version 1.152, 2003/11/10 16:23:41 |
version 1.153, 2003/11/12 16:39:58 |
|
|
char *client_version_string = NULL; |
char *client_version_string = NULL; |
char *server_version_string = NULL; |
char *server_version_string = NULL; |
|
|
int verified_host_key_dns = 0; |
int matching_host_key_dns = 0; |
|
|
/* import */ |
/* import */ |
extern Options options; |
extern Options options; |
|
|
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
msg2[0] = '\0'; |
msg2[0] = '\0'; |
if (options.verify_host_key_dns) { |
if (options.verify_host_key_dns) { |
if (verified_host_key_dns) |
if (matching_host_key_dns) |
snprintf(msg2, sizeof(msg2), |
snprintf(msg2, sizeof(msg2), |
"Matching host key fingerprint" |
"Matching host key fingerprint" |
" found in DNS.\n"); |
" found in DNS.\n"); |
|
|
verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) |
verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) |
{ |
{ |
struct stat st; |
struct stat st; |
|
int flags = 0; |
|
|
if (options.verify_host_key_dns) { |
if (options.verify_host_key_dns && |
switch(verify_host_key_dns(host, hostaddr, host_key)) { |
verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) { |
case DNS_VERIFY_OK: |
|
#ifdef DNSSEC |
if (flags & DNS_VERIFY_FOUND) { |
return 0; |
|
#else |
if (options.verify_host_key_dns == 1 && |
verified_host_key_dns = 1; |
flags & DNS_VERIFY_MATCH && |
break; |
flags & DNS_VERIFY_SECURE) |
#endif |
return 0; |
case DNS_VERIFY_FAILED: |
|
return -1; |
if (flags & DNS_VERIFY_MATCH) { |
case DNS_VERIFY_ERROR: |
matching_host_key_dns = 1; |
break; |
} else { |
default: |
warn_changed_key(host_key); |
debug3("bad return value from verify_host_key_dns"); |
error("Update the SSHFP RR in DNS with the new " |
break; |
"host key to get rid of this message."); |
|
} |
} |
} |
} |
} |
|
|