|
Lines 45-50
Link Here
|
| 45 |
#include "atomicio.h" |
45 |
#include "atomicio.h" |
| 46 |
#include "misc.h" |
46 |
#include "misc.h" |
| 47 |
#include "hostfile.h" |
47 |
#include "hostfile.h" |
|
|
48 |
#include "canohost.h" |
| 48 |
|
49 |
|
| 49 |
/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. |
50 |
/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. |
| 50 |
Default value is AF_UNSPEC means both IPv4 and IPv6. */ |
51 |
Default value is AF_UNSPEC means both IPv4 and IPv6. */ |
|
Lines 61-75
Link Here
|
| 61 |
|
62 |
|
| 62 |
int hash_hosts = 0; /* Hash hostname on output */ |
63 |
int hash_hosts = 0; /* Hash hostname on output */ |
| 63 |
|
64 |
|
|
|
65 |
int log_verbose = 0; /* list all hosts checked */ |
| 66 |
|
| 64 |
#define MAXMAXFD 256 |
67 |
#define MAXMAXFD 256 |
| 65 |
|
68 |
|
| 66 |
/* The number of seconds after which to give up on a TCP connection */ |
69 |
/* The number of seconds after which to give up on a TCP connection */ |
|
|
70 |
/* and the maximum time to wait for kex data from the remote server.*/ |
| 67 |
int timeout = 5; |
71 |
int timeout = 5; |
| 68 |
|
72 |
|
| 69 |
int maxfd; |
73 |
int maxfd; |
| 70 |
#define MAXCON (maxfd - 10) |
74 |
#define MAXCON (maxfd - 10) |
| 71 |
|
75 |
|
| 72 |
extern char *__progname; |
76 |
extern char *__progname; |
|
|
77 |
extern int connclosed; |
| 78 |
extern int conntimedout; |
| 73 |
fd_set *read_wait; |
79 |
fd_set *read_wait; |
| 74 |
size_t read_wait_nfdset; |
80 |
size_t read_wait_nfdset; |
| 75 |
int ncon; |
81 |
int ncon; |
|
Lines 243-249
Link Here
|
| 243 |
{ |
249 |
{ |
| 244 |
int j; |
250 |
int j; |
| 245 |
|
251 |
|
|
|
252 |
/* |
| 253 |
* New fd and socket. Clear the possibly cached IP-address of the |
| 254 |
* remote host (kex.c:canonical_host_ip) of the previous socket. Also |
| 255 |
* clear the packet_read_seqnr() "Connection closed ..." and "Connection |
| 256 |
* to ... timed out ..." flags (called by dispatch_run()). |
| 257 |
*/ |
| 258 |
clear_cached_addr(); |
| 259 |
connclosed = 0; |
| 260 |
conntimedout = 0; |
| 261 |
|
| 246 |
packet_set_connection(c->c_fd, c->c_fd); |
262 |
packet_set_connection(c->c_fd, c->c_fd); |
|
|
263 |
/* |
| 264 |
* Use our "timeout" value to set the maximum allowed wait time for data |
| 265 |
* to become available in the `packet.c:packet_read_seqnr()' function. |
| 266 |
*/ |
| 267 |
packet_set_timeout(timeout, 1); |
| 268 |
|
| 247 |
enable_compat20(); |
269 |
enable_compat20(); |
| 248 |
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA? |
270 |
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA? |
| 249 |
"ssh-dss" : (c->c_keytype == KT_RSA ? "ssh-rsa" : |
271 |
"ssh-dss" : (c->c_keytype == KT_RSA ? "ssh-rsa" : |
|
Lines 296-303
Link Here
|
| 296 |
memset(&hints, 0, sizeof(hints)); |
318 |
memset(&hints, 0, sizeof(hints)); |
| 297 |
hints.ai_family = IPv4or6; |
319 |
hints.ai_family = IPv4or6; |
| 298 |
hints.ai_socktype = SOCK_STREAM; |
320 |
hints.ai_socktype = SOCK_STREAM; |
| 299 |
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) |
321 |
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) { |
| 300 |
fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr)); |
322 |
error("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr)); |
|
|
323 |
s = -1; |
| 324 |
return s; |
| 325 |
} |
| 301 |
for (ai = aitop; ai; ai = ai->ai_next) { |
326 |
for (ai = aitop; ai; ai = ai->ai_next) { |
| 302 |
s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); |
