[BACK]Return to sshconnect.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Annotation of src/usr.bin/ssh/sshconnect.c, Revision 1.225

1.225   ! djm         1: /* $OpenBSD: sshconnect.c,v 1.224 2010/04/16 21:14:27 djm Exp $ */
1.1       deraadt     2: /*
1.39      deraadt     3:  * Author: Tatu Ylonen <ylo@cs.hut.fi>
                      4:  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                      5:  *                    All rights reserved
                      6:  * Code to connect to a remote host, and to perform the client side of the
                      7:  * login (authentication) dialog.
1.78      deraadt     8:  *
                      9:  * As far as I am concerned, the code I have written for this software
                     10:  * can be used freely for any purpose.  Any derived versions of this
                     11:  * software must be clearly marked as such, and if the derived work is
                     12:  * incompatible with the protocol description in the RFC file, it must be
                     13:  * called by a name other than "ssh" or "Secure Shell".
1.39      deraadt    14:  */
1.1       deraadt    15:
1.174     stevesk    16: #include <sys/types.h>
                     17: #include <sys/wait.h>
1.175     stevesk    18: #include <sys/stat.h>
1.187     stevesk    19: #include <sys/socket.h>
1.195     stevesk    20: #include <sys/time.h>
1.187     stevesk    21:
                     22: #include <netinet/in.h>
1.172     stevesk    23:
1.176     stevesk    24: #include <ctype.h>
1.190     stevesk    25: #include <errno.h>
1.216     dtucker    26: #include <fcntl.h>
1.191     stevesk    27: #include <netdb.h>
1.172     stevesk    28: #include <paths.h>
1.199     deraadt    29: #include <signal.h>
1.188     stevesk    30: #include <pwd.h>
1.198     stevesk    31: #include <stdio.h>
1.196     stevesk    32: #include <stdlib.h>
1.193     stevesk    33: #include <string.h>
1.192     stevesk    34: #include <unistd.h>
1.71      markus     35:
1.199     deraadt    36: #include "xmalloc.h"
1.91      markus     37: #include "ssh.h"
1.1       deraadt    38: #include "rsa.h"
1.59      markus     39: #include "buffer.h"
1.1       deraadt    40: #include "packet.h"
                     41: #include "uidswap.h"
1.21      markus     42: #include "compat.h"
1.58      markus     43: #include "key.h"
1.71      markus     44: #include "sshconnect.h"
1.58      markus     45: #include "hostfile.h"
1.91      markus     46: #include "log.h"
                     47: #include "readconf.h"
                     48: #include "atomicio.h"
                     49: #include "misc.h"
1.140     jakob      50: #include "dns.h"
1.214     andreas    51: #include "roaming.h"
1.219     djm        52: #include "ssh2.h"
1.186     stevesk    53: #include "version.h"
1.140     jakob      54:
1.70      markus     55: char *client_version_string = NULL;
                     56: char *server_version_string = NULL;
1.59      markus     57:
1.169     stevesk    58: static int matching_host_key_dns = 0;
1.145     jakob      59:
1.124     markus     60: /* import */
1.43      markus     61: extern Options options;
1.50      markus     62: extern char *__progname;
1.124     markus     63: extern uid_t original_real_uid;
                     64: extern uid_t original_effective_uid;
1.135     djm        65: extern pid_t proxy_command_pid;
1.91      markus     66:
1.132     markus     67: static int show_other_keys(const char *, Key *);
1.150     jakob      68: static void warn_changed_key(Key *);
1.132     markus     69:
1.39      deraadt    70: /*
                     71:  * Connect to the given ssh server using a proxy command.
                     72:  */
1.109     itojun     73: static int
1.124     markus     74: ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
1.1       deraadt    75: {
1.164     djm        76:        char *command_string, *tmp;
1.38      markus     77:        int pin[2], pout[2];
1.69      deraadt    78:        pid_t pid;
1.201     djm        79:        char *shell, strport[NI_MAXSERV];
                     80:
                     81:        if ((shell = getenv("SHELL")) == NULL)
                     82:                shell = _PATH_BSHELL;
1.38      markus     83:
                     84:        /* Convert the port number into a string. */
1.49      markus     85:        snprintf(strport, sizeof strport, "%hu", port);
1.38      markus     86:
1.135     djm        87:        /*
                     88:         * Build the final command string in the buffer by making the
                     89:         * appropriate substitutions to the given proxy command.
                     90:         *
1.154     djm        91:         * Use "exec" to avoid "sh -c" processes on some platforms
1.135     djm        92:         * (e.g. Solaris)
                     93:         */
1.179     djm        94:        xasprintf(&tmp, "exec %s", proxy_command);
1.222     djm        95:        command_string = percent_expand(tmp, "h", host, "p", strport,
1.224     djm        96:            "r", options.user, (char *)NULL);
1.164     djm        97:        xfree(tmp);
1.38      markus     98:
                     99:        /* Create pipes for communicating with the proxy. */
                    100:        if (pipe(pin) < 0 || pipe(pout) < 0)
                    101:                fatal("Could not create pipes to communicate with the proxy: %.100s",
1.118     deraadt   102:                    strerror(errno));
1.38      markus    103:
                    104:        debug("Executing proxy command: %.500s", command_string);
                    105:
                    106:        /* Fork and execute the proxy command. */
                    107:        if ((pid = fork()) == 0) {
                    108:                char *argv[10];
                    109:
                    110:                /* Child.  Permanently give up superuser privileges. */
1.184     markus    111:                permanently_drop_suid(original_real_uid);
1.38      markus    112:
                    113:                /* Redirect stdin and stdout. */
                    114:                close(pin[1]);
                    115:                if (pin[0] != 0) {
                    116:                        if (dup2(pin[0], 0) < 0)
                    117:                                perror("dup2 stdin");
                    118:                        close(pin[0]);
                    119:                }
                    120:                close(pout[0]);
                    121:                if (dup2(pout[1], 1) < 0)
                    122:                        perror("dup2 stdout");
                    123:                /* Cannot be 1 because pin allocated two descriptors. */
                    124:                close(pout[1]);
                    125:
                    126:                /* Stderr is left as it is so that error messages get
                    127:                   printed on the user's terminal. */
1.201     djm       128:                argv[0] = shell;
1.38      markus    129:                argv[1] = "-c";
                    130:                argv[2] = command_string;
                    131:                argv[3] = NULL;
                    132:
                    133:                /* Execute the proxy command.  Note that we gave up any
                    134:                   extra privileges above. */
1.89      markus    135:                execv(argv[0], argv);
                    136:                perror(argv[0]);
1.38      markus    137:                exit(1);
                    138:        }
                    139:        /* Parent. */
                    140:        if (pid < 0)
                    141:                fatal("fork failed: %.100s", strerror(errno));
1.135     djm       142:        else
                    143:                proxy_command_pid = pid; /* save pid to clean up later */
1.38      markus    144:
                    145:        /* Close child side of the descriptors. */
                    146:        close(pin[0]);
                    147:        close(pout[1]);
                    148:
                    149:        /* Free the command name. */
1.164     djm       150:        xfree(command_string);
1.38      markus    151:
                    152:        /* Set the connection file descriptors. */
                    153:        packet_set_connection(pout[0], pin[1]);
1.207     dtucker   154:        packet_set_timeout(options.server_alive_interval,
                    155:            options.server_alive_count_max);
1.1       deraadt   156:
1.110     markus    157:        /* Indicate OK return */
                    158:        return 0;
1.1       deraadt   159: }
                    160:
1.39      deraadt   161: /*
                    162:  * Creates a (possibly privileged) socket for use as the ssh connection.
