File: | src/usr.bin/ssh/ssh/../sshconnect.c |
Warning: | line 1022, column 3 Access to field 'file' results in a dereference of a null pointer (loaded from variable 'host_found') |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: sshconnect.c,v 1.366 2024/01/11 01:45:36 djm Exp $ */ | |||
2 | /* | |||
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |||
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |||
5 | * All rights reserved | |||
6 | * Code to connect to a remote host, and to perform the client side of the | |||
7 | * login (authentication) dialog. | |||
8 | * | |||
9 | * As far as I am concerned, the code I have written for this software | |||
10 | * can be used freely for any purpose. Any derived versions of this | |||
11 | * software must be clearly marked as such, and if the derived work is | |||
12 | * incompatible with the protocol description in the RFC file, it must be | |||
13 | * called by a name other than "ssh" or "Secure Shell". | |||
14 | */ | |||
15 | ||||
16 | #include <sys/types.h> | |||
17 | #include <sys/wait.h> | |||
18 | #include <sys/stat.h> | |||
19 | #include <sys/socket.h> | |||
20 | #include <sys/time.h> | |||
21 | ||||
22 | #include <net/if.h> | |||
23 | #include <netinet/in.h> | |||
24 | ||||
25 | #include <ctype.h> | |||
26 | #include <errno(*__errno()).h> | |||
27 | #include <fcntl.h> | |||
28 | #include <netdb.h> | |||
29 | #include <limits.h> | |||
30 | #include <paths.h> | |||
31 | #include <signal.h> | |||
32 | #include <pwd.h> | |||
33 | #include <stdio.h> | |||
34 | #include <stdlib.h> | |||
35 | #include <stdarg.h> | |||
36 | #include <string.h> | |||
37 | #include <unistd.h> | |||
38 | #include <ifaddrs.h> | |||
39 | ||||
40 | #include "xmalloc.h" | |||
41 | #include "ssh.h" | |||
42 | #include "sshbuf.h" | |||
43 | #include "packet.h" | |||
44 | #include "sshkey.h" | |||
45 | #include "sshconnect.h" | |||
46 | #include "hostfile.h" | |||
47 | #include "log.h" | |||
48 | #include "misc.h" | |||
49 | #include "readconf.h" | |||
50 | #include "atomicio.h" | |||
51 | #include "dns.h" | |||
52 | #include "monitor_fdpass.h" | |||
53 | #include "ssh2.h" | |||
54 | #include "version.h" | |||
55 | #include "authfile.h" | |||
56 | #include "ssherr.h" | |||
57 | #include "authfd.h" | |||
58 | #include "kex.h" | |||
59 | ||||
60 | struct sshkey *previous_host_key = NULL((void *)0); | |||
61 | ||||
62 | static int matching_host_key_dns = 0; | |||
63 | ||||
64 | static pid_t proxy_command_pid = 0; | |||
65 | ||||
66 | /* import */ | |||
67 | extern int debug_flag; | |||
68 | extern Options options; | |||
69 | extern char *__progname; | |||
70 | ||||
71 | static int show_other_keys(struct hostkeys *, struct sshkey *); | |||
72 | static void warn_changed_key(struct sshkey *); | |||
73 | ||||
74 | /* Expand a proxy command */ | |||
75 | static char * | |||
76 | expand_proxy_command(const char *proxy_command, const char *user, | |||
77 | const char *host, const char *host_arg, int port) | |||
78 | { | |||
79 | char *tmp, *ret, strport[NI_MAXSERV32]; | |||
80 | const char *keyalias = options.host_key_alias ? | |||
81 | options.host_key_alias : host_arg; | |||
82 | ||||
83 | snprintf(strport, sizeof strport, "%d", port); | |||
84 | xasprintf(&tmp, "exec %s", proxy_command); | |||
85 | ret = percent_expand(tmp, | |||
86 | "h", host, | |||
87 | "k", keyalias, | |||
88 | "n", host_arg, | |||
89 | "p", strport, | |||
90 | "r", options.user, | |||
91 | (char *)NULL((void *)0)); | |||
92 | free(tmp); | |||
93 | return ret; | |||
94 | } | |||
95 | ||||
96 | /* | |||
97 | * Connect to the given ssh server using a proxy command that passes a | |||
98 | * a connected fd back to us. | |||
99 | */ | |||
100 | static int | |||
101 | ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, | |||
102 | const char *host_arg, u_short port, const char *proxy_command) | |||
103 | { | |||
104 | char *command_string; | |||
105 | int sp[2], sock; | |||
106 | pid_t pid; | |||
107 | char *shell; | |||
108 | ||||
109 | if ((shell = getenv("SHELL")) == NULL((void *)0)) | |||
110 | shell = _PATH_BSHELL"/bin/sh"; | |||
111 | ||||
112 | if (socketpair(AF_UNIX1, SOCK_STREAM1, 0, sp) == -1) | |||
113 | fatal("Could not create socketpair to communicate with "sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 114, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror((*__errno()))) | |||
114 | "proxy dialer: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 114, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror((*__errno()))); | |||
115 | ||||
116 | command_string = expand_proxy_command(proxy_command, options.user, | |||
117 | host, host_arg, port); | |||
118 | debug("Executing proxy dialer command: %.500s", command_string)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 118 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Executing proxy dialer command: %.500s" , command_string); | |||
119 | ||||
120 | /* Fork and execute the proxy command. */ | |||
121 | if ((pid = fork()) == 0) { | |||
122 | char *argv[10]; | |||
123 | ||||
124 | close(sp[1]); | |||
125 | /* Redirect stdin and stdout. */ | |||
126 | if (sp[0] != 0) { | |||
127 | if (dup2(sp[0], 0) == -1) | |||
128 | perror("dup2 stdin"); | |||
129 | } | |||
130 | if (sp[0] != 1) { | |||
131 | if (dup2(sp[0], 1) == -1) | |||
132 | perror("dup2 stdout"); | |||
133 | } | |||
134 | if (sp[0] >= 2) | |||
135 | close(sp[0]); | |||
136 | ||||
137 | /* | |||
138 | * Stderr is left for non-ControlPersist connections is so | |||
139 | * error messages may be printed on the user's terminal. | |||
140 | */ | |||
141 | if (!debug_flag && options.control_path != NULL((void *)0) && | |||
142 | options.control_persist && stdfd_devnull(0, 0, 1) == -1) | |||
143 | error_f("stdfd_devnull failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 143 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "stdfd_devnull failed"); | |||
144 | ||||
145 | argv[0] = shell; | |||
146 | argv[1] = "-c"; | |||
147 | argv[2] = command_string; | |||
148 | argv[3] = NULL((void *)0); | |||
149 | ||||
150 | /* | |||
151 | * Execute the proxy command. | |||
152 | * Note that we gave up any extra privileges above. | |||
153 | */ | |||
154 | execv(argv[0], argv); | |||
155 | perror(argv[0]); | |||
156 | exit(1); | |||
157 | } | |||
158 | /* Parent. */ | |||
159 | if (pid == -1) | |||
160 | fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 160, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fork failed: %.100s" , strerror((*__errno()))); | |||
161 | close(sp[0]); | |||
162 | free(command_string); | |||
163 | ||||
164 | if ((sock = mm_receive_fd(sp[1])) == -1) | |||
165 | fatal("proxy dialer did not pass back a connection")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 165, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "proxy dialer did not pass back a connection" ); | |||
166 | close(sp[1]); | |||
167 | ||||
168 | while (waitpid(pid, NULL((void *)0), 0) == -1) | |||
169 | if (errno(*__errno()) != EINTR4) | |||
170 | fatal("Couldn't wait for child: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 170, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Couldn't wait for child: %s" , strerror((*__errno()))); | |||
171 | ||||
172 | /* Set the connection file descriptors. */ | |||
173 | if (ssh_packet_set_connection(ssh, sock, sock) == NULL((void *)0)) | |||
174 | return -1; /* ssh_packet_set_connection logs error */ | |||
175 | ||||
176 | return 0; | |||
177 | } | |||
178 | ||||
179 | /* | |||
180 | * Connect to the given ssh server using a proxy command. | |||
181 | */ | |||
182 | static int | |||
183 | ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg, | |||
184 | u_short port, const char *proxy_command) | |||
185 | { | |||
186 | char *command_string; | |||
187 | int pin[2], pout[2]; | |||
188 | pid_t pid; | |||
189 | char *shell; | |||
190 | ||||
191 | if ((shell = getenv("SHELL")) == NULL((void *)0) || *shell == '\0') | |||
192 | shell = _PATH_BSHELL"/bin/sh"; | |||
193 | ||||
194 | /* Create pipes for communicating with the proxy. */ | |||
195 | if (pipe(pin) == -1 || pipe(pout) == -1) | |||
196 | fatal("Could not create pipes to communicate with the proxy: %.100s",sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 197, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create pipes to communicate with the proxy: %.100s" , strerror((*__errno()))) | |||
197 | strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 197, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Could not create pipes to communicate with the proxy: %.100s" , strerror((*__errno()))); | |||
198 | ||||
199 | command_string = expand_proxy_command(proxy_command, options.user, | |||
200 | host, host_arg, port); | |||
201 | debug("Executing proxy command: %.500s", command_string)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 201 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Executing proxy command: %.500s" , command_string); | |||
202 | ||||
203 | /* Fork and execute the proxy command. */ | |||
204 | if ((pid = fork()) == 0) { | |||
205 | char *argv[10]; | |||
206 | ||||
207 | /* Redirect stdin and stdout. */ | |||
208 | close(pin[1]); | |||
209 | if (pin[0] != 0) { | |||
210 | if (dup2(pin[0], 0) == -1) | |||
211 | perror("dup2 stdin"); | |||
212 | close(pin[0]); | |||
213 | } | |||
214 | close(pout[0]); | |||
215 | if (dup2(pout[1], 1) == -1) | |||
216 | perror("dup2 stdout"); | |||
217 | /* Cannot be 1 because pin allocated two descriptors. */ | |||
218 | close(pout[1]); | |||
219 | ||||
220 | /* | |||
221 | * Stderr is left for non-ControlPersist connections is so | |||
222 | * error messages may be printed on the user's terminal. | |||
223 | */ | |||
224 | if (!debug_flag && options.control_path != NULL((void *)0) && | |||
225 | options.control_persist && stdfd_devnull(0, 0, 1) == -1) | |||
226 | error_f("stdfd_devnull failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 226 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "stdfd_devnull failed"); | |||
227 | ||||
228 | argv[0] = shell; | |||
229 | argv[1] = "-c"; | |||
230 | argv[2] = command_string; | |||
231 | argv[3] = NULL((void *)0); | |||
232 | ||||
233 | /* | |||
234 | * Execute the proxy command. Note that we gave up any | |||
235 | * extra privileges above. | |||
236 | */ | |||
237 | ssh_signal(SIGPIPE13, SIG_DFL(void (*)(int))0); | |||
238 | execv(argv[0], argv); | |||
239 | perror(argv[0]); | |||
240 | exit(1); | |||
241 | } | |||
242 | /* Parent. */ | |||
243 | if (pid == -1) | |||
244 | fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 244, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fork failed: %.100s" , strerror((*__errno()))); | |||
245 | else | |||
246 | proxy_command_pid = pid; /* save pid to clean up later */ | |||
247 | ||||
248 | /* Close child side of the descriptors. */ | |||
249 | close(pin[0]); | |||
250 | close(pout[1]); | |||
251 | ||||
252 | /* Free the command name. */ | |||
253 | free(command_string); | |||
254 | ||||
255 | /* Set the connection file descriptors. */ | |||
256 | if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == NULL((void *)0)) | |||
257 | return -1; /* ssh_packet_set_connection logs error */ | |||
258 | ||||
259 | return 0; | |||
260 | } | |||
261 | ||||
262 | void | |||
263 | ssh_kill_proxy_command(void) | |||
264 | { | |||
265 | /* | |||
266 | * Send SIGHUP to proxy command if used. We don't wait() in | |||
267 | * case it hangs and instead rely on init to reap the child | |||
268 | */ | |||
269 | if (proxy_command_pid > 1) | |||
270 | kill(proxy_command_pid, SIGHUP1); | |||
271 | } | |||
272 | ||||
273 | /* | |||
274 | * Search a interface address list (returned from getifaddrs(3)) for an | |||
275 | * address that matches the desired address family on the specified interface. | |||
276 | * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure. | |||
277 | */ | |||
278 | static int | |||
279 | check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, | |||
280 | struct sockaddr_storage *resultp, socklen_t *rlenp) | |||
281 | { | |||
282 | struct sockaddr_in6 *sa6; | |||
283 | struct sockaddr_in *sa; | |||
284 | struct in6_addr *v6addr; | |||
285 | const struct ifaddrs *ifa; | |||
286 | int allow_local; | |||
287 | ||||
288 | /* | |||
289 | * Prefer addresses that are not loopback or linklocal, but use them | |||
290 | * if nothing else matches. | |||
291 | */ | |||
292 | for (allow_local = 0; allow_local < 2; allow_local++) { | |||
