Attachment #1131 for bug #910




#include "misc.h"
#include "log.h"
#include "xmalloc.h"
#include "ssh.h"

/* remove newline at end of string */
char *

	}

	return total;
}

/*
 * Returns a standardized host+port identifier string.
 * Caller must free returned string.
 */
char *
put_host_port(const char *host, u_short port)
{
	char *hoststr;

	if (port == 0 || port == SSH_DEFAULT_PORT)
		return(xstrdup(host));
	if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
		fatal("put_host_port: asprintf: %s", strerror(errno));
	debug3("put_host_port: %s", hoststr);
	return hoststr;
}

/*

Lines 24-29 int unset_nonblock(int); Link Here

(-)misc.h (+1 lines)
24	void set_nodelay(int);	24	void set_nodelay(int);
25	int a2port(const char *);	25	int a2port(const char *);
26	int a2tun(const char , int );	26	int a2tun(const char , int );
		27	char put_host_port(const char , u_short);
27	char hpdelim(char *);	28	char hpdelim(char *);
28	char cleanhostname(char );	29	char cleanhostname(char );
29	char colon(char );	30	char colon(char );




 * is not valid. the user_hostfile will not be updated if 'readonly' is true.
 */
static int
check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
    int readonly, const char *user_hostfile, const char *system_hostfile)
{
	Key *file_key;
	const char *type = key_type(host_key);
	char *ip = NULL, *host = NULL;
	char hostline[1000], *hostp, *fp;
	HostStatus host_status;
	HostStatus ip_status;

		if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop),
		    NULL, 0, NI_NUMERICHOST) != 0)
			fatal("check_host_key: getnameinfo failed");
		ip = put_host_port(ntop, options.port);
	} else {
		ip = xstrdup("<no hostip for proxy command>");
	}

	 * Turn off check_host_ip if the connection is to localhost, via proxy
	 * command or if we don't have a hostname to compare with
	 */
	if (options.check_host_ip && (local ||
	    strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
		options.check_host_ip = 0;

	/*
	 * Allow the user to record the key under a different name or
	 * differentiate a non-standard port.  This is useful for ssh
	 * tunneling over forwarded connections or if you run multiple
	 * sshd's on different ports on the same machine.
	 */
	if (options.host_key_alias != NULL) {
		host = xstrdup(options.host_key_alias);
		debug("using hostkeyalias: %s", host);
	} else {
		host = put_host_port(hostname, options.port);
	}

	/*

	}

	xfree(ip);
	xfree(host);
	return 0;

fail:
	xfree(ip);
	xfree(host);
	return -1;
}


Lines 562-567 A pattern may also be preceded by Link Here

(-)sshd.8 (+7 lines)
562	to indicate negation: if the host name matches a negated	562	to indicate negation: if the host name matches a negated
563	pattern, it is not accepted (by that line) even if it matched another	563	pattern, it is not accepted (by that line) even if it matched another
564	pattern on the line.	564	pattern on the line.
		565	A hostname or address may optionally be enclosed within
		566	.Ql \&[
		567	and
		568	.Ql \&]
		569	brackets then followed by
		570	.Ql \&:
		571	and and a non-standard port number.
565	.Pp	572	.Pp
566	Alternately, hostnames may be stored in a hashed form which hides host names	573	Alternately, hostnames may be stored in a hashed form which hides host names
567	and addresses should the file's contents be disclosed.	574	and addresses should the file's contents be disclosed.

Return to bug 910

Lines 36-41 Link Here

(-)misc.c (+18 lines)
36	#include "misc.h"	36	#include "misc.h"
37	#include "log.h"	37	#include "log.h"
38	#include "xmalloc.h"	38	#include "xmalloc.h"
		39	#include "ssh.h"
39		40
40	/* remove newline at end of string */	41	/* remove newline at end of string */
41	char *	42	char *
Lines 319-324 convtime(const char *s) Link Here
319	}	320	}
320		321
321	return total;	322	return total;
		323	}
		324
		325	/*
		326	* Returns a standardized host+port identifier string.
		327	* Caller must free returned string.
		328	*/
		329	char *
		330	put_host_port(const char *host, u_short port)
		331	{
		332	char *hoststr;
		333
		334	if (port == 0 \|\| port == SSH_DEFAULT_PORT)
		335	return(xstrdup(host));
		336	if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
		337	fatal("put_host_port: asprintf: %s", strerror(errno));
		338	debug3("put_host_port: %s", hoststr);
		339	return hoststr;
322	}	340	}
323		341
324	/*	342	/*

