xref: /dflybsd-src/crypto/openssh/sshconnect.c (revision ba1276acd1c8c22d225b1bcf370a14c878644f44)
1*ba1276acSMatthew Dillon /* $OpenBSD: sshconnect.c,v 1.368 2024/04/30 02:10:49 djm Exp $ */
218de8d7fSPeter Avalos /*
318de8d7fSPeter Avalos  * Author: Tatu Ylonen <ylo@cs.hut.fi>
418de8d7fSPeter Avalos  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
518de8d7fSPeter Avalos  *                    All rights reserved
618de8d7fSPeter Avalos  * Code to connect to a remote host, and to perform the client side of the
718de8d7fSPeter Avalos  * login (authentication) dialog.
818de8d7fSPeter Avalos  *
918de8d7fSPeter Avalos  * As far as I am concerned, the code I have written for this software
1018de8d7fSPeter Avalos  * can be used freely for any purpose.  Any derived versions of this
1118de8d7fSPeter Avalos  * software must be clearly marked as such, and if the derived work is
1218de8d7fSPeter Avalos  * incompatible with the protocol description in the RFC file, it must be
1318de8d7fSPeter Avalos  * called by a name other than "ssh" or "Secure Shell".
1418de8d7fSPeter Avalos  */
1518de8d7fSPeter Avalos 
1618de8d7fSPeter Avalos #include "includes.h"
1718de8d7fSPeter Avalos 
1818de8d7fSPeter Avalos #include <sys/types.h>
1918de8d7fSPeter Avalos #include <sys/wait.h>
2018de8d7fSPeter Avalos #include <sys/stat.h>
2118de8d7fSPeter Avalos #include <sys/socket.h>
2218de8d7fSPeter Avalos #ifdef HAVE_SYS_TIME_H
2318de8d7fSPeter Avalos # include <sys/time.h>
2418de8d7fSPeter Avalos #endif
2518de8d7fSPeter Avalos 
26664f4763Szrj #include <net/if.h>
2718de8d7fSPeter Avalos #include <netinet/in.h>
2818de8d7fSPeter Avalos #include <arpa/inet.h>
2918de8d7fSPeter Avalos 
3018de8d7fSPeter Avalos #include <ctype.h>
3118de8d7fSPeter Avalos #include <errno.h>
32856ea928SPeter Avalos #include <fcntl.h>
3350a69bb5SSascha Wildner #include <limits.h>
3418de8d7fSPeter Avalos #include <netdb.h>
3518de8d7fSPeter Avalos #ifdef HAVE_PATHS_H
3618de8d7fSPeter Avalos #include <paths.h>
3718de8d7fSPeter Avalos #endif
3818de8d7fSPeter Avalos #include <pwd.h>
39ce74bacaSMatthew Dillon #ifdef HAVE_POLL_H
40ce74bacaSMatthew Dillon #include <poll.h>
41ce74bacaSMatthew Dillon #endif
429f304aafSPeter Avalos #include <signal.h>
4318de8d7fSPeter Avalos #include <stdio.h>
4418de8d7fSPeter Avalos #include <stdlib.h>
450cbfa66cSDaniel Fojt #include <stdarg.h>
4618de8d7fSPeter Avalos #include <string.h>
4718de8d7fSPeter Avalos #include <unistd.h>
48664f4763Szrj #ifdef HAVE_IFADDRS_H
49664f4763Szrj # include <ifaddrs.h>
50664f4763Szrj #endif
5118de8d7fSPeter Avalos 
5218de8d7fSPeter Avalos #include "xmalloc.h"
5318de8d7fSPeter Avalos #include "hostfile.h"
5418de8d7fSPeter Avalos #include "ssh.h"
55664f4763Szrj #include "sshbuf.h"
5618de8d7fSPeter Avalos #include "packet.h"
57664f4763Szrj #include "sshkey.h"
5818de8d7fSPeter Avalos #include "sshconnect.h"
5918de8d7fSPeter Avalos #include "log.h"
60*ba1276acSMatthew Dillon #include "match.h"
6136e94dc5SPeter Avalos #include "misc.h"
6218de8d7fSPeter Avalos #include "readconf.h"
6318de8d7fSPeter Avalos #include "atomicio.h"
6418de8d7fSPeter Avalos #include "dns.h"
6536e94dc5SPeter Avalos #include "monitor_fdpass.h"
66856ea928SPeter Avalos #include "ssh2.h"
6718de8d7fSPeter Avalos #include "version.h"
68e9778795SPeter Avalos #include "authfile.h"
69e9778795SPeter Avalos #include "ssherr.h"
70e9778795SPeter Avalos #include "authfd.h"
71664f4763Szrj #include "kex.h"
7218de8d7fSPeter Avalos 
73ce74bacaSMatthew Dillon struct sshkey *previous_host_key = NULL;
7418de8d7fSPeter Avalos 
7518de8d7fSPeter Avalos static int matching_host_key_dns = 0;
7618de8d7fSPeter Avalos 
779f304aafSPeter Avalos static pid_t proxy_command_pid = 0;
789f304aafSPeter Avalos 
7918de8d7fSPeter Avalos /* import */
80664f4763Szrj extern int debug_flag;
8118de8d7fSPeter Avalos extern Options options;
8218de8d7fSPeter Avalos extern char *__progname;
8318de8d7fSPeter Avalos 
84ce74bacaSMatthew Dillon static int show_other_keys(struct hostkeys *, struct sshkey *);
85ce74bacaSMatthew Dillon static void warn_changed_key(struct sshkey *);
8618de8d7fSPeter Avalos 
8736e94dc5SPeter Avalos /* Expand a proxy command */
8836e94dc5SPeter Avalos static char *
expand_proxy_command(const char * proxy_command,const char * user,const char * host,const char * host_arg,int port)8936e94dc5SPeter Avalos expand_proxy_command(const char *proxy_command, const char *user,
900cbfa66cSDaniel Fojt     const char *host, const char *host_arg, int port)
9136e94dc5SPeter Avalos {
9236e94dc5SPeter Avalos 	char *tmp, *ret, strport[NI_MAXSERV];
9350a69bb5SSascha Wildner 	const char *keyalias = options.host_key_alias ?
9450a69bb5SSascha Wildner 	    options.host_key_alias : host_arg;
9536e94dc5SPeter Avalos 
9636e94dc5SPeter Avalos 	snprintf(strport, sizeof strport, "%d", port);
9736e94dc5SPeter Avalos 	xasprintf(&tmp, "exec %s", proxy_command);
980cbfa66cSDaniel Fojt 	ret = percent_expand(tmp,
990cbfa66cSDaniel Fojt 	    "h", host,
10050a69bb5SSascha Wildner 	    "k", keyalias,
1010cbfa66cSDaniel Fojt 	    "n", host_arg,
1020cbfa66cSDaniel Fojt 	    "p", strport,
1030cbfa66cSDaniel Fojt 	    "r", options.user,
1040cbfa66cSDaniel Fojt 	    (char *)NULL);
10536e94dc5SPeter Avalos 	free(tmp);
10636e94dc5SPeter Avalos 	return ret;
10736e94dc5SPeter Avalos }
10836e94dc5SPeter Avalos 
10936e94dc5SPeter Avalos /*
11036e94dc5SPeter Avalos  * Connect to the given ssh server using a proxy command that passes a
11136e94dc5SPeter Avalos  * a connected fd back to us.
