X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/616a6b935710da8a520bf7cd202a72c92cb24115..567a05bf444fa057f6320f6c47ace609d6f44cb8:/sshconnect.c

diff --git a/sshconnect.c b/sshconnect.c
index 511fe8f3..6004bf5e 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.119 2002/01/21 15:13:51 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.133 2002/07/29 18:57:30 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -36,40 +36,23 @@ RCSID("$OpenBSD: sshconnect.c,v 1.119 2002/01/21 15:13:51 markus Exp $");
 char *client_version_string = NULL;
 char *server_version_string = NULL;
 
+/* import */
 extern Options options;
 extern char *__progname;
+extern uid_t original_real_uid;
+extern uid_t original_effective_uid;
 
 #ifndef INET6_ADDRSTRLEN		/* for non IPv6 machines */
 #define INET6_ADDRSTRLEN 46
 #endif
 
-static const char *
-sockaddr_ntop(struct sockaddr *sa)
-{
-	void *addr;
-	static char addrbuf[INET6_ADDRSTRLEN];
-
-	switch (sa->sa_family) {
-	case AF_INET:
-		addr = &((struct sockaddr_in *)sa)->sin_addr;
-		break;
-	case AF_INET6:
-		addr = &((struct sockaddr_in6 *)sa)->sin6_addr;
-		break;
-	default:
-		/* This case should be protected against elsewhere */
-		abort();	/* XXX abort is bad -- do something else */
-	}
-	inet_ntop(sa->sa_family, addr, addrbuf, sizeof(addrbuf));
-	return addrbuf;
-}
+static int show_other_keys(const char *, Key *);
 
 /*
  * Connect to the given ssh server using a proxy command.
  */
 static int
-ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
-		  const char *proxy_command)
+ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
 {
 	Buffer command;
 	const char *cp;
@@ -119,7 +102,8 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
 		char *argv[10];
 
 		/* Child.  Permanently give up superuser privileges. */
-		permanently_set_uid(pw);
+		seteuid(original_real_uid);
+		setuid(original_real_uid);
 
 		/* Redirect stdin and stdout. */
 		close(pin[1]);
@@ -169,7 +153,7 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
  * Creates a (possibly privileged) socket for use as the ssh connection.
  */
 static int
-ssh_create_socket(struct passwd *pw, int privileged, int family)
+ssh_create_socket(int privileged, int family)
 {
 	int sock, gaierr;
 	struct addrinfo hints, *res;
@@ -180,22 +164,18 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
 	 */
 	if (privileged) {
 		int p = IPPORT_RESERVED - 1;
+		PRIV_START;
 		sock = rresvport_af(&p, family);
+		PRIV_END;
 		if (sock < 0)
 			error("rresvport: af=%d %.100s", family, strerror(errno));
 		else
 			debug("Allocated local port %d.", p);
 		return sock;
 	}
-	/*
-	 * Just create an ordinary socket on arbitrary port.  We use
-	 * the user's uid to create the socket.
-	 */
-	temporarily_use_uid(pw);
 	sock = socket(family, SOCK_STREAM, 0);
 	if (sock < 0)
 		error("socket: %.100s", strerror(errno));
-	restore_uid();
 
 	/* Bind the socket to an alternative local IP address */
 	if (options.bind_address == NULL)
@@ -225,9 +205,9 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
 /*
  * Opens a TCP/IP connection to the remote server on the given host.
  * The address of the remote host will be returned in hostaddr.
- * If port is 0, the default port will be used.  If anonymous is zero,
+ * If port is 0, the default port will be used.  If needpriv is true,
  * a privileged port will be allocated to make the connection.
- * This requires super-user privileges if anonymous is false.
+ * This requires super-user privileges if needpriv is true.
  * Connection_attempts specifies the maximum number of tries (one per
  * second).  If proxy_command is non-NULL, it specifies the command (with %h
  * and %p substituted for host and port, respectively) to use to contact
@@ -242,7 +222,7 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
 int
 ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
     u_short port, int family, int connection_attempts,
-    int anonymous, struct passwd *pw, const char *proxy_command)
+    int needpriv, const char *proxy_command)
 {
 	int gaierr;
 	int on = 1;
@@ -258,8 +238,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 	 */
 	int full_failure = 1;
 
