1*ba1276acSMatthew Dillon /* $OpenBSD: sshconnect.c,v 1.368 2024/04/30 02:10:49 djm Exp $ */
218de8d7fSPeter Avalos /*
318de8d7fSPeter Avalos * Author: Tatu Ylonen <ylo@cs.hut.fi>
418de8d7fSPeter Avalos * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
518de8d7fSPeter Avalos * All rights reserved
618de8d7fSPeter Avalos * Code to connect to a remote host, and to perform the client side of the
718de8d7fSPeter Avalos * login (authentication) dialog.
818de8d7fSPeter Avalos *
918de8d7fSPeter Avalos * As far as I am concerned, the code I have written for this software
1018de8d7fSPeter Avalos * can be used freely for any purpose. Any derived versions of this
1118de8d7fSPeter Avalos * software must be clearly marked as such, and if the derived work is
1218de8d7fSPeter Avalos * incompatible with the protocol description in the RFC file, it must be
1318de8d7fSPeter Avalos * called by a name other than "ssh" or "Secure Shell".
1418de8d7fSPeter Avalos */
1518de8d7fSPeter Avalos
1618de8d7fSPeter Avalos #include "includes.h"
1718de8d7fSPeter Avalos
1818de8d7fSPeter Avalos #include <sys/types.h>
1918de8d7fSPeter Avalos #include <sys/wait.h>
2018de8d7fSPeter Avalos #include <sys/stat.h>
2118de8d7fSPeter Avalos #include <sys/socket.h>
2218de8d7fSPeter Avalos #ifdef HAVE_SYS_TIME_H
2318de8d7fSPeter Avalos # include <sys/time.h>
2418de8d7fSPeter Avalos #endif
2518de8d7fSPeter Avalos
26664f4763Szrj #include <net/if.h>
2718de8d7fSPeter Avalos #include <netinet/in.h>
2818de8d7fSPeter Avalos #include <arpa/inet.h>
2918de8d7fSPeter Avalos
3018de8d7fSPeter Avalos #include <ctype.h>
3118de8d7fSPeter Avalos #include <errno.h>
32856ea928SPeter Avalos #include <fcntl.h>
3350a69bb5SSascha Wildner #include <limits.h>
3418de8d7fSPeter Avalos #include <netdb.h>
3518de8d7fSPeter Avalos #ifdef HAVE_PATHS_H
3618de8d7fSPeter Avalos #include <paths.h>
3718de8d7fSPeter Avalos #endif
3818de8d7fSPeter Avalos #include <pwd.h>
39ce74bacaSMatthew Dillon #ifdef HAVE_POLL_H
40ce74bacaSMatthew Dillon #include <poll.h>
41ce74bacaSMatthew Dillon #endif
429f304aafSPeter Avalos #include <signal.h>
4318de8d7fSPeter Avalos #include <stdio.h>
4418de8d7fSPeter Avalos #include <stdlib.h>
450cbfa66cSDaniel Fojt #include <stdarg.h>
4618de8d7fSPeter Avalos #include <string.h>
4718de8d7fSPeter Avalos #include <unistd.h>
48664f4763Szrj #ifdef HAVE_IFADDRS_H
49664f4763Szrj # include <ifaddrs.h>
50664f4763Szrj #endif
5118de8d7fSPeter Avalos
5218de8d7fSPeter Avalos #include "xmalloc.h"
5318de8d7fSPeter Avalos #include "hostfile.h"
5418de8d7fSPeter Avalos #include "ssh.h"
55664f4763Szrj #include "sshbuf.h"
5618de8d7fSPeter Avalos #include "packet.h"
57664f4763Szrj #include "sshkey.h"
5818de8d7fSPeter Avalos #include "sshconnect.h"
5918de8d7fSPeter Avalos #include "log.h"
60*ba1276acSMatthew Dillon #include "match.h"
6136e94dc5SPeter Avalos #include "misc.h"
6218de8d7fSPeter Avalos #include "readconf.h"
6318de8d7fSPeter Avalos #include "atomicio.h"
6418de8d7fSPeter Avalos #include "dns.h"
6536e94dc5SPeter Avalos #include "monitor_fdpass.h"
66856ea928SPeter Avalos #include "ssh2.h"
6718de8d7fSPeter Avalos #include "version.h"
68e9778795SPeter Avalos #include "authfile.h"
69e9778795SPeter Avalos #include "ssherr.h"
70e9778795SPeter Avalos #include "authfd.h"
71664f4763Szrj #include "kex.h"
7218de8d7fSPeter Avalos
73ce74bacaSMatthew Dillon struct sshkey *previous_host_key = NULL;
7418de8d7fSPeter Avalos
7518de8d7fSPeter Avalos static int matching_host_key_dns = 0;
7618de8d7fSPeter Avalos
779f304aafSPeter Avalos static pid_t proxy_command_pid = 0;
789f304aafSPeter Avalos
7918de8d7fSPeter Avalos /* import */
80664f4763Szrj extern int debug_flag;
8118de8d7fSPeter Avalos extern Options options;
8218de8d7fSPeter Avalos extern char *__progname;
8318de8d7fSPeter Avalos
84ce74bacaSMatthew Dillon static int show_other_keys(struct hostkeys *, struct sshkey *);
85ce74bacaSMatthew Dillon static void warn_changed_key(struct sshkey *);
8618de8d7fSPeter Avalos
8736e94dc5SPeter Avalos /* Expand a proxy command */
8836e94dc5SPeter Avalos static char *
expand_proxy_command(const char * proxy_command,const char * user,const char * host,const char * host_arg,int port)8936e94dc5SPeter Avalos expand_proxy_command(const char *proxy_command, const char *user,
900cbfa66cSDaniel Fojt const char *host, const char *host_arg, int port)
9136e94dc5SPeter Avalos {
9236e94dc5SPeter Avalos char *tmp, *ret, strport[NI_MAXSERV];
9350a69bb5SSascha Wildner const char *keyalias = options.host_key_alias ?
9450a69bb5SSascha Wildner options.host_key_alias : host_arg;
9536e94dc5SPeter Avalos
9636e94dc5SPeter Avalos snprintf(strport, sizeof strport, "%d", port);
9736e94dc5SPeter Avalos xasprintf(&tmp, "exec %s", proxy_command);
980cbfa66cSDaniel Fojt ret = percent_expand(tmp,
990cbfa66cSDaniel Fojt "h", host,
10050a69bb5SSascha Wildner "k", keyalias,
1010cbfa66cSDaniel Fojt "n", host_arg,
1020cbfa66cSDaniel Fojt "p", strport,
1030cbfa66cSDaniel Fojt "r", options.user,
1040cbfa66cSDaniel Fojt (char *)NULL);
10536e94dc5SPeter Avalos free(tmp);
10636e94dc5SPeter Avalos return ret;
10736e94dc5SPeter Avalos }
10836e94dc5SPeter Avalos
10936e94dc5SPeter Avalos /*
11036e94dc5SPeter Avalos * Connect to the given ssh server using a proxy command that passes a
11136e94dc5SPeter Avalos * a connected fd back to us.
11236e94dc5SPeter Avalos */
11336e94dc5SPeter Avalos static int
ssh_proxy_fdpass_connect(struct ssh * ssh,const char * host,const char * host_arg,u_short port,const char * proxy_command)1140cbfa66cSDaniel Fojt ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
1150cbfa66cSDaniel Fojt const char *host_arg, u_short port, const char *proxy_command)
11636e94dc5SPeter Avalos {
11736e94dc5SPeter Avalos char *command_string;
11836e94dc5SPeter Avalos int sp[2], sock;
11936e94dc5SPeter Avalos pid_t pid;
12036e94dc5SPeter Avalos char *shell;
12136e94dc5SPeter Avalos
12236e94dc5SPeter Avalos if ((shell = getenv("SHELL")) == NULL)
12336e94dc5SPeter Avalos shell = _PATH_BSHELL;
12436e94dc5SPeter Avalos
1250cbfa66cSDaniel Fojt if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) == -1)
12636e94dc5SPeter Avalos fatal("Could not create socketpair to communicate with "
12736e94dc5SPeter Avalos "proxy dialer: %.100s", strerror(errno));
12836e94dc5SPeter Avalos
12936e94dc5SPeter Avalos command_string = expand_proxy_command(proxy_command, options.user,
1300cbfa66cSDaniel Fojt host, host_arg, port);
13136e94dc5SPeter Avalos debug("Executing proxy dialer command: %.500s", command_string);
13236e94dc5SPeter Avalos
13336e94dc5SPeter Avalos /* Fork and execute the proxy command. */
13436e94dc5SPeter Avalos if ((pid = fork()) == 0) {
13536e94dc5SPeter Avalos char *argv[10];
13636e94dc5SPeter Avalos
13736e94dc5SPeter Avalos close(sp[1]);
13836e94dc5SPeter Avalos /* Redirect stdin and stdout. */
13936e94dc5SPeter Avalos if (sp[0] != 0) {
1400cbfa66cSDaniel Fojt if (dup2(sp[0], 0) == -1)
14136e94dc5SPeter Avalos perror("dup2 stdin");
14236e94dc5SPeter Avalos }
14336e94dc5SPeter Avalos if (sp[0] != 1) {
1440cbfa66cSDaniel Fojt if (dup2(sp[0], 1) == -1)
14536e94dc5SPeter Avalos perror("dup2 stdout");
14636e94dc5SPeter Avalos }
14736e94dc5SPeter Avalos if (sp[0] >= 2)
14836e94dc5SPeter Avalos close(sp[0]);
14936e94dc5SPeter Avalos
15036e94dc5SPeter Avalos /*
151664f4763Szrj * Stderr is left for non-ControlPersist connections is so
152664f4763Szrj * error messages may be printed on the user's terminal.
15336e94dc5SPeter Avalos */
154664f4763Szrj if (!debug_flag && options.control_path != NULL &&
15550a69bb5SSascha Wildner options.control_persist && stdfd_devnull(0, 0, 1) == -1)
15650a69bb5SSascha Wildner error_f("stdfd_devnull failed");
157664f4763Szrj
15836e94dc5SPeter Avalos argv[0] = shell;
15936e94dc5SPeter Avalos argv[1] = "-c";
16036e94dc5SPeter Avalos argv[2] = command_string;
16136e94dc5SPeter Avalos argv[3] = NULL;
16236e94dc5SPeter Avalos
16336e94dc5SPeter Avalos /*
16436e94dc5SPeter Avalos * Execute the proxy command.
16536e94dc5SPeter Avalos * Note that we gave up any extra privileges above.
16636e94dc5SPeter Avalos */
16736e94dc5SPeter Avalos execv(argv[0], argv);
16836e94dc5SPeter Avalos perror(argv[0]);
16936e94dc5SPeter Avalos exit(1);
17036e94dc5SPeter Avalos }
17136e94dc5SPeter Avalos /* Parent. */
1720cbfa66cSDaniel Fojt if (pid == -1)
17336e94dc5SPeter Avalos fatal("fork failed: %.100s", strerror(errno));
17436e94dc5SPeter Avalos close(sp[0]);
17536e94dc5SPeter Avalos free(command_string);
17636e94dc5SPeter Avalos
17736e94dc5SPeter Avalos if ((sock = mm_receive_fd(sp[1])) == -1)
17836e94dc5SPeter Avalos fatal("proxy dialer did not pass back a connection");
179e9778795SPeter Avalos close(sp[1]);
18036e94dc5SPeter Avalos
18136e94dc5SPeter Avalos while (waitpid(pid, NULL, 0) == -1)
18236e94dc5SPeter Avalos if (errno != EINTR)
18336e94dc5SPeter Avalos fatal("Couldn't wait for child: %s", strerror(errno));
18436e94dc5SPeter Avalos
18536e94dc5SPeter Avalos /* Set the connection file descriptors. */
186ce74bacaSMatthew Dillon if (ssh_packet_set_connection(ssh, sock, sock) == NULL)
187ce74bacaSMatthew Dillon return -1; /* ssh_packet_set_connection logs error */
18836e94dc5SPeter Avalos
18936e94dc5SPeter Avalos return 0;
19036e94dc5SPeter Avalos }
19136e94dc5SPeter Avalos
19218de8d7fSPeter Avalos /*
19318de8d7fSPeter Avalos * Connect to the given ssh server using a proxy command.
19418de8d7fSPeter Avalos */
19518de8d7fSPeter Avalos static int
ssh_proxy_connect(struct ssh * ssh,const char * host,const char * host_arg,u_short port,const char * proxy_command)1960cbfa66cSDaniel Fojt ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
1970cbfa66cSDaniel Fojt u_short port, const char *proxy_command)
19818de8d7fSPeter Avalos {
19936e94dc5SPeter Avalos char *command_string;
20018de8d7fSPeter Avalos int pin[2], pout[2];
20118de8d7fSPeter Avalos pid_t pid;
20236e94dc5SPeter Avalos char *shell;
20318de8d7fSPeter Avalos
2049f304aafSPeter Avalos if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
20518de8d7fSPeter Avalos shell = _PATH_BSHELL;
20618de8d7fSPeter Avalos
20718de8d7fSPeter Avalos /* Create pipes for communicating with the proxy. */
2080cbfa66cSDaniel Fojt if (pipe(pin) == -1 || pipe(pout) == -1)
20918de8d7fSPeter Avalos fatal("Could not create pipes to communicate with the proxy: %.100s",
21018de8d7fSPeter Avalos strerror(errno));
21118de8d7fSPeter Avalos
21236e94dc5SPeter Avalos command_string = expand_proxy_command(proxy_command, options.user,
2130cbfa66cSDaniel Fojt host, host_arg, port);
21418de8d7fSPeter Avalos debug("Executing proxy command: %.500s", command_string);
21518de8d7fSPeter Avalos
21618de8d7fSPeter Avalos /* Fork and execute the proxy command. */
21718de8d7fSPeter Avalos if ((pid = fork()) == 0) {
21818de8d7fSPeter Avalos char *argv[10];
21918de8d7fSPeter Avalos
22018de8d7fSPeter Avalos /* Redirect stdin and stdout. */
22118de8d7fSPeter Avalos close(pin[1]);
22218de8d7fSPeter Avalos if (pin[0] != 0) {
2230cbfa66cSDaniel Fojt if (dup2(pin[0], 0) == -1)
22418de8d7fSPeter Avalos perror("dup2 stdin");
22518de8d7fSPeter Avalos close(pin[0]);
22618de8d7fSPeter Avalos }
22718de8d7fSPeter Avalos close(pout[0]);
2280cbfa66cSDaniel Fojt if (dup2(pout[1], 1) == -1)
22918de8d7fSPeter Avalos perror("dup2 stdout");
23018de8d7fSPeter Avalos /* Cannot be 1 because pin allocated two descriptors. */
23118de8d7fSPeter Avalos close(pout[1]);
23218de8d7fSPeter Avalos
233664f4763Szrj /*
234664f4763Szrj * Stderr is left for non-ControlPersist connections is so
235664f4763Szrj * error messages may be printed on the user's terminal.