                    163:  */
1.109     itojun    164: static int
1.139     markus    165: ssh_create_socket(int privileged, struct addrinfo *ai)
1.1       deraadt   166: {
1.105     markus    167:        int sock, gaierr;
                    168:        struct addrinfo hints, *res;
1.1       deraadt   169:
1.40      markus    170:        /*
                    171:         * If we are running as root and want to connect to a privileged
                    172:         * port, bind our own socket to a privileged port.
                    173:         */
1.38      markus    174:        if (privileged) {
                    175:                int p = IPPORT_RESERVED - 1;
1.124     markus    176:                PRIV_START;
1.139     markus    177:                sock = rresvport_af(&p, ai->ai_family);
1.124     markus    178:                PRIV_END;
1.38      markus    179:                if (sock < 0)
1.139     markus    180:                        error("rresvport: af=%d %.100s", ai->ai_family,
                    181:                            strerror(errno));
1.55      markus    182:                else
                    183:                        debug("Allocated local port %d.", p);
1.105     markus    184:                return sock;
                    185:        }
1.217     dtucker   186:        sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1.216     dtucker   187:        if (sock < 0) {
1.105     markus    188:                error("socket: %.100s", strerror(errno));
1.216     dtucker   189:                return -1;
                    190:        }
                    191:        fcntl(sock, F_SETFD, FD_CLOEXEC);
1.105     markus    192:
                    193:        /* Bind the socket to an alternative local IP address */
                    194:        if (options.bind_address == NULL)
                    195:                return sock;
                    196:
                    197:        memset(&hints, 0, sizeof(hints));
1.139     markus    198:        hints.ai_family = ai->ai_family;
                    199:        hints.ai_socktype = ai->ai_socktype;
                    200:        hints.ai_protocol = ai->ai_protocol;
1.105     markus    201:        hints.ai_flags = AI_PASSIVE;
1.205     dtucker   202:        gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
1.105     markus    203:        if (gaierr) {
                    204:                error("getaddrinfo: %s: %s", options.bind_address,
1.203     dtucker   205:                    ssh_gai_strerror(gaierr));
1.105     markus    206:                close(sock);
                    207:                return -1;
                    208:        }
                    209:        if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
                    210:                error("bind: %s: %s", options.bind_address, strerror(errno));
                    211:                close(sock);
                    212:                freeaddrinfo(res);
                    213:                return -1;
1.38      markus    214:        }
1.105     markus    215:        freeaddrinfo(res);
1.38      markus    216:        return sock;
1.1       deraadt   217: }
                    218:
1.141     djm       219: static int
                    220: timeout_connect(int sockfd, const struct sockaddr *serv_addr,
1.202     djm       221:     socklen_t addrlen, int *timeoutp)
1.141     djm       222: {
                    223:        fd_set *fdset;
1.202     djm       224:        struct timeval tv, t_start;
1.141     djm       225:        socklen_t optlen;
1.179     djm       226:        int optval, rc, result = -1;
1.141     djm       227:
1.202     djm       228:        gettimeofday(&t_start, NULL);
                    229:
                    230:        if (*timeoutp <= 0) {
                    231:                result = connect(sockfd, serv_addr, addrlen);
                    232:                goto done;
                    233:        }
1.141     djm       234:
1.156     djm       235:        set_nonblock(sockfd);
1.141     djm       236:        rc = connect(sockfd, serv_addr, addrlen);
1.156     djm       237:        if (rc == 0) {
                    238:                unset_nonblock(sockfd);
1.202     djm       239:                result = 0;
                    240:                goto done;
                    241:        }
                    242:        if (errno != EINPROGRESS) {
                    243:                result = -1;
                    244:                goto done;
1.156     djm       245:        }
1.141     djm       246:
1.179     djm       247:        fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
                    248:            sizeof(fd_mask));
1.141     djm       249:        FD_SET(sockfd, fdset);
1.202     djm       250:        ms_to_timeval(&tv, *timeoutp);
1.141     djm       251:
1.162     deraadt   252:        for (;;) {
1.141     djm       253:                rc = select(sockfd + 1, NULL, fdset, NULL, &tv);
                    254:                if (rc != -1 || errno != EINTR)
                    255:                        break;
                    256:        }
                    257:
1.162     deraadt   258:        switch (rc) {
1.141     djm       259:        case 0:
                    260:                /* Timed out */
                    261:                errno = ETIMEDOUT;
1.142     djm       262:                break;
1.141     djm       263:        case -1:
                    264:                /* Select error */
1.154     djm       265:                debug("select: %s", strerror(errno));
1.142     djm       266:                break;
1.141     djm       267:        case 1:
                    268:                /* Completed or failed */
                    269:                optval = 0;
                    270:                optlen = sizeof(optval);
1.154     djm       271:                if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval,
1.148     markus    272:                    &optlen) == -1) {
1.154     djm       273:                        debug("getsockopt: %s", strerror(errno));
1.142     djm       274:                        break;
1.148     markus    275:                }
1.141     djm       276:                if (optval != 0) {
                    277:                        errno = optval;
1.142     djm       278:                        break;
1.141     djm       279:                }
1.142     djm       280:                result = 0;
1.156     djm       281:                unset_nonblock(sockfd);
1.141     djm       282:                break;
                    283:        default:
                    284:                /* Should not occur */
                    285:                fatal("Bogus return (%d) from select()", rc);
                    286:        }
                    287:
1.142     djm       288:        xfree(fdset);
1.202     djm       289:
                    290:  done:
                    291:        if (result == 0 && *timeoutp > 0) {
                    292:                ms_subtract_diff(&t_start, timeoutp);
                    293:                if (*timeoutp <= 0) {
                    294:                        errno = ETIMEDOUT;
                    295:                        result = -1;
                    296:                }
                    297:        }
                    298:
1.142     djm       299:        return (result);
1.141     djm       300: }
                    301:
1.39      deraadt   302: /*
1.49      markus    303:  * Opens a TCP/IP connection to the remote server on the given host.
                    304:  * The address of the remote host will be returned in hostaddr.
1.124     markus    305:  * If port is 0, the default port will be used.  If needpriv is true,
1.39      deraadt   306:  * a privileged port will be allocated to make the connection.
1.124     markus    307:  * This requires super-user privileges if needpriv is true.
1.39      deraadt   308:  * Connection_attempts specifies the maximum number of tries (one per
                    309:  * second).  If proxy_command is non-NULL, it specifies the command (with %h
                    310:  * and %p substituted for host and port, respectively) to use to contact
                    311:  * the daemon.
