X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/82aeee5ddee3f8a691a30a6c027af2b19b6b3af3..a03acb8f71abe2c1128ab91b53922238a2d6042e:/sshconnect.c

diff --git a/sshconnect.c b/sshconnect.c
index 41ad82f9..a222233d 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.183 2006/06/06 10:20:20 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.200 2006/10/10 10:12:45 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -18,14 +18,31 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/stat.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
 
 #include <ctype.h>
+#include <errno.h>
+#include <netdb.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
 #endif
+#include <pwd.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 
-#include "ssh.h"
 #include "xmalloc.h"
+#include "key.h"
+#include "hostfile.h"
+#include "ssh.h"
 #include "rsa.h"
 #include "buffer.h"
 #include "packet.h"
@@ -39,6 +56,7 @@
 #include "atomicio.h"
 #include "misc.h"
 #include "dns.h"
+#include "version.h"
 
 char *client_version_string = NULL;
 char *server_version_string = NULL;
@@ -97,7 +115,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
 		char *argv[10];
 
 		/* Child.  Permanently give up superuser privileges. */
-		permanently_set_uid(getpwuid(original_real_uid));
+		permanently_drop_suid(original_real_uid);
 
 		/* Redirect stdin and stdout. */
 		close(pin[1]);
@@ -306,9 +324,11 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 		    gai_strerror(gaierr));
 
 	for (attempt = 0; attempt < connection_attempts; attempt++) {
-		if (attempt > 0)
+		if (attempt > 0) {
+			/* Sleep a moment before retrying. */
+			sleep(1);
 			debug("Trying again...");
-
+		}
 		/*
 		 * Loop through addresses for this host, and try each one in
 		 * sequence until the connection succeeds.
@@ -345,9 +365,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 		}
 		if (sock != -1)
 			break;	/* Successful connection. */
-
-		/* Sleep a moment before retrying. */
-		sleep(1);
 	}
 
 	freeaddrinfo(aitop);
@@ -385,10 +402,10 @@ ssh_exchange_identification(void)
 	int connection_in = packet_get_connection_in();
 	int connection_out = packet_get_connection_out();
 	int minor1 = PROTOCOL_MINOR_1;
-	u_int i;
+	u_int i, n;
 
 	/* Read other side's version identification. */
-	for (;;) {
+	for (n = 0;;) {
 		for (i = 0; i < sizeof(buf) - 1; i++) {
 			size_t len = atomicio(read, connection_in, &buf[i], 1);
 
@@ -405,6 +422,8 @@ ssh_exchange_identification(void)
 				buf[i + 1] = 0;
 				break;
 			}
+			if (++n > 65536)
+				fatal("ssh_exchange_identification: No banner received");
 		}
 		buf[sizeof(buf) - 1] = 0;
 		if (strncmp(buf, "SSH-", 4) == 0)
@@ -506,13 +525,17 @@ confirm(const char *prompt)
  * check whether the supplied host key is valid, return -1 if the key
  * is not valid. the user_hostfile will not be updated if 'readonly' is true.
  */
+#define RDRW	0
+#define RDONLY	1
+#define ROQUIET	2
 static int
-check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
-    int readonly, const char *user_hostfile, const char *system_hostfile)
+check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
+    Key *host_key, int readonly, const char *user_hostfile,
+    const char *system_hostfile)
 {
 	Key *file_key;
 	const char *type = key_type(host_key);
-	char *ip = NULL;
+	char *ip = NULL, *host = NULL;
 	char hostline[1000], *hostp, *fp;
 	HostStatus host_status;
 	HostStatus ip_status;
@@ -563,7 +586,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 		if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
 		    NULL, 0, NI_NUMERICHOST) != 0)
 			fatal("check_host_key: getnameinfo failed");
-		ip = xstrdup(ntop);
+		ip = put_host_port(ntop, port);
 	} else {
 		ip = xstrdup("<no hostip for proxy command>");
 	}
@@ -571,18 +594,21 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 	 * Turn off check_host_ip if the connection is to localhost, via proxy
 	 * command or if we don't have a hostname to compare with
 	 */
-	if (options.check_host_ip &&
-	    (local || strcmp(host, ip) == 0 || options.proxy_command != NULL))
+	if (options.check_host_ip && (local ||
+	    strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
 		options.check_host_ip = 0;
 
 	/*
-	 * Allow the user to record the key under a different name. This is
-	 * useful for ssh tunneling over forwarded connections or if you run
-	 * multiple sshd's on different ports on the same machine.
+	 * Allow the user to record the key under a different name or
+	 * differentiate a non-standard port.  This is useful for ssh
+	 * tunneling over forwarded connections or if you run multiple
+	 * sshd's on different ports on the same machine.
 	 */
 	if (options.host_key_alias != NULL) {
-		host = options.host_key_alias;
+		host = xstrdup(options.host_key_alias);
 		debug("using hostkeyalias: %s", host);
+	} else {
+		host = put_host_port(hostname, port);
 	}
 
 	/*
@@ -651,6 +677,15 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 		}
 		break;
 	case HOST_NEW:
+		if (options.host_key_alias == NULL && port != 0 &&
+		    port != SSH_DEFAULT_PORT) {
+			debug("checking without port identifier");
+			if (check_host_key(hostname, hostaddr, 0, host_key, 2,
+			    user_hostfile, system_hostfile) == 0) {
+				debug("found matching key w/out port");
+				break;
+			}
+		}
 		if (readonly)
 			goto fail;
 		/* The host is new. */
@@ -730,6 +765,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 			    "list of known hosts.", hostp, type);
 		break;
 	case HOST_CHANGED:
+		if (readonly == ROQUIET)
+			goto fail;
 		if (options.check_host_ip && host_ip_differ) {
 			char *key_msg;
 			if (ip_status == HOST_NEW)
@@ -768,7 +805,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 		/*
 		 * If strict host key checking has not been requested, allow
 		 * the connection but without MITM-able authentication or
-		 * agent forwarding.
+		 * forwarding.
 		 */
 		if (options.password_authentication) {
 			error("Password authentication is disabled to avoid "
@@ -803,6 +840,11 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 			options.num_local_forwards =
 			    options.num_remote_forwards = 0;
 		}
+		if (options.tun_open != SSH_TUNMODE_NO) {
+			error("Tunnel forwarding is disabled to avoid "
+			    "man-in-the-middle attacks.");
+			options.tun_open = SSH_TUNMODE_NO;
+		}
 		/*
 		 * XXX Should permit the user to change to use the new id.
 		 * This could be done by converting the host key to an
@@ -844,10 +886,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 	}
 
 	xfree(ip);
+	xfree(host);
 	return 0;
 
 fail:
 	xfree(ip);
+	xfree(host);
 	return -1;
 }
 
@@ -881,12 +925,13 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
 	/* return ok if the key can be found in an old keyfile */
 	if (stat(options.system_hostfile2, &st) == 0 ||
 	    stat(options.user_hostfile2, &st) == 0) {
-		if (check_host_key(host, hostaddr, host_key, /*readonly*/ 1,
-		    options.user_hostfile2, options.system_hostfile2) == 0)
+		if (check_host_key(host, hostaddr, options.port, host_key,
+		    RDONLY, options.user_hostfile2,
+		    options.system_hostfile2) == 0)
 			return 0;
 	}
-	return check_host_key(host, hostaddr, host_key, /*readonly*/ 0,
-	    options.user_hostfile, options.system_hostfile);
+	return check_host_key(host, hostaddr, options.port, host_key,
+	    RDRW, options.user_hostfile, options.system_hostfile);
 }
 
 /*