File: | src/usr.bin/ssh/ssh/../sshconnect.c |
Warning: | line 379, column 8 Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: sshconnect.c,v 1.366 2024/01/11 01:45:36 djm Exp $ */ |
2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved |
6 | * Code to connect to a remote host, and to perform the client side of the |
7 | * login (authentication) dialog. |
8 | * |
9 | * As far as I am concerned, the code I have written for this software |
10 | * can be used freely for any purpose. Any derived versions of this |
11 | * software must be clearly marked as such, and if the derived work is |
12 | * incompatible with the protocol description in the RFC file, it must be |
13 | * called by a name other than "ssh" or "Secure Shell". |
14 | */ |
15 | |
16 | #include <sys/types.h> |
17 | #include <sys/wait.h> |
18 | #include <sys/stat.h> |
19 | #include <sys/socket.h> |
20 | #include <sys/time.h> |
21 | |
22 | #include <net/if.h> |
23 | #include <netinet/in.h> |
24 | |
25 | #include <ctype.h> |
26 | #include <errno(*__errno()).h> |
27 | #include <fcntl.h> |
28 | #include <netdb.h> |
29 | #include <limits.h> |
30 | #include <paths.h> |
31 | #include <signal.h> |
32 | #include <pwd.h> |
33 | #include <stdio.h> |
34 | #include <stdlib.h> |
35 | #include <stdarg.h> |
36 | #include <string.h> |
37 | #include <unistd.h> |
38 | #include <ifaddrs.h> |
39 | |
40 | #include "xmalloc.h" |
41 | #include "ssh.h" |
42 | #include "sshbuf.h" |
43 | #include "packet.h" |
44 | #include "sshkey.h" |
45 | #include "sshconnect.h" |
46 | #include "hostfile.h" |
47 | #include "log.h" |
48 | #include "misc.h" |
49 | #include "readconf.h" |
50 | #include "atomicio.h" |
51 | #include "dns.h" |
52 | #include "monitor_fdpass.h" |
53 | #include "ssh2.h" |
54 | #include "version.h" |
55 | #include "authfile.h" |
56 | #include "ssherr.h" |
57 | #include "authfd.h" |
58 | #include "kex.h" |
59 | |
60 | struct sshkey *previous_host_key = NULL((void *)0); |
61 | |
62 | static int matching_host_key_dns = 0; |
63 | |
64 | static pid_t proxy_command_pid = 0; |
65 | |
66 | /* import */ |
67 | extern int debug_flag; |
68 | extern Options options; |
69 | extern char *__progname; |
70 | |
71 | static int show_other_keys(struct hostkeys *, struct sshkey *); |
72 | static void warn_changed_key(struct sshkey *); |
73 | |
74 | /* Expand a proxy command */ |
75 | static char * |
76 | expand_proxy_command(const char *proxy_command, const char *user, |
77 | const char *host, const char *host_arg, int port) |
78 | { |
79 | char *tmp, *ret, strport[NI_MAXSERV32]; |
80 | const char *keyalias = options.host_key_alias ? |
81 | options.host_key_alias : host_arg; |
82 | |
83 | snprintf(strport, sizeof strport, "%d", port); |
84 | xasprintf(&tmp, "exec %s", proxy_command); |
85 | ret = percent_expand(tmp, |
86 | "h", host, |
87 | "k", keyalias, |
88 | "n", host_arg, |
89 | "p", strport, |
90 | "r", options.user, |
91 | (char *)NULL((void *)0)); |
92 | free(tmp); |
93 | return ret; |
94 | } |
95 | |
96 | /* |
97 | * Connect to the given ssh server using a proxy command that passes a |
98 | * a connected fd back to us. |
99 | */ |
100 | static int |
101 | ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, |
102 | const char *host_arg, u_short port, const char *proxy_command) |
103 | { |
104 | char *command_string; |
105 | int sp[2], sock; |
106 | pid_t pid; |
107 | char *shell; |
108 | |
109 | if ((shell = getenv("SHELL")) == NULL((void *)0)) |
110 | shell = _PATH_BSHELL"/bin/sh"; |
111 | |
112 | if (socketpair(AF_UNIX1, SOCK_STREAM1, 0, sp) == -1) |
113 | fatal("Could not create socketpair to communicate with "sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 114, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror((*__errno()))) |
114 | "proxy dialer: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 114, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror((*__errno()))); |
115 | |
116 | command_string = expand_proxy_command(proxy_command, options.user, |
117 | host, host_arg, port); |
118 | debug("Executing proxy dialer command: %.500s", command_string)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 118 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Executing proxy dialer command: %.500s" , command_string); |
119 | |
120 | /* Fork and execute the proxy command. */ |
121 | if ((pid = fork()) == 0) { |
122 | char *argv[10]; |
123 | |
124 | close(sp[1]); |
125 | /* Redirect stdin and stdout. */ |
126 | if (sp[0] != 0) { |
127 | if (dup2(sp[0], 0) == -1) |
128 | perror("dup2 stdin"); |
129 | } |
130 | if (sp[0] != 1) { |
131 | if (dup2(sp[0], 1) == -1) |
132 | perror("dup2 stdout"); |
133 | } |
134 | if (sp[0] >= 2) |
135 | close(sp[0]); |
136 | |
137 | /* |
138 | * Stderr is left for non-ControlPersist connections is so |
139 | * error messages may be printed on the user's terminal. |
140 | */ |
141 | if (!debug_flag && options.control_path != NULL((void *)0) && |
142 | options.control_persist && stdfd_devnull(0, 0, 1) == -1) |
143 | error_f("stdfd_devnull failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 143 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "stdfd_devnull failed"); |
144 | |
145 | argv[0] = shell; |
146 | argv[1] = "-c"; |
147 | argv[2] = command_string; |
148 | argv[3] = NULL((void *)0); |
149 | |
150 | /* |
151 | * Execute the proxy command. |
152 | * Note that we gave up any extra privileges above. |
153 | */ |
154 | execv(argv[0], argv); |
155 | perror(argv[0]); |
156 | exit(1); |
157 | } |
158 | /* Parent. */ |
159 | if (pid == -1) |
160 | fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 160, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fork failed: %.100s" , strerror((*__errno()))); |
161 | close(sp[0]); |
162 | free(command_string); |
163 | |
164 | if ((sock = mm_receive_fd(sp[1])) == -1) |
165 | fatal("proxy dialer did not pass back a connection")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 165, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "proxy dialer did not pass back a connection" ); |
166 | close(sp[1]); |
167 | |
168 | while (waitpid(pid, NULL((void *)0), 0) == -1) |
169 | if (errno(*__errno()) != EINTR4) |
170 | fatal("Couldn't wait for child: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 170, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Couldn't wait for child: %s" , strerror((*__errno()))); |
171 | |
172 | /* Set the connection file descriptors. */ |
173 | if (ssh_packet_set_connection(ssh, sock, sock) == NULL((void *)0)) |
174 | return -1; /* ssh_packet_set_connection logs error */ |
175 | |
176 | return 0; |
177 | } |
178 | |
179 | /* |
180 | * Connect to the given ssh server using a proxy command. |
181 | */ |
182 | static int |
183 | ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg, |
184 | u_short port, const char *proxy_command) |
185 | { |
186 | char *command_string; |
187 | int pin[2], pout[2]; |
188 | pid_t pid; |
189 | char *shell; |
190 | |
191 | if ((shell = getenv("SHELL")) == NULL((void *)0) || *shell == '\0') |
192 | shell = _PATH_BSHELL"/bin/sh"; |
193 | |
194 | /* Create pipes for communicating with the proxy. */ |
195 | if (pipe(pin) == -1 || pipe(pout) == -1) |
196 | fatal("Could not create pipes to communicate with the proxy: %.100s",sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 197, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create pipes to communicate with the proxy: %.100s" , strerror((*__errno()))) |
197 | strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 197, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create pipes to communicate with the proxy: %.100s" , strerror((*__errno()))); |
198 | |
199 | command_string = expand_proxy_command(proxy_command, options.user, |
200 | host, host_arg, port); |
201 | debug("Executing proxy command: %.500s", command_string)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 201 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Executing proxy command: %.500s" , command_string); |
202 | |
203 | /* Fork and execute the proxy command. */ |
204 | if ((pid = fork()) == 0) { |
205 | char *argv[10]; |
206 | |
207 | /* Redirect stdin and stdout. */ |
208 | close(pin[1]); |
209 | if (pin[0] != 0) { |
210 | if (dup2(pin[0], 0) == -1) |
211 | perror("dup2 stdin"); |
212 | close(pin[0]); |
213 | } |
214 | close(pout[0]); |
215 | if (dup2(pout[1], 1) == -1) |
216 | perror("dup2 stdout"); |
217 | /* Cannot be 1 because pin allocated two descriptors. */ |
218 | close(pout[1]); |
219 | |
220 | /* |
221 | * Stderr is left for non-ControlPersist connections is so |
222 | * error messages may be printed on the user's terminal. |
223 | */ |
224 | if (!debug_flag && options.control_path != NULL((void *)0) && |
225 | options.control_persist && stdfd_devnull(0, 0, 1) == -1) |
226 | error_f("stdfd_devnull failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 226 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "stdfd_devnull failed"); |
227 | |
228 | argv[0] = shell; |
229 | argv[1] = "-c"; |
230 | argv[2] = command_string; |
231 | argv[3] = NULL((void *)0); |
232 | |
233 | /* |
234 | * Execute the proxy command. Note that we gave up any |
235 | * extra privileges above. |
236 | */ |
237 | ssh_signal(SIGPIPE13, SIG_DFL(void (*)(int))0); |
238 | execv(argv[0], argv); |
239 | perror(argv[0]); |
240 | exit(1); |
241 | } |
242 | /* Parent. */ |
243 | if (pid == -1) |
244 | fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 244, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fork failed: %.100s" , strerror((*__errno()))); |
245 | else |
246 | proxy_command_pid = pid; /* save pid to clean up later */ |
247 | |
248 | /* Close child side of the descriptors. */ |
249 | close(pin[0]); |
250 | close(pout[1]); |
251 | |
252 | /* Free the command name. */ |
253 | free(command_string); |
254 | |
255 | /* Set the connection file descriptors. */ |
256 | if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == NULL((void *)0)) |
257 | return -1; /* ssh_packet_set_connection logs error */ |
258 | |
259 | return 0; |
260 | } |
261 | |
262 | void |
263 | ssh_kill_proxy_command(void) |
264 | { |
265 | /* |
266 | * Send SIGHUP to proxy command if used. We don't wait() in |
267 | * case it hangs and instead rely on init to reap the child |
268 | */ |
269 | if (proxy_command_pid > 1) |
270 | kill(proxy_command_pid, SIGHUP1); |
271 | } |
272 | |
273 | /* |
274 | * Search a interface address list (returned from getifaddrs(3)) for an |
275 | * address that matches the desired address family on the specified interface. |
276 | * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure. |
277 | */ |
278 | static int |
279 | check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, |
280 | struct sockaddr_storage *resultp, socklen_t *rlenp) |
281 | { |
282 | struct sockaddr_in6 *sa6; |
283 | struct sockaddr_in *sa; |
284 | struct in6_addr *v6addr; |
285 | const struct ifaddrs *ifa; |
286 | int allow_local; |
287 | |
288 | /* |
289 | * Prefer addresses that are not loopback or linklocal, but use them |
290 | * if nothing else matches. |
291 | */ |
292 | for (allow_local = 0; allow_local < 2; allow_local++) { |
293 | for (ifa = ifaddrs; ifa != NULL((void *)0); ifa = ifa->ifa_next) { |
294 | if (ifa->ifa_addr == NULL((void *)0) || ifa->ifa_name == NULL((void *)0) || |
295 | (ifa->ifa_flags & IFF_UP0x1) == 0 || |
296 | ifa->ifa_addr->sa_family != af || |
297 | strcmp(ifa->ifa_name, options.bind_interface) != 0) |
298 | continue; |