293 | for (ifa = ifaddrs; ifa != NULL((void *)0); ifa = ifa->ifa_next) { | |||
294 | if (ifa->ifa_addr == NULL((void *)0) || ifa->ifa_name == NULL((void *)0) || | |||
295 | (ifa->ifa_flags & IFF_UP0x1) == 0 || | |||
296 | ifa->ifa_addr->sa_family != af || | |||
297 | strcmp(ifa->ifa_name, options.bind_interface) != 0) | |||
298 | continue; | |||
299 | switch (ifa->ifa_addr->sa_family) { | |||
300 | case AF_INET2: | |||
301 | sa = (struct sockaddr_in *)ifa->ifa_addr; | |||
302 | if (!allow_local && sa->sin_addr.s_addr == | |||
303 | htonl(INADDR_LOOPBACK)(__uint32_t)(__builtin_constant_p(((u_int32_t)(0x7f000001))) ? (__uint32_t)(((__uint32_t)(((u_int32_t)(0x7f000001))) & 0xff ) << 24 | ((__uint32_t)(((u_int32_t)(0x7f000001))) & 0xff00) << 8 | ((__uint32_t)(((u_int32_t)(0x7f000001)) ) & 0xff0000) >> 8 | ((__uint32_t)(((u_int32_t)(0x7f000001 ))) & 0xff000000) >> 24) : __swap32md(((u_int32_t)( 0x7f000001))))) | |||
304 | continue; | |||
305 | if (*rlenp < sizeof(struct sockaddr_in)) { | |||
306 | error_f("v4 addr doesn't fit")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 306 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "v4 addr doesn't fit"); | |||
307 | return -1; | |||
308 | } | |||
309 | *rlenp = sizeof(struct sockaddr_in); | |||
310 | memcpy(resultp, sa, *rlenp); | |||
311 | return 0; | |||
312 | case AF_INET624: | |||
313 | sa6 = (struct sockaddr_in6 *)ifa->ifa_addr; | |||
314 | v6addr = &sa6->sin6_addr; | |||
315 | if (!allow_local && | |||
316 | (IN6_IS_ADDR_LINKLOCAL(v6addr)(((v6addr)->__u6_addr.__u6_addr8[0] == 0xfe) && (( (v6addr)->__u6_addr.__u6_addr8[1] & 0xc0) == 0x80)) || | |||
317 | IN6_IS_ADDR_LOOPBACK(v6addr)((*(const u_int32_t *)(const void *)(&(v6addr)->__u6_addr .__u6_addr8[0]) == 0) && (*(const u_int32_t *)(const void *)(&(v6addr)->__u6_addr.__u6_addr8[4]) == 0) && (*(const u_int32_t *)(const void *)(&(v6addr)->__u6_addr .__u6_addr8[8]) == 0) && (*(const u_int32_t *)(const void *)(&(v6addr)->__u6_addr.__u6_addr8[12]) == (__uint32_t )(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) & 0xff) << 24 | ((__uint32_t)(1) & 0xff00) << 8 | ((__uint32_t)(1) & 0xff0000) >> 8 | ((__uint32_t )(1) & 0xff000000) >> 24) : __swap32md(1)))))) | |||
318 | continue; | |||
319 | if (*rlenp < sizeof(struct sockaddr_in6)) { | |||
320 | error_f("v6 addr doesn't fit")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 320 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "v6 addr doesn't fit"); | |||
321 | return -1; | |||
322 | } | |||
323 | *rlenp = sizeof(struct sockaddr_in6); | |||
324 | memcpy(resultp, sa6, *rlenp); | |||
325 | return 0; | |||
326 | } | |||
327 | } | |||
328 | } | |||
329 | return -1; | |||
330 | } | |||
331 | ||||
332 | /* | |||
333 | * Creates a socket for use as the ssh connection. | |||
334 | */ | |||
335 | static int | |||
336 | ssh_create_socket(struct addrinfo *ai) | |||
337 | { | |||
338 | int sock, r; | |||
339 | struct sockaddr_storage bindaddr; | |||
340 | socklen_t bindaddrlen = 0; | |||
341 | struct addrinfo hints, *res = NULL((void *)0); | |||
342 | struct ifaddrs *ifaddrs = NULL((void *)0); | |||
343 | char ntop[NI_MAXHOST256]; | |||
344 | ||||
345 | sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); | |||
346 | if (sock == -1) { | |||
347 | error("socket: %s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 347 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "socket: %s", strerror( (*__errno()))); | |||
348 | return -1; | |||
349 | } | |||
350 | (void)fcntl(sock, F_SETFD2, FD_CLOEXEC1); | |||
351 | ||||
352 | /* Use interactive QOS (if specified) until authentication completed */ | |||
353 | if (options.ip_qos_interactive != INT_MAX0x7fffffff) | |||
354 | set_sock_tos(sock, options.ip_qos_interactive); | |||
355 | ||||
356 | /* Bind the socket to an alternative local IP address */ | |||
357 | if (options.bind_address == NULL((void *)0) && options.bind_interface == NULL((void *)0)) | |||
358 | return sock; | |||
359 | ||||
360 | if (options.bind_address != NULL((void *)0)) { | |||
361 | memset(&hints, 0, sizeof(hints)); | |||
362 | hints.ai_family = ai->ai_family; | |||
363 | hints.ai_socktype = ai->ai_socktype; | |||
364 | hints.ai_protocol = ai->ai_protocol; | |||
365 | hints.ai_flags = AI_PASSIVE1; | |||
366 | if ((r = getaddrinfo(options.bind_address, NULL((void *)0), | |||
367 | &hints, &res)) != 0) { | |||
368 | error("getaddrinfo: %s: %s", options.bind_address,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 369 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: %s: %s", options .bind_address, ssh_gai_strerror(r)) | |||
369 | ssh_gai_strerror(r))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 369 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: %s: %s", options .bind_address, ssh_gai_strerror(r)); | |||
370 | goto fail; | |||
371 | } | |||
372 | if (res == NULL((void *)0)) { | |||
373 | error("getaddrinfo: no addrs")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 373 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getaddrinfo: no addrs" ); | |||
374 | goto fail; | |||
375 | } | |||
376 | memcpy(&bindaddr, res->ai_addr, res->ai_addrlen); | |||
377 | bindaddrlen = res->ai_addrlen; | |||
378 | } else if (options.bind_interface != NULL((void *)0)) { | |||
379 | if ((r = getifaddrs(&ifaddrs)) != 0) { | |||
380 | error("getifaddrs: %s: %s", options.bind_interface,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 381 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getifaddrs: %s: %s", options .bind_interface, strerror((*__errno()))) | |||
381 | strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 381 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "getifaddrs: %s: %s", options .bind_interface, strerror((*__errno()))); | |||
382 | goto fail; | |||
383 | } | |||
384 | bindaddrlen = sizeof(bindaddr); | |||
385 | if (check_ifaddrs(options.bind_interface, ai->ai_family, | |||
386 | ifaddrs, &bindaddr, &bindaddrlen) != 0) { | |||
387 | logit("getifaddrs: %s: no suitable addresses",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 388 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "getifaddrs: %s: no suitable addresses" , options.bind_interface) | |||
388 | options.bind_interface)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 388 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "getifaddrs: %s: no suitable addresses" , options.bind_interface); | |||
389 | goto fail; | |||
390 | } | |||
391 | } | |||
392 | if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen, | |||
393 | ntop, sizeof(ntop), NULL((void *)0), 0, NI_NUMERICHOST1)) != 0) { | |||
394 | error_f("getnameinfo failed: %s", ssh_gai_strerror(r))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 394 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "getnameinfo failed: %s" , ssh_gai_strerror(r)); | |||
395 | goto fail; | |||
396 | } | |||
397 | if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) { | |||
398 | error("bind %s: %s", ntop, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 398 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "bind %s: %s", ntop, strerror ((*__errno()))); | |||
399 | goto fail; | |||
400 | } | |||
401 | debug_f("bound to %s", ntop)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 401 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "bound to %s", ntop); | |||
402 | /* success */ | |||
403 | goto out; | |||
404 | fail: | |||
405 | close(sock); | |||
406 | sock = -1; | |||
407 | out: | |||
408 | if (res != NULL((void *)0)) | |||
409 | freeaddrinfo(res); | |||
410 | if (ifaddrs != NULL((void *)0)) | |||
411 | freeifaddrs(ifaddrs); | |||
412 | return sock; | |||
413 | } | |||
414 | ||||
415 | /* | |||
416 | * Opens a TCP/IP connection to the remote server on the given host. | |||
417 | * The address of the remote host will be returned in hostaddr. | |||
418 | * If port is 0, the default port will be used. | |||
419 | * Connection_attempts specifies the maximum number of tries (one per | |||
420 | * second). If proxy_command is non-NULL, it specifies the command (with %h | |||
421 | * and %p substituted for host and port, respectively) to use to contact | |||
422 | * the daemon. | |||
423 | */ | |||
424 | static int | |||
425 | ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, | |||
426 | struct sockaddr_storage *hostaddr, u_short port, int connection_attempts, | |||
427 | int *timeout_ms, int want_keepalive) | |||
428 | { | |||
429 | int on = 1, saved_timeout_ms = *timeout_ms; | |||
430 | int oerrno, sock = -1, attempt; | |||
431 | char ntop[NI_MAXHOST256], strport[NI_MAXSERV32]; | |||
432 | struct addrinfo *ai; | |||
433 | ||||
434 | debug3_f("entering")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 434 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "entering"); | |||
435 | memset(ntop, 0, sizeof(ntop)); | |||
436 | memset(strport, 0, sizeof(strport)); | |||
437 | ||||
438 | for (attempt = 0; attempt < connection_attempts; attempt++) { | |||
439 | if (attempt > 0) { | |||
440 | /* Sleep a moment before retrying. */ | |||
441 | sleep(1); | |||
442 | debug("Trying again...")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 442 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Trying again..."); | |||
443 | } | |||
444 | /* | |||
445 | * Loop through addresses for this host, and try each one in | |||
446 | * sequence until the connection succeeds. | |||
447 | */ | |||
448 | for (ai = aitop; ai; ai = ai->ai_next) { | |||
449 | if (ai->ai_family != AF_INET2 && | |||
450 | ai->ai_family != AF_INET624) { | |||
451 | errno(*__errno()) = EAFNOSUPPORT47; | |||
452 | continue; | |||
453 | } | |||
454 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen, | |||
455 | ntop, sizeof(ntop), strport, sizeof(strport), | |||
456 | NI_NUMERICHOST1|NI_NUMERICSERV2) != 0) { | |||
457 | oerrno = errno(*__errno()); | |||
458 | error_f("getnameinfo failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 458 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "getnameinfo failed"); | |||
459 | errno(*__errno()) = oerrno; | |||
460 | continue; | |||
461 | } | |||
462 | if (options.address_family != AF_UNSPEC0 && | |||
463 | ai->ai_family != options.address_family) { | |||
464 | debug2_f("skipping address [%s]:%s: "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 465 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "skipping address [%s]:%s: " "wrong address family", ntop, strport) | |||
465 | "wrong address family", ntop, strport)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 465 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "skipping address [%s]:%s: " "wrong address family", ntop, strport); | |||
466 | errno(*__errno()) = EAFNOSUPPORT47; | |||
467 | continue; | |||
468 | } | |||
469 | ||||
470 | debug("Connecting to %.200s [%.100s] port %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 471 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connecting to %.200s [%.100s] port %s." , host, ntop, strport) | |||
471 | host, ntop, strport)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 471 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connecting to %.200s [%.100s] port %s." , host, ntop, strport); | |||
472 | ||||
473 | /* Create a socket for connecting. */ | |||
474 | sock = ssh_create_socket(ai); | |||
475 | if (sock < 0) { | |||
476 | /* Any error is already output */ | |||
477 | errno(*__errno()) = 0; | |||
478 | continue; | |||
479 | } | |||
480 | ||||
481 | *timeout_ms = saved_timeout_ms; | |||
482 | if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen, | |||
483 | timeout_ms) >= 0) { | |||
484 | /* Successful connection. */ | |||
485 | memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); | |||
486 | break; | |||
487 | } else { | |||
488 | oerrno = errno(*__errno()); | |||
489 | debug("connect to address %s port %s: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 490 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "connect to address %s port %s: %s" , ntop, strport, strerror((*__errno()))) | |||
490 | ntop, strport, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 490 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "connect to address %s port %s: %s" , ntop, strport, strerror((*__errno()))); | |||
491 | close(sock); | |||
492 | sock = -1; | |||
493 | errno(*__errno()) = oerrno; | |||
494 | } | |||
495 | } | |||
496 | if (sock != -1) | |||
497 | break; /* Successful connection. */ | |||
