[BACK]Return to sshconnect.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Annotation of src/usr.bin/ssh/sshconnect.c, Revision 1.294

1.294   ! djm         1: /* $OpenBSD: sshconnect.c,v 1.293 2018/02/07 22:52:45 dtucker Exp $ */
1.1       deraadt     2: /*
1.39      deraadt     3:  * Author: Tatu Ylonen <ylo@cs.hut.fi>
                      4:  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                      5:  *                    All rights reserved
                      6:  * Code to connect to a remote host, and to perform the client side of the
                      7:  * login (authentication) dialog.
1.78      deraadt     8:  *
                      9:  * As far as I am concerned, the code I have written for this software
                     10:  * can be used freely for any purpose.  Any derived versions of this
                     11:  * software must be clearly marked as such, and if the derived work is
                     12:  * incompatible with the protocol description in the RFC file, it must be
                     13:  * called by a name other than "ssh" or "Secure Shell".
1.39      deraadt    14:  */
1.1       deraadt    15:
1.174     stevesk    16: #include <sys/types.h>
                     17: #include <sys/wait.h>
1.175     stevesk    18: #include <sys/stat.h>
1.187     stevesk    19: #include <sys/socket.h>
1.195     stevesk    20: #include <sys/time.h>
1.187     stevesk    21:
                     22: #include <netinet/in.h>
1.172     stevesk    23:
1.176     stevesk    24: #include <ctype.h>
1.190     stevesk    25: #include <errno.h>
1.216     dtucker    26: #include <fcntl.h>
1.191     stevesk    27: #include <netdb.h>
1.172     stevesk    28: #include <paths.h>
1.282     djm        29: #include <poll.h>
1.199     deraadt    30: #include <signal.h>
1.188     stevesk    31: #include <pwd.h>
1.198     stevesk    32: #include <stdio.h>
1.196     stevesk    33: #include <stdlib.h>
1.193     stevesk    34: #include <string.h>
1.192     stevesk    35: #include <unistd.h>
1.71      markus     36:
1.199     deraadt    37: #include "xmalloc.h"
1.91      markus     38: #include "ssh.h"
1.59      markus     39: #include "buffer.h"
1.1       deraadt    40: #include "packet.h"
                     41: #include "uidswap.h"
1.21      markus     42: #include "compat.h"
1.58      markus     43: #include "key.h"
1.71      markus     44: #include "sshconnect.h"
1.58      markus     45: #include "hostfile.h"
1.91      markus     46: #include "log.h"
1.251     millert    47: #include "misc.h"
1.91      markus     48: #include "readconf.h"
                     49: #include "atomicio.h"
1.140     jakob      50: #include "dns.h"
1.239     djm        51: #include "monitor_fdpass.h"
1.219     djm        52: #include "ssh2.h"
1.186     stevesk    53: #include "version.h"
1.252     djm        54: #include "authfile.h"
                     55: #include "ssherr.h"
1.266     jcs        56: #include "authfd.h"
1.140     jakob      57:
1.70      markus     58: char *client_version_string = NULL;
                     59: char *server_version_string = NULL;
1.279     markus     60: struct sshkey *previous_host_key = NULL;
1.59      markus     61:
1.169     stevesk    62: static int matching_host_key_dns = 0;
1.145     jakob      63:
1.227     djm        64: static pid_t proxy_command_pid = 0;
                     65:
1.124     markus     66: /* import */
1.43      markus     67: extern Options options;
1.50      markus     68: extern char *__progname;
1.124     markus     69: extern uid_t original_real_uid;
                     70: extern uid_t original_effective_uid;
1.91      markus     71:
1.279     markus     72: static int show_other_keys(struct hostkeys *, struct sshkey *);
                     73: static void warn_changed_key(struct sshkey *);
1.132     markus     74:
1.239     djm        75: /* Expand a proxy command */
                     76: static char *
                     77: expand_proxy_command(const char *proxy_command, const char *user,
                     78:     const char *host, int port)
                     79: {
                     80:        char *tmp, *ret, strport[NI_MAXSERV];
                     81:
1.241     djm        82:        snprintf(strport, sizeof strport, "%d", port);
1.239     djm        83:        xasprintf(&tmp, "exec %s", proxy_command);
                     84:        ret = percent_expand(tmp, "h", host, "p", strport,
                     85:            "r", options.user, (char *)NULL);
                     86:        free(tmp);
                     87:        return ret;
                     88: }
                     89:
                     90: /*
                     91:  * Connect to the given ssh server using a proxy command that passes a
                     92:  * a connected fd back to us.
                     93:  */
                     94: static int
1.286     djm        95: ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port,
1.239     djm        96:     const char *proxy_command)
                     97: {
                     98:        char *command_string;
                     99:        int sp[2], sock;
                    100:        pid_t pid;
                    101:        char *shell;
                    102:
                    103:        if ((shell = getenv("SHELL")) == NULL)
                    104:                shell = _PATH_BSHELL;
                    105:
                    106:        if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0)
                    107:                fatal("Could not create socketpair to communicate with "
                    108:                    "proxy dialer: %.100s", strerror(errno));
                    109:
                    110:        command_string = expand_proxy_command(proxy_command, options.user,
                    111:            host, port);
                    112:        debug("Executing proxy dialer command: %.500s", command_string);
                    113:
                    114:        /* Fork and execute the proxy command. */
                    115:        if ((pid = fork()) == 0) {
                    116:                char *argv[10];
                    117:
                    118:                /* Child.  Permanently give up superuser privileges. */
                    119:                permanently_drop_suid(original_real_uid);
                    120:
                    121:                close(sp[1]);
                    122:                /* Redirect stdin and stdout. */
                    123:                if (sp[0] != 0) {
                    124:                        if (dup2(sp[0], 0) < 0)
                    125:                                perror("dup2 stdin");
                    126:                }
                    127:                if (sp[0] != 1) {
                    128:                        if (dup2(sp[0], 1) < 0)
                    129:                                perror("dup2 stdout");
                    130:                }
                    131:                if (sp[0] >= 2)
                    132:                        close(sp[0]);
                    133:
                    134:                /*
                    135:                 * Stderr is left as it is so that error messages get
                    136:                 * printed on the user's terminal.
                    137:                 */
                    138:                argv[0] = shell;
                    139:                argv[1] = "-c";
                    140:                argv[2] = command_string;
                    141:                argv[3] = NULL;
                    142:
                    143:                /*
                    144:                 * Execute the proxy command.
                    145:                 * Note that we gave up any extra privileges above.
                    146:                 */
                    147:                execv(argv[0], argv);
                    148:                perror(argv[0]);
                    149:                exit(1);
                    150:        }
                    151:        /* Parent. */
                    152:        if (pid < 0)
                    153:                fatal("fork failed: %.100s", strerror(errno));
                    154:        close(sp[0]);
                    155:        free(command_string);
                    156:
                    157:        if ((sock = mm_receive_fd(sp[1])) == -1)
                    158:                fatal("proxy dialer did not pass back a connection");
1.271     markus    159:        close(sp[1]);
1.239     djm       160:
                    161:        while (waitpid(pid, NULL, 0) == -1)
                    162:                if (errno != EINTR)
                    163:                        fatal("Couldn't wait for child: %s", strerror(errno));
                    164:
                    165:        /* Set the connection file descriptors. */
1.286     djm       166:        if (ssh_packet_set_connection(ssh, sock, sock) == NULL)
                    167:                return -1; /* ssh_packet_set_connection logs error */
1.239     djm       168:
                    169:        return 0;
                    170: }
                    171:
1.39      deraadt   172: /*
                    173:  * Connect to the given ssh server using a proxy command.