327 |
s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); |
| 303 |
if (s < 0) { |
328 |
if (s < 0) { |
|
Lines 388-395
Link Here
|
| 388 |
{ |
413 |
{ |
| 389 |
con *c = &fdcon[s]; |
414 |
con *c = &fdcon[s]; |
| 390 |
int ret; |
415 |
int ret; |
|
|
416 |
char *name; |
| 391 |
|
417 |
|
| 392 |
ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype); |
418 |
/* |
|
|
419 |
* If "connclosed" isn't set, do the next host from c->c_namelist. Else, |
| 420 |
* restore the original string in c->c_namebase and redo the current |
| 421 |
* host. |
| 422 |
*/ |
| 423 |
name = c->c_namelist; /* do next in list ?? */ |
| 424 |
if (connclosed != 0) { /* nope so */ |
| 425 |
if (name && *name != '\0') /* restore separator, if any */ |
| 426 |
*(name - 1) = ','; /* and */ |
| 427 |
name = c->c_namebase; /* redo current */ |
| 428 |
} |
| 429 |
ret = conalloc(name, c->c_output_name, c->c_keytype); |
| 393 |
confree(s); |
430 |
confree(s); |
| 394 |
return (ret); |
431 |
return (ret); |
| 395 |
} |
432 |
} |
|
Lines 419-428
Link Here
|
| 419 |
if (n == 0) { |
456 |
if (n == 0) { |
| 420 |
switch (errno) { |
457 |
switch (errno) { |
| 421 |
case EPIPE: |
458 |
case EPIPE: |
| 422 |
error("%s: Connection closed by remote host", c->c_name); |
459 |
error("read (%s): Connection closed by remote host", c->c_name); |
| 423 |
break; |
460 |
break; |
| 424 |
case ECONNREFUSED: |
461 |
case ECONNREFUSED: |
| 425 |
break; |
462 |
if (! log_verbose) |
|
|
463 |
break; |
| 464 |
/* fall thru */ |
| 426 |
default: |
465 |
default: |
| 427 |
error("read (%s): %s", c->c_name, strerror(errno)); |
466 |
error("read (%s): %s", c->c_name, strerror(errno)); |
| 428 |
break; |
467 |
break; |
|
Lines 443-456
Link Here
|
| 443 |
datafellows = 0; |
482 |
datafellows = 0; |
| 444 |
if (c->c_keytype != KT_RSA1) { |
483 |
if (c->c_keytype != KT_RSA1) { |
| 445 |
if (!ssh2_capable(remote_major, remote_minor)) { |
484 |
if (!ssh2_capable(remote_major, remote_minor)) { |
|
|
485 |
if (log_verbose) |
| 486 |
logit("%s doesn't support ssh2", c->c_name); |
| 487 |
else |
| 446 |
debug("%s doesn't support ssh2", c->c_name); |
488 |
debug("%s doesn't support ssh2", c->c_name); |
| 447 |
confree(s); |
489 |
confree(s); |
| 448 |
return; |
490 |
return; |
| 449 |
} |
491 |
} |
| 450 |
} else if (remote_major != 1) { |
492 |
} else if (remote_major != 1) { |
|
|
493 |
if (log_verbose) |
| 494 |
logit("%s doesn't support ssh1", c->c_name); |
| 495 |
else |
| 451 |
debug("%s doesn't support ssh1", c->c_name); |
496 |
debug("%s doesn't support ssh1", c->c_name); |
| 452 |
confree(s); |
497 |
confree(s); |
| 453 |
return; |
498 |
return; |
| 454 |
} |
499 |
} |
| 455 |
fprintf(stderr, "# %s %s\n", c->c_name, chop(buf)); |
500 |
fprintf(stderr, "# %s %s\n", c->c_name, chop(buf)); |
| 456 |
n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", |
501 |
n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", |
|
Lines 466-478
Link Here
|
| 466 |
confree(s); |
511 |
confree(s); |
| 467 |
return; |
512 |
return; |
| 468 |
} |
513 |
} |
|
|
514 |
/* Read and print one of the ssh2 keys for this host. */ |
| 469 |
if (c->c_keytype != KT_RSA1) { |
515 |
if (c->c_keytype != KT_RSA1) { |
| 470 |
keyprint(c, keygrab_ssh2(c)); |
516 |
keyprint(c, keygrab_ssh2(c)); |
| 471 |
confree(s); |
517 |
confree(s); |
| 472 |
return; |
518 |
return; |
| 473 |
} |
519 |
} |
|
|
520 |
/* Continue the process of getting the ssh1 key. */ |
| 474 |
c->c_status = CS_SIZE; |
521 |