498 | } | |||
499 | ||||
500 | /* Return failure if we didn't get a successful connection. */ | |||
501 | if (sock == -1) { | |||
502 | error("ssh: connect to host %s port %s: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 503 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "ssh: connect to host %s port %s: %s" , host, strport, (*__errno()) == 0 ? "failure" : strerror((*__errno ()))) | |||
503 | host, strport, errno == 0 ? "failure" : strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 503 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "ssh: connect to host %s port %s: %s" , host, strport, (*__errno()) == 0 ? "failure" : strerror((*__errno ()))); | |||
504 | return -1; | |||
505 | } | |||
506 | ||||
507 | debug("Connection established.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 507 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Connection established." ); | |||
508 | ||||
509 | /* Set SO_KEEPALIVE if requested. */ | |||
510 | if (want_keepalive && | |||
511 | setsockopt(sock, SOL_SOCKET0xffff, SO_KEEPALIVE0x0008, (void *)&on, | |||
512 | sizeof(on)) == -1) | |||
513 | error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 513 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "setsockopt SO_KEEPALIVE: %.100s" , strerror((*__errno()))); | |||
514 | ||||
515 | /* Set the connection. */ | |||
516 | if (ssh_packet_set_connection(ssh, sock, sock) == NULL((void *)0)) | |||
517 | return -1; /* ssh_packet_set_connection logs error */ | |||
518 | ||||
519 | return 0; | |||
520 | } | |||
521 | ||||
522 | int | |||
523 | ssh_connect(struct ssh *ssh, const char *host, const char *host_arg, | |||
524 | struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port, | |||
525 | int connection_attempts, int *timeout_ms, int want_keepalive) | |||
526 | { | |||
527 | int in, out; | |||
528 | ||||
529 | if (options.proxy_command == NULL((void *)0)) { | |||
530 | return ssh_connect_direct(ssh, host, addrs, hostaddr, port, | |||
531 | connection_attempts, timeout_ms, want_keepalive); | |||
532 | } else if (strcmp(options.proxy_command, "-") == 0) { | |||
533 | if ((in = dup(STDIN_FILENO0)) == -1 || | |||
534 | (out = dup(STDOUT_FILENO1)) == -1) { | |||
535 | if (in >= 0) | |||
536 | close(in); | |||
537 | error_f("dup() in/out failed")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 537 , 1, SYSLOG_LEVEL_ERROR, ((void *)0), "dup() in/out failed"); | |||
538 | return -1; /* ssh_packet_set_connection logs error */ | |||
539 | } | |||
540 | if ((ssh_packet_set_connection(ssh, in, out)) == NULL((void *)0)) | |||
541 | return -1; /* ssh_packet_set_connection logs error */ | |||
542 | return 0; | |||
543 | } else if (options.proxy_use_fdpass) { | |||
544 | return ssh_proxy_fdpass_connect(ssh, host, host_arg, port, | |||
545 | options.proxy_command); | |||
546 | } | |||
547 | return ssh_proxy_connect(ssh, host, host_arg, port, | |||
548 | options.proxy_command); | |||
549 | } | |||
550 | ||||
551 | /* defaults to 'no' */ | |||
552 | static int | |||
553 | confirm(const char *prompt, const char *fingerprint) | |||
554 | { | |||
555 | const char *msg, *again = "Please type 'yes' or 'no': "; | |||
556 | const char *again_fp = "Please type 'yes', 'no' or the fingerprint: "; | |||
557 | char *p, *cp; | |||
558 | int ret = -1; | |||
559 | ||||
560 | if (options.batch_mode) | |||
561 | return 0; | |||
562 | for (msg = prompt;;msg = fingerprint ? again_fp : again) { | |||
563 | cp = p = read_passphrase(msg, RP_ECHO0x0001); | |||
564 | if (p == NULL((void *)0)) | |||
565 | return 0; | |||
566 | p += strspn(p, " \t"); /* skip leading whitespace */ | |||
567 | p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */ | |||
568 | if (p[0] == '\0' || strcasecmp(p, "no") == 0) | |||
569 | ret = 0; | |||
570 | else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL((void *)0) && | |||
571 | strcmp(p, fingerprint) == 0)) | |||
572 | ret = 1; | |||
573 | free(cp); | |||
574 | if (ret != -1) | |||
575 | return ret; | |||
576 | } | |||
577 | } | |||
578 | ||||
579 | static int | |||
580 | sockaddr_is_local(struct sockaddr *hostaddr) | |||
581 | { | |||
582 | switch (hostaddr->sa_family) { | |||
583 | case AF_INET2: | |||
584 | return (ntohl(((struct sockaddr_in *)hostaddr)->(__uint32_t)(__builtin_constant_p(((struct sockaddr_in *)hostaddr )-> sin_addr.s_addr) ? (__uint32_t)(((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr) & 0xff) << 24 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr .s_addr) & 0xff00) << 8 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr) & 0xff0000) >> 8 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr .s_addr) & 0xff000000) >> 24) : __swap32md(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr)) | |||
585 | sin_addr.s_addr)(__uint32_t)(__builtin_constant_p(((struct sockaddr_in *)hostaddr )-> sin_addr.s_addr) ? (__uint32_t)(((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr) & 0xff) << 24 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr .s_addr) & 0xff00) << 8 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr) & 0xff0000) >> 8 | ((__uint32_t)(((struct sockaddr_in *)hostaddr)-> sin_addr .s_addr) & 0xff000000) >> 24) : __swap32md(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr)) >> 24) == IN_LOOPBACKNET127; | |||
586 | case AF_INET624: | |||
587 | return IN6_IS_ADDR_LOOPBACK(((*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr))->__u6_addr.__u6_addr8[0]) == 0 ) && (*(const u_int32_t *)(const void *)(&(&( ((struct sockaddr_in6 *)hostaddr)->sin6_addr))->__u6_addr .__u6_addr8[4]) == 0) && (*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr ))->__u6_addr.__u6_addr8[8]) == 0) && (*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr )->sin6_addr))->__u6_addr.__u6_addr8[12]) == (__uint32_t )(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) & 0xff) << 24 | ((__uint32_t)(1) & 0xff00) << 8 | ((__uint32_t)(1) & 0xff0000) >> 8 | ((__uint32_t )(1) & 0xff000000) >> 24) : __swap32md(1)))) | |||
588 | &(((struct sockaddr_in6 *)hostaddr)->sin6_addr))((*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr))->__u6_addr.__u6_addr8[0]) == 0 ) && (*(const u_int32_t *)(const void *)(&(&( ((struct sockaddr_in6 *)hostaddr)->sin6_addr))->__u6_addr .__u6_addr8[4]) == 0) && (*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr ))->__u6_addr.__u6_addr8[8]) == 0) && (*(const u_int32_t *)(const void *)(&(&(((struct sockaddr_in6 *)hostaddr )->sin6_addr))->__u6_addr.__u6_addr8[12]) == (__uint32_t )(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) & 0xff) << 24 | ((__uint32_t)(1) & 0xff00) << 8 | ((__uint32_t)(1) & 0xff0000) >> 8 | ((__uint32_t )(1) & 0xff000000) >> 24) : __swap32md(1)))); | |||
589 | default: | |||
590 | return 0; | |||
591 | } | |||
592 | } | |||
593 | ||||
594 | /* | |||
595 | * Prepare the hostname and ip address strings that are used to lookup | |||
596 | * host keys in known_hosts files. These may have a port number appended. | |||
597 | */ | |||
598 | void | |||
599 | get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, | |||
600 | u_short port, char **hostfile_hostname, char **hostfile_ipaddr) | |||
601 | { | |||
602 | char ntop[NI_MAXHOST256]; | |||
603 | ||||
604 | /* | |||
605 | * We don't have the remote ip-address for connections | |||
606 | * using a proxy command | |||
607 | */ | |||
608 | if (hostfile_ipaddr != NULL((void *)0)) { | |||
609 | if (options.proxy_command == NULL((void *)0)) { | |||
610 | if (getnameinfo(hostaddr, hostaddr->sa_len, | |||
611 | ntop, sizeof(ntop), NULL((void *)0), 0, NI_NUMERICHOST1) != 0) | |||
612 | fatal_f("getnameinfo failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 612, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "getnameinfo failed" ); | |||
613 | *hostfile_ipaddr = put_host_port(ntop, port); | |||
614 | } else { | |||
615 | *hostfile_ipaddr = xstrdup("<no hostip for proxy " | |||
616 | "command>"); | |||
617 | } | |||
618 | } | |||
619 | ||||
620 | /* | |||
621 | * Allow the user to record the key under a different name or | |||
622 | * differentiate a non-standard port. This is useful for ssh | |||
623 | * tunneling over forwarded connections or if you run multiple | |||
624 | * sshd's on different ports on the same machine. | |||
625 | */ | |||
626 | if (hostfile_hostname != NULL((void *)0)) { | |||
627 | if (options.host_key_alias != NULL((void *)0)) { | |||
628 | *hostfile_hostname = xstrdup(options.host_key_alias); | |||
629 | debug("using hostkeyalias: %s", *hostfile_hostname)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 629 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "using hostkeyalias: %s" , *hostfile_hostname); | |||
630 | } else { | |||
631 | *hostfile_hostname = put_host_port(hostname, port); | |||
632 | } | |||
633 | } | |||
634 | } | |||
635 | ||||
636 | /* returns non-zero if path appears in hostfiles, or 0 if not. */ | |||
637 | static int | |||
638 | path_in_hostfiles(const char *path, char **hostfiles, u_int num_hostfiles) | |||
639 | { | |||
640 | u_int i; | |||
641 | ||||
642 | for (i = 0; i < num_hostfiles; i++) { | |||
643 | if (strcmp(path, hostfiles[i]) == 0) | |||
644 | return 1; | |||
645 | } | |||
646 | return 0; | |||
647 | } | |||
648 | ||||
649 | struct find_by_key_ctx { | |||
650 | const char *host, *ip; | |||
651 | const struct sshkey *key; | |||
652 | char **names; | |||
653 | u_int nnames; | |||
654 | }; | |||
655 | ||||
656 | /* Try to replace home directory prefix (per $HOME) with a ~/ sequence */ | |||
657 | static char * | |||
658 | try_tilde_unexpand(const char *path) | |||
659 | { | |||
660 | char *home, *ret = NULL((void *)0); | |||
661 | size_t l; | |||
662 | ||||
663 | if (*path != '/') | |||
664 | return xstrdup(path); | |||
665 | if ((home = getenv("HOME")) == NULL((void *)0) || (l = strlen(home)) == 0) | |||
666 | return xstrdup(path); | |||
667 | if (strncmp(path, home, l) != 0) | |||
668 | return xstrdup(path); | |||
669 | /* | |||
670 | * ensure we have matched on a path boundary: either the $HOME that | |||
671 | * we just compared ends with a '/' or the next character of the path | |||
672 | * must be a '/'. | |||
673 | */ | |||
674 | if (home[l - 1] != '/' && path[l] != '/') | |||
675 | return xstrdup(path); | |||
676 | if (path[l] == '/') | |||
677 | l++; | |||
678 | xasprintf(&ret, "~/%s", path + l); | |||
679 | return ret; | |||
680 | } | |||
681 | ||||
682 | static int | |||
683 | hostkeys_find_by_key_cb(struct hostkey_foreach_line *l, void *_ctx) | |||
684 | { | |||
685 | struct find_by_key_ctx *ctx = (struct find_by_key_ctx *)_ctx; | |||
686 | char *path; | |||
687 | ||||
688 | /* we are looking for keys with names that *do not* match */ | |||
689 | if ((l->match & HKF_MATCH_HOST(1)) != 0) | |||
690 | return 0; | |||
691 | /* not interested in marker lines */ | |||
692 | if (l->marker != MRK_NONE) | |||
693 | return 0; | |||
694 | /* we are only interested in exact key matches */ | |||
695 | if (l->key == NULL((void *)0) || !sshkey_equal(ctx->key, l->key)) | |||
696 | return 0; | |||
697 | path = try_tilde_unexpand(l->path); | |||
698 | debug_f("found matching key in %s:%lu", path, l->linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 698 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "found matching key in %s:%lu" , path, l->linenum); | |||
699 | ctx->names = xrecallocarray(ctx->names, | |||
700 | ctx->nnames, ctx->nnames + 1, sizeof(*ctx->names)); | |||
701 | xasprintf(&ctx->names[ctx->nnames], "%s:%lu: %s", path, l->linenum, | |||
702 | strncmp(l->hosts, HASH_MAGIC"|1|", strlen(HASH_MAGIC"|1|")) == 0 ? | |||
703 | "[hashed name]" : l->hosts); | |||
704 | ctx->nnames++; | |||
705 | free(path); | |||
706 | return 0; | |||
707 | } | |||
708 | ||||
709 | static int | |||
710 | hostkeys_find_by_key_hostfile(const char *file, const char *which, | |||
711 | struct find_by_key_ctx *ctx) | |||
712 | { | |||
713 | int r; | |||
714 | ||||
715 | debug3_f("trying %s hostfile \"%s\"", which, file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 715 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "trying %s hostfile \"%s\"" , which, file); | |||
716 | if ((r = hostkeys_foreach(file, hostkeys_find_by_key_cb, ctx, | |||
717 | ctx->host, ctx->ip, HKF_WANT_PARSE_KEY(1<<1), 0)) != 0) { | |||
718 | if (r == SSH_ERR_SYSTEM_ERROR-24 && errno(*__errno()) == ENOENT2) { | |||
719 | debug_f("hostkeys file %s does not exist", file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 719 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkeys file %s does not exist" , file); | |||
