Bugzilla – Attachment 28 Details for
Bug 112
Using host key fingerprint instead of "yes"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
improved fingerprint checking patch against CVS
finger.patch (text/plain), 2.33 KB, created by
Pavel Kankovsky
on 2002-02-21 08:43:33 AEDT
(
hide
)
Description:
improved fingerprint checking patch against CVS
Filename:
MIME Type:
Creator:
Pavel Kankovsky
Created:
2002-02-21 08:43:33 AEDT
Size:
2.33 KB
patch
obsolete
>diff -ur openssh.old/sshconnect.c openssh/sshconnect.c >--- openssh.old/sshconnect.c Tue Jan 22 13:34:13 2002 >+++ openssh/sshconnect.c Wed Feb 20 22:09:24 2002 >@@ -487,22 +487,43 @@ > > /* defaults to 'no' */ > static int >-confirm(const char *prompt) >+confirm(const char *prompt, const char *fp) > { >- const char *msg, *again = "Please type 'yes' or 'no': "; >+ const char *msg; > char *p; > int ret = -1; >+ int checking = 0; > > if (options.batch_mode) > return 0; >- for (msg = prompt;;msg = again) { >+ msg = prompt; >+ for (;;) { > p = read_passphrase(msg, RP_ECHO); > if (p == NULL || >- (p[0] == '\0') || (p[0] == '\n') || >- strncasecmp(p, "no", 2) == 0) >+ (p[0] == '\0') || (p[0] == '\n')) > ret = 0; >- if (strncasecmp(p, "yes", 3) == 0) >- ret = 1; >+ else if (checking) { >+ if (strcasecmp(p, fp) == 0) { >+ log("The fingerprints match."); >+ ret = 1; >+ } else { >+ log("The fingerprints do not match."); >+ ret = 0; >+ } >+ } >+ else { >+ msg = "Please type 'yes', 'no' or 'check': "; >+ if (strncasecmp(p, "no", 2) == 0) >+ ret = 0; >+ if (strncasecmp(p, "yes", 3) == 0) >+ ret = 1; >+ if (strncasecmp(p, "check", 5) == 0) { >+ msg = "Enter the expected key fingerprint " >+ "(DO NOT copy the fingerprint that might " >+ "have been displayed earlier): "; >+ checking = 1; >+ } >+ } > if (p) > xfree(p); > if (ret != -1) >@@ -680,10 +701,12 @@ > "established.\n" > "%s key fingerprint is %s.\n" > "Are you sure you want to continue connecting " >- "(yes/no)? ", host, ip, type, fp); >- xfree(fp); >- if (!confirm(msg)) >+ "(yes/no/check)? ", host, ip, type, fp); >+ if (!confirm(msg, fp)) { >+ xfree(fp); > goto fail; >+ } >+ xfree(fp); > } > if (options.check_host_ip && ip_status == HOST_NEW) { > snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); >@@ -803,10 +826,14 @@ > error("Exiting, you have requested strict checking."); > goto fail; > } else if (options.strict_host_key_checking == 2) { >+ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); > strlcat(msg, "\nAre you sure you want " >- "to continue connecting (yes/no)? ", sizeof(msg)); >- if (!confirm(msg)) >+ "to continue connecting (yes/no/check)? ", sizeof(msg)); >+ if (!confirm(msg, fp)) { >+ free(fp); > goto fail; >+ } >+ free(fp); > } else { > log(msg); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=28">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 112
: 28