236664f4763Szrj */
237664f4763Szrj if (!debug_flag && options.control_path != NULL &&
23850a69bb5SSascha Wildner options.control_persist && stdfd_devnull(0, 0, 1) == -1)
23950a69bb5SSascha Wildner error_f("stdfd_devnull failed");
240664f4763Szrj
24118de8d7fSPeter Avalos argv[0] = shell;
24218de8d7fSPeter Avalos argv[1] = "-c";
24318de8d7fSPeter Avalos argv[2] = command_string;
24418de8d7fSPeter Avalos argv[3] = NULL;
24518de8d7fSPeter Avalos
24650a69bb5SSascha Wildner /*
24750a69bb5SSascha Wildner * Execute the proxy command. Note that we gave up any
24850a69bb5SSascha Wildner * extra privileges above.
24950a69bb5SSascha Wildner */
2500cbfa66cSDaniel Fojt ssh_signal(SIGPIPE, SIG_DFL);
25118de8d7fSPeter Avalos execv(argv[0], argv);
25218de8d7fSPeter Avalos perror(argv[0]);
25318de8d7fSPeter Avalos exit(1);
25418de8d7fSPeter Avalos }
25518de8d7fSPeter Avalos /* Parent. */
2560cbfa66cSDaniel Fojt if (pid == -1)
25718de8d7fSPeter Avalos fatal("fork failed: %.100s", strerror(errno));
25818de8d7fSPeter Avalos else
25918de8d7fSPeter Avalos proxy_command_pid = pid; /* save pid to clean up later */
26018de8d7fSPeter Avalos
26118de8d7fSPeter Avalos /* Close child side of the descriptors. */
26218de8d7fSPeter Avalos close(pin[0]);
26318de8d7fSPeter Avalos close(pout[1]);
26418de8d7fSPeter Avalos
26518de8d7fSPeter Avalos /* Free the command name. */
26636e94dc5SPeter Avalos free(command_string);
26718de8d7fSPeter Avalos
26818de8d7fSPeter Avalos /* Set the connection file descriptors. */
269ce74bacaSMatthew Dillon if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == NULL)
270ce74bacaSMatthew Dillon return -1; /* ssh_packet_set_connection logs error */
27118de8d7fSPeter Avalos
27218de8d7fSPeter Avalos return 0;
27318de8d7fSPeter Avalos }
27418de8d7fSPeter Avalos
2759f304aafSPeter Avalos void
ssh_kill_proxy_command(void)2769f304aafSPeter Avalos ssh_kill_proxy_command(void)
2779f304aafSPeter Avalos {
2789f304aafSPeter Avalos /*
2799f304aafSPeter Avalos * Send SIGHUP to proxy command if used. We don't wait() in
2809f304aafSPeter Avalos * case it hangs and instead rely on init to reap the child
2819f304aafSPeter Avalos */
2829f304aafSPeter Avalos if (proxy_command_pid > 1)
2839f304aafSPeter Avalos kill(proxy_command_pid, SIGHUP);
2849f304aafSPeter Avalos }
2859f304aafSPeter Avalos
286664f4763Szrj #ifdef HAVE_IFADDRS_H
28718de8d7fSPeter Avalos /*
288664f4763Szrj * Search a interface address list (returned from getifaddrs(3)) for an
289664f4763Szrj * address that matches the desired address family on the specified interface.
290664f4763Szrj * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure.
29118de8d7fSPeter Avalos */
29218de8d7fSPeter Avalos static int
check_ifaddrs(const char * ifname,int af,const struct ifaddrs * ifaddrs,struct sockaddr_storage * resultp,socklen_t * rlenp)293664f4763Szrj check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs,
294664f4763Szrj struct sockaddr_storage *resultp, socklen_t *rlenp)
29518de8d7fSPeter Avalos {
296664f4763Szrj struct sockaddr_in6 *sa6;
297664f4763Szrj struct sockaddr_in *sa;
298664f4763Szrj struct in6_addr *v6addr;
299664f4763Szrj const struct ifaddrs *ifa;
300664f4763Szrj int allow_local;
301664f4763Szrj
302664f4763Szrj /*
303664f4763Szrj * Prefer addresses that are not loopback or linklocal, but use them
304664f4763Szrj * if nothing else matches.
305664f4763Szrj */
306664f4763Szrj for (allow_local = 0; allow_local < 2; allow_local++) {
307664f4763Szrj for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
308664f4763Szrj if (ifa->ifa_addr == NULL || ifa->ifa_name == NULL ||
309664f4763Szrj (ifa->ifa_flags & IFF_UP) == 0 ||
310664f4763Szrj ifa->ifa_addr->sa_family != af ||
311664f4763Szrj strcmp(ifa->ifa_name, options.bind_interface) != 0)
312664f4763Szrj continue;
313664f4763Szrj switch (ifa->ifa_addr->sa_family) {
314664f4763Szrj case AF_INET:
315664f4763Szrj sa = (struct sockaddr_in *)ifa->ifa_addr;
316664f4763Szrj if (!allow_local && sa->sin_addr.s_addr ==
317664f4763Szrj htonl(INADDR_LOOPBACK))
318664f4763Szrj continue;
319664f4763Szrj if (*rlenp < sizeof(struct sockaddr_in)) {
32050a69bb5SSascha Wildner error_f("v4 addr doesn't fit");
321664f4763Szrj return -1;
322664f4763Szrj }
323664f4763Szrj *rlenp = sizeof(struct sockaddr_in);
324664f4763Szrj memcpy(resultp, sa, *rlenp);
325664f4763Szrj return 0;
326664f4763Szrj case AF_INET6:
327664f4763Szrj sa6 = (struct sockaddr_in6 *)ifa->ifa_addr;
328664f4763Szrj v6addr = &sa6->sin6_addr;
329664f4763Szrj if (!allow_local &&
330664f4763Szrj (IN6_IS_ADDR_LINKLOCAL(v6addr) ||
331664f4763Szrj IN6_IS_ADDR_LOOPBACK(v6addr)))
332664f4763Szrj continue;
333664f4763Szrj if (*rlenp < sizeof(struct sockaddr_in6)) {
33450a69bb5SSascha Wildner error_f("v6 addr doesn't fit");
335664f4763Szrj return -1;
336664f4763Szrj }
337664f4763Szrj *rlenp = sizeof(struct sockaddr_in6);
338664f4763Szrj memcpy(resultp, sa6, *rlenp);
339664f4763Szrj return 0;
340664f4763Szrj }
341664f4763Szrj }
342664f4763Szrj }
343664f4763Szrj return -1;
344664f4763Szrj }
345664f4763Szrj #endif
346664f4763Szrj
347664f4763Szrj /*
348664f4763Szrj * Creates a socket for use as the ssh connection.
349664f4763Szrj */
350664f4763Szrj static int
ssh_create_socket(struct addrinfo * ai)351664f4763Szrj ssh_create_socket(struct addrinfo *ai)
352664f4763Szrj {
353664f4763Szrj int sock, r;
354664f4763Szrj struct sockaddr_storage bindaddr;
355664f4763Szrj socklen_t bindaddrlen = 0;
35636e94dc5SPeter Avalos struct addrinfo hints, *res = NULL;
357664f4763Szrj #ifdef HAVE_IFADDRS_H
358664f4763Szrj struct ifaddrs *ifaddrs = NULL;
359664f4763Szrj #endif
360664f4763Szrj char ntop[NI_MAXHOST];
36118de8d7fSPeter Avalos
36218de8d7fSPeter Avalos sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
3630cbfa66cSDaniel Fojt if (sock == -1) {
36436e94dc5SPeter Avalos error("socket: %s", strerror(errno));
365856ea928SPeter Avalos return -1;
366856ea928SPeter Avalos }
367*ba1276acSMatthew Dillon (void)fcntl(sock, F_SETFD, FD_CLOEXEC);
36818de8d7fSPeter Avalos
36950a69bb5SSascha Wildner /* Use interactive QOS (if specified) until authentication completed */
37050a69bb5SSascha Wildner if (options.ip_qos_interactive != INT_MAX)
37150a69bb5SSascha Wildner set_sock_tos(sock, options.ip_qos_interactive);
37250a69bb5SSascha Wildner
37318de8d7fSPeter Avalos /* Bind the socket to an alternative local IP address */
374664f4763Szrj if (options.bind_address == NULL && options.bind_interface == NULL)
37518de8d7fSPeter Avalos return sock;
37618de8d7fSPeter Avalos
377664f4763Szrj if (options.bind_address != NULL) {
37818de8d7fSPeter Avalos memset(&hints, 0, sizeof(hints));
37918de8d7fSPeter Avalos hints.ai_family = ai->ai_family;
38018de8d7fSPeter Avalos hints.ai_socktype = ai->ai_socktype;
38118de8d7fSPeter Avalos hints.ai_protocol = ai->ai_protocol;
38218de8d7fSPeter Avalos hints.ai_flags = AI_PASSIVE;
383664f4763Szrj if ((r = getaddrinfo(options.bind_address, NULL,
384664f4763Szrj &hints, &res)) != 0) {
38518de8d7fSPeter Avalos error("getaddrinfo: %s: %s", options.bind_address,
386664f4763Szrj ssh_gai_strerror(r));
387664f4763Szrj goto fail;
38818de8d7fSPeter Avalos }
389664f4763Szrj if (res == NULL) {
390664f4763Szrj error("getaddrinfo: no addrs");
391664f4763Szrj goto fail;
39236e94dc5SPeter Avalos }
393664f4763Szrj memcpy(&bindaddr, res->ai_addr, res->ai_addrlen);
394664f4763Szrj bindaddrlen = res->ai_addrlen;
395664f4763Szrj } else if (options.bind_interface != NULL) {
396664f4763Szrj #ifdef HAVE_IFADDRS_H
397664f4763Szrj if ((r = getifaddrs(&ifaddrs)) != 0) {
398664f4763Szrj error("getifaddrs: %s: %s", options.bind_interface,
39936e94dc5SPeter Avalos strerror(errno));
40036e94dc5SPeter Avalos goto fail;
40136e94dc5SPeter Avalos }
402664f4763Szrj bindaddrlen = sizeof(bindaddr);
403664f4763Szrj if (check_ifaddrs(options.bind_interface, ai->ai_family,
404664f4763Szrj ifaddrs, &bindaddr, &bindaddrlen) != 0) {
405664f4763Szrj logit("getifaddrs: %s: no suitable addresses",
406664f4763Szrj options.bind_interface);
407664f4763Szrj goto fail;
408664f4763Szrj }
409664f4763Szrj #else
410664f4763Szrj error("BindInterface not supported on this platform.");
411664f4763Szrj #endif
412664f4763Szrj }
413664f4763Szrj if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen,
414664f4763Szrj ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST)) != 0) {
41550a69bb5SSascha Wildner error_f("getnameinfo failed: %s", ssh_gai_strerror(r));
416664f4763Szrj goto fail;
417664f4763Szrj }
418664f4763Szrj if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
419664f4763Szrj error("bind %s: %s", ntop, strerror(errno));
420664f4763Szrj goto fail;
421664f4763Szrj }
42250a69bb5SSascha Wildner debug_f("bound to %s", ntop);
423664f4763Szrj /* success */
424664f4763Szrj goto out;
42536e94dc5SPeter Avalos fail:
42618de8d7fSPeter Avalos close(sock);
427664f4763Szrj sock = -1;
428664f4763Szrj out:
42936e94dc5SPeter Avalos if (res != NULL)
43018de8d7fSPeter Avalos freeaddrinfo(res);
431664f4763Szrj #ifdef HAVE_IFADDRS_H
432664f4763Szrj if (ifaddrs != NULL)
433664f4763Szrj freeifaddrs(ifaddrs);
434664f4763Szrj #endif
43518de8d7fSPeter Avalos return sock;
43618de8d7fSPeter Avalos }
43718de8d7fSPeter Avalos
438ce74bacaSMatthew Dillon /*
43918de8d7fSPeter Avalos * Opens a TCP/IP connection to the remote server on the given host.
44018de8d7fSPeter Avalos * The address of the remote host will be returned in hostaddr.
441664f4763Szrj * If port is 0, the default port will be used.
44218de8d7fSPeter Avalos * Connection_attempts specifies the maximum number of tries (one per
44318de8d7fSPeter Avalos * second). If proxy_command is non-NULL, it specifies the command (with %h
44418de8d7fSPeter Avalos * and %p substituted for host and port, respectively) to use to contact
44518de8d7fSPeter Avalos * the daemon.
44618de8d7fSPeter Avalos */
44736e94dc5SPeter Avalos static int
ssh_connect_direct(struct ssh * ssh,const char * host,struct addrinfo * aitop,struct sockaddr_storage * hostaddr,u_short port,int connection_attempts,int * timeout_ms,int want_keepalive)448ce74bacaSMatthew Dillon ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
44950a69bb5SSascha Wildner struct sockaddr_storage *hostaddr, u_short port, int connection_attempts,
45050a69bb5SSascha Wildner int *timeout_ms, int want_keepalive)
45118de8d7fSPeter Avalos {
452664f4763Szrj int on = 1, saved_timeout_ms = *timeout_ms;
453664f4763Szrj int oerrno, sock = -1, attempt;
45418de8d7fSPeter Avalos char ntop[NI_MAXHOST], strport[NI_MAXSERV];
45536e94dc5SPeter Avalos struct addrinfo *ai;
45618de8d7fSPeter Avalos
45750a69bb5SSascha Wildner debug3_f("entering");
458e9778795SPeter Avalos memset(ntop, 0, sizeof(ntop));
459e9778795SPeter Avalos memset(strport, 0, sizeof(strport));
46018de8d7fSPeter Avalos
46118de8d7fSPeter Avalos for (attempt = 0; attempt < connection_attempts; attempt++) {
46218de8d7fSPeter Avalos if (attempt > 0) {
46318de8d7fSPeter Avalos /* Sleep a moment before retrying. */
46418de8d7fSPeter Avalos sleep(1);
46518de8d7fSPeter Avalos debug("Trying again...");
46618de8d7fSPeter Avalos }
46718de8d7fSPeter Avalos /*
46818de8d7fSPeter Avalos * Loop through addresses for this host, and try each one in
46918de8d7fSPeter Avalos * sequence until the connection succeeds.