                    174:  */
1.109     itojun    175: static int
1.286     djm       176: ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
                    177:     const char *proxy_command)
1.1       deraadt   178: {
1.239     djm       179:        char *command_string;
1.38      markus    180:        int pin[2], pout[2];
1.69      deraadt   181:        pid_t pid;
1.239     djm       182:        char *shell;
1.237     markus    183:
1.226     djm       184:        if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
1.201     djm       185:                shell = _PATH_BSHELL;
1.38      markus    186:
                    187:        /* Create pipes for communicating with the proxy. */
                    188:        if (pipe(pin) < 0 || pipe(pout) < 0)
                    189:                fatal("Could not create pipes to communicate with the proxy: %.100s",
1.118     deraadt   190:                    strerror(errno));
1.38      markus    191:
1.239     djm       192:        command_string = expand_proxy_command(proxy_command, options.user,
                    193:            host, port);
1.38      markus    194:        debug("Executing proxy command: %.500s", command_string);
                    195:
                    196:        /* Fork and execute the proxy command. */
                    197:        if ((pid = fork()) == 0) {
                    198:                char *argv[10];
                    199:
                    200:                /* Child.  Permanently give up superuser privileges. */
1.184     markus    201:                permanently_drop_suid(original_real_uid);
1.38      markus    202:
                    203:                /* Redirect stdin and stdout. */
                    204:                close(pin[1]);
                    205:                if (pin[0] != 0) {
                    206:                        if (dup2(pin[0], 0) < 0)
                    207:                                perror("dup2 stdin");
                    208:                        close(pin[0]);
                    209:                }
                    210:                close(pout[0]);
                    211:                if (dup2(pout[1], 1) < 0)
                    212:                        perror("dup2 stdout");
                    213:                /* Cannot be 1 because pin allocated two descriptors. */
                    214:                close(pout[1]);
                    215:
                    216:                /* Stderr is left as it is so that error messages get
                    217:                   printed on the user's terminal. */
1.201     djm       218:                argv[0] = shell;
1.38      markus    219:                argv[1] = "-c";
                    220:                argv[2] = command_string;
                    221:                argv[3] = NULL;
                    222:
                    223:                /* Execute the proxy command.  Note that we gave up any
                    224:                   extra privileges above. */
1.232     djm       225:                signal(SIGPIPE, SIG_DFL);
1.89      markus    226:                execv(argv[0], argv);
                    227:                perror(argv[0]);
1.38      markus    228:                exit(1);
                    229:        }
                    230:        /* Parent. */
                    231:        if (pid < 0)
                    232:                fatal("fork failed: %.100s", strerror(errno));
1.135     djm       233:        else
                    234:                proxy_command_pid = pid; /* save pid to clean up later */
1.38      markus    235:
                    236:        /* Close child side of the descriptors. */
                    237:        close(pin[0]);
                    238:        close(pout[1]);
                    239:
                    240:        /* Free the command name. */
1.238     djm       241:        free(command_string);
1.38      markus    242:
                    243:        /* Set the connection file descriptors. */
1.286     djm       244:        if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == NULL)
                    245:                return -1; /* ssh_packet_set_connection logs error */
1.1       deraadt   246:
1.110     markus    247:        return 0;
1.227     djm       248: }
                    249:
                    250: void
                    251: ssh_kill_proxy_command(void)
                    252: {
                    253:        /*
                    254:         * Send SIGHUP to proxy command if used. We don't wait() in
                    255:         * case it hangs and instead rely on init to reap the child
                    256:         */
                    257:        if (proxy_command_pid > 1)
1.228     djm       258:                kill(proxy_command_pid, SIGHUP);
1.1       deraadt   259: }
                    260:
1.39      deraadt   261: /*
                    262:  * Creates a (possibly privileged) socket for use as the ssh connection.
                    263:  */
1.109     itojun    264: static int
1.139     markus    265: ssh_create_socket(int privileged, struct addrinfo *ai)
1.1       deraadt   266: {
1.240     djm       267:        int sock, r, gaierr;
1.246     djm       268:        struct addrinfo hints, *res = NULL;
1.1       deraadt   269:
1.217     dtucker   270:        sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1.216     dtucker   271:        if (sock < 0) {
1.240     djm       272:                error("socket: %s", strerror(errno));
1.216     dtucker   273:                return -1;
                    274:        }
                    275:        fcntl(sock, F_SETFD, FD_CLOEXEC);
1.105     markus    276:
                    277:        /* Bind the socket to an alternative local IP address */
1.240     djm       278:        if (options.bind_address == NULL && !privileged)
1.105     markus    279:                return sock;
                    280:
1.246     djm       281:        if (options.bind_address) {
                    282:                memset(&hints, 0, sizeof(hints));
                    283:                hints.ai_family = ai->ai_family;
                    284:                hints.ai_socktype = ai->ai_socktype;
                    285:                hints.ai_protocol = ai->ai_protocol;
                    286:                hints.ai_flags = AI_PASSIVE;
                    287:                gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
                    288:                if (gaierr) {
                    289:                        error("getaddrinfo: %s: %s", options.bind_address,
                    290:                            ssh_gai_strerror(gaierr));
                    291:                        close(sock);
                    292:                        return -1;
                    293:                }
1.105     markus    294:        }
1.240     djm       295:        /*
                    296:         * If we are running as root and want to connect to a privileged
                    297:         * port, bind our own socket to a privileged port.
                    298:         */
                    299:        if (privileged) {
                    300:                PRIV_START;
1.246     djm       301:                r = bindresvport_sa(sock, res ? res->ai_addr : NULL);
1.240     djm       302:                PRIV_END;
                    303:                if (r < 0) {
                    304:                        error("bindresvport_sa: af=%d %s", ai->ai_family,
                    305:                            strerror(errno));
                    306:                        goto fail;
                    307:                }
                    308:        } else {
                    309:                if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
                    310:                        error("bind: %s: %s", options.bind_address,
                    311:                            strerror(errno));
                    312:  fail:
                    313:                        close(sock);
                    314:                        freeaddrinfo(res);
                    315:                        return -1;
                    316:                }
1.38      markus    317:        }
1.246     djm       318:        if (res != NULL)
                    319:                freeaddrinfo(res);
1.38      markus    320:        return sock;
1.1       deraadt   321: }
                    322:
1.282     djm       323: /*
                    324:  * Wait up to *timeoutp milliseconds for fd to be readable. Updates
                    325:  * *timeoutp with time remaining.
                    326:  * Returns 0 if fd ready or -1 on timeout or error (see errno).
                    327:  */
                    328: static int
                    329: waitrfd(int fd, int *timeoutp)
                    330: {
                    331:        struct pollfd pfd;
                    332:        struct timeval t_start;
                    333:        int oerrno, r;
                    334:
1.288     dtucker   335:        monotime_tv(&t_start);
1.282     djm       336:        pfd.fd = fd;
                    337:        pfd.events = POLLIN;
                    338:        for (; *timeoutp >= 0;) {
                    339:                r = poll(&pfd, 1, *timeoutp);
                    340:                oerrno = errno;
                    341:                ms_subtract_diff(&t_start, timeoutp);
                    342:                errno = oerrno;
                    343:                if (r > 0)
                    344:                        return 0;
                    345:                else if (r == -1 && errno != EAGAIN)
                    346:                        return -1;
                    347:                else if (r == 0)
                    348:                        break;
                    349:        }
                    350:        /* timeout */
                    351:        errno = ETIMEDOUT;
                    352:        return -1;
                    353: }
                    354:
1.141     djm       355: static int
                    356: timeout_connect(int sockfd, const struct sockaddr *serv_addr,
1.202     djm       357:     socklen_t addrlen, int *timeoutp)
1.141     djm       358: {
1.282     djm       359:        int optval = 0;
                    360:        socklen_t optlen = sizeof(optval);
1.141     djm       361:
1.282     djm       362:        /* No timeout: just do a blocking connect() */
                    363:        if (*timeoutp <= 0)
                    364:                return connect(sockfd, serv_addr, addrlen);
1.141     djm       365:
1.156     djm       366:        set_nonblock(sockfd);
1.282     djm       367:        if (connect(sockfd, serv_addr, addrlen) == 0) {
                    368:                /* Succeeded already? */
1.156     djm       369:                unset_nonblock(sockfd);
1.282     djm       370:                return 0;
                    371:        } else if (errno != EINPROGRESS)
                    372:                return -1;
                    373:
                    374:        if (waitrfd(sockfd, timeoutp) == -1)
                    375:                return -1;
1.141     djm       376:
1.282     djm       377:        /* Completed or failed */
                    378:        if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1) {
                    379:                debug("getsockopt: %s", strerror(errno));
                    380:                return -1;
1.141     djm       381:        }
1.282     djm       382:        if (optval != 0) {
                    383:                errno = optval;
                    384:                return -1;
1.202     djm       385:        }
1.282     djm       386:        unset_nonblock(sockfd);
                    387:        return 0;
1.141     djm       388: }
                    389:
1.39      deraadt   390: /*
1.49      markus    391:  * Opens a TCP/IP connection to the remote server on the given host.
                    392:  * The address of the remote host will be returned in hostaddr.
1.124     markus    393:  * If port is 0, the default port will be used.  If needpriv is true,
1.39      deraadt   394:  * a privileged port will be allocated to make the connection.
1.124     markus    395:  * This requires super-user privileges if needpriv is true.
1.39      deraadt   396:  * Connection_attempts specifies the maximum number of tries (one per
                    397:  * second).  If proxy_command is non-NULL, it specifies the command (with %h
                    398:  * and %p substituted for host and port, respectively) to use to contact
                    399:  * the daemon.