                    312:  */
1.38      markus    313: int
1.49      markus    314: ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
1.202     djm       315:     u_short port, int family, int connection_attempts, int *timeout_ms,
                    316:     int want_keepalive, int needpriv, const char *proxy_command)
1.1       deraadt   317: {
1.90      markus    318:        int gaierr;
                    319:        int on = 1;
1.49      markus    320:        int sock = -1, attempt;
1.90      markus    321:        char ntop[NI_MAXHOST], strport[NI_MAXSERV];
1.49      markus    322:        struct addrinfo hints, *ai, *aitop;
1.38      markus    323:
1.136     markus    324:        debug2("ssh_connect: needpriv %d", needpriv);
1.38      markus    325:
                    326:        /* If a proxy command is given, connect using it. */
                    327:        if (proxy_command != NULL)
1.124     markus    328:                return ssh_proxy_connect(host, port, proxy_command);
1.38      markus    329:
                    330:        /* No proxy command. */
                    331:
1.49      markus    332:        memset(&hints, 0, sizeof(hints));
1.115     markus    333:        hints.ai_family = family;
1.49      markus    334:        hints.ai_socktype = SOCK_STREAM;
1.126     deraadt   335:        snprintf(strport, sizeof strport, "%u", port);
1.49      markus    336:        if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
1.203     dtucker   337:                fatal("%s: Could not resolve hostname %.100s: %s", __progname,
                    338:                    host, ssh_gai_strerror(gaierr));
1.38      markus    339:
1.181     markus    340:        for (attempt = 0; attempt < connection_attempts; attempt++) {
1.200     markus    341:                if (attempt > 0) {
                    342:                        /* Sleep a moment before retrying. */
                    343:                        sleep(1);
1.38      markus    344:                        debug("Trying again...");
1.200     markus    345:                }
1.181     markus    346:                /*
                    347:                 * Loop through addresses for this host, and try each one in
                    348:                 * sequence until the connection succeeds.
                    349:                 */
1.49      markus    350:                for (ai = aitop; ai; ai = ai->ai_next) {
                    351:                        if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
                    352:                                continue;
                    353:                        if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
                    354:                            ntop, sizeof(ntop), strport, sizeof(strport),
                    355:                            NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
                    356:                                error("ssh_connect: getnameinfo failed");
                    357:                                continue;
                    358:                        }
                    359:                        debug("Connecting to %.200s [%.100s] port %s.",
                    360:                                host, ntop, strport);
                    361:
                    362:                        /* Create a socket for connecting. */
1.139     markus    363:                        sock = ssh_create_socket(needpriv, ai);
1.49      markus    364:                        if (sock < 0)
1.110     markus    365:                                /* Any error is already output */
1.49      markus    366:                                continue;
                    367:
1.141     djm       368:                        if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
1.202     djm       369:                            timeout_ms) >= 0) {
1.49      markus    370:                                /* Successful connection. */
1.102     markus    371:                                memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
1.38      markus    372:                                break;
1.49      markus    373:                        } else {
1.131     itojun    374:                                debug("connect to address %s port %s: %s",
                    375:                                    ntop, strport, strerror(errno));
1.38      markus    376:                                close(sock);
1.181     markus    377:                                sock = -1;
1.38      markus    378:                        }
                    379:                }
1.181     markus    380:                if (sock != -1)
1.49      markus    381:                        break;  /* Successful connection. */
1.38      markus    382:        }
1.49      markus    383:
                    384:        freeaddrinfo(aitop);
                    385:
1.38      markus    386:        /* Return failure if we didn't get a successful connection. */
1.181     markus    387:        if (sock == -1) {
1.159     markus    388:                error("ssh: connect to host %s port %s: %s",
1.130     itojun    389:                    host, strport, strerror(errno));
1.159     markus    390:                return (-1);
1.130     itojun    391:        }
1.38      markus    392:
                    393:        debug("Connection established.");
1.90      markus    394:
1.155     markus    395:        /* Set SO_KEEPALIVE if requested. */
1.202     djm       396:        if (want_keepalive &&
1.90      markus    397:            setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
                    398:            sizeof(on)) < 0)
                    399:                error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
1.38      markus    400:
                    401:        /* Set the connection. */
                    402:        packet_set_connection(sock, sock);
1.207     dtucker   403:        packet_set_timeout(options.server_alive_interval,
                    404:            options.server_alive_count_max);
1.1       deraadt   405:
1.110     markus    406:        return 0;
1.59      markus    407: }
                    408:
1.43      markus    409: /*
1.39      deraadt   410:  * Waits for the server identification string, and sends our own
                    411:  * identification string.
                    412:  */
1.213     andreas   413: void
1.202     djm       414: ssh_exchange_identification(int timeout_ms)
1.1       deraadt   415: {
1.38      markus    416:        char buf[256], remote_version[256];     /* must be same size! */
1.165     djm       417:        int remote_major, remote_minor, mismatch;
1.38      markus    418:        int connection_in = packet_get_connection_in();
                    419:        int connection_out = packet_get_connection_out();
1.93      stevesk   420:        int minor1 = PROTOCOL_MINOR_1;
1.185     djm       421:        u_int i, n;
1.202     djm       422:        size_t len;
                    423:        int fdsetsz, remaining, rc;
                    424:        struct timeval t_start, t_remaining;
                    425:        fd_set *fdset;
                    426:
                    427:        fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask);
                    428:        fdset = xcalloc(1, fdsetsz);
1.38      markus    429:
1.163     avsm      430:        /* Read other side's version identification. */
1.202     djm       431:        remaining = timeout_ms;
1.185     djm       432:        for (n = 0;;) {
1.75      markus    433:                for (i = 0; i < sizeof(buf) - 1; i++) {
1.202     djm       434:                        if (timeout_ms > 0) {
                    435:                                gettimeofday(&t_start, NULL);
                    436:                                ms_to_timeval(&t_remaining, remaining);
                    437:                                FD_SET(connection_in, fdset);
                    438:                                rc = select(connection_in + 1, fdset, NULL,
                    439:                                    fdset, &t_remaining);
                    440:                                ms_subtract_diff(&t_start, &remaining);
                    441:                                if (rc == 0 || remaining <= 0)
                    442:                                        fatal("Connection timed out during "
                    443:                                            "banner exchange");
                    444:                                if (rc == -1) {
                    445:                                        if (errno == EINTR)
                    446:                                                continue;
                    447:                                        fatal("ssh_exchange_identification: "
                    448:                                            "select: %s", strerror(errno));
                    449:                                }
                    450:                        }
                    451:
1.214     andreas   452:                        len = roaming_atomicio(read, connection_in, &buf[i], 1);
1.163     avsm      453:
1.167     djm       454:                        if (len != 1 && errno == EPIPE)
1.202     djm       455:                                fatal("ssh_exchange_identification: "
                    456:                                    "Connection closed by remote host");
1.163     avsm      457:                        else if (len != 1)
1.202     djm       458:                                fatal("ssh_exchange_identification: "
                    459:                                    "read: %.100s", strerror(errno));
1.75      markus    460:                        if (buf[i] == '\r') {
                    461:                                buf[i] = '\n';
                    462:                                buf[i + 1] = 0;
                    463:                                continue;               /**XXX wait for \n */
                    464:                        }
                    465:                        if (buf[i] == '\n') {
                    466:                                buf[i + 1] = 0;
                    467:                                break;
                    468:                        }
1.185     djm       469:                        if (++n > 65536)
1.202     djm       470:                                fatal("ssh_exchange_identification: "
                    471:                                    "No banner received");
1.38      markus    472:                }
1.75      markus    473:                buf[sizeof(buf) - 1] = 0;
1.76      markus    474:                if (strncmp(buf, "SSH-", 4) == 0)
1.38      markus    475:                        break;
1.75      markus    476:                debug("ssh_exchange_identification: %s", buf);
1.38      markus    477:        }
1.59      markus    478:        server_version_string = xstrdup(buf);
1.202     djm       479:        xfree(fdset);
1.38      markus    480:
1.40      markus    481:        /*
                    482:         * Check that the versions match.  In future this might accept
                    483:         * several versions and set appropriate flags to handle them.