c->c_status = CS_SIZE; |
| 475 |
contouch(s); |
522 |
contouch(s); |
|
|
523 |
return; |
| 524 |
|
| 476 |
} |
525 |
} |
| 477 |
|
526 |
|
| 478 |
static void |
527 |
static void |
|
Lines 520-526
Link Here
|
| 520 |
struct timeval seltime, now; |
569 |
struct timeval seltime, now; |
| 521 |
fd_set *r, *e; |
570 |
fd_set *r, *e; |
| 522 |
con *c; |
571 |
con *c; |
| 523 |
int i; |
572 |
int i, s; |
| 524 |
|
573 |
|
| 525 |
gettimeofday(&now, NULL); |
574 |
gettimeofday(&now, NULL); |
| 526 |
c = TAILQ_FIRST(&tq); |
575 |
c = TAILQ_FIRST(&tq); |
|
Lines 550-569
Link Here
|
| 550 |
if (FD_ISSET(i, e)) { |
599 |
if (FD_ISSET(i, e)) { |
| 551 |
error("%s: exception!", fdcon[i].c_name); |
600 |
error("%s: exception!", fdcon[i].c_name); |
| 552 |
confree(i); |
601 |
confree(i); |
| 553 |
} else if (FD_ISSET(i, r)) |
602 |
} else if (FD_ISSET(i, r)) { |
| 554 |
conread(i); |
603 |
conread(i); |
|
|
604 |
/* |
| 605 |
* Break if the read attempt in the `packet.c:packet_read_seqnr()' |
| 606 |
* function failed because our "local" timeout was exceeded or because |
| 607 |
* the remote host closed the connection before the packet data read |
| 608 |
* was complete. The remote closure probably occurred because the |
| 609 |
* LoginGraceTime was exceeded on the remote `sshd' server. |
| 610 |
*/ |
| 611 |
if (conntimedout || connclosed) |
| 612 |
break; |
| 613 |
} |
| 555 |
} |
614 |
} |
| 556 |
xfree(r); |
615 |
xfree(r); |
| 557 |
xfree(e); |
616 |
xfree(e); |
| 558 |
|
617 |
|
|
|
618 |
/* |
| 619 |
* If we have the "conntimedout" condition, the read attempt failed |
| 620 |
* because the "local" timeout (set by the `packet_set_timeout()' |
| 621 |
* function call) was exceeded. Give all hosts that currently have a |
| 622 |
* "fdcon[s]" entry a fresh timeout. |
| 623 |
*/ |
| 624 |
i = -1; |
| 559 |
c = TAILQ_FIRST(&tq); |
625 |
c = TAILQ_FIRST(&tq); |
| 560 |
while (c && (c->c_tv.tv_sec < now.tv_sec || |
626 |
|
| 561 |
(c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) { |
627 |
if (conntimedout) { |
| 562 |
int s = c->c_fd; |
628 |
while (c) { |
|
|
629 |
s = c->c_fd; |
| 630 |
/* |
| 631 |
* If i >= 0, fdcon[i] should be the first entry "touch"ed by |
| 632 |
* the call to contouch() below. |
| 633 |
*/ |
| 634 |
if (s == i) |
| 635 |
break; |
| 636 |
/* |
| 637 |
* Save fd of first "touch"ed entry. If we encounter it again, we'll |
| 638 |
* know that we've cycled through all of the original queue. |
| 639 |
*/ |
| 640 |
contouch(s); /* a fresh timeout for fdcon[s] */ |
| 641 |
if (i < 0) |
| 642 |
i = s; |
| 643 |
|
| 644 |
c = TAILQ_NEXT(c, c_link); |
| 645 |
} |
| 646 |
|
| 647 |
conntimedout = 0; |
| 648 |
|
| 649 |
return; |
| 650 |
} |
| 651 |
|
| 652 |
/* |
| 653 |
* If we have the "connclosed" condition, the read failed because the |
| 654 |
* remote server closed the connection before sending the key. All hosts |
| 655 |
* that currently have a viable "fdcon[s]" entry will be recycled below |
| 656 |
* to negate the time used waiting for the server to respond. This is |
| 657 |
* a very kludgy way to do this and should be necessary only if the |
| 658 |
* "local" timeout value exceeds the remote servers LoginGraceTime or |
| 659 |
* if there are a lot of very slow servers out there. |
| 660 |
* |
| 661 |
* Loop through the remaining open TAILQ entries. The loop covers two |
| 662 |
* conditions: all entries for "connclosed" (described above) and the |
| 663 |
* per entry timeout that occurs while waiting for the remote server to |