                    400:  */
1.241     djm       401: static int
1.286     djm       402: ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
1.241     djm       403:     struct sockaddr_storage *hostaddr, u_short port, int family,
                    404:     int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv)
1.1       deraadt   405: {
1.90      markus    406:        int on = 1;
1.290     djm       407:        int oerrno, sock = -1, attempt;
1.90      markus    408:        char ntop[NI_MAXHOST], strport[NI_MAXSERV];
1.241     djm       409:        struct addrinfo *ai;
1.38      markus    410:
1.265     djm       411:        debug2("%s: needpriv %d", __func__, needpriv);
1.268     djm       412:        memset(ntop, 0, sizeof(ntop));
                    413:        memset(strport, 0, sizeof(strport));
1.38      markus    414:
1.181     markus    415:        for (attempt = 0; attempt < connection_attempts; attempt++) {
1.200     markus    416:                if (attempt > 0) {
                    417:                        /* Sleep a moment before retrying. */
                    418:                        sleep(1);
1.38      markus    419:                        debug("Trying again...");
1.200     markus    420:                }
1.181     markus    421:                /*
                    422:                 * Loop through addresses for this host, and try each one in
                    423:                 * sequence until the connection succeeds.
                    424:                 */
1.49      markus    425:                for (ai = aitop; ai; ai = ai->ai_next) {
1.241     djm       426:                        if (ai->ai_family != AF_INET &&
1.290     djm       427:                            ai->ai_family != AF_INET6) {
                    428:                                errno = EAFNOSUPPORT;
1.49      markus    429:                                continue;
1.290     djm       430:                        }
1.49      markus    431:                        if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
                    432:                            ntop, sizeof(ntop), strport, sizeof(strport),
                    433:                            NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
1.290     djm       434:                                oerrno = errno;
1.265     djm       435:                                error("%s: getnameinfo failed", __func__);
1.290     djm       436:                                errno = oerrno;
1.49      markus    437:                                continue;
                    438:                        }
                    439:                        debug("Connecting to %.200s [%.100s] port %s.",
                    440:                                host, ntop, strport);
                    441:
                    442:                        /* Create a socket for connecting. */
1.139     markus    443:                        sock = ssh_create_socket(needpriv, ai);
1.292     stsp      444:                        if (sock < 0) {
1.110     markus    445:                                /* Any error is already output */
1.290     djm       446:                                errno = 0;
1.49      markus    447:                                continue;
1.292     stsp      448:                        }
1.49      markus    449:
1.141     djm       450:                        if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
1.202     djm       451:                            timeout_ms) >= 0) {
1.49      markus    452:                                /* Successful connection. */
1.102     markus    453:                                memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
1.38      markus    454:                                break;
1.49      markus    455:                        } else {
1.290     djm       456:                                oerrno = errno;
1.131     itojun    457:                                debug("connect to address %s port %s: %s",
                    458:                                    ntop, strport, strerror(errno));
1.38      markus    459:                                close(sock);
1.181     markus    460:                                sock = -1;
1.290     djm       461:                                errno = oerrno;
1.38      markus    462:                        }
                    463:                }
1.181     markus    464:                if (sock != -1)
1.49      markus    465:                        break;  /* Successful connection. */
1.38      markus    466:        }
1.49      markus    467:
1.38      markus    468:        /* Return failure if we didn't get a successful connection. */
1.181     markus    469:        if (sock == -1) {
1.159     markus    470:                error("ssh: connect to host %s port %s: %s",
1.290     djm       471:                    host, strport, errno == 0 ? "failure" : strerror(errno));
                    472:                return -1;
1.130     itojun    473:        }
1.38      markus    474:
                    475:        debug("Connection established.");
1.90      markus    476:
1.155     markus    477:        /* Set SO_KEEPALIVE if requested. */
1.202     djm       478:        if (want_keepalive &&
1.90      markus    479:            setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
                    480:            sizeof(on)) < 0)
                    481:                error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
1.38      markus    482:
                    483:        /* Set the connection. */
1.286     djm       484:        if (ssh_packet_set_connection(ssh, sock, sock) == NULL)
                    485:                return -1; /* ssh_packet_set_connection logs error */
1.1       deraadt   486:
1.286     djm       487:         return 0;
1.59      markus    488: }
                    489:
1.241     djm       490: int
1.286     djm       491: ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs,
1.241     djm       492:     struct sockaddr_storage *hostaddr, u_short port, int family,
                    493:     int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv)
                    494: {
                    495:        if (options.proxy_command == NULL) {
1.286     djm       496:                return ssh_connect_direct(ssh, host, addrs, hostaddr, port,
                    497:                    family, connection_attempts, timeout_ms, want_keepalive,
                    498:                    needpriv);
1.241     djm       499:        } else if (strcmp(options.proxy_command, "-") == 0) {
1.286     djm       500:                if ((ssh_packet_set_connection(ssh,
                    501:                    STDIN_FILENO, STDOUT_FILENO)) == NULL)
                    502:                        return -1; /* ssh_packet_set_connection logs error */
                    503:                return 0;
1.241     djm       504:        } else if (options.proxy_use_fdpass) {
1.286     djm       505:                return ssh_proxy_fdpass_connect(ssh, host, port,
1.241     djm       506:                    options.proxy_command);
                    507:        }
1.286     djm       508:        return ssh_proxy_connect(ssh, host, port, options.proxy_command);
1.241     djm       509: }
                    510:
1.235     djm       511: static void
                    512: send_client_banner(int connection_out, int minor1)
                    513: {
                    514:        /* Send our own protocol version identification. */
1.276     djm       515:        xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
                    516:            PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
1.270     markus    517:        if (atomicio(vwrite, connection_out, client_version_string,
1.235     djm       518:            strlen(client_version_string)) != strlen(client_version_string))
                    519:                fatal("write: %.100s", strerror(errno));
                    520:        chop(client_version_string);
                    521:        debug("Local version string %.100s", client_version_string);
                    522: }
                    523:
1.43      markus    524: /*
1.39      deraadt   525:  * Waits for the server identification string, and sends our own
                    526:  * identification string.
                    527:  */
1.213     andreas   528: void
1.202     djm       529: ssh_exchange_identification(int timeout_ms)
1.1       deraadt   530: {
1.38      markus    531:        char buf[256], remote_version[256];     /* must be same size! */
1.165     djm       532:        int remote_major, remote_minor, mismatch;
1.38      markus    533:        int connection_in = packet_get_connection_in();
                    534:        int connection_out = packet_get_connection_out();
1.185     djm       535:        u_int i, n;
1.202     djm       536:        size_t len;
1.282     djm       537:        int rc;
1.38      markus    538:
1.275     djm       539:        send_client_banner(connection_out, 0);
1.235     djm       540:
1.163     avsm      541:        /* Read other side's version identification. */
1.185     djm       542:        for (n = 0;;) {
1.75      markus    543:                for (i = 0; i < sizeof(buf) - 1; i++) {
1.202     djm       544:                        if (timeout_ms > 0) {
1.282     djm       545:                                rc = waitrfd(connection_in, &timeout_ms);
                    546:                                if (rc == -1 && errno == ETIMEDOUT) {
1.202     djm       547:                                        fatal("Connection timed out during "
                    548:                                            "banner exchange");
1.282     djm       549:                                } else if (rc == -1) {
                    550:                                        fatal("%s: %s",
                    551:                                            __func__, strerror(errno));
1.202     djm       552:                                }
                    553:                        }
                    554:
1.270     markus    555:                        len = atomicio(read, connection_in, &buf[i], 1);
1.167     djm       556:                        if (len != 1 && errno == EPIPE)
1.202     djm       557:                                fatal("ssh_exchange_identification: "
                    558:                                    "Connection closed by remote host");
1.163     avsm      559:                        else if (len != 1)
1.202     djm       560:                                fatal("ssh_exchange_identification: "
                    561:                                    "read: %.100s", strerror(errno));
1.75      markus    562:                        if (buf[i] == '\r') {
                    563:                                buf[i] = '\n';
                    564:                                buf[i + 1] = 0;
                    565:                                continue;               /**XXX wait for \n */
                    566:                        }
                    567:                        if (buf[i] == '\n') {
                    568:                                buf[i + 1] = 0;
                    569:                                break;
                    570:                        }
1.185     djm       571:                        if (++n > 65536)
1.202     djm       572:                                fatal("ssh_exchange_identification: "
                    573:                                    "No banner received");
1.38      markus    574:                }
1.75      markus    575:                buf[sizeof(buf) - 1] = 0;
1.76      markus    576:                if (strncmp(buf, "SSH-", 4) == 0)
1.38      markus    577:                        break;
1.75      markus    578:                debug("ssh_exchange_identification: %s", buf);
1.38      markus    579:        }
1.59      markus    580:        server_version_string = xstrdup(buf);
1.38      markus    581:
1.40      markus    582:        /*
                    583:         * Check that the versions match.  In future this might accept
                    584:         * several versions and set appropriate flags to handle them.
