u_int i;
740
741	names = NULL((void )0);
742	*nnames = 0;
743
744	if (key == NULL((void *)0) \|\| sshkey_is_cert(key))
745	return;
746
747	ctx.host = host;
748	ctx.ip = ip;
749	ctx.key = key;
750
751	for (i = 0; i < num_user_hostfiles; i++) {
752	if (hostkeys_find_by_key_hostfile(user_hostfiles[i],
753	"user", &ctx) != 0)
754	goto fail;
755	}
756	for (i = 0; i < num_system_hostfiles; i++) {
757	if (hostkeys_find_by_key_hostfile(system_hostfiles[i],
758	"system", &ctx) != 0)
759	goto fail;
760	}
761	/* success */
762	*names = ctx.names;
763	*nnames = ctx.nnames;
764	ctx.names = NULL((void *)0);
765	ctx.nnames = 0;
766	return;
767	fail:
768	for (i = 0; i < ctx.nnames; i++)
769	free(ctx.names[i]);
770	free(ctx.names);
771	}
772
773	#define MAX_OTHER_NAMES8 8 /* Maximum number of names to list */
774	static char *
775	other_hostkeys_message(const char host, const char ip,
776	const struct sshkey *key,
777	char **user_hostfiles, u_int num_user_hostfiles,
778	char **system_hostfiles, u_int num_system_hostfiles)
779	{
780	char ret = NULL((void )0), *othernames = NULL((void )0);
781	u_int i, n, num_othernames = 0;
782
783	hostkeys_find_by_key(host, ip, key,
784	user_hostfiles, num_user_hostfiles,
785	system_hostfiles, num_system_hostfiles,
786	&othernames, &num_othernames);
787	if (num_othernames == 0)
788	return xstrdup("This key is not known by any other names.");
789
790	xasprintf(&ret, "This host key is known by the following other "
791	"names/addresses:");
792
793	n = num_othernames;
794	if (n > MAX_OTHER_NAMES8)
795	n = MAX_OTHER_NAMES8;
796	for (i = 0; i < n; i++) {
797	xextendf(&ret, "\n", " %s", othernames[i]);
798	}
799	if (n < num_othernames) {
800	xextendf(&ret, "\n", " (%d additional names omitted)",
801	num_othernames - n);
802	}
803	for (i = 0; i < num_othernames; i++)
804	free(othernames[i]);
805	free(othernames);
806	return ret;
807	}
808
809	void
810	load_hostkeys_command(struct hostkeys hostkeys, const char command_template,
811	const char invocation, const struct ssh_conn_info cinfo,
812	const struct sshkey host_key, const char hostfile_hostname)
813	{
814	int r, i, ac = 0;
815	char key_fp = NULL((void )0), keytext = NULL((void )0), *tmp;
816	char command = NULL((void )0), tag = NULL((void )0), *av = NULL((void )0);
817	FILE f = NULL((void )0);
818	pid_t pid;
819	void (*osigchld)(int);
820
821	xasprintf(&tag, "KnownHostsCommand-%s", invocation);
822
823	if (host_key != NULL((void *)0)) {
824	if ((key_fp = sshkey_fingerprint(host_key,
825	options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0))
826	fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 826, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" );
827	if ((r = sshkey_to_base64(host_key, &keytext)) != 0)
828	fatal_fr(r, "sshkey_to_base64 failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 828, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshkey_to_base64 failed" );
829	}
830	/*
831	* NB. all returns later this function should go via "out" to
832	* ensure the original SIGCHLD handler is restored properly.
833	*/
834	osigchld = ssh_signal(SIGCHLD20, SIG_DFL(void (*)(int))0);
835
836	/* Turn the command into an argument vector */
837	if (argv_split(command_template, &ac, &av, 0) != 0) {
838	error("%s \"%s\" contains invalid quotes", tag,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 839 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" contains invalid quotes" , tag, command_template)
839	command_template)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 839 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" contains invalid quotes" , tag, command_template);
840	goto out;
841	}
842	if (ac == 0) {
843	error("%s \"%s\" yielded no arguments", tag,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 844 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" yielded no arguments" , tag, command_template)
844	command_template)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 844 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" yielded no arguments" , tag, command_template);
845	goto out;
846	}
847	for (i = 1; i < ac; i++) {
848	tmp = percent_dollar_expand(av[i],
849	DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo)"C", cinfo->conn_hash_hex, "L", cinfo->shorthost, "i", cinfo ->uidstr, "k", cinfo->keyalias, "l", cinfo->thishost , "n", cinfo->host_arg, "p", cinfo->portstr, "d", cinfo ->homedir, "h", cinfo->remhost, "r", cinfo->remuser, "u", cinfo->locuser, "j", cinfo->jmphost,
850	"H", hostfile_hostname,
851	"I", invocation,
852	"t", host_key == NULL((void *)0) ? "NONE" : sshkey_ssh_name(host_key),
853	"f", key_fp == NULL((void *)0) ? "NONE" : key_fp,
854	"K", keytext == NULL((void *)0) ? "NONE" : keytext,
855	(char )NULL((void )0));
856	if (tmp == NULL((void *)0))
857	fatal_f("percent_expand failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 857, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "percent_expand failed" );
858	free(av[i]);
859	av[i] = tmp;
860	}
861	/* Prepare a printable command for logs, etc. */
862	command = argv_assemble(ac, av);
863
864	if ((pid = subprocess(tag, command, ac, av, &f,
865	SSH_SUBPROCESS_STDOUT_CAPTURE(1<<1)\|SSH_SUBPROCESS_UNSAFE_PATH(1<<3)\|
866	SSH_SUBPROCESS_PRESERVE_ENV(1<<4), NULL((void )0), NULL((void )0), NULL((void *)0))) == 0)
867	goto out;
868
869	load_hostkeys_file(hostkeys, hostfile_hostname, tag, f, 1);
870
871	if (exited_cleanly(pid, tag, command, 0) != 0)
872	fatal("KnownHostsCommand failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 872, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "KnownHostsCommand failed" );
873
874	out:
875	if (f != NULL((void *)0))
876	fclose(f);
877	ssh_signal(SIGCHLD20, osigchld);
878	for (i = 0; i < ac; i++)
879	free(av[i]);
880	free(av);
881	free(tag);
882	free(command);
883	free(key_fp);
884	free(keytext);
885	}
886
887	/*
888	* check whether the supplied host key is valid, return -1 if the key
889	* is not valid. user_hostfile[0] will not be updated if 'readonly' is true.