11236e94dc5SPeter Avalos  */
11336e94dc5SPeter Avalos static int
ssh_proxy_fdpass_connect(struct ssh * ssh,const char * host,const char * host_arg,u_short port,const char * proxy_command)1140cbfa66cSDaniel Fojt ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
1150cbfa66cSDaniel Fojt     const char *host_arg, u_short port, const char *proxy_command)
11636e94dc5SPeter Avalos {
11736e94dc5SPeter Avalos 	char *command_string;
11836e94dc5SPeter Avalos 	int sp[2], sock;
11936e94dc5SPeter Avalos 	pid_t pid;
12036e94dc5SPeter Avalos 	char *shell;
12136e94dc5SPeter Avalos 
12236e94dc5SPeter Avalos 	if ((shell = getenv("SHELL")) == NULL)
12336e94dc5SPeter Avalos 		shell = _PATH_BSHELL;
12436e94dc5SPeter Avalos 
1250cbfa66cSDaniel Fojt 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) == -1)
12636e94dc5SPeter Avalos 		fatal("Could not create socketpair to communicate with "
12736e94dc5SPeter Avalos 		    "proxy dialer: %.100s", strerror(errno));
12836e94dc5SPeter Avalos 
12936e94dc5SPeter Avalos 	command_string = expand_proxy_command(proxy_command, options.user,
1300cbfa66cSDaniel Fojt 	    host, host_arg, port);
13136e94dc5SPeter Avalos 	debug("Executing proxy dialer command: %.500s", command_string);
13236e94dc5SPeter Avalos 
13336e94dc5SPeter Avalos 	/* Fork and execute the proxy command. */
13436e94dc5SPeter Avalos 	if ((pid = fork()) == 0) {
13536e94dc5SPeter Avalos 		char *argv[10];
13636e94dc5SPeter Avalos 
13736e94dc5SPeter Avalos 		close(sp[1]);
13836e94dc5SPeter Avalos 		/* Redirect stdin and stdout. */
13936e94dc5SPeter Avalos 		if (sp[0] != 0) {
1400cbfa66cSDaniel Fojt 			if (dup2(sp[0], 0) == -1)
14136e94dc5SPeter Avalos 				perror("dup2 stdin");
14236e94dc5SPeter Avalos 		}
14336e94dc5SPeter Avalos 		if (sp[0] != 1) {
1440cbfa66cSDaniel Fojt 			if (dup2(sp[0], 1) == -1)
14536e94dc5SPeter Avalos 				perror("dup2 stdout");
14636e94dc5SPeter Avalos 		}
14736e94dc5SPeter Avalos 		if (sp[0] >= 2)
14836e94dc5SPeter Avalos 			close(sp[0]);
14936e94dc5SPeter Avalos 
15036e94dc5SPeter Avalos 		/*
151664f4763Szrj 		 * Stderr is left for non-ControlPersist connections is so
152664f4763Szrj 		 * error messages may be printed on the user's terminal.
15336e94dc5SPeter Avalos 		 */
154664f4763Szrj 		if (!debug_flag && options.control_path != NULL &&
15550a69bb5SSascha Wildner 		    options.control_persist && stdfd_devnull(0, 0, 1) == -1)
15650a69bb5SSascha Wildner 			error_f("stdfd_devnull failed");
157664f4763Szrj 
15836e94dc5SPeter Avalos 		argv[0] = shell;
15936e94dc5SPeter Avalos 		argv[1] = "-c";
16036e94dc5SPeter Avalos 		argv[2] = command_string;
16136e94dc5SPeter Avalos 		argv[3] = NULL;
16236e94dc5SPeter Avalos 
16336e94dc5SPeter Avalos 		/*
16436e94dc5SPeter Avalos 		 * Execute the proxy command.
16536e94dc5SPeter Avalos 		 * Note that we gave up any extra privileges above.
16636e94dc5SPeter Avalos 		 */
16736e94dc5SPeter Avalos 		execv(argv[0], argv);
16836e94dc5SPeter Avalos 		perror(argv[0]);
16936e94dc5SPeter Avalos 		exit(1);
17036e94dc5SPeter Avalos 	}
17136e94dc5SPeter Avalos 	/* Parent. */
1720cbfa66cSDaniel Fojt 	if (pid == -1)
17336e94dc5SPeter Avalos 		fatal("fork failed: %.100s", strerror(errno));
17436e94dc5SPeter Avalos 	close(sp[0]);
17536e94dc5SPeter Avalos 	free(command_string);
17636e94dc5SPeter Avalos 
17736e94dc5SPeter Avalos 	if ((sock = mm_receive_fd(sp[1])) == -1)
17836e94dc5SPeter Avalos 		fatal("proxy dialer did not pass back a connection");
179e9778795SPeter Avalos 	close(sp[1]);
18036e94dc5SPeter Avalos 
18136e94dc5SPeter Avalos 	while (waitpid(pid, NULL, 0) == -1)
18236e94dc5SPeter Avalos 		if (errno != EINTR)
18336e94dc5SPeter Avalos 			fatal("Couldn't wait for child: %s", strerror(errno));
18436e94dc5SPeter Avalos 
18536e94dc5SPeter Avalos 	/* Set the connection file descriptors. */
186ce74bacaSMatthew Dillon 	if (ssh_packet_set_connection(ssh, sock, sock) == NULL)
187ce74bacaSMatthew Dillon 		return -1; /* ssh_packet_set_connection logs error */
18836e94dc5SPeter Avalos 
18936e94dc5SPeter Avalos 	return 0;
19036e94dc5SPeter Avalos }
19136e94dc5SPeter Avalos 
19218de8d7fSPeter Avalos /*
19318de8d7fSPeter Avalos  * Connect to the given ssh server using a proxy command.