                    484:         */
1.59      markus    485:        if (sscanf(server_version_string, "SSH-%d.%d-%[^\n]\n",
                    486:            &remote_major, &remote_minor, remote_version) != 3)
1.38      markus    487:                fatal("Bad remote protocol version identification: '%.100s'", buf);
                    488:        debug("Remote protocol version %d.%d, remote software version %.100s",
1.118     deraadt   489:            remote_major, remote_minor, remote_version);
1.38      markus    490:
1.59      markus    491:        compat_datafellows(remote_version);
1.64      markus    492:        mismatch = 0;
1.59      markus    493:
1.116     deraadt   494:        switch (remote_major) {
1.64      markus    495:        case 1:
                    496:                if (remote_minor == 99 &&
                    497:                    (options.protocol & SSH_PROTO_2) &&
                    498:                    !(options.protocol & SSH_PROTO_1_PREFERRED)) {
                    499:                        enable_compat20();
                    500:                        break;
                    501:                }
                    502:                if (!(options.protocol & SSH_PROTO_1)) {
                    503:                        mismatch = 1;
                    504:                        break;
                    505:                }
                    506:                if (remote_minor < 3) {
                    507:                        fatal("Remote machine has too old SSH software version.");
1.81      markus    508:                } else if (remote_minor == 3 || remote_minor == 4) {
1.64      markus    509:                        /* We speak 1.3, too. */
                    510:                        enable_compat13();
1.81      markus    511:                        minor1 = 3;
1.64      markus    512:                        if (options.forward_agent) {
1.138     itojun    513:                                logit("Agent forwarding disabled for protocol 1.3");
1.64      markus    514:                                options.forward_agent = 0;
                    515:                        }
                    516:                }
                    517:                break;
                    518:        case 2:
                    519:                if (options.protocol & SSH_PROTO_2) {
                    520:                        enable_compat20();
                    521:                        break;
1.38      markus    522:                }
1.64      markus    523:                /* FALLTHROUGH */
1.68      markus    524:        default:
1.64      markus    525:                mismatch = 1;
                    526:                break;
1.38      markus    527:        }
1.64      markus    528:        if (mismatch)
1.38      markus    529:                fatal("Protocol major versions differ: %d vs. %d",
1.64      markus    530:                    (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
                    531:                    remote_major);
1.38      markus    532:        /* Send our own protocol version identification. */
1.211     dtucker   533:        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
1.64      markus    534:            compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
1.81      markus    535:            compat20 ? PROTOCOL_MINOR_2 : minor1,
1.211     dtucker   536:            SSH_VERSION, compat20 ? "\r\n" : "\n");
1.214     andreas   537:        if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
                    538:            != strlen(buf))
1.38      markus    539:                fatal("write: %.100s", strerror(errno));
1.59      markus    540:        client_version_string = xstrdup(buf);
                    541:        chop(client_version_string);
                    542:        chop(server_version_string);
                    543:        debug("Local version string %.100s", client_version_string);
1.1       deraadt   544: }
                    545:
1.96      markus    546: /* defaults to 'no' */
1.109     itojun    547: static int
1.112     markus    548: confirm(const char *prompt)
1.1       deraadt   549: {
1.119     markus    550:        const char *msg, *again = "Please type 'yes' or 'no': ";
                    551:        char *p;
                    552:        int ret = -1;
1.96      markus    553:
                    554:        if (options.batch_mode)
                    555:                return 0;
1.119     markus    556:        for (msg = prompt;;msg = again) {
                    557:                p = read_passphrase(msg, RP_ECHO);
                    558:                if (p == NULL ||
                    559:                    (p[0] == '\0') || (p[0] == '\n') ||
                    560:                    strncasecmp(p, "no", 2) == 0)
                    561:                        ret = 0;
1.127     markus    562:                if (p && strncasecmp(p, "yes", 3) == 0)
1.119     markus    563:                        ret = 1;
                    564:                if (p)
                    565:                        xfree(p);
                    566:                if (ret != -1)
                    567:                        return ret;
1.1       deraadt   568:        }
                    569: }
                    570:
1.219     djm       571: static int
                    572: check_host_cert(const char *host, const Key *host_key)
                    573: {
                    574:        const char *reason;
                    575:
                    576:        if (key_cert_check_authority(host_key, 1, 0, host, &reason) != 0) {
                    577:                error("%s", reason);
                    578:                return 0;
                    579:        }
1.223     djm       580:        if (buffer_len(&host_key->cert->critical) != 0) {
                    581:                error("Certificate for %s contains unsupported "
                    582:                    "critical options(s)", host);
1.219     djm       583:                return 0;
                    584:        }
                    585:        return 1;
                    586: }
                    587:
1.39      deraadt   588: /*
1.108     markus    589:  * check whether the supplied host key is valid, return -1 if the key
                    590:  * is not valid. the user_hostfile will not be updated if 'readonly' is true.
1.39      deraadt   591:  */
1.197     dtucker   592: #define RDRW   0
                    593: #define RDONLY 1
                    594: #define ROQUIET        2
1.109     itojun    595: static int
1.197     dtucker   596: check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                    597:     Key *host_key, int readonly, const char *user_hostfile,
                    598:     const char *system_hostfile)
1.1       deraadt   599: {
1.219     djm       600:        Key *file_key, *raw_key = NULL;
                    601:        const char *type;
1.189     dtucker   602:        char *ip = NULL, *host = NULL;
1.204     grunk     603:        char hostline[1000], *hostp, *fp, *ra;
1.38      markus    604:        HostStatus host_status;
                    605:        HostStatus ip_status;
1.219     djm       606:        int r, want_cert, local = 0, host_ip_differ = 0;
1.49      markus    607:        char ntop[NI_MAXHOST];
1.119     markus    608:        char msg[1024];
1.210     dtucker   609:        int len, host_line, ip_line, cancelled_forwarding = 0;
1.85      markus    610:        const char *host_file = NULL, *ip_file = NULL;
1.49      markus    611:
                    612:        /*
                    613:         * Force accepting of the host key for loopback/localhost. The
                    614:         * problem is that if the home directory is NFS-mounted to multiple
                    615:         * machines, localhost will refer to a different machine in each of
                    616:         * them, and the user will get bogus HOST_CHANGED warnings.  This
                    617:         * essentially disables host authentication for localhost; however,
                    618:         * this is probably not a real problem.