47018de8d7fSPeter Avalos */
47118de8d7fSPeter Avalos for (ai = aitop; ai; ai = ai->ai_next) {
47236e94dc5SPeter Avalos if (ai->ai_family != AF_INET &&
473664f4763Szrj ai->ai_family != AF_INET6) {
474664f4763Szrj errno = EAFNOSUPPORT;
47518de8d7fSPeter Avalos continue;
476664f4763Szrj }
47718de8d7fSPeter Avalos if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
47818de8d7fSPeter Avalos ntop, sizeof(ntop), strport, sizeof(strport),
47918de8d7fSPeter Avalos NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
480664f4763Szrj oerrno = errno;
48150a69bb5SSascha Wildner error_f("getnameinfo failed");
482664f4763Szrj errno = oerrno;
48318de8d7fSPeter Avalos continue;
48418de8d7fSPeter Avalos }
485*ba1276acSMatthew Dillon if (options.address_family != AF_UNSPEC &&
486*ba1276acSMatthew Dillon ai->ai_family != options.address_family) {
487*ba1276acSMatthew Dillon debug2_f("skipping address [%s]:%s: "
488*ba1276acSMatthew Dillon "wrong address family", ntop, strport);
489*ba1276acSMatthew Dillon errno = EAFNOSUPPORT;
490*ba1276acSMatthew Dillon continue;
491*ba1276acSMatthew Dillon }
492*ba1276acSMatthew Dillon
49318de8d7fSPeter Avalos debug("Connecting to %.200s [%.100s] port %s.",
49418de8d7fSPeter Avalos host, ntop, strport);
49518de8d7fSPeter Avalos
49618de8d7fSPeter Avalos /* Create a socket for connecting. */
497664f4763Szrj sock = ssh_create_socket(ai);
498664f4763Szrj if (sock < 0) {
49918de8d7fSPeter Avalos /* Any error is already output */
500664f4763Szrj errno = 0;
50118de8d7fSPeter Avalos continue;
502664f4763Szrj }
50318de8d7fSPeter Avalos
504664f4763Szrj *timeout_ms = saved_timeout_ms;
50518de8d7fSPeter Avalos if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
50618de8d7fSPeter Avalos timeout_ms) >= 0) {
50718de8d7fSPeter Avalos /* Successful connection. */
50818de8d7fSPeter Avalos memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
50918de8d7fSPeter Avalos break;
51018de8d7fSPeter Avalos } else {
511664f4763Szrj oerrno = errno;
51218de8d7fSPeter Avalos debug("connect to address %s port %s: %s",
51318de8d7fSPeter Avalos ntop, strport, strerror(errno));
51418de8d7fSPeter Avalos close(sock);
51518de8d7fSPeter Avalos sock = -1;
516664f4763Szrj errno = oerrno;
51718de8d7fSPeter Avalos }
51818de8d7fSPeter Avalos }
51918de8d7fSPeter Avalos if (sock != -1)
52018de8d7fSPeter Avalos break; /* Successful connection. */
52118de8d7fSPeter Avalos }
52218de8d7fSPeter Avalos
52318de8d7fSPeter Avalos /* Return failure if we didn't get a successful connection. */
52418de8d7fSPeter Avalos if (sock == -1) {
52518de8d7fSPeter Avalos error("ssh: connect to host %s port %s: %s",
526664f4763Szrj host, strport, errno == 0 ? "failure" : strerror(errno));
527664f4763Szrj return -1;
52818de8d7fSPeter Avalos }
52918de8d7fSPeter Avalos
53018de8d7fSPeter Avalos debug("Connection established.");
53118de8d7fSPeter Avalos
53218de8d7fSPeter Avalos /* Set SO_KEEPALIVE if requested. */
53318de8d7fSPeter Avalos if (want_keepalive &&
53418de8d7fSPeter Avalos setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
5350cbfa66cSDaniel Fojt sizeof(on)) == -1)
53618de8d7fSPeter Avalos error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
53718de8d7fSPeter Avalos
53818de8d7fSPeter Avalos /* Set the connection. */
539ce74bacaSMatthew Dillon if (ssh_packet_set_connection(ssh, sock, sock) == NULL)
540ce74bacaSMatthew Dillon return -1; /* ssh_packet_set_connection logs error */
54118de8d7fSPeter Avalos
54218de8d7fSPeter Avalos return 0;
54318de8d7fSPeter Avalos }
54418de8d7fSPeter Avalos
54536e94dc5SPeter Avalos int
ssh_connect(struct ssh * ssh,const char * host,const char * host_arg,struct addrinfo * addrs,struct sockaddr_storage * hostaddr,u_short port,int connection_attempts,int * timeout_ms,int want_keepalive)5460cbfa66cSDaniel Fojt ssh_connect(struct ssh *ssh, const char *host, const char *host_arg,
5470cbfa66cSDaniel Fojt struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port,
54850a69bb5SSascha Wildner int connection_attempts, int *timeout_ms, int want_keepalive)
54936e94dc5SPeter Avalos {
550664f4763Szrj int in, out;
551664f4763Szrj
55236e94dc5SPeter Avalos if (options.proxy_command == NULL) {
553ce74bacaSMatthew Dillon return ssh_connect_direct(ssh, host, addrs, hostaddr, port,
55450a69bb5SSascha Wildner connection_attempts, timeout_ms, want_keepalive);
55536e94dc5SPeter Avalos } else if (strcmp(options.proxy_command, "-") == 0) {
5560cbfa66cSDaniel Fojt if ((in = dup(STDIN_FILENO)) == -1 ||
5570cbfa66cSDaniel Fojt (out = dup(STDOUT_FILENO)) == -1) {
558664f4763Szrj if (in >= 0)
559664f4763Szrj close(in);
56050a69bb5SSascha Wildner error_f("dup() in/out failed");
561664f4763Szrj return -1; /* ssh_packet_set_connection logs error */
562664f4763Szrj }
563664f4763Szrj if ((ssh_packet_set_connection(ssh, in, out)) == NULL)
564ce74bacaSMatthew Dillon return -1; /* ssh_packet_set_connection logs error */
565ce74bacaSMatthew Dillon return 0;
56636e94dc5SPeter Avalos } else if (options.proxy_use_fdpass) {
5670cbfa66cSDaniel Fojt return ssh_proxy_fdpass_connect(ssh, host, host_arg, port,
56836e94dc5SPeter Avalos options.proxy_command);
56936e94dc5SPeter Avalos }
5700cbfa66cSDaniel Fojt return ssh_proxy_connect(ssh, host, host_arg, port,
5710cbfa66cSDaniel Fojt options.proxy_command);
57236e94dc5SPeter Avalos }
57336e94dc5SPeter Avalos
57418de8d7fSPeter Avalos /* defaults to 'no' */
57518de8d7fSPeter Avalos static int
confirm(const char * prompt,const char * fingerprint)576664f4763Szrj confirm(const char *prompt, const char *fingerprint)
57718de8d7fSPeter Avalos {
57818de8d7fSPeter Avalos const char *msg, *again = "Please type 'yes' or 'no': ";
579664f4763Szrj const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
5800cbfa66cSDaniel Fojt char *p, *cp;
58118de8d7fSPeter Avalos int ret = -1;
58218de8d7fSPeter Avalos
58318de8d7fSPeter Avalos if (options.batch_mode)
58418de8d7fSPeter Avalos return 0;
585664f4763Szrj for (msg = prompt;;msg = fingerprint ? again_fp : again) {
5860cbfa66cSDaniel Fojt cp = p = read_passphrase(msg, RP_ECHO);
587664f4763Szrj if (p == NULL)
588664f4763Szrj return 0;
5890cbfa66cSDaniel Fojt p += strspn(p, " \t"); /* skip leading whitespace */
5900cbfa66cSDaniel Fojt p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */
591664f4763Szrj if (p[0] == '\0' || strcasecmp(p, "no") == 0)
59218de8d7fSPeter Avalos ret = 0;
593664f4763Szrj else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
59450a69bb5SSascha Wildner strcmp(p, fingerprint) == 0))
59518de8d7fSPeter Avalos ret = 1;
5960cbfa66cSDaniel Fojt free(cp);
59718de8d7fSPeter Avalos if (ret != -1)
59818de8d7fSPeter Avalos return ret;
59918de8d7fSPeter Avalos }
60018de8d7fSPeter Avalos }
60118de8d7fSPeter Avalos
602856ea928SPeter Avalos static int
sockaddr_is_local(struct sockaddr * hostaddr)6039f304aafSPeter Avalos sockaddr_is_local(struct sockaddr *hostaddr)
6049f304aafSPeter Avalos {
6059f304aafSPeter Avalos switch (hostaddr->sa_family) {
6069f304aafSPeter Avalos case AF_INET:
6079f304aafSPeter Avalos return (ntohl(((struct sockaddr_in *)hostaddr)->
6089f304aafSPeter Avalos sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
6099f304aafSPeter Avalos case AF_INET6:
6109f304aafSPeter Avalos return IN6_IS_ADDR_LOOPBACK(
6119f304aafSPeter Avalos &(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
6129f304aafSPeter Avalos default:
6139f304aafSPeter Avalos return 0;
6149f304aafSPeter Avalos }
6159f304aafSPeter Avalos }
6169f304aafSPeter Avalos
6179f304aafSPeter Avalos /*
6189f304aafSPeter Avalos * Prepare the hostname and ip address strings that are used to lookup
6199f304aafSPeter Avalos * host keys in known_hosts files. These may have a port number appended.
6209f304aafSPeter Avalos */
6219f304aafSPeter Avalos void
get_hostfile_hostname_ipaddr(char * hostname,struct sockaddr * hostaddr,u_short port,char ** hostfile_hostname,char ** hostfile_ipaddr)6229f304aafSPeter Avalos get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
6239f304aafSPeter Avalos u_short port, char **hostfile_hostname, char **hostfile_ipaddr)
6249f304aafSPeter Avalos {
6259f304aafSPeter Avalos char ntop[NI_MAXHOST];
6269f304aafSPeter Avalos socklen_t addrlen;
6279f304aafSPeter Avalos
6289f304aafSPeter Avalos switch (hostaddr == NULL ? -1 : hostaddr->sa_family) {
6299f304aafSPeter Avalos case -1:
6309f304aafSPeter Avalos addrlen = 0;
6319f304aafSPeter Avalos break;
6329f304aafSPeter Avalos case AF_INET:
6339f304aafSPeter Avalos addrlen = sizeof(struct sockaddr_in);
6349f304aafSPeter Avalos break;
6359f304aafSPeter Avalos case AF_INET6:
6369f304aafSPeter Avalos addrlen = sizeof(struct sockaddr_in6);
6379f304aafSPeter Avalos break;
6389f304aafSPeter Avalos default:
6399f304aafSPeter Avalos addrlen = sizeof(struct sockaddr);
6409f304aafSPeter Avalos break;
6419f304aafSPeter Avalos }
6429f304aafSPeter Avalos
6439f304aafSPeter Avalos /*
6449f304aafSPeter Avalos * We don't have the remote ip-address for connections
6459f304aafSPeter Avalos * using a proxy command
6469f304aafSPeter Avalos */
6479f304aafSPeter Avalos if (hostfile_ipaddr != NULL) {
6489f304aafSPeter Avalos if (options.proxy_command == NULL) {
6499f304aafSPeter Avalos if (getnameinfo(hostaddr, addrlen,
6509f304aafSPeter Avalos ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0)
65150a69bb5SSascha Wildner fatal_f("getnameinfo failed");
6529f304aafSPeter Avalos *hostfile_ipaddr = put_host_port(ntop, port);
6539f304aafSPeter Avalos } else {
6549f304aafSPeter Avalos *hostfile_ipaddr = xstrdup("<no hostip for proxy "
6559f304aafSPeter Avalos "command>");
6569f304aafSPeter Avalos }
6579f304aafSPeter Avalos }
6589f304aafSPeter Avalos
6599f304aafSPeter Avalos /*
6609f304aafSPeter Avalos * Allow the user to record the key under a different name or
6619f304aafSPeter Avalos * differentiate a non-standard port. This is useful for ssh
6629f304aafSPeter Avalos * tunneling over forwarded connections or if you run multiple
6639f304aafSPeter Avalos * sshd's on different ports on the same machine.
6649f304aafSPeter Avalos */
6659f304aafSPeter Avalos if (hostfile_hostname != NULL) {
6669f304aafSPeter Avalos if (options.host_key_alias != NULL) {
6679f304aafSPeter Avalos *hostfile_hostname = xstrdup(options.host_key_alias);
6689f304aafSPeter Avalos debug("using hostkeyalias: %s", *hostfile_hostname);
6699f304aafSPeter Avalos } else {
6709f304aafSPeter Avalos *hostfile_hostname = put_host_port(hostname, port);
6719f304aafSPeter Avalos }
6729f304aafSPeter Avalos }
6739f304aafSPeter Avalos }
6749f304aafSPeter Avalos
67550a69bb5SSascha Wildner /* returns non-zero if path appears in hostfiles, or 0 if not. */
67650a69bb5SSascha Wildner static int
path_in_hostfiles(const char * path,char ** hostfiles,u_int num_hostfiles)67750a69bb5SSascha Wildner path_in_hostfiles(const char *path, char **hostfiles, u_int num_hostfiles)
67850a69bb5SSascha Wildner {
67950a69bb5SSascha Wildner u_int i;
68050a69bb5SSascha Wildner
68150a69bb5SSascha Wildner for (i = 0; i < num_hostfiles; i++) {
68250a69bb5SSascha Wildner if (strcmp(path, hostfiles[i]) == 0)
68350a69bb5SSascha Wildner return 1;
68450a69bb5SSascha Wildner }
68550a69bb5SSascha Wildner return 0;
68650a69bb5SSascha Wildner }
68750a69bb5SSascha Wildner
68850a69bb5SSascha Wildner struct find_by_key_ctx {
68950a69bb5SSascha Wildner const char *host, *ip;
69050a69bb5SSascha Wildner const struct sshkey *key;
69150a69bb5SSascha Wildner char **names;
69250a69bb5SSascha Wildner u_int nnames;
69350a69bb5SSascha Wildner };
69450a69bb5SSascha Wildner
69550a69bb5SSascha Wildner /* Try to replace home directory prefix (per $HOME) with a ~/ sequence */
69650a69bb5SSascha Wildner static char *
try_tilde_unexpand(const char * path)69750a69bb5SSascha Wildner try_tilde_unexpand(const char *path)
69850a69bb5SSascha Wildner {
69950a69bb5SSascha Wildner char *home, *ret = NULL;
70050a69bb5SSascha Wildner size_t l;
70150a69bb5SSascha Wildner
70250a69bb5SSascha Wildner if (*path != '/')
70350a69bb5SSascha Wildner return xstrdup(path);
70450a69bb5SSascha Wildner if ((home = getenv("HOME")) == NULL || (l = strlen(home)) == 0)
70550a69bb5SSascha Wildner return xstrdup(path);
70650a69bb5SSascha Wildner if (strncmp(path, home, l) != 0)
70750a69bb5SSascha Wildner return xstrdup(path);
70850a69bb5SSascha Wildner /*
70950a69bb5SSascha Wildner * ensure we have matched on a path boundary: either the $HOME that
71050a69bb5SSascha Wildner * we just compared ends with a '/' or the next character of the path
71150a69bb5SSascha Wildner * must be a '/'.