                    585:         */
1.59      markus    586:        if (sscanf(server_version_string, "SSH-%d.%d-%[^\n]\n",
                    587:            &remote_major, &remote_minor, remote_version) != 3)
1.38      markus    588:                fatal("Bad remote protocol version identification: '%.100s'", buf);
                    589:        debug("Remote protocol version %d.%d, remote software version %.100s",
1.118     deraadt   590:            remote_major, remote_minor, remote_version);
1.38      markus    591:
1.255     markus    592:        active_state->compat = compat_datafellows(remote_version);
1.64      markus    593:        mismatch = 0;
1.59      markus    594:
1.116     deraadt   595:        switch (remote_major) {
1.276     djm       596:        case 2:
                    597:                break;
1.64      markus    598:        case 1:
1.276     djm       599:                if (remote_minor != 99)
1.64      markus    600:                        mismatch = 1;
                    601:                break;
1.68      markus    602:        default:
1.64      markus    603:                mismatch = 1;
                    604:                break;
1.38      markus    605:        }
1.64      markus    606:        if (mismatch)
1.38      markus    607:                fatal("Protocol major versions differ: %d vs. %d",
1.275     djm       608:                    PROTOCOL_MAJOR_2, remote_major);
1.243     djm       609:        if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
                    610:                logit("Server version \"%.100s\" uses unsafe RSA signature "
                    611:                    "scheme; disabling use of RSA keys", remote_version);
1.59      markus    612:        chop(server_version_string);
1.1       deraadt   613: }
                    614:
1.96      markus    615: /* defaults to 'no' */
1.109     itojun    616: static int
1.112     markus    617: confirm(const char *prompt)
1.1       deraadt   618: {
1.119     markus    619:        const char *msg, *again = "Please type 'yes' or 'no': ";
                    620:        char *p;
                    621:        int ret = -1;
1.96      markus    622:
                    623:        if (options.batch_mode)
                    624:                return 0;
1.119     markus    625:        for (msg = prompt;;msg = again) {
                    626:                p = read_passphrase(msg, RP_ECHO);
1.289     djm       627:                if (p == NULL)
                    628:                        return 0;
                    629:                p[strcspn(p, "\n")] = '\0';
                    630:                if (p[0] == '\0' || strcasecmp(p, "no") == 0)
1.119     markus    631:                        ret = 0;
1.289     djm       632:                else if (strcasecmp(p, "yes") == 0)
1.119     markus    633:                        ret = 1;
1.238     djm       634:                free(p);
1.119     markus    635:                if (ret != -1)
                    636:                        return ret;
1.1       deraadt   637:        }
                    638: }
                    639:
1.219     djm       640: static int
1.279     markus    641: check_host_cert(const char *host, const struct sshkey *host_key)
1.219     djm       642: {
                    643:        const char *reason;
                    644:
                    645:        if (key_cert_check_authority(host_key, 1, 0, host, &reason) != 0) {
                    646:                error("%s", reason);
                    647:                return 0;
                    648:        }
1.249     djm       649:        if (buffer_len(host_key->cert->critical) != 0) {
1.223     djm       650:                error("Certificate for %s contains unsupported "
                    651:                    "critical options(s)", host);
1.219     djm       652:                return 0;
                    653:        }
                    654:        return 1;
                    655: }
                    656:
1.229     djm       657: static int
                    658: sockaddr_is_local(struct sockaddr *hostaddr)
                    659: {
                    660:        switch (hostaddr->sa_family) {
                    661:        case AF_INET:
                    662:                return (ntohl(((struct sockaddr_in *)hostaddr)->
                    663:                    sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
                    664:        case AF_INET6:
                    665:                return IN6_IS_ADDR_LOOPBACK(
                    666:                    &(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
                    667:        default:
                    668:                return 0;
                    669:        }
                    670: }
                    671:
                    672: /*
                    673:  * Prepare the hostname and ip address strings that are used to lookup
                    674:  * host keys in known_hosts files. These may have a port number appended.
                    675:  */
                    676: void
                    677: get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
                    678:     u_short port, char **hostfile_hostname, char **hostfile_ipaddr)
                    679: {
                    680:        char ntop[NI_MAXHOST];
                    681:
                    682:        /*
                    683:         * We don't have the remote ip-address for connections
                    684:         * using a proxy command
                    685:         */
                    686:        if (hostfile_ipaddr != NULL) {
                    687:                if (options.proxy_command == NULL) {
                    688:                        if (getnameinfo(hostaddr, hostaddr->sa_len,
                    689:                            ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0)
1.259     djm       690:                        fatal("%s: getnameinfo failed", __func__);
1.229     djm       691:                        *hostfile_ipaddr = put_host_port(ntop, port);
                    692:                } else {
                    693:                        *hostfile_ipaddr = xstrdup("<no hostip for proxy "
                    694:                            "command>");
                    695:                }
                    696:        }
                    697:
                    698:        /*
                    699:         * Allow the user to record the key under a different name or
                    700:         * differentiate a non-standard port.  This is useful for ssh
                    701:         * tunneling over forwarded connections or if you run multiple
                    702:         * sshd's on different ports on the same machine.
                    703:         */
                    704:        if (hostfile_hostname != NULL) {
                    705:                if (options.host_key_alias != NULL) {
                    706:                        *hostfile_hostname = xstrdup(options.host_key_alias);
                    707:                        debug("using hostkeyalias: %s", *hostfile_hostname);
                    708:                } else {
                    709:                        *hostfile_hostname = put_host_port(hostname, port);
                    710:                }
                    711:        }
                    712: }
                    713:
1.39      deraadt   714: /*
1.108     markus    715:  * check whether the supplied host key is valid, return -1 if the key
1.234     djm       716:  * is not valid. user_hostfile[0] will not be updated if 'readonly' is true.
1.39      deraadt   717:  */
1.197     dtucker   718: #define RDRW   0
                    719: #define RDONLY 1
                    720: #define ROQUIET        2
1.109     itojun    721: static int
1.197     dtucker   722: check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
1.279     markus    723:     struct sshkey *host_key, int readonly,
1.234     djm       724:     char **user_hostfiles, u_int num_user_hostfiles,
                    725:     char **system_hostfiles, u_int num_system_hostfiles)
1.1       deraadt   726: {
1.234     djm       727:        HostStatus host_status;
                    728:        HostStatus ip_status;
1.279     markus    729:        struct sshkey *raw_key = NULL;
1.189     dtucker   730:        char *ip = NULL, *host = NULL;
1.204     grunk     731:        char hostline[1000], *hostp, *fp, *ra;
1.119     markus    732:        char msg[1024];
1.234     djm       733:        const char *type;
                    734:        const struct hostkey_entry *host_found, *ip_found;
1.229     djm       735:        int len, cancelled_forwarding = 0;
1.234     djm       736:        int local = sockaddr_is_local(hostaddr);
1.280     markus    737:        int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
1.257     djm       738:        int hostkey_trusted = 0; /* Known or explicitly accepted by user */
1.229     djm       739:        struct hostkeys *host_hostkeys, *ip_hostkeys;
1.234     djm       740:        u_int i;
1.49      markus    741:
                    742:        /*
                    743:         * Force accepting of the host key for loopback/localhost. The
                    744:         * problem is that if the home directory is NFS-mounted to multiple
                    745:         * machines, localhost will refer to a different machine in each of
                    746:         * them, and the user will get bogus HOST_CHANGED warnings.  This
                    747:         * essentially disables host authentication for localhost; however,
                    748:         * this is probably not a real problem.
                    749:         */
1.111     markus    750:        if (options.no_host_authentication_for_localhost == 1 && local &&
                    751:            options.host_key_alias == NULL) {
1.88      markus    752:                debug("Forcing accepting of host key for "
                    753:                    "loopback/localhost.");
1.108     markus    754:                return 0;
1.49      markus    755:        }
1.42      markus    756:
                    757:        /*
1.229     djm       758:         * Prepare the hostname and address strings used for hostkey lookup.
                    759:         * In some cases, these will have a port number appended.