299 | switch (ifa->ifa_addr->sa_family) { |
300 | case AF_INET2: |
301 | sa = (struct sockaddr_in *)ifa->ifa_addr; |
302 | if (!allow_local && sa->sin_addr.s_addr == |
303 | htonl(INADDR_LOOPBACK)(__uint32_t)(__builtin_constant_p(((u_int32_t)(0x7f000001))) ? (__uint32_t)(((__uint32_t)(((u_int32_t)(0x7f000001))) & 0xff ) << 24 | ((__uint32_t)(((u_int32_t)(0x7f000001))) & 0xff00) << 8 | ((__uint32_t)(((u_int32_t)(0x7f000001)) ) & 0xff0000) >> 8 | ((__uint32_t)(((u_int32_t)(0x7f000001 ))) & 0xff000000) >> 24) : __swap32md(((u_int32_t)( 0x7f000001))))) |
304 | continue; |
305 | if (*rlenp < sizeof(struct sockaddr_in)) { |
306 | error_f("v4 addr doesn't fit")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 306 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "v4 addr doesn't fit"); |
307 | return -1; |
308 | } |
309 | *rlenp = sizeof(struct sockaddr_in); |
310 | memcpy(resultp, sa, *rlenp); |
311 | return 0; |
312 | case AF_INET624: |
313 | sa6 = (struct sockaddr_in6 *)ifa->ifa_addr; |
314 | v6addr = &sa6->sin6_addr; |
315 | if (!allow_local && |
316 | (IN6_IS_ADDR_LINKLOCAL(v6addr)(((v6addr)->__u6_addr.__u6_addr8[0] == 0xfe) && (( (v6addr)->__u6_addr.__u6_addr8[1] & 0xc0) == 0x80)) || |
317 | IN6_IS_ADDR_LOOPBACK(v6addr)((*(const u_int32_t *)(const void *)(&(v6addr)->__u6_addr .__u6_addr8[0]) == 0) && (*(const u_int32_t *)(const void *)(&(v6addr)->__u6_addr.__u6_addr8[4]) == 0) && (*(const u_int32_t *)(const void *)(&(v6addr)->__u6_addr .__u6_addr8[8]) == 0) && (*(const u_int32_t *)(const void *)(&(v6addr)->__u6_addr.__u6_addr8[12]) == (__uint32_t )(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) & 0xff) << 24 | ((__uint32_t)(1) & 0xff00) << 8 | ((__uint32_t)(1) & 0xff0000) >> 8 | ((__uint32_t )(1) & 0xff000000) >> 24) : __swap32md(1)))))) |
318 | continue; |
319 | if (*rlenp < sizeof(struct sockaddr_in6)) { |
320 | error_f("v6 addr doesn't fit")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 320 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "v6 addr doesn't fit"); |
321 | return -1; |
322 | } |
323 | *rlenp = sizeof(struct sockaddr_in6); |
324 | memcpy(resultp, sa6, *rlenp); |
325 | return 0; |
326 | } |
327 | } |
328 | } |
329 | return -1; |
330 | } |
331 | |
332 | /* |
333 | * Creates a socket for use as the ssh connection. |
334 | */ |
335 | static int |
336 | ssh_create_socket(struct addrinfo *ai) |
337 | { |
338 | int sock, r; |
339 | struct sockaddr_storage bindaddr; |
340 | socklen_t bindaddrlen = 0; |
341 | struct addrinfo hints, *res = NULL((void *)0); |
342 | struct ifaddrs *ifaddrs = NULL((void *)0); |
343 | char ntop[NI_MAXHOST256]; |
344 | |
345 | sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); |
346 | if (sock == -1) { |
347 | error("socket: %s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 347 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "socket: %s", strerror( (*__errno()))); |
348 | return -1; |
349 | } |
350 | (void)fcntl(sock, F_SETFD2, FD_CLOEXEC1); |
351 | |
352 | /* Use interactive QOS (if specified) until authentication completed */ |
353 | if (options.ip_qos_interactive != INT_MAX0x7fffffff) |
354 | set_sock_tos(sock, options.ip_qos_interactive); |
355 | |
356 | /* Bind the socket to an alternative local IP address */ |
357 | if (options.bind_address == NULL((void *)0) && options.bind_interface == NULL((void *)0)) |
358 | return sock; |
359 | |
360 | if (options.bind_address != NULL((void *)0)) { |
361 | memset(&hints, 0, sizeof(hints)); |
362 | hints.ai_family = ai->ai_family; |
363 | hints.ai_socktype = ai->ai_socktype; |
364 | hints.ai_protocol = ai->ai_protocol; |
365 | hints.ai_flags = AI_PASSIVE1; |
366 | if ((r = getaddrinfo(options.bind_address, NULL((void *)0), |
367 | &hints, &res)) != 0) { |
368 | error("getaddrinfo: %s: %s", options.bind_address,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 369 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: %s: %s", options .bind_address, ssh_gai_strerror(r)) |
369 | ssh_gai_strerror(r))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 369 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: %s: %s", options .bind_address, ssh_gai_strerror(r)); |
370 | goto fail; |
371 | } |
372 | if (res == NULL((void *)0)) { |
373 | error("getaddrinfo: no addrs")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 373 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: no addrs" ); |
374 | goto fail; |
375 | } |
376 | memcpy(&bindaddr, res->ai_addr, res->ai_addrlen); |
377 | bindaddrlen = res->ai_addrlen; |
378 | } else if (options.bind_interface != NULL((void *)0)) { |
379 | if ((r = getifaddrs(&ifaddrs)) != 0) { |
Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r' | |
380 | error("getifaddrs: %s: %s", options.bind_interface,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 381 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getifaddrs: %s: %s", options .bind_interface, strerror((*__errno()))) |
381 | strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 381 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getifaddrs: %s: %s", options .bind_interface, strerror((*__errno()))); |
382 | goto fail; |
383 | } |
384 | bindaddrlen = sizeof(bindaddr); |
385 | if (check_ifaddrs(options.bind_interface, ai->ai_family, |
386 | ifaddrs, &bindaddr, &bindaddrlen) != 0) { |
387 | logit("getifaddrs: %s: no suitable addresses",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 388 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "getifaddrs: %s: no suitable addresses" , options.bind_interface) |
388 | options.bind_interface)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 388 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "getifaddrs: %s: no suitable addresses" , options.bind_interface); |
389 | goto fail; |
390 | } |
391 | } |
392 | if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen, |
393 | ntop, sizeof(ntop), NULL((void *)0), 0, NI_NUMERICHOST1)) != 0) { |
394 | error_f("getnameinfo failed: %s", ssh_gai_strerror(r))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 394 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "getnameinfo failed: %s" , ssh_gai_strerror(r)); |
395 | goto fail; |
396 | } |
397 | if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) { |
398 | error("bind %s: %s", ntop, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 398 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "bind %s: %s", ntop, strerror ((*__errno()))); |
399 | goto fail; |
400 | } |
401 | debug_f("bound to %s", ntop)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 401 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "bound to %s", ntop); |
402 | /* success */ |
403 | goto out; |
404 | fail: |
405 | close(sock); |
406 | sock = -1; |
407 | out: |
408 | if (res != NULL((void *)0)) |
409 | freeaddrinfo(res); |
410 | if (ifaddrs != NULL((void *)0)) |
411 | freeifaddrs(ifaddrs); |
412 | return sock; |
413 | } |
414 | |
415 | /* |
416 | * Opens a TCP/IP connection to the remote server on the given host. |
417 | * The address of the remote host will be returned in hostaddr. |
418 | * If port is 0, the default port will be used. |
419 | * Connection_attempts specifies the maximum number of tries (one per |
420 | * second). If proxy_command is non-NULL, it specifies the command (with %h |
421 | * and %p substituted for host and port, respectively) to use to contact |
422 | * the daemon. |
423 | */ |
424 | static int |
425 | ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, |
426 | struct sockaddr_storage *hostaddr, u_short port, int connection_attempts, |
427 | int *timeout_ms, int want_keepalive) |
428 | { |
429 | int on = 1, saved_timeout_ms = *timeout_ms; |
430 | int oerrno, sock = -1, attempt; |
431 | char ntop[NI_MAXHOST256], strport[NI_MAXSERV32]; |
432 | struct addrinfo *ai; |
433 | |
434 | debug3_f("entering")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 434 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "entering"); |
435 | memset(ntop, 0, sizeof(ntop)); |
436 | memset(strport, 0, sizeof(strport)); |
437 | |
438 | for (attempt = 0; attempt < connection_attempts; attempt++) { |
439 | if (attempt > 0) { |
440 | /* Sleep a moment before retrying. */ |
441 | sleep(1); |
442 | debug("Trying again...")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 442 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Trying again..."); |
443 | } |
444 | /* |
445 | * Loop through addresses for this host, and try each one in |
446 | * sequence until the connection succeeds. |
447 | */ |
448 | for (ai = aitop; ai; ai = ai->ai_next) { |
449 | if (ai->ai_family != AF_INET2 && |
450 | ai->ai_family != AF_INET624) { |
451 | errno(*__errno()) = EAFNOSUPPORT47; |
452 | continue; |
453 | } |
454 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen, |
455 | ntop, sizeof(ntop), strport, sizeof(strport), |
456 | NI_NUMERICHOST1|NI_NUMERICSERV2) != 0) { |
457 | oerrno = errno(*__errno()); |
458 | error_f("getnameinfo failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 458 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "getnameinfo failed"); |
459 | errno(*__errno()) = oerrno; |
460 | continue; |
461 | } |
462 | if (options.address_family != AF_UNSPEC0 && |
463 | ai->ai_family != options.address_family) { |
464 | debug2_f("skipping address [%s]:%s: "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 465 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "skipping address [%s]:%s: " "wrong address family", ntop, strport) |
465 | "wrong address family", ntop, strport)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 465 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "skipping address [%s]:%s: " "wrong address family", ntop, strport); |
466 | errno(*__errno()) = EAFNOSUPPORT47; |
467 | continue; |
468 | } |
469 | |
470 | debug("Connecting to %.200s [%.100s] port %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 471 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connecting to %.200s [%.100s] port %s." , host, ntop, strport) |
471 | host, ntop, strport)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 471 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connecting to %.200s [%.100s] port %s." , host, ntop, strport); |
472 | |
473 | /* Create a socket for connecting. */ |
474 | sock = ssh_create_socket(ai); |
475 | if (sock < 0) { |
476 | /* Any error is already output */ |
477 | errno(*__errno()) = 0; |
478 | continue; |
479 | } |
480 | |
481 | *timeout_ms = saved_timeout_ms; |
482 | if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen, |
483 | timeout_ms) >= 0) { |
484 | /* Successful connection. */ |
485 | memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); |
486 | break; |
487 | } else { |
488 | oerrno = errno(*__errno()); |
489 | debug("connect to address %s port %s: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 490 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "connect to address %s port %s: %s" , ntop, strport, strerror((*__errno()))) |
490 | ntop, strport, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 490 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "connect to address %s port %s: %s" , ntop, strport, strerror((*__errno()))); |
491 | close(sock); |
492 | sock = -1; |
493 | errno(*__errno()) = oerrno; |
494 | } |
495 | } |
496 | if (sock != -1) |
497 | break; /* Successful connection. */ |
498 | } |
499 | |
500 | /* Return failure if we didn't get a successful connection. */ |
501 | if (sock == -1) { |