71250a69bb5SSascha Wildner */
71350a69bb5SSascha Wildner if (home[l - 1] != '/' && path[l] != '/')
71450a69bb5SSascha Wildner return xstrdup(path);
71550a69bb5SSascha Wildner if (path[l] == '/')
71650a69bb5SSascha Wildner l++;
71750a69bb5SSascha Wildner xasprintf(&ret, "~/%s", path + l);
71850a69bb5SSascha Wildner return ret;
71950a69bb5SSascha Wildner }
72050a69bb5SSascha Wildner
721*ba1276acSMatthew Dillon /*
722*ba1276acSMatthew Dillon * Returns non-zero if the key is accepted by HostkeyAlgorithms.
723*ba1276acSMatthew Dillon * Made slightly less trivial by the multiple RSA signature algorithm names.
724*ba1276acSMatthew Dillon */
725*ba1276acSMatthew Dillon int
hostkey_accepted_by_hostkeyalgs(const struct sshkey * key)726*ba1276acSMatthew Dillon hostkey_accepted_by_hostkeyalgs(const struct sshkey *key)
727*ba1276acSMatthew Dillon {
728*ba1276acSMatthew Dillon const char *ktype = sshkey_ssh_name(key);
729*ba1276acSMatthew Dillon const char *hostkeyalgs = options.hostkeyalgorithms;
730*ba1276acSMatthew Dillon
731*ba1276acSMatthew Dillon if (key->type == KEY_UNSPEC)
732*ba1276acSMatthew Dillon return 0;
733*ba1276acSMatthew Dillon if (key->type == KEY_RSA &&
734*ba1276acSMatthew Dillon (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 ||
735*ba1276acSMatthew Dillon match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))
736*ba1276acSMatthew Dillon return 1;
737*ba1276acSMatthew Dillon if (key->type == KEY_RSA_CERT &&
738*ba1276acSMatthew Dillon (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", hostkeyalgs, 0) == 1 ||
739*ba1276acSMatthew Dillon match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", hostkeyalgs, 0) == 1))
740*ba1276acSMatthew Dillon return 1;
741*ba1276acSMatthew Dillon return match_pattern_list(ktype, hostkeyalgs, 0) == 1;
742*ba1276acSMatthew Dillon }
743*ba1276acSMatthew Dillon
74450a69bb5SSascha Wildner static int
hostkeys_find_by_key_cb(struct hostkey_foreach_line * l,void * _ctx)74550a69bb5SSascha Wildner hostkeys_find_by_key_cb(struct hostkey_foreach_line *l, void *_ctx)
74650a69bb5SSascha Wildner {
74750a69bb5SSascha Wildner struct find_by_key_ctx *ctx = (struct find_by_key_ctx *)_ctx;
74850a69bb5SSascha Wildner char *path;
74950a69bb5SSascha Wildner
75050a69bb5SSascha Wildner /* we are looking for keys with names that *do not* match */
75150a69bb5SSascha Wildner if ((l->match & HKF_MATCH_HOST) != 0)
75250a69bb5SSascha Wildner return 0;
75350a69bb5SSascha Wildner /* not interested in marker lines */
75450a69bb5SSascha Wildner if (l->marker != MRK_NONE)
75550a69bb5SSascha Wildner return 0;
75650a69bb5SSascha Wildner /* we are only interested in exact key matches */
75750a69bb5SSascha Wildner if (l->key == NULL || !sshkey_equal(ctx->key, l->key))
75850a69bb5SSascha Wildner return 0;
75950a69bb5SSascha Wildner path = try_tilde_unexpand(l->path);
76050a69bb5SSascha Wildner debug_f("found matching key in %s:%lu", path, l->linenum);
76150a69bb5SSascha Wildner ctx->names = xrecallocarray(ctx->names,
76250a69bb5SSascha Wildner ctx->nnames, ctx->nnames + 1, sizeof(*ctx->names));
76350a69bb5SSascha Wildner xasprintf(&ctx->names[ctx->nnames], "%s:%lu: %s", path, l->linenum,
76450a69bb5SSascha Wildner strncmp(l->hosts, HASH_MAGIC, strlen(HASH_MAGIC)) == 0 ?
76550a69bb5SSascha Wildner "[hashed name]" : l->hosts);
76650a69bb5SSascha Wildner ctx->nnames++;
76750a69bb5SSascha Wildner free(path);
76850a69bb5SSascha Wildner return 0;
76950a69bb5SSascha Wildner }
77050a69bb5SSascha Wildner
77150a69bb5SSascha Wildner static int
hostkeys_find_by_key_hostfile(const char * file,const char * which,struct find_by_key_ctx * ctx)77250a69bb5SSascha Wildner hostkeys_find_by_key_hostfile(const char *file, const char *which,
77350a69bb5SSascha Wildner struct find_by_key_ctx *ctx)
77450a69bb5SSascha Wildner {
77550a69bb5SSascha Wildner int r;
77650a69bb5SSascha Wildner
77750a69bb5SSascha Wildner debug3_f("trying %s hostfile \"%s\"", which, file);
77850a69bb5SSascha Wildner if ((r = hostkeys_foreach(file, hostkeys_find_by_key_cb, ctx,
77950a69bb5SSascha Wildner ctx->host, ctx->ip, HKF_WANT_PARSE_KEY, 0)) != 0) {
78050a69bb5SSascha Wildner if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) {
78150a69bb5SSascha Wildner debug_f("hostkeys file %s does not exist", file);
78250a69bb5SSascha Wildner return 0;
78350a69bb5SSascha Wildner }
78450a69bb5SSascha Wildner error_fr(r, "hostkeys_foreach failed for %s", file);
78550a69bb5SSascha Wildner return r;
78650a69bb5SSascha Wildner }
78750a69bb5SSascha Wildner return 0;
78850a69bb5SSascha Wildner }
78950a69bb5SSascha Wildner
79050a69bb5SSascha Wildner /*
79150a69bb5SSascha Wildner * Find 'key' in known hosts file(s) that do not match host/ip.
79250a69bb5SSascha Wildner * Used to display also-known-as information for previously-unseen hostkeys.
79350a69bb5SSascha Wildner */
79450a69bb5SSascha Wildner static void
hostkeys_find_by_key(const char * host,const char * ip,const struct sshkey * key,char ** user_hostfiles,u_int num_user_hostfiles,char ** system_hostfiles,u_int num_system_hostfiles,char *** names,u_int * nnames)79550a69bb5SSascha Wildner hostkeys_find_by_key(const char *host, const char *ip, const struct sshkey *key,
79650a69bb5SSascha Wildner char **user_hostfiles, u_int num_user_hostfiles,
79750a69bb5SSascha Wildner char **system_hostfiles, u_int num_system_hostfiles,
79850a69bb5SSascha Wildner char ***names, u_int *nnames)
79950a69bb5SSascha Wildner {
80050a69bb5SSascha Wildner struct find_by_key_ctx ctx = {0, 0, 0, 0, 0};
80150a69bb5SSascha Wildner u_int i;
80250a69bb5SSascha Wildner
80350a69bb5SSascha Wildner *names = NULL;
80450a69bb5SSascha Wildner *nnames = 0;
80550a69bb5SSascha Wildner
80650a69bb5SSascha Wildner if (key == NULL || sshkey_is_cert(key))
80750a69bb5SSascha Wildner return;
80850a69bb5SSascha Wildner
80950a69bb5SSascha Wildner ctx.host = host;
81050a69bb5SSascha Wildner ctx.ip = ip;
81150a69bb5SSascha Wildner ctx.key = key;
81250a69bb5SSascha Wildner
81350a69bb5SSascha Wildner for (i = 0; i < num_user_hostfiles; i++) {
81450a69bb5SSascha Wildner if (hostkeys_find_by_key_hostfile(user_hostfiles[i],
81550a69bb5SSascha Wildner "user", &ctx) != 0)
81650a69bb5SSascha Wildner goto fail;
81750a69bb5SSascha Wildner }
81850a69bb5SSascha Wildner for (i = 0; i < num_system_hostfiles; i++) {
81950a69bb5SSascha Wildner if (hostkeys_find_by_key_hostfile(system_hostfiles[i],
82050a69bb5SSascha Wildner "system", &ctx) != 0)
82150a69bb5SSascha Wildner goto fail;
82250a69bb5SSascha Wildner }
82350a69bb5SSascha Wildner /* success */
82450a69bb5SSascha Wildner *names = ctx.names;
82550a69bb5SSascha Wildner *nnames = ctx.nnames;
82650a69bb5SSascha Wildner ctx.names = NULL;
82750a69bb5SSascha Wildner ctx.nnames = 0;
82850a69bb5SSascha Wildner return;
82950a69bb5SSascha Wildner fail:
83050a69bb5SSascha Wildner for (i = 0; i < ctx.nnames; i++)
83150a69bb5SSascha Wildner free(ctx.names[i]);
83250a69bb5SSascha Wildner free(ctx.names);
83350a69bb5SSascha Wildner }
83450a69bb5SSascha Wildner
83550a69bb5SSascha Wildner #define MAX_OTHER_NAMES 8 /* Maximum number of names to list */
83650a69bb5SSascha Wildner static char *
other_hostkeys_message(const char * host,const char * ip,const struct sshkey * key,char ** user_hostfiles,u_int num_user_hostfiles,char ** system_hostfiles,u_int num_system_hostfiles)83750a69bb5SSascha Wildner other_hostkeys_message(const char *host, const char *ip,
83850a69bb5SSascha Wildner const struct sshkey *key,
83950a69bb5SSascha Wildner char **user_hostfiles, u_int num_user_hostfiles,
84050a69bb5SSascha Wildner char **system_hostfiles, u_int num_system_hostfiles)
84150a69bb5SSascha Wildner {
84250a69bb5SSascha Wildner char *ret = NULL, **othernames = NULL;
84350a69bb5SSascha Wildner u_int i, n, num_othernames = 0;
84450a69bb5SSascha Wildner
84550a69bb5SSascha Wildner hostkeys_find_by_key(host, ip, key,
84650a69bb5SSascha Wildner user_hostfiles, num_user_hostfiles,
84750a69bb5SSascha Wildner system_hostfiles, num_system_hostfiles,
84850a69bb5SSascha Wildner &othernames, &num_othernames);
84950a69bb5SSascha Wildner if (num_othernames == 0)
850ee116499SAntonio Huete Jimenez return xstrdup("This key is not known by any other names.");
85150a69bb5SSascha Wildner
85250a69bb5SSascha Wildner xasprintf(&ret, "This host key is known by the following other "
85350a69bb5SSascha Wildner "names/addresses:");
85450a69bb5SSascha Wildner
85550a69bb5SSascha Wildner n = num_othernames;
85650a69bb5SSascha Wildner if (n > MAX_OTHER_NAMES)
85750a69bb5SSascha Wildner n = MAX_OTHER_NAMES;
85850a69bb5SSascha Wildner for (i = 0; i < n; i++) {
85950a69bb5SSascha Wildner xextendf(&ret, "\n", " %s", othernames[i]);
86050a69bb5SSascha Wildner }
86150a69bb5SSascha Wildner if (n < num_othernames) {
86250a69bb5SSascha Wildner xextendf(&ret, "\n", " (%d additional names omitted)",
86350a69bb5SSascha Wildner num_othernames - n);
86450a69bb5SSascha Wildner }
86550a69bb5SSascha Wildner for (i = 0; i < num_othernames; i++)
86650a69bb5SSascha Wildner free(othernames[i]);
86750a69bb5SSascha Wildner free(othernames);
86850a69bb5SSascha Wildner return ret;
86950a69bb5SSascha Wildner }
87050a69bb5SSascha Wildner
87150a69bb5SSascha Wildner void
load_hostkeys_command(struct hostkeys * hostkeys,const char * command_template,const char * invocation,const struct ssh_conn_info * cinfo,const struct sshkey * host_key,const char * hostfile_hostname)87250a69bb5SSascha Wildner load_hostkeys_command(struct hostkeys *hostkeys, const char *command_template,
87350a69bb5SSascha Wildner const char *invocation, const struct ssh_conn_info *cinfo,
87450a69bb5SSascha Wildner const struct sshkey *host_key, const char *hostfile_hostname)
87550a69bb5SSascha Wildner {
87650a69bb5SSascha Wildner int r, i, ac = 0;
87750a69bb5SSascha Wildner char *key_fp = NULL, *keytext = NULL, *tmp;
87850a69bb5SSascha Wildner char *command = NULL, *tag = NULL, **av = NULL;
87950a69bb5SSascha Wildner FILE *f = NULL;
88050a69bb5SSascha Wildner pid_t pid;
88150a69bb5SSascha Wildner void (*osigchld)(int);
88250a69bb5SSascha Wildner
88350a69bb5SSascha Wildner xasprintf(&tag, "KnownHostsCommand-%s", invocation);
88450a69bb5SSascha Wildner
88550a69bb5SSascha Wildner if (host_key != NULL) {
88650a69bb5SSascha Wildner if ((key_fp = sshkey_fingerprint(host_key,
88750a69bb5SSascha Wildner options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
88850a69bb5SSascha Wildner fatal_f("sshkey_fingerprint failed");
88950a69bb5SSascha Wildner if ((r = sshkey_to_base64(host_key, &keytext)) != 0)
89050a69bb5SSascha Wildner fatal_fr(r, "sshkey_to_base64 failed");
89150a69bb5SSascha Wildner }
89250a69bb5SSascha Wildner /*
89350a69bb5SSascha Wildner * NB. all returns later this function should go via "out" to
89450a69bb5SSascha Wildner * ensure the original SIGCHLD handler is restored properly.
