[BACK]Return to sshconnect.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshconnect.c between version 1.14 and 1.15

version 1.14, 1999/10/04 19:46:30 version 1.15, 1999/10/06 04:22:20
Line 1001 
Line 1001 
   RSA *public_key;    RSA *public_key;
   unsigned char session_key[SSH_SESSION_KEY_LENGTH];    unsigned char session_key[SSH_SESSION_KEY_LENGTH];
   const char *server_user, *local_user;    const char *server_user, *local_user;
   char *cp, *host;    char *cp, *host, *ip = NULL;
   unsigned char check_bytes[8];    unsigned char check_bytes[8];
   unsigned int supported_ciphers, supported_authentications, protocol_flags;    unsigned int supported_ciphers, supported_authentications, protocol_flags;
   HostStatus host_status;    HostStatus host_status;
   HostStatus ip_status;    HostStatus ip_status;
     int local = (ntohl(hostaddr->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
   int payload_len, clen, sum_len = 0;    int payload_len, clen, sum_len = 0;
   u_int32_t rand = 0;    u_int32_t rand = 0;
   
     if (options->check_host_ip)
       ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
   
   /* Convert the user-supplied hostname into all lowercase. */    /* Convert the user-supplied hostname into all lowercase. */
   host = xstrdup(orighost);    host = xstrdup(orighost);
   for (cp = host; *cp; cp++)    for (cp = host; *cp; cp++)
Line 1104 
Line 1108 
      and the user will get bogus HOST_CHANGED warnings.  This essentially       and the user will get bogus HOST_CHANGED warnings.  This essentially
      disables host authentication for localhost; however, this is probably       disables host authentication for localhost; however, this is probably
      not a real problem. */       not a real problem. */
   if (strcmp(inet_ntoa(hostaddr->sin_addr), "127.0.0.1") == 0)    if (local) {
     {      debug("Forcing accepting of host key for localhost.");
       debug("Forcing accepting of host key for localhost.");      host_status = HOST_OK;
       host_status = HOST_OK;    }
     }  
   
   /* Also perform check for the ip address, skip the check if we are    /* Also perform check for the ip address, skip the check if we are
      localhost or the hostname was an ip address to begin with */       localhost or the hostname was an ip address to begin with */
   if (options->check_host_ip &&    if (options->check_host_ip && !local && strcmp(host, ip)) {
       strcmp(inet_ntoa(hostaddr->sin_addr), "127.0.0.1") &&  
       strcmp(host, inet_ntoa(hostaddr->sin_addr))) {  
     RSA *ip_key = RSA_new();      RSA *ip_key = RSA_new();
     ip_key->n = BN_new();      ip_key->n = BN_new();
     ip_key->e = BN_new();      ip_key->e = BN_new();
     ip_status = check_host_in_hostfile(options->user_hostfile,      ip_status = check_host_in_hostfile(options->user_hostfile, ip,
                                        inet_ntoa(hostaddr->sin_addr),  
                                        BN_num_bits(host_key->n),                                         BN_num_bits(host_key->n),
                                        host_key->e, host_key->n,                                         host_key->e, host_key->n,
                                        ip_key->e, ip_key->n);                                         ip_key->e, ip_key->n);
   
     if (ip_status == HOST_NEW)      if (ip_status == HOST_NEW)
       ip_status = check_host_in_hostfile(options->system_hostfile,        ip_status = check_host_in_hostfile(options->system_hostfile, ip,
                                          inet_ntoa(hostaddr->sin_addr),  
                                          BN_num_bits(host_key->n),                                           BN_num_bits(host_key->n),
                                          host_key->e, host_key->n,                                           host_key->e, host_key->n,
                                          ip_key->e, ip_key->n);                                           ip_key->e, ip_key->n);
Line 1146 
Line 1145 
     debug("Host '%.200s' is known and matches the host key.", host);      debug("Host '%.200s' is known and matches the host key.", host);
     if (options->check_host_ip) {      if (options->check_host_ip) {
       if (ip_status == HOST_NEW) {        if (ip_status == HOST_NEW) {
         if (!add_host_to_hostfile(options->user_hostfile,          if (!add_host_to_hostfile(options->user_hostfile, ip,
                                   inet_ntoa(hostaddr->sin_addr),  
                                   BN_num_bits(host_key->n),                                    BN_num_bits(host_key->n),
                                   host_key->e, host_key->n))                                    host_key->e, host_key->n))
           log("Failed to add the host ip to the list of known hosts (%.30s).",            log("Failed to add the host ip to the list of known hosts (%.30s).",
               options->user_hostfile);                options->user_hostfile);
         else          else
           log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", inet_ntoa(hostaddr->sin_addr));            log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip);
       } else if (ip_status != HOST_OK)        } else if (ip_status != HOST_OK)
         log("Warning: the host key differ from the key of the ip address '%.30s' differs", inet_ntoa(hostaddr->sin_addr));          log("Warning: the host key differ from the key of the ip address '%.30s' differs", ip);
     }      }
   
     break;      break;
Line 1178 
Line 1176 
           fatal("Aborted by user!\n");            fatal("Aborted by user!\n");
       }        }
   
       if (options->check_host_ip && ip_status == HOST_NEW &&        if (options->check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
           strcmp(host, inet_ntoa(hostaddr->sin_addr)))          snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
         snprintf(hostline, sizeof(hostline), "%s,%s",  
                  host, inet_ntoa(hostaddr->sin_addr));  
       else        else
         hostp = host;          hostp = host;
   
Line 1204 
Line 1200 
         error("@       WARNING: POSSIBLE DNS SPOOFNG DETECTED!           @");          error("@       WARNING: POSSIBLE DNS SPOOFNG DETECTED!           @");
         error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");          error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
         error("The host key for %s has changed,", host);          error("The host key for %s has changed,", host);
         error("but the key for the according IP address %s has",          error("but the key for the according IP address %s has", ip);
               inet_ntoa(hostaddr->sin_addr));  
         error("a different status.  This could either mean that DNS");          error("a different status.  This could either mean that DNS");
         error("SPOOFING is happening or the IP address for the host");          error("SPOOFING is happening or the IP address for the host");
         error("and its host key have changed at the same time");          error("and its host key have changed at the same time");
Line 1238 
Line 1233 
        if he/she whishes to accept the authentication. */         if he/she whishes to accept the authentication. */
     break;      break;
   }    }
   
     if (options->check_host_ip)
       xfree(ip);
   
   /* Generate a session key. */    /* Generate a session key. */
   arc4random_stir();    arc4random_stir();
Legend:
Removed from v.1.14  
changed lines
  Added in v.1.15