version 1.118, 2001/12/19 07:18:56 |
version 1.119, 2002/01/21 15:13:51 |
|
|
#include "readconf.h" |
#include "readconf.h" |
#include "atomicio.h" |
#include "atomicio.h" |
#include "misc.h" |
#include "misc.h" |
|
#include "readpass.h" |
|
|
char *client_version_string = NULL; |
char *client_version_string = NULL; |
char *server_version_string = NULL; |
char *server_version_string = NULL; |
|
|
static int |
static int |
confirm(const char *prompt) |
confirm(const char *prompt) |
{ |
{ |
char buf[1024]; |
const char *msg, *again = "Please type 'yes' or 'no': "; |
FILE *f; |
char *p; |
int retval = -1; |
int ret = -1; |
|
|
if (options.batch_mode) |
if (options.batch_mode) |
return 0; |
return 0; |
if (isatty(STDIN_FILENO)) |
for (msg = prompt;;msg = again) { |
f = stdin; |
p = read_passphrase(msg, RP_ECHO); |
else |
if (p == NULL || |
f = fopen(_PATH_TTY, "rw"); |
(p[0] == '\0') || (p[0] == '\n') || |
if (f == NULL) |
strncasecmp(p, "no", 2) == 0) |
return 0; |
ret = 0; |
fflush(stdout); |
if (strncasecmp(p, "yes", 3) == 0) |
fprintf(stderr, "%s", prompt); |
ret = 1; |
while (1) { |
if (p) |
if (fgets(buf, sizeof(buf), f) == NULL) { |
xfree(p); |
fprintf(stderr, "\n"); |
if (ret != -1) |
strlcpy(buf, "no", sizeof buf); |
return ret; |
} |
|
/* Remove newline from response. */ |
|
if (strchr(buf, '\n')) |
|
*strchr(buf, '\n') = 0; |
|
if (strcmp(buf, "yes") == 0) |
|
retval = 1; |
|
else if (strcmp(buf, "no") == 0) |
|
retval = 0; |
|
else |
|
fprintf(stderr, "Please type 'yes' or 'no': "); |
|
|
|
if (retval != -1) { |
|
if (f != stdin) |
|
fclose(f); |
|
return retval; |
|
} |
|
} |
} |
} |
} |
|
|
|
|
HostStatus ip_status; |
HostStatus ip_status; |
int local = 0, host_ip_differ = 0; |
int local = 0, host_ip_differ = 0; |
char ntop[NI_MAXHOST]; |
char ntop[NI_MAXHOST]; |
int host_line, ip_line; |
char msg[1024]; |
|
int len, host_line, ip_line; |
const char *host_file = NULL, *ip_file = NULL; |
const char *host_file = NULL, *ip_file = NULL; |
|
|
/* |
/* |
|
|
goto fail; |
goto fail; |
} else if (options.strict_host_key_checking == 2) { |
} else if (options.strict_host_key_checking == 2) { |
/* The default */ |
/* The default */ |
char prompt[1024]; |
|
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
snprintf(prompt, sizeof(prompt), |
snprintf(msg, sizeof(msg), |
"The authenticity of host '%.200s (%s)' can't be " |
"The authenticity of host '%.200s (%s)' can't be " |
"established.\n" |
"established.\n" |
"%s key fingerprint is %s.\n" |
"%s key fingerprint is %s.\n" |
"Are you sure you want to continue connecting " |
"Are you sure you want to continue connecting " |
"(yes/no)? ", host, ip, type, fp); |
"(yes/no)? ", host, ip, type, fp); |
xfree(fp); |
xfree(fp); |
if (!confirm(prompt)) { |
if (!confirm(msg)) |
goto fail; |
goto fail; |
} |
|
} |
} |
if (options.check_host_ip && ip_status == HOST_NEW) { |
if (options.check_host_ip && ip_status == HOST_NEW) { |
snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); |
snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); |
|
|
|
|
if (options.check_host_ip && host_status != HOST_CHANGED && |
if (options.check_host_ip && host_status != HOST_CHANGED && |
ip_status == HOST_CHANGED) { |
ip_status == HOST_CHANGED) { |
log("Warning: the %s host key for '%.200s' " |
snprintf(msg, sizeof(msg), |
"differs from the key for the IP address '%.128s'", |
"Warning: the %s host key for '%.200s' " |
type, host, ip); |
"differs from the key for the IP address '%.128s'" |
if (host_status == HOST_OK) |
"\nOffending key for IP in %s:%d", |
log("Matching host key in %s:%d", host_file, host_line); |
type, host, ip, ip_file, ip_line); |
log("Offending key for IP in %s:%d", ip_file, ip_line); |
if (host_status == HOST_OK) { |
|
len = strlen(msg); |
|
snprintf(msg + len, sizeof(msg) - len, |
|
"\nMatching host key in %s:%d", |
|
host_file, host_line); |
|
} |
if (options.strict_host_key_checking == 1) { |
if (options.strict_host_key_checking == 1) { |
|
log(msg); |
error("Exiting, you have requested strict checking."); |
error("Exiting, you have requested strict checking."); |
goto fail; |
goto fail; |
} else if (options.strict_host_key_checking == 2) { |
} else if (options.strict_host_key_checking == 2) { |
if (!confirm("Are you sure you want " |
strlcat(msg, "\nAre you sure you want " |
"to continue connecting (yes/no)? ")) { |
"to continue connecting (yes/no)? ", sizeof(msg)); |
|
if (!confirm(msg)) |
goto fail; |
goto fail; |
} |
} else { |
|
log(msg); |
} |
} |
} |
} |
|
|