Bugzilla – Attachment 719 Details for
Bug 910
known_hosts port numbers
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to add PortAware to ssh client
ssh-portaware-3.9p1.patch (text/plain), 9.44 KB, created by
Devin Nate
on 2004-09-21 06:15:20 AEST
(
hide
)
Description:
Patch to add PortAware to ssh client
Filename:
MIME Type:
Creator:
Devin Nate
Created:
2004-09-21 06:15:20 AEST
Size:
9.44 KB
patch
obsolete
>--- sshconnect.c.orig Mon Jun 21 20:56:02 2004 >+++ sshconnect.c Sun Sep 19 19:13:20 2004 >@@ -559,12 +559,14 @@ > * is not valid. the user_hostfile will not be updated if 'readonly' is true. > */ > static int >-check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, >+check_host_key(char *host, char *port, struct sockaddr *hostaddr, Key *host_key, > int readonly, const char *user_hostfile, const char *system_hostfile) > { > Key *file_key; > const char *type = key_type(host_key); > char *ip = NULL; >+ char *hoststr = NULL; >+ char *ipstr = NULL; > char hostline[1000], *hostp, *fp; > HostStatus host_status; > HostStatus ip_status; >@@ -634,7 +636,19 @@ > */ > if (options.host_key_alias != NULL) { > host = options.host_key_alias; >- debug("using hostkeyalias: %s", host); >+ hoststr = xstrdup(host); >+ ipstr = xstrdup(ip); >+ debug("using hostkeyalias: %s", hoststr); >+ } else { >+ /* >+ * Have no HostKeyAlias; make ssh client PortAware >+ */ >+ len = strlen(host) + strlen(port) + 2; >+ hoststr = xmalloc(len); >+ snprintf(hoststr, len, "%s@%s", host, port); >+ len = strlen(ip) + strlen(port) + 2; >+ ipstr = xmalloc(len); >+ snprintf(ipstr, len, "%s@%s", ip, port); > } > > /* >@@ -648,13 +662,14 @@ > * hosts or in the systemwide list. > */ > host_file = user_hostfile; >- host_status = check_host_in_hostfile(host_file, host, host_key, >+ host_status = check_host_in_hostfile(host_file, hoststr, host_key, > file_key, &host_line); > if (host_status == HOST_NEW) { > host_file = system_hostfile; >- host_status = check_host_in_hostfile(host_file, host, host_key, >+ host_status = check_host_in_hostfile(host_file, hoststr, host_key, > file_key, &host_line); > } >+ > /* > * Also perform check for the ip address, skip the check if we are > * localhost or the hostname was an ip address to begin with >@@ -663,11 +678,11 @@ > Key *ip_key = key_new(host_key->type); > > ip_file = user_hostfile; >- ip_status = check_host_in_hostfile(ip_file, ip, host_key, >+ ip_status = check_host_in_hostfile(ip_file, ipstr, host_key, > ip_key, &ip_line); > if (ip_status == HOST_NEW) { > ip_file = system_hostfile; >- ip_status = check_host_in_hostfile(ip_file, ip, >+ ip_status = check_host_in_hostfile(ip_file, ipstr, > host_key, ip_key, &ip_line); > } > if (host_status == HOST_CHANGED && >@@ -684,22 +699,22 @@ > case HOST_OK: > /* The host is known and the key matches. */ > debug("Host '%.200s' is known and matches the %s host key.", >- host, type); >+ hoststr, type); > debug("Found key in %s:%d", host_file, host_line); > if (options.check_host_ip && ip_status == HOST_NEW) { > if (readonly) > logit("%s host key for IP address " > "'%.128s' not in list of known hosts.", >- type, ip); >- else if (!add_host_to_hostfile(user_hostfile, ip, >+ type, ipstr); >+ else if (!add_host_to_hostfile(user_hostfile, ipstr, > host_key)) > logit("Failed to add the %s host key for IP " > "address '%.128s' to the list of known " >- "hosts (%.30s).", type, ip, user_hostfile); >+ "hosts (%.30s).", type, ipstr, user_hostfile); > else > logit("Warning: Permanently added the %s host " > "key for IP address '%.128s' to the list " >- "of known hosts.", type, ip); >+ "of known hosts.", type, ipstr); > } > break; > case HOST_NEW: >@@ -713,12 +728,12 @@ > * alternative left is to abort. > */ > error("No %s host key is known for %.200s and you " >- "have requested strict checking.", type, host); >+ "have requested strict checking.", type, hoststr); > goto fail; > } else if (options.strict_host_key_checking == 2) { > char msg1[1024], msg2[1024]; > >- if (show_other_keys(host, host_key)) >+ if (show_other_keys(hoststr, host_key)) > snprintf(msg1, sizeof(msg1), > "\nbut keys of different type are already" > " known for this host."); >@@ -743,16 +758,16 @@ > "%s key fingerprint is %s.\n%s" > "Are you sure you want to continue connecting " > "(yes/no)? ", >- host, ip, msg1, type, fp, msg2); >+ hoststr, ipstr, msg1, type, fp, msg2); > xfree(fp); > if (!confirm(msg)) > goto fail; > } > if (options.check_host_ip && ip_status == HOST_NEW) { >- snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); >+ snprintf(hostline, sizeof(hostline), "%s,%s", hoststr, ipstr); > hostp = hostline; > } else >- hostp = host; >+ hostp = hoststr; > > /* > * If not in strict mode, add the key automatically to the >@@ -777,8 +792,8 @@ > error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); > error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); > error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); >- error("The %s host key for %s has changed,", type, host); >- error("and