890	*/
891	#define RDRW0 0
892	#define RDONLY1 1
893	#define ROQUIET2 2
894	static int
895	check_host_key(char hostname, const struct ssh_conn_info cinfo,
896	struct sockaddr *hostaddr, u_short port,
897	struct sshkey *host_key, int readonly, int clobber_port,
898	char **user_hostfiles, u_int num_user_hostfiles,
899	char **system_hostfiles, u_int num_system_hostfiles,
900	const char *hostfile_command)
901	{
902	HostStatus host_status = -1, ip_status = -1;
903	struct sshkey raw_key = NULL((void )0);
904	char ip = NULL((void )0), host = NULL((void )0);
905	char hostline[1000], hostp, fp, *ra;
906	char msg[1024];
907	const char type, fail_reason = NULL((void *)0);
908	const struct hostkey_entry host_found = NULL((void )0), ip_found = NULL((void )0);
909	int len, cancelled_forwarding = 0, confirmed;
910	int local = sockaddr_is_local(hostaddr);
911	int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
912	int hostkey_trusted = 0; /* Known or explicitly accepted by user */
913	struct hostkeys host_hostkeys, ip_hostkeys;
914	u_int i;
915
916	/*
917	* Force accepting of the host key for loopback/localhost. The
918	* problem is that if the home directory is NFS-mounted to multiple
919	* machines, localhost will refer to a different machine in each of
920	* them, and the user will get bogus HOST_CHANGED warnings. This
921	* essentially disables host authentication for localhost; however,
922	* this is probably not a real problem.
923	*/
924	if (options.no_host_authentication_for_localhost == 1 && local &&
925	options.host_key_alias == NULL((void *)0)) {
926	debug("Forcing accepting of host key for "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 927 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Forcing accepting of host key for " "loopback/localhost.")
927	"loopback/localhost.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 927 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Forcing accepting of host key for " "loopback/localhost.");
928	options.update_hostkeys = 0;
929	return 0;
930	}
931
932	/*
933	* Don't ever try to write an invalid name to a known hosts file.
934	* Note: do this before get_hostfile_hostname_ipaddr() to catch
935	* '[' or ']' in the name before they are added.
936	*/
937	if (strcspn(hostname, "@?*#[]\|'\'\"\\") != strlen(hostname)) {
938	debug_f("invalid hostname \"%s\"; will not record: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 939 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "invalid hostname \"%s\"; will not record: %s" , hostname, fail_reason)
939	hostname, fail_reason)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 939 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "invalid hostname \"%s\"; will not record: %s" , hostname, fail_reason);
940	readonly = RDONLY1;
941	}
942
943	/*
944	* Prepare the hostname and address strings used for hostkey lookup.
945	* In some cases, these will have a port number appended.
946	*/
947	get_hostfile_hostname_ipaddr(hostname, hostaddr,
948	clobber_port ? 0 : port, &host, &ip);
949
950	/*
951	* Turn off check_host_ip if the connection is to localhost, via proxy
952	* command or if we don't have a hostname to compare with
953	*/
954	if (options.check_host_ip && (local \|\|
955	strcmp(hostname, ip) == 0 \|\| options.proxy_command != NULL((void *)0)))
956	options.check_host_ip = 0;
957
958	host_hostkeys = init_hostkeys();
959	for (i = 0; i < num_user_hostfiles; i++)
960	load_hostkeys(host_hostkeys, host, user_hostfiles[i], 0);
961	for (i = 0; i < num_system_hostfiles; i++)
962	load_hostkeys(host_hostkeys, host, system_hostfiles[i], 0);
963	if (hostfile_command != NULL((void *)0) && !clobber_port) {
964	load_hostkeys_command(host_hostkeys, hostfile_command,
965	"HOSTNAME", cinfo, host_key, host);
966	}
967
968	ip_hostkeys = NULL((void *)0);
969	if (!want_cert && options.check_host_ip) {
970	ip_hostkeys = init_hostkeys();
971	for (i = 0; i < num_user_hostfiles; i++)
972	load_hostkeys(ip_hostkeys, ip, user_hostfiles[i], 0);
973	for (i = 0; i < num_system_hostfiles; i++)
974	load_hostkeys(ip_hostkeys, ip, system_hostfiles[i], 0);
975	if (hostfile_command != NULL((void *)0) && !clobber_port) {
976	load_hostkeys_command(ip_hostkeys, hostfile_command,
977	"ADDRESS", cinfo, host_key, ip);
978	}
979	}
980
981	retry:
982	/* Reload these as they may have changed on cert->key downgrade */
983	want_cert = sshkey_is_cert(host_key);
984	type = sshkey_type(host_key);
985
986	/*
987	* Check if the host key is present in the user's list of known
988	* hosts or in the systemwide list.
989	*/
990	host_status = check_key_in_hostkeys(host_hostkeys, host_key,
991	&host_found);
992
993	/*
994	* If there are no hostfiles, or if the hostkey was found via
995	* KnownHostsCommand, then don't try to touch the disk.