502 | error("ssh: connect to host %s port %s: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 503 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "ssh: connect to host %s port %s: %s" , host, strport, (*__errno()) == 0 ? "failure" : strerror((*__errno ()))) |
503 | host, strport, errno == 0 ? "failure" : strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 503 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "ssh: connect to host %s port %s: %s" , host, strport, (*__errno()) == 0 ? "failure" : strerror((*__errno ()))); |
504 | return -1; |
505 | } |
506 | |
507 | debug("Connection established.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 507 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connection established." ); |
508 | |
509 | /* Set SO_KEEPALIVE if requested. */ |
510 | if (want_keepalive && |
511 | setsockopt(sock, SOL_SOCKET0xffff, SO_KEEPALIVE0x0008, (void *)&on, |
512 | sizeof(on)) == -1) |
513 | error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 513 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "setsockopt SO_KEEPALIVE: %.100s" , strerror((*__errno()))); |
514 | |
515 | /* Set the connection. */ |
516 | if (ssh_packet_set_connection(ssh, sock, sock) == NULL((void *)0)) |
517 | return -1; /* ssh_packet_set_connection logs error */ |
518 | |
519 | return 0; |
520 | } |
521 | |
522 | int |
523 | ssh_connect(struct ssh *ssh, const char *host, const char *host_arg, |
524 | struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port, |
525 | int connection_attempts, int *timeout_ms, int want_keepalive) |
526 | { |
527 | int in, out; |
528 | |
529 | if (options.proxy_command == NULL((void *)0)) { |
530 | return ssh_connect_direct(ssh, host, addrs, hostaddr, port, |
531 | connection_attempts, timeout_ms, want_keepalive); |
532 | } else if (strcmp(options.proxy_command, "-") == 0) { |
533 | if ((in = dup(STDIN_FILENO0)) == -1 || |
534 | (out = dup(STDOUT_FILENO1)) == -1) { |
535 | if (in >= 0) |
536 | close(in); |
537 | error_f("dup() in/out failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 537 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "dup() in/out failed"); |
538 | return -1; /* ssh_packet_set_connection logs error */ |
539 | } |
540 | if ((ssh_packet_set_connection(ssh, in, out)) == NULL((void *)0)) |
541 | return -1; /* ssh_packet_set_connection logs error */ |
542 | return 0; |
543 | } else if (options.proxy_use_fdpass) { |
544 | return ssh_proxy_fdpass_connect(ssh, host, host_arg, port, |
545 | options.proxy_command); |
546 | } |
547 | return ssh_proxy_connect(ssh, host, host_arg, port, |
548 | options.proxy_command); |
549 | } |
550 | |
551 | /* defaults to 'no' */ |
552 | static int |
553 | confirm(const char *prompt, const char *fingerprint) |
554 | { |
555 | const char *msg, *again = "Please type 'yes' or 'no': "; |
556 | const char *again_fp = "Please type 'yes', 'no' or the fingerprint: "; |
557 | char *p, *cp; |
558 | int ret = -1; |
559 | |
560 | if (options.batch_mode) |
561 | return 0; |
562 | for (msg = prompt;;msg = fingerprint ? again_fp : again) { |
563 | cp = p = read_passphrase(msg, RP_ECHO0x0001); |
564 | if (p == NULL((void *)0)) |
565 | return 0; |
566 | p += strspn(p, " \t"); /* skip leading whitespace */ |
567 | p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */ |
568 | if (p[0] == '\0' || strcasecmp(p, "no") == 0) |
569 | ret = 0; |
570 | else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL((void *)0) && |
571 | strcmp(p, fingerprint) == 0)) |
572 | ret = 1; |
573 | free(cp); |
574 | if (ret != -1) |
575 | return ret; |
576 | } |
577 | } |
578 | |
579 | static int |
580 | sockaddr_is_local(struct sockaddr *hostaddr) |
581 | { |
582 | switch (hostaddr->sa_family) { |
583 | case AF_INET2: |
584 | return (ntohl(((struct sockaddr_in *)hostaddr)->(__uint32_t)(__builtin_constant_p(((struct sockaddr_in *)hostaddr )-> sin_addr.s_addr) ? (__uint32_t)(((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr) & 0xff) << 24 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr .s_addr) & 0xff00) << 8 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr) & 0xff0000) >> 8 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr .s_addr) & 0xff000000) >> 24) : __swap32md(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr)) |
585 | sin_addr.s_addr)(__uint32_t)(__builtin_constant_p(((struct sockaddr_in *)hostaddr )-> sin_addr.s_addr) ? (__uint32_t)(((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr) & 0xff) << 24 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr .s_addr) & 0xff00) << 8 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr) & 0xff0000) >> 8 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr .s_addr) & 0xff000000) >> 24) : __swap32md(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr)) >> 24) == IN_LOOPBACKNET127; |
586 | case AF_INET624: |
587 | return IN6_IS_ADDR_LOOPBACK(((*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr))->__u6_addr.__u6_addr8[0]) == 0 ) && (*(const u_int32_t *)(const void *)(&(&( ((struct sockaddr_in6 *)hostaddr)->sin6_addr))->__u6_addr .__u6_addr8[4]) == 0) && (*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr ))->__u6_addr.__u6_addr8[8]) == 0) && (*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr )->sin6_addr))->__u6_addr.__u6_addr8[12]) == (__uint32_t )(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) & 0xff) << 24 | ((__uint32_t)(1) & 0xff00) << 8 | ((__uint32_t)(1) & 0xff0000) >> 8 | ((__uint32_t )(1) & 0xff000000) >> 24) : __swap32md(1)))) |
588 | &(((struct sockaddr_in6 *)hostaddr)->sin6_addr))((*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr))->__u6_addr.__u6_addr8[0]) == 0 ) && (*(const u_int32_t *)(const void *)(&(&( ((struct sockaddr_in6 *)hostaddr)->sin6_addr))->__u6_addr .__u6_addr8[4]) == 0) && (*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr ))->__u6_addr.__u6_addr8[8]) == 0) && (*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr )->sin6_addr))->__u6_addr.__u6_addr8[12]) == (__uint32_t )(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) & 0xff) << 24 | ((__uint32_t)(1) & 0xff00) << 8 | ((__uint32_t)(1) & 0xff0000) >> 8 | ((__uint32_t )(1) & 0xff000000) >> 24) : __swap32md(1)))); |
589 | default: |
590 | return 0; |
591 | } |
592 | } |
593 | |
594 | /* |
595 | * Prepare the hostname and ip address strings that are used to lookup |
596 | * host keys in known_hosts files. These may have a port number appended. |
597 | */ |
598 | void |
599 | get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, |
600 | u_short port, char **hostfile_hostname, char **hostfile_ipaddr) |
601 | { |
602 | char ntop[NI_MAXHOST256]; |
603 | |
604 | /* |
605 | * We don't have the remote ip-address for connections |
606 | * using a proxy command |
607 | */ |
608 | if (hostfile_ipaddr != NULL((void *)0)) { |
609 | if (options.proxy_command == NULL((void *)0)) { |
610 | if (getnameinfo(hostaddr, hostaddr->sa_len, |
611 | ntop, sizeof(ntop), NULL((void *)0), 0, NI_NUMERICHOST1) != 0) |
612 | fatal_f("getnameinfo failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 612, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "getnameinfo failed" ); |
613 | *hostfile_ipaddr = put_host_port(ntop, port); |
614 | } else { |
615 | *hostfile_ipaddr = xstrdup("<no hostip for proxy " |
616 | "command>"); |
617 | } |
618 | } |
619 | |
620 | /* |
621 | * Allow the user to record the key under a different name or |
622 | * differentiate a non-standard port. This is useful for ssh |
623 | * tunneling over forwarded connections or if you run multiple |
624 | * sshd's on different ports on the same machine. |
625 | */ |
626 | if (hostfile_hostname != NULL((void *)0)) { |
627 | if (options.host_key_alias != NULL((void *)0)) { |
628 | *hostfile_hostname = xstrdup(options.host_key_alias); |
629 | debug("using hostkeyalias: %s", *hostfile_hostname)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 629 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "using hostkeyalias: %s" , *hostfile_hostname); |
630 | } else { |
631 | *hostfile_hostname = put_host_port(hostname, port); |
632 | } |
633 | } |
634 | } |
635 | |
636 | /* returns non-zero if path appears in hostfiles, or 0 if not. */ |
637 | static int |
638 | path_in_hostfiles(const char *path, char **hostfiles, u_int num_hostfiles) |
639 | { |
640 | u_int i; |
641 | |
642 | for (i = 0; i < num_hostfiles; i++) { |
643 | if (strcmp(path, hostfiles[i]) == 0) |
644 | return 1; |
645 | } |
646 | return 0; |
647 | } |
648 | |
649 | struct find_by_key_ctx { |
650 | const char *host, *ip; |
651 | const struct sshkey *key; |
652 | char **names; |
653 | u_int nnames; |
654 | }; |
655 | |
656 | /* Try to replace home directory prefix (per $HOME) with a ~/ sequence */ |
657 | static char * |
658 | try_tilde_unexpand(const char *path) |
659 | { |
660 | char *home, *ret = NULL((void *)0); |
661 | size_t l; |
662 | |
663 | if (*path != '/') |
664 | return xstrdup(path); |
665 | if ((home = getenv("HOME")) == NULL((void *)0) || (l = strlen(home)) == 0) |
666 | return xstrdup(path); |
667 | if (strncmp(path, home, l) != 0) |
668 | return xstrdup(path); |
669 | /* |
670 | * ensure we have matched on a path boundary: either the $HOME that |
671 | * we just compared ends with a '/' or the next character of the path |
672 | * must be a '/'. |
673 | */ |
674 | if (home[l - 1] != '/' && path[l] != '/') |
675 | return xstrdup(path); |
676 | if (path[l] == '/') |
677 | l++; |
678 | xasprintf(&ret, "~/%s", path + l); |
679 | return ret; |
680 | } |
681 | |
682 | static int |
683 | hostkeys_find_by_key_cb(struct hostkey_foreach_line *l, void *_ctx) |
684 | { |
685 | struct find_by_key_ctx *ctx = (struct find_by_key_ctx *)_ctx; |
686 | char *path; |
687 | |
688 | /* we are looking for keys with names that *do not* match */ |
689 | if ((l->match & HKF_MATCH_HOST(1)) != 0) |
690 | return 0; |
691 | /* not interested in marker lines */ |
692 | if (l->marker != MRK_NONE) |
693 | return 0; |
694 | /* we are only interested in exact key matches */ |
695 | if (l->key == NULL((void *)0) || !sshkey_equal(ctx->key, l->key)) |
696 | return 0; |
697 | path = try_tilde_unexpand(l->path); |
698 | debug_f("found matching key in %s:%lu", path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 698 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "found matching key in %s:%lu" , path, l->linenum); |
699 | ctx->names = xrecallocarray(ctx->names, |
700 | ctx->nnames, ctx->nnames + 1, sizeof(*ctx->names)); |
701 | xasprintf(&ctx->names[ctx->nnames], "%s:%lu: %s", path, l->linenum, |
702 | strncmp(l->hosts, HASH_MAGIC"|1|", strlen(HASH_MAGIC"|1|")) == 0 ? |
703 | "[hashed name]" : l->hosts); |
704 | ctx->nnames++; |
705 | free(path); |
706 | return 0; |
707 | } |
708 | |
709 | static int |
710 | hostkeys_find_by_key_hostfile(const char *file, const char *which, |
711 | struct find_by_key_ctx *ctx) |
712 | { |
713 | int r; |
714 | |
715 | debug3_f("trying %s hostfile \"%s\"", which, file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 715 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "trying %s hostfile \"%s\"" , which, file); |
716 | if ((r = hostkeys_foreach(file, hostkeys_find_by_key_cb, ctx, |
717 | ctx->host, ctx->ip, HKF_WANT_PARSE_KEY(1<<1), 0)) != 0) { |
718 | if (r == SSH_ERR_SYSTEM_ERROR-24 && errno(*__errno()) == ENOENT2) { |
719 | debug_f("hostkeys file %s does not exist", file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 719 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkeys file %s does not exist" , file); |
