version 1.347, 2020/12/20 23:38:00 |
version 1.348, 2020/12/20 23:40:19 |
|
|
#define RDONLY 1 |
#define RDONLY 1 |
#define ROQUIET 2 |
#define ROQUIET 2 |
static int |
static int |
check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, |
check_host_key(char *hostname, const struct ssh_conn_info *cinfo, |
struct sshkey *host_key, int readonly, |
struct sockaddr *hostaddr, u_short port, |
|
struct sshkey *host_key, int readonly, int clobber_port, |
char **user_hostfiles, u_int num_user_hostfiles, |
char **user_hostfiles, u_int num_user_hostfiles, |
char **system_hostfiles, u_int num_system_hostfiles) |
char **system_hostfiles, u_int num_system_hostfiles) |
{ |
{ |
|
|
* Prepare the hostname and address strings used for hostkey lookup. |
* Prepare the hostname and address strings used for hostkey lookup. |
* In some cases, these will have a port number appended. |
* In some cases, these will have a port number appended. |
*/ |
*/ |
get_hostfile_hostname_ipaddr(hostname, hostaddr, port, &host, &ip); |
get_hostfile_hostname_ipaddr(hostname, hostaddr, |
|
clobber_port ? 0 : port, &host, &ip); |
|
|
/* |
/* |
* Turn off check_host_ip if the connection is to localhost, via proxy |
* Turn off check_host_ip if the connection is to localhost, via proxy |
|
|
break; |
break; |
case HOST_NEW: |
case HOST_NEW: |
if (options.host_key_alias == NULL && port != 0 && |
if (options.host_key_alias == NULL && port != 0 && |
port != SSH_DEFAULT_PORT) { |
port != SSH_DEFAULT_PORT && !clobber_port) { |
debug("checking without port identifier"); |
debug("checking without port identifier"); |
if (check_host_key(hostname, hostaddr, 0, host_key, |
if (check_host_key(hostname, cinfo, hostaddr, 0, |
ROQUIET, user_hostfiles, num_user_hostfiles, |
host_key, ROQUIET, 1, |
|
user_hostfiles, num_user_hostfiles, |
system_hostfiles, num_system_hostfiles) == 0) { |
system_hostfiles, num_system_hostfiles) == 0) { |
debug("found matching key w/out port"); |
debug("found matching key w/out port"); |
break; |
break; |
|
|
|
|
/* returns 0 if key verifies or -1 if key does NOT verify */ |
/* returns 0 if key verifies or -1 if key does NOT verify */ |
int |
int |
verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) |
verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key, |
|
const struct ssh_conn_info *cinfo) |
{ |
{ |
u_int i; |
u_int i; |
int r = -1, flags = 0; |
int r = -1, flags = 0; |
|
|
} |
} |
} |
} |
} |
} |
r = check_host_key(host, hostaddr, options.port, host_key, RDRW, |
r = check_host_key(host, cinfo, hostaddr, options.port, host_key, |
options.user_hostfiles, options.num_user_hostfiles, |
RDRW, 0, options.user_hostfiles, options.num_user_hostfiles, |
options.system_hostfiles, options.num_system_hostfiles); |
options.system_hostfiles, options.num_system_hostfiles); |
|
|
out: |
out: |
|
|
*/ |
*/ |
void |
void |
ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, |
ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, |
struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms) |
struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms, |
|
const struct ssh_conn_info *cinfo) |
{ |
{ |
char *host; |
char *host; |
char *server_user, *local_user; |
char *server_user, *local_user; |
|
|
/* key exchange */ |
/* key exchange */ |
/* authenticate user */ |
/* authenticate user */ |
debug("Authenticating to %s:%d as '%s'", host, port, server_user); |
debug("Authenticating to %s:%d as '%s'", host, port, server_user); |
ssh_kex2(ssh, host, hostaddr, port); |
ssh_kex2(ssh, host, hostaddr, port, cinfo); |
ssh_userauth2(ssh, local_user, server_user, host, sensitive); |
ssh_userauth2(ssh, local_user, server_user, host, sensitive); |
free(local_user); |
free(local_user); |
free(host); |
free(host); |