Bugzilla – Attachment 1132 Details for
Bug 910
known_hosts port numbers
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch #1073 with fallback.
openssh-knownhost-port-fallback.patch (text/plain), 6.63 KB, created by
Darren Tucker
on 2006-05-06 14:50:17 AEST
(
hide
)
Description:
Patch #1073 with fallback.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2006-05-06 14:50:17 AEST
Size:
6.63 KB
patch
obsolete
>Index: misc.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/misc.c,v >retrieving revision 1.70 >diff -u -p -r1.70 misc.c >--- misc.c 31 Mar 2006 12:13:02 -0000 1.70 >+++ misc.c 6 May 2006 04:33:12 -0000 >@@ -38,6 +38,7 @@ > #include "misc.h" > #include "log.h" > #include "xmalloc.h" >+#include "ssh.h" > > /* remove newline at end of string */ > char * >@@ -330,6 +331,23 @@ convtime(const char *s) > } > > /* >+ * Returns a standardized host+port identifier string. >+ * Caller must free returned string. >+ */ >+char * >+put_host_port(const char *host, u_short port) >+{ >+ char *hoststr; >+ >+ if (port == 0 || port == SSH_DEFAULT_PORT) >+ return(xstrdup(host)); >+ if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) >+ fatal("put_host_port: asprintf: %s", strerror(errno)); >+ debug3("put_host_port: %s", hoststr); >+ return hoststr; >+} >+ >+/* > * Search for next delimiter between hostnames/addresses and ports. > * Argument may be modified (for termination). > * Returns *cp if parsing succeeds. >Index: misc.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/misc.h,v >retrieving revision 1.34 >diff -u -p -r1.34 misc.h >--- misc.h 31 Mar 2006 12:13:02 -0000 1.34 >+++ misc.h 29 Apr 2006 01:05:49 -0000 >@@ -23,6 +23,7 @@ int set_nonblock(int); > int unset_nonblock(int); > void set_nodelay(int); > int a2port(const char *); >+char *put_host_port(const char *, u_short); > int a2tun(const char *, int *); > char *hpdelim(char **); > char *cleanhostname(char *); >Index: sshconnect.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshconnect.c,v >retrieving revision 1.149 >diff -u -p -r1.149 sshconnect.c >--- sshconnect.c 23 Apr 2006 02:09:00 -0000 1.149 >+++ sshconnect.c 29 Apr 2006 01:05:29 -0000 >@@ -504,16 +504,19 @@ confirm(const char *prompt) > } > > /* >- * check whether the supplied host key is valid, return -1 if the key >- * is not valid. the user_hostfile will not be updated if 'readonly' is true. >+ * Check whether the supplied host key is valid, return -1 if the key >+ * is not valid. If readonly is non-zero, user_hostfile will not be >+ * updated and if it's 2 then a changed host key warning will not be >+ * generated. > */ > static int >-check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, >- int readonly, const char *user_hostfile, const char *system_hostfile) >+check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, >+ Key *host_key, int readonly, const char *user_hostfile, >+ const char *system_hostfile) > { > Key *file_key; > const char *type = key_type(host_key); >- char *ip = NULL; >+ char *ip = NULL, *host = NULL; > char hostline[1000], *hostp, *fp; > HostStatus host_status; > HostStatus ip_status; >@@ -564,7 +567,7 @@ check_host_key(char *host, struct sockad > if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), > NULL, 0, NI_NUMERICHOST) != 0) > fatal("check_host_key: getnameinfo failed"); >- ip = xstrdup(ntop); >+ ip = put_host_port(ntop, port); > } else { > ip = xstrdup("<no hostip for proxy command>"); > } >@@ -572,18 +575,21 @@ check_host_key(char *host, struct sockad > * Turn off check_host_ip if the connection is to localhost, via proxy > * command or if we don't have a hostname to compare with > */ >- if (options.check_host_ip && >- (local || strcmp(host, ip) == 0 || options.proxy_command != NULL)) >+ if (options.check_host_ip && (local || >+ strcmp(hostname, ip) == 0 || options.proxy_command != NULL)) > options.check_host_ip = 0; > > /* >- * Allow the user to record the key under a different name. This is >- * useful for ssh tunneling over forwarded connections or if you run >- * multiple sshd's on different ports on the same machine. >+ * Allow the user to record the key under a different name or >+ * differentiate a non-standard port. This is useful for ssh >+ * tunneling over forwarded connections or if you run multiple >+ * sshd's on different ports on the same machine. > */ > if (options.host_key_alias != NULL) { >- host = options.host_key_alias; >+ host = xstrdup(options.host_key_alias); > debug("using hostkeyalias: %s", host); >+ } else { >+ host = put_host_port(hostname, port); > } > > /* >@@ -652,6 +658,15 @@ check_host_key(char *host, struct sockad > } > break; > case HOST_NEW: >+ if (options.host_key_alias == NULL && port != 0 && >+ port != SSH_DEFAULT_PORT) { >+ debug("checking without port identifier"); >+ if (check_host_key(hostname, hostaddr, 0, host_key, 2, >+ user_hostfile, system_hostfile) == 0) { >+ debug("found matching key w/out port"); >+ break; >+ } >+ } > if (readonly) > goto fail; > /* The host is new. */ >@@ -731,6 +746,8 @@ check_host_key(char *host, struct sockad > "list of known hosts.", hostp, type); > break; > case HOST_CHANGED: >+ if (readonly == 2) >+ goto fail; > if (options.check_host_ip && host_ip_differ) { > char *key_msg; > if (ip_status == HOST_NEW) >@@ -845,10 +862,12 @@ check_host_key(char *host, struct sockad > } > > xfree(ip); >+ xfree(host); > return 0; > > fail: > xfree(ip); >+ xfree(host); > return -1; > } > >@@ -882,12 +901,13 @@ verify_host_key(char *host, struct socka > /* return ok if the key can be found in an old keyfile */ > if (stat(options.system_hostfile2, &st) == 0 || > stat(options.user_hostfile2, &st) == 0) { >- if (check_host_key(host, hostaddr, host_key, /*readonly*/ 1, >- options.user_hostfile2, options.system_hostfile2) == 0) >+ if (check_host_key(host, hostaddr, options.port, host_key, >+ /*readonly*/ 1, options.user_hostfile2, >+ options.system_hostfile2) == 0) > return 0; > } >- return check_host_key(host, hostaddr, host_key, /*readonly*/ 0, >- options.user_hostfile, options.system_hostfile); >+ return check_host_key(host, hostaddr, options.port, host_key, >+ /*readonly*/ 0, options.user_hostfile, options.system_hostfile); > } > > /* >Index: sshd.8 >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd.8,v >retrieving revision 1.190 >diff -u -p -r1.190 sshd.8 >--- sshd.8 15 Mar 2006 00:56:03 -0000 1.190 >+++ sshd.8 29 Apr 2006 01:05:30 -0000 >@@ -588,6 +588,13 @@ A pattern may also be preceded by > to indicate negation: if the host name matches a negated > pattern, it is not accepted (by that line) even if it matched another > pattern on the line. >+A hostname or address may optionally be enclosed within >+.Ql \&[ >+and >+.Ql \&] >+brackets then followed by >+.Ql \&: >+and and a non-standard port number. > .Pp > Alternately, hostnames may be stored in a hashed form which hides host names > and addresses should the file's contents be disclosed.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1132">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 910
:
716
|
717
|
719
|
912
|
913
|
914
|
920
|
946
|
954
|
980
|
1051
|
1052
|
1073
|
1131
| 1132