Attachment #980 for bug #910




#include "misc.h"
#include "log.h"
#include "xmalloc.h"
#include "ssh.h"

/* remove newline at end of string */
char *

}

/*
 * Returns a standardized host+port identifier string.
 * Caller must free returned string.
 */
char *
put_host_port(const char *host, u_short port)
{
	int ret;
	char *hoststr;
	size_t len;

	if (port == 0 || port == SSH_DEFAULT_PORT)
		return(xstrdup(host));
	len = strlen(host) + sizeof(port) * 4 + 4;
	hoststr = xmalloc(len);
	ret = snprintf(hoststr, len, "[%s]:%d", host, (int)port);
	if (ret == -1 || (size_t)ret >= len)
		fatal("put_host_port: snprintf: %s", strerror(errno));
	debug3("put_host_port: %s", hoststr);
	return hoststr;
}

/*
 * Search for next delimiter between hostnames/addresses and ports.
 * Argument may be modified (for termination).
 * Returns *cp if parsing succeeds.

Lines 20-25 int set_nonblock(int); Link Here

(-)misc.h (+1 lines)
20	int unset_nonblock(int);	20	int unset_nonblock(int);
21	void set_nodelay(int);	21	void set_nodelay(int);
22	int a2port(const char *);	22	int a2port(const char *);
		23	char put_host_port(const char , u_short);
23	char hpdelim(char *);	24	char hpdelim(char *);
24	char cleanhostname(char );	25	char cleanhostname(char );
25	char colon(char );	26	char colon(char );




 * is not valid. the user_hostfile will not be updated if 'readonly' is true.
 */
static int
check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
    int readonly, const char *user_hostfile, const char *system_hostfile)
{
	Key *file_key;
	const char *type = key_type(host_key);
	char *ip = NULL, *host = NULL;
	char hostline[1000], *hostp, *fp;
	HostStatus host_status;
	HostStatus ip_status;

		    NULL, 0, NI_NUMERICHOST) != 0)
			fatal("check_host_key: getnameinfo failed");
		ip = xstrdup(ntop);
		ip = put_host_port(ntop, options.port);
	} else {
		ip = xstrdup("<no hostip for proxy command>");
	}

	 * Turn off check_host_ip if the connection is to localhost, via proxy
	 * command or if we don't have a hostname to compare with
	 */
	if (options.check_host_ip && (local ||
	    strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
		options.check_host_ip = 0;

	/*
	 * Allow the user to record the key under a different name or
	 * differentiate a non-standard port.  This is useful for ssh
	 * tunneling over forwarded connections or if you run multiple
	 * sshd's on different ports on the same machine.
	 */
	if (options.host_key_alias != NULL) {
		host = xstrdup(options.host_key_alias);
		debug("using hostkeyalias: %s", host);
	} else {
		host = put_host_port(hostname, options.port);
	}

	/*

	}

	xfree(ip);
	xfree(host);
	return 0;

fail:
	xfree(ip);
	xfree(host);
	return -1;
}


Lines 1303-1308 userauth_hostbased(Authctxt *authctxt) Link Here

(-)sshconnect2.c (+2 lines)
1303	u_int blen, slen;	1303	u_int blen, slen;
1304	int ok, i, len, found = 0;	1304	int ok, i, len, found = 0;
1305		1305
		1306	debug("%s called", __func__);
		1307
1306	/* check for a useful key */	1308	/* check for a useful key */
1307	for (i = 0; i < sensitive->nkeys; i++) {	1309	for (i = 0; i < sensitive->nkeys; i++) {
1308	private = sensitive->keys[i];	1310	private = sensitive->keys[i];

Lines 552-557 A pattern may also be preceded by Link Here

(-)sshd.8 (+7 lines)
552	to indicate negation: if the host name matches a negated	552	to indicate negation: if the host name matches a negated
553	pattern, it is not accepted (by that line) even if it matched another	553	pattern, it is not accepted (by that line) even if it matched another
554	pattern on the line.	554	pattern on the line.
		555	A hostname or address may optionally be enclosed within
		556	.Ql \&[
		557	and
		558	.Ql \&]
		559	brackets then followed by
		560	.Ql \&:
		561	and and a non-standard port number.
555	.Pp	562	.Pp
556	Alternately, hostnames may be stored in a hashed form which hides host names	563	Alternately, hostnames may be stored in a hashed form which hides host names
557	and addresses should the file's contents be disclosed.	564	and addresses should the file's contents be disclosed.