996	*/
997	if (!readonly && (num_user_hostfiles == 0 \|\|
998	(host_found != NULL((void *)0) && host_found->note != 0)))
999	readonly = RDONLY1;
1000
1001	/*
1002	* Also perform check for the ip address, skip the check if we are
1003	* localhost, looking for a certificate, or the hostname was an ip
1004	* address to begin with.
1005	*/
1006	if (!want_cert && ip_hostkeys != NULL((void *)0)) {
1007	ip_status = check_key_in_hostkeys(ip_hostkeys, host_key,
1008	&ip_found);
1009	if (host_status == HOST_CHANGED &&
1010	(ip_status != HOST_CHANGED \|\|
1011	(ip_found != NULL((void *)0) &&
1012	!sshkey_equal(ip_found->key, host_found->key))))
1013	host_ip_differ = 1;
1014	} else
1015	ip_status = host_status;
1016
1017	switch (host_status) {
1018	case HOST_OK:
1019	/* The host is known and the key matches. */
1020	debug("Host '%.200s' is known and matches the %s host %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1021 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host '%.200s' is known and matches the %s host %s." , host, type, want_cert ? "certificate" : "key")
1021	host, type, want_cert ? "certificate" : "key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1021 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host '%.200s' is known and matches the %s host %s." , host, type, want_cert ? "certificate" : "key");
1022	debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1023 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Found %s in %s:%lu", want_cert ? "CA key" : "key", host_found->file, host_found->line )
1023	host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1023 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Found %s in %s:%lu", want_cert ? "CA key" : "key", host_found->file, host_found->line );
1024	if (want_cert) {
1025	if (sshkey_cert_check_host(host_key,
1026	options.host_key_alias == NULL((void *)0) ?
1027	hostname : options.host_key_alias, 0,
1028	options.ca_sign_algorithms, &fail_reason) != 0) {
1029	error("%s", fail_reason)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1029 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s", fail_reason);
1030	goto fail;
1031	}
1032	/*
1033	* Do not attempt hostkey update if a certificate was
1034	* successfully matched.
1035	*/
1036	if (options.update_hostkeys != 0) {
1037	options.update_hostkeys = 0;
1038	debug3_f("certificate host key in use; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1039 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "certificate host key in use; " "disabling UpdateHostkeys")
1039	"disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1039 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "certificate host key in use; " "disabling UpdateHostkeys");
1040	}
1041	}
1042	/* Turn off UpdateHostkeys if key was in system known_hosts */
1043	if (options.update_hostkeys != 0 &&
1044	(path_in_hostfiles(host_found->file,
1045	system_hostfiles, num_system_hostfiles) \|\|
1046	(ip_status == HOST_OK && ip_found != NULL((void *)0) &&
1047	path_in_hostfiles(ip_found->file,
1048	system_hostfiles, num_system_hostfiles)))) {
1049	options.update_hostkeys = 0;
1050	debug3_f("host key found in GlobalKnownHostsFile; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1051 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found in GlobalKnownHostsFile; " "disabling UpdateHostkeys")
1051	"disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1051 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found in GlobalKnownHostsFile; " "disabling UpdateHostkeys");
1052	}
1053	if (options.update_hostkeys != 0 && host_found->note) {
1054	options.update_hostkeys = 0;
1055	debug3_f("host key found via KnownHostsCommand; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1056 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found via KnownHostsCommand; " "disabling UpdateHostkeys")
1056	"disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1056 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found via KnownHostsCommand; " "disabling UpdateHostkeys");
1057	}
1058	if (options.check_host_ip && ip_status == HOST_NEW) {
1059	if (readonly \|\| want_cert)
1060	logit("%s host key for IP address "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1062 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip)
1061	"'%.128s' not in list of known hosts.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1062 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip)
1062	type, ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1062 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip);
1063	else if (!add_host_to_hostfile(user_hostfiles[0], ip,
1064	host_key, options.hash_known_hosts))
1065	logit("Failed to add the %s host key for IP "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0])
1066	"address '%.128s' to the list of known "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0])
1067	"hosts (%.500s).", type, ip,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0])
1068	user_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0]);
1069	else
1070	logit("Warning: Permanently added the %s host "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1072 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts." , type, ip)
1071	"key for IP address '%.128s' to the list "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1072 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts." , type, ip)
1072	"of known hosts.", type, ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1072 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts." , type, ip);
1073	} else if (options.visual_host_key) {
1074	fp = sshkey_fingerprint(host_key,
1075	options.fingerprint_hash, SSH_FP_DEFAULT);
1076	ra = sshkey_fingerprint(host_key,
1077	options.fingerprint_hash, SSH_FP_RANDOMART);
1078	if (fp == NULL((void )0) \|\| ra == NULL((void )0))
1079	fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1079, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" );
1080	logit("Host key fingerprint is %s\n%s", fp, ra)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1080 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Host key fingerprint is %s\n%s" , fp, ra);
1081	free(ra);
1082	free(fp);
1083	}
1084	hostkey_trusted = 1;
1085	break;
1086	case HOST_NEW:
1087	if (options.host_key_alias == NULL((void *)0) && port != 0 &&
1088	port != SSH_DEFAULT_PORT22 && !clobber_port) {
1089	debug("checking without port identifier")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1089 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "checking without port identifier" );
1090	if (check_host_key(hostname, cinfo, hostaddr, 0,
1091	host_key, ROQUIET2, 1,
1092	user_hostfiles, num_user_hostfiles,
1093	system_hostfiles, num_system_hostfiles,
1094	hostfile_command) == 0) {
1095	debug("found matching key w/out port")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1095 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "found matching key w/out port" );
1096	break;
1097	}
1098	}
1099	if (readonly \|\| want_cert)
1100	goto fail;
1101	/* The host is new. */
1102	if (options.strict_host_key_checking ==
1103	SSH_STRICT_HOSTKEY_YES2) {
1104	/*
1105	* User has requested strict host key checking. We
1106	* will not add the host key automatically. The only
1107	* alternative left is to abort.