                    619:         */
1.70      markus    620:        /**  hostaddr == 0! */
1.49      markus    621:        switch (hostaddr->sa_family) {
                    622:        case AF_INET:
1.108     markus    623:                local = (ntohl(((struct sockaddr_in *)hostaddr)->
1.168     djm       624:                    sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
1.49      markus    625:                break;
                    626:        case AF_INET6:
1.108     markus    627:                local = IN6_IS_ADDR_LOOPBACK(
                    628:                    &(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
1.49      markus    629:                break;
                    630:        default:
                    631:                local = 0;
                    632:                break;
                    633:        }
1.111     markus    634:        if (options.no_host_authentication_for_localhost == 1 && local &&
                    635:            options.host_key_alias == NULL) {
1.88      markus    636:                debug("Forcing accepting of host key for "
                    637:                    "loopback/localhost.");
1.108     markus    638:                return 0;
1.49      markus    639:        }
1.42      markus    640:
                    641:        /*
1.88      markus    642:         * We don't have the remote ip-address for connections
                    643:         * using a proxy command
1.42      markus    644:         */
1.84      markus    645:        if (options.proxy_command == NULL) {
                    646:                if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop),
1.86      markus    647:                    NULL, 0, NI_NUMERICHOST) != 0)
1.84      markus    648:                        fatal("check_host_key: getnameinfo failed");
1.197     dtucker   649:                ip = put_host_port(ntop, port);
1.84      markus    650:        } else {
                    651:                ip = xstrdup("<no hostip for proxy command>");
1.86      markus    652:        }
1.206     grunk     653:
                    654:        /*
1.88      markus    655:         * Turn off check_host_ip if the connection is to localhost, via proxy
                    656:         * command or if we don't have a hostname to compare with
                    657:         */
1.189     dtucker   658:        if (options.check_host_ip && (local ||
                    659:            strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
1.88      markus    660:                options.check_host_ip = 0;
1.86      markus    661:
                    662:        /*
1.189     dtucker   663:         * Allow the user to record the key under a different name or
                    664:         * differentiate a non-standard port.  This is useful for ssh
                    665:         * tunneling over forwarded connections or if you run multiple
                    666:         * sshd's on different ports on the same machine.
1.86      markus    667:         */
                    668:        if (options.host_key_alias != NULL) {
1.189     dtucker   669:                host = xstrdup(options.host_key_alias);
1.86      markus    670:                debug("using hostkeyalias: %s", host);
1.189     dtucker   671:        } else {
1.197     dtucker   672:                host = put_host_port(hostname, port);
1.84      markus    673:        }
1.38      markus    674:
1.219     djm       675:  retry:
                    676:        want_cert = key_is_cert(host_key);
                    677:        type = key_type(host_key);
                    678:
1.46      markus    679:        /*
                    680:         * Store the host key from the known host file in here so that we can
                    681:         * compare it with the key for the IP address.
                    682:         */
1.219     djm       683:        file_key = key_new(key_is_cert(host_key) ? KEY_UNSPEC : host_key->type);
1.38      markus    684:
1.40      markus    685:        /*
1.170     djm       686:         * Check if the host key is present in the user's list of known
1.40      markus    687:         * hosts or in the systemwide list.
                    688:         */
1.85      markus    689:        host_file = user_hostfile;
1.108     markus    690:        host_status = check_host_in_hostfile(host_file, host, host_key,
1.118     deraadt   691:            file_key, &host_line);
1.85      markus    692:        if (host_status == HOST_NEW) {
                    693:                host_file = system_hostfile;
1.108     markus    694:                host_status = check_host_in_hostfile(host_file, host, host_key,
                    695:                    file_key, &host_line);
1.85      markus    696:        }
1.40      markus    697:        /*
                    698:         * Also perform check for the ip address, skip the check if we are
1.219     djm       699:         * localhost, looking for a certificate, or the hostname was an ip
                    700:         * address to begin with.
1.40      markus    701:         */
1.219     djm       702:        if (!want_cert && options.check_host_ip) {
1.58      markus    703:                Key *ip_key = key_new(host_key->type);
1.38      markus    704:
1.85      markus    705:                ip_file = user_hostfile;
1.108     markus    706:                ip_status = check_host_in_hostfile(ip_file, ip, host_key,
                    707:                    ip_key, &ip_line);
1.85      markus    708:                if (ip_status == HOST_NEW) {
                    709:                        ip_file = system_hostfile;
1.108     markus    710:                        ip_status = check_host_in_hostfile(ip_file, ip,
                    711:                            host_key, ip_key, &ip_line);
1.85      markus    712:                }
1.38      markus    713:                if (host_status == HOST_CHANGED &&
1.58      markus    714:                    (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key)))
1.38      markus    715:                        host_ip_differ = 1;
                    716:
1.58      markus    717:                key_free(ip_key);
1.38      markus    718:        } else
                    719:                ip_status = host_status;
                    720:
1.58      markus    721:        key_free(file_key);
1.38      markus    722:
                    723:        switch (host_status) {
                    724:        case HOST_OK:
                    725:                /* The host is known and the key matches. */
1.219     djm       726:                debug("Host '%.200s' is known and matches the %s host %s.",
                    727:                    host, type, want_cert ? "certificate" : "key");
                    728:                debug("Found %s in %s:%d",
1.221     djm       729:                    want_cert ? "CA key" : "key", host_file, host_line);
1.219     djm       730:                if (want_cert && !check_host_cert(hostname, host_key))
                    731:                        goto fail;
1.88      markus    732:                if (options.check_host_ip && ip_status == HOST_NEW) {
1.219     djm       733:                        if (readonly || want_cert)
1.138     itojun    734:                                logit("%s host key for IP address "
1.108     markus    735:                                    "'%.128s' not in list of known hosts.",
                    736:                                    type, ip);
                    737:                        else if (!add_host_to_hostfile(user_hostfile, ip,
1.160     djm       738:                            host_key, options.hash_known_hosts))
1.138     itojun    739:                                logit("Failed to add the %s host key for IP "
1.108     markus    740:                                    "address '%.128s' to the list of known "
                    741:                                    "hosts (%.30s).", type, ip, user_hostfile);
1.88      markus    742:                        else
1.138     itojun    743:                                logit("Warning: Permanently added the %s host "
1.108     markus    744:                                    "key for IP address '%.128s' to the list "
                    745:                                    "of known hosts.", type, ip);
1.209     grunk     746:                } else if (options.visual_host_key) {
1.204     grunk     747:                        fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
                    748:                        ra = key_fingerprint(host_key, SSH_FP_MD5,
                    749:                            SSH_FP_RANDOMART);
                    750:                        logit("Host key fingerprint is %s\n%s\n", fp, ra);
                    751:                        xfree(ra);
                    752:                        xfree(fp);
1.38      markus    753:                }
                    754:                break;
                    755:        case HOST_NEW:
1.197     dtucker   756:                if (options.host_key_alias == NULL && port != 0 &&
                    757:                    port != SSH_DEFAULT_PORT) {
                    758:                        debug("checking without port identifier");
1.212     stevesk   759:                        if (check_host_key(hostname, hostaddr, 0, host_key,
                    760:                            ROQUIET, user_hostfile, system_hostfile) == 0) {
1.197     dtucker   761:                                debug("found matching key w/out port");
                    762:                                break;
                    763:                        }
                    764:                }
1.219     djm       765:                if (readonly || want_cert)
1.108     markus    766:                        goto fail;
1.38      markus    767:                /* The host is new. */
                    768:                if (options.strict_host_key_checking == 1) {
1.108     markus    769:                        /*
                    770:                         * User has requested strict host key checking.  We
                    771:                         * will not add the host key automatically.  The only
                    772:                         * alternative left is to abort.