| 664 |
* send its return greeting. |
| 665 |
*/ |
| 666 |
while (c && (connclosed || |
| 667 |
(c->c_tv.tv_sec < now.tv_sec || |
| 668 |
(c->c_tv.tv_sec == now.tv_sec && |
| 669 |
c->c_tv.tv_usec < now.tv_usec)))) { |
| 670 |
s = c->c_fd; |
| 671 |
/* |
| 672 |
* If i >= 0, fdcon[i] should be the first of any new allocations that |
| 673 |
* were made as a result of the call(s) to conrecycle() below. |
| 674 |
*/ |
| 675 |
if (s == i) |
| 676 |
break; |
| 677 |
|
| 678 |
/* |
| 679 |
* If requested and if not recycling because of "connclosed", list this |
| 680 |
* host as a connection time out. |
| 681 |
*/ |
| 682 |
if (log_verbose && connclosed == 0) |
| 683 |
logit("%s: Connection timed out.", c->c_name); |
| 684 |
|
| 685 |
/* |
| 686 |
* Save fd of first new allocation. If we encounter it again, we'll |
| 687 |
* know that we've cycled through all of the original queue. |
| 688 |
*/ |
| 689 |
s = conrecycle(s); |
| 690 |
if (i < 0) |
| 691 |
i = s; |
| 563 |
|
692 |
|
| 564 |
c = TAILQ_NEXT(c, c_link); |
693 |
c = TAILQ_NEXT(c, c_link); |
| 565 |
conrecycle(s); |
|
|
| 566 |
} |
694 |
} |
|
|
695 |
connclosed = 0; |
| 567 |
} |
696 |
} |
| 568 |
|
697 |
|
| 569 |
static void |
698 |
static void |
|
Lines 583-588
Link Here
|
| 583 |
} |
712 |
} |
| 584 |
} |
713 |
} |
| 585 |
|
714 |
|
|
|
715 |
/* |
| 716 |
* Convert general remote aborts to continues while the `dispatch_run()' |
| 717 |
* function is being executed. |
| 718 |
*/ |
| 719 |
void |
| 720 |
cleanup_exit(int i) |
| 721 |
{ |
| 722 |
if (nonfatal_fatal) |
| 723 |
longjmp(kexjmp, -1); |
| 724 |
else |
| 725 |
exit(i); |
| 726 |
} |
| 727 |
|
| 586 |
void |
728 |
void |
| 587 |
fatal(const char *fmt,...) |
729 |
fatal(const char *fmt,...) |
| 588 |
{ |
730 |
{ |
|
Lines 601-607
Link Here
|
| 601 |
usage(void) |
743 |
usage(void) |
| 602 |
{ |
744 |
{ |
| 603 |
fprintf(stderr, |
745 |
fprintf(stderr, |
| 604 |
"usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" |
746 |
"usage: %s [-46HLv] [-f file] [-p port] [-T timeout] [-t type]\n" |
| 605 |
"\t\t [host | addrlist namelist] ...\n", |
747 |
"\t\t [host | addrlist namelist] ...\n", |
| 606 |
__progname); |
748 |
__progname); |
| 607 |
exit(1); |
749 |
exit(1); |
|
Lines 629-639
Link Here
|
| 629 |
if (argc <= 1) |
771 |
if (argc <= 1) |
| 630 |
usage(); |
772 |
usage(); |
| 631 |
|
773 |
|
| 632 |
while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { |
774 |
while ((opt = getopt(argc, argv, "HLv46p:T:t:f:")) != -1) { |
| 633 |
switch (opt) { |
775 |
switch (opt) { |
| 634 |
case 'H': |
776 |
case 'H': |
| 635 |
hash_hosts = 1; |
777 |
hash_hosts = 1; |
| 636 |
break; |
778 |
break; |
|
|
779 |
case 'L': |
| 780 |
log_verbose = 1; |
| 781 |
break; |
| 637 |
case 'p': |
782 |
case 'p': |
| 638 |
ssh_port = a2port(optarg); |
783 |
ssh_port = a2port(optarg); |
| 639 |
if (ssh_port <= 0) { |
784 |
if (ssh_port <= 0) { |
|
Lines 714-720
Link Here
|
| 714 |
fdlim_set(maxfd); |
859 |
fdlim_set(maxfd); |
| 715 |
fdcon = xcalloc(maxfd, sizeof(con)); |
860 |
fdcon = xcalloc(maxfd, sizeof(con)); |
| 716 |
|
861 |
|
| 717 |
read_wait_nfdset = howmany(maxfd, NFDBITS); |
862 |
read_wait_nfdset = howmany(maxfd + 1, NFDBITS); |
| 718 |
read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask)); |
863 |
read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask)); |
| 719 |
|
864 |
|
| 720 |
for (j = 0; j < fopt_count; j++) { |
865 |
for (j = 0; j < fopt_count; j++) { |