Lines 502-513 confirm(const char *prompt) Link Here

(-)sshconnect.c (-9 / +14 lines)
502	* is not valid. the user_hostfile will not be updated if 'readonly' is true.	502	* is not valid. the user_hostfile will not be updated if 'readonly' is true.
503	*/	503	*/
504	static int	504	static int
505	check_host_key(char host, struct sockaddr hostaddr, Key *host_key,	505	check_host_key(char hostname, struct sockaddr hostaddr, Key *host_key,
506	int readonly, const char user_hostfile, const char system_hostfile)	506	int readonly, const char user_hostfile, const char system_hostfile)
507	{	507	{
508	Key *file_key;	508	Key *file_key;
509	const char *type = key_type(host_key);	509	const char *type = key_type(host_key);
510	char *ip = NULL;	510	char ip = NULL, host = NULL;
511	char hostline[1000], hostp, fp;	511	char hostline[1000], hostp, fp;
512	HostStatus host_status;	512	HostStatus host_status;
513	HostStatus ip_status;	513	HostStatus ip_status;
Lines 554-560 check_host_key(char *host, struct sockad Link Here
554	if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop),	554	if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop),
555	NULL, 0, NI_NUMERICHOST) != 0)	555	NULL, 0, NI_NUMERICHOST) != 0)
556	fatal("check_host_key: getnameinfo failed");	556	fatal("check_host_key: getnameinfo failed");
557	ip = xstrdup(ntop);	557	ip = put_host_port(ntop, options.port);
558	} else {	558	} else {
559	ip = xstrdup("<no hostip for proxy command>");	559	ip = xstrdup("<no hostip for proxy command>");
560	}	560	}
Lines 562-579 check_host_key(char *host, struct sockad Link Here
562	* Turn off check_host_ip if the connection is to localhost, via proxy	562	* Turn off check_host_ip if the connection is to localhost, via proxy
563	* command or if we don't have a hostname to compare with	563	* command or if we don't have a hostname to compare with
564	*/	564	*/
565	if (options.check_host_ip &&	565	if (options.check_host_ip && (local \|\|
566	(local \|\| strcmp(host, ip) == 0 \|\| options.proxy_command != NULL))	566	strcmp(hostname, ip) == 0 \|\| options.proxy_command != NULL))
567	options.check_host_ip = 0;	567	options.check_host_ip = 0;
568		568
569	/*	569	/*
570	* Allow the user to record the key under a different name. This is	570	* Allow the user to record the key under a different name or
571	* useful for ssh tunneling over forwarded connections or if you run	571	* differentiate a non-standard port. This is useful for ssh
572	* multiple sshd's on different ports on the same machine.	572	* tunneling over forwarded connections or if you run multiple
		573	* sshd's on different ports on the same machine.
573	*/	574	*/
574	if (options.host_key_alias != NULL) {	575	if (options.host_key_alias != NULL) {
575	host = options.host_key_alias;	576	host = xstrdup(options.host_key_alias);
576	debug("using hostkeyalias: %s", host);	577	debug("using hostkeyalias: %s", host);
		578	} else {
		579	host = put_host_port(hostname, options.port);
577	}	580	}
578		581
579	/*	582	/*
Lines 835-844 check_host_key(char *host, struct sockad Link Here
835	}	838	}
836		839
837	xfree(ip);	840	xfree(ip);
		841	xfree(host);
838	return 0;	842	return 0;
839		843
840	fail:	844	fail:
841	xfree(ip);	845	xfree(ip);
		846	xfree(host);
842	return -1;	847	return -1;
843	}	848	}
844		849