1108	*/
1109	error("No %s host key is known for %.200s and you "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1110 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "No %s host key is known for %.200s and you " "have requested strict checking.", type, host)
1110	"have requested strict checking.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1110 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "No %s host key is known for %.200s and you " "have requested strict checking.", type, host);
1111	goto fail;
1112	} else if (options.strict_host_key_checking ==
1113	SSH_STRICT_HOSTKEY_ASK3) {
1114	char msg1 = NULL((void )0), msg2 = NULL((void )0);
1115
1116	xasprintf(&msg1, "The authenticity of host "
1117	"'%.200s (%s)' can't be established", host, ip);
1118
1119	if (show_other_keys(host_hostkeys, host_key)) {
1120	xextendf(&msg1, "\n", "but keys of different "
1121	"type are already known for this host.");
1122	} else
1123	xextendf(&msg1, "", ".");
1124
1125	fp = sshkey_fingerprint(host_key,
1126	options.fingerprint_hash, SSH_FP_DEFAULT);
1127	ra = sshkey_fingerprint(host_key,
1128	options.fingerprint_hash, SSH_FP_RANDOMART);
1129	if (fp == NULL((void )0) \|\| ra == NULL((void )0))
1130	fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1130, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" );
1131	xextendf(&msg1, "\n", "%s key fingerprint is %s.",
1132	type, fp);
1133	if (options.visual_host_key)
1134	xextendf(&msg1, "\n", "%s", ra);
1135	if (options.verify_host_key_dns) {
1136	xextendf(&msg1, "\n",
1137	"%s host key fingerprint found in DNS.",
1138	matching_host_key_dns ?
1139	"Matching" : "No matching");
1140	}
1141	/* msg2 informs for other names matching this key */
1142	if ((msg2 = other_hostkeys_message(host, ip, host_key,
1143	user_hostfiles, num_user_hostfiles,
1144	system_hostfiles, num_system_hostfiles)) != NULL((void *)0))
1145	xextendf(&msg1, "\n", "%s", msg2);
1146
1147	xextendf(&msg1, "\n",
1148	"Are you sure you want to continue connecting "
1149	"(yes/no/[fingerprint])? ");
1150
1151	confirmed = confirm(msg1, fp);
1152	free(ra);
1153	free(fp);
1154	free(msg1);
1155	free(msg2);
1156	if (!confirmed)
1157	goto fail;
1158	hostkey_trusted = 1; /* user explicitly confirmed */
1159	}
1160	/*
1161	* If in "new" or "off" strict mode, add the key automatically
1162	* to the local known_hosts file.
1163	*/
1164	if (options.check_host_ip && ip_status == HOST_NEW) {
1165	snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
1166	hostp = hostline;
1167	if (options.hash_known_hosts) {
1168	/* Add hash of host and IP separately */
1169	r = add_host_to_hostfile(user_hostfiles[0],
1170	host, host_key, options.hash_known_hosts) &&
1171	add_host_to_hostfile(user_hostfiles[0], ip,
1172	host_key, options.hash_known_hosts);
1173	} else {
1174	/* Add unhashed "host,ip" */
1175	r = add_host_to_hostfile(user_hostfiles[0],
1176	hostline, host_key,
1177	options.hash_known_hosts);
1178	}
1179	} else {
1180	r = add_host_to_hostfile(user_hostfiles[0], host,
1181	host_key, options.hash_known_hosts);
1182	hostp = host;
1183	}
1184
1185	if (!r)
1186	logit("Failed to add the host to the list of known "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1187 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the host to the list of known " "hosts (%.500s).", user_hostfiles[0])
1187	"hosts (%.500s).", user_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1187 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the host to the list of known " "hosts (%.500s).", user_hostfiles[0]);
1188	else
1189	logit("Warning: Permanently added '%.200s' (%s) to the "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1190 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added '%.200s' (%s) to the " "list of known hosts.", hostp, type)
1190	"list of known hosts.", hostp, type)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1190 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added '%.200s' (%s) to the " "list of known hosts.", hostp, type);
1191	break;
1192	case HOST_REVOKED:
1193	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1193 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" );
1194	error("@ WARNING: REVOKED HOST KEY DETECTED! @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1194 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@ WARNING: REVOKED HOST KEY DETECTED! @" );
1195	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1195 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" );
1196	error("The %s host key for %s is marked as revoked.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1196 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The %s host key for %s is marked as revoked." , type, host);
1197	error("This could mean that a stolen key is being used to")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1197 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "This could mean that a stolen key is being used to" );
1198	error("impersonate this host.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1198 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "impersonate this host." );
1199
1200	/*
1201	* If strict host key checking is in use, the user will have
1202	* to edit the key manually and we can only abort.
1203	*/
1204	if (options.strict_host_key_checking !=
1205	SSH_STRICT_HOSTKEY_OFF0) {
1206	error("%s host key for %.200s was revoked and you have "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1207 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s host key for %.200s was revoked and you have " "requested strict checking.", type, host)
1207	"requested strict checking.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1207 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s host key for %.200s was revoked and you have " "requested strict checking.", type, host);
1208	goto fail;
1209	}
1210	goto continue_unsafe;
1211
1212	case HOST_CHANGED:
1213	if (want_cert) {
1214	/*
1215	* This is only a debug() since it is valid to have
1216	* CAs with wildcard DNS matches that don't match
1217	* all hosts that one might visit.