89550a69bb5SSascha Wildner */
89650a69bb5SSascha Wildner osigchld = ssh_signal(SIGCHLD, SIG_DFL);
89750a69bb5SSascha Wildner
89850a69bb5SSascha Wildner /* Turn the command into an argument vector */
89950a69bb5SSascha Wildner if (argv_split(command_template, &ac, &av, 0) != 0) {
90050a69bb5SSascha Wildner error("%s \"%s\" contains invalid quotes", tag,
90150a69bb5SSascha Wildner command_template);
90250a69bb5SSascha Wildner goto out;
90350a69bb5SSascha Wildner }
90450a69bb5SSascha Wildner if (ac == 0) {
90550a69bb5SSascha Wildner error("%s \"%s\" yielded no arguments", tag,
90650a69bb5SSascha Wildner command_template);
90750a69bb5SSascha Wildner goto out;
90850a69bb5SSascha Wildner }
90950a69bb5SSascha Wildner for (i = 1; i < ac; i++) {
91050a69bb5SSascha Wildner tmp = percent_dollar_expand(av[i],
91150a69bb5SSascha Wildner DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
91250a69bb5SSascha Wildner "H", hostfile_hostname,
91350a69bb5SSascha Wildner "I", invocation,
91450a69bb5SSascha Wildner "t", host_key == NULL ? "NONE" : sshkey_ssh_name(host_key),
91550a69bb5SSascha Wildner "f", key_fp == NULL ? "NONE" : key_fp,
91650a69bb5SSascha Wildner "K", keytext == NULL ? "NONE" : keytext,
91750a69bb5SSascha Wildner (char *)NULL);
91850a69bb5SSascha Wildner if (tmp == NULL)
91950a69bb5SSascha Wildner fatal_f("percent_expand failed");
92050a69bb5SSascha Wildner free(av[i]);
92150a69bb5SSascha Wildner av[i] = tmp;
92250a69bb5SSascha Wildner }
92350a69bb5SSascha Wildner /* Prepare a printable command for logs, etc. */
92450a69bb5SSascha Wildner command = argv_assemble(ac, av);
92550a69bb5SSascha Wildner
92650a69bb5SSascha Wildner if ((pid = subprocess(tag, command, ac, av, &f,
92750a69bb5SSascha Wildner SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_UNSAFE_PATH|
92850a69bb5SSascha Wildner SSH_SUBPROCESS_PRESERVE_ENV, NULL, NULL, NULL)) == 0)
92950a69bb5SSascha Wildner goto out;
93050a69bb5SSascha Wildner
93150a69bb5SSascha Wildner load_hostkeys_file(hostkeys, hostfile_hostname, tag, f, 1);
93250a69bb5SSascha Wildner
93350a69bb5SSascha Wildner if (exited_cleanly(pid, tag, command, 0) != 0)
93450a69bb5SSascha Wildner fatal("KnownHostsCommand failed");
93550a69bb5SSascha Wildner
93650a69bb5SSascha Wildner out:
93750a69bb5SSascha Wildner if (f != NULL)
93850a69bb5SSascha Wildner fclose(f);
93950a69bb5SSascha Wildner ssh_signal(SIGCHLD, osigchld);
94050a69bb5SSascha Wildner for (i = 0; i < ac; i++)
94150a69bb5SSascha Wildner free(av[i]);
94250a69bb5SSascha Wildner free(av);
94350a69bb5SSascha Wildner free(tag);
94450a69bb5SSascha Wildner free(command);
94550a69bb5SSascha Wildner free(key_fp);
94650a69bb5SSascha Wildner free(keytext);
94750a69bb5SSascha Wildner }
94850a69bb5SSascha Wildner
94918de8d7fSPeter Avalos /*
95018de8d7fSPeter Avalos * check whether the supplied host key is valid, return -1 if the key
9511c188a7fSPeter Avalos * is not valid. user_hostfile[0] will not be updated if 'readonly' is true.
95218de8d7fSPeter Avalos */
95318de8d7fSPeter Avalos #define RDRW 0
95418de8d7fSPeter Avalos #define RDONLY 1
95518de8d7fSPeter Avalos #define ROQUIET 2
95618de8d7fSPeter Avalos static int
check_host_key(char * hostname,const struct ssh_conn_info * cinfo,struct sockaddr * hostaddr,u_short port,struct sshkey * host_key,int readonly,int clobber_port,char ** user_hostfiles,u_int num_user_hostfiles,char ** system_hostfiles,u_int num_system_hostfiles,const char * hostfile_command)95750a69bb5SSascha Wildner check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
95850a69bb5SSascha Wildner struct sockaddr *hostaddr, u_short port,
95950a69bb5SSascha Wildner struct sshkey *host_key, int readonly, int clobber_port,
9601c188a7fSPeter Avalos char **user_hostfiles, u_int num_user_hostfiles,
96150a69bb5SSascha Wildner char **system_hostfiles, u_int num_system_hostfiles,
96250a69bb5SSascha Wildner const char *hostfile_command)
96318de8d7fSPeter Avalos {
96450a69bb5SSascha Wildner HostStatus host_status = -1, ip_status = -1;
965ce74bacaSMatthew Dillon struct sshkey *raw_key = NULL;
9661c188a7fSPeter Avalos char *ip = NULL, *host = NULL;
9671c188a7fSPeter Avalos char hostline[1000], *hostp, *fp, *ra;
96818de8d7fSPeter Avalos char msg[1024];
969*ba1276acSMatthew Dillon const char *type, *fail_reason = NULL;
97050a69bb5SSascha Wildner const struct hostkey_entry *host_found = NULL, *ip_found = NULL;
971664f4763Szrj int len, cancelled_forwarding = 0, confirmed;
9721c188a7fSPeter Avalos int local = sockaddr_is_local(hostaddr);
973ce74bacaSMatthew Dillon int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
974e9778795SPeter Avalos int hostkey_trusted = 0; /* Known or explicitly accepted by user */
9751c188a7fSPeter Avalos struct hostkeys *host_hostkeys, *ip_hostkeys;
9761c188a7fSPeter Avalos u_int i;
97718de8d7fSPeter Avalos
97818de8d7fSPeter Avalos /*
97918de8d7fSPeter Avalos * Force accepting of the host key for loopback/localhost. The
98018de8d7fSPeter Avalos * problem is that if the home directory is NFS-mounted to multiple
98118de8d7fSPeter Avalos * machines, localhost will refer to a different machine in each of
98218de8d7fSPeter Avalos * them, and the user will get bogus HOST_CHANGED warnings. This
98318de8d7fSPeter Avalos * essentially disables host authentication for localhost; however,
98418de8d7fSPeter Avalos * this is probably not a real problem.
98518de8d7fSPeter Avalos */
98618de8d7fSPeter Avalos if (options.no_host_authentication_for_localhost == 1 && local &&
98718de8d7fSPeter Avalos options.host_key_alias == NULL) {
98818de8d7fSPeter Avalos debug("Forcing accepting of host key for "
98918de8d7fSPeter Avalos "loopback/localhost.");
99050a69bb5SSascha Wildner options.update_hostkeys = 0;
99118de8d7fSPeter Avalos return 0;
99218de8d7fSPeter Avalos }
99318de8d7fSPeter Avalos
99418de8d7fSPeter Avalos /*
995*ba1276acSMatthew Dillon * Don't ever try to write an invalid name to a known hosts file.
996*ba1276acSMatthew Dillon * Note: do this before get_hostfile_hostname_ipaddr() to catch
997*ba1276acSMatthew Dillon * '[' or ']' in the name before they are added.
998*ba1276acSMatthew Dillon */
999*ba1276acSMatthew Dillon if (strcspn(hostname, "@?*#[]|'\'\"\\") != strlen(hostname)) {
1000*ba1276acSMatthew Dillon debug_f("invalid hostname \"%s\"; will not record: %s",
1001*ba1276acSMatthew Dillon hostname, fail_reason);
1002*ba1276acSMatthew Dillon readonly = RDONLY;
1003*ba1276acSMatthew Dillon }
1004*ba1276acSMatthew Dillon
1005*ba1276acSMatthew Dillon /*
10069f304aafSPeter Avalos * Prepare the hostname and address strings used for hostkey lookup.
10079f304aafSPeter Avalos * In some cases, these will have a port number appended.
100818de8d7fSPeter Avalos */
100950a69bb5SSascha Wildner get_hostfile_hostname_ipaddr(hostname, hostaddr,
101050a69bb5SSascha Wildner clobber_port ? 0 : port, &host, &ip);
101118de8d7fSPeter Avalos
101218de8d7fSPeter Avalos /*
101318de8d7fSPeter Avalos * Turn off check_host_ip if the connection is to localhost, via proxy
101418de8d7fSPeter Avalos * command or if we don't have a hostname to compare with
101518de8d7fSPeter Avalos */
101618de8d7fSPeter Avalos if (options.check_host_ip && (local ||
101718de8d7fSPeter Avalos strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
101818de8d7fSPeter Avalos options.check_host_ip = 0;
101918de8d7fSPeter Avalos
10209f304aafSPeter Avalos host_hostkeys = init_hostkeys();
10211c188a7fSPeter Avalos for (i = 0; i < num_user_hostfiles; i++)
102250a69bb5SSascha Wildner load_hostkeys(host_hostkeys, host, user_hostfiles[i], 0);
10231c188a7fSPeter Avalos for (i = 0; i < num_system_hostfiles; i++)
102450a69bb5SSascha Wildner load_hostkeys(host_hostkeys, host, system_hostfiles[i], 0);
102550a69bb5SSascha Wildner if (hostfile_command != NULL && !clobber_port) {
102650a69bb5SSascha Wildner load_hostkeys_command(host_hostkeys, hostfile_command,
102750a69bb5SSascha Wildner "HOSTNAME", cinfo, host_key, host);
102850a69bb5SSascha Wildner }
10299f304aafSPeter Avalos
10309f304aafSPeter Avalos ip_hostkeys = NULL;
10319f304aafSPeter Avalos if (!want_cert && options.check_host_ip) {
10329f304aafSPeter Avalos ip_hostkeys = init_hostkeys();
10331c188a7fSPeter Avalos for (i = 0; i < num_user_hostfiles; i++)
103450a69bb5SSascha Wildner load_hostkeys(ip_hostkeys, ip, user_hostfiles[i], 0);
10351c188a7fSPeter Avalos for (i = 0; i < num_system_hostfiles; i++)
103650a69bb5SSascha Wildner load_hostkeys(ip_hostkeys, ip, system_hostfiles[i], 0);
103750a69bb5SSascha Wildner if (hostfile_command != NULL && !clobber_port) {
103850a69bb5SSascha Wildner load_hostkeys_command(ip_hostkeys, hostfile_command,
103950a69bb5SSascha Wildner "ADDRESS", cinfo, host_key, ip);
104050a69bb5SSascha Wildner }
104118de8d7fSPeter Avalos }
104218de8d7fSPeter Avalos
1043856ea928SPeter Avalos retry:
1044*ba1276acSMatthew Dillon if (!hostkey_accepted_by_hostkeyalgs(host_key)) {
1045*ba1276acSMatthew Dillon error("host key %s not permitted by HostkeyAlgorithms",
1046*ba1276acSMatthew Dillon sshkey_ssh_name(host_key));
1047*ba1276acSMatthew Dillon goto fail;
1048*ba1276acSMatthew Dillon }
1049*ba1276acSMatthew Dillon
10509f304aafSPeter Avalos /* Reload these as they may have changed on cert->key downgrade */
1051ce74bacaSMatthew Dillon want_cert = sshkey_is_cert(host_key);
1052ce74bacaSMatthew Dillon type = sshkey_type(host_key);
1053856ea928SPeter Avalos
105418de8d7fSPeter Avalos /*
105518de8d7fSPeter Avalos * Check if the host key is present in the user's list of known
105618de8d7fSPeter Avalos * hosts or in the systemwide list.
105718de8d7fSPeter Avalos */
10589f304aafSPeter Avalos host_status = check_key_in_hostkeys(host_hostkeys, host_key,
10599f304aafSPeter Avalos &host_found);
10609f304aafSPeter Avalos
106118de8d7fSPeter Avalos /*
106250a69bb5SSascha Wildner * If there are no hostfiles, or if the hostkey was found via
106350a69bb5SSascha Wildner * KnownHostsCommand, then don't try to touch the disk.
106450a69bb5SSascha Wildner */
106550a69bb5SSascha Wildner if (!readonly && (num_user_hostfiles == 0 ||
106650a69bb5SSascha Wildner (host_found != NULL && host_found->note != 0)))
106750a69bb5SSascha Wildner readonly = RDONLY;
106850a69bb5SSascha Wildner
106950a69bb5SSascha Wildner /*
107018de8d7fSPeter Avalos * Also perform check for the ip address, skip the check if we are
1071856ea928SPeter Avalos * localhost, looking for a certificate, or the hostname was an ip
1072856ea928SPeter Avalos * address to begin with.
107318de8d7fSPeter Avalos */
10749f304aafSPeter Avalos if (!want_cert && ip_hostkeys != NULL) {
10759f304aafSPeter Avalos ip_status = check_key_in_hostkeys(ip_hostkeys, host_key,
10769f304aafSPeter Avalos &ip_found);
107718de8d7fSPeter Avalos if (host_status == HOST_CHANGED &&
10789f304aafSPeter Avalos (ip_status != HOST_CHANGED ||
10799f304aafSPeter Avalos (ip_found != NULL &&
1080ce74bacaSMatthew Dillon !sshkey_equal(ip_found->key, host_found->key))))
108118de8d7fSPeter Avalos host_ip_differ = 1;
108218de8d7fSPeter Avalos } else
108318de8d7fSPeter Avalos ip_status = host_status;
108418de8d7fSPeter Avalos
108518de8d7fSPeter Avalos switch (host_status) {
108618de8d7fSPeter Avalos case HOST_OK:
108718de8d7fSPeter Avalos /* The host is known and the key matches. */
1088856ea928SPeter Avalos debug("Host '%.200s' is known and matches the %s host %s.",
1089856ea928SPeter Avalos host, type, want_cert ? "certificate" : "key");
10909f304aafSPeter Avalos debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",
10919f304aafSPeter Avalos host_found->file, host_found->line);
109250a69bb5SSascha Wildner if (want_cert) {
109350a69bb5SSascha Wildner if (sshkey_cert_check_host(host_key,
109450a69bb5SSascha Wildner options.host_key_alias == NULL ?
109550a69bb5SSascha Wildner hostname : options.host_key_alias, 0,
109650a69bb5SSascha Wildner options.ca_sign_algorithms, &fail_reason) != 0) {
109750a69bb5SSascha Wildner error("%s", fail_reason);
1098856ea928SPeter Avalos goto fail;
109950a69bb5SSascha Wildner }
110050a69bb5SSascha Wildner /*
110150a69bb5SSascha Wildner * Do not attempt hostkey update if a certificate was
110250a69bb5SSascha Wildner * successfully matched.
