*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.119 2002/01/21 15:13:51 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.115 2001/10/08 19:05:05 markus Exp $");
#include <openssl/bn.h>
#include "readconf.h"
#include "atomicio.h"
#include "misc.h"
-#include "readpass.h"
char *client_version_string = NULL;
char *server_version_string = NULL;
static char addrbuf[INET6_ADDRSTRLEN];
switch (sa->sa_family) {
- case AF_INET:
- addr = &((struct sockaddr_in *)sa)->sin_addr;
- break;
- case AF_INET6:
- addr = &((struct sockaddr_in6 *)sa)->sin6_addr;
- break;
- default:
- /* This case should be protected against elsewhere */
- abort(); /* XXX abort is bad -- do something else */
+ case AF_INET:
+ addr = &((struct sockaddr_in *)sa)->sin_addr;
+ break;
+ case AF_INET6:
+ addr = &((struct sockaddr_in6 *)sa)->sin6_addr;
+ break;
+ default:
+ /* This case should be protected against elsewhere */
+ abort();
}
inet_ntop(sa->sa_family, addr, addrbuf, sizeof(addrbuf));
return addrbuf;
/* Create pipes for communicating with the proxy. */
if (pipe(pin) < 0 || pipe(pout) < 0)
fatal("Could not create pipes to communicate with the proxy: %.100s",
- strerror(errno));
+ strerror(errno));
debug("Executing proxy command: %.500s", command_string);
int full_failure = 1;
debug("ssh_connect: getuid %u geteuid %u anon %d",
- (u_int) getuid(), (u_int) geteuid(), anonymous);
+ (u_int) getuid(), (u_int) geteuid(), anonymous);
/* Get default port if port has not been set. */
if (port == 0) {
* which connect() has already returned an
* error.
*/
+ shutdown(sock, SHUT_RDWR);
close(sock);
}
}
&remote_major, &remote_minor, remote_version) != 3)
fatal("Bad remote protocol version identification: '%.100s'", buf);
debug("Remote protocol version %d.%d, remote software version %.100s",
- remote_major, remote_minor, remote_version);
+ remote_major, remote_minor, remote_version);
compat_datafellows(remote_version);
mismatch = 0;
- switch (remote_major) {
+ switch(remote_major) {
case 1:
if (remote_minor == 99 &&
(options.protocol & SSH_PROTO_2) &&
static int
confirm(const char *prompt)
{
- const char *msg, *again = "Please type 'yes' or 'no': ";
- char *p;
- int ret = -1;
+ char buf[1024];
+ FILE *f;
+ int retval = -1;
if (options.batch_mode)
return 0;
- for (msg = prompt;;msg = again) {
- p = read_passphrase(msg, RP_ECHO);
- if (p == NULL ||
- (p[0] == '\0') || (p[0] == '\n') ||
- strncasecmp(p, "no", 2) == 0)
- ret = 0;
- if (strncasecmp(p, "yes", 3) == 0)
- ret = 1;
- if (p)
- xfree(p);
- if (ret != -1)
- return ret;
+ if (isatty(STDIN_FILENO))
+ f = stdin;
+ else
+ f = fopen(_PATH_TTY, "rw");
+ if (f == NULL)
+ return 0;
+ fflush(stdout);
+ fprintf(stderr, "%s", prompt);
+ while (1) {
+ if (fgets(buf, sizeof(buf), f) == NULL) {
+ fprintf(stderr, "\n");
+ strlcpy(buf, "no", sizeof buf);
+ }
+ /* Remove newline from response. */
+ if (strchr(buf, '\n'))
+ *strchr(buf, '\n') = 0;
+ if (strcmp(buf, "yes") == 0)
+ retval = 1;
+ else if (strcmp(buf, "no") == 0)
+ retval = 0;
+ else
+ fprintf(stderr, "Please type 'yes' or 'no': ");
+
+ if (retval != -1) {
+ if (f != stdin)
+ fclose(f);
+ return retval;
+ }
}
}
int local = 0, host_ip_differ = 0;
int salen;
char ntop[NI_MAXHOST];
- char msg[1024];
- int len, host_line, ip_line;
+ int host_line, ip_line;
const char *host_file = NULL, *ip_file = NULL;
/*
switch (hostaddr->sa_family) {
case AF_INET:
local = (ntohl(((struct sockaddr_in *)hostaddr)->
- sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
+ sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
salen = sizeof(struct sockaddr_in);
break;
case AF_INET6:
*/
host_file = user_hostfile;
host_status = check_host_in_hostfile(host_file, host, host_key,
- file_key, &host_line);
+ file_key, &host_line);
if (host_status == HOST_NEW) {
host_file = system_hostfile;
host_status = check_host_in_hostfile(host_file, host, host_key,
"'%.128s' not in list of known hosts.",
type, ip);
else if (!add_host_to_hostfile(user_hostfile, ip,
- host_key))
+ host_key))
log("Failed to add the %s host key for IP "
"address '%.128s' to the list of known "
"hosts (%.30s).", type, ip, user_hostfile);
goto fail;
} else if (options.strict_host_key_checking == 2) {
/* The default */
+ char prompt[1024];
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
- snprintf(msg, sizeof(msg),
+ snprintf(prompt, sizeof(prompt),
"The authenticity of host '%.200s (%s)' can't be "
"established.\n"
"%s key fingerprint is %s.\n"
"Are you sure you want to continue connecting "
"(yes/no)? ", host, ip, type, fp);
xfree(fp);
- if (!confirm(msg))
+ if (!confirm(prompt)) {
goto fail;
+ }
}
if (options.check_host_ip && ip_status == HOST_NEW) {
snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
error("Port forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.num_local_forwards =
- options.num_remote_forwards = 0;
+ options.num_remote_forwards = 0;
}
/*
* XXX Should permit the user to change to use the new id.
if (options.check_host_ip && host_status != HOST_CHANGED &&
ip_status == HOST_CHANGED) {
- snprintf(msg, sizeof(msg),
- "Warning: the %s host key for '%.200s' "
- "differs from the key for the IP address '%.128s'"
- "\nOffending key for IP in %s:%d",
- type, host, ip, ip_file, ip_line);
- if (host_status == HOST_OK) {
- len = strlen(msg);
- snprintf(msg + len, sizeof(msg) - len,
- "\nMatching host key in %s:%d",
- host_file, host_line);
- }
+ log("Warning: the %s host key for '%.200s' "
+ "differs from the key for the IP address '%.128s'",
+ type, host, ip);
+ if (host_status == HOST_OK)
+ log("Matching host key in %s:%d", host_file, host_line);
+ log("Offending key for IP in %s:%d", ip_file, ip_line);
if (options.strict_host_key_checking == 1) {
- log(msg);
error("Exiting, you have requested strict checking.");
goto fail;
} else if (options.strict_host_key_checking == 2) {
- strlcat(msg, "\nAre you sure you want "
- "to continue connecting (yes/no)? ", sizeof(msg));
- if (!confirm(msg))
+ if (!confirm("Are you sure you want "
+ "to continue connecting (yes/no)? ")) {
goto fail;
- } else {
- log(msg);
+ }
}
}