1218	*/
1219	debug("Host certificate authority does not "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1221 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not " "match %s in %s:%lu", "@cert-authority", host_found->file , host_found->line)
1220	"match %s in %s:%lu", CA_MARKER,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1221 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not " "match %s in %s:%lu", "@cert-authority", host_found->file , host_found->line)
1221	host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1221 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not " "match %s in %s:%lu", "@cert-authority", host_found->file , host_found->line);
1222	goto fail;
1223	}
1224	if (readonly == ROQUIET2)
1225	goto fail;
1226	if (options.check_host_ip && host_ip_differ) {
1227	char *key_msg;
1228	if (ip_status == HOST_NEW)
1229	key_msg = "is unknown";
1230	else if (ip_status == HOST_OK)
1231	key_msg = "is unchanged";
1232	else
1233	key_msg = "has a different value";
1234	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1234 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" );
1235	error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1235 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @" );
1236	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1236 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" );
1237	error("The %s host key for %s has changed,", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1237 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The %s host key for %s has changed," , type, host);
1238	error("and the key for the corresponding IP address %s", ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1238 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "and the key for the corresponding IP address %s" , ip);
1239	error("%s. This could either mean that", key_msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1239 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s. This could either mean that" , key_msg);
1240	error("DNS SPOOFING is happening or the IP address for the host")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1240 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "DNS SPOOFING is happening or the IP address for the host" );
1241	error("and its host key have changed at the same time.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1241 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "and its host key have changed at the same time." );
1242	if (ip_status != HOST_NEW)
1243	error("Offending key for IP in %s:%lu",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1244 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending key for IP in %s:%lu" , ip_found->file, ip_found->line)
1244	ip_found->file, ip_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1244 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending key for IP in %s:%lu" , ip_found->file, ip_found->line);
1245	}
1246	/* The host key has changed. */
1247	warn_changed_key(host_key);
1248	if (num_user_hostfiles > 0 \|\| num_system_hostfiles > 0) {
1249	error("Add correct host key in %.100s to get rid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid " "of this message.", num_user_hostfiles > 0 ? user_hostfiles [0] : system_hostfiles[0])
1250	"of this message.", num_user_hostfiles > 0 ?sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid " "of this message.", num_user_hostfiles > 0 ? user_hostfiles [0] : system_hostfiles[0])
1251	user_hostfiles[0] : system_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid " "of this message.", num_user_hostfiles > 0 ? user_hostfiles [0] : system_hostfiles[0]);
1252	}
1253	error("Offending %s key in %s:%lu",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu" , sshkey_type(host_found->key), host_found->file, host_found ->line)
1254	sshkey_type(host_found->key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu" , sshkey_type(host_found->key), host_found->file, host_found ->line)
1255	host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu" , sshkey_type(host_found->key), host_found->file, host_found ->line);
1256
1257	/*
1258	* If strict host key checking is in use, the user will have
1259	* to edit the key manually and we can only abort.
1260	*/
1261	if (options.strict_host_key_checking !=
1262	SSH_STRICT_HOSTKEY_OFF0) {
1263	error("Host key for %.200s has changed and you have "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1264 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key for %.200s has changed and you have " "requested strict checking.", host)
1264	"requested strict checking.", host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1264 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key for %.200s has changed and you have " "requested strict checking.", host);
1265	goto fail;
1266	}
1267
1268	continue_unsafe:
1269	/*
1270	* If strict host key checking has not been requested, allow
1271	* the connection but without MITM-able authentication or
1272	* forwarding.
1273	*/
1274	if (options.password_authentication) {
1275	error("Password authentication is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1276 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Password authentication is disabled to avoid " "man-in-the-middle attacks.")
1276	"man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1276 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Password authentication is disabled to avoid " "man-in-the-middle attacks.");
1277	options.password_authentication = 0;
1278	cancelled_forwarding = 1;
1279	}
1280	if (options.kbd_interactive_authentication) {
1281	error("Keyboard-interactive authentication is disabled"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1282 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Keyboard-interactive authentication is disabled" " to avoid man-in-the-middle attacks.")
1282	" to avoid man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1282 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Keyboard-interactive authentication is disabled" " to avoid man-in-the-middle attacks.");
1283	options.kbd_interactive_authentication = 0;
1284	cancelled_forwarding = 1;
1285	}
1286	if (options.forward_agent) {
1287	error("Agent forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1288 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Agent forwarding is disabled to avoid " "man-in-the-middle attacks.")
1288	"man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1288 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Agent forwarding is disabled to avoid " "man-in-the-middle attacks.");
1289	options.forward_agent = 0;
1290	cancelled_forwarding = 1;
1291	}
1292	if (options.forward_x11) {
1293	error("X11 forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1294 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "X11 forwarding is disabled to avoid " "man-in-the-middle attacks.")
1294	"man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1294 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "X11 forwarding is disabled to avoid " "man-in-the-middle attacks.");
1295	options.forward_x11 = 0;
1296	cancelled_forwarding = 1;
1297	}
1298	if (options.num_local_forwards > 0 \|\|
1299	options.num_remote_forwards > 0) {
1300	error("Port forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1301 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Port forwarding is disabled to avoid " "man-in-the-middle attacks.")
1301	"man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1301 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Port forwarding is disabled to avoid " "man-in-the-middle attacks.");
1302	options.num_local_forwards =
1303	options.num_remote_forwards = 0;
1304	cancelled_forwarding = 1;
1305	}
1306	if (options.tun_open != SSH_TUNMODE_NO0x00) {
1307	error("Tunnel forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1308 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Tunnel forwarding is disabled to avoid " "man-in-the-middle attacks.")
1308	"man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1308 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Tunnel forwarding is disabled to avoid " "man-in-the-middle attacks.");
1309	options.tun_open = SSH_TUNMODE_NO0x00;
1310	cancelled_forwarding = 1;
1311	}
1312	if (options.update_hostkeys != 0) {
1313	error("UpdateHostkeys is disabled because the host "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1314 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "UpdateHostkeys is disabled because the host " "key is not trusted.")
