version 1.188, 2006/07/06 16:03:53 |
version 1.189, 2006/07/10 12:46:51 |
|
|
* is not valid. the user_hostfile will not be updated if 'readonly' is true. |
* is not valid. the user_hostfile will not be updated if 'readonly' is true. |
*/ |
*/ |
static int |
static int |
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, |
check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, |
int readonly, const char *user_hostfile, const char *system_hostfile) |
int readonly, const char *user_hostfile, const char *system_hostfile) |
{ |
{ |
Key *file_key; |
Key *file_key; |
const char *type = key_type(host_key); |
const char *type = key_type(host_key); |
char *ip = NULL; |
char *ip = NULL, *host = NULL; |
char hostline[1000], *hostp, *fp; |
char hostline[1000], *hostp, *fp; |
HostStatus host_status; |
HostStatus host_status; |
HostStatus ip_status; |
HostStatus ip_status; |
|
|
if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop), |
if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop), |
NULL, 0, NI_NUMERICHOST) != 0) |
NULL, 0, NI_NUMERICHOST) != 0) |
fatal("check_host_key: getnameinfo failed"); |
fatal("check_host_key: getnameinfo failed"); |
ip = xstrdup(ntop); |
ip = put_host_port(ntop, options.port); |
} else { |
} else { |
ip = xstrdup("<no hostip for proxy command>"); |
ip = xstrdup("<no hostip for proxy command>"); |
} |
} |
|
|
* Turn off check_host_ip if the connection is to localhost, via proxy |
* Turn off check_host_ip if the connection is to localhost, via proxy |
* command or if we don't have a hostname to compare with |
* command or if we don't have a hostname to compare with |
*/ |
*/ |
if (options.check_host_ip && |
if (options.check_host_ip && (local || |
(local || strcmp(host, ip) == 0 || options.proxy_command != NULL)) |
strcmp(hostname, ip) == 0 || options.proxy_command != NULL)) |
options.check_host_ip = 0; |
options.check_host_ip = 0; |
|
|
/* |
/* |
* Allow the user to record the key under a different name. This is |
* Allow the user to record the key under a different name or |
* useful for ssh tunneling over forwarded connections or if you run |
* differentiate a non-standard port. This is useful for ssh |
* multiple sshd's on different ports on the same machine. |
* tunneling over forwarded connections or if you run multiple |
|
* sshd's on different ports on the same machine. |
*/ |
*/ |
if (options.host_key_alias != NULL) { |
if (options.host_key_alias != NULL) { |
host = options.host_key_alias; |
host = xstrdup(options.host_key_alias); |
debug("using hostkeyalias: %s", host); |
debug("using hostkeyalias: %s", host); |
|
} else { |
|
host = put_host_port(hostname, options.port); |
} |
} |
|
|
/* |
/* |
|
|
} |
} |
|
|
xfree(ip); |
xfree(ip); |
|
xfree(host); |
return 0; |
return 0; |
|
|
fail: |
fail: |
xfree(ip); |
xfree(ip); |
|
xfree(host); |
return -1; |
return -1; |
} |
} |
|
|