19418de8d7fSPeter Avalos  */
19518de8d7fSPeter Avalos static int
ssh_proxy_connect(struct ssh * ssh,const char * host,const char * host_arg,u_short port,const char * proxy_command)1960cbfa66cSDaniel Fojt ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
1970cbfa66cSDaniel Fojt     u_short port, const char *proxy_command)
19818de8d7fSPeter Avalos {
19936e94dc5SPeter Avalos 	char *command_string;
20018de8d7fSPeter Avalos 	int pin[2], pout[2];
20118de8d7fSPeter Avalos 	pid_t pid;
20236e94dc5SPeter Avalos 	char *shell;
20318de8d7fSPeter Avalos 
2049f304aafSPeter Avalos 	if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
20518de8d7fSPeter Avalos 		shell = _PATH_BSHELL;
20618de8d7fSPeter Avalos 
20718de8d7fSPeter Avalos 	/* Create pipes for communicating with the proxy. */
2080cbfa66cSDaniel Fojt 	if (pipe(pin) == -1 || pipe(pout) == -1)
20918de8d7fSPeter Avalos 		fatal("Could not create pipes to communicate with the proxy: %.100s",
21018de8d7fSPeter Avalos 		    strerror(errno));
21118de8d7fSPeter Avalos 
21236e94dc5SPeter Avalos 	command_string = expand_proxy_command(proxy_command, options.user,
2130cbfa66cSDaniel Fojt 	    host, host_arg, port);
21418de8d7fSPeter Avalos 	debug("Executing proxy command: %.500s", command_string);
21518de8d7fSPeter Avalos 
21618de8d7fSPeter Avalos 	/* Fork and execute the proxy command. */
21718de8d7fSPeter Avalos 	if ((pid = fork()) == 0) {
21818de8d7fSPeter Avalos 		char *argv[10];
21918de8d7fSPeter Avalos 
22018de8d7fSPeter Avalos 		/* Redirect stdin and stdout. */
22118de8d7fSPeter Avalos 		close(pin[1]);
22218de8d7fSPeter Avalos 		if (pin[0] != 0) {
2230cbfa66cSDaniel Fojt 			if (dup2(pin[0], 0) == -1)
22418de8d7fSPeter Avalos 				perror("dup2 stdin");
22518de8d7fSPeter Avalos 			close(pin[0]);
22618de8d7fSPeter Avalos 		}
22718de8d7fSPeter Avalos 		close(pout[0]);
2280cbfa66cSDaniel Fojt 		if (dup2(pout[1], 1) == -1)
22918de8d7fSPeter Avalos 			perror("dup2 stdout");
23018de8d7fSPeter Avalos 		/* Cannot be 1 because pin allocated two descriptors. */
23118de8d7fSPeter Avalos 		close(pout[1]);
23218de8d7fSPeter Avalos 
233664f4763Szrj 		/*
234664f4763Szrj 		 * Stderr is left for non-ControlPersist connections is so
235664f4763Szrj 		 * error messages may be printed on the user's terminal.
236664f4763Szrj 		 */
237664f4763Szrj 		if (!debug_flag && options.control_path != NULL &&
23850a69bb5SSascha Wildner 		    options.control_persist && stdfd_devnull(0, 0, 1) == -1)
23950a69bb5SSascha Wildner 			error_f("stdfd_devnull failed");
240664f4763Szrj 
24118de8d7fSPeter Avalos 		argv[0] = shell;
24218de8d7fSPeter Avalos 		argv[1] = "-c";
24318de8d7fSPeter Avalos 		argv[2] = command_string;
24418de8d7fSPeter Avalos 		argv[3] = NULL;
24518de8d7fSPeter Avalos 
24650a69bb5SSascha Wildner 		/*
24750a69bb5SSascha Wildner 		 * Execute the proxy command.  Note that we gave up any
24850a69bb5SSascha Wildner 		 * extra privileges above.
24950a69bb5SSascha Wildner 		 */
2500cbfa66cSDaniel Fojt 		ssh_signal(SIGPIPE, SIG_DFL);
25118de8d7fSPeter Avalos 		execv(argv[0], argv);
25218de8d7fSPeter Avalos 		perror(argv[0]);
25318de8d7fSPeter Avalos 		exit(1);
25418de8d7fSPeter Avalos 	}
25518de8d7fSPeter Avalos 	/* Parent. */
2560cbfa66cSDaniel Fojt 	if (pid == -1)
25718de8d7fSPeter Avalos 		fatal("fork failed: %.100s", strerror(errno));
25818de8d7fSPeter Avalos 	else
25918de8d7fSPeter Avalos 		proxy_command_pid = pid; /* save pid to clean up later */
26018de8d7fSPeter Avalos 
26118de8d7fSPeter Avalos 	/* Close child side of the descriptors. */
26218de8d7fSPeter Avalos 	close(pin[0]);
26318de8d7fSPeter Avalos 	close(pout[1]);
26418de8d7fSPeter Avalos 
26518de8d7fSPeter Avalos 	/* Free the command name. */
26636e94dc5SPeter Avalos 	free(command_string);
26718de8d7fSPeter Avalos 
26818de8d7fSPeter Avalos 	/* Set the connection file descriptors. */
269ce74bacaSMatthew Dillon 	if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == NULL)
270ce74bacaSMatthew Dillon 		return -1; /* ssh_packet_set_connection logs error */
27118de8d7fSPeter Avalos 
27218de8d7fSPeter Avalos 	return 0;
27318de8d7fSPeter Avalos }
27418de8d7fSPeter Avalos 
2759f304aafSPeter Avalos void
ssh_kill_proxy_command(void)2769f304aafSPeter Avalos ssh_kill_proxy_command(void)
2779f304aafSPeter Avalos {
2789f304aafSPeter Avalos 	/*
2799f304aafSPeter Avalos 	 * Send SIGHUP to proxy command if used. We don't wait() in
2809f304aafSPeter Avalos 	 * case it hangs and instead rely on init to reap the child
2819f304aafSPeter Avalos 	 */
2829f304aafSPeter Avalos 	if (proxy_command_pid > 1)
2839f304aafSPeter Avalos 		kill(proxy_command_pid, SIGHUP);
2849f304aafSPeter Avalos }
2859f304aafSPeter Avalos 
286664f4763Szrj #ifdef HAVE_IFADDRS_H
28718de8d7fSPeter Avalos /*
288664f4763Szrj  * Search a interface address list (returned from getifaddrs(3)) for an
289664f4763Szrj  * address that matches the desired address family on the specified interface.
290664f4763Szrj  * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure.
29118de8d7fSPeter Avalos  */
29218de8d7fSPeter Avalos static int
check_ifaddrs(const char * ifname,int af,const struct ifaddrs * ifaddrs,struct sockaddr_storage * resultp,socklen_t * rlenp)293664f4763Szrj check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs,
294664f4763Szrj     struct sockaddr_storage *resultp, socklen_t *rlenp)
29518de8d7fSPeter Avalos {
296664f4763Szrj 	struct sockaddr_in6 *sa6;
297664f4763Szrj 	struct sockaddr_in *sa;
298664f4763Szrj 	struct in6_addr *v6addr;
299664f4763Szrj 	const struct ifaddrs *ifa;
300664f4763Szrj 	int allow_local;
301664f4763Szrj 
302664f4763Szrj 	/*
303664f4763Szrj 	 * Prefer addresses that are not loopback or linklocal, but use them
304664f4763Szrj 	 * if nothing else matches.