1314	"key is not trusted.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1314 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "UpdateHostkeys is disabled because the host " "key is not trusted.");
1315	options.update_hostkeys = 0;
1316	}
1317	if (options.exit_on_forward_failure && cancelled_forwarding)
1318	fatal("Error: forwarding disabled due to host key "sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1319, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Error: forwarding disabled due to host key " "check failure")
1319	"check failure")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1319, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Error: forwarding disabled due to host key " "check failure");
1320
1321	/*
1322	* XXX Should permit the user to change to use the new id.
1323	* This could be done by converting the host key to an
1324	* identifying sentence, tell that the host identifies itself
1325	* by that sentence, and ask the user if they wish to
1326	* accept the authentication.
1327	*/
1328	break;
1329	case HOST_FOUND:
1330	fatal("internal error")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1330, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "internal error");
1331	break;
1332	}
1333
1334	if (options.check_host_ip && host_status != HOST_CHANGED &&
1335	ip_status == HOST_CHANGED) {
1336	snprintf(msg, sizeof(msg),
1337	"Warning: the %s host key for '%.200s' "
1338	"differs from the key for the IP address '%.128s'"
1339	"\nOffending key for IP in %s:%lu",
1340	type, host, ip, ip_found->file, ip_found->line);
1341	if (host_status == HOST_OK) {
1342	len = strlen(msg);
1343	snprintf(msg + len, sizeof(msg) - len,
1344	"\nMatching host key in %s:%lu",
1345	host_found->file, host_found->line);
1346	}
1347	if (options.strict_host_key_checking ==
1348	SSH_STRICT_HOSTKEY_ASK3) {
1349	strlcat(msg, "\nAre you sure you want "
1350	"to continue connecting (yes/no)? ", sizeof(msg));
1351	if (!confirm(msg, NULL((void *)0)))
1352	goto fail;
1353	} else if (options.strict_host_key_checking !=
1354	SSH_STRICT_HOSTKEY_OFF0) {
1355	logit("%s", msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1355 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", msg);
1356	error("Exiting, you have requested strict checking.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1356 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Exiting, you have requested strict checking." );
1357	goto fail;
1358	} else {
1359	logit("%s", msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1359 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", msg);
1360	}
1361	}
1362
1363	if (!hostkey_trusted && options.update_hostkeys) {
1364	debug_f("hostkey not known or explicitly trusted: "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1365 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkey not known or explicitly trusted: " "disabling UpdateHostkeys")
1365	"disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1365 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkey not known or explicitly trusted: " "disabling UpdateHostkeys");
1366	options.update_hostkeys = 0;
1367	}
1368
1369	free(ip);
1370	free(host);
1371	if (host_hostkeys != NULL((void *)0))
1372	free_hostkeys(host_hostkeys);
1373	if (ip_hostkeys != NULL((void *)0))
1374	free_hostkeys(ip_hostkeys);
1375	return 0;
1376
1377	fail:
1378	if (want_cert && host_status != HOST_REVOKED) {
1379	/*
1380	* No matching certificate. Downgrade cert to raw key and
1381	* search normally.
1382	*/
1383	debug("No matching CA found. Retry with plain key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1383 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "No matching CA found. Retry with plain key" );
1384	if ((r = sshkey_from_private(host_key, &raw_key)) != 0)
1385	fatal_fr(r, "decode key")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1385, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "decode key");
1386	if ((r = sshkey_drop_cert(raw_key)) != 0)
1387	fatal_r(r, "Couldn't drop certificate")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1387, 0, SYSLOG_LEVEL_FATAL, ssh_err(r), "Couldn't drop certificate" );
1388	host_key = raw_key;
1389	goto retry;
1390	}
1391	sshkey_free(raw_key);
1392	free(ip);
1393	free(host);
1394	if (host_hostkeys != NULL((void *)0))
1395	free_hostkeys(host_hostkeys);
1396	if (ip_hostkeys != NULL((void *)0))
1397	free_hostkeys(ip_hostkeys);
1398	return -1;
1399	}
1400
1401	/* returns 0 if key verifies or -1 if key does NOT verify */
1402	int
1403	verify_host_key(char host, struct sockaddr hostaddr, struct sshkey *host_key,
1404	const struct ssh_conn_info *cinfo)
1405	{
1406	u_int i;
1407	int r = -1, flags = 0;
1408	char valid[64], fp = NULL((void )0), cafp = NULL((void )0);
1409	struct sshkey plain = NULL((void )0);
1410
1411	if ((fp = sshkey_fingerprint(host_key,
1412	options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) {
1413	error_fr(r, "fingerprint host key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1413 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "fingerprint host key");
1414	r = -1;
1415	goto out;
1416	}
1417
1418	if (sshkey_is_cert(host_key)) {
1419	if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
1420	options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) {
1421	error_fr(r, "fingerprint CA key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1421 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "fingerprint CA key");
1422	r = -1;
1423	goto out;
1424	}
1425	sshkey_format_cert_validity(host_key->cert,
1426	valid, sizeof(valid));
1427	debug("Server host certificate: %s %s, serial %llu "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid)
1428	"ID \"%s\" CA %s %s valid %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid)
1429	sshkey_ssh_name(host_key), fp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid)
1430	(unsigned long long)host_key->cert->serial,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid)
1431	host_key->cert->key_id,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid)
1432	sshkey_ssh_name(host_key->cert->signature_key), cafp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid)
1433	valid)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid);
1434	for (i = 0; i < host_key->cert->nprincipals; i++) {
1435	debug2("Server host certificate hostname: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1436 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "Server host certificate hostname: %s" , host_key->cert->principals[i])