720 | return 0; |
721 | } |
722 | error_fr(r, "hostkeys_foreach failed for %s", file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 722 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hostkeys_foreach failed for %s" , file); |
723 | return r; |
724 | } |
725 | return 0; |
726 | } |
727 | |
728 | /* |
729 | * Find 'key' in known hosts file(s) that do not match host/ip. |
730 | * Used to display also-known-as information for previously-unseen hostkeys. |
731 | */ |
732 | static void |
733 | hostkeys_find_by_key(const char *host, const char *ip, const struct sshkey *key, |
734 | char **user_hostfiles, u_int num_user_hostfiles, |
735 | char **system_hostfiles, u_int num_system_hostfiles, |
736 | char ***names, u_int *nnames) |
737 | { |
738 | struct find_by_key_ctx ctx = {0, 0, 0, 0, 0}; |
739 | u_int i; |
740 | |
741 | *names = NULL((void *)0); |
742 | *nnames = 0; |
743 | |
744 | if (key == NULL((void *)0) || sshkey_is_cert(key)) |
745 | return; |
746 | |
747 | ctx.host = host; |
748 | ctx.ip = ip; |
749 | ctx.key = key; |
750 | |
751 | for (i = 0; i < num_user_hostfiles; i++) { |
752 | if (hostkeys_find_by_key_hostfile(user_hostfiles[i], |
753 | "user", &ctx) != 0) |
754 | goto fail; |
755 | } |
756 | for (i = 0; i < num_system_hostfiles; i++) { |
757 | if (hostkeys_find_by_key_hostfile(system_hostfiles[i], |
758 | "system", &ctx) != 0) |
759 | goto fail; |
760 | } |
761 | /* success */ |
762 | *names = ctx.names; |
763 | *nnames = ctx.nnames; |
764 | ctx.names = NULL((void *)0); |
765 | ctx.nnames = 0; |
766 | return; |
767 | fail: |
768 | for (i = 0; i < ctx.nnames; i++) |
769 | free(ctx.names[i]); |
770 | free(ctx.names); |
771 | } |
772 | |
773 | #define MAX_OTHER_NAMES8 8 /* Maximum number of names to list */ |
774 | static char * |
775 | other_hostkeys_message(const char *host, const char *ip, |
776 | const struct sshkey *key, |
777 | char **user_hostfiles, u_int num_user_hostfiles, |
778 | char **system_hostfiles, u_int num_system_hostfiles) |
779 | { |
780 | char *ret = NULL((void *)0), **othernames = NULL((void *)0); |
781 | u_int i, n, num_othernames = 0; |
782 | |
783 | hostkeys_find_by_key(host, ip, key, |
784 | user_hostfiles, num_user_hostfiles, |
785 | system_hostfiles, num_system_hostfiles, |
786 | &othernames, &num_othernames); |
787 | if (num_othernames == 0) |
788 | return xstrdup("This key is not known by any other names."); |
789 | |
790 | xasprintf(&ret, "This host key is known by the following other " |
791 | "names/addresses:"); |
792 | |
793 | n = num_othernames; |
794 | if (n > MAX_OTHER_NAMES8) |
795 | n = MAX_OTHER_NAMES8; |
796 | for (i = 0; i < n; i++) { |
797 | xextendf(&ret, "\n", " %s", othernames[i]); |
798 | } |
799 | if (n < num_othernames) { |
800 | xextendf(&ret, "\n", " (%d additional names omitted)", |
801 | num_othernames - n); |
802 | } |
803 | for (i = 0; i < num_othernames; i++) |
804 | free(othernames[i]); |
805 | free(othernames); |
806 | return ret; |
807 | } |
808 | |
809 | void |
810 | load_hostkeys_command(struct hostkeys *hostkeys, const char *command_template, |
811 | const char *invocation, const struct ssh_conn_info *cinfo, |
812 | const struct sshkey *host_key, const char *hostfile_hostname) |
813 | { |
814 | int r, i, ac = 0; |
815 | char *key_fp = NULL((void *)0), *keytext = NULL((void *)0), *tmp; |
816 | char *command = NULL((void *)0), *tag = NULL((void *)0), **av = NULL((void *)0); |
817 | FILE *f = NULL((void *)0); |
818 | pid_t pid; |
819 | void (*osigchld)(int); |
820 | |
821 | xasprintf(&tag, "KnownHostsCommand-%s", invocation); |
822 | |
823 | if (host_key != NULL((void *)0)) { |
824 | if ((key_fp = sshkey_fingerprint(host_key, |
825 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) |
826 | fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 826, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" ); |
827 | if ((r = sshkey_to_base64(host_key, &keytext)) != 0) |
828 | fatal_fr(r, "sshkey_to_base64 failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 828, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshkey_to_base64 failed" ); |
829 | } |
830 | /* |
831 | * NB. all returns later this function should go via "out" to |
832 | * ensure the original SIGCHLD handler is restored properly. |
833 | */ |
834 | osigchld = ssh_signal(SIGCHLD20, SIG_DFL(void (*)(int))0); |
835 | |
836 | /* Turn the command into an argument vector */ |
837 | if (argv_split(command_template, &ac, &av, 0) != 0) { |
838 | error("%s \"%s\" contains invalid quotes", tag,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 839 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" contains invalid quotes" , tag, command_template) |
839 | command_template)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 839 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" contains invalid quotes" , tag, command_template); |
840 | goto out; |
841 | } |
842 | if (ac == 0) { |
843 | error("%s \"%s\" yielded no arguments", tag,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 844 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" yielded no arguments" , tag, command_template) |
844 | command_template)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 844 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" yielded no arguments" , tag, command_template); |
845 | goto out; |
846 | } |
847 | for (i = 1; i < ac; i++) { |
848 | tmp = percent_dollar_expand(av[i], |
849 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo)"C", cinfo->conn_hash_hex, "L", cinfo->shorthost, "i", cinfo ->uidstr, "k", cinfo->keyalias, "l", cinfo->thishost , "n", cinfo->host_arg, "p", cinfo->portstr, "d", cinfo ->homedir, "h", cinfo->remhost, "r", cinfo->remuser, "u", cinfo->locuser, "j", cinfo->jmphost, |
850 | "H", hostfile_hostname, |
851 | "I", invocation, |
852 | "t", host_key == NULL((void *)0) ? "NONE" : sshkey_ssh_name(host_key), |
853 | "f", key_fp == NULL((void *)0) ? "NONE" : key_fp, |
854 | "K", keytext == NULL((void *)0) ? "NONE" : keytext, |
855 | (char *)NULL((void *)0)); |
856 | if (tmp == NULL((void *)0)) |
857 | fatal_f("percent_expand failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 857, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "percent_expand failed" ); |
858 | free(av[i]); |
859 | av[i] = tmp; |
860 | } |
861 | /* Prepare a printable command for logs, etc. */ |
862 | command = argv_assemble(ac, av); |
863 | |
864 | if ((pid = subprocess(tag, command, ac, av, &f, |
865 | SSH_SUBPROCESS_STDOUT_CAPTURE(1<<1)|SSH_SUBPROCESS_UNSAFE_PATH(1<<3)| |
866 | SSH_SUBPROCESS_PRESERVE_ENV(1<<4), NULL((void *)0), NULL((void *)0), NULL((void *)0))) == 0) |
867 | goto out; |
868 | |
869 | load_hostkeys_file(hostkeys, hostfile_hostname, tag, f, 1); |
870 | |
871 | if (exited_cleanly(pid, tag, command, 0) != 0) |
872 | fatal("KnownHostsCommand failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 872, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "KnownHostsCommand failed" ); |
873 | |
874 | out: |
875 | if (f != NULL((void *)0)) |
876 | fclose(f); |
877 | ssh_signal(SIGCHLD20, osigchld); |
878 | for (i = 0; i < ac; i++) |
879 | free(av[i]); |
880 | free(av); |
881 | free(tag); |
882 | free(command); |
883 | free(key_fp); |
884 | free(keytext); |
885 | } |
886 | |
887 | /* |
888 | * check whether the supplied host key is valid, return -1 if the key |
889 | * is not valid. user_hostfile[0] will not be updated if 'readonly' is true. |
890 | */ |
891 | #define RDRW0 0 |
892 | #define RDONLY1 1 |
893 | #define ROQUIET2 2 |
894 | static int |
895 | check_host_key(char *hostname, const struct ssh_conn_info *cinfo, |
896 | struct sockaddr *hostaddr, u_short port, |
897 | struct sshkey *host_key, int readonly, int clobber_port, |
898 | char **user_hostfiles, u_int num_user_hostfiles, |
899 | char **system_hostfiles, u_int num_system_hostfiles, |
900 | const char *hostfile_command) |
901 | { |
902 | HostStatus host_status = -1, ip_status = -1; |
903 | struct sshkey *raw_key = NULL((void *)0); |
904 | char *ip = NULL((void *)0), *host = NULL((void *)0); |
905 | char hostline[1000], *hostp, *fp, *ra; |
906 | char msg[1024]; |
907 | const char *type, *fail_reason = NULL((void *)0); |
908 | const struct hostkey_entry *host_found = NULL((void *)0), *ip_found = NULL((void *)0); |
909 | int len, cancelled_forwarding = 0, confirmed; |
910 | int local = sockaddr_is_local(hostaddr); |
911 | int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; |
912 | int hostkey_trusted = 0; /* Known or explicitly accepted by user */ |
913 | struct hostkeys *host_hostkeys, *ip_hostkeys; |
914 | u_int i; |
915 | |
916 | /* |
917 | * Force accepting of the host key for loopback/localhost. The |
918 | * problem is that if the home directory is NFS-mounted to multiple |
919 | * machines, localhost will refer to a different machine in each of |
920 | * them, and the user will get bogus HOST_CHANGED warnings. This |
921 | * essentially disables host authentication for localhost; however, |
922 | * this is probably not a real problem. |
923 | */ |
924 | if (options.no_host_authentication_for_localhost == 1 && local && |
925 | options.host_key_alias == NULL((void *)0)) { |
926 | debug("Forcing accepting of host key for "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 927 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Forcing accepting of host key for " "loopback/localhost.") |
927 | "loopback/localhost.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 927 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Forcing accepting of host key for " "loopback/localhost."); |
928 | options.update_hostkeys = 0; |
929 | return 0; |
930 | } |
931 | |
932 | /* |
933 | * Don't ever try to write an invalid name to a known hosts file. |
934 | * Note: do this before get_hostfile_hostname_ipaddr() to catch |
935 | * '[' or ']' in the name before they are added. |
936 | */ |
937 | if (strcspn(hostname, "@?*#[]|'\'\"\\") != strlen(hostname)) { |
938 | debug_f("invalid hostname \"%s\"; will not record: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 939 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "invalid hostname \"%s\"; will not record: %s" , hostname, fail_reason) |
939 | hostname, fail_reason)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 939 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "invalid hostname \"%s\"; will not record: %s" , hostname, fail_reason); |
940 | readonly = RDONLY1; |
941 | } |
942 | |
943 | /* |
944 | * Prepare the hostname and address strings used for hostkey lookup. |
945 | * In some cases, these will have a port number appended. |
946 | */ |
947 | get_hostfile_hostname_ipaddr(hostname, hostaddr, |
948 | clobber_port ? 0 : port, &host, &ip); |
949 | |
950 | /* |
951 | * Turn off check_host_ip if the connection is to localhost, via proxy |
952 | * command or if we don't have a hostname to compare with |
953 | */ |
954 | if (options.check_host_ip && (local || |
955 | strcmp(hostname, ip) == 0 || options.proxy_command != NULL((void *)0))) |
956 | options.check_host_ip = 0; |
957 | |
958 | host_hostkeys = init_hostkeys(); |
959 | for (i = 0; i < num_user_hostfiles; i++) |
960 | load_hostkeys(host_hostkeys, host, user_hostfiles[i], 0); |
961 | for (i = 0; i < num_system_hostfiles; i++) |
962 | load_hostkeys(host_hostkeys, host, system_hostfiles[i], 0); |
963 | if (hostfile_command != NULL((void *)0) && !clobber_port) { |
