tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-09-26 03:18:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2002/01/21 15:13:51

Browse Source 
[sshconnect.c]
     use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
     for hostkey confirm.
This commit is contained in:
Damien Miller 2002-01-22 23:34:12 +11:00
parent df64a682f1
commit 49d795c647
2 changed files with 43 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -211,6 +211,10 @@
[sshd.8] [sshd.8]
clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
allard@oceanpark.com; ok markus@ allard@oceanpark.com; ok markus@
- markus@cvs.openbsd.org 2002/01/21 15:13:51
[sshconnect.c]
use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
for hostkey confirm.
20020121 20020121
- (djm) Rework ssh-rand-helper: - (djm) Rework ssh-rand-helper:
@ -7358,4 +7362,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1782 2002/01/22 12:33:45 djm Exp $ $Id: ChangeLog,v 1.1783 2002/01/22 12:34:12 djm Exp $

84
sshconnect.c
View File

@ -13,7 +13,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.118 2001/12/19 07:18:56 deraadt Exp $"); RCSID("$OpenBSD: sshconnect.c,v 1.119 2002/01/21 15:13:51 markus Exp $");
#include <openssl/bn.h> #include <openssl/bn.h>
@ -31,6 +31,7 @@ RCSID("$OpenBSD: sshconnect.c,v 1.118 2001/12/19 07:18:56 deraadt Exp $");
#include "readconf.h" #include "readconf.h"
#include "atomicio.h" #include "atomicio.h"
#include "misc.h" #include "misc.h"
#include "readpass.h"
char *client_version_string = NULL; char *client_version_string = NULL;
char *server_version_string = NULL; char *server_version_string = NULL;
@ -488,40 +489,24 @@ ssh_exchange_identification(void)
static int static int
confirm(const char *prompt) confirm(const char *prompt)
{ {
char buf[1024]; const char *msg, *again = "Please type 'yes' or 'no': ";
FILE *f; char *p;
int retval = -1; int ret = -1;
if (options.batch_mode) if (options.batch_mode)
return 0; return 0;
if (isatty(STDIN_FILENO)) for (msg = prompt;;msg = again) {
f = stdin; p = read_passphrase(msg, RP_ECHO);
else if (p == NULL ||
f = fopen(_PATH_TTY, "rw"); (p[0] == '\0') || (p[0] == '\n') ||
if (f == NULL) strncasecmp(p, "no", 2) == 0)
return 0; ret = 0;
fflush(stdout); if (strncasecmp(p, "yes", 3) == 0)
fprintf(stderr, "%s", prompt); ret = 1;
while (1) { if (p)
if (fgets(buf, sizeof(buf), f) == NULL) { xfree(p);
fprintf(stderr, "\n"); if (ret != -1)
strlcpy(buf, "no", sizeof buf); return ret;
}
/* Remove newline from response. */
if (strchr(buf, '\n'))
*strchr(buf, '\n') = 0;
if (strcmp(buf, "yes") == 0)
retval = 1;
else if (strcmp(buf, "no") == 0)
retval = 0;
else
fprintf(stderr, "Please type 'yes' or 'no': ");
if (retval != -1) {
if (f != stdin)
fclose(f);
return retval;
}
} }
} }
@ -543,7 +528,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
int local = 0, host_ip_differ = 0; int local = 0, host_ip_differ = 0;
int salen; int salen;
char ntop[NI_MAXHOST]; char ntop[NI_MAXHOST];
int host_line, ip_line; char msg[1024];
int len, host_line, ip_line;
const char *host_file = NULL, *ip_file = NULL; const char *host_file = NULL, *ip_file = NULL;
/* /*
@ -688,18 +674,16 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
goto fail; goto fail;
} else if (options.strict_host_key_checking == 2) { } else if (options.strict_host_key_checking == 2) {
/* The default */ /* The default */
char prompt[1024];
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
snprintf(prompt, sizeof(prompt), snprintf(msg, sizeof(msg),
"The authenticity of host '%.200s (%s)' can't be " "The authenticity of host '%.200s (%s)' can't be "
"established.\n" "established.\n"
"%s key fingerprint is %s.\n" "%s key fingerprint is %s.\n"
"Are you sure you want to continue connecting " "Are you sure you want to continue connecting "
"(yes/no)? ", host, ip, type, fp); "(yes/no)? ", host, ip, type, fp);
xfree(fp); xfree(fp);
if (!confirm(prompt)) { if (!confirm(msg))
goto fail; goto fail;
}
} }
if (options.check_host_ip && ip_status == HOST_NEW) { if (options.check_host_ip && ip_status == HOST_NEW) {
snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
@ -803,20 +787,28 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
if (options.check_host_ip && host_status != HOST_CHANGED && if (options.check_host_ip && host_status != HOST_CHANGED &&
ip_status == HOST_CHANGED) { ip_status == HOST_CHANGED) {
log("Warning: the %s host key for '%.200s' " snprintf(msg, sizeof(msg),
"differs from the key for the IP address '%.128s'", "Warning: the %s host key for '%.200s' "
type, host, ip); "differs from the key for the IP address '%.128s'"
if (host_status == HOST_OK) "\nOffending key for IP in %s:%d",
log("Matching host key in %s:%d", host_file, host_line); type, host, ip, ip_file, ip_line);
log("Offending key for IP in %s:%d", ip_file, ip_line); if (host_status == HOST_OK) {
len = strlen(msg);
snprintf(msg + len, sizeof(msg) - len,
"\nMatching host key in %s:%d",
host_file, host_line);
}
if (options.strict_host_key_checking == 1) { if (options.strict_host_key_checking == 1) {
log(msg);
error("Exiting, you have requested strict checking."); error("Exiting, you have requested strict checking.");
goto fail; goto fail;
} else if (options.strict_host_key_checking == 2) { } else if (options.strict_host_key_checking == 2) {
if (!confirm("Are you sure you want " strlcat(msg, "\nAre you sure you want "
"to continue connecting (yes/no)? ")) { "to continue connecting (yes/no)? ", sizeof(msg));
if (!confirm(msg))
goto fail; goto fail;
} } else {
log(msg);
} }
} }