1436	host_key->cert->principals[i])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1436 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "Server host certificate hostname: %s" , host_key->cert->principals[i]);
1437	}
1438	} else {
1439	debug("Server host key: %s %s", sshkey_ssh_name(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1439 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host key: %s %s" , sshkey_ssh_name(host_key), fp);
1440	}
1441
1442	if (sshkey_equal(previous_host_key, host_key)) {
1443	debug2_f("server host key %s %s matches cached key",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1444 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "server host key %s %s matches cached key" , sshkey_type(host_key), fp)
1444	sshkey_type(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1444 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "server host key %s %s matches cached key" , sshkey_type(host_key), fp);
1445	r = 0;
1446	goto out;
1447	}
1448
1449	/* Check in RevokedHostKeys file if specified */
1450	if (options.revoked_host_keys != NULL((void *)0)) {
1451	r = sshkey_check_revoked(host_key, options.revoked_host_keys);
1452	switch (r) {
1453	case 0:
1454	break; /* not revoked */
1455	case SSH_ERR_KEY_REVOKED-51:
1456	error("Host key %s %s revoked by file %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1458 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s" , sshkey_type(host_key), fp, options.revoked_host_keys)
1457	sshkey_type(host_key), fp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1458 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s" , sshkey_type(host_key), fp, options.revoked_host_keys)
1458	options.revoked_host_keys)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1458 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s" , sshkey_type(host_key), fp, options.revoked_host_keys);
1459	r = -1;
1460	goto out;
1461	default:
1462	error_r(r, "Error checking host key %s %s in "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in " "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys )
1463	"revoked keys file %s", sshkey_type(host_key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in " "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys )
1464	fp, options.revoked_host_keys)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in " "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys );
1465	r = -1;
1466	goto out;
1467	}
1468	}
1469
1470	if (options.verify_host_key_dns) {
1471	/*
1472	* XXX certs are not yet supported for DNS, so downgrade
1473	* them and try the plain key.
1474	*/
1475	if ((r = sshkey_from_private(host_key, &plain)) != 0)
1476	goto out;
1477	if (sshkey_is_cert(plain))
1478	sshkey_drop_cert(plain);
1479	if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
1480	if (flags & DNS_VERIFY_FOUND0x00000001) {
1481	if (options.verify_host_key_dns == 1 &&
1482	flags & DNS_VERIFY_MATCH0x00000002 &&
1483	flags & DNS_VERIFY_SECURE0x00000004) {
1484	r = 0;
1485	goto out;
1486	}
1487	if (flags & DNS_VERIFY_MATCH0x00000002) {
1488	matching_host_key_dns = 1;
1489	} else {
1490	warn_changed_key(plain);
1491	error("Update the SSHFP RR in DNS "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1493 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS " "with the new host key to get rid " "of this message.")
1492	"with the new host key to get rid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1493 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS " "with the new host key to get rid " "of this message.")
1493	"of this message.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1493 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS " "with the new host key to get rid " "of this message.");
1494	}
1495	}
1496	}
1497	}
1498	r = check_host_key(host, cinfo, hostaddr, options.port, host_key,
1499	RDRW0, 0, options.user_hostfiles, options.num_user_hostfiles,
1500	options.system_hostfiles, options.num_system_hostfiles,
1501	options.known_hosts_command);
1502
1503	out:
1504	sshkey_free(plain);
1505	free(fp);
1506	free(cafp);
1507	if (r == 0 && host_key != NULL((void *)0)) {
1508	sshkey_free(previous_host_key);
1509	r = sshkey_from_private(host_key, &previous_host_key);
1510	}
1511
1512	return r;
1513	}
1514
1515	/*
1516	* Starts a dialog with the server, and authenticates the current user on the
1517	* server. This does not need any extra privileges. The basic connection
1518	* to the server must already have been established before this is called.
1519	* If login fails, this function prints an error and never returns.
1520	* This function does not require super-user privileges.
1521	*/
1522	void
1523	ssh_login(struct ssh ssh, Sensitive sensitive, const char *orighost,
1524	struct sockaddr hostaddr, u_short port, struct passwd pw, int timeout_ms,
1525	const struct ssh_conn_info *cinfo)
1526	{
1527	char *host;
1528	char server_user, local_user;
1529	int r;
1530
1531	local_user = xstrdup(pw->pw_name);
1532	server_user = options.user ? options.user : local_user;
1533
1534	/* Convert the user-supplied hostname into all lowercase. */
1535	host = xstrdup(orighost);
1536	lowercase(host);
1537
1538	/* Exchange protocol version identification strings with the server. */
1539	if ((r = kex_exchange_identification(ssh, timeout_ms, NULL((void *)0))) != 0)
1540	sshpkt_fatal(ssh, r, "banner exchange");
1541
1542	/* Put the connection into non-blocking mode. */
1543	ssh_packet_set_nonblocking(ssh);
1544
1545	/* key exchange */
1546	/* authenticate user */
1547	debug("Authenticating to %s:%d as '%s'", host, port, server_user)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1547 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Authenticating to %s:%d as '%s'" , host, port, server_user);
1548	ssh_kex2(ssh, host, hostaddr, port, cinfo);
1549	ssh_userauth2(ssh, local_user, server_user, host, sensitive);
1550	free(local_user);
1551	free(host);
1552	}
1553
1554	/* print all known host keys for a given host, but skip keys of given type */
1555	static int
1556	show_other_keys(struct hostkeys hostkeys, struct sshkey key)
1557	{
1558	int type[] = {
1559	KEY_RSA,
1560	#ifdef WITH_DSA1
1561	KEY_DSA,
1562	#endif
1563	KEY_ECDSA,
1564	KEY_ED25519,
1565	KEY_XMSS,
1566	-1
1567	};
1568	int i, ret = 0;
1569	char fp, ra;
1570	const struct hostkey_entry *found;
1571
1572	for (i = 0; type[i] != -1; i++) {
1573	if (type[i] == key->type)
1574	continue;
1575	if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i],
1576	-1, &found))
1577	continue;
1578	fp = sshkey_fingerprint(found->key,
1579	options.fingerprint_hash, SSH_FP_DEFAULT);
1580	ra = sshkey_fingerprint(found->key,
1581	options.fingerprint_hash, SSH_FP_RANDOMART);