1.42      markus    760:         */
1.229     djm       761:        get_hostfile_hostname_ipaddr(hostname, hostaddr, port, &host, &ip);
1.206     grunk     762:
                    763:        /*
1.88      markus    764:         * Turn off check_host_ip if the connection is to localhost, via proxy
                    765:         * command or if we don't have a hostname to compare with
                    766:         */
1.189     dtucker   767:        if (options.check_host_ip && (local ||
                    768:            strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
1.88      markus    769:                options.check_host_ip = 0;
1.86      markus    770:
1.229     djm       771:        host_hostkeys = init_hostkeys();
1.234     djm       772:        for (i = 0; i < num_user_hostfiles; i++)
                    773:                load_hostkeys(host_hostkeys, host, user_hostfiles[i]);
                    774:        for (i = 0; i < num_system_hostfiles; i++)
                    775:                load_hostkeys(host_hostkeys, host, system_hostfiles[i]);
1.229     djm       776:
                    777:        ip_hostkeys = NULL;
                    778:        if (!want_cert && options.check_host_ip) {
                    779:                ip_hostkeys = init_hostkeys();
1.234     djm       780:                for (i = 0; i < num_user_hostfiles; i++)
                    781:                        load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]);
                    782:                for (i = 0; i < num_system_hostfiles; i++)
                    783:                        load_hostkeys(ip_hostkeys, ip, system_hostfiles[i]);
1.84      markus    784:        }
1.38      markus    785:
1.219     djm       786:  retry:
1.229     djm       787:        /* Reload these as they may have changed on cert->key downgrade */
1.280     markus    788:        want_cert = sshkey_is_cert(host_key);
                    789:        type = sshkey_type(host_key);
1.219     djm       790:
1.46      markus    791:        /*
1.170     djm       792:         * Check if the host key is present in the user's list of known
1.40      markus    793:         * hosts or in the systemwide list.
                    794:         */
1.229     djm       795:        host_status = check_key_in_hostkeys(host_hostkeys, host_key,
                    796:            &host_found);
                    797:
1.40      markus    798:        /*
                    799:         * Also perform check for the ip address, skip the check if we are
1.219     djm       800:         * localhost, looking for a certificate, or the hostname was an ip
                    801:         * address to begin with.
1.40      markus    802:         */
1.229     djm       803:        if (!want_cert && ip_hostkeys != NULL) {
                    804:                ip_status = check_key_in_hostkeys(ip_hostkeys, host_key,
                    805:                    &ip_found);
1.38      markus    806:                if (host_status == HOST_CHANGED &&
1.229     djm       807:                    (ip_status != HOST_CHANGED ||
                    808:                    (ip_found != NULL &&
1.280     markus    809:                    !sshkey_equal(ip_found->key, host_found->key))))
1.38      markus    810:                        host_ip_differ = 1;
                    811:        } else
                    812:                ip_status = host_status;
                    813:
                    814:        switch (host_status) {
                    815:        case HOST_OK:
                    816:                /* The host is known and the key matches. */
1.219     djm       817:                debug("Host '%.200s' is known and matches the %s host %s.",
                    818:                    host, type, want_cert ? "certificate" : "key");
1.229     djm       819:                debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",
                    820:                    host_found->file, host_found->line);
1.281     djm       821:                if (want_cert &&
                    822:                    !check_host_cert(options.host_key_alias == NULL ?
                    823:                    hostname : options.host_key_alias, host_key))
1.219     djm       824:                        goto fail;
1.88      markus    825:                if (options.check_host_ip && ip_status == HOST_NEW) {
1.219     djm       826:                        if (readonly || want_cert)
1.138     itojun    827:                                logit("%s host key for IP address "
1.108     markus    828:                                    "'%.128s' not in list of known hosts.",
                    829:                                    type, ip);
1.234     djm       830:                        else if (!add_host_to_hostfile(user_hostfiles[0], ip,
1.160     djm       831:                            host_key, options.hash_known_hosts))
1.138     itojun    832:                                logit("Failed to add the %s host key for IP "
1.108     markus    833:                                    "address '%.128s' to the list of known "
1.262     dtucker   834:                                    "hosts (%.500s).", type, ip,
1.234     djm       835:                                    user_hostfiles[0]);
1.88      markus    836:                        else
1.138     itojun    837:                                logit("Warning: Permanently added the %s host "
1.108     markus    838:                                    "key for IP address '%.128s' to the list "
                    839:                                    "of known hosts.", type, ip);
1.209     grunk     840:                } else if (options.visual_host_key) {
1.259     djm       841:                        fp = sshkey_fingerprint(host_key,
1.254     djm       842:                            options.fingerprint_hash, SSH_FP_DEFAULT);
1.259     djm       843:                        ra = sshkey_fingerprint(host_key,
1.254     djm       844:                            options.fingerprint_hash, SSH_FP_RANDOMART);
1.259     djm       845:                        if (fp == NULL || ra == NULL)
                    846:                                fatal("%s: sshkey_fingerprint fail", __func__);
1.264     djm       847:                        logit("Host key fingerprint is %s\n%s", fp, ra);
1.238     djm       848:                        free(ra);
                    849:                        free(fp);
1.38      markus    850:                }
1.257     djm       851:                hostkey_trusted = 1;
1.38      markus    852:                break;
                    853:        case HOST_NEW:
1.197     dtucker   854:                if (options.host_key_alias == NULL && port != 0 &&
                    855:                    port != SSH_DEFAULT_PORT) {
                    856:                        debug("checking without port identifier");
1.212     stevesk   857:                        if (check_host_key(hostname, hostaddr, 0, host_key,
1.234     djm       858:                            ROQUIET, user_hostfiles, num_user_hostfiles,
                    859:                            system_hostfiles, num_system_hostfiles) == 0) {
1.197     dtucker   860:                                debug("found matching key w/out port");
                    861:                                break;
                    862:                        }
                    863:                }
1.219     djm       864:                if (readonly || want_cert)
1.108     markus    865:                        goto fail;
1.38      markus    866:                /* The host is new. */
1.285     djm       867:                if (options.strict_host_key_checking ==
                    868:                    SSH_STRICT_HOSTKEY_YES) {
1.108     markus    869:                        /*
                    870:                         * User has requested strict host key checking.  We
                    871:                         * will not add the host key automatically.  The only
                    872:                         * alternative left is to abort.
                    873:                         */
                    874:                        error("No %s host key is known for %.200s and you "
                    875:                            "have requested strict checking.", type, host);
                    876:                        goto fail;
1.285     djm       877:                } else if (options.strict_host_key_checking ==
                    878:                    SSH_STRICT_HOSTKEY_ASK) {
1.145     jakob     879:                        char msg1[1024], msg2[1024];
                    880:
1.229     djm       881:                        if (show_other_keys(host_hostkeys, host_key))
1.145     jakob     882:                                snprintf(msg1, sizeof(msg1),
1.168     djm       883:                                    "\nbut keys of different type are already"
                    884:                                    " known for this host.");
1.145     jakob     885:                        else
                    886:                                snprintf(msg1, sizeof(msg1), ".");
1.38      markus    887:                        /* The default */
1.259     djm       888:                        fp = sshkey_fingerprint(host_key,
1.254     djm       889:                            options.fingerprint_hash, SSH_FP_DEFAULT);
1.259     djm       890:                        ra = sshkey_fingerprint(host_key,
1.254     djm       891:                            options.fingerprint_hash, SSH_FP_RANDOMART);
1.259     djm       892:                        if (fp == NULL || ra == NULL)
                    893:                                fatal("%s: sshkey_fingerprint fail", __func__);
1.145     jakob     894:                        msg2[0] = '\0';
                    895:                        if (options.verify_host_key_dns) {
1.153     jakob     896:                                if (matching_host_key_dns)
1.145     jakob     897:                                        snprintf(msg2, sizeof(msg2),
                    898:                                            "Matching host key fingerprint"
                    899:                                            " found in DNS.\n");
                    900:                                else
                    901:                                        snprintf(msg2, sizeof(msg2),
                    902:                                            "No matching host key fingerprint"
                    903:                                            " found in DNS.\n");
                    904:                        }
1.119     markus    905:                        snprintf(msg, sizeof(msg),
1.108     markus    906:                            "The authenticity of host '%.200s (%s)' can't be "
1.132     markus    907:                            "established%s\n"
1.209     grunk     908:                            "%s key fingerprint is %s.%s%s\n%s"
1.108     markus    909:                            "Are you sure you want to continue connecting "
1.132     markus    910:                            "(yes/no)? ",
1.209     grunk     911:                            host, ip, msg1, type, fp,
                    912:                            options.visual_host_key ? "\n" : "",
                    913:                            options.visual_host_key ? ra : "",
                    914:                            msg2);
1.238     djm       915:                        free(ra);
                    916:                        free(fp);
1.119     markus    917:                        if (!confirm(msg))
1.108     markus    918:                                goto fail;
1.257     djm       919:                        hostkey_trusted = 1; /* user explicitly confirmed */
1.38      markus    920:                }
1.161     djm       921:                /*
1.285     djm       922:                 * If in "new" or "off" strict mode, add the key automatically
                    923:                 * to the local known_hosts file.