110350a69bb5SSascha Wildner */
110450a69bb5SSascha Wildner if (options.update_hostkeys != 0) {
110550a69bb5SSascha Wildner options.update_hostkeys = 0;
110650a69bb5SSascha Wildner debug3_f("certificate host key in use; "
110750a69bb5SSascha Wildner "disabling UpdateHostkeys");
110850a69bb5SSascha Wildner }
110950a69bb5SSascha Wildner }
111050a69bb5SSascha Wildner /* Turn off UpdateHostkeys if key was in system known_hosts */
111150a69bb5SSascha Wildner if (options.update_hostkeys != 0 &&
111250a69bb5SSascha Wildner (path_in_hostfiles(host_found->file,
111350a69bb5SSascha Wildner system_hostfiles, num_system_hostfiles) ||
111450a69bb5SSascha Wildner (ip_status == HOST_OK && ip_found != NULL &&
111550a69bb5SSascha Wildner path_in_hostfiles(ip_found->file,
111650a69bb5SSascha Wildner system_hostfiles, num_system_hostfiles)))) {
111750a69bb5SSascha Wildner options.update_hostkeys = 0;
111850a69bb5SSascha Wildner debug3_f("host key found in GlobalKnownHostsFile; "
111950a69bb5SSascha Wildner "disabling UpdateHostkeys");
112050a69bb5SSascha Wildner }
112150a69bb5SSascha Wildner if (options.update_hostkeys != 0 && host_found->note) {
112250a69bb5SSascha Wildner options.update_hostkeys = 0;
112350a69bb5SSascha Wildner debug3_f("host key found via KnownHostsCommand; "
112450a69bb5SSascha Wildner "disabling UpdateHostkeys");
112550a69bb5SSascha Wildner }
112618de8d7fSPeter Avalos if (options.check_host_ip && ip_status == HOST_NEW) {
1127856ea928SPeter Avalos if (readonly || want_cert)
112818de8d7fSPeter Avalos logit("%s host key for IP address "
112918de8d7fSPeter Avalos "'%.128s' not in list of known hosts.",
113018de8d7fSPeter Avalos type, ip);
11311c188a7fSPeter Avalos else if (!add_host_to_hostfile(user_hostfiles[0], ip,
113218de8d7fSPeter Avalos host_key, options.hash_known_hosts))
113318de8d7fSPeter Avalos logit("Failed to add the %s host key for IP "
113418de8d7fSPeter Avalos "address '%.128s' to the list of known "
1135e9778795SPeter Avalos "hosts (%.500s).", type, ip,
11361c188a7fSPeter Avalos user_hostfiles[0]);
113718de8d7fSPeter Avalos else
113818de8d7fSPeter Avalos logit("Warning: Permanently added the %s host "
113918de8d7fSPeter Avalos "key for IP address '%.128s' to the list "
114018de8d7fSPeter Avalos "of known hosts.", type, ip);
114118de8d7fSPeter Avalos } else if (options.visual_host_key) {
1142e9778795SPeter Avalos fp = sshkey_fingerprint(host_key,
1143e9778795SPeter Avalos options.fingerprint_hash, SSH_FP_DEFAULT);
1144e9778795SPeter Avalos ra = sshkey_fingerprint(host_key,
1145e9778795SPeter Avalos options.fingerprint_hash, SSH_FP_RANDOMART);
1146e9778795SPeter Avalos if (fp == NULL || ra == NULL)
114750a69bb5SSascha Wildner fatal_f("sshkey_fingerprint failed");
1148e9778795SPeter Avalos logit("Host key fingerprint is %s\n%s", fp, ra);
114936e94dc5SPeter Avalos free(ra);
115036e94dc5SPeter Avalos free(fp);
115118de8d7fSPeter Avalos }
1152e9778795SPeter Avalos hostkey_trusted = 1;
115318de8d7fSPeter Avalos break;
115418de8d7fSPeter Avalos case HOST_NEW:
115518de8d7fSPeter Avalos if (options.host_key_alias == NULL && port != 0 &&
115650a69bb5SSascha Wildner port != SSH_DEFAULT_PORT && !clobber_port) {
115718de8d7fSPeter Avalos debug("checking without port identifier");
115850a69bb5SSascha Wildner if (check_host_key(hostname, cinfo, hostaddr, 0,
115950a69bb5SSascha Wildner host_key, ROQUIET, 1,
116050a69bb5SSascha Wildner user_hostfiles, num_user_hostfiles,
116150a69bb5SSascha Wildner system_hostfiles, num_system_hostfiles,
116250a69bb5SSascha Wildner hostfile_command) == 0) {
116318de8d7fSPeter Avalos debug("found matching key w/out port");
116418de8d7fSPeter Avalos break;
116518de8d7fSPeter Avalos }
116618de8d7fSPeter Avalos }
1167856ea928SPeter Avalos if (readonly || want_cert)
116818de8d7fSPeter Avalos goto fail;
116918de8d7fSPeter Avalos /* The host is new. */
1170ce74bacaSMatthew Dillon if (options.strict_host_key_checking ==
1171ce74bacaSMatthew Dillon SSH_STRICT_HOSTKEY_YES) {
117218de8d7fSPeter Avalos /*
117318de8d7fSPeter Avalos * User has requested strict host key checking. We
117418de8d7fSPeter Avalos * will not add the host key automatically. The only
117518de8d7fSPeter Avalos * alternative left is to abort.
117618de8d7fSPeter Avalos */
117718de8d7fSPeter Avalos error("No %s host key is known for %.200s and you "
117818de8d7fSPeter Avalos "have requested strict checking.", type, host);
117918de8d7fSPeter Avalos goto fail;
1180ce74bacaSMatthew Dillon } else if (options.strict_host_key_checking ==
1181ce74bacaSMatthew Dillon SSH_STRICT_HOSTKEY_ASK) {
118250a69bb5SSascha Wildner char *msg1 = NULL, *msg2 = NULL;
118318de8d7fSPeter Avalos
118450a69bb5SSascha Wildner xasprintf(&msg1, "The authenticity of host "
118550a69bb5SSascha Wildner "'%.200s (%s)' can't be established", host, ip);
118650a69bb5SSascha Wildner
118750a69bb5SSascha Wildner if (show_other_keys(host_hostkeys, host_key)) {
118850a69bb5SSascha Wildner xextendf(&msg1, "\n", "but keys of different "
118950a69bb5SSascha Wildner "type are already known for this host.");
119050a69bb5SSascha Wildner } else
119150a69bb5SSascha Wildner xextendf(&msg1, "", ".");
119250a69bb5SSascha Wildner
1193e9778795SPeter Avalos fp = sshkey_fingerprint(host_key,
1194e9778795SPeter Avalos options.fingerprint_hash, SSH_FP_DEFAULT);
1195e9778795SPeter Avalos ra = sshkey_fingerprint(host_key,
1196e9778795SPeter Avalos options.fingerprint_hash, SSH_FP_RANDOMART);
1197e9778795SPeter Avalos if (fp == NULL || ra == NULL)
119850a69bb5SSascha Wildner fatal_f("sshkey_fingerprint failed");
119950a69bb5SSascha Wildner xextendf(&msg1, "\n", "%s key fingerprint is %s.",
120050a69bb5SSascha Wildner type, fp);
120150a69bb5SSascha Wildner if (options.visual_host_key)
120250a69bb5SSascha Wildner xextendf(&msg1, "\n", "%s", ra);
120318de8d7fSPeter Avalos if (options.verify_host_key_dns) {
120450a69bb5SSascha Wildner xextendf(&msg1, "\n",
120550a69bb5SSascha Wildner "%s host key fingerprint found in DNS.",
120650a69bb5SSascha Wildner matching_host_key_dns ?
120750a69bb5SSascha Wildner "Matching" : "No matching");
120818de8d7fSPeter Avalos }
120950a69bb5SSascha Wildner /* msg2 informs for other names matching this key */
121050a69bb5SSascha Wildner if ((msg2 = other_hostkeys_message(host, ip, host_key,
121150a69bb5SSascha Wildner user_hostfiles, num_user_hostfiles,
121250a69bb5SSascha Wildner system_hostfiles, num_system_hostfiles)) != NULL)
121350a69bb5SSascha Wildner xextendf(&msg1, "\n", "%s", msg2);
121450a69bb5SSascha Wildner
121550a69bb5SSascha Wildner xextendf(&msg1, "\n",
121618de8d7fSPeter Avalos "Are you sure you want to continue connecting "
121750a69bb5SSascha Wildner "(yes/no/[fingerprint])? ");
121850a69bb5SSascha Wildner
121950a69bb5SSascha Wildner confirmed = confirm(msg1, fp);
122036e94dc5SPeter Avalos free(ra);
122136e94dc5SPeter Avalos free(fp);
122250a69bb5SSascha Wildner free(msg1);
122350a69bb5SSascha Wildner free(msg2);
1224664f4763Szrj if (!confirmed)
122518de8d7fSPeter Avalos goto fail;
1226e9778795SPeter Avalos hostkey_trusted = 1; /* user explicitly confirmed */
122718de8d7fSPeter Avalos }
122818de8d7fSPeter Avalos /*
1229ce74bacaSMatthew Dillon * If in "new" or "off" strict mode, add the key automatically
1230ce74bacaSMatthew Dillon * to the local known_hosts file.
123118de8d7fSPeter Avalos */
123218de8d7fSPeter Avalos if (options.check_host_ip && ip_status == HOST_NEW) {
12339f304aafSPeter Avalos snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
123418de8d7fSPeter Avalos hostp = hostline;
123518de8d7fSPeter Avalos if (options.hash_known_hosts) {
123618de8d7fSPeter Avalos /* Add hash of host and IP separately */
12371c188a7fSPeter Avalos r = add_host_to_hostfile(user_hostfiles[0],
12381c188a7fSPeter Avalos host, host_key, options.hash_known_hosts) &&
12391c188a7fSPeter Avalos add_host_to_hostfile(user_hostfiles[0], ip,
124018de8d7fSPeter Avalos host_key, options.hash_known_hosts);
124118de8d7fSPeter Avalos } else {
124218de8d7fSPeter Avalos /* Add unhashed "host,ip" */
12431c188a7fSPeter Avalos r = add_host_to_hostfile(user_hostfiles[0],
124418de8d7fSPeter Avalos hostline, host_key,
124518de8d7fSPeter Avalos options.hash_known_hosts);
124618de8d7fSPeter Avalos }
124718de8d7fSPeter Avalos } else {
12481c188a7fSPeter Avalos r = add_host_to_hostfile(user_hostfiles[0], host,
12491c188a7fSPeter Avalos host_key, options.hash_known_hosts);
125018de8d7fSPeter Avalos hostp = host;
125118de8d7fSPeter Avalos }
125218de8d7fSPeter Avalos
125318de8d7fSPeter Avalos if (!r)
125418de8d7fSPeter Avalos logit("Failed to add the host to the list of known "
12551c188a7fSPeter Avalos "hosts (%.500s).", user_hostfiles[0]);
125618de8d7fSPeter Avalos else
125718de8d7fSPeter Avalos logit("Warning: Permanently added '%.200s' (%s) to the "
125818de8d7fSPeter Avalos "list of known hosts.", hostp, type);
125918de8d7fSPeter Avalos break;
1260856ea928SPeter Avalos case HOST_REVOKED:
1261856ea928SPeter Avalos error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1262856ea928SPeter Avalos error("@ WARNING: REVOKED HOST KEY DETECTED! @");
1263856ea928SPeter Avalos error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1264856ea928SPeter Avalos error("The %s host key for %s is marked as revoked.", type, host);
1265856ea928SPeter Avalos error("This could mean that a stolen key is being used to");
1266856ea928SPeter Avalos error("impersonate this host.");
1267856ea928SPeter Avalos
1268856ea928SPeter Avalos /*
1269856ea928SPeter Avalos * If strict host key checking is in use, the user will have
1270856ea928SPeter Avalos * to edit the key manually and we can only abort.
1271856ea928SPeter Avalos */
1272ce74bacaSMatthew Dillon if (options.strict_host_key_checking !=
1273ce74bacaSMatthew Dillon SSH_STRICT_HOSTKEY_OFF) {
1274856ea928SPeter Avalos error("%s host key for %.200s was revoked and you have "
1275856ea928SPeter Avalos "requested strict checking.", type, host);
1276856ea928SPeter Avalos goto fail;
1277856ea928SPeter Avalos }
1278856ea928SPeter Avalos goto continue_unsafe;
1279856ea928SPeter Avalos
128018de8d7fSPeter Avalos case HOST_CHANGED:
1281856ea928SPeter Avalos if (want_cert) {
1282856ea928SPeter Avalos /*
1283856ea928SPeter Avalos * This is only a debug() since it is valid to have
1284856ea928SPeter Avalos * CAs with wildcard DNS matches that don't match
1285856ea928SPeter Avalos * all hosts that one might visit.
1286856ea928SPeter Avalos */
1287856ea928SPeter Avalos debug("Host certificate authority does not "
12889f304aafSPeter Avalos "match %s in %s:%lu", CA_MARKER,
12899f304aafSPeter Avalos host_found->file, host_found->line);
1290856ea928SPeter Avalos goto fail;
1291856ea928SPeter Avalos }
129218de8d7fSPeter Avalos if (readonly == ROQUIET)
129318de8d7fSPeter Avalos goto fail;
129418de8d7fSPeter Avalos if (options.check_host_ip && host_ip_differ) {
129518de8d7fSPeter Avalos char *key_msg;
129618de8d7fSPeter Avalos if (ip_status == HOST_NEW)
129718de8d7fSPeter Avalos key_msg = "is unknown";
129818de8d7fSPeter Avalos else if (ip_status == HOST_OK)
129918de8d7fSPeter Avalos key_msg = "is unchanged";
130018de8d7fSPeter Avalos else
130118de8d7fSPeter Avalos key_msg = "has a different value";
130218de8d7fSPeter Avalos error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
130318de8d7fSPeter Avalos error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
130418de8d7fSPeter Avalos error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
130518de8d7fSPeter Avalos error("The %s host key for %s has changed,", type, host);
130618de8d7fSPeter Avalos error("and the key for the corresponding IP address %s", ip);
130718de8d7fSPeter Avalos error("%s. This could either mean that", key_msg);
130818de8d7fSPeter Avalos error("DNS SPOOFING is happening or the IP address for the host");
130918de8d7fSPeter Avalos error("and its host key have changed at the same time.");
131018de8d7fSPeter Avalos if (ip_status != HOST_NEW)
13119f304aafSPeter Avalos error("Offending key for IP in %s:%lu",
13129f304aafSPeter Avalos ip_found->file, ip_found->line);
131318de8d7fSPeter Avalos }
131418de8d7fSPeter Avalos /* The host key has changed. */
131518de8d7fSPeter Avalos warn_changed_key(host_key);
1316*ba1276acSMatthew Dillon if (num_user_hostfiles > 0 || num_system_hostfiles > 0) {
1317*ba1276acSMatthew Dillon error("Add correct host key in %.100s to get rid "
1318*ba1276acSMatthew Dillon "of this message.", num_user_hostfiles > 0 ?