305664f4763Szrj 	 */
306664f4763Szrj 	for (allow_local = 0; allow_local < 2; allow_local++) {
307664f4763Szrj 		for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
308664f4763Szrj 			if (ifa->ifa_addr == NULL || ifa->ifa_name == NULL ||
309664f4763Szrj 			    (ifa->ifa_flags & IFF_UP) == 0 ||
310664f4763Szrj 			    ifa->ifa_addr->sa_family != af ||
311664f4763Szrj 			    strcmp(ifa->ifa_name, options.bind_interface) != 0)
312664f4763Szrj 				continue;
313664f4763Szrj 			switch (ifa->ifa_addr->sa_family) {
314664f4763Szrj 			case AF_INET:
315664f4763Szrj 				sa = (struct sockaddr_in *)ifa->ifa_addr;
316664f4763Szrj 				if (!allow_local && sa->sin_addr.s_addr ==
317664f4763Szrj 				    htonl(INADDR_LOOPBACK))
318664f4763Szrj 					continue;
319664f4763Szrj 				if (*rlenp < sizeof(struct sockaddr_in)) {
32050a69bb5SSascha Wildner 					error_f("v4 addr doesn't fit");
321664f4763Szrj 					return -1;
322664f4763Szrj 				}
323664f4763Szrj 				*rlenp = sizeof(struct sockaddr_in);
324664f4763Szrj 				memcpy(resultp, sa, *rlenp);
325664f4763Szrj 				return 0;
326664f4763Szrj 			case AF_INET6:
327664f4763Szrj 				sa6 = (struct sockaddr_in6 *)ifa->ifa_addr;
328664f4763Szrj 				v6addr = &sa6->sin6_addr;
329664f4763Szrj 				if (!allow_local &&
330664f4763Szrj 				    (IN6_IS_ADDR_LINKLOCAL(v6addr) ||
331664f4763Szrj 				    IN6_IS_ADDR_LOOPBACK(v6addr)))
332664f4763Szrj 					continue;
333664f4763Szrj 				if (*rlenp < sizeof(struct sockaddr_in6)) {
33450a69bb5SSascha Wildner 					error_f("v6 addr doesn't fit");
335664f4763Szrj 					return -1;
336664f4763Szrj 				}
337664f4763Szrj 				*rlenp = sizeof(struct sockaddr_in6);
338664f4763Szrj 				memcpy(resultp, sa6, *rlenp);
339664f4763Szrj 				return 0;
340664f4763Szrj 			}
341664f4763Szrj 		}
342664f4763Szrj 	}
343664f4763Szrj 	return -1;
344664f4763Szrj }
345664f4763Szrj #endif
346664f4763Szrj 
347664f4763Szrj /*
348664f4763Szrj  * Creates a socket for use as the ssh connection.
349664f4763Szrj  */
350664f4763Szrj static int
ssh_create_socket(struct addrinfo * ai)351664f4763Szrj ssh_create_socket(struct addrinfo *ai)
352664f4763Szrj {
353664f4763Szrj 	int sock, r;
354664f4763Szrj 	struct sockaddr_storage bindaddr;
355664f4763Szrj 	socklen_t bindaddrlen = 0;
35636e94dc5SPeter Avalos 	struct addrinfo hints, *res = NULL;
357664f4763Szrj #ifdef HAVE_IFADDRS_H
358664f4763Szrj 	struct ifaddrs *ifaddrs = NULL;
359664f4763Szrj #endif
360664f4763Szrj 	char ntop[NI_MAXHOST];
36118de8d7fSPeter Avalos 
36218de8d7fSPeter Avalos 	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
3630cbfa66cSDaniel Fojt 	if (sock == -1) {
36436e94dc5SPeter Avalos 		error("socket: %s", strerror(errno));
365856ea928SPeter Avalos 		return -1;
366856ea928SPeter Avalos 	}
367*ba1276acSMatthew Dillon 	(void)fcntl(sock, F_SETFD, FD_CLOEXEC);
36818de8d7fSPeter Avalos 
36950a69bb5SSascha Wildner 	/* Use interactive QOS (if specified) until authentication completed */
37050a69bb5SSascha Wildner 	if (options.ip_qos_interactive != INT_MAX)
37150a69bb5SSascha Wildner 		set_sock_tos(sock, options.ip_qos_interactive);
37250a69bb5SSascha Wildner 
37318de8d7fSPeter Avalos 	/* Bind the socket to an alternative local IP address */
374664f4763Szrj 	if (options.bind_address == NULL && options.bind_interface == NULL)
37518de8d7fSPeter Avalos 		return sock;
37618de8d7fSPeter Avalos 
377664f4763Szrj 	if (options.bind_address != NULL) {
37818de8d7fSPeter Avalos 		memset(&hints, 0, sizeof(hints));
37918de8d7fSPeter Avalos 		hints.ai_family = ai->ai_family;
38018de8d7fSPeter Avalos 		hints.ai_socktype = ai->ai_socktype;
38118de8d7fSPeter Avalos 		hints.ai_protocol = ai->ai_protocol;
38218de8d7fSPeter Avalos 		hints.ai_flags = AI_PASSIVE;
383664f4763Szrj 		if ((r = getaddrinfo(options.bind_address, NULL,
384664f4763Szrj 		    &hints, &res)) != 0) {
38518de8d7fSPeter Avalos 			error("getaddrinfo: %s: %s", options.bind_address,
386664f4763Szrj 			    ssh_gai_strerror(r));
387664f4763Szrj 			goto fail;
38818de8d7fSPeter Avalos 		}
389664f4763Szrj 		if (res == NULL) {
390664f4763Szrj 			error("getaddrinfo: no addrs");
391664f4763Szrj 			goto fail;
39236e94dc5SPeter Avalos 		}
393664f4763Szrj 		memcpy(&bindaddr, res->ai_addr, res->ai_addrlen);
394664f4763Szrj 		bindaddrlen = res->ai_addrlen;
395664f4763Szrj 	} else if (options.bind_interface != NULL) {
396664f4763Szrj #ifdef HAVE_IFADDRS_H
397664f4763Szrj 		if ((r = getifaddrs(&ifaddrs)) != 0) {
398664f4763Szrj 			error("getifaddrs: %s: %s", options.bind_interface,
39936e94dc5SPeter Avalos 			    strerror(errno));
40036e94dc5SPeter Avalos 			goto fail;
40136e94dc5SPeter Avalos 		}
402664f4763Szrj 		bindaddrlen = sizeof(bindaddr);
403664f4763Szrj 		if (check_ifaddrs(options.bind_interface, ai->ai_family,
404664f4763Szrj 		    ifaddrs, &bindaddr, &bindaddrlen) != 0) {
405664f4763Szrj 			logit("getifaddrs: %s: no suitable addresses",
406664f4763Szrj 			    options.bind_interface);
407664f4763Szrj 			goto fail;
408664f4763Szrj 		}
409664f4763Szrj #else
410664f4763Szrj 		error("BindInterface not supported on this platform.");
411664f4763Szrj #endif
412664f4763Szrj 	}
413664f4763Szrj 	if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen,
414664f4763Szrj 	    ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST)) != 0) {
41550a69bb5SSascha Wildner 		error_f("getnameinfo failed: %s", ssh_gai_strerror(r));
416664f4763Szrj 		goto fail;
417664f4763Szrj 	}
418664f4763Szrj 	if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
419664f4763Szrj 		error("bind %s: %s", ntop, strerror(errno));
420664f4763Szrj 		goto fail;
421664f4763Szrj 	}
42250a69bb5SSascha Wildner 	debug_f("bound to %s", ntop);
423664f4763Szrj 	/* success */
424664f4763Szrj 	goto out;
42536e94dc5SPeter Avalos fail:
42618de8d7fSPeter Avalos 	close(sock);
427664f4763Szrj 	sock = -1;
428664f4763Szrj  out:
42936e94dc5SPeter Avalos 	if (res != NULL)
43018de8d7fSPeter Avalos 		freeaddrinfo(res);
431664f4763Szrj #ifdef HAVE_IFADDRS_H
432664f4763Szrj 	if (ifaddrs != NULL)
433664f4763Szrj 		freeifaddrs(ifaddrs);
434664f4763Szrj #endif
43518de8d7fSPeter Avalos 	return sock;
43618de8d7fSPeter Avalos }
43718de8d7fSPeter Avalos 
438ce74bacaSMatthew Dillon /*
43918de8d7fSPeter Avalos  * Opens a TCP/IP connection to the remote server on the given host.