1582	if (fp == NULL((void )0) \|\| ra == NULL((void )0))
1583	fatal_f("sshkey_fingerprint fail")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1583, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint fail" );
1584	logit("WARNING: %s key found for host %s\n"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp)
1585	"in %s:%lu\n"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp)
1586	"%s key fingerprint %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp)
1587	sshkey_type(found->key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp)
1588	found->host, found->file, found->line,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp)
1589	sshkey_type(found->key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp);
1590	if (options.visual_host_key)
1591	logit("%s", ra)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1591 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", ra);
1592	free(ra);
1593	free(fp);
1594	ret = 1;
1595	}
1596	return ret;
1597	}
1598
1599	static void
1600	warn_changed_key(struct sshkey *host_key)
1601	{
1602	char *fp;
1603
1604	fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
1605	SSH_FP_DEFAULT);
1606	if (fp == NULL((void *)0))
1607	fatal_f("sshkey_fingerprint fail")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1607, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint fail" );
1608
1609	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1609 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" );
1610	error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1610 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @" );
1611	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1611 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" );
1612	error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1612 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!" );
1613	error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1613 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Someone could be eavesdropping on you right now (man-in-the-middle attack)!" );
1614	error("It is also possible that a host key has just been changed.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1614 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "It is also possible that a host key has just been changed." );
1615	error("The fingerprint for the %s key sent by the remote host is\n%s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1616 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The fingerprint for the %s key sent by the remote host is\n%s." , sshkey_type(host_key), fp)
1616	sshkey_type(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1616 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The fingerprint for the %s key sent by the remote host is\n%s." , sshkey_type(host_key), fp);
1617	error("Please contact your system administrator.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1617 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Please contact your system administrator." );
1618
1619	free(fp);
1620	}
1621
1622	/*
1623	* Execute a local command
1624	*/
1625	int
1626	ssh_local_cmd(const char *args)
1627	{
1628	char *shell;
1629	pid_t pid;
1630	int status;
1631	void (*osighand)(int);
1632
1633	if (!options.permit_local_command \|\|
1634	args == NULL((void )0) \|\| !args)
1635	return (1);
1636
1637	if ((shell = getenv("SHELL")) == NULL((void )0) \|\| shell == '\0')
1638	shell = _PATH_BSHELL"/bin/sh";
1639
1640	osighand = ssh_signal(SIGCHLD20, SIG_DFL(void (*)(int))0);
1641	pid = fork();
1642	if (pid == 0) {
1643	ssh_signal(SIGPIPE13, SIG_DFL(void (*)(int))0);
1644	debug3("Executing %s -c \"%s\"", shell, args)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1644 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "Executing %s -c \"%s\"" , shell, args);
1645	execl(shell, shell, "-c", args, (char )NULL((void )0));
1646	error("Couldn't execute %s -c \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1647 , 0, SYSLOG_LEVEL_ERROR, ((void )0), "Couldn't execute %s -c \"%s\": %s" , shell, args, strerror((__errno())))
1647	shell, args, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1647 , 0, SYSLOG_LEVEL_ERROR, ((void )0), "Couldn't execute %s -c \"%s\": %s" , shell, args, strerror((__errno())));
1648	_exit(1);
1649	} else if (pid == -1)
1650	fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1650, 0, SYSLOG_LEVEL_FATAL, ((void )0), "fork failed: %.100s" , strerror((__errno())));
1651	while (waitpid(pid, &status, 0) == -1)
1652	if (errno(*__errno()) != EINTR4)
1653	fatal("Couldn't wait for child: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1653, 0, SYSLOG_LEVEL_FATAL, ((void )0), "Couldn't wait for child: %s" , strerror((__errno())));
1654	ssh_signal(SIGCHLD20, osighand);
1655
1656	if (!WIFEXITED(status)(((status) & 0177) == 0))
1657	return (1);
1658
1659	return (WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff));
1660	}
1661
1662	void
1663	maybe_add_key_to_agent(const char authfile, struct sshkey private,
1664	const char comment, const char passphrase)
1665	{
1666	int auth_sock = -1, r;
1667	const char skprovider = NULL((void )0);
1668
1669	if (options.add_keys_to_agent == 0)
1670	return;
1671
1672	if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
	Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
1673	debug3("no authentication agent, not adding key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1673 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "no authentication agent, not adding key" );
1674	return;
1675	}
1676
1677	if (options.add_keys_to_agent == 2 &&
1678	!ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
1679	debug3("user denied adding this key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1679 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "user denied adding this key" );
1680	close(auth_sock);
1681	return;
1682	}
1683	if (sshkey_is_sk(private))
1684	skprovider = options.sk_provider;
1685	if ((r = ssh_add_identity_constrained(auth_sock, private,
1686	comment == NULL((void *)0) ? authfile : comment,
1687	options.add_keys_to_agent_lifespan,
1688	(options.add_keys_to_agent == 3), 0, skprovider, NULL((void *)0), 0)) == 0)
1689	debug("identity added to agent: %s", authfile)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1689 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "identity added to agent: %s" , authfile);
1690	else
1691	debug("could not add identity to agent: %s (%d)", authfile, r)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1691 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "could not add identity to agent: %s (%d)" , authfile, r);
1692	close(auth_sock);
1693	}