1.161     djm       924:                 */
1.88      markus    925:                if (options.check_host_ip && ip_status == HOST_NEW) {
1.229     djm       926:                        snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
1.38      markus    927:                        hostp = hostline;
1.161     djm       928:                        if (options.hash_known_hosts) {
                    929:                                /* Add hash of host and IP separately */
1.234     djm       930:                                r = add_host_to_hostfile(user_hostfiles[0],
                    931:                                    host, host_key, options.hash_known_hosts) &&
                    932:                                    add_host_to_hostfile(user_hostfiles[0], ip,
1.161     djm       933:                                    host_key, options.hash_known_hosts);
                    934:                        } else {
                    935:                                /* Add unhashed "host,ip" */
1.234     djm       936:                                r = add_host_to_hostfile(user_hostfiles[0],
1.161     djm       937:                                    hostline, host_key,
                    938:                                    options.hash_known_hosts);
                    939:                        }
                    940:                } else {
1.234     djm       941:                        r = add_host_to_hostfile(user_hostfiles[0], host,
                    942:                            host_key, options.hash_known_hosts);
1.38      markus    943:                        hostp = host;
1.161     djm       944:                }
1.38      markus    945:
1.161     djm       946:                if (!r)
1.138     itojun    947:                        logit("Failed to add the host to the list of known "
1.234     djm       948:                            "hosts (%.500s).", user_hostfiles[0]);
1.38      markus    949:                else
1.138     itojun    950:                        logit("Warning: Permanently added '%.200s' (%s) to the "
1.108     markus    951:                            "list of known hosts.", hostp, type);
1.38      markus    952:                break;
1.220     djm       953:        case HOST_REVOKED:
                    954:                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                    955:                error("@       WARNING: REVOKED HOST KEY DETECTED!               @");
                    956:                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                    957:                error("The %s host key for %s is marked as revoked.", type, host);
                    958:                error("This could mean that a stolen key is being used to");
                    959:                error("impersonate this host.");
                    960:
                    961:                /*
                    962:                 * If strict host key checking is in use, the user will have
                    963:                 * to edit the key manually and we can only abort.
                    964:                 */
1.285     djm       965:                if (options.strict_host_key_checking !=
                    966:                    SSH_STRICT_HOSTKEY_OFF) {
1.220     djm       967:                        error("%s host key for %.200s was revoked and you have "
                    968:                            "requested strict checking.", type, host);
                    969:                        goto fail;
                    970:                }
                    971:                goto continue_unsafe;
                    972:
1.38      markus    973:        case HOST_CHANGED:
1.219     djm       974:                if (want_cert) {
                    975:                        /*
                    976:                         * This is only a debug() since it is valid to have
                    977:                         * CAs with wildcard DNS matches that don't match
                    978:                         * all hosts that one might visit.
                    979:                         */
                    980:                        debug("Host certificate authority does not "
1.229     djm       981:                            "match %s in %s:%lu", CA_MARKER,
                    982:                            host_found->file, host_found->line);
1.219     djm       983:                        goto fail;
                    984:                }
1.197     dtucker   985:                if (readonly == ROQUIET)
                    986:                        goto fail;
1.38      markus    987:                if (options.check_host_ip && host_ip_differ) {
1.158     avsm      988:                        char *key_msg;
1.38      markus    989:                        if (ip_status == HOST_NEW)
1.158     avsm      990:                                key_msg = "is unknown";
1.38      markus    991:                        else if (ip_status == HOST_OK)
1.158     avsm      992:                                key_msg = "is unchanged";
1.38      markus    993:                        else
1.158     avsm      994:                                key_msg = "has a different value";
1.38      markus    995:                        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                    996:                        error("@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @");
                    997:                        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1.72      markus    998:                        error("The %s host key for %s has changed,", type, host);
1.208     ian       999:                        error("and the key for the corresponding IP address %s", ip);
1.158     avsm     1000:                        error("%s. This could either mean that", key_msg);
1.38      markus   1001:                        error("DNS SPOOFING is happening or the IP address for the host");
1.85      markus   1002:                        error("and its host key have changed at the same time.");
1.88      markus   1003:                        if (ip_status != HOST_NEW)
1.229     djm      1004:                                error("Offending key for IP in %s:%lu",
                   1005:                                    ip_found->file, ip_found->line);
1.38      markus   1006:                }
                   1007:                /* The host key has changed. */
1.150     jakob    1008:                warn_changed_key(host_key);
1.38      markus   1009:                error("Add correct host key in %.100s to get rid of this message.",
1.234     djm      1010:                    user_hostfiles[0]);
1.280     markus   1011:                error("Offending %s key in %s:%lu",
                   1012:                    sshkey_type(host_found->key),
1.229     djm      1013:                    host_found->file, host_found->line);
1.38      markus   1014:
1.40      markus   1015:                /*
                   1016:                 * If strict host key checking is in use, the user will have
                   1017:                 * to edit the key manually and we can only abort.
                   1018:                 */
1.285     djm      1019:                if (options.strict_host_key_checking !=
                   1020:                    SSH_STRICT_HOSTKEY_OFF) {
1.108     markus   1021:                        error("%s host key for %.200s has changed and you have "
                   1022:                            "requested strict checking.", type, host);
                   1023:                        goto fail;
                   1024:                }
1.38      markus   1025:
1.220     djm      1026:  continue_unsafe:
1.40      markus   1027:                /*
                   1028:                 * If strict host key checking has not been requested, allow
1.144     djm      1029:                 * the connection but without MITM-able authentication or
1.194     stevesk  1030:                 * forwarding.
1.40      markus   1031:                 */
1.38      markus   1032:                if (options.password_authentication) {
1.108     markus   1033:                        error("Password authentication is disabled to avoid "
                   1034:                            "man-in-the-middle attacks.");
1.38      markus   1035:                        options.password_authentication = 0;
1.210     dtucker  1036:                        cancelled_forwarding = 1;
1.144     djm      1037:                }
                   1038:                if (options.kbd_interactive_authentication) {
                   1039:                        error("Keyboard-interactive authentication is disabled"
                   1040:                            " to avoid man-in-the-middle attacks.");
                   1041:                        options.kbd_interactive_authentication = 0;
                   1042:                        options.challenge_response_authentication = 0;
1.210     dtucker  1043:                        cancelled_forwarding = 1;
1.144     djm      1044:                }
                   1045:                if (options.challenge_response_authentication) {
                   1046:                        error("Challenge/response authentication is disabled"
                   1047:                            " to avoid man-in-the-middle attacks.");
                   1048:                        options.challenge_response_authentication = 0;
1.210     dtucker  1049:                        cancelled_forwarding = 1;
1.38      markus   1050:                }
                   1051:                if (options.forward_agent) {
1.108     markus   1052:                        error("Agent forwarding is disabled to avoid "
                   1053:                            "man-in-the-middle attacks.");
1.38      markus   1054:                        options.forward_agent = 0;
1.210     dtucker  1055:                        cancelled_forwarding = 1;
1.83      markus   1056:                }
                   1057:                if (options.forward_x11) {
1.108     markus   1058:                        error("X11 forwarding is disabled to avoid "
                   1059:                            "man-in-the-middle attacks.");
1.83      markus   1060:                        options.forward_x11 = 0;
1.210     dtucker  1061:                        cancelled_forwarding = 1;
1.83      markus   1062:                }
1.108     markus   1063:                if (options.num_local_forwards > 0 ||
                   1064:                    options.num_remote_forwards > 0) {
                   1065:                        error("Port forwarding is disabled to avoid "
                   1066:                            "man-in-the-middle attacks.");
                   1067:                        options.num_local_forwards =
1.118     deraadt  1068:                            options.num_remote_forwards = 0;
1.210     dtucker  1069:                        cancelled_forwarding = 1;
1.194     stevesk  1070:                }
                   1071:                if (options.tun_open != SSH_TUNMODE_NO) {
                   1072:                        error("Tunnel forwarding is disabled to avoid "
                   1073:                            "man-in-the-middle attacks.");
                   1074:                        options.tun_open = SSH_TUNMODE_NO;
1.210     dtucker  1075:                        cancelled_forwarding = 1;
1.38      markus   1076:                }
1.210     dtucker  1077:                if (options.exit_on_forward_failure && cancelled_forwarding)
                   1078:                        fatal("Error: forwarding disabled due to host key "
                   1079:                            "check failure");
                   1080:
1.40      markus   1081:                /*
                   1082:                 * XXX Should permit the user to change to use the new id.
                   1083:                 * This could be done by converting the host key to an
                   1084:                 * identifying sentence, tell that the host identifies itself
1.218     dtucker  1085:                 * by that sentence, and ask the user if he/she wishes to
1.40      markus   1086:                 * accept the authentication.