44018de8d7fSPeter Avalos  * The address of the remote host will be returned in hostaddr.
441664f4763Szrj  * If port is 0, the default port will be used.
44218de8d7fSPeter Avalos  * Connection_attempts specifies the maximum number of tries (one per
44318de8d7fSPeter Avalos  * second).  If proxy_command is non-NULL, it specifies the command (with %h
44418de8d7fSPeter Avalos  * and %p substituted for host and port, respectively) to use to contact
44518de8d7fSPeter Avalos  * the daemon.
44618de8d7fSPeter Avalos  */
44736e94dc5SPeter Avalos static int
ssh_connect_direct(struct ssh * ssh,const char * host,struct addrinfo * aitop,struct sockaddr_storage * hostaddr,u_short port,int connection_attempts,int * timeout_ms,int want_keepalive)448ce74bacaSMatthew Dillon ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
44950a69bb5SSascha Wildner     struct sockaddr_storage *hostaddr, u_short port, int connection_attempts,
45050a69bb5SSascha Wildner     int *timeout_ms, int want_keepalive)
45118de8d7fSPeter Avalos {
452664f4763Szrj 	int on = 1, saved_timeout_ms = *timeout_ms;
453664f4763Szrj 	int oerrno, sock = -1, attempt;
45418de8d7fSPeter Avalos 	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
45536e94dc5SPeter Avalos 	struct addrinfo *ai;
45618de8d7fSPeter Avalos 
45750a69bb5SSascha Wildner 	debug3_f("entering");
458e9778795SPeter Avalos 	memset(ntop, 0, sizeof(ntop));
459e9778795SPeter Avalos 	memset(strport, 0, sizeof(strport));
46018de8d7fSPeter Avalos 
46118de8d7fSPeter Avalos 	for (attempt = 0; attempt < connection_attempts; attempt++) {
46218de8d7fSPeter Avalos 		if (attempt > 0) {
46318de8d7fSPeter Avalos 			/* Sleep a moment before retrying. */
46418de8d7fSPeter Avalos 			sleep(1);
46518de8d7fSPeter Avalos 			debug("Trying again...");
46618de8d7fSPeter Avalos 		}
46718de8d7fSPeter Avalos 		/*
46818de8d7fSPeter Avalos 		 * Loop through addresses for this host, and try each one in
46918de8d7fSPeter Avalos 		 * sequence until the connection succeeds.
47018de8d7fSPeter Avalos 		 */
47118de8d7fSPeter Avalos 		for (ai = aitop; ai; ai = ai->ai_next) {
47236e94dc5SPeter Avalos 			if (ai->ai_family != AF_INET &&
473664f4763Szrj 			    ai->ai_family != AF_INET6) {
474664f4763Szrj 				errno = EAFNOSUPPORT;
47518de8d7fSPeter Avalos 				continue;
476664f4763Szrj 			}
47718de8d7fSPeter Avalos 			if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
47818de8d7fSPeter Avalos 			    ntop, sizeof(ntop), strport, sizeof(strport),
47918de8d7fSPeter Avalos 			    NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
480664f4763Szrj 				oerrno = errno;
48150a69bb5SSascha Wildner 				error_f("getnameinfo failed");
482664f4763Szrj 				errno = oerrno;
48318de8d7fSPeter Avalos 				continue;
48418de8d7fSPeter Avalos 			}
485*ba1276acSMatthew Dillon 			if (options.address_family != AF_UNSPEC &&
486*ba1276acSMatthew Dillon 			    ai->ai_family != options.address_family) {
487*ba1276acSMatthew Dillon 				debug2_f("skipping address [%s]:%s: "
488*ba1276acSMatthew Dillon 				    "wrong address family", ntop, strport);
489*ba1276acSMatthew Dillon 				errno = EAFNOSUPPORT;
490*ba1276acSMatthew Dillon 				continue;
491*ba1276acSMatthew Dillon 			}
492*ba1276acSMatthew Dillon 
49318de8d7fSPeter Avalos 			debug("Connecting to %.200s [%.100s] port %s.",
49418de8d7fSPeter Avalos 				host, ntop, strport);
49518de8d7fSPeter Avalos 
49618de8d7fSPeter Avalos 			/* Create a socket for connecting. */
497664f4763Szrj 			sock = ssh_create_socket(ai);
498664f4763Szrj 			if (sock < 0) {
49918de8d7fSPeter Avalos 				/* Any error is already output */
500664f4763Szrj 				errno = 0;
50118de8d7fSPeter Avalos 				continue;
502664f4763Szrj 			}
50318de8d7fSPeter Avalos 
504664f4763Szrj 			*timeout_ms = saved_timeout_ms;
50518de8d7fSPeter Avalos 			if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
50618de8d7fSPeter Avalos 			    timeout_ms) >= 0) {
50718de8d7fSPeter Avalos 				/* Successful connection. */
50818de8d7fSPeter Avalos 				memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
50918de8d7fSPeter Avalos 				break;
51018de8d7fSPeter Avalos 			} else {
511664f4763Szrj 				oerrno = errno;
51218de8d7fSPeter Avalos 				debug("connect to address %s port %s: %s",
51318de8d7fSPeter Avalos 				    ntop, strport, strerror(errno));
51418de8d7fSPeter Avalos 				close(sock);
51518de8d7fSPeter Avalos 				sock = -1;
516664f4763Szrj 				errno = oerrno;
51718de8d7fSPeter Avalos 			}
51818de8d7fSPeter Avalos 		}
51918de8d7fSPeter Avalos 		if (sock != -1)
52018de8d7fSPeter Avalos 			break;	/* Successful connection. */
52118de8d7fSPeter Avalos 	}
52218de8d7fSPeter Avalos 
52318de8d7fSPeter Avalos 	/* Return failure if we didn't get a successful connection. */
52418de8d7fSPeter Avalos 	if (sock == -1) {
52518de8d7fSPeter Avalos 		error("ssh: connect to host %s port %s: %s",
526664f4763Szrj 		    host, strport, errno == 0 ? "failure" : strerror(errno));
527664f4763Szrj 		return -1;
52818de8d7fSPeter Avalos 	}
52918de8d7fSPeter Avalos 
53018de8d7fSPeter Avalos 	debug("Connection established.");