964 | load_hostkeys_command(host_hostkeys, hostfile_command, |
965 | "HOSTNAME", cinfo, host_key, host); |
966 | } |
967 | |
968 | ip_hostkeys = NULL((void *)0); |
969 | if (!want_cert && options.check_host_ip) { |
970 | ip_hostkeys = init_hostkeys(); |
971 | for (i = 0; i < num_user_hostfiles; i++) |
972 | load_hostkeys(ip_hostkeys, ip, user_hostfiles[i], 0); |
973 | for (i = 0; i < num_system_hostfiles; i++) |
974 | load_hostkeys(ip_hostkeys, ip, system_hostfiles[i], 0); |
975 | if (hostfile_command != NULL((void *)0) && !clobber_port) { |
976 | load_hostkeys_command(ip_hostkeys, hostfile_command, |
977 | "ADDRESS", cinfo, host_key, ip); |
978 | } |
979 | } |
980 | |
981 | retry: |
982 | /* Reload these as they may have changed on cert->key downgrade */ |
983 | want_cert = sshkey_is_cert(host_key); |
984 | type = sshkey_type(host_key); |
985 | |
986 | /* |
987 | * Check if the host key is present in the user's list of known |
988 | * hosts or in the systemwide list. |
989 | */ |
990 | host_status = check_key_in_hostkeys(host_hostkeys, host_key, |
991 | &host_found); |
992 | |
993 | /* |
994 | * If there are no hostfiles, or if the hostkey was found via |
995 | * KnownHostsCommand, then don't try to touch the disk. |
996 | */ |
997 | if (!readonly && (num_user_hostfiles == 0 || |
998 | (host_found != NULL((void *)0) && host_found->note != 0))) |
999 | readonly = RDONLY1; |
1000 | |
1001 | /* |
1002 | * Also perform check for the ip address, skip the check if we are |
1003 | * localhost, looking for a certificate, or the hostname was an ip |
1004 | * address to begin with. |
1005 | */ |
1006 | if (!want_cert && ip_hostkeys != NULL((void *)0)) { |
1007 | ip_status = check_key_in_hostkeys(ip_hostkeys, host_key, |
1008 | &ip_found); |
1009 | if (host_status == HOST_CHANGED && |
1010 | (ip_status != HOST_CHANGED || |
1011 | (ip_found != NULL((void *)0) && |
1012 | !sshkey_equal(ip_found->key, host_found->key)))) |
1013 | host_ip_differ = 1; |
1014 | } else |
1015 | ip_status = host_status; |
1016 | |
1017 | switch (host_status) { |
1018 | case HOST_OK: |
1019 | /* The host is known and the key matches. */ |
1020 | debug("Host '%.200s' is known and matches the %s host %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1021 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host '%.200s' is known and matches the %s host %s." , host, type, want_cert ? "certificate" : "key") |
1021 | host, type, want_cert ? "certificate" : "key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1021 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host '%.200s' is known and matches the %s host %s." , host, type, want_cert ? "certificate" : "key"); |
1022 | debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1023 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Found %s in %s:%lu", want_cert ? "CA key" : "key", host_found->file, host_found->line ) |
1023 | host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1023 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Found %s in %s:%lu", want_cert ? "CA key" : "key", host_found->file, host_found->line ); |
1024 | if (want_cert) { |
1025 | if (sshkey_cert_check_host(host_key, |
1026 | options.host_key_alias == NULL((void *)0) ? |
1027 | hostname : options.host_key_alias, 0, |
1028 | options.ca_sign_algorithms, &fail_reason) != 0) { |
1029 | error("%s", fail_reason)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1029 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s", fail_reason); |
1030 | goto fail; |
1031 | } |
1032 | /* |
1033 | * Do not attempt hostkey update if a certificate was |
1034 | * successfully matched. |
1035 | */ |
1036 | if (options.update_hostkeys != 0) { |
1037 | options.update_hostkeys = 0; |
1038 | debug3_f("certificate host key in use; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1039 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "certificate host key in use; " "disabling UpdateHostkeys") |
1039 | "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1039 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "certificate host key in use; " "disabling UpdateHostkeys"); |
1040 | } |
1041 | } |
1042 | /* Turn off UpdateHostkeys if key was in system known_hosts */ |
1043 | if (options.update_hostkeys != 0 && |
1044 | (path_in_hostfiles(host_found->file, |
1045 | system_hostfiles, num_system_hostfiles) || |
1046 | (ip_status == HOST_OK && ip_found != NULL((void *)0) && |
1047 | path_in_hostfiles(ip_found->file, |
1048 | system_hostfiles, num_system_hostfiles)))) { |
1049 | options.update_hostkeys = 0; |
1050 | debug3_f("host key found in GlobalKnownHostsFile; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1051 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found in GlobalKnownHostsFile; " "disabling UpdateHostkeys") |
1051 | "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1051 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found in GlobalKnownHostsFile; " "disabling UpdateHostkeys"); |
1052 | } |
1053 | if (options.update_hostkeys != 0 && host_found->note) { |
1054 | options.update_hostkeys = 0; |
1055 | debug3_f("host key found via KnownHostsCommand; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1056 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found via KnownHostsCommand; " "disabling UpdateHostkeys") |
1056 | "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1056 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found via KnownHostsCommand; " "disabling UpdateHostkeys"); |
1057 | } |
1058 | if (options.check_host_ip && ip_status == HOST_NEW) { |
1059 | if (readonly || want_cert) |
1060 | logit("%s host key for IP address "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1062 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip) |
1061 | "'%.128s' not in list of known hosts.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1062 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip) |
1062 | type, ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1062 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip); |
1063 | else if (!add_host_to_hostfile(user_hostfiles[0], ip, |
1064 | host_key, options.hash_known_hosts)) |
1065 | logit("Failed to add the %s host key for IP "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0]) |
1066 | "address '%.128s' to the list of known "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0]) |
1067 | "hosts (%.500s).", type, ip,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0]) |
1068 | user_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0]); |
1069 | else |
1070 | logit("Warning: Permanently added the %s host "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1072 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts." , type, ip) |
1071 | "key for IP address '%.128s' to the list "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1072 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts." , type, ip) |
1072 | "of known hosts.", type, ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1072 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts." , type, ip); |
1073 | } else if (options.visual_host_key) { |
1074 | fp = sshkey_fingerprint(host_key, |
1075 | options.fingerprint_hash, SSH_FP_DEFAULT); |
1076 | ra = sshkey_fingerprint(host_key, |
1077 | options.fingerprint_hash, SSH_FP_RANDOMART); |
1078 | if (fp == NULL((void *)0) || ra == NULL((void *)0)) |
1079 | fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1079, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" ); |
1080 | logit("Host key fingerprint is %s\n%s", fp, ra)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1080 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Host key fingerprint is %s\n%s" , fp, ra); |
1081 | free(ra); |
1082 | free(fp); |
1083 | } |
1084 | hostkey_trusted = 1; |
1085 | break; |
1086 | case HOST_NEW: |
1087 | if (options.host_key_alias == NULL((void *)0) && port != 0 && |
1088 | port != SSH_DEFAULT_PORT22 && !clobber_port) { |
1089 | debug("checking without port identifier")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1089 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "checking without port identifier" ); |
1090 | if (check_host_key(hostname, cinfo, hostaddr, 0, |
1091 | host_key, ROQUIET2, 1, |
1092 | user_hostfiles, num_user_hostfiles, |
1093 | system_hostfiles, num_system_hostfiles, |
1094 | hostfile_command) == 0) { |
1095 | debug("found matching key w/out port")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1095 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "found matching key w/out port" ); |
1096 | break; |
1097 | } |
1098 | } |
1099 | if (readonly || want_cert) |
1100 | goto fail; |
1101 | /* The host is new. */ |
1102 | if (options.strict_host_key_checking == |
1103 | SSH_STRICT_HOSTKEY_YES2) { |
1104 | /* |
1105 | * User has requested strict host key checking. We |
1106 | * will not add the host key automatically. The only |
1107 | * alternative left is to abort. |
1108 | */ |
1109 | error("No %s host key is known for %.200s and you "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1110 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "No %s host key is known for %.200s and you " "have requested strict checking.", type, host) |
1110 | "have requested strict checking.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1110 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "No %s host key is known for %.200s and you " "have requested strict checking.", type, host); |
1111 | goto fail; |
1112 | } else if (options.strict_host_key_checking == |
1113 | SSH_STRICT_HOSTKEY_ASK3) { |
1114 | char *msg1 = NULL((void *)0), *msg2 = NULL((void *)0); |
1115 | |
1116 | xasprintf(&msg1, "The authenticity of host " |
1117 | "'%.200s (%s)' can't be established", host, ip); |
1118 | |
1119 | if (show_other_keys(host_hostkeys, host_key)) { |
1120 | xextendf(&msg1, "\n", "but keys of different " |
1121 | "type are already known for this host."); |
1122 | } else |
1123 | xextendf(&msg1, "", "."); |
1124 | |
1125 | fp = sshkey_fingerprint(host_key, |
1126 | options.fingerprint_hash, SSH_FP_DEFAULT); |
1127 | ra = sshkey_fingerprint(host_key, |
1128 | options.fingerprint_hash, SSH_FP_RANDOMART); |
1129 | if (fp == NULL((void *)0) || ra == NULL((void *)0)) |
1130 | fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1130, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" ); |
1131 | xextendf(&msg1, "\n", "%s key fingerprint is %s.", |
1132 | type, fp); |
1133 | if (options.visual_host_key) |
1134 | xextendf(&msg1, "\n", "%s", ra); |
1135 | if (options.verify_host_key_dns) { |
1136 | xextendf(&msg1, "\n", |
1137 | "%s host key fingerprint found in DNS.", |
1138 | matching_host_key_dns ? |
1139 | "Matching" : "No matching"); |
1140 | } |
1141 | /* msg2 informs for other names matching this key */ |
1142 | if ((msg2 = other_hostkeys_message(host, ip, host_key, |
1143 | user_hostfiles, num_user_hostfiles, |
1144 | system_hostfiles, num_system_hostfiles)) != NULL((void *)0)) |
1145 | xextendf(&msg1, "\n", "%s", msg2); |
1146 | |
1147 | xextendf(&msg1, "\n", |
1148 | "Are you sure you want to continue connecting " |
1149 | "(yes/no/[fingerprint])? "); |
1150 | |
1151 | confirmed = confirm(msg1, fp); |
1152 | free(ra); |
1153 | free(fp); |
1154 | free(msg1); |
1155 | free(msg2); |
1156 | if (!confirmed) |
1157 | goto fail; |
1158 | hostkey_trusted = 1; /* user explicitly confirmed */ |
1159 | } |
1160 | /* |
