version 1.10, 2004/06/21 17:36:31 |
version 1.10.4.1, 2005/09/04 18:40:02 |
|
|
return success; |
return success; |
} |
} |
|
|
|
/* |
|
* Check if hostname is numerical. |
|
* Returns -1 if hostname is numeric, 0 otherwise |
|
*/ |
|
static int |
|
is_numeric_hostname(const char *hostname) |
|
{ |
|
struct addrinfo hints, *ai; |
|
|
|
memset(&hints, 0, sizeof(hints)); |
|
hints.ai_socktype = SOCK_DGRAM; |
|
hints.ai_flags = AI_NUMERICHOST; |
|
|
|
if (getaddrinfo(hostname, "0", &hints, &ai) == 0) { |
|
freeaddrinfo(ai); |
|
return -1; |
|
} |
|
|
|
return 0; |
|
} |
|
|
/* |
/* |
* Verify the given hostname, address and host key using DNS. |
* Verify the given hostname, address and host key using DNS. |
* Returns 0 if lookup succeeds, -1 otherwise |
* Returns 0 if lookup succeeds, -1 otherwise |
|
|
verify_host_key_dns(const char *hostname, struct sockaddr *address, |
verify_host_key_dns(const char *hostname, struct sockaddr *address, |
const Key *hostkey, int *flags) |
const Key *hostkey, int *flags) |
{ |
{ |
int counter; |
u_int counter; |
int result; |
int result; |
struct rrsetinfo *fingerprints = NULL; |
struct rrsetinfo *fingerprints = NULL; |
|
|
|
|
if (hostkey == NULL) |
if (hostkey == NULL) |
fatal("No key to look up!"); |
fatal("No key to look up!"); |
|
|
|
if (is_numeric_hostname(hostname)) { |
|
debug("skipped DNS lookup for numerical hostname"); |
|
return -1; |
|
} |
|
|
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, |
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, |
DNS_RDATATYPE_SSHFP, 0, &fingerprints); |
DNS_RDATATYPE_SSHFP, 0, &fingerprints); |
if (result) { |
if (result) { |
|
|
u_char *rdata_digest; |
u_char *rdata_digest; |
u_int rdata_digest_len; |
u_int rdata_digest_len; |
|
|
int i; |
u_int i; |
int success = 0; |
int success = 0; |
|
|
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, |
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, |