1319*ba1276acSMatthew Dillon user_hostfiles[0] : system_hostfiles[0]);
1320*ba1276acSMatthew Dillon }
1321ce74bacaSMatthew Dillon error("Offending %s key in %s:%lu",
1322ce74bacaSMatthew Dillon sshkey_type(host_found->key),
13239f304aafSPeter Avalos host_found->file, host_found->line);
132418de8d7fSPeter Avalos
132518de8d7fSPeter Avalos /*
132618de8d7fSPeter Avalos * If strict host key checking is in use, the user will have
132718de8d7fSPeter Avalos * to edit the key manually and we can only abort.
132818de8d7fSPeter Avalos */
1329ce74bacaSMatthew Dillon if (options.strict_host_key_checking !=
1330ce74bacaSMatthew Dillon SSH_STRICT_HOSTKEY_OFF) {
133150a69bb5SSascha Wildner error("Host key for %.200s has changed and you have "
133250a69bb5SSascha Wildner "requested strict checking.", host);
133318de8d7fSPeter Avalos goto fail;
133418de8d7fSPeter Avalos }
133518de8d7fSPeter Avalos
1336856ea928SPeter Avalos continue_unsafe:
133718de8d7fSPeter Avalos /*
133818de8d7fSPeter Avalos * If strict host key checking has not been requested, allow
133918de8d7fSPeter Avalos * the connection but without MITM-able authentication or
134018de8d7fSPeter Avalos * forwarding.
134118de8d7fSPeter Avalos */
134218de8d7fSPeter Avalos if (options.password_authentication) {
134318de8d7fSPeter Avalos error("Password authentication is disabled to avoid "
134418de8d7fSPeter Avalos "man-in-the-middle attacks.");
134518de8d7fSPeter Avalos options.password_authentication = 0;
134618de8d7fSPeter Avalos cancelled_forwarding = 1;
134718de8d7fSPeter Avalos }
134818de8d7fSPeter Avalos if (options.kbd_interactive_authentication) {
134918de8d7fSPeter Avalos error("Keyboard-interactive authentication is disabled"
135018de8d7fSPeter Avalos " to avoid man-in-the-middle attacks.");
135118de8d7fSPeter Avalos options.kbd_interactive_authentication = 0;
135218de8d7fSPeter Avalos cancelled_forwarding = 1;
135318de8d7fSPeter Avalos }
135418de8d7fSPeter Avalos if (options.forward_agent) {
135518de8d7fSPeter Avalos error("Agent forwarding is disabled to avoid "
135618de8d7fSPeter Avalos "man-in-the-middle attacks.");
135718de8d7fSPeter Avalos options.forward_agent = 0;
135818de8d7fSPeter Avalos cancelled_forwarding = 1;
135918de8d7fSPeter Avalos }
136018de8d7fSPeter Avalos if (options.forward_x11) {
136118de8d7fSPeter Avalos error("X11 forwarding is disabled to avoid "
136218de8d7fSPeter Avalos "man-in-the-middle attacks.");
136318de8d7fSPeter Avalos options.forward_x11 = 0;
136418de8d7fSPeter Avalos cancelled_forwarding = 1;
136518de8d7fSPeter Avalos }
136618de8d7fSPeter Avalos if (options.num_local_forwards > 0 ||
136718de8d7fSPeter Avalos options.num_remote_forwards > 0) {
136818de8d7fSPeter Avalos error("Port forwarding is disabled to avoid "
136918de8d7fSPeter Avalos "man-in-the-middle attacks.");
137018de8d7fSPeter Avalos options.num_local_forwards =
137118de8d7fSPeter Avalos options.num_remote_forwards = 0;
137218de8d7fSPeter Avalos cancelled_forwarding = 1;
137318de8d7fSPeter Avalos }
137418de8d7fSPeter Avalos if (options.tun_open != SSH_TUNMODE_NO) {
137518de8d7fSPeter Avalos error("Tunnel forwarding is disabled to avoid "
137618de8d7fSPeter Avalos "man-in-the-middle attacks.");
137718de8d7fSPeter Avalos options.tun_open = SSH_TUNMODE_NO;
137818de8d7fSPeter Avalos cancelled_forwarding = 1;
137918de8d7fSPeter Avalos }
138050a69bb5SSascha Wildner if (options.update_hostkeys != 0) {
138150a69bb5SSascha Wildner error("UpdateHostkeys is disabled because the host "
138250a69bb5SSascha Wildner "key is not trusted.");
138350a69bb5SSascha Wildner options.update_hostkeys = 0;
138450a69bb5SSascha Wildner }
138518de8d7fSPeter Avalos if (options.exit_on_forward_failure && cancelled_forwarding)
138618de8d7fSPeter Avalos fatal("Error: forwarding disabled due to host key "
138718de8d7fSPeter Avalos "check failure");
138818de8d7fSPeter Avalos
138918de8d7fSPeter Avalos /*
139018de8d7fSPeter Avalos * XXX Should permit the user to change to use the new id.
139118de8d7fSPeter Avalos * This could be done by converting the host key to an
139218de8d7fSPeter Avalos * identifying sentence, tell that the host identifies itself
139350a69bb5SSascha Wildner * by that sentence, and ask the user if they wish to
139418de8d7fSPeter Avalos * accept the authentication.
139518de8d7fSPeter Avalos */
139618de8d7fSPeter Avalos break;
139718de8d7fSPeter Avalos case HOST_FOUND:
139818de8d7fSPeter Avalos fatal("internal error");
139918de8d7fSPeter Avalos break;
140018de8d7fSPeter Avalos }
140118de8d7fSPeter Avalos
140218de8d7fSPeter Avalos if (options.check_host_ip && host_status != HOST_CHANGED &&
140318de8d7fSPeter Avalos ip_status == HOST_CHANGED) {
140418de8d7fSPeter Avalos snprintf(msg, sizeof(msg),
140518de8d7fSPeter Avalos "Warning: the %s host key for '%.200s' "
140618de8d7fSPeter Avalos "differs from the key for the IP address '%.128s'"
14079f304aafSPeter Avalos "\nOffending key for IP in %s:%lu",
14089f304aafSPeter Avalos type, host, ip, ip_found->file, ip_found->line);
140918de8d7fSPeter Avalos if (host_status == HOST_OK) {
141018de8d7fSPeter Avalos len = strlen(msg);
141118de8d7fSPeter Avalos snprintf(msg + len, sizeof(msg) - len,
14129f304aafSPeter Avalos "\nMatching host key in %s:%lu",
14139f304aafSPeter Avalos host_found->file, host_found->line);
141418de8d7fSPeter Avalos }
1415ce74bacaSMatthew Dillon if (options.strict_host_key_checking ==
1416ce74bacaSMatthew Dillon SSH_STRICT_HOSTKEY_ASK) {
141718de8d7fSPeter Avalos strlcat(msg, "\nAre you sure you want "
141818de8d7fSPeter Avalos "to continue connecting (yes/no)? ", sizeof(msg));
1419664f4763Szrj if (!confirm(msg, NULL))
142018de8d7fSPeter Avalos goto fail;
1421ce74bacaSMatthew Dillon } else if (options.strict_host_key_checking !=
1422ce74bacaSMatthew Dillon SSH_STRICT_HOSTKEY_OFF) {
1423ce74bacaSMatthew Dillon logit("%s", msg);
1424ce74bacaSMatthew Dillon error("Exiting, you have requested strict checking.");
1425ce74bacaSMatthew Dillon goto fail;
142618de8d7fSPeter Avalos } else {
142718de8d7fSPeter Avalos logit("%s", msg);
142818de8d7fSPeter Avalos }
142918de8d7fSPeter Avalos }
143018de8d7fSPeter Avalos
1431e9778795SPeter Avalos if (!hostkey_trusted && options.update_hostkeys) {
143250a69bb5SSascha Wildner debug_f("hostkey not known or explicitly trusted: "
143350a69bb5SSascha Wildner "disabling UpdateHostkeys");
1434e9778795SPeter Avalos options.update_hostkeys = 0;
1435e9778795SPeter Avalos }
1436e9778795SPeter Avalos
143736e94dc5SPeter Avalos free(ip);
143836e94dc5SPeter Avalos free(host);
14399f304aafSPeter Avalos if (host_hostkeys != NULL)
14409f304aafSPeter Avalos free_hostkeys(host_hostkeys);
14419f304aafSPeter Avalos if (ip_hostkeys != NULL)
14429f304aafSPeter Avalos free_hostkeys(ip_hostkeys);
144318de8d7fSPeter Avalos return 0;
144418de8d7fSPeter Avalos
144518de8d7fSPeter Avalos fail:
1446856ea928SPeter Avalos if (want_cert && host_status != HOST_REVOKED) {
1447856ea928SPeter Avalos /*
1448856ea928SPeter Avalos * No matching certificate. Downgrade cert to raw key and
1449856ea928SPeter Avalos * search normally.
1450856ea928SPeter Avalos */
1451856ea928SPeter Avalos debug("No matching CA found. Retry with plain key");
1452ce74bacaSMatthew Dillon if ((r = sshkey_from_private(host_key, &raw_key)) != 0)
145350a69bb5SSascha Wildner fatal_fr(r, "decode key");
1454ce74bacaSMatthew Dillon if ((r = sshkey_drop_cert(raw_key)) != 0)
145550a69bb5SSascha Wildner fatal_r(r, "Couldn't drop certificate");
1456856ea928SPeter Avalos host_key = raw_key;
1457856ea928SPeter Avalos goto retry;
1458856ea928SPeter Avalos }
1459ce74bacaSMatthew Dillon sshkey_free(raw_key);
146036e94dc5SPeter Avalos free(ip);
146136e94dc5SPeter Avalos free(host);
14629f304aafSPeter Avalos if (host_hostkeys != NULL)
14639f304aafSPeter Avalos free_hostkeys(host_hostkeys);
14649f304aafSPeter Avalos if (ip_hostkeys != NULL)
14659f304aafSPeter Avalos free_hostkeys(ip_hostkeys);
146618de8d7fSPeter Avalos return -1;
146718de8d7fSPeter Avalos }
146818de8d7fSPeter Avalos
146918de8d7fSPeter Avalos /* returns 0 if key verifies or -1 if key does NOT verify */
147018de8d7fSPeter Avalos int
verify_host_key(char * host,struct sockaddr * hostaddr,struct sshkey * host_key,const struct ssh_conn_info * cinfo)147150a69bb5SSascha Wildner verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
147250a69bb5SSascha Wildner const struct ssh_conn_info *cinfo)
147318de8d7fSPeter Avalos {
1474e9778795SPeter Avalos u_int i;
147536e94dc5SPeter Avalos int r = -1, flags = 0;
1476e9778795SPeter Avalos char valid[64], *fp = NULL, *cafp = NULL;
1477e9778795SPeter Avalos struct sshkey *plain = NULL;
14789f304aafSPeter Avalos
1479e9778795SPeter Avalos if ((fp = sshkey_fingerprint(host_key,
1480e9778795SPeter Avalos options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
148150a69bb5SSascha Wildner error_fr(r, "fingerprint host key");
1482e9778795SPeter Avalos r = -1;
1483e9778795SPeter Avalos goto out;
1484e9778795SPeter Avalos }
148518de8d7fSPeter Avalos
1486e9778795SPeter Avalos if (sshkey_is_cert(host_key)) {
1487e9778795SPeter Avalos if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
1488e9778795SPeter Avalos options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
148950a69bb5SSascha Wildner error_fr(r, "fingerprint CA key");
1490e9778795SPeter Avalos r = -1;
1491e9778795SPeter Avalos goto out;
1492e9778795SPeter Avalos }
1493e9778795SPeter Avalos sshkey_format_cert_validity(host_key->cert,
1494e9778795SPeter Avalos valid, sizeof(valid));
1495e9778795SPeter Avalos debug("Server host certificate: %s %s, serial %llu "
1496e9778795SPeter Avalos "ID \"%s\" CA %s %s valid %s",
1497e9778795SPeter Avalos sshkey_ssh_name(host_key), fp,
1498e9778795SPeter Avalos (unsigned long long)host_key->cert->serial,
1499e9778795SPeter Avalos host_key->cert->key_id,
1500e9778795SPeter Avalos sshkey_ssh_name(host_key->cert->signature_key), cafp,
1501e9778795SPeter Avalos valid);
1502e9778795SPeter Avalos for (i = 0; i < host_key->cert->nprincipals; i++) {
1503e9778795SPeter Avalos debug2("Server host certificate hostname: %s",
1504e9778795SPeter Avalos host_key->cert->principals[i]);
1505e9778795SPeter Avalos }
1506e9778795SPeter Avalos } else {
1507ce74bacaSMatthew Dillon debug("Server host key: %s %s", sshkey_ssh_name(host_key), fp);
1508e9778795SPeter Avalos }
1509e9778795SPeter Avalos
1510e9778795SPeter Avalos if (sshkey_equal(previous_host_key, host_key)) {
151150a69bb5SSascha Wildner debug2_f("server host key %s %s matches cached key",
151250a69bb5SSascha Wildner sshkey_type(host_key), fp);
1513e9778795SPeter Avalos r = 0;
1514e9778795SPeter Avalos goto out;
1515e9778795SPeter Avalos }
1516e9778795SPeter Avalos
1517e9778795SPeter Avalos /* Check in RevokedHostKeys file if specified */
1518e9778795SPeter Avalos if (options.revoked_host_keys != NULL) {
1519e9778795SPeter Avalos r = sshkey_check_revoked(host_key, options.revoked_host_keys);
1520e9778795SPeter Avalos switch (r) {
1521e9778795SPeter Avalos case 0:
1522e9778795SPeter Avalos break; /* not revoked */
1523e9778795SPeter Avalos case SSH_ERR_KEY_REVOKED:
1524e9778795SPeter Avalos error("Host key %s %s revoked by file %s",
1525e9778795SPeter Avalos sshkey_type(host_key), fp,
1526e9778795SPeter Avalos options.revoked_host_keys);
1527e9778795SPeter Avalos r = -1;
1528e9778795SPeter Avalos goto out;
1529e9778795SPeter Avalos default:
153050a69bb5SSascha Wildner error_r(r, "Error checking host key %s %s in "
153150a69bb5SSascha Wildner "revoked keys file %s", sshkey_type(host_key),
153250a69bb5SSascha Wildner fp, options.revoked_host_keys);
1533e9778795SPeter Avalos r = -1;
1534e9778795SPeter Avalos goto out;
1535e9778795SPeter Avalos }
153636e94dc5SPeter Avalos }
153736e94dc5SPeter Avalos
153836e94dc5SPeter Avalos if (options.verify_host_key_dns) {
153936e94dc5SPeter Avalos /*
154036e94dc5SPeter Avalos * XXX certs are not yet supported for DNS, so downgrade
154136e94dc5SPeter Avalos * them and try the plain key.