                    773:                         */
                    774:                        error("No %s host key is known for %.200s and you "
                    775:                            "have requested strict checking.", type, host);
                    776:                        goto fail;
1.38      markus    777:                } else if (options.strict_host_key_checking == 2) {
1.145     jakob     778:                        char msg1[1024], msg2[1024];
                    779:
                    780:                        if (show_other_keys(host, host_key))
                    781:                                snprintf(msg1, sizeof(msg1),
1.168     djm       782:                                    "\nbut keys of different type are already"
                    783:                                    " known for this host.");
1.145     jakob     784:                        else
                    785:                                snprintf(msg1, sizeof(msg1), ".");
1.38      markus    786:                        /* The default */
1.100     markus    787:                        fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
1.204     grunk     788:                        ra = key_fingerprint(host_key, SSH_FP_MD5,
                    789:                            SSH_FP_RANDOMART);
1.145     jakob     790:                        msg2[0] = '\0';
                    791:                        if (options.verify_host_key_dns) {
1.153     jakob     792:                                if (matching_host_key_dns)
1.145     jakob     793:                                        snprintf(msg2, sizeof(msg2),
                    794:                                            "Matching host key fingerprint"
                    795:                                            " found in DNS.\n");
                    796:                                else
                    797:                                        snprintf(msg2, sizeof(msg2),
                    798:                                            "No matching host key fingerprint"
                    799:                                            " found in DNS.\n");
                    800:                        }
1.119     markus    801:                        snprintf(msg, sizeof(msg),
1.108     markus    802:                            "The authenticity of host '%.200s (%s)' can't be "
1.132     markus    803:                            "established%s\n"
1.209     grunk     804:                            "%s key fingerprint is %s.%s%s\n%s"
1.108     markus    805:                            "Are you sure you want to continue connecting "
1.132     markus    806:                            "(yes/no)? ",
1.209     grunk     807:                            host, ip, msg1, type, fp,
                    808:                            options.visual_host_key ? "\n" : "",
                    809:                            options.visual_host_key ? ra : "",
                    810:                            msg2);
1.204     grunk     811:                        xfree(ra);
1.100     markus    812:                        xfree(fp);
1.119     markus    813:                        if (!confirm(msg))
1.108     markus    814:                                goto fail;
1.38      markus    815:                }
1.161     djm       816:                /*
                    817:                 * If not in strict mode, add the key automatically to the
                    818:                 * local known_hosts file.
                    819:                 */
1.88      markus    820:                if (options.check_host_ip && ip_status == HOST_NEW) {
1.161     djm       821:                        snprintf(hostline, sizeof(hostline), "%s,%s",
                    822:                            host, ip);
1.38      markus    823:                        hostp = hostline;
1.161     djm       824:                        if (options.hash_known_hosts) {
                    825:                                /* Add hash of host and IP separately */
                    826:                                r = add_host_to_hostfile(user_hostfile, host,
                    827:                                    host_key, options.hash_known_hosts) &&
                    828:                                    add_host_to_hostfile(user_hostfile, ip,
                    829:                                    host_key, options.hash_known_hosts);
                    830:                        } else {
                    831:                                /* Add unhashed "host,ip" */
                    832:                                r = add_host_to_hostfile(user_hostfile,
                    833:                                    hostline, host_key,
                    834:                                    options.hash_known_hosts);
                    835:                        }
                    836:                } else {
                    837:                        r = add_host_to_hostfile(user_hostfile, host, host_key,
                    838:                            options.hash_known_hosts);
1.38      markus    839:                        hostp = host;
1.161     djm       840:                }
1.38      markus    841:
1.161     djm       842:                if (!r)
1.138     itojun    843:                        logit("Failed to add the host to the list of known "
1.108     markus    844:                            "hosts (%.500s).", user_hostfile);
1.38      markus    845:                else
1.138     itojun    846:                        logit("Warning: Permanently added '%.200s' (%s) to the "
1.108     markus    847:                            "list of known hosts.", hostp, type);
1.38      markus    848:                break;
1.220     djm       849:        case HOST_REVOKED:
                    850:                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                    851:                error("@       WARNING: REVOKED HOST KEY DETECTED!               @");
                    852:                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                    853:                error("The %s host key for %s is marked as revoked.", type, host);
                    854:                error("This could mean that a stolen key is being used to");
                    855:                error("impersonate this host.");
                    856:
                    857:                /*
                    858:                 * If strict host key checking is in use, the user will have
                    859:                 * to edit the key manually and we can only abort.
                    860:                 */
                    861:                if (options.strict_host_key_checking) {
                    862:                        error("%s host key for %.200s was revoked and you have "
                    863:                            "requested strict checking.", type, host);
                    864:                        goto fail;
                    865:                }
                    866:                goto continue_unsafe;
                    867:
1.38      markus    868:        case HOST_CHANGED:
1.219     djm       869:                if (want_cert) {
                    870:                        /*
                    871:                         * This is only a debug() since it is valid to have
                    872:                         * CAs with wildcard DNS matches that don't match
                    873:                         * all hosts that one might visit.
                    874:                         */
                    875:                        debug("Host certificate authority does not "
                    876:                            "match %s in %s:%d", CA_MARKER,
                    877:                            host_file, host_line);
                    878:                        goto fail;
                    879:                }
1.197     dtucker   880:                if (readonly == ROQUIET)
                    881:                        goto fail;
1.38      markus    882:                if (options.check_host_ip && host_ip_differ) {
1.158     avsm      883:                        char *key_msg;
1.38      markus    884:                        if (ip_status == HOST_NEW)
1.158     avsm      885:                                key_msg = "is unknown";
1.38      markus    886:                        else if (ip_status == HOST_OK)
1.158     avsm      887:                                key_msg = "is unchanged";
1.38      markus    888:                        else
1.158     avsm      889:                                key_msg = "has a different value";
1.38      markus    890:                        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                    891:                        error("@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @");
                    892:                        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1.72      markus    893:                        error("The %s host key for %s has changed,", type, host);
1.208     ian       894:                        error("and the key for the corresponding IP address %s", ip);
1.158     avsm      895:                        error("%s. This could either mean that", key_msg);
1.38      markus    896:                        error("DNS SPOOFING is happening or the IP address for the host");
1.85      markus    897:                        error("and its host key have changed at the same time.");
1.88      markus    898:                        if (ip_status != HOST_NEW)
1.85      markus    899:                                error("Offending key for IP in %s:%d", ip_file, ip_line);
1.38      markus    900:                }
                    901:                /* The host key has changed. */
1.150     jakob     902:                warn_changed_key(host_key);
1.38      markus    903:                error("Add correct host key in %.100s to get rid of this message.",
1.87      markus    904:                    user_hostfile);
1.85      markus    905:                error("Offending key in %s:%d", host_file, host_line);
1.38      markus    906:
1.40      markus    907:                /*
                    908:                 * If strict host key checking is in use, the user will have
                    909:                 * to edit the key manually and we can only abort.
                    910:                 */
1.108     markus    911:                if (options.strict_host_key_checking) {
                    912:                        error("%s host key for %.200s has changed and you have "
                    913:                            "requested strict checking.", type, host);
                    914:                        goto fail;
                    915:                }
1.38      markus    916:
1.220     djm       917:  continue_unsafe:
1.40      markus    918:                /*
                    919:                 * If strict host key checking has not been requested, allow
1.144     djm       920:                 * the connection but without MITM-able authentication or
1.194     stevesk   921:                 * forwarding.