-	debug("ssh_connect: getuid %u geteuid %u anon %d",
-	    (u_int) getuid(), (u_int) geteuid(), anonymous);
+	debug("ssh_connect: needpriv %d", needpriv);
 
 	/* Get default port if port has not been set. */
 	if (port == 0) {
@@ -271,14 +250,14 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 	}
 	/* If a proxy command is given, connect using it. */
 	if (proxy_command != NULL)
-		return ssh_proxy_connect(host, port, pw, proxy_command);
+		return ssh_proxy_connect(host, port, proxy_command);
 
 	/* No proxy command. */
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = family;
 	hints.ai_socktype = SOCK_STREAM;
-	snprintf(strport, sizeof strport, "%d", port);
+	snprintf(strport, sizeof strport, "%u", port);
 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
 		fatal("%s: %.100s: %s", __progname, host,
 		    gai_strerror(gaierr));
@@ -307,34 +286,20 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 				host, ntop, strport);
 
 			/* Create a socket for connecting. */
-			sock = ssh_create_socket(pw,
-#ifdef HAVE_CYGWIN
-			    !anonymous,
-#else
-			    !anonymous && geteuid() == 0,
-#endif
-			    ai->ai_family);
+			sock = ssh_create_socket(needpriv, ai->ai_family);
 			if (sock < 0)
 				/* Any error is already output */
 				continue;
 
-			/* Connect to the host.  We use the user's uid in the
-			 * hope that it will help with tcp_wrappers showing
-			 * the remote uid as root.
-			 */
-			temporarily_use_uid(pw);
 			if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
 				/* Successful connection. */
 				memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
-				restore_uid();
 				break;
 			} else {
 				if (errno == ECONNREFUSED)
 					full_failure = 0;
-				log("ssh: connect to address %s port %s: %s",
-				    sockaddr_ntop(ai->ai_addr), strport,
-				    strerror(errno));
-				restore_uid();
+				debug("connect to address %s port %s: %s",
+				    ntop, strport, strerror(errno));
 				/*
 				 * Close the failed socket; there appear to
 				 * be some problems when reusing a socket for
@@ -357,8 +322,11 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 	freeaddrinfo(aitop);
 
 	/* Return failure if we didn't get a successful connection. */
-	if (attempt >= connection_attempts)
+	if (attempt >= connection_attempts) {
+		log("ssh: connect to host %s port %s: %s",
+		    host, strport, strerror(errno));
 		return full_failure ? ECONNABORTED : ECONNREFUSED;
+	}
 
 	debug("Connection established.");
 
@@ -501,7 +469,7 @@ confirm(const char *prompt)
 		    (p[0] == '\0') || (p[0] == '\n') ||
 		    strncasecmp(p, "no", 2) == 0)
 			ret = 0;
-		if (strncasecmp(p, "yes", 3) == 0)
+		if (p && strncasecmp(p, "yes", 3) == 0)
 			ret = 1;
 		if (p)
 			xfree(p);
@@ -514,7 +482,6 @@ confirm(const char *prompt)
  * check whether the supplied host key is valid, return -1 if the key
  * is not valid. the user_hostfile will not be updated if 'readonly' is true.
  */
-
 static int
 check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
     int readonly, const char *user_hostfile, const char *system_hostfile)
@@ -529,7 +496,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 	int salen;
 	char ntop[NI_MAXHOST];
 	char msg[1024];
-	int len, host_line, ip_line;
+	int len, host_line, ip_line, has_keys;
 	const char *host_file = NULL, *ip_file = NULL;
 