154236e94dc5SPeter Avalos */
1543e9778795SPeter Avalos if ((r = sshkey_from_private(host_key, &plain)) != 0)
1544e9778795SPeter Avalos goto out;
1545e9778795SPeter Avalos if (sshkey_is_cert(plain))
1546e9778795SPeter Avalos sshkey_drop_cert(plain);
154736e94dc5SPeter Avalos if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
154818de8d7fSPeter Avalos if (flags & DNS_VERIFY_FOUND) {
154918de8d7fSPeter Avalos if (options.verify_host_key_dns == 1 &&
155018de8d7fSPeter Avalos flags & DNS_VERIFY_MATCH &&
155136e94dc5SPeter Avalos flags & DNS_VERIFY_SECURE) {
155236e94dc5SPeter Avalos r = 0;
1553e9778795SPeter Avalos goto out;
155436e94dc5SPeter Avalos }
155518de8d7fSPeter Avalos if (flags & DNS_VERIFY_MATCH) {
155618de8d7fSPeter Avalos matching_host_key_dns = 1;
155718de8d7fSPeter Avalos } else {
155836e94dc5SPeter Avalos warn_changed_key(plain);
155936e94dc5SPeter Avalos error("Update the SSHFP RR in DNS "
156036e94dc5SPeter Avalos "with the new host key to get rid "
156136e94dc5SPeter Avalos "of this message.");
156218de8d7fSPeter Avalos }
156318de8d7fSPeter Avalos }
156418de8d7fSPeter Avalos }
156536e94dc5SPeter Avalos }
156650a69bb5SSascha Wildner r = check_host_key(host, cinfo, hostaddr, options.port, host_key,
156750a69bb5SSascha Wildner RDRW, 0, options.user_hostfiles, options.num_user_hostfiles,
156850a69bb5SSascha Wildner options.system_hostfiles, options.num_system_hostfiles,
156950a69bb5SSascha Wildner options.known_hosts_command);
157036e94dc5SPeter Avalos
1571e9778795SPeter Avalos out:
1572e9778795SPeter Avalos sshkey_free(plain);
1573e9778795SPeter Avalos free(fp);
1574e9778795SPeter Avalos free(cafp);
157536e94dc5SPeter Avalos if (r == 0 && host_key != NULL) {
1576ce74bacaSMatthew Dillon sshkey_free(previous_host_key);
1577ce74bacaSMatthew Dillon r = sshkey_from_private(host_key, &previous_host_key);
157836e94dc5SPeter Avalos }
157936e94dc5SPeter Avalos
158036e94dc5SPeter Avalos return r;
158118de8d7fSPeter Avalos }
158218de8d7fSPeter Avalos
158318de8d7fSPeter Avalos /*
158418de8d7fSPeter Avalos * Starts a dialog with the server, and authenticates the current user on the
158518de8d7fSPeter Avalos * server. This does not need any extra privileges. The basic connection
158618de8d7fSPeter Avalos * to the server must already have been established before this is called.
158718de8d7fSPeter Avalos * If login fails, this function prints an error and never returns.
158818de8d7fSPeter Avalos * This function does not require super-user privileges.
158918de8d7fSPeter Avalos */
159018de8d7fSPeter Avalos void
ssh_login(struct ssh * ssh,Sensitive * sensitive,const char * orighost,struct sockaddr * hostaddr,u_short port,struct passwd * pw,int timeout_ms,const struct ssh_conn_info * cinfo)1591664f4763Szrj ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
159250a69bb5SSascha Wildner struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms,
159350a69bb5SSascha Wildner const struct ssh_conn_info *cinfo)
159418de8d7fSPeter Avalos {
159536e94dc5SPeter Avalos char *host;
159618de8d7fSPeter Avalos char *server_user, *local_user;
15970cbfa66cSDaniel Fojt int r;
159818de8d7fSPeter Avalos
159918de8d7fSPeter Avalos local_user = xstrdup(pw->pw_name);
160018de8d7fSPeter Avalos server_user = options.user ? options.user : local_user;
160118de8d7fSPeter Avalos
160218de8d7fSPeter Avalos /* Convert the user-supplied hostname into all lowercase. */
160318de8d7fSPeter Avalos host = xstrdup(orighost);
160436e94dc5SPeter Avalos lowercase(host);
160518de8d7fSPeter Avalos
160618de8d7fSPeter Avalos /* Exchange protocol version identification strings with the server. */
16070cbfa66cSDaniel Fojt if ((r = kex_exchange_identification(ssh, timeout_ms, NULL)) != 0)
16080cbfa66cSDaniel Fojt sshpkt_fatal(ssh, r, "banner exchange");
160918de8d7fSPeter Avalos
161018de8d7fSPeter Avalos /* Put the connection into non-blocking mode. */
1611664f4763Szrj ssh_packet_set_nonblocking(ssh);
161218de8d7fSPeter Avalos
161318de8d7fSPeter Avalos /* key exchange */
161418de8d7fSPeter Avalos /* authenticate user */
1615e9778795SPeter Avalos debug("Authenticating to %s:%d as '%s'", host, port, server_user);
161650a69bb5SSascha Wildner ssh_kex2(ssh, host, hostaddr, port, cinfo);
1617664f4763Szrj ssh_userauth2(ssh, local_user, server_user, host, sensitive);
161836e94dc5SPeter Avalos free(local_user);
16190cbfa66cSDaniel Fojt free(host);
162018de8d7fSPeter Avalos }
162118de8d7fSPeter Avalos
162218de8d7fSPeter Avalos /* print all known host keys for a given host, but skip keys of given type */
162318de8d7fSPeter Avalos static int
show_other_keys(struct hostkeys * hostkeys,struct sshkey * key)1624ce74bacaSMatthew Dillon show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
162518de8d7fSPeter Avalos {
162636e94dc5SPeter Avalos int type[] = {
162736e94dc5SPeter Avalos KEY_RSA,
1628*ba1276acSMatthew Dillon #ifdef WITH_DSA
162936e94dc5SPeter Avalos KEY_DSA,
1630*ba1276acSMatthew Dillon #endif
163136e94dc5SPeter Avalos KEY_ECDSA,
163236e94dc5SPeter Avalos KEY_ED25519,
1633664f4763Szrj KEY_XMSS,
163436e94dc5SPeter Avalos -1
163536e94dc5SPeter Avalos };
16369f304aafSPeter Avalos int i, ret = 0;
16379f304aafSPeter Avalos char *fp, *ra;
16389f304aafSPeter Avalos const struct hostkey_entry *found;
163918de8d7fSPeter Avalos
164018de8d7fSPeter Avalos for (i = 0; type[i] != -1; i++) {
164118de8d7fSPeter Avalos if (type[i] == key->type)
164218de8d7fSPeter Avalos continue;
164350a69bb5SSascha Wildner if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i],
164450a69bb5SSascha Wildner -1, &found))
164518de8d7fSPeter Avalos continue;
1646e9778795SPeter Avalos fp = sshkey_fingerprint(found->key,
1647e9778795SPeter Avalos options.fingerprint_hash, SSH_FP_DEFAULT);
1648e9778795SPeter Avalos ra = sshkey_fingerprint(found->key,
1649e9778795SPeter Avalos options.fingerprint_hash, SSH_FP_RANDOMART);
1650e9778795SPeter Avalos if (fp == NULL || ra == NULL)
165150a69bb5SSascha Wildner fatal_f("sshkey_fingerprint fail");
16529f304aafSPeter Avalos logit("WARNING: %s key found for host %s\n"
16539f304aafSPeter Avalos "in %s:%lu\n"
16549f304aafSPeter Avalos "%s key fingerprint %s.",
1655664f4763Szrj sshkey_type(found->key),
16569f304aafSPeter Avalos found->host, found->file, found->line,
1657664f4763Szrj sshkey_type(found->key), fp);
16589f304aafSPeter Avalos if (options.visual_host_key)
16599f304aafSPeter Avalos logit("%s", ra);
166036e94dc5SPeter Avalos free(ra);
166136e94dc5SPeter Avalos free(fp);
16629f304aafSPeter Avalos ret = 1;
166318de8d7fSPeter Avalos }
16649f304aafSPeter Avalos return ret;
166518de8d7fSPeter Avalos }
166618de8d7fSPeter Avalos
166718de8d7fSPeter Avalos static void
warn_changed_key(struct sshkey * host_key)1668ce74bacaSMatthew Dillon warn_changed_key(struct sshkey *host_key)
166918de8d7fSPeter Avalos {
167018de8d7fSPeter Avalos char *fp;
167118de8d7fSPeter Avalos
1672e9778795SPeter Avalos fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
1673e9778795SPeter Avalos SSH_FP_DEFAULT);
1674e9778795SPeter Avalos if (fp == NULL)
167550a69bb5SSascha Wildner fatal_f("sshkey_fingerprint fail");
167618de8d7fSPeter Avalos
167718de8d7fSPeter Avalos error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
167818de8d7fSPeter Avalos error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
167918de8d7fSPeter Avalos error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
168018de8d7fSPeter Avalos error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
168118de8d7fSPeter Avalos error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
16829f304aafSPeter Avalos error("It is also possible that a host key has just been changed.");
168318de8d7fSPeter Avalos error("The fingerprint for the %s key sent by the remote host is\n%s.",
1684664f4763Szrj sshkey_type(host_key), fp);
168518de8d7fSPeter Avalos error("Please contact your system administrator.");
168618de8d7fSPeter Avalos
168736e94dc5SPeter Avalos free(fp);
168818de8d7fSPeter Avalos }
168918de8d7fSPeter Avalos
169018de8d7fSPeter Avalos /*
169118de8d7fSPeter Avalos * Execute a local command
169218de8d7fSPeter Avalos */
169318de8d7fSPeter Avalos int
ssh_local_cmd(const char * args)169418de8d7fSPeter Avalos ssh_local_cmd(const char *args)
169518de8d7fSPeter Avalos {
169618de8d7fSPeter Avalos char *shell;
169718de8d7fSPeter Avalos pid_t pid;
169818de8d7fSPeter Avalos int status;
16999f304aafSPeter Avalos void (*osighand)(int);
170018de8d7fSPeter Avalos
170118de8d7fSPeter Avalos if (!options.permit_local_command ||
170218de8d7fSPeter Avalos args == NULL || !*args)
170318de8d7fSPeter Avalos return (1);
170418de8d7fSPeter Avalos
17059f304aafSPeter Avalos if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
170618de8d7fSPeter Avalos shell = _PATH_BSHELL;
170718de8d7fSPeter Avalos
17080cbfa66cSDaniel Fojt osighand = ssh_signal(SIGCHLD, SIG_DFL);
170918de8d7fSPeter Avalos pid = fork();
171018de8d7fSPeter Avalos if (pid == 0) {
17110cbfa66cSDaniel Fojt ssh_signal(SIGPIPE, SIG_DFL);
171218de8d7fSPeter Avalos debug3("Executing %s -c \"%s\"", shell, args);
171318de8d7fSPeter Avalos execl(shell, shell, "-c", args, (char *)NULL);
171418de8d7fSPeter Avalos error("Couldn't execute %s -c \"%s\": %s",
171518de8d7fSPeter Avalos shell, args, strerror(errno));
171618de8d7fSPeter Avalos _exit(1);
171718de8d7fSPeter Avalos } else if (pid == -1)
171818de8d7fSPeter Avalos fatal("fork failed: %.100s", strerror(errno));
171918de8d7fSPeter Avalos while (waitpid(pid, &status, 0) == -1)
172018de8d7fSPeter Avalos if (errno != EINTR)
172118de8d7fSPeter Avalos fatal("Couldn't wait for child: %s", strerror(errno));
17220cbfa66cSDaniel Fojt ssh_signal(SIGCHLD, osighand);
172318de8d7fSPeter Avalos
172418de8d7fSPeter Avalos if (!WIFEXITED(status))
172518de8d7fSPeter Avalos return (1);
172618de8d7fSPeter Avalos
172718de8d7fSPeter Avalos return (WEXITSTATUS(status));
172818de8d7fSPeter Avalos }
1729e9778795SPeter Avalos
1730e9778795SPeter Avalos void
maybe_add_key_to_agent(const char * authfile,struct sshkey * private,const char * comment,const char * passphrase)17310cbfa66cSDaniel Fojt maybe_add_key_to_agent(const char *authfile, struct sshkey *private,
17320cbfa66cSDaniel Fojt const char *comment, const char *passphrase)
1733e9778795SPeter Avalos {
1734e9778795SPeter Avalos int auth_sock = -1, r;
17350cbfa66cSDaniel Fojt const char *skprovider = NULL;
1736e9778795SPeter Avalos
1737e9778795SPeter Avalos if (options.add_keys_to_agent == 0)
1738e9778795SPeter Avalos return;
1739e9778795SPeter Avalos
1740e9778795SPeter Avalos if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
1741e9778795SPeter Avalos debug3("no authentication agent, not adding key");
1742e9778795SPeter Avalos return;
1743e9778795SPeter Avalos }
1744e9778795SPeter Avalos
1745e9778795SPeter Avalos if (options.add_keys_to_agent == 2 &&
1746e9778795SPeter Avalos !ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
1747e9778795SPeter Avalos debug3("user denied adding this key");
1748ce74bacaSMatthew Dillon close(auth_sock);
1749e9778795SPeter Avalos return;
1750e9778795SPeter Avalos }
17510cbfa66cSDaniel Fojt if (sshkey_is_sk(private))
17520cbfa66cSDaniel Fojt skprovider = options.sk_provider;
17530cbfa66cSDaniel Fojt if ((r = ssh_add_identity_constrained(auth_sock, private,
175450a69bb5SSascha Wildner comment == NULL ? authfile : comment,
175550a69bb5SSascha Wildner options.add_keys_to_agent_lifespan,
1756ee116499SAntonio Huete Jimenez (options.add_keys_to_agent == 3), 0, skprovider, NULL, 0)) == 0)
1757e9778795SPeter Avalos debug("identity added to agent: %s", authfile);
1758e9778795SPeter Avalos else
1759e9778795SPeter Avalos debug("could not add identity to agent: %s (%d)", authfile, r);
1760ce74bacaSMatthew Dillon close(auth_sock);
1761e9778795SPeter Avalos }
1762