1161 | * If in "new" or "off" strict mode, add the key automatically |
1162 | * to the local known_hosts file. |
1163 | */ |
1164 | if (options.check_host_ip && ip_status == HOST_NEW) { |
1165 | snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); |
1166 | hostp = hostline; |
1167 | if (options.hash_known_hosts) { |
1168 | /* Add hash of host and IP separately */ |
1169 | r = add_host_to_hostfile(user_hostfiles[0], |
1170 | host, host_key, options.hash_known_hosts) && |
1171 | add_host_to_hostfile(user_hostfiles[0], ip, |
1172 | host_key, options.hash_known_hosts); |
1173 | } else { |
1174 | /* Add unhashed "host,ip" */ |
1175 | r = add_host_to_hostfile(user_hostfiles[0], |
1176 | hostline, host_key, |
1177 | options.hash_known_hosts); |
1178 | } |
1179 | } else { |
1180 | r = add_host_to_hostfile(user_hostfiles[0], host, |
1181 | host_key, options.hash_known_hosts); |
1182 | hostp = host; |
1183 | } |
1184 | |
1185 | if (!r) |
1186 | logit("Failed to add the host to the list of known "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1187 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the host to the list of known " "hosts (%.500s).", user_hostfiles[0]) |
1187 | "hosts (%.500s).", user_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1187 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the host to the list of known " "hosts (%.500s).", user_hostfiles[0]); |
1188 | else |
1189 | logit("Warning: Permanently added '%.200s' (%s) to the "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1190 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added '%.200s' (%s) to the " "list of known hosts.", hostp, type) |
1190 | "list of known hosts.", hostp, type)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1190 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added '%.200s' (%s) to the " "list of known hosts.", hostp, type); |
1191 | break; |
1192 | case HOST_REVOKED: |
1193 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1193 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); |
1194 | error("@ WARNING: REVOKED HOST KEY DETECTED! @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1194 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@ WARNING: REVOKED HOST KEY DETECTED! @" ); |
1195 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1195 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); |
1196 | error("The %s host key for %s is marked as revoked.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1196 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The %s host key for %s is marked as revoked." , type, host); |
1197 | error("This could mean that a stolen key is being used to")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1197 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "This could mean that a stolen key is being used to" ); |
1198 | error("impersonate this host.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1198 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "impersonate this host." ); |
1199 | |
1200 | /* |
1201 | * If strict host key checking is in use, the user will have |
1202 | * to edit the key manually and we can only abort. |
1203 | */ |
1204 | if (options.strict_host_key_checking != |
1205 | SSH_STRICT_HOSTKEY_OFF0) { |
1206 | error("%s host key for %.200s was revoked and you have "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1207 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s host key for %.200s was revoked and you have " "requested strict checking.", type, host) |
1207 | "requested strict checking.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1207 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s host key for %.200s was revoked and you have " "requested strict checking.", type, host); |
1208 | goto fail; |
1209 | } |
1210 | goto continue_unsafe; |
1211 | |
1212 | case HOST_CHANGED: |
1213 | if (want_cert) { |
1214 | /* |
1215 | * This is only a debug() since it is valid to have |
1216 | * CAs with wildcard DNS matches that don't match |
1217 | * all hosts that one might visit. |
1218 | */ |
1219 | debug("Host certificate authority does not "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1221 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not " "match %s in %s:%lu", "@cert-authority", host_found->file , host_found->line) |
1220 | "match %s in %s:%lu", CA_MARKER,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1221 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not " "match %s in %s:%lu", "@cert-authority", host_found->file , host_found->line) |
1221 | host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1221 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not " "match %s in %s:%lu", "@cert-authority", host_found->file , host_found->line); |
1222 | goto fail; |
1223 | } |
1224 | if (readonly == ROQUIET2) |
1225 | goto fail; |
1226 | if (options.check_host_ip && host_ip_differ) { |
1227 | char *key_msg; |
1228 | if (ip_status == HOST_NEW) |
1229 | key_msg = "is unknown"; |
1230 | else if (ip_status == HOST_OK) |
1231 | key_msg = "is unchanged"; |
1232 | else |
1233 | key_msg = "has a different value"; |
1234 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1234 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); |
1235 | error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1235 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @" ); |
1236 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1236 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); |
1237 | error("The %s host key for %s has changed,", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1237 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The %s host key for %s has changed," , type, host); |
1238 | error("and the key for the corresponding IP address %s", ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1238 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "and the key for the corresponding IP address %s" , ip); |
1239 | error("%s. This could either mean that", key_msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1239 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s. This could either mean that" , key_msg); |
1240 | error("DNS SPOOFING is happening or the IP address for the host")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1240 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "DNS SPOOFING is happening or the IP address for the host" ); |
1241 | error("and its host key have changed at the same time.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1241 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "and its host key have changed at the same time." ); |
1242 | if (ip_status != HOST_NEW) |
1243 | error("Offending key for IP in %s:%lu",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1244 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending key for IP in %s:%lu" , ip_found->file, ip_found->line) |
1244 | ip_found->file, ip_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1244 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending key for IP in %s:%lu" , ip_found->file, ip_found->line); |
1245 | } |
1246 | /* The host key has changed. */ |
1247 | warn_changed_key(host_key); |
1248 | if (num_user_hostfiles > 0 || num_system_hostfiles > 0) { |
1249 | error("Add correct host key in %.100s to get rid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid " "of this message.", num_user_hostfiles > 0 ? user_hostfiles [0] : system_hostfiles[0]) |
1250 | "of this message.", num_user_hostfiles > 0 ?sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid " "of this message.", num_user_hostfiles > 0 ? user_hostfiles [0] : system_hostfiles[0]) |
1251 | user_hostfiles[0] : system_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid " "of this message.", num_user_hostfiles > 0 ? user_hostfiles [0] : system_hostfiles[0]); |
1252 | } |
1253 | error("Offending %s key in %s:%lu",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu" , sshkey_type(host_found->key), host_found->file, host_found ->line) |
1254 | sshkey_type(host_found->key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu" , sshkey_type(host_found->key), host_found->file, host_found ->line) |
1255 | host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu" , sshkey_type(host_found->key), host_found->file, host_found ->line); |
1256 | |
1257 | /* |
1258 | * If strict host key checking is in use, the user will have |
1259 | * to edit the key manually and we can only abort. |
1260 | */ |
1261 | if (options.strict_host_key_checking != |
1262 | SSH_STRICT_HOSTKEY_OFF0) { |
1263 | error("Host key for %.200s has changed and you have "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1264 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key for %.200s has changed and you have " "requested strict checking.", host) |
1264 | "requested strict checking.", host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1264 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key for %.200s has changed and you have " "requested strict checking.", host); |
1265 | goto fail; |
1266 | } |
1267 | |
1268 | continue_unsafe: |
1269 | /* |
1270 | * If strict host key checking has not been requested, allow |
1271 | * the connection but without MITM-able authentication or |
1272 | * forwarding. |
1273 | */ |
1274 | if (options.password_authentication) { |
1275 | error("Password authentication is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1276 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Password authentication is disabled to avoid " "man-in-the-middle attacks.") |
1276 | "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1276 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Password authentication is disabled to avoid " "man-in-the-middle attacks."); |
1277 | options.password_authentication = 0; |
1278 | cancelled_forwarding = 1; |
1279 | } |
1280 | if (options.kbd_interactive_authentication) { |
1281 | error("Keyboard-interactive authentication is disabled"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1282 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Keyboard-interactive authentication is disabled" " to avoid man-in-the-middle attacks.") |
1282 | " to avoid man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1282 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Keyboard-interactive authentication is disabled" " to avoid man-in-the-middle attacks."); |
1283 | options.kbd_interactive_authentication = 0; |
1284 | cancelled_forwarding = 1; |
1285 | } |
1286 | if (options.forward_agent) { |
1287 | error("Agent forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1288 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Agent forwarding is disabled to avoid " "man-in-the-middle attacks.") |
1288 | "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1288 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Agent forwarding is disabled to avoid " "man-in-the-middle attacks."); |
1289 | options.forward_agent = 0; |
1290 | cancelled_forwarding = 1; |
1291 | } |
1292 | if (options.forward_x11) { |
1293 | error("X11 forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1294 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "X11 forwarding is disabled to avoid " "man-in-the-middle attacks.") |
1294 | "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1294 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "X11 forwarding is disabled to avoid " "man-in-the-middle attacks."); |