1.40      markus    922:                 */
1.38      markus    923:                if (options.password_authentication) {
1.108     markus    924:                        error("Password authentication is disabled to avoid "
                    925:                            "man-in-the-middle attacks.");
1.38      markus    926:                        options.password_authentication = 0;
1.210     dtucker   927:                        cancelled_forwarding = 1;
1.144     djm       928:                }
                    929:                if (options.kbd_interactive_authentication) {
                    930:                        error("Keyboard-interactive authentication is disabled"
                    931:                            " to avoid man-in-the-middle attacks.");
                    932:                        options.kbd_interactive_authentication = 0;
                    933:                        options.challenge_response_authentication = 0;
1.210     dtucker   934:                        cancelled_forwarding = 1;
1.144     djm       935:                }
                    936:                if (options.challenge_response_authentication) {
                    937:                        error("Challenge/response authentication is disabled"
                    938:                            " to avoid man-in-the-middle attacks.");
                    939:                        options.challenge_response_authentication = 0;
1.210     dtucker   940:                        cancelled_forwarding = 1;
1.38      markus    941:                }
                    942:                if (options.forward_agent) {
1.108     markus    943:                        error("Agent forwarding is disabled to avoid "
                    944:                            "man-in-the-middle attacks.");
1.38      markus    945:                        options.forward_agent = 0;
1.210     dtucker   946:                        cancelled_forwarding = 1;
1.83      markus    947:                }
                    948:                if (options.forward_x11) {
1.108     markus    949:                        error("X11 forwarding is disabled to avoid "
                    950:                            "man-in-the-middle attacks.");
1.83      markus    951:                        options.forward_x11 = 0;
1.210     dtucker   952:                        cancelled_forwarding = 1;
1.83      markus    953:                }
1.108     markus    954:                if (options.num_local_forwards > 0 ||
                    955:                    options.num_remote_forwards > 0) {
                    956:                        error("Port forwarding is disabled to avoid "
                    957:                            "man-in-the-middle attacks.");
                    958:                        options.num_local_forwards =
1.118     deraadt   959:                            options.num_remote_forwards = 0;
1.210     dtucker   960:                        cancelled_forwarding = 1;
1.194     stevesk   961:                }
                    962:                if (options.tun_open != SSH_TUNMODE_NO) {
                    963:                        error("Tunnel forwarding is disabled to avoid "
                    964:                            "man-in-the-middle attacks.");
                    965:                        options.tun_open = SSH_TUNMODE_NO;
1.210     dtucker   966:                        cancelled_forwarding = 1;
1.38      markus    967:                }
1.210     dtucker   968:                if (options.exit_on_forward_failure && cancelled_forwarding)
                    969:                        fatal("Error: forwarding disabled due to host key "
                    970:                            "check failure");
                    971:
1.40      markus    972:                /*
                    973:                 * XXX Should permit the user to change to use the new id.
                    974:                 * This could be done by converting the host key to an
                    975:                 * identifying sentence, tell that the host identifies itself
1.218     dtucker   976:                 * by that sentence, and ask the user if he/she wishes to
1.40      markus    977:                 * accept the authentication.
                    978:                 */
1.38      markus    979:                break;
1.132     markus    980:        case HOST_FOUND:
                    981:                fatal("internal error");
                    982:                break;
1.88      markus    983:        }
                    984:
                    985:        if (options.check_host_ip && host_status != HOST_CHANGED &&
                    986:            ip_status == HOST_CHANGED) {
1.119     markus    987:                snprintf(msg, sizeof(msg),
                    988:                    "Warning: the %s host key for '%.200s' "
                    989:                    "differs from the key for the IP address '%.128s'"
                    990:                    "\nOffending key for IP in %s:%d",
                    991:                    type, host, ip, ip_file, ip_line);
                    992:                if (host_status == HOST_OK) {
                    993:                        len = strlen(msg);
                    994:                        snprintf(msg + len, sizeof(msg) - len,
                    995:                            "\nMatching host key in %s:%d",
1.125     deraadt   996:                            host_file, host_line);
1.119     markus    997:                }
1.88      markus    998:                if (options.strict_host_key_checking == 1) {
1.143     djm       999:                        logit("%s", msg);
1.108     markus   1000:                        error("Exiting, you have requested strict checking.");
                   1001:                        goto fail;
1.88      markus   1002:                } else if (options.strict_host_key_checking == 2) {
1.119     markus   1003:                        strlcat(msg, "\nAre you sure you want "
                   1004:                            "to continue connecting (yes/no)? ", sizeof(msg));
                   1005:                        if (!confirm(msg))
1.108     markus   1006:                                goto fail;
1.119     markus   1007:                } else {
1.143     djm      1008:                        logit("%s", msg);
1.88      markus   1009:                }
1.38      markus   1010:        }
1.82      provos   1011:
                   1012:        xfree(ip);
1.189     dtucker  1013:        xfree(host);
1.108     markus   1014:        return 0;
                   1015:
                   1016: fail:
1.220     djm      1017:        if (want_cert && host_status != HOST_REVOKED) {
1.219     djm      1018:                /*
                   1019:                 * No matching certificate. Downgrade cert to raw key and
                   1020:                 * search normally.
                   1021:                 */
                   1022:                debug("No matching CA found. Retry with plain key");
                   1023:                raw_key = key_from_private(host_key);
                   1024:                if (key_drop_cert(raw_key) != 0)
                   1025:                        fatal("Couldn't drop certificate");
                   1026:                host_key = raw_key;
                   1027:                goto retry;
                   1028:        }
                   1029:        if (raw_key != NULL)
                   1030:                key_free(raw_key);
1.108     markus   1031:        xfree(ip);
1.189     dtucker  1032:        xfree(host);
1.108     markus   1033:        return -1;
                   1034: }
                   1035:
1.140     jakob    1036: /* returns 0 if key verifies or -1 if key does NOT verify */
1.108     markus   1037: int
                   1038: verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
                   1039: {
                   1040:        struct stat st;
1.153     jakob    1041:        int flags = 0;
1.140     jakob    1042:
1.219     djm      1043:        /* XXX certs are not yet supported for DNS */
                   1044:        if (!key_is_cert(host_key) && options.verify_host_key_dns &&
1.153     jakob    1045:            verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
                   1046:
                   1047:                if (flags & DNS_VERIFY_FOUND) {
                   1048:
                   1049:                        if (options.verify_host_key_dns == 1 &&
                   1050:                            flags & DNS_VERIFY_MATCH &&
                   1051:                            flags & DNS_VERIFY_SECURE)
                   1052:                                return 0;
                   1053:
                   1054:                        if (flags & DNS_VERIFY_MATCH) {
                   1055:                                matching_host_key_dns = 1;
                   1056:                        } else {
                   1057:                                warn_changed_key(host_key);
                   1058:                                error("Update the SSHFP RR in DNS with the new "
                   1059:                                    "host key to get rid of this message.");
                   1060:                        }
1.140     jakob    1061:                }
                   1062:        }
1.108     markus   1063:
                   1064:        /* return ok if the key can be found in an old keyfile */
                   1065:        if (stat(options.system_hostfile2, &st) == 0 ||
                   1066:            stat(options.user_hostfile2, &st) == 0) {
1.197     dtucker  1067:                if (check_host_key(host, hostaddr, options.port, host_key,
                   1068:                    RDONLY, options.user_hostfile2,
                   1069:                    options.system_hostfile2) == 0)
1.108     markus   1070:                        return 0;
                   1071:        }
1.197     dtucker  1072:        return check_host_key(host, hostaddr, options.port, host_key,
                   1073:            RDRW, options.user_hostfile, options.system_hostfile);
1.51      markus   1074: }
1.70      markus   1075:
1.51      markus   1076: /*
                   1077:  * Starts a dialog with the server, and authenticates the current user on the
                   1078:  * server.  This does not need any extra privileges.  The basic connection
                   1079:  * to the server must already have been established before this is called.