720 | return 0; | |||
721 | } | |||
722 | error_fr(r, "hostkeys_foreach failed for %s", file)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 722 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hostkeys_foreach failed for %s" , file); | |||
723 | return r; | |||
724 | } | |||
725 | return 0; | |||
726 | } | |||
727 | ||||
728 | /* | |||
729 | * Find 'key' in known hosts file(s) that do not match host/ip. | |||
730 | * Used to display also-known-as information for previously-unseen hostkeys. | |||
731 | */ | |||
732 | static void | |||
733 | hostkeys_find_by_key(const char *host, const char *ip, const struct sshkey *key, | |||
734 | char **user_hostfiles, u_int num_user_hostfiles, | |||
735 | char **system_hostfiles, u_int num_system_hostfiles, | |||
736 | char ***names, u_int *nnames) | |||
737 | { | |||
738 | struct find_by_key_ctx ctx = {0, 0, 0, 0, 0}; | |||
739 | u_int i; | |||
740 | ||||
741 | *names = NULL((void *)0); | |||
742 | *nnames = 0; | |||
743 | ||||
744 | if (key == NULL((void *)0) || sshkey_is_cert(key)) | |||
745 | return; | |||
746 | ||||
747 | ctx.host = host; | |||
748 | ctx.ip = ip; | |||
749 | ctx.key = key; | |||
750 | ||||
751 | for (i = 0; i < num_user_hostfiles; i++) { | |||
752 | if (hostkeys_find_by_key_hostfile(user_hostfiles[i], | |||
753 | "user", &ctx) != 0) | |||
754 | goto fail; | |||
755 | } | |||
756 | for (i = 0; i < num_system_hostfiles; i++) { | |||
757 | if (hostkeys_find_by_key_hostfile(system_hostfiles[i], | |||
758 | "system", &ctx) != 0) | |||
759 | goto fail; | |||
760 | } | |||
761 | /* success */ | |||
762 | *names = ctx.names; | |||
763 | *nnames = ctx.nnames; | |||
764 | ctx.names = NULL((void *)0); | |||
765 | ctx.nnames = 0; | |||
766 | return; | |||
767 | fail: | |||
768 | for (i = 0; i < ctx.nnames; i++) | |||
769 | free(ctx.names[i]); | |||
770 | free(ctx.names); | |||
771 | } | |||
772 | ||||
773 | #define MAX_OTHER_NAMES8 8 /* Maximum number of names to list */ | |||
774 | static char * | |||
775 | other_hostkeys_message(const char *host, const char *ip, | |||
776 | const struct sshkey *key, | |||
777 | char **user_hostfiles, u_int num_user_hostfiles, | |||
778 | char **system_hostfiles, u_int num_system_hostfiles) | |||
779 | { | |||
780 | char *ret = NULL((void *)0), **othernames = NULL((void *)0); | |||
781 | u_int i, n, num_othernames = 0; | |||
782 | ||||
783 | hostkeys_find_by_key(host, ip, key, | |||
784 | user_hostfiles, num_user_hostfiles, | |||
785 | system_hostfiles, num_system_hostfiles, | |||
786 | &othernames, &num_othernames); | |||
787 | if (num_othernames == 0) | |||
788 | return xstrdup("This key is not known by any other names."); | |||
789 | ||||
790 | xasprintf(&ret, "This host key is known by the following other " | |||
791 | "names/addresses:"); | |||
792 | ||||
793 | n = num_othernames; | |||
794 | if (n > MAX_OTHER_NAMES8) | |||
795 | n = MAX_OTHER_NAMES8; | |||
796 | for (i = 0; i < n; i++) { | |||
797 | xextendf(&ret, "\n", " %s", othernames[i]); | |||
798 | } | |||
799 | if (n < num_othernames) { | |||
800 | xextendf(&ret, "\n", " (%d additional names omitted)", | |||
801 | num_othernames - n); | |||
802 | } | |||
803 | for (i = 0; i < num_othernames; i++) | |||
804 | free(othernames[i]); | |||
805 | free(othernames); | |||
806 | return ret; | |||
807 | } | |||
808 | ||||
809 | void | |||
810 | load_hostkeys_command(struct hostkeys *hostkeys, const char *command_template, | |||
811 | const char *invocation, const struct ssh_conn_info *cinfo, | |||
812 | const struct sshkey *host_key, const char *hostfile_hostname) | |||
813 | { | |||
814 | int r, i, ac = 0; | |||
815 | char *key_fp = NULL((void *)0), *keytext = NULL((void *)0), *tmp; | |||
816 | char *command = NULL((void *)0), *tag = NULL((void *)0), **av = NULL((void *)0); | |||
817 | FILE *f = NULL((void *)0); | |||
818 | pid_t pid; | |||
819 | void (*osigchld)(int); | |||
820 | ||||
821 | xasprintf(&tag, "KnownHostsCommand-%s", invocation); | |||
822 | ||||
823 | if (host_key != NULL((void *)0)) { | |||
824 | if ((key_fp = sshkey_fingerprint(host_key, | |||
825 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) | |||
826 | fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 826, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" ); | |||
827 | if ((r = sshkey_to_base64(host_key, &keytext)) != 0) | |||
828 | fatal_fr(r, "sshkey_to_base64 failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 828, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "sshkey_to_base64 failed" ); | |||
829 | } | |||
830 | /* | |||
831 | * NB. all returns later this function should go via "out" to | |||
832 | * ensure the original SIGCHLD handler is restored properly. | |||
833 | */ | |||
834 | osigchld = ssh_signal(SIGCHLD20, SIG_DFL(void (*)(int))0); | |||
835 | ||||
836 | /* Turn the command into an argument vector */ | |||
837 | if (argv_split(command_template, &ac, &av, 0) != 0) { | |||
838 | error("%s \"%s\" contains invalid quotes", tag,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 839 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" contains invalid quotes" , tag, command_template) | |||
839 | command_template)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 839 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" contains invalid quotes" , tag, command_template); | |||
840 | goto out; | |||
841 | } | |||
842 | if (ac == 0) { | |||
843 | error("%s \"%s\" yielded no arguments", tag,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 844 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" yielded no arguments" , tag, command_template) | |||
844 | command_template)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 844 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s \"%s\" yielded no arguments" , tag, command_template); | |||
845 | goto out; | |||
846 | } | |||
847 | for (i = 1; i < ac; i++) { | |||
848 | tmp = percent_dollar_expand(av[i], | |||
849 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo)"C", cinfo->conn_hash_hex, "L", cinfo->shorthost, "i", cinfo ->uidstr, "k", cinfo->keyalias, "l", cinfo->thishost , "n", cinfo->host_arg, "p", cinfo->portstr, "d", cinfo ->homedir, "h", cinfo->remhost, "r", cinfo->remuser, "u", cinfo->locuser, "j", cinfo->jmphost, | |||
850 | "H", hostfile_hostname, | |||
851 | "I", invocation, | |||
852 | "t", host_key == NULL((void *)0) ? "NONE" : sshkey_ssh_name(host_key), | |||
853 | "f", key_fp == NULL((void *)0) ? "NONE" : key_fp, | |||
854 | "K", keytext == NULL((void *)0) ? "NONE" : keytext, | |||
855 | (char *)NULL((void *)0)); | |||
856 | if (tmp == NULL((void *)0)) | |||
857 | fatal_f("percent_expand failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 857, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "percent_expand failed" ); | |||
858 | free(av[i]); | |||
859 | av[i] = tmp; | |||
860 | } | |||
861 | /* Prepare a printable command for logs, etc. */ | |||
862 | command = argv_assemble(ac, av); | |||
863 | ||||
864 | if ((pid = subprocess(tag, command, ac, av, &f, | |||
865 | SSH_SUBPROCESS_STDOUT_CAPTURE(1<<1)|SSH_SUBPROCESS_UNSAFE_PATH(1<<3)| | |||
866 | SSH_SUBPROCESS_PRESERVE_ENV(1<<4), NULL((void *)0), NULL((void *)0), NULL((void *)0))) == 0) | |||
867 | goto out; | |||
868 | ||||
869 | load_hostkeys_file(hostkeys, hostfile_hostname, tag, f, 1); | |||
870 | ||||
871 | if (exited_cleanly(pid, tag, command, 0) != 0) | |||
872 | fatal("KnownHostsCommand failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 872, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "KnownHostsCommand failed" ); | |||
873 | ||||
874 | out: | |||
875 | if (f != NULL((void *)0)) | |||
876 | fclose(f); | |||
877 | ssh_signal(SIGCHLD20, osigchld); | |||
878 | for (i = 0; i < ac; i++) | |||
879 | free(av[i]); | |||
880 | free(av); | |||
881 | free(tag); | |||
882 | free(command); | |||
883 | free(key_fp); | |||
884 | free(keytext); | |||
885 | } | |||
886 | ||||
887 | /* | |||
888 | * check whether the supplied host key is valid, return -1 if the key | |||
889 | * is not valid. user_hostfile[0] will not be updated if 'readonly' is true. | |||
890 | */ | |||
891 | #define RDRW0 0 | |||
892 | #define RDONLY1 1 | |||
893 | #define ROQUIET2 2 | |||
894 | static int | |||
895 | check_host_key(char *hostname, const struct ssh_conn_info *cinfo, | |||
896 | struct sockaddr *hostaddr, u_short port, | |||
897 | struct sshkey *host_key, int readonly, int clobber_port, | |||
898 | char **user_hostfiles, u_int num_user_hostfiles, | |||
899 | char **system_hostfiles, u_int num_system_hostfiles, | |||
900 | const char *hostfile_command) | |||
901 | { | |||
902 | HostStatus host_status = -1, ip_status = -1; | |||
903 | struct sshkey *raw_key = NULL((void *)0); | |||
904 | char *ip = NULL((void *)0), *host = NULL((void *)0); | |||
905 | char hostline[1000], *hostp, *fp, *ra; | |||
906 | char msg[1024]; | |||
907 | const char *type, *fail_reason = NULL((void *)0); | |||
908 | const struct hostkey_entry *host_found = NULL((void *)0), *ip_found = NULL((void *)0); | |||
909 | int len, cancelled_forwarding = 0, confirmed; | |||
910 | int local = sockaddr_is_local(hostaddr); | |||
911 | int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; | |||
912 | int hostkey_trusted = 0; /* Known or explicitly accepted by user */ | |||
913 | struct hostkeys *host_hostkeys, *ip_hostkeys; | |||
914 | u_int i; | |||
915 | ||||
916 | /* | |||
917 | * Force accepting of the host key for loopback/localhost. The | |||
918 | * problem is that if the home directory is NFS-mounted to multiple | |||
919 | * machines, localhost will refer to a different machine in each of | |||
920 | * them, and the user will get bogus HOST_CHANGED warnings. This | |||
921 | * essentially disables host authentication for localhost; however, | |||
922 | * this is probably not a real problem. | |||
923 | */ | |||
924 | if (options.no_host_authentication_for_localhost == 1 && local && | |||
| ||||
925 | options.host_key_alias == NULL((void *)0)) { | |||
926 | debug("Forcing accepting of host key for "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 927 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Forcing accepting of host key for " "loopback/localhost.") | |||
927 | "loopback/localhost.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 927 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Forcing accepting of host key for " "loopback/localhost."); | |||
928 | options.update_hostkeys = 0; | |||
929 | return 0; | |||
930 | } | |||
931 | ||||
932 | /* | |||
933 | * Don't ever try to write an invalid name to a known hosts file. | |||
934 | * Note: do this before get_hostfile_hostname_ipaddr() to catch | |||
935 | * '[' or ']' in the name before they are added. | |||
936 | */ | |||
937 | if (strcspn(hostname, "@?*#[]|'\'\"\\") != strlen(hostname)) { | |||
938 | debug_f("invalid hostname \"%s\"; will not record: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 939 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "invalid hostname \"%s\"; will not record: %s" , hostname, fail_reason) | |||
939 | hostname, fail_reason)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 939 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "invalid hostname \"%s\"; will not record: %s" , hostname, fail_reason); | |||
940 | readonly = RDONLY1; | |||
941 | } | |||
942 | ||||
943 | /* | |||
944 | * Prepare the hostname and address strings used for hostkey lookup. | |||
945 | * In some cases, these will have a port number appended. | |||
946 | */ | |||
947 | get_hostfile_hostname_ipaddr(hostname, hostaddr, | |||
948 | clobber_port ? 0 : port, &host, &ip); | |||
949 | ||||
950 | /* | |||
951 | * Turn off check_host_ip if the connection is to localhost, via proxy | |||
952 | * command or if we don't have a hostname to compare with | |||
953 | */ | |||
954 | if (options.check_host_ip && (local || | |||
955 | strcmp(hostname, ip) == 0 || options.proxy_command != NULL((void *)0))) | |||
956 | options.check_host_ip = 0; | |||
957 | ||||
958 | host_hostkeys = init_hostkeys(); | |||
959 | for (i = 0; i < num_user_hostfiles; i++) | |||
960 | load_hostkeys(host_hostkeys, host, user_hostfiles[i], 0); | |||
961 | for (i = 0; i < num_system_hostfiles; i++) | |||
962 | load_hostkeys(host_hostkeys, host, system_hostfiles[i], 0); | |||
963 | if (hostfile_command != NULL((void *)0) && !clobber_port) { | |||