1295 | options.forward_x11 = 0; |
1296 | cancelled_forwarding = 1; |
1297 | } |
1298 | if (options.num_local_forwards > 0 || |
1299 | options.num_remote_forwards > 0) { |
1300 | error("Port forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1301 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Port forwarding is disabled to avoid " "man-in-the-middle attacks.") |
1301 | "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1301 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Port forwarding is disabled to avoid " "man-in-the-middle attacks."); |
1302 | options.num_local_forwards = |
1303 | options.num_remote_forwards = 0; |
1304 | cancelled_forwarding = 1; |
1305 | } |
1306 | if (options.tun_open != SSH_TUNMODE_NO0x00) { |
1307 | error("Tunnel forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1308 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Tunnel forwarding is disabled to avoid " "man-in-the-middle attacks.") |
1308 | "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1308 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Tunnel forwarding is disabled to avoid " "man-in-the-middle attacks."); |
1309 | options.tun_open = SSH_TUNMODE_NO0x00; |
1310 | cancelled_forwarding = 1; |
1311 | } |
1312 | if (options.update_hostkeys != 0) { |
1313 | error("UpdateHostkeys is disabled because the host "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1314 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "UpdateHostkeys is disabled because the host " "key is not trusted.") |
1314 | "key is not trusted.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1314 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "UpdateHostkeys is disabled because the host " "key is not trusted."); |
1315 | options.update_hostkeys = 0; |
1316 | } |
1317 | if (options.exit_on_forward_failure && cancelled_forwarding) |
1318 | fatal("Error: forwarding disabled due to host key "sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1319, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Error: forwarding disabled due to host key " "check failure") |
1319 | "check failure")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1319, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Error: forwarding disabled due to host key " "check failure"); |
1320 | |
1321 | /* |
1322 | * XXX Should permit the user to change to use the new id. |
1323 | * This could be done by converting the host key to an |
1324 | * identifying sentence, tell that the host identifies itself |
1325 | * by that sentence, and ask the user if they wish to |
1326 | * accept the authentication. |
1327 | */ |
1328 | break; |
1329 | case HOST_FOUND: |
1330 | fatal("internal error")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1330, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "internal error"); |
1331 | break; |
1332 | } |
1333 | |
1334 | if (options.check_host_ip && host_status != HOST_CHANGED && |
1335 | ip_status == HOST_CHANGED) { |
1336 | snprintf(msg, sizeof(msg), |
1337 | "Warning: the %s host key for '%.200s' " |
1338 | "differs from the key for the IP address '%.128s'" |
1339 | "\nOffending key for IP in %s:%lu", |
1340 | type, host, ip, ip_found->file, ip_found->line); |
1341 | if (host_status == HOST_OK) { |
1342 | len = strlen(msg); |
1343 | snprintf(msg + len, sizeof(msg) - len, |
1344 | "\nMatching host key in %s:%lu", |
1345 | host_found->file, host_found->line); |
1346 | } |
1347 | if (options.strict_host_key_checking == |
1348 | SSH_STRICT_HOSTKEY_ASK3) { |
1349 | strlcat(msg, "\nAre you sure you want " |
1350 | "to continue connecting (yes/no)? ", sizeof(msg)); |
1351 | if (!confirm(msg, NULL((void *)0))) |
1352 | goto fail; |
1353 | } else if (options.strict_host_key_checking != |
1354 | SSH_STRICT_HOSTKEY_OFF0) { |
1355 | logit("%s", msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1355 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", msg); |
1356 | error("Exiting, you have requested strict checking.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1356 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Exiting, you have requested strict checking." ); |
1357 | goto fail; |
1358 | } else { |
1359 | logit("%s", msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1359 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", msg); |
1360 | } |
1361 | } |
1362 | |
1363 | if (!hostkey_trusted && options.update_hostkeys) { |
1364 | debug_f("hostkey not known or explicitly trusted: "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1365 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkey not known or explicitly trusted: " "disabling UpdateHostkeys") |
1365 | "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1365 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkey not known or explicitly trusted: " "disabling UpdateHostkeys"); |
1366 | options.update_hostkeys = 0; |
1367 | } |
1368 | |
1369 | free(ip); |
1370 | free(host); |
1371 | if (host_hostkeys != NULL((void *)0)) |
1372 | free_hostkeys(host_hostkeys); |
1373 | if (ip_hostkeys != NULL((void *)0)) |
1374 | free_hostkeys(ip_hostkeys); |
1375 | return 0; |
1376 | |
1377 | fail: |
1378 | if (want_cert && host_status != HOST_REVOKED) { |
1379 | /* |
1380 | * No matching certificate. Downgrade cert to raw key and |
1381 | * search normally. |
1382 | */ |
1383 | debug("No matching CA found. Retry with plain key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1383 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "No matching CA found. Retry with plain key" ); |
1384 | if ((r = sshkey_from_private(host_key, &raw_key)) != 0) |
1385 | fatal_fr(r, "decode key")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1385, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "decode key"); |
1386 | if ((r = sshkey_drop_cert(raw_key)) != 0) |
1387 | fatal_r(r, "Couldn't drop certificate")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1387, 0, SYSLOG_LEVEL_FATAL, ssh_err(r), "Couldn't drop certificate" ); |
1388 | host_key = raw_key; |
1389 | goto retry; |
1390 | } |
1391 | sshkey_free(raw_key); |
1392 | free(ip); |
1393 | free(host); |
1394 | if (host_hostkeys != NULL((void *)0)) |
1395 | free_hostkeys(host_hostkeys); |
1396 | if (ip_hostkeys != NULL((void *)0)) |
1397 | free_hostkeys(ip_hostkeys); |
1398 | return -1; |
1399 | } |
1400 | |
1401 | /* returns 0 if key verifies or -1 if key does NOT verify */ |
1402 | int |
1403 | verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key, |
1404 | const struct ssh_conn_info *cinfo) |
1405 | { |
1406 | u_int i; |
1407 | int r = -1, flags = 0; |
1408 | char valid[64], *fp = NULL((void *)0), *cafp = NULL((void *)0); |
1409 | struct sshkey *plain = NULL((void *)0); |
1410 | |
1411 | if ((fp = sshkey_fingerprint(host_key, |
1412 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) { |
1413 | error_fr(r, "fingerprint host key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1413 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "fingerprint host key"); |
1414 | r = -1; |
1415 | goto out; |
1416 | } |
1417 | |
1418 | if (sshkey_is_cert(host_key)) { |
1419 | if ((cafp = sshkey_fingerprint(host_key->cert->signature_key, |
1420 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) { |
1421 | error_fr(r, "fingerprint CA key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1421 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "fingerprint CA key"); |
1422 | r = -1; |
1423 | goto out; |
1424 | } |
1425 | sshkey_format_cert_validity(host_key->cert, |
1426 | valid, sizeof(valid)); |
1427 | debug("Server host certificate: %s %s, serial %llu "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) |
1428 | "ID \"%s\" CA %s %s valid %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) |
1429 | sshkey_ssh_name(host_key), fp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) |
1430 | (unsigned long long)host_key->cert->serial,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) |
1431 | host_key->cert->key_id,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) |
1432 | sshkey_ssh_name(host_key->cert->signature_key), cafp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) |
1433 | valid)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid); |
1434 | for (i = 0; i < host_key->cert->nprincipals; i++) { |
1435 | debug2("Server host certificate hostname: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1436 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "Server host certificate hostname: %s" , host_key->cert->principals[i]) |
1436 | host_key->cert->principals[i])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1436 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "Server host certificate hostname: %s" , host_key->cert->principals[i]); |
1437 | } |
1438 | } else { |
1439 | debug("Server host key: %s %s", sshkey_ssh_name(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1439 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host key: %s %s" , sshkey_ssh_name(host_key), fp); |
1440 | } |
1441 | |
1442 | if (sshkey_equal(previous_host_key, host_key)) { |
1443 | debug2_f("server host key %s %s matches cached key",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1444 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "server host key %s %s matches cached key" , sshkey_type(host_key), fp) |
1444 | sshkey_type(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1444 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "server host key %s %s matches cached key" , sshkey_type(host_key), fp); |
1445 | r = 0; |
1446 | goto out; |
1447 | } |
1448 | |
1449 | /* Check in RevokedHostKeys file if specified */ |
1450 | if (options.revoked_host_keys != NULL((void *)0)) { |
1451 | r = sshkey_check_revoked(host_key, options.revoked_host_keys); |
1452 | switch (r) { |
1453 | case 0: |
1454 | break; /* not revoked */ |
1455 | case SSH_ERR_KEY_REVOKED-51: |
1456 | error("Host key %s %s revoked by file %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1458 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s" , sshkey_type(host_key), fp, options.revoked_host_keys) |
1457 | sshkey_type(host_key), fp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1458 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s" , sshkey_type(host_key), fp, options.revoked_host_keys) |
1458 | options.revoked_host_keys)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1458 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s" , sshkey_type(host_key), fp, options.revoked_host_keys); |
1459 | r = -1; |
1460 | goto out; |
1461 | default: |
1462 | error_r(r, "Error checking host key %s %s in "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in " "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys ) |
1463 | "revoked keys file %s", sshkey_type(host_key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in " "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys ) |
1464 | fp, options.revoked_host_keys)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in " "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys ); |
1465 | r = -1; |
1466 | goto out; |
1467 | } |
1468 | } |
1469 | |
1470 | if (options.verify_host_key_dns) { |
1471 | /* |
1472 | * XXX certs are not yet supported for DNS, so downgrade |
1473 | * them and try the plain key. |
1474 | */ |
1475 | if ((r = sshkey_from_private(host_key, &plain)) != 0) |
1476 | goto out; |
1477 | if (sshkey_is_cert(plain)) |
1478 | sshkey_drop_cert(plain); |