53118de8d7fSPeter Avalos 
53218de8d7fSPeter Avalos 	/* Set SO_KEEPALIVE if requested. */
53318de8d7fSPeter Avalos 	if (want_keepalive &&
53418de8d7fSPeter Avalos 	    setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
5350cbfa66cSDaniel Fojt 	    sizeof(on)) == -1)
53618de8d7fSPeter Avalos 		error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
53718de8d7fSPeter Avalos 
53818de8d7fSPeter Avalos 	/* Set the connection. */
539ce74bacaSMatthew Dillon 	if (ssh_packet_set_connection(ssh, sock, sock) == NULL)
540ce74bacaSMatthew Dillon 		return -1; /* ssh_packet_set_connection logs error */
54118de8d7fSPeter Avalos 
54218de8d7fSPeter Avalos 	return 0;
54318de8d7fSPeter Avalos }
54418de8d7fSPeter Avalos 
54536e94dc5SPeter Avalos int
ssh_connect(struct ssh * ssh,const char * host,const char * host_arg,struct addrinfo * addrs,struct sockaddr_storage * hostaddr,u_short port,int connection_attempts,int * timeout_ms,int want_keepalive)5460cbfa66cSDaniel Fojt ssh_connect(struct ssh *ssh, const char *host, const char *host_arg,
5470cbfa66cSDaniel Fojt     struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port,
54850a69bb5SSascha Wildner     int connection_attempts, int *timeout_ms, int want_keepalive)
54936e94dc5SPeter Avalos {
550664f4763Szrj 	int in, out;
551664f4763Szrj 
55236e94dc5SPeter Avalos 	if (options.proxy_command == NULL) {
553ce74bacaSMatthew Dillon 		return ssh_connect_direct(ssh, host, addrs, hostaddr, port,
55450a69bb5SSascha Wildner 		    connection_attempts, timeout_ms, want_keepalive);
55536e94dc5SPeter Avalos 	} else if (strcmp(options.proxy_command, "-") == 0) {
5560cbfa66cSDaniel Fojt 		if ((in = dup(STDIN_FILENO)) == -1 ||
5570cbfa66cSDaniel Fojt 		    (out = dup(STDOUT_FILENO)) == -1) {
558664f4763Szrj 			if (in >= 0)
559664f4763Szrj 				close(in);
56050a69bb5SSascha Wildner 			error_f("dup() in/out failed");
561664f4763Szrj 			return -1; /* ssh_packet_set_connection logs error */
562664f4763Szrj 		}
563664f4763Szrj 		if ((ssh_packet_set_connection(ssh, in, out)) == NULL)
564ce74bacaSMatthew Dillon 			return -1; /* ssh_packet_set_connection logs error */
565ce74bacaSMatthew Dillon 		return 0;
56636e94dc5SPeter Avalos 	} else if (options.proxy_use_fdpass) {
5670cbfa66cSDaniel Fojt 		return ssh_proxy_fdpass_connect(ssh, host, host_arg, port,
56836e94dc5SPeter Avalos 		    options.proxy_command);
56936e94dc5SPeter Avalos 	}
5700cbfa66cSDaniel Fojt 	return ssh_proxy_connect(ssh, host, host_arg, port,
5710cbfa66cSDaniel Fojt 	    options.proxy_command);
57236e94dc5SPeter Avalos }
57336e94dc5SPeter Avalos 
57418de8d7fSPeter Avalos /* defaults to 'no' */
57518de8d7fSPeter Avalos static int
confirm(const char * prompt,const char * fingerprint)576664f4763Szrj confirm(const char *prompt, const char *fingerprint)
57718de8d7fSPeter Avalos {
57818de8d7fSPeter Avalos 	const char *msg, *again = "Please type 'yes' or 'no': ";
579664f4763Szrj 	const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
5800cbfa66cSDaniel Fojt 	char *p, *cp;
58118de8d7fSPeter Avalos 	int ret = -1;
58218de8d7fSPeter Avalos 
58318de8d7fSPeter Avalos 	if (options.batch_mode)
58418de8d7fSPeter Avalos 		return 0;
585664f4763Szrj 	for (msg = prompt;;msg = fingerprint ? again_fp : again) {
5860cbfa66cSDaniel Fojt 		cp = p = read_passphrase(msg, RP_ECHO);
587664f4763Szrj 		if (p == NULL)
588664f4763Szrj 			return 0;
5890cbfa66cSDaniel Fojt 		p += strspn(p, " \t"); /* skip leading whitespace */
5900cbfa66cSDaniel Fojt 		p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */
591664f4763Szrj 		if (p[0] == '\0' || strcasecmp(p, "no") == 0)
59218de8d7fSPeter Avalos 			ret = 0;
593664f4763Szrj 		else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
59450a69bb5SSascha Wildner 		    strcmp(p, fingerprint) == 0))
59518de8d7fSPeter Avalos 			ret = 1;
5960cbfa66cSDaniel Fojt 		free(cp);
59718de8d7fSPeter Avalos 		if (ret != -1)
59818de8d7fSPeter Avalos 			return ret;
59918de8d7fSPeter Avalos 	}
60018de8d7fSPeter Avalos }
60118de8d7fSPeter Avalos 
602856ea928SPeter Avalos static int
sockaddr_is_local(struct sockaddr * hostaddr)6039f304aafSPeter Avalos sockaddr_is_local(struct sockaddr *hostaddr)
6049f304aafSPeter Avalos {
6059f304aafSPeter Avalos 	switch (hostaddr->sa_family) {
6069f304aafSPeter Avalos 	case AF_INET:
6079f304aafSPeter Avalos 		return (ntohl(((struct sockaddr_in *)hostaddr)->
6089f304aafSPeter Avalos 		    sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
6099f304aafSPeter Avalos 	case AF_INET6:
6109f304aafSPeter Avalos 		return IN6_IS_ADDR_LOOPBACK(
6119f304aafSPeter Avalos 		    &(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
6129f304aafSPeter Avalos 	default:
6139f304aafSPeter Avalos 		return 0;
6149f304aafSPeter Avalos 	}
6159f304aafSPeter Avalos }
6169f304aafSPeter Avalos 
6179f304aafSPeter Avalos /*
6189f304aafSPeter Avalos  * Prepare the hostname and ip address strings that are used to lookup
6199f304aafSPeter Avalos  * host keys in known_hosts files. These may have a port number appended.