964 | load_hostkeys_command(host_hostkeys, hostfile_command, | |||
965 | "HOSTNAME", cinfo, host_key, host); | |||
966 | } | |||
967 | ||||
968 | ip_hostkeys = NULL((void *)0); | |||
969 | if (!want_cert && options.check_host_ip) { | |||
970 | ip_hostkeys = init_hostkeys(); | |||
971 | for (i = 0; i < num_user_hostfiles; i++) | |||
972 | load_hostkeys(ip_hostkeys, ip, user_hostfiles[i], 0); | |||
973 | for (i = 0; i < num_system_hostfiles; i++) | |||
974 | load_hostkeys(ip_hostkeys, ip, system_hostfiles[i], 0); | |||
975 | if (hostfile_command
| |||
976 | load_hostkeys_command(ip_hostkeys, hostfile_command, | |||
977 | "ADDRESS", cinfo, host_key, ip); | |||
978 | } | |||
979 | } | |||
980 | ||||
981 | retry: | |||
982 | /* Reload these as they may have changed on cert->key downgrade */ | |||
983 | want_cert = sshkey_is_cert(host_key); | |||
984 | type = sshkey_type(host_key); | |||
985 | ||||
986 | /* | |||
987 | * Check if the host key is present in the user's list of known | |||
988 | * hosts or in the systemwide list. | |||
989 | */ | |||
990 | host_status = check_key_in_hostkeys(host_hostkeys, host_key, | |||
991 | &host_found); | |||
992 | ||||
993 | /* | |||
994 | * If there are no hostfiles, or if the hostkey was found via | |||
995 | * KnownHostsCommand, then don't try to touch the disk. | |||
996 | */ | |||
997 | if (!readonly && (num_user_hostfiles
| |||
998 | (host_found != NULL((void *)0) && host_found->note != 0))) | |||
999 | readonly = RDONLY1; | |||
1000 | ||||
1001 | /* | |||
1002 | * Also perform check for the ip address, skip the check if we are | |||
1003 | * localhost, looking for a certificate, or the hostname was an ip | |||
1004 | * address to begin with. | |||
1005 | */ | |||
1006 | if (!want_cert && ip_hostkeys != NULL((void *)0)) { | |||
1007 | ip_status = check_key_in_hostkeys(ip_hostkeys, host_key, | |||
1008 | &ip_found); | |||
1009 | if (host_status == HOST_CHANGED && | |||
1010 | (ip_status != HOST_CHANGED || | |||
1011 | (ip_found != NULL((void *)0) && | |||
1012 | !sshkey_equal(ip_found->key, host_found->key)))) | |||
1013 | host_ip_differ = 1; | |||
1014 | } else | |||
1015 | ip_status = host_status; | |||
1016 | ||||
1017 | switch (host_status) { | |||
1018 | case HOST_OK: | |||
1019 | /* The host is known and the key matches. */ | |||
1020 | debug("Host '%.200s' is known and matches the %s host %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1021 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host '%.200s' is known and matches the %s host %s." , host, type, want_cert ? "certificate" : "key") | |||
1021 | host, type, want_cert ? "certificate" : "key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1021 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host '%.200s' is known and matches the %s host %s." , host, type, want_cert ? "certificate" : "key"); | |||
1022 | debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1023 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Found %s in %s:%lu", want_cert ? "CA key" : "key", host_found->file, host_found->line ) | |||
| ||||
1023 | host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1023 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Found %s in %s:%lu", want_cert ? "CA key" : "key", host_found->file, host_found->line ); | |||
1024 | if (want_cert) { | |||
1025 | if (sshkey_cert_check_host(host_key, | |||
1026 | options.host_key_alias == NULL((void *)0) ? | |||
1027 | hostname : options.host_key_alias, 0, | |||
1028 | options.ca_sign_algorithms, &fail_reason) != 0) { | |||
1029 | error("%s", fail_reason)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1029 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s", fail_reason); | |||
1030 | goto fail; | |||
1031 | } | |||
1032 | /* | |||
1033 | * Do not attempt hostkey update if a certificate was | |||
1034 | * successfully matched. | |||
1035 | */ | |||
1036 | if (options.update_hostkeys != 0) { | |||
1037 | options.update_hostkeys = 0; | |||
1038 | debug3_f("certificate host key in use; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1039 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "certificate host key in use; " "disabling UpdateHostkeys") | |||
1039 | "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1039 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "certificate host key in use; " "disabling UpdateHostkeys"); | |||
1040 | } | |||
1041 | } | |||
1042 | /* Turn off UpdateHostkeys if key was in system known_hosts */ | |||
1043 | if (options.update_hostkeys != 0 && | |||
1044 | (path_in_hostfiles(host_found->file, | |||
1045 | system_hostfiles, num_system_hostfiles) || | |||
1046 | (ip_status == HOST_OK && ip_found != NULL((void *)0) && | |||
1047 | path_in_hostfiles(ip_found->file, | |||
1048 | system_hostfiles, num_system_hostfiles)))) { | |||
1049 | options.update_hostkeys = 0; | |||
1050 | debug3_f("host key found in GlobalKnownHostsFile; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1051 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found in GlobalKnownHostsFile; " "disabling UpdateHostkeys") | |||
1051 | "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1051 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found in GlobalKnownHostsFile; " "disabling UpdateHostkeys"); | |||
1052 | } | |||
1053 | if (options.update_hostkeys != 0 && host_found->note) { | |||
1054 | options.update_hostkeys = 0; | |||
1055 | debug3_f("host key found via KnownHostsCommand; "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1056 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found via KnownHostsCommand; " "disabling UpdateHostkeys") | |||
1056 | "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1056 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "host key found via KnownHostsCommand; " "disabling UpdateHostkeys"); | |||
1057 | } | |||
1058 | if (options.check_host_ip && ip_status == HOST_NEW) { | |||
1059 | if (readonly || want_cert) | |||
1060 | logit("%s host key for IP address "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1062 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip) | |||
1061 | "'%.128s' not in list of known hosts.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1062 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip) | |||
1062 | type, ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1062 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip); | |||
1063 | else if (!add_host_to_hostfile(user_hostfiles[0], ip, | |||
1064 | host_key, options.hash_known_hosts)) | |||
1065 | logit("Failed to add the %s host key for IP "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0]) | |||
1066 | "address '%.128s' to the list of known "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0]) | |||
1067 | "hosts (%.500s).", type, ip,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0]) | |||
1068 | user_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1068 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.500s).", type , ip, user_hostfiles[0]); | |||
1069 | else | |||
1070 | logit("Warning: Permanently added the %s host "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1072 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts." , type, ip) | |||
1071 | "key for IP address '%.128s' to the list "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1072 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts." , type, ip) | |||
1072 | "of known hosts.", type, ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1072 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts." , type, ip); | |||
1073 | } else if (options.visual_host_key) { | |||
1074 | fp = sshkey_fingerprint(host_key, | |||
1075 | options.fingerprint_hash, SSH_FP_DEFAULT); | |||
1076 | ra = sshkey_fingerprint(host_key, | |||
1077 | options.fingerprint_hash, SSH_FP_RANDOMART); | |||
1078 | if (fp == NULL((void *)0) || ra == NULL((void *)0)) | |||
1079 | fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1079, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" ); | |||
1080 | logit("Host key fingerprint is %s\n%s", fp, ra)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1080 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Host key fingerprint is %s\n%s" , fp, ra); | |||
1081 | free(ra); | |||
1082 | free(fp); | |||
1083 | } | |||
1084 | hostkey_trusted = 1; | |||
1085 | break; | |||
1086 | case HOST_NEW: | |||
1087 | if (options.host_key_alias == NULL((void *)0) && port != 0 && | |||
1088 | port != SSH_DEFAULT_PORT22 && !clobber_port) { | |||
1089 | debug("checking without port identifier")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1089 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "checking without port identifier" ); | |||
1090 | if (check_host_key(hostname, cinfo, hostaddr, 0, | |||
1091 | host_key, ROQUIET2, 1, | |||
1092 | user_hostfiles, num_user_hostfiles, | |||
1093 | system_hostfiles, num_system_hostfiles, | |||
1094 | hostfile_command) == 0) { | |||
1095 | debug("found matching key w/out port")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1095 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "found matching key w/out port" ); | |||
1096 | break; | |||
1097 | } | |||
1098 | } | |||
1099 | if (readonly || want_cert) | |||
1100 | goto fail; | |||
1101 | /* The host is new. */ | |||
1102 | if (options.strict_host_key_checking == | |||
1103 | SSH_STRICT_HOSTKEY_YES2) { | |||
1104 | /* | |||
1105 | * User has requested strict host key checking. We | |||
1106 | * will not add the host key automatically. The only | |||
1107 | * alternative left is to abort. | |||
1108 | */ | |||
1109 | error("No %s host key is known for %.200s and you "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1110 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "No %s host key is known for %.200s and you " "have requested strict checking.", type, host) | |||
1110 | "have requested strict checking.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1110 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "No %s host key is known for %.200s and you " "have requested strict checking.", type, host); | |||
1111 | goto fail; | |||
1112 | } else if (options.strict_host_key_checking == | |||
1113 | SSH_STRICT_HOSTKEY_ASK3) { | |||
1114 | char *msg1 = NULL((void *)0), *msg2 = NULL((void *)0); | |||
1115 | ||||
1116 | xasprintf(&msg1, "The authenticity of host " | |||
1117 | "'%.200s (%s)' can't be established", host, ip); | |||
1118 | ||||
1119 | if (show_other_keys(host_hostkeys, host_key)) { | |||
1120 | xextendf(&msg1, "\n", "but keys of different " | |||
1121 | "type are already known for this host."); | |||
1122 | } else | |||
1123 | xextendf(&msg1, "", "."); | |||
1124 | ||||
1125 | fp = sshkey_fingerprint(host_key, | |||
1126 | options.fingerprint_hash, SSH_FP_DEFAULT); | |||
1127 | ra = sshkey_fingerprint(host_key, | |||
1128 | options.fingerprint_hash, SSH_FP_RANDOMART); | |||
1129 | if (fp == NULL((void *)0) || ra == NULL((void *)0)) | |||
1130 | fatal_f("sshkey_fingerprint failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1130, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint failed" ); | |||
1131 | xextendf(&msg1, "\n", "%s key fingerprint is %s.", | |||
1132 | type, fp); | |||
1133 | if (options.visual_host_key) | |||
1134 | xextendf(&msg1, "\n", "%s", ra); | |||
1135 | if (options.verify_host_key_dns) { | |||
1136 | xextendf(&msg1, "\n", | |||
1137 | "%s host key fingerprint found in DNS.", | |||
1138 | matching_host_key_dns ? | |||
1139 | "Matching" : "No matching"); | |||
1140 | } | |||
1141 | /* msg2 informs for other names matching this key */ | |||
1142 | if ((msg2 = other_hostkeys_message(host, ip, host_key, | |||
1143 | user_hostfiles, num_user_hostfiles, | |||
1144 | system_hostfiles, num_system_hostfiles)) != NULL((void *)0)) | |||
1145 | xextendf(&msg1, "\n", "%s", msg2); | |||
1146 | ||||
1147 | xextendf(&msg1, "\n", | |||
1148 | "Are you sure you want to continue connecting " | |||
1149 | "(yes/no/[fingerprint])? "); | |||
1150 | ||||
1151 | confirmed = confirm(msg1, fp); | |||
1152 | free(ra); | |||
1153 | free(fp); | |||
1154 | free(msg1); | |||
1155 | free(msg2); | |||
1156 | if (!confirmed) | |||
1157 | goto fail; | |||
1158 | hostkey_trusted = 1; /* user explicitly confirmed */ | |||
1159 | } | |||
1160 | /* | |||
1161 | * If in "new" or "off" strict mode, add the key automatically | |||
1162 | * to the local known_hosts file. | |||