1479 | if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) { |
1480 | if (flags & DNS_VERIFY_FOUND0x00000001) { |
1481 | if (options.verify_host_key_dns == 1 && |
1482 | flags & DNS_VERIFY_MATCH0x00000002 && |
1483 | flags & DNS_VERIFY_SECURE0x00000004) { |
1484 | r = 0; |
1485 | goto out; |
1486 | } |
1487 | if (flags & DNS_VERIFY_MATCH0x00000002) { |
1488 | matching_host_key_dns = 1; |
1489 | } else { |
1490 | warn_changed_key(plain); |
1491 | error("Update the SSHFP RR in DNS "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1493 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS " "with the new host key to get rid " "of this message.") |
1492 | "with the new host key to get rid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1493 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS " "with the new host key to get rid " "of this message.") |
1493 | "of this message.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1493 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS " "with the new host key to get rid " "of this message."); |
1494 | } |
1495 | } |
1496 | } |
1497 | } |
1498 | r = check_host_key(host, cinfo, hostaddr, options.port, host_key, |
1499 | RDRW0, 0, options.user_hostfiles, options.num_user_hostfiles, |
1500 | options.system_hostfiles, options.num_system_hostfiles, |
1501 | options.known_hosts_command); |
1502 | |
1503 | out: |
1504 | sshkey_free(plain); |
1505 | free(fp); |
1506 | free(cafp); |
1507 | if (r == 0 && host_key != NULL((void *)0)) { |
1508 | sshkey_free(previous_host_key); |
1509 | r = sshkey_from_private(host_key, &previous_host_key); |
1510 | } |
1511 | |
1512 | return r; |
1513 | } |
1514 | |
1515 | /* |
1516 | * Starts a dialog with the server, and authenticates the current user on the |
1517 | * server. This does not need any extra privileges. The basic connection |
1518 | * to the server must already have been established before this is called. |
1519 | * If login fails, this function prints an error and never returns. |
1520 | * This function does not require super-user privileges. |
1521 | */ |
1522 | void |
1523 | ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, |
1524 | struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms, |
1525 | const struct ssh_conn_info *cinfo) |
1526 | { |
1527 | char *host; |
1528 | char *server_user, *local_user; |
1529 | int r; |
1530 | |
1531 | local_user = xstrdup(pw->pw_name); |
1532 | server_user = options.user ? options.user : local_user; |
1533 | |
1534 | /* Convert the user-supplied hostname into all lowercase. */ |
1535 | host = xstrdup(orighost); |
1536 | lowercase(host); |
1537 | |
1538 | /* Exchange protocol version identification strings with the server. */ |
1539 | if ((r = kex_exchange_identification(ssh, timeout_ms, NULL((void *)0))) != 0) |
1540 | sshpkt_fatal(ssh, r, "banner exchange"); |
1541 | |
1542 | /* Put the connection into non-blocking mode. */ |
1543 | ssh_packet_set_nonblocking(ssh); |
1544 | |
1545 | /* key exchange */ |
1546 | /* authenticate user */ |
1547 | debug("Authenticating to %s:%d as '%s'", host, port, server_user)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1547 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Authenticating to %s:%d as '%s'" , host, port, server_user); |
1548 | ssh_kex2(ssh, host, hostaddr, port, cinfo); |
1549 | ssh_userauth2(ssh, local_user, server_user, host, sensitive); |
1550 | free(local_user); |
1551 | free(host); |
1552 | } |
1553 | |
1554 | /* print all known host keys for a given host, but skip keys of given type */ |
1555 | static int |
1556 | show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) |
1557 | { |
1558 | int type[] = { |
1559 | KEY_RSA, |
1560 | #ifdef WITH_DSA1 |
1561 | KEY_DSA, |
1562 | #endif |
1563 | KEY_ECDSA, |
1564 | KEY_ED25519, |
1565 | KEY_XMSS, |
1566 | -1 |
1567 | }; |
1568 | int i, ret = 0; |
1569 | char *fp, *ra; |
1570 | const struct hostkey_entry *found; |
1571 | |
1572 | for (i = 0; type[i] != -1; i++) { |
1573 | if (type[i] == key->type) |
1574 | continue; |
1575 | if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], |
1576 | -1, &found)) |
1577 | continue; |
1578 | fp = sshkey_fingerprint(found->key, |
1579 | options.fingerprint_hash, SSH_FP_DEFAULT); |
1580 | ra = sshkey_fingerprint(found->key, |
1581 | options.fingerprint_hash, SSH_FP_RANDOMART); |
1582 | if (fp == NULL((void *)0) || ra == NULL((void *)0)) |
1583 | fatal_f("sshkey_fingerprint fail")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1583, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint fail" ); |
1584 | logit("WARNING: %s key found for host %s\n"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp) |
1585 | "in %s:%lu\n"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp) |
1586 | "%s key fingerprint %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp) |
1587 | sshkey_type(found->key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp) |
1588 | found->host, found->file, found->line,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp) |
1589 | sshkey_type(found->key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp); |
1590 | if (options.visual_host_key) |
1591 | logit("%s", ra)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1591 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", ra); |
1592 | free(ra); |
1593 | free(fp); |
1594 | ret = 1; |
1595 | } |
1596 | return ret; |
1597 | } |
1598 | |
1599 | static void |
1600 | warn_changed_key(struct sshkey *host_key) |
1601 | { |
1602 | char *fp; |
1603 | |
1604 | fp = sshkey_fingerprint(host_key, options.fingerprint_hash, |
1605 | SSH_FP_DEFAULT); |
1606 | if (fp == NULL((void *)0)) |
1607 | fatal_f("sshkey_fingerprint fail")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1607, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint fail" ); |
1608 | |
1609 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1609 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); |
1610 | error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1610 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @" ); |
1611 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1611 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); |
1612 | error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1612 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!" ); |
1613 | error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1613 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Someone could be eavesdropping on you right now (man-in-the-middle attack)!" ); |
1614 | error("It is also possible that a host key has just been changed.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1614 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "It is also possible that a host key has just been changed." ); |
1615 | error("The fingerprint for the %s key sent by the remote host is\n%s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1616 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The fingerprint for the %s key sent by the remote host is\n%s." , sshkey_type(host_key), fp) |
1616 | sshkey_type(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1616 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The fingerprint for the %s key sent by the remote host is\n%s." , sshkey_type(host_key), fp); |
1617 | error("Please contact your system administrator.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1617 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Please contact your system administrator." ); |
1618 | |
1619 | free(fp); |
1620 | } |
1621 | |
1622 | /* |
1623 | * Execute a local command |
1624 | */ |
1625 | int |
1626 | ssh_local_cmd(const char *args) |
1627 | { |
1628 | char *shell; |
1629 | pid_t pid; |
1630 | int status; |
1631 | void (*osighand)(int); |
1632 | |
1633 | if (!options.permit_local_command || |
1634 | args == NULL((void *)0) || !*args) |
1635 | return (1); |
1636 | |
1637 | if ((shell = getenv("SHELL")) == NULL((void *)0) || *shell == '\0') |
1638 | shell = _PATH_BSHELL"/bin/sh"; |
1639 | |
1640 | osighand = ssh_signal(SIGCHLD20, SIG_DFL(void (*)(int))0); |
1641 | pid = fork(); |
1642 | if (pid == 0) { |
1643 | ssh_signal(SIGPIPE13, SIG_DFL(void (*)(int))0); |
1644 | debug3("Executing %s -c \"%s\"", shell, args)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1644 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "Executing %s -c \"%s\"" , shell, args); |
1645 | execl(shell, shell, "-c", args, (char *)NULL((void *)0)); |
1646 | error("Couldn't execute %s -c \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1647 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't execute %s -c \"%s\": %s" , shell, args, strerror((*__errno()))) |
1647 | shell, args, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1647 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't execute %s -c \"%s\": %s" , shell, args, strerror((*__errno()))); |
1648 | _exit(1); |
1649 | } else if (pid == -1) |
1650 | fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1650, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fork failed: %.100s" , strerror((*__errno()))); |
1651 | while (waitpid(pid, &status, 0) == -1) |
1652 | if (errno(*__errno()) != EINTR4) |
1653 | fatal("Couldn't wait for child: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1653, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Couldn't wait for child: %s" , strerror((*__errno()))); |
1654 | ssh_signal(SIGCHLD20, osighand); |
1655 | |
1656 | if (!WIFEXITED(status)(((status) & 0177) == 0)) |
1657 | return (1); |
1658 | |
1659 | return (WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff)); |
1660 | } |
1661 | |
1662 | void |
1663 | maybe_add_key_to_agent(const char *authfile, struct sshkey *private, |
1664 | const char *comment, const char *passphrase) |
1665 | { |
1666 | int auth_sock = -1, r; |
1667 | const char *skprovider = NULL((void *)0); |
1668 | |
1669 | if (options.add_keys_to_agent == 0) |
1670 | return; |
1671 | |
1672 | if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) { |
1673 | debug3("no authentication agent, not adding key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1673 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "no authentication agent, not adding key" ); |
1674 | return; |
1675 | } |
1676 | |
1677 | if (options.add_keys_to_agent == 2 && |
1678 | !ask_permission("Add key %s (%s) to agent?", authfile, comment)) { |
1679 | debug3("user denied adding this key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1679 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "user denied adding this key" ); |
1680 | close(auth_sock); |
1681 | return; |
1682 | } |
1683 | if (sshkey_is_sk(private)) |
1684 | skprovider = options.sk_provider; |
1685 | if ((r = ssh_add_identity_constrained(auth_sock, private, |
1686 | comment == NULL((void *)0) ? authfile : comment, |
1687 | options.add_keys_to_agent_lifespan, |
1688 | (options.add_keys_to_agent == 3), 0, skprovider, NULL((void *)0), 0)) == 0) |
1689 | debug("identity added to agent: %s", authfile)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1689 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "identity added to agent: %s" , authfile); |
1690 | else |
1691 | debug("could not add identity to agent: %s (%d)", authfile, r)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1691 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "could not add identity to agent: %s (%d)" , authfile, r); |
1692 | close(auth_sock); |
1693 | } |