- jakob@cvs.openbsd.org 2003/11/03 09:09:41

     [sshconnect.c]
     move changed key warning into warn_changed_key(). ok markus@

diff --git a/ChangeLog b/ChangeLog
index ed7fe734100eb7ec62db9838d1a92c969b4feab5..6cd0e3a5c20fea6ae69d373e234b7122262f1a81 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,7 +4,9 @@
      [auth-chall.c]
      make this a little more idiot-proof; ok markus@
      (includes portable-specific changes)
-
+   - jakob@cvs.openbsd.org 2003/11/03 09:09:41
+     [sshconnect.c]
+     move changed key warning into warn_changed_key(). ok markus@
 
 20031115
  - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and

diff --git a/sshconnect.c b/sshconnect.c
index 2c028f3a6e39e579e96137f1fc5c56943f4afad6..3c8f480eda4b881e0c8307e70763f6a23e735dc0 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.150 2003/11/03 09:09:41 jakob Exp $");
 
 #include <openssl/bn.h>
 
@@ -52,6 +52,7 @@ extern pid_t proxy_command_pid;
 #endif
 
 static int show_other_keys(const char *, Key *);
+static void warn_changed_key(Key *);
 
 /*
  * Connect to the given ssh server using a proxy command.
@@ -785,20 +786,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                                error("Offending key for IP in %s:%d", ip_file, ip_line);
                }
                /* The host key has changed. */
-               fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
-               error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-               error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
-               error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-               error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
-               error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
-               error("It is also possible that the %s host key has just been changed.", type);
-               error("The fingerprint for the %s key sent by the remote host is\n%s.",
-                   type, fp);
-               error("Please contact your system administrator.");
+               warn_changed_key(host_key);
                error("Add correct host key in %.100s to get rid of this message.",
                    user_hostfile);
                error("Offending key in %s:%d", host_file, host_line);
-               xfree(fp);
 
                /*
                 * If strict host key checking is in use, the user will have
@@ -1045,3 +1036,25 @@ show_other_keys(const char *host, Key *key)
        }
        return (found);
 }
+
+static void
+warn_changed_key(Key *host_key)
+{
+       char *fp;
+       char *type = key_type(host_key);
+
+       fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+
+       error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+       error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
+       error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+       error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
+       error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
+       error("It is also possible that the %s host key has just been changed.", type);
+       error("The fingerprint for the %s key sent by the remote host is\n%s.",
+           type, fp);
+       error("Please contact your system administrator.");
+
+       xfree(fp);
+       xfree(type);
+}