the key for the according IP address %s", ip); >+ error("The %s host key for %s has changed,", type, hoststr); >+ error("and the key for the according IP address %s", ipstr); > error("%s. This could either mean that", key_msg); > error("DNS SPOOFING is happening or the IP address for the host"); > error("and its host key have changed at the same time."); >@@ -797,7 +812,7 @@ > */ > if (options.strict_host_key_checking) { > error("%s host key for %.200s has changed and you have " >- "requested strict checking.", type, host); >+ "requested strict checking.", type, hoststr); > goto fail; > } > >@@ -858,7 +873,7 @@ > "Warning: the %s host key for '%.200s' " > "differs from the key for the IP address '%.128s'" > "\nOffending key for IP in %s:%d", >- type, host, ip, ip_file, ip_line); >+ type, hoststr, ipstr, ip_file, ip_line); > if (host_status == HOST_OK) { > len = strlen(msg); > snprintf(msg + len, sizeof(msg) - len, >@@ -880,16 +895,20 @@ > } > > xfree(ip); >+ xfree(hoststr); >+ xfree(ipstr); > return 0; > > fail: > xfree(ip); >+ xfree(hoststr); >+ xfree(ipstr); > return -1; > } > > /* returns 0 if key verifies or -1 if key does NOT verify */ > int >-verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) >+verify_host_key(char *host, char *port, struct sockaddr *hostaddr, Key *host_key) > { > struct stat st; > int flags = 0; >@@ -917,11 +936,11 @@ > /* return ok if the key can be found in an old keyfile */ > if (stat(options.system_hostfile2, &st) == 0 || > stat(options.user_hostfile2, &st) == 0) { >- if (check_host_key(host, hostaddr, host_key, /*readonly*/ 1, >+ if (check_host_key(host, port, hostaddr, host_key, /*readonly*/ 1, > options.user_hostfile2, options.system_hostfile2) == 0) > return 0; > } >- return check_host_key(host, hostaddr, host_key, /*readonly*/ 0, >+ return check_host_key(host, port, hostaddr, host_key, /*readonly*/ 0, > options.user_hostfile, options.system_hostfile); > } > >@@ -938,10 +957,16 @@ > { > char *host, *cp; > char *server_user, *local_user; >+ u_short port; >+ char strport[NI_MAXSERV]; > > local_user = xstrdup(pw->pw_name); > server_user = options.user ? options.user : local_user; > >+ /* Set default port */ >+ port = options.port ? options.port : 22; >+ snprintf(strport, sizeof strport, "%hu", port); >+ > /* Convert the user-supplied hostname into all lowercase. */ > host = xstrdup(orighost); > for (cp = host; *cp; cp++) >@@ -957,10 +982,10 @@ > /* key exchange */ > /* authenticate user */ > if (compat20) { >- ssh_kex2(host, hostaddr); >+ ssh_kex2(host, strport, hostaddr); > ssh_userauth2(local_user, server_user, host, sensitive); > } else { >- ssh_kex(host, hostaddr); >+ ssh_kex(host, strport, hostaddr); > ssh_userauth1(local_user, server_user, host, sensitive); > } > } >--- sshconnect.h.orig Thu Jun 20 18:41:53 2002 >+++ sshconnect.h Sun Sep 19 19:12:46 2004 >@@ -40,10 +40,10 @@ > void > ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *); > >-int verify_host_key(char *, struct sockaddr *, Key *); >+int verify_host_key(char *, char *, struct sockaddr *, Key *); > >-void ssh_kex(char *, struct sockaddr *); >-void ssh_kex2(char *, struct sockaddr *); >+void ssh_kex(char *, char *, struct sockaddr *); >+void ssh_kex2(char *, char *, struct sockaddr *); > > void ssh_userauth1(const char *, const char *, char *, Sensitive *); > void ssh_userauth2(const char *, const char *, char *, Sensitive *); >--- sshconnect1.c.orig Thu Aug 12 06:40:25 2004 >+++ sshconnect1.c Sun Sep 19 19:12:46 2004 >@@ -465,7 +465,7 @@ > * SSH1 key exchange > */ > void >-ssh_kex(char *host, struct sockaddr *hostaddr) >+ssh_kex(char *host, char *port, struct sockaddr *hostaddr) > { > int i; > BIGNUM *key; >@@ -523,7 +523,7 @@ > debug("Received server public key (%d bits) and host key (%d bits).", > BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); > >- if (verify_host_key(host, hostaddr, host_key) == -1) >+ if (verify_host_key(host, port, hostaddr, host_key) == -1) > fatal("Host key verification failed."); > > client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; >--- sshconnect2.c.orig Mon Jun 14 18:30:09 2004 >+++ sshconnect2.c Sun Sep 19 19:12:46 2004 >@@ -68,23 +68,25 @@ > > char *xxx_host; > struct sockaddr *xxx_hostaddr; >+char *xxx_port; > > Kex *xxx_kex = NULL; > > static int > verify_host_key_callback(Key *hostkey) > { >- if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) >+ if (verify_host_key(xxx_host, xxx_port, xxx_hostaddr, hostkey) == -1) > fatal("Host key verification failed."); > return 0; > } > > void >-ssh_kex2(char *host, struct sockaddr *hostaddr) >+ssh_kex2(char *host, char *port, struct sockaddr *hostaddr) > { > Kex *kex; > > xxx_host = host; >+ xxx_port = port; > xxx_hostaddr = hostaddr; > > if (options.ciphers == (char *)-1) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=719">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 910
:
716
|
717
|
719
|
912
|
913
|
914
|
920
|
946
|
954
|
980
|
1051
|
1052
|
1073
|
1131
|
1132