1163 | */ | |||
1164 | if (options.check_host_ip && ip_status == HOST_NEW) { | |||
1165 | snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); | |||
1166 | hostp = hostline; | |||
1167 | if (options.hash_known_hosts) { | |||
1168 | /* Add hash of host and IP separately */ | |||
1169 | r = add_host_to_hostfile(user_hostfiles[0], | |||
1170 | host, host_key, options.hash_known_hosts) && | |||
1171 | add_host_to_hostfile(user_hostfiles[0], ip, | |||
1172 | host_key, options.hash_known_hosts); | |||
1173 | } else { | |||
1174 | /* Add unhashed "host,ip" */ | |||
1175 | r = add_host_to_hostfile(user_hostfiles[0], | |||
1176 | hostline, host_key, | |||
1177 | options.hash_known_hosts); | |||
1178 | } | |||
1179 | } else { | |||
1180 | r = add_host_to_hostfile(user_hostfiles[0], host, | |||
1181 | host_key, options.hash_known_hosts); | |||
1182 | hostp = host; | |||
1183 | } | |||
1184 | ||||
1185 | if (!r) | |||
1186 | logit("Failed to add the host to the list of known "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1187 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the host to the list of known " "hosts (%.500s).", user_hostfiles[0]) | |||
1187 | "hosts (%.500s).", user_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1187 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Failed to add the host to the list of known " "hosts (%.500s).", user_hostfiles[0]); | |||
1188 | else | |||
1189 | logit("Warning: Permanently added '%.200s' (%s) to the "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1190 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added '%.200s' (%s) to the " "list of known hosts.", hostp, type) | |||
1190 | "list of known hosts.", hostp, type)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1190 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "Warning: Permanently added '%.200s' (%s) to the " "list of known hosts.", hostp, type); | |||
1191 | break; | |||
1192 | case HOST_REVOKED: | |||
1193 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1193 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); | |||
1194 | error("@ WARNING: REVOKED HOST KEY DETECTED! @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1194 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@ WARNING: REVOKED HOST KEY DETECTED! @" ); | |||
1195 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1195 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); | |||
1196 | error("The %s host key for %s is marked as revoked.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1196 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The %s host key for %s is marked as revoked." , type, host); | |||
1197 | error("This could mean that a stolen key is being used to")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1197 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "This could mean that a stolen key is being used to" ); | |||
1198 | error("impersonate this host.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1198 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "impersonate this host." ); | |||
1199 | ||||
1200 | /* | |||
1201 | * If strict host key checking is in use, the user will have | |||
1202 | * to edit the key manually and we can only abort. | |||
1203 | */ | |||
1204 | if (options.strict_host_key_checking != | |||
1205 | SSH_STRICT_HOSTKEY_OFF0) { | |||
1206 | error("%s host key for %.200s was revoked and you have "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1207 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s host key for %.200s was revoked and you have " "requested strict checking.", type, host) | |||
1207 | "requested strict checking.", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1207 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s host key for %.200s was revoked and you have " "requested strict checking.", type, host); | |||
1208 | goto fail; | |||
1209 | } | |||
1210 | goto continue_unsafe; | |||
1211 | ||||
1212 | case HOST_CHANGED: | |||
1213 | if (want_cert) { | |||
1214 | /* | |||
1215 | * This is only a debug() since it is valid to have | |||
1216 | * CAs with wildcard DNS matches that don't match | |||
1217 | * all hosts that one might visit. | |||
1218 | */ | |||
1219 | debug("Host certificate authority does not "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1221 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not " "match %s in %s:%lu", "@cert-authority", host_found->file , host_found->line) | |||
1220 | "match %s in %s:%lu", CA_MARKER,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1221 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not " "match %s in %s:%lu", "@cert-authority", host_found->file , host_found->line) | |||
1221 | host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1221 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Host certificate authority does not " "match %s in %s:%lu", "@cert-authority", host_found->file , host_found->line); | |||
1222 | goto fail; | |||
1223 | } | |||
1224 | if (readonly == ROQUIET2) | |||
1225 | goto fail; | |||
1226 | if (options.check_host_ip && host_ip_differ) { | |||
1227 | char *key_msg; | |||
1228 | if (ip_status == HOST_NEW) | |||
1229 | key_msg = "is unknown"; | |||
1230 | else if (ip_status == HOST_OK) | |||
1231 | key_msg = "is unchanged"; | |||
1232 | else | |||
1233 | key_msg = "has a different value"; | |||
1234 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1234 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); | |||
1235 | error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1235 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @" ); | |||
1236 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1236 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); | |||
1237 | error("The %s host key for %s has changed,", type, host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1237 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The %s host key for %s has changed," , type, host); | |||
1238 | error("and the key for the corresponding IP address %s", ip)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1238 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "and the key for the corresponding IP address %s" , ip); | |||
1239 | error("%s. This could either mean that", key_msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1239 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s. This could either mean that" , key_msg); | |||
1240 | error("DNS SPOOFING is happening or the IP address for the host")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1240 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "DNS SPOOFING is happening or the IP address for the host" ); | |||
1241 | error("and its host key have changed at the same time.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1241 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "and its host key have changed at the same time." ); | |||
1242 | if (ip_status != HOST_NEW) | |||
1243 | error("Offending key for IP in %s:%lu",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1244 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending key for IP in %s:%lu" , ip_found->file, ip_found->line) | |||
1244 | ip_found->file, ip_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1244 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending key for IP in %s:%lu" , ip_found->file, ip_found->line); | |||
1245 | } | |||
1246 | /* The host key has changed. */ | |||
1247 | warn_changed_key(host_key); | |||
1248 | if (num_user_hostfiles > 0 || num_system_hostfiles > 0) { | |||
1249 | error("Add correct host key in %.100s to get rid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid " "of this message.", num_user_hostfiles > 0 ? user_hostfiles [0] : system_hostfiles[0]) | |||
1250 | "of this message.", num_user_hostfiles > 0 ?sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid " "of this message.", num_user_hostfiles > 0 ? user_hostfiles [0] : system_hostfiles[0]) | |||
1251 | user_hostfiles[0] : system_hostfiles[0])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Add correct host key in %.100s to get rid " "of this message.", num_user_hostfiles > 0 ? user_hostfiles [0] : system_hostfiles[0]); | |||
1252 | } | |||
1253 | error("Offending %s key in %s:%lu",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu" , sshkey_type(host_found->key), host_found->file, host_found ->line) | |||
1254 | sshkey_type(host_found->key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu" , sshkey_type(host_found->key), host_found->file, host_found ->line) | |||
1255 | host_found->file, host_found->line)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1255 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Offending %s key in %s:%lu" , sshkey_type(host_found->key), host_found->file, host_found ->line); | |||
1256 | ||||
1257 | /* | |||
1258 | * If strict host key checking is in use, the user will have | |||
1259 | * to edit the key manually and we can only abort. | |||
1260 | */ | |||
1261 | if (options.strict_host_key_checking != | |||
1262 | SSH_STRICT_HOSTKEY_OFF0) { | |||
1263 | error("Host key for %.200s has changed and you have "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1264 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key for %.200s has changed and you have " "requested strict checking.", host) | |||
1264 | "requested strict checking.", host)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1264 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key for %.200s has changed and you have " "requested strict checking.", host); | |||
1265 | goto fail; | |||
1266 | } | |||
1267 | ||||
1268 | continue_unsafe: | |||
1269 | /* | |||
1270 | * If strict host key checking has not been requested, allow | |||
1271 | * the connection but without MITM-able authentication or | |||
1272 | * forwarding. | |||
1273 | */ | |||
1274 | if (options.password_authentication) { | |||
1275 | error("Password authentication is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1276 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Password authentication is disabled to avoid " "man-in-the-middle attacks.") | |||
1276 | "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1276 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Password authentication is disabled to avoid " "man-in-the-middle attacks."); | |||
1277 | options.password_authentication = 0; | |||
1278 | cancelled_forwarding = 1; | |||
1279 | } | |||
1280 | if (options.kbd_interactive_authentication) { | |||
1281 | error("Keyboard-interactive authentication is disabled"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1282 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Keyboard-interactive authentication is disabled" " to avoid man-in-the-middle attacks.") | |||
1282 | " to avoid man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1282 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Keyboard-interactive authentication is disabled" " to avoid man-in-the-middle attacks."); | |||
1283 | options.kbd_interactive_authentication = 0; | |||
1284 | cancelled_forwarding = 1; | |||
1285 | } | |||
1286 | if (options.forward_agent) { | |||
1287 | error("Agent forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1288 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Agent forwarding is disabled to avoid " "man-in-the-middle attacks.") | |||
1288 | "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1288 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Agent forwarding is disabled to avoid " "man-in-the-middle attacks."); | |||
1289 | options.forward_agent = 0; | |||
1290 | cancelled_forwarding = 1; | |||
1291 | } | |||
1292 | if (options.forward_x11) { | |||
1293 | error("X11 forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1294 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "X11 forwarding is disabled to avoid " "man-in-the-middle attacks.") | |||
1294 | "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1294 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "X11 forwarding is disabled to avoid " "man-in-the-middle attacks."); | |||
1295 | options.forward_x11 = 0; | |||
1296 | cancelled_forwarding = 1; | |||
1297 | } | |||
1298 | if (options.num_local_forwards > 0 || | |||
1299 | options.num_remote_forwards > 0) { | |||
1300 | error("Port forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1301 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Port forwarding is disabled to avoid " "man-in-the-middle attacks.") | |||