Return to bug 910

Lines 519-530 confirm(const char *prompt) Link Here

(-)sshconnect.c (-8 / +14 lines)
519	* is not valid. the user_hostfile will not be updated if 'readonly' is true.	519	* is not valid. the user_hostfile will not be updated if 'readonly' is true.
520	*/	520	*/
521	static int	521	static int
522	check_host_key(char host, struct sockaddr hostaddr, Key *host_key,	522	check_host_key(char hostname, struct sockaddr hostaddr, Key *host_key,
523	int readonly, const char user_hostfile, const char system_hostfile)	523	int readonly, const char user_hostfile, const char system_hostfile)
524	{	524	{
525	Key *file_key;	525	Key *file_key;
526	const char *type = key_type(host_key);	526	const char *type = key_type(host_key);
527	char *ip = NULL;	527	char ip = NULL, host = NULL;
528	char hostline[1000], hostp, fp;	528	char hostline[1000], hostp, fp;
529	HostStatus host_status;	529	HostStatus host_status;
530	HostStatus ip_status;	530	HostStatus ip_status;
Lines 576-581 check_host_key(char *host, struct sockad Link Here
576	NULL, 0, NI_NUMERICHOST) != 0)	576	NULL, 0, NI_NUMERICHOST) != 0)
577	fatal("check_host_key: getnameinfo failed");	577	fatal("check_host_key: getnameinfo failed");
578	ip = xstrdup(ntop);	578	ip = xstrdup(ntop);
		579	ip = put_host_port(ntop, options.port);
579	} else {	580	} else {
580	ip = xstrdup("<no hostip for proxy command>");	581	ip = xstrdup("<no hostip for proxy command>");
581	}	582	}
Lines 583-600 check_host_key(char *host, struct sockad Link Here
583	* Turn off check_host_ip if the connection is to localhost, via proxy	584	* Turn off check_host_ip if the connection is to localhost, via proxy
584	* command or if we don't have a hostname to compare with	585	* command or if we don't have a hostname to compare with
585	*/	586	*/
586	if (options.check_host_ip &&	587	if (options.check_host_ip && (local \|\|
587	(local \|\| strcmp(host, ip) == 0 \|\| options.proxy_command != NULL))	588	strcmp(hostname, ip) == 0 \|\| options.proxy_command != NULL))
588	options.check_host_ip = 0;	589	options.check_host_ip = 0;
589		590
590	/*	591	/*
591	* Allow the user to record the key under a different name. This is	592	* Allow the user to record the key under a different name or
592	* useful for ssh tunneling over forwarded connections or if you run	593	* differentiate a non-standard port. This is useful for ssh
593	* multiple sshd's on different ports on the same machine.	594	* tunneling over forwarded connections or if you run multiple
		595	* sshd's on different ports on the same machine.
594	*/	596	*/
595	if (options.host_key_alias != NULL) {	597	if (options.host_key_alias != NULL) {
596	host = options.host_key_alias;	598	host = xstrdup(options.host_key_alias);
597	debug("using hostkeyalias: %s", host);	599	debug("using hostkeyalias: %s", host);
		600	} else {
		601	host = put_host_port(hostname, options.port);
598	}	602	}
599		603
600	/*	604	/*
Lines 856-865 check_host_key(char *host, struct sockad Link Here
856	}	860	}
857		861
858	xfree(ip);	862	xfree(ip);
		863	xfree(host);
859	return 0;	864	return 0;
860		865
861	fail:	866	fail:
862	xfree(ip);	867	xfree(ip);
		868	xfree(host);
863	return -1;	869	return -1;
864	}	870	}
865		871

Lines 29-34 RCSID("$OpenBSD: misc.c,v 1.34 2005/07/0 Link Here

(-)misc.c (+23 lines)
29	#include "misc.h"	29	#include "misc.h"
30	#include "log.h"	30	#include "log.h"
31	#include "xmalloc.h"	31	#include "xmalloc.h"
		32	#include "ssh.h"
32		33
33	/* remove newline at end of string */	34	/* remove newline at end of string */
34	char *	35	char *
Lines 277-282 convtime(const char *s) Link Here
277	}	278	}
278		279
279	/*	280	/*
		281	* Returns a standardized host+port identifier string.
		282	* Caller must free returned string.
		283	*/
		284	char *
		285	put_host_port(const char *host, u_short port)
		286	{
		287	int ret;
		288	char *hoststr;
		289	size_t len;
		290
		291	if (port == 0 \|\| port == SSH_DEFAULT_PORT)
		292	return(xstrdup(host));
		293	len = strlen(host) + sizeof(port) * 4 + 4;
		294	hoststr = xmalloc(len);
		295	ret = snprintf(hoststr, len, "[%s]:%d", host, (int)port);
		296	if (ret == -1 \|\| (size_t)ret >= len)
		297	fatal("put_host_port: snprintf: %s", strerror(errno));
		298	debug3("put_host_port: %s", hoststr);
		299	return hoststr;
		300	}
		301
		302	/*
280	* Search for next delimiter between hostnames/addresses and ports.	303	* Search for next delimiter between hostnames/addresses and ports.
281	* Argument may be modified (for termination).	304	* Argument may be modified (for termination).
282	* Returns *cp if parsing succeeds.	305	* Returns *cp if parsing succeeds.