                   1080:  * If login fails, this function prints an error and never returns.
                   1081:  * This function does not require super-user privileges.
                   1082:  */
                   1083: void
1.120     markus   1084: ssh_login(Sensitive *sensitive, const char *orighost,
1.202     djm      1085:     struct sockaddr *hostaddr, struct passwd *pw, int timeout_ms)
1.51      markus   1086: {
                   1087:        char *host, *cp;
1.70      markus   1088:        char *server_user, *local_user;
                   1089:
                   1090:        local_user = xstrdup(pw->pw_name);
                   1091:        server_user = options.user ? options.user : local_user;
1.51      markus   1092:
                   1093:        /* Convert the user-supplied hostname into all lowercase. */
                   1094:        host = xstrdup(orighost);
                   1095:        for (cp = host; *cp; cp++)
                   1096:                if (isupper(*cp))
1.178     deraadt  1097:                        *cp = (char)tolower(*cp);
1.51      markus   1098:
                   1099:        /* Exchange protocol version identification strings with the server. */
1.202     djm      1100:        ssh_exchange_identification(timeout_ms);
1.51      markus   1101:
                   1102:        /* Put the connection into non-blocking mode. */
                   1103:        packet_set_nonblocking();
                   1104:
                   1105:        /* key exchange */
                   1106:        /* authenticate user */
1.59      markus   1107:        if (compat20) {
                   1108:                ssh_kex2(host, hostaddr);
1.120     markus   1109:                ssh_userauth2(local_user, server_user, host, sensitive);
1.59      markus   1110:        } else {
                   1111:                ssh_kex(host, hostaddr);
1.120     markus   1112:                ssh_userauth1(local_user, server_user, host, sensitive);
1.59      markus   1113:        }
1.182     markus   1114:        xfree(local_user);
1.97      markus   1115: }
                   1116:
                   1117: void
                   1118: ssh_put_password(char *password)
                   1119: {
                   1120:        int size;
                   1121:        char *padded;
                   1122:
1.99      deraadt  1123:        if (datafellows & SSH_BUG_PASSWORDPAD) {
1.107     markus   1124:                packet_put_cstring(password);
1.99      deraadt  1125:                return;
                   1126:        }
1.97      markus   1127:        size = roundup(strlen(password) + 1, 32);
1.179     djm      1128:        padded = xcalloc(1, size);
1.97      markus   1129:        strlcpy(padded, password, size);
                   1130:        packet_put_string(padded, size);
                   1131:        memset(padded, 0, size);
                   1132:        xfree(padded);
1.132     markus   1133: }
                   1134:
                   1135: static int
                   1136: show_key_from_file(const char *file, const char *host, int keytype)
                   1137: {
                   1138:        Key *found;
1.204     grunk    1139:        char *fp, *ra;
1.132     markus   1140:        int line, ret;
                   1141:
                   1142:        found = key_new(keytype);
                   1143:        if ((ret = lookup_key_in_hostfile_by_type(file, host,
                   1144:            keytype, found, &line))) {
                   1145:                fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
1.204     grunk    1146:                ra = key_fingerprint(found, SSH_FP_MD5, SSH_FP_RANDOMART);
1.138     itojun   1147:                logit("WARNING: %s key found for host %s\n"
1.133     markus   1148:                    "in %s:%d\n"
1.204     grunk    1149:                    "%s key fingerprint %s.\n%s\n",
1.132     markus   1150:                    key_type(found), host, file, line,
1.204     grunk    1151:                    key_type(found), fp, ra);
                   1152:                xfree(ra);
1.132     markus   1153:                xfree(fp);
                   1154:        }
                   1155:        key_free(found);
                   1156:        return (ret);
                   1157: }
                   1158:
                   1159: /* print all known host keys for a given host, but skip keys of given type */
                   1160: static int
                   1161: show_other_keys(const char *host, Key *key)
                   1162: {
1.225   ! djm      1163:        int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, -1};
1.132     markus   1164:        int i, found = 0;
                   1165:
                   1166:        for (i = 0; type[i] != -1; i++) {
                   1167:                if (type[i] == key->type)
                   1168:                        continue;
                   1169:                if (type[i] != KEY_RSA1 &&
                   1170:                    show_key_from_file(options.user_hostfile2, host, type[i])) {
                   1171:                        found = 1;
                   1172:                        continue;
                   1173:                }
                   1174:                if (type[i] != KEY_RSA1 &&
                   1175:                    show_key_from_file(options.system_hostfile2, host, type[i])) {
                   1176:                        found = 1;
                   1177:                        continue;
                   1178:                }
                   1179:                if (show_key_from_file(options.user_hostfile, host, type[i])) {
                   1180:                        found = 1;
                   1181:                        continue;
                   1182:                }
                   1183:                if (show_key_from_file(options.system_hostfile, host, type[i])) {
                   1184:                        found = 1;
                   1185:                        continue;
                   1186:                }
                   1187:                debug2("no key of type %d for host %s", type[i], host);
                   1188:        }
                   1189:        return (found);
1.150     jakob    1190: }
                   1191:
                   1192: static void
                   1193: warn_changed_key(Key *host_key)
                   1194: {
                   1195:        char *fp;
1.151     jakob    1196:        const char *type = key_type(host_key);
1.150     jakob    1197:
                   1198:        fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
                   1199:
                   1200:        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                   1201:        error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
                   1202:        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                   1203:        error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
                   1204:        error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
                   1205:        error("It is also possible that the %s host key has just been changed.", type);
                   1206:        error("The fingerprint for the %s key sent by the remote host is\n%s.",
                   1207:            type, fp);
                   1208:        error("Please contact your system administrator.");
                   1209:
                   1210:        xfree(fp);
1.171     reyk     1211: }
                   1212:
                   1213: /*
                   1214:  * Execute a local command
                   1215:  */
                   1216: int
                   1217: ssh_local_cmd(const char *args)
                   1218: {
                   1219:        char *shell;
                   1220:        pid_t pid;
                   1221:        int status;
                   1222:
                   1223:        if (!options.permit_local_command ||
                   1224:            args == NULL || !*args)
                   1225:                return (1);
                   1226:
                   1227:        if ((shell = getenv("SHELL")) == NULL)
                   1228:                shell = _PATH_BSHELL;
                   1229:
                   1230:        pid = fork();
                   1231:        if (pid == 0) {
                   1232:                debug3("Executing %s -c \"%s\"", shell, args);
                   1233:                execl(shell, shell, "-c", args, (char *)NULL);
                   1234:                error("Couldn't execute %s -c \"%s\": %s",
                   1235:                    shell, args, strerror(errno));
                   1236:                _exit(1);
                   1237:        } else if (pid == -1)
                   1238:                fatal("fork failed: %.100s", strerror(errno));
                   1239:        while (waitpid(pid, &status, 0) == -1)
                   1240:                if (errno != EINTR)
                   1241:                        fatal("Couldn't wait for child: %s", strerror(errno));
                   1242:
                   1243:        if (!WIFEXITED(status))
                   1244:                return (1);
                   1245:
                   1246:        return (WEXITSTATUS(status));
1.1       deraadt  1247: }