6209f304aafSPeter Avalos  */
6219f304aafSPeter Avalos void
get_hostfile_hostname_ipaddr(char * hostname,struct sockaddr * hostaddr,u_short port,char ** hostfile_hostname,char ** hostfile_ipaddr)6229f304aafSPeter Avalos get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
6239f304aafSPeter Avalos     u_short port, char **hostfile_hostname, char **hostfile_ipaddr)
6249f304aafSPeter Avalos {
6259f304aafSPeter Avalos 	char ntop[NI_MAXHOST];
6269f304aafSPeter Avalos 	socklen_t addrlen;
6279f304aafSPeter Avalos 
6289f304aafSPeter Avalos 	switch (hostaddr == NULL ? -1 : hostaddr->sa_family) {
6299f304aafSPeter Avalos 	case -1:
6309f304aafSPeter Avalos 		addrlen = 0;
6319f304aafSPeter Avalos 		break;
6329f304aafSPeter Avalos 	case AF_INET:
6339f304aafSPeter Avalos 		addrlen = sizeof(struct sockaddr_in);
6349f304aafSPeter Avalos 		break;
6359f304aafSPeter Avalos 	case AF_INET6:
6369f304aafSPeter Avalos 		addrlen = sizeof(struct sockaddr_in6);
6379f304aafSPeter Avalos 		break;
6389f304aafSPeter Avalos 	default:
6399f304aafSPeter Avalos 		addrlen = sizeof(struct sockaddr);
6409f304aafSPeter Avalos 		break;
6419f304aafSPeter Avalos 	}
6429f304aafSPeter Avalos 
6439f304aafSPeter Avalos 	/*
6449f304aafSPeter Avalos 	 * We don't have the remote ip-address for connections
6459f304aafSPeter Avalos 	 * using a proxy command
6469f304aafSPeter Avalos 	 */
6479f304aafSPeter Avalos 	if (hostfile_ipaddr != NULL) {
6489f304aafSPeter Avalos 		if (options.proxy_command == NULL) {
6499f304aafSPeter Avalos 			if (getnameinfo(hostaddr, addrlen,
6509f304aafSPeter Avalos 			    ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0)
65150a69bb5SSascha Wildner 				fatal_f("getnameinfo failed");
6529f304aafSPeter Avalos 			*hostfile_ipaddr = put_host_port(ntop, port);
6539f304aafSPeter Avalos 		} else {
6549f304aafSPeter Avalos 			*hostfile_ipaddr = xstrdup("<no hostip for proxy "
6559f304aafSPeter Avalos 			    "command>");
6569f304aafSPeter Avalos 		}
6579f304aafSPeter Avalos 	}
6589f304aafSPeter Avalos 
6599f304aafSPeter Avalos 	/*
6609f304aafSPeter Avalos 	 * Allow the user to record the key under a different name or
6619f304aafSPeter Avalos 	 * differentiate a non-standard port.  This is useful for ssh
6629f304aafSPeter Avalos 	 * tunneling over forwarded connections or if you run multiple
6639f304aafSPeter Avalos 	 * sshd's on different ports on the same machine.
6649f304aafSPeter Avalos 	 */
6659f304aafSPeter Avalos 	if (hostfile_hostname != NULL) {
6669f304aafSPeter Avalos 		if (options.host_key_alias != NULL) {
6679f304aafSPeter Avalos 			*hostfile_hostname = xstrdup(options.host_key_alias);
6689f304aafSPeter Avalos 			debug("using hostkeyalias: %s", *hostfile_hostname);
6699f304aafSPeter Avalos 		} else {
6709f304aafSPeter Avalos 			*hostfile_hostname = put_host_port(hostname, port);
6719f304aafSPeter Avalos 		}
6729f304aafSPeter Avalos 	}
6739f304aafSPeter Avalos }
6749f304aafSPeter Avalos 
67550a69bb5SSascha Wildner /* returns non-zero if path appears in hostfiles, or 0 if not. */
67650a69bb5SSascha Wildner static int
path_in_hostfiles(const char * path,char ** hostfiles,u_int num_hostfiles)67750a69bb5SSascha Wildner path_in_hostfiles(const char *path, char **hostfiles, u_int num_hostfiles)
67850a69bb5SSascha Wildner {
67950a69bb5SSascha Wildner 	u_int i;
68050a69bb5SSascha Wildner 
68150a69bb5SSascha Wildner 	for (i = 0; i < num_hostfiles; i++) {
68250a69bb5SSascha Wildner 		if (strcmp(path, hostfiles[i]) == 0)
68350a69bb5SSascha Wildner 			return 1;
68450a69bb5SSascha Wildner 	}
68550a69bb5SSascha Wildner 	return 0;
68650a69bb5SSascha Wildner }
68750a69bb5SSascha Wildner 
68850a69bb5SSascha Wildner struct find_by_key_ctx {
68950a69bb5SSascha Wildner 	const char *host, *ip;
69050a69bb5SSascha Wildner 	const struct sshkey *key;
69150a69bb5SSascha Wildner 	char **names;
69250a69bb5SSascha Wildner 	u_int nnames;
69350a69bb5SSascha Wildner };
69450a69bb5SSascha Wildner 
69550a69bb5SSascha Wildner /* Try to replace home directory prefix (per $HOME) with a ~/ sequence */
69650a69bb5SSascha Wildner static char *
try_tilde_unexpand(const char * path)69750a69bb5SSascha Wildner try_tilde_unexpand(const char *path)
69850a69bb5SSascha Wildner {
69950a69bb5SSascha Wildner 	char *home, *ret = NULL;
70050a69bb5SSascha Wildner 	size_t l;
70150a69bb5SSascha Wildner 
70250a69bb5SSascha Wildner 	if (*path != '/')
70350a69bb5SSascha Wildner 		return xstrdup(path);
70450a69bb5SSascha Wildner 	if ((home = getenv("HOME")) == NULL || (l = strlen(home)) == 0)
70550a69bb5SSascha Wildner 		return xstrdup(path);
70650a69bb5SSascha Wildner 	if (strncmp(path, home, l) != 0)
70750a69bb5SSascha Wildner 		return xstrdup(path);
70850a69bb5SSascha Wildner 	/*
70950a69bb5SSascha Wildner 	 * ensure we have matched on a path boundary: either the $HOME that
71050a69bb5SSascha Wildner 	 * we just compared ends with a '/' or the next character of the path
71150a69bb5SSascha Wildner 	 * must be a '/'.
71250a69bb5SSascha Wildner 	 */
71350a69bb5SSascha Wildner 	if (home[l - 1] != '/' && path[l] != '/')
71450a69bb5SSascha Wildner 		return xstrdup(path);
71550a69bb5SSascha Wildner 	if (path[l] == '/')
71650a69bb5SSascha Wildner 		l++;
71750a69bb5SSascha Wildner 	xasprintf(&ret, "~/%s", path + l);
71850a69bb5SSascha Wildner 	return ret;
71950a69bb5SSascha Wildner }
72050a69bb5SSascha Wildner 
721*ba1276acSMatthew Dillon /*
722*ba1276acSMatthew Dillon  * Returns non-zero if the key is accepted by HostkeyAlgorithms.
723*ba1276acSMatthew Dillon  * Made slightly less trivial by the multiple RSA signature algorithm names.