1301 | "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1301 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Port forwarding is disabled to avoid " "man-in-the-middle attacks."); | |||
1302 | options.num_local_forwards = | |||
1303 | options.num_remote_forwards = 0; | |||
1304 | cancelled_forwarding = 1; | |||
1305 | } | |||
1306 | if (options.tun_open != SSH_TUNMODE_NO0x00) { | |||
1307 | error("Tunnel forwarding is disabled to avoid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1308 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Tunnel forwarding is disabled to avoid " "man-in-the-middle attacks.") | |||
1308 | "man-in-the-middle attacks.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1308 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Tunnel forwarding is disabled to avoid " "man-in-the-middle attacks."); | |||
1309 | options.tun_open = SSH_TUNMODE_NO0x00; | |||
1310 | cancelled_forwarding = 1; | |||
1311 | } | |||
1312 | if (options.update_hostkeys != 0) { | |||
1313 | error("UpdateHostkeys is disabled because the host "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1314 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "UpdateHostkeys is disabled because the host " "key is not trusted.") | |||
1314 | "key is not trusted.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1314 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "UpdateHostkeys is disabled because the host " "key is not trusted."); | |||
1315 | options.update_hostkeys = 0; | |||
1316 | } | |||
1317 | if (options.exit_on_forward_failure && cancelled_forwarding) | |||
1318 | fatal("Error: forwarding disabled due to host key "sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1319, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Error: forwarding disabled due to host key " "check failure") | |||
1319 | "check failure")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1319, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Error: forwarding disabled due to host key " "check failure"); | |||
1320 | ||||
1321 | /* | |||
1322 | * XXX Should permit the user to change to use the new id. | |||
1323 | * This could be done by converting the host key to an | |||
1324 | * identifying sentence, tell that the host identifies itself | |||
1325 | * by that sentence, and ask the user if they wish to | |||
1326 | * accept the authentication. | |||
1327 | */ | |||
1328 | break; | |||
1329 | case HOST_FOUND: | |||
1330 | fatal("internal error")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1330, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "internal error"); | |||
1331 | break; | |||
1332 | } | |||
1333 | ||||
1334 | if (options.check_host_ip && host_status != HOST_CHANGED && | |||
1335 | ip_status == HOST_CHANGED) { | |||
1336 | snprintf(msg, sizeof(msg), | |||
1337 | "Warning: the %s host key for '%.200s' " | |||
1338 | "differs from the key for the IP address '%.128s'" | |||
1339 | "\nOffending key for IP in %s:%lu", | |||
1340 | type, host, ip, ip_found->file, ip_found->line); | |||
1341 | if (host_status == HOST_OK) { | |||
1342 | len = strlen(msg); | |||
1343 | snprintf(msg + len, sizeof(msg) - len, | |||
1344 | "\nMatching host key in %s:%lu", | |||
1345 | host_found->file, host_found->line); | |||
1346 | } | |||
1347 | if (options.strict_host_key_checking == | |||
1348 | SSH_STRICT_HOSTKEY_ASK3) { | |||
1349 | strlcat(msg, "\nAre you sure you want " | |||
1350 | "to continue connecting (yes/no)? ", sizeof(msg)); | |||
1351 | if (!confirm(msg, NULL((void *)0))) | |||
1352 | goto fail; | |||
1353 | } else if (options.strict_host_key_checking != | |||
1354 | SSH_STRICT_HOSTKEY_OFF0) { | |||
1355 | logit("%s", msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1355 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", msg); | |||
1356 | error("Exiting, you have requested strict checking.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1356 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Exiting, you have requested strict checking." ); | |||
1357 | goto fail; | |||
1358 | } else { | |||
1359 | logit("%s", msg)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1359 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", msg); | |||
1360 | } | |||
1361 | } | |||
1362 | ||||
1363 | if (!hostkey_trusted && options.update_hostkeys) { | |||
1364 | debug_f("hostkey not known or explicitly trusted: "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1365 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkey not known or explicitly trusted: " "disabling UpdateHostkeys") | |||
1365 | "disabling UpdateHostkeys")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1365 , 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "hostkey not known or explicitly trusted: " "disabling UpdateHostkeys"); | |||
1366 | options.update_hostkeys = 0; | |||
1367 | } | |||
1368 | ||||
1369 | free(ip); | |||
1370 | free(host); | |||
1371 | if (host_hostkeys != NULL((void *)0)) | |||
1372 | free_hostkeys(host_hostkeys); | |||
1373 | if (ip_hostkeys != NULL((void *)0)) | |||
1374 | free_hostkeys(ip_hostkeys); | |||
1375 | return 0; | |||
1376 | ||||
1377 | fail: | |||
1378 | if (want_cert && host_status != HOST_REVOKED) { | |||
1379 | /* | |||
1380 | * No matching certificate. Downgrade cert to raw key and | |||
1381 | * search normally. | |||
1382 | */ | |||
1383 | debug("No matching CA found. Retry with plain key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1383 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "No matching CA found. Retry with plain key" ); | |||
1384 | if ((r = sshkey_from_private(host_key, &raw_key)) != 0) | |||
1385 | fatal_fr(r, "decode key")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1385, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "decode key"); | |||
1386 | if ((r = sshkey_drop_cert(raw_key)) != 0) | |||
1387 | fatal_r(r, "Couldn't drop certificate")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1387, 0, SYSLOG_LEVEL_FATAL, ssh_err(r), "Couldn't drop certificate" ); | |||
1388 | host_key = raw_key; | |||
1389 | goto retry; | |||
1390 | } | |||
1391 | sshkey_free(raw_key); | |||
1392 | free(ip); | |||
1393 | free(host); | |||
1394 | if (host_hostkeys != NULL((void *)0)) | |||
1395 | free_hostkeys(host_hostkeys); | |||
1396 | if (ip_hostkeys != NULL((void *)0)) | |||
1397 | free_hostkeys(ip_hostkeys); | |||
1398 | return -1; | |||
1399 | } | |||
1400 | ||||
1401 | /* returns 0 if key verifies or -1 if key does NOT verify */ | |||
1402 | int | |||
1403 | verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key, | |||
1404 | const struct ssh_conn_info *cinfo) | |||
1405 | { | |||
1406 | u_int i; | |||
1407 | int r = -1, flags = 0; | |||
1408 | char valid[64], *fp = NULL((void *)0), *cafp = NULL((void *)0); | |||
1409 | struct sshkey *plain = NULL((void *)0); | |||
1410 | ||||
1411 | if ((fp = sshkey_fingerprint(host_key, | |||
1412 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) { | |||
1413 | error_fr(r, "fingerprint host key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1413 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "fingerprint host key"); | |||
1414 | r = -1; | |||
1415 | goto out; | |||
1416 | } | |||
1417 | ||||
1418 | if (sshkey_is_cert(host_key)) { | |||
1419 | if ((cafp = sshkey_fingerprint(host_key->cert->signature_key, | |||
1420 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL((void *)0)) { | |||
1421 | error_fr(r, "fingerprint CA key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1421 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "fingerprint CA key"); | |||
1422 | r = -1; | |||
1423 | goto out; | |||
1424 | } | |||
1425 | sshkey_format_cert_validity(host_key->cert, | |||
1426 | valid, sizeof(valid)); | |||
1427 | debug("Server host certificate: %s %s, serial %llu "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) | |||
1428 | "ID \"%s\" CA %s %s valid %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) | |||
1429 | sshkey_ssh_name(host_key), fp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) | |||
1430 | (unsigned long long)host_key->cert->serial,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) | |||
1431 | host_key->cert->key_id,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) | |||
1432 | sshkey_ssh_name(host_key->cert->signature_key), cafp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid) | |||
1433 | valid)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1433 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host certificate: %s %s, serial %llu " "ID \"%s\" CA %s %s valid %s", sshkey_ssh_name(host_key), fp , (unsigned long long)host_key->cert->serial, host_key-> cert->key_id, sshkey_ssh_name(host_key->cert->signature_key ), cafp, valid); | |||
1434 | for (i = 0; i < host_key->cert->nprincipals; i++) { | |||
1435 | debug2("Server host certificate hostname: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1436 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "Server host certificate hostname: %s" , host_key->cert->principals[i]) | |||
1436 | host_key->cert->principals[i])sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1436 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "Server host certificate hostname: %s" , host_key->cert->principals[i]); | |||
1437 | } | |||
1438 | } else { | |||
1439 | debug("Server host key: %s %s", sshkey_ssh_name(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1439 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Server host key: %s %s" , sshkey_ssh_name(host_key), fp); | |||
1440 | } | |||
1441 | ||||
1442 | if (sshkey_equal(previous_host_key, host_key)) { | |||
1443 | debug2_f("server host key %s %s matches cached key",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1444 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "server host key %s %s matches cached key" , sshkey_type(host_key), fp) | |||
1444 | sshkey_type(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1444 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "server host key %s %s matches cached key" , sshkey_type(host_key), fp); | |||
1445 | r = 0; | |||
1446 | goto out; | |||
1447 | } | |||
1448 | ||||
1449 | /* Check in RevokedHostKeys file if specified */ | |||
1450 | if (options.revoked_host_keys != NULL((void *)0)) { | |||
1451 | r = sshkey_check_revoked(host_key, options.revoked_host_keys); | |||
1452 | switch (r) { | |||
1453 | case 0: | |||
1454 | break; /* not revoked */ | |||
1455 | case SSH_ERR_KEY_REVOKED-51: | |||
1456 | error("Host key %s %s revoked by file %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1458 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s" , sshkey_type(host_key), fp, options.revoked_host_keys) | |||
1457 | sshkey_type(host_key), fp,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1458 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s" , sshkey_type(host_key), fp, options.revoked_host_keys) | |||
1458 | options.revoked_host_keys)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1458 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host key %s %s revoked by file %s" , sshkey_type(host_key), fp, options.revoked_host_keys); | |||
1459 | r = -1; | |||
1460 | goto out; | |||
1461 | default: | |||
1462 | error_r(r, "Error checking host key %s %s in "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in " "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys ) | |||
1463 | "revoked keys file %s", sshkey_type(host_key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in " "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys ) | |||
1464 | fp, options.revoked_host_keys)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Error checking host key %s %s in " "revoked keys file %s", sshkey_type(host_key), fp, options.revoked_host_keys ); | |||
1465 | r = -1; | |||
1466 | goto out; | |||
1467 | } | |||
1468 | } | |||
1469 | ||||
1470 | if (options.verify_host_key_dns) { | |||
1471 | /* | |||
1472 | * XXX certs are not yet supported for DNS, so downgrade | |||
1473 | * them and try the plain key. | |||
1474 | */ | |||
1475 | if ((r = sshkey_from_private(host_key, &plain)) != 0) | |||
1476 | goto out; | |||
1477 | if (sshkey_is_cert(plain)) | |||
1478 | sshkey_drop_cert(plain); | |||
1479 | if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) { | |||
1480 | if (flags & DNS_VERIFY_FOUND0x00000001) { | |||