 	/*
@@ -544,7 +511,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 	switch (hostaddr->sa_family) {
 	case AF_INET:
 		local = (ntohl(((struct sockaddr_in *)hostaddr)->
-		    sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
+		   sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
 		salen = sizeof(struct sockaddr_in);
 		break;
 	case AF_INET6:
@@ -673,14 +640,19 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 			    "have requested strict checking.", type, host);
 			goto fail;
 		} else if (options.strict_host_key_checking == 2) {
+			has_keys = show_other_keys(host, host_key);
 			/* The default */
 			fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
 			snprintf(msg, sizeof(msg),
 			    "The authenticity of host '%.200s (%s)' can't be "
-			    "established.\n"
+			    "established%s\n"
 			    "%s key fingerprint is %s.\n"
 			    "Are you sure you want to continue connecting "
-			    "(yes/no)? ", host, ip, type, fp);
+			    "(yes/no)? ",
+			     host, ip,
+			     has_keys ? ",\nbut keys of different type are already "
+			     "known for this host." : ".",
+			     type, fp);
 			xfree(fp);
 			if (!confirm(msg))
 				goto fail;
@@ -783,6 +755,9 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 		 * accept the authentication.
 		 */
 		break;
+	case HOST_FOUND:
+		fatal("internal error");
+		break;
 	}
 
 	if (options.check_host_ip && host_status != HOST_CHANGED &&
@@ -796,7 +771,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 			len = strlen(msg);
 			snprintf(msg + len, sizeof(msg) - len,
 			    "\nMatching host key in %s:%d",
-			     host_file, host_line);
+			    host_file, host_line);
 		}
 		if (options.strict_host_key_checking == 1) {
 			log(msg);
@@ -844,7 +819,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
  * This function does not require super-user privileges.
  */
 void
-ssh_login(Key **keys, int nkeys, const char *orighost,
+ssh_login(Sensitive *sensitive, const char *orighost,
     struct sockaddr *hostaddr, struct passwd *pw)
 {
 	char *host, *cp;
@@ -869,10 +844,10 @@ ssh_login(Key **keys, int nkeys, const char *orighost,
 	/* authenticate user */
 	if (compat20) {
 		ssh_kex2(host, hostaddr);
-		ssh_userauth2(local_user, server_user, host, keys, nkeys);
+		ssh_userauth2(local_user, server_user, host, sensitive);
 	} else {
 		ssh_kex(host, hostaddr);
-		ssh_userauth1(local_user, server_user, host, keys, nkeys);
+		ssh_userauth1(local_user, server_user, host, sensitive);
 	}
 }
 
@@ -894,3 +869,58 @@ ssh_put_password(char *password)
 	memset(padded, 0, size);
 	xfree(padded);
 }
+
+static int
+show_key_from_file(const char *file, const char *host, int keytype)
+{
+	Key *found;
+	char *fp;
+	int line, ret;
+
+	found = key_new(keytype);
+	if ((ret = lookup_key_in_hostfile_by_type(file, host,
+	    keytype, found, &line))) {
+		fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+		log("WARNING: %s key found for host %s\n"
+		    "in %s:%d\n"
+		    "%s key fingerprint %s.",
+		    key_type(found), host, file, line,
+		    key_type(found), fp);
+		xfree(fp);
+	}
+	key_free(found);
+	return (ret);
+}
+
+/* print all known host keys for a given host, but skip keys of given type */
+static int
+show_other_keys(const char *host, Key *key)
+{
+	int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, -1};
+	int i, found = 0;
+
+	for (i = 0; type[i] != -1; i++) {
+		if (type[i] == key->type)
+			continue;
+		if (type[i] != KEY_RSA1 &&
+		    show_key_from_file(options.user_hostfile2, host, type[i])) {
+			found = 1;
+			continue;
+		}
+		if (type[i] != KEY_RSA1 &&
+		    show_key_from_file(options.system_hostfile2, host, type[i])) {
+			found = 1;
+			continue;
+		}
+		if (show_key_from_file(options.user_hostfile, host, type[i])) {
+			found = 1;
+			continue;
+		}
+		if (show_key_from_file(options.system_hostfile, host, type[i])) {
+			found = 1;
+			continue;
+		}
+		debug2("no key of type %d for host %s", type[i], host);
+	}
+	return (found);
+}