724*ba1276acSMatthew Dillon  */
725*ba1276acSMatthew Dillon int
hostkey_accepted_by_hostkeyalgs(const struct sshkey * key)726*ba1276acSMatthew Dillon hostkey_accepted_by_hostkeyalgs(const struct sshkey *key)
727*ba1276acSMatthew Dillon {
728*ba1276acSMatthew Dillon 	const char *ktype = sshkey_ssh_name(key);
729*ba1276acSMatthew Dillon 	const char *hostkeyalgs = options.hostkeyalgorithms;
730*ba1276acSMatthew Dillon 
731*ba1276acSMatthew Dillon 	if (key->type == KEY_UNSPEC)
732*ba1276acSMatthew Dillon 		return 0;
733*ba1276acSMatthew Dillon 	if (key->type == KEY_RSA &&
734*ba1276acSMatthew Dillon 	    (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 ||
735*ba1276acSMatthew Dillon 	    match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))
736*ba1276acSMatthew Dillon 		return 1;
737*ba1276acSMatthew Dillon 	if (key->type == KEY_RSA_CERT &&
738*ba1276acSMatthew Dillon 	    (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", hostkeyalgs, 0) == 1 ||
739*ba1276acSMatthew Dillon 	    match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", hostkeyalgs, 0) == 1))
740*ba1276acSMatthew Dillon 		return 1;
741*ba1276acSMatthew Dillon 	return match_pattern_list(ktype, hostkeyalgs, 0) == 1;
742*ba1276acSMatthew Dillon }
743*ba1276acSMatthew Dillon 
74450a69bb5SSascha Wildner static int
hostkeys_find_by_key_cb(struct hostkey_foreach_line * l,void * _ctx)74550a69bb5SSascha Wildner hostkeys_find_by_key_cb(struct hostkey_foreach_line *l, void *_ctx)
74650a69bb5SSascha Wildner {
74750a69bb5SSascha Wildner 	struct find_by_key_ctx *ctx = (struct find_by_key_ctx *)_ctx;
74850a69bb5SSascha Wildner 	char *path;
74950a69bb5SSascha Wildner 
75050a69bb5SSascha Wildner 	/* we are looking for keys with names that *do not* match */
75150a69bb5SSascha Wildner 	if ((l->match & HKF_MATCH_HOST) != 0)
75250a69bb5SSascha Wildner 		return 0;
75350a69bb5SSascha Wildner 	/* not interested in marker lines */
75450a69bb5SSascha Wildner 	if (l->marker != MRK_NONE)
75550a69bb5SSascha Wildner 		return 0;
75650a69bb5SSascha Wildner 	/* we are only interested in exact key matches */
75750a69bb5SSascha Wildner 	if (l->key == NULL || !sshkey_equal(ctx->key, l->key))
75850a69bb5SSascha Wildner 		return 0;
75950a69bb5SSascha Wildner 	path = try_tilde_unexpand(l->path);
76050a69bb5SSascha Wildner 	debug_f("found matching key in %s:%lu", path, l->linenum);
76150a69bb5SSascha Wildner 	ctx->names = xrecallocarray(ctx->names,
76250a69bb5SSascha Wildner 	    ctx->nnames, ctx->nnames + 1, sizeof(*ctx->names));
76350a69bb5SSascha Wildner 	xasprintf(&ctx->names[ctx->nnames], "%s:%lu: %s", path, l->linenum,
76450a69bb5SSascha Wildner 	    strncmp(l->hosts, HASH_MAGIC, strlen(HASH_MAGIC)) == 0 ?
76550a69bb5SSascha Wildner 	    "[hashed name]" : l->hosts);
76650a69bb5SSascha Wildner 	ctx->nnames++;
76750a69bb5SSascha Wildner 	free(path);
76850a69bb5SSascha Wildner 	return 0;
76950a69bb5SSascha Wildner }
77050a69bb5SSascha Wildner 
77150a69bb5SSascha Wildner static int
hostkeys_find_by_key_hostfile(const char * file,const char * which,struct find_by_key_ctx * ctx)77250a69bb5SSascha Wildner hostkeys_find_by_key_hostfile(const char *file, const char *which,
77350a69bb5SSascha Wildner     struct find_by_key_ctx *ctx)
77450a69bb5SSascha Wildner {
77550a69bb5SSascha Wildner 	int r;
77650a69bb5SSascha Wildner 
77750a69bb5SSascha Wildner 	debug3_f("trying %s hostfile \"%s\"", which, file);
77850a69bb5SSascha Wildner 	if ((r = hostkeys_foreach(file, hostkeys_find_by_key_cb, ctx,
77950a69bb5SSascha Wildner 	    ctx->host, ctx->ip, HKF_WANT_PARSE_KEY, 0)) != 0) {
78050a69bb5SSascha Wildner 		if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) {
78150a69bb5SSascha Wildner 			debug_f("hostkeys file %s does not exist", file);
78250a69bb5SSascha Wildner 			return 0;
78350a69bb5SSascha Wildner 		}
78450a69bb5SSascha Wildner 		error_fr(r, "hostkeys_foreach failed for %s", file);
78550a69bb5SSascha Wildner 		return r;
78650a69bb5SSascha Wildner 	}
78750a69bb5SSascha Wildner 	return 0;
78850a69bb5SSascha Wildner }
78950a69bb5SSascha Wildner 
79050a69bb5SSascha Wildner /*
79150a69bb5SSascha Wildner  * Find 'key' in known hosts file(s) that do not match host/ip.
79250a69bb5SSascha Wildner  * Used to display also-known-as information for previously-unseen hostkeys.
79350a69bb5SSascha Wildner  */
79450a69bb5SSascha Wildner static void
hostkeys_find_by_key(const char * host,const char * ip,const struct sshkey * key,char ** user_hostfiles,u_int num_user_hostfiles,char ** system_hostfiles,u_int num_system_hostfiles,char *** names,u_int * nnames)79550a69bb5SSascha Wildner hostkeys_find_by_key(const char *host, const char *ip, const struct sshkey *key,
79650a69bb5SSascha Wildner     char **user_hostfiles, u_int num_user_hostfiles,
79750a69bb5SSascha Wildner     char **system_hostfiles, u_int num_system_hostfiles,
79850a69bb5SSascha Wildner     char ***names, u_int *nnames)
79950a69bb5SSascha Wildner {
80050a69bb5SSascha Wildner 	struct find_by_key_ctx ctx = {0, 0, 0, 0, 0};
80150a69bb5SSascha Wildner 	u_int i;
80250a69bb5SSascha Wildner 
80350a69bb5SSascha Wildner 	*names = NULL;
80450a69bb5SSascha Wildner 	*nnames = 0;
80550a69bb5SSascha Wildner 
80650a69bb5SSascha Wildner 	if (key == NULL || sshkey_is_cert(key))
80750a69bb5SSascha Wildner 		return;
80850a69bb5SSascha Wildner 
80950a69bb5SSascha Wildner 	ctx.host = host;
81050a69bb5SSascha Wildner 	ctx.ip = ip;
81150a69bb5SSascha Wildner 	ctx.key = key;
81250a69bb5SSascha Wildner 
81350a69bb5SSascha Wildner 	for (i = 0; i < num_user_hostfiles; i++) {
81450a69bb5SSascha Wildner 		if (hostkeys_find_by_key_hostfile(user_hostfiles[i],
81550a69bb5SSascha Wildner 		    "user", &ctx) != 0)
81650a69bb5SSascha Wildner 			goto fail;
81750a69bb5SSascha Wildner 	}
81850a69bb5SSascha Wildner 	for (i = 0; i < num_system_hostfiles; i++) {
81950a69bb5SSascha Wildner 		if (hostkeys_find_by_key_hostfile(system_hostfiles[i],
82050a69bb5SSascha Wildner 		    "system", &ctx) != 0)
82150a69bb5SSascha Wildner 			goto fail;
82250