1481 | if (options.verify_host_key_dns == 1 && | |||
1482 | flags & DNS_VERIFY_MATCH0x00000002 && | |||
1483 | flags & DNS_VERIFY_SECURE0x00000004) { | |||
1484 | r = 0; | |||
1485 | goto out; | |||
1486 | } | |||
1487 | if (flags & DNS_VERIFY_MATCH0x00000002) { | |||
1488 | matching_host_key_dns = 1; | |||
1489 | } else { | |||
1490 | warn_changed_key(plain); | |||
1491 | error("Update the SSHFP RR in DNS "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1493 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS " "with the new host key to get rid " "of this message.") | |||
1492 | "with the new host key to get rid "sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1493 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS " "with the new host key to get rid " "of this message.") | |||
1493 | "of this message.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1493 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Update the SSHFP RR in DNS " "with the new host key to get rid " "of this message."); | |||
1494 | } | |||
1495 | } | |||
1496 | } | |||
1497 | } | |||
1498 | r = check_host_key(host, cinfo, hostaddr, options.port, host_key, | |||
1499 | RDRW0, 0, options.user_hostfiles, options.num_user_hostfiles, | |||
1500 | options.system_hostfiles, options.num_system_hostfiles, | |||
1501 | options.known_hosts_command); | |||
1502 | ||||
1503 | out: | |||
1504 | sshkey_free(plain); | |||
1505 | free(fp); | |||
1506 | free(cafp); | |||
1507 | if (r == 0 && host_key != NULL((void *)0)) { | |||
1508 | sshkey_free(previous_host_key); | |||
1509 | r = sshkey_from_private(host_key, &previous_host_key); | |||
1510 | } | |||
1511 | ||||
1512 | return r; | |||
1513 | } | |||
1514 | ||||
1515 | /* | |||
1516 | * Starts a dialog with the server, and authenticates the current user on the | |||
1517 | * server. This does not need any extra privileges. The basic connection | |||
1518 | * to the server must already have been established before this is called. | |||
1519 | * If login fails, this function prints an error and never returns. | |||
1520 | * This function does not require super-user privileges. | |||
1521 | */ | |||
1522 | void | |||
1523 | ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, | |||
1524 | struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms, | |||
1525 | const struct ssh_conn_info *cinfo) | |||
1526 | { | |||
1527 | char *host; | |||
1528 | char *server_user, *local_user; | |||
1529 | int r; | |||
1530 | ||||
1531 | local_user = xstrdup(pw->pw_name); | |||
1532 | server_user = options.user ? options.user : local_user; | |||
1533 | ||||
1534 | /* Convert the user-supplied hostname into all lowercase. */ | |||
1535 | host = xstrdup(orighost); | |||
1536 | lowercase(host); | |||
1537 | ||||
1538 | /* Exchange protocol version identification strings with the server. */ | |||
1539 | if ((r = kex_exchange_identification(ssh, timeout_ms, NULL((void *)0))) != 0) | |||
1540 | sshpkt_fatal(ssh, r, "banner exchange"); | |||
1541 | ||||
1542 | /* Put the connection into non-blocking mode. */ | |||
1543 | ssh_packet_set_nonblocking(ssh); | |||
1544 | ||||
1545 | /* key exchange */ | |||
1546 | /* authenticate user */ | |||
1547 | debug("Authenticating to %s:%d as '%s'", host, port, server_user)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1547 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Authenticating to %s:%d as '%s'" , host, port, server_user); | |||
1548 | ssh_kex2(ssh, host, hostaddr, port, cinfo); | |||
1549 | ssh_userauth2(ssh, local_user, server_user, host, sensitive); | |||
1550 | free(local_user); | |||
1551 | free(host); | |||
1552 | } | |||
1553 | ||||
1554 | /* print all known host keys for a given host, but skip keys of given type */ | |||
1555 | static int | |||
1556 | show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) | |||
1557 | { | |||
1558 | int type[] = { | |||
1559 | KEY_RSA, | |||
1560 | #ifdef WITH_DSA1 | |||
1561 | KEY_DSA, | |||
1562 | #endif | |||
1563 | KEY_ECDSA, | |||
1564 | KEY_ED25519, | |||
1565 | KEY_XMSS, | |||
1566 | -1 | |||
1567 | }; | |||
1568 | int i, ret = 0; | |||
1569 | char *fp, *ra; | |||
1570 | const struct hostkey_entry *found; | |||
1571 | ||||
1572 | for (i = 0; type[i] != -1; i++) { | |||
1573 | if (type[i] == key->type) | |||
1574 | continue; | |||
1575 | if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], | |||
1576 | -1, &found)) | |||
1577 | continue; | |||
1578 | fp = sshkey_fingerprint(found->key, | |||
1579 | options.fingerprint_hash, SSH_FP_DEFAULT); | |||
1580 | ra = sshkey_fingerprint(found->key, | |||
1581 | options.fingerprint_hash, SSH_FP_RANDOMART); | |||
1582 | if (fp == NULL((void *)0) || ra == NULL((void *)0)) | |||
1583 | fatal_f("sshkey_fingerprint fail")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1583, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint fail" ); | |||
1584 | logit("WARNING: %s key found for host %s\n"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp) | |||
1585 | "in %s:%lu\n"sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp) | |||
1586 | "%s key fingerprint %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp) | |||
1587 | sshkey_type(found->key),sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp) | |||
1588 | found->host, found->file, found->line,sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp) | |||
1589 | sshkey_type(found->key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1589 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", sshkey_type(found-> key), found->host, found->file, found->line, sshkey_type (found->key), fp); | |||
1590 | if (options.visual_host_key) | |||
1591 | logit("%s", ra)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1591 , 0, SYSLOG_LEVEL_INFO, ((void *)0), "%s", ra); | |||
1592 | free(ra); | |||
1593 | free(fp); | |||
1594 | ret = 1; | |||
1595 | } | |||
1596 | return ret; | |||
1597 | } | |||
1598 | ||||
1599 | static void | |||
1600 | warn_changed_key(struct sshkey *host_key) | |||
1601 | { | |||
1602 | char *fp; | |||
1603 | ||||
1604 | fp = sshkey_fingerprint(host_key, options.fingerprint_hash, | |||
1605 | SSH_FP_DEFAULT); | |||
1606 | if (fp == NULL((void *)0)) | |||
1607 | fatal_f("sshkey_fingerprint fail")sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1607, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "sshkey_fingerprint fail" ); | |||
1608 | ||||
1609 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1609 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); | |||
1610 | error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1610 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @" ); | |||
1611 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1611 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" ); | |||
1612 | error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1612 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!" ); | |||
1613 | error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1613 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Someone could be eavesdropping on you right now (man-in-the-middle attack)!" ); | |||
1614 | error("It is also possible that a host key has just been changed.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1614 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "It is also possible that a host key has just been changed." ); | |||
1615 | error("The fingerprint for the %s key sent by the remote host is\n%s.",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1616 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The fingerprint for the %s key sent by the remote host is\n%s." , sshkey_type(host_key), fp) | |||
1616 | sshkey_type(host_key), fp)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1616 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "The fingerprint for the %s key sent by the remote host is\n%s." , sshkey_type(host_key), fp); | |||
1617 | error("Please contact your system administrator.")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1617 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Please contact your system administrator." ); | |||
1618 | ||||
1619 | free(fp); | |||
1620 | } | |||
1621 | ||||
1622 | /* | |||
1623 | * Execute a local command | |||
1624 | */ | |||
1625 | int | |||
1626 | ssh_local_cmd(const char *args) | |||
1627 | { | |||
1628 | char *shell; | |||
1629 | pid_t pid; | |||
1630 | int status; | |||
1631 | void (*osighand)(int); | |||
1632 | ||||
1633 | if (!options.permit_local_command || | |||
1634 | args == NULL((void *)0) || !*args) | |||
1635 | return (1); | |||
1636 | ||||
1637 | if ((shell = getenv("SHELL")) == NULL((void *)0) || *shell == '\0') | |||
1638 | shell = _PATH_BSHELL"/bin/sh"; | |||
1639 | ||||
1640 | osighand = ssh_signal(SIGCHLD20, SIG_DFL(void (*)(int))0); | |||
1641 | pid = fork(); | |||
1642 | if (pid == 0) { | |||
1643 | ssh_signal(SIGPIPE13, SIG_DFL(void (*)(int))0); | |||
1644 | debug3("Executing %s -c \"%s\"", shell, args)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1644 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "Executing %s -c \"%s\"" , shell, args); | |||
1645 | execl(shell, shell, "-c", args, (char *)NULL((void *)0)); | |||
1646 | error("Couldn't execute %s -c \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1647 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't execute %s -c \"%s\": %s" , shell, args, strerror((*__errno()))) | |||
1647 | shell, args, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1647 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't execute %s -c \"%s\": %s" , shell, args, strerror((*__errno()))); | |||
1648 | _exit(1); | |||
1649 | } else if (pid == -1) | |||
1650 | fatal("fork failed: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1650, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fork failed: %.100s" , strerror((*__errno()))); | |||
1651 | while (waitpid(pid, &status, 0) == -1) | |||
1652 | if (errno(*__errno()) != EINTR4) | |||
1653 | fatal("Couldn't wait for child: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__ , 1653, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Couldn't wait for child: %s" , strerror((*__errno()))); | |||
1654 | ssh_signal(SIGCHLD20, osighand); | |||
1655 | ||||
1656 | if (!WIFEXITED(status)(((status) & 0177) == 0)) | |||
1657 | return (1); | |||
1658 | ||||
1659 | return (WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff)); | |||
1660 | } | |||
1661 | ||||
1662 | void | |||
1663 | maybe_add_key_to_agent(const char *authfile, struct sshkey *private, | |||
1664 | const char *comment, const char *passphrase) | |||
1665 | { | |||
1666 | int auth_sock = -1, r; | |||
1667 | const char *skprovider = NULL((void *)0); | |||
1668 | ||||
1669 | if (options.add_keys_to_agent == 0) | |||
1670 | return; | |||
1671 | ||||
1672 | if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) { | |||
1673 | debug3("no authentication agent, not adding key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1673 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "no authentication agent, not adding key" ); | |||
1674 | return; | |||
1675 | } | |||
1676 | ||||
1677 | if (options.add_keys_to_agent == 2 && | |||
1678 | !ask_permission("Add key %s (%s) to agent?", authfile, comment)) { | |||
1679 | debug3("user denied adding this key")sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1679 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "user denied adding this key" ); | |||
1680 | close(auth_sock); | |||
1681 | return; | |||
1682 | } | |||
1683 | if (sshkey_is_sk(private)) | |||
1684 | skprovider = options.sk_provider; | |||
1685 | if ((r = ssh_add_identity_constrained(auth_sock, private, | |||
1686 | comment == NULL((void *)0) ? authfile : comment, | |||
1687 | options.add_keys_to_agent_lifespan, | |||
1688 | (options.add_keys_to_agent == 3), 0, skprovider, NULL((void *)0), 0)) == 0) | |||
1689 | debug("identity added to agent: %s", authfile)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1689 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "identity added to agent: %s" , authfile); | |||
1690 | else | |||
1691 | debug("could not add identity to agent: %s (%d)", authfile, r)sshlog("/usr/src/usr.bin/ssh/ssh/../sshconnect.c", __func__, 1691 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "could not add identity to agent: %s (%d)" , authfile, r); | |||
1692 | close(auth_sock); | |||
1693 | } |