                   1087:                 */
1.38      markus   1088:                break;
1.132     markus   1089:        case HOST_FOUND:
                   1090:                fatal("internal error");
                   1091:                break;
1.88      markus   1092:        }
                   1093:
                   1094:        if (options.check_host_ip && host_status != HOST_CHANGED &&
                   1095:            ip_status == HOST_CHANGED) {
1.119     markus   1096:                snprintf(msg, sizeof(msg),
                   1097:                    "Warning: the %s host key for '%.200s' "
                   1098:                    "differs from the key for the IP address '%.128s'"
1.229     djm      1099:                    "\nOffending key for IP in %s:%lu",
                   1100:                    type, host, ip, ip_found->file, ip_found->line);
1.119     markus   1101:                if (host_status == HOST_OK) {
                   1102:                        len = strlen(msg);
                   1103:                        snprintf(msg + len, sizeof(msg) - len,
1.229     djm      1104:                            "\nMatching host key in %s:%lu",
                   1105:                            host_found->file, host_found->line);
1.119     markus   1106:                }
1.285     djm      1107:                if (options.strict_host_key_checking ==
                   1108:                    SSH_STRICT_HOSTKEY_ASK) {
1.119     markus   1109:                        strlcat(msg, "\nAre you sure you want "
                   1110:                            "to continue connecting (yes/no)? ", sizeof(msg));
                   1111:                        if (!confirm(msg))
1.108     markus   1112:                                goto fail;
1.285     djm      1113:                } else if (options.strict_host_key_checking !=
                   1114:                    SSH_STRICT_HOSTKEY_OFF) {
                   1115:                        logit("%s", msg);
                   1116:                        error("Exiting, you have requested strict checking.");
                   1117:                        goto fail;
1.119     markus   1118:                } else {
1.143     djm      1119:                        logit("%s", msg);
1.88      markus   1120:                }
1.257     djm      1121:        }
                   1122:
                   1123:        if (!hostkey_trusted && options.update_hostkeys) {
                   1124:                debug("%s: hostkey not known or explicitly trusted: "
                   1125:                    "disabling UpdateHostkeys", __func__);
                   1126:                options.update_hostkeys = 0;
1.38      markus   1127:        }
1.82      provos   1128:
1.238     djm      1129:        free(ip);
                   1130:        free(host);
1.229     djm      1131:        if (host_hostkeys != NULL)
                   1132:                free_hostkeys(host_hostkeys);
                   1133:        if (ip_hostkeys != NULL)
                   1134:                free_hostkeys(ip_hostkeys);
1.108     markus   1135:        return 0;
                   1136:
                   1137: fail:
1.220     djm      1138:        if (want_cert && host_status != HOST_REVOKED) {
1.219     djm      1139:                /*
                   1140:                 * No matching certificate. Downgrade cert to raw key and
                   1141:                 * search normally.
                   1142:                 */
                   1143:                debug("No matching CA found. Retry with plain key");
1.280     markus   1144:                if ((r = sshkey_from_private(host_key, &raw_key)) != 0)
                   1145:                        fatal("%s: sshkey_from_private: %s",
                   1146:                            __func__, ssh_err(r));
                   1147:                if ((r = sshkey_drop_cert(raw_key)) != 0)
                   1148:                        fatal("Couldn't drop certificate: %s", ssh_err(r));
1.219     djm      1149:                host_key = raw_key;
                   1150:                goto retry;
                   1151:        }
1.293     dtucker  1152:        sshkey_free(raw_key);
1.238     djm      1153:        free(ip);
                   1154:        free(host);
1.229     djm      1155:        if (host_hostkeys != NULL)
                   1156:                free_hostkeys(host_hostkeys);
                   1157:        if (ip_hostkeys != NULL)
                   1158:                free_hostkeys(ip_hostkeys);
1.108     markus   1159:        return -1;
                   1160: }
                   1161:
1.140     jakob    1162: /* returns 0 if key verifies or -1 if key does NOT verify */
1.108     markus   1163: int
1.279     markus   1164: verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
1.108     markus   1165: {
1.267     djm      1166:        u_int i;
1.250     djm      1167:        int r = -1, flags = 0;
1.267     djm      1168:        char valid[64], *fp = NULL, *cafp = NULL;
1.252     djm      1169:        struct sshkey *plain = NULL;
1.229     djm      1170:
1.252     djm      1171:        if ((fp = sshkey_fingerprint(host_key,
1.254     djm      1172:            options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
1.252     djm      1173:                error("%s: fingerprint host key: %s", __func__, ssh_err(r));
                   1174:                r = -1;
                   1175:                goto out;
                   1176:        }
                   1177:
1.267     djm      1178:        if (sshkey_is_cert(host_key)) {
                   1179:                if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
                   1180:                    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
                   1181:                        error("%s: fingerprint CA key: %s",
                   1182:                            __func__, ssh_err(r));
                   1183:                        r = -1;
                   1184:                        goto out;
                   1185:                }
                   1186:                sshkey_format_cert_validity(host_key->cert,
                   1187:                    valid, sizeof(valid));
                   1188:                debug("Server host certificate: %s %s, serial %llu "
                   1189:                    "ID \"%s\" CA %s %s valid %s",
                   1190:                    sshkey_ssh_name(host_key), fp,
1.269     djm      1191:                    (unsigned long long)host_key->cert->serial,
                   1192:                    host_key->cert->key_id,
1.267     djm      1193:                    sshkey_ssh_name(host_key->cert->signature_key), cafp,
                   1194:                    valid);
                   1195:                for (i = 0; i < host_key->cert->nprincipals; i++) {
                   1196:                        debug2("Server host certificate hostname: %s",
                   1197:                            host_key->cert->principals[i]);
                   1198:                }
                   1199:        } else {
1.276     djm      1200:                debug("Server host key: %s %s", sshkey_ssh_name(host_key), fp);
1.267     djm      1201:        }
1.252     djm      1202:
                   1203:        if (sshkey_equal(previous_host_key, host_key)) {
                   1204:                debug2("%s: server host key %s %s matches cached key",
                   1205:                    __func__, sshkey_type(host_key), fp);
                   1206:                r = 0;
                   1207:                goto out;
                   1208:        }
                   1209:
                   1210:        /* Check in RevokedHostKeys file if specified */
                   1211:        if (options.revoked_host_keys != NULL) {
                   1212:                r = sshkey_check_revoked(host_key, options.revoked_host_keys);
                   1213:                switch (r) {
                   1214:                case 0:
                   1215:                        break; /* not revoked */
                   1216:                case SSH_ERR_KEY_REVOKED:
                   1217:                        error("Host key %s %s revoked by file %s",
                   1218:                            sshkey_type(host_key), fp,
                   1219:                            options.revoked_host_keys);
                   1220:                        r = -1;
                   1221:                        goto out;
                   1222:                default:
                   1223:                        error("Error checking host key %s %s in "
                   1224:                            "revoked keys file %s: %s", sshkey_type(host_key),
                   1225:                            fp, options.revoked_host_keys, ssh_err(r));
                   1226:                        r = -1;
                   1227:                        goto out;
                   1228:                }
1.250     djm      1229:        }
                   1230:
1.247     djm      1231:        if (options.verify_host_key_dns) {
                   1232:                /*
                   1233:                 * XXX certs are not yet supported for DNS, so downgrade
                   1234:                 * them and try the plain key.
                   1235:                 */
1.252     djm      1236:                if ((r = sshkey_from_private(host_key, &plain)) != 0)
                   1237:                        goto out;
                   1238:                if (sshkey_is_cert(plain))
                   1239:                        sshkey_drop_cert(plain);
1.247     djm      1240:                if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
                   1241:                        if (flags & DNS_VERIFY_FOUND) {
                   1242:                                if (options.verify_host_key_dns == 1 &&
                   1243:                                    flags & DNS_VERIFY_MATCH &&
                   1244:                                    flags & DNS_VERIFY_SECURE) {
1.250     djm      1245:                                        r = 0;
1.252     djm      1246:                                        goto out;
1.247     djm      1247:                                }
                   1248:                                if (flags & DNS_VERIFY_MATCH) {
                   1249:                                        matching_host_key_dns = 1;
                   1250:                                } else {
1.287     djm      1251:                                        warn_changed_key(plain);
                   1252:                                        error("Update the SSHFP RR in DNS "
                   1253:                                            "with the new host key to get rid "
                   1254:                                            "of this message.");
1.247     djm      1255:                                }
1.153     jakob    1256:                        }
1.140     jakob    1257:                }
                   1258:        }
1.250     djm      1259:        r = check_host_key(host, hostaddr, options.port, host_key, RDRW,
1.234     djm      1260:            options.user_hostfiles, options.num_user_hostfiles,
                   1261:            options.system_hostfiles, options.num_system_hostfiles);
1.250     djm      1262:
1.252     djm      1263: out:
                   1264:        sshkey_free(plain);
                   1265:        free(fp);
1.267     djm      1266:        free(cafp);
1.250     djm      1267:        if (r == 0 && host_key != NULL) {
1.280     markus   1268:                sshkey_free(previous_host_key);
                   1269:                r = sshkey_from_private(host_key, &previous_host_key);
1.250     djm      1270:        }
                   1271:
                   1272:        return r;
1.51      markus   1273: }
1.70      markus   1274:
1.51      markus   1275: /*
                   1276:  * Starts a dialog with the server, and authenticates the current user on the
                   1277:  * server.  This does not need any extra privileges.  The basic connection
                   1278:  * to the server must already have been established before this is called.
                   1279:  * If login fails, this function prints an error and never returns.
                   1280:  * This function does not require super-user privileges.
                   1281:  */
                   1282: void
1.120     markus   1283: ssh_login(Sensitive *sensitive, const char *orighost,
1.229     djm      1284:     struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms)
1.51      markus   1285: {
1.241     djm      1286:        char *host;
1.70      markus   1287:        char *server_user, *local_user;
                   1288:
                   1289:        local_user = xstrdup(pw->pw_name);
                   1290:        server_user = options.user ? options.user : local_user;
1.51      markus   1291:
                   1292:        /* Convert the user-supplied hostname into all lowercase. */
                   1293:        host = xstrdup(orighost);
1.241     djm      1294:        lowercase(host);
1.51      markus   1295:
                   1296:        /* Exchange protocol version identification strings with the server. */
1.202     djm      1297:        ssh_exchange_identification(timeout_ms);
1.51      markus   1298:
                   1299:        /* Put the connection into non-blocking mode. */
                   1300:        packet_set_nonblocking();
                   1301:
                   1302:        /* key exchange */
                   1303:        /* authenticate user */
1.261     dtucker  1304:        debug("Authenticating to %s:%d as '%s'", host, port, server_user);
1.276     djm      1305:        ssh_kex2(host, hostaddr, port);
                   1306:        ssh_userauth2(local_user, server_user, host, sensitive);
1.238     djm      1307:        free(local_user);
1.97      markus   1308: }
                   1309:
                   1310: void
                   1311: ssh_put_password(char *password)
                   1312: {
                   1313:        int size;
                   1314:        char *padded;
                   1315:
1.99      deraadt  1316:        if (datafellows & SSH_BUG_PASSWORDPAD) {
1.107     markus   1317:                packet_put_cstring(password);
1.99      deraadt  1318:                return;
                   1319:        }
1.272     deraadt  1320:        size = ROUNDUP(strlen(password) + 1, 32);
1.179     djm      1321:        padded = xcalloc(1, size);
1.97      markus   1322:        strlcpy(padded, password, size);
                   1323:        packet_put_string(padded, size);
1.245     djm      1324:        explicit_bzero(padded, size);
1.238     djm      1325:        free(padded);
1.132     markus   1326: }
                   1327:
                   1328: /* print all known host keys for a given host, but skip keys of given type */
                   1329: static int
1.279     markus   1330: show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
1.132     markus   1331: {
1.242     djm      1332:        int type[] = {
                   1333:                KEY_RSA,
                   1334:                KEY_DSA,
                   1335:                KEY_ECDSA,
                   1336:                KEY_ED25519,
                   1337:                -1
                   1338:        };
1.229     djm      1339:        int i, ret = 0;
                   1340:        char *fp, *ra;
                   1341:        const struct hostkey_entry *found;
1.132     markus   1342:
                   1343:        for (i = 0; type[i] != -1; i++) {
                   1344:                if (type[i] == key->type)
                   1345:                        continue;
1.229     djm      1346:                if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
1.132     markus   1347:                        continue;
1.259     djm      1348:                fp = sshkey_fingerprint(found->key,
1.254     djm      1349:                    options.fingerprint_hash, SSH_FP_DEFAULT);
1.259     djm      1350:                ra = sshkey_fingerprint(found->key,
1.254     djm      1351:                    options.fingerprint_hash, SSH_FP_RANDOMART);
1.259     djm      1352:                if (fp == NULL || ra == NULL)
                   1353:                        fatal("%s: sshkey_fingerprint fail", __func__);
1.229     djm      1354:                logit("WARNING: %s key found for host %s\n"
                   1355:                    "in %s:%lu\n"
                   1356:                    "%s key fingerprint %s.",
                   1357:                    key_type(found->key),
                   1358:                    found->host, found->file, found->line,
                   1359:                    key_type(found->key), fp);
                   1360:                if (options.visual_host_key)
                   1361:                        logit("%s", ra);
1.238     djm      1362:                free(ra);
                   1363:                free(fp);
1.229     djm      1364:                ret = 1;
1.132     markus   1365:        }
1.229     djm      1366:        return ret;
1.150     jakob    1367: }
                   1368:
                   1369: static void
1.279     markus   1370: warn_changed_key(struct sshkey *host_key)
1.150     jakob    1371: {
                   1372:        char *fp;
                   1373:
1.259     djm      1374:        fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
1.254     djm      1375:            SSH_FP_DEFAULT);
1.259     djm      1376:        if (fp == NULL)
                   1377:                fatal("%s: sshkey_fingerprint fail", __func__);
1.150     jakob    1378:
                   1379:        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                   1380:        error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
                   1381:        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
                   1382:        error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
                   1383:        error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
1.230     markus   1384:        error("It is also possible that a host key has just been changed.");
1.150     jakob    1385:        error("The fingerprint for the %s key sent by the remote host is\n%s.",
1.287     djm      1386:            key_type(host_key), fp);
1.150     jakob    1387:        error("Please contact your system administrator.");
                   1388:
1.238     djm      1389:        free(fp);
1.171     reyk     1390: }
                   1391:
                   1392: /*
                   1393:  * Execute a local command
                   1394:  */
                   1395: int
                   1396: ssh_local_cmd(const char *args)
                   1397: {
                   1398:        char *shell;
                   1399:        pid_t pid;
                   1400:        int status;
1.231     djm      1401:        void (*osighand)(int);
1.171     reyk     1402:
                   1403:        if (!options.permit_local_command ||
                   1404:            args == NULL || !*args)
                   1405:                return (1);
                   1406:
1.226     djm      1407:        if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
1.171     reyk     1408:                shell = _PATH_BSHELL;
                   1409:
1.231     djm      1410:        osighand = signal(SIGCHLD, SIG_DFL);
1.171     reyk     1411:        pid = fork();
                   1412:        if (pid == 0) {
1.232     djm      1413:                signal(SIGPIPE, SIG_DFL);
1.171     reyk     1414:                debug3("Executing %s -c \"%s\"", shell, args);
                   1415:                execl(shell, shell, "-c", args, (char *)NULL);
                   1416:                error("Couldn't execute %s -c \"%s\": %s",
                   1417:                    shell, args, strerror(errno));
                   1418:                _exit(1);
                   1419:        } else if (pid == -1)
                   1420:                fatal("fork failed: %.100s", strerror(errno));
                   1421:        while (waitpid(pid, &status, 0) == -1)
                   1422:                if (errno != EINTR)
                   1423:                        fatal("Couldn't wait for child: %s", strerror(errno));
1.231     djm      1424:        signal(SIGCHLD, osighand);
1.171     reyk     1425:
                   1426:        if (!WIFEXITED(status))
                   1427:                return (1);
                   1428:
                   1429:        return (WEXITSTATUS(status));
1.266     jcs      1430: }
                   1431:
                   1432: void
1.294   ! djm      1433: maybe_add_key_to_agent(char *authfile, const struct sshkey *private,
        !          1434:     char *comment, char *passphrase)
1.266     jcs      1435: {
                   1436:        int auth_sock = -1, r;
                   1437:
                   1438:        if (options.add_keys_to_agent == 0)
                   1439:                return;
                   1440:
                   1441:        if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
                   1442:                debug3("no authentication agent, not adding key");
                   1443:                return;
                   1444:        }
                   1445:
                   1446:        if (options.add_keys_to_agent == 2 &&
                   1447:            !ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
                   1448:                debug3("user denied adding this key");
1.273     dtucker  1449:                close(auth_sock);
1.266     jcs      1450:                return;
                   1451:        }
                   1452:
                   1453:        if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,
                   1454:            (options.add_keys_to_agent == 3))) == 0)
                   1455:                debug("identity added to agent: %s", authfile);
                   1456:        else
                   1457:                debug("could not add identity to agent: %s (%d)", authfile, r);
1.273     dtucker  1458:        close(auth_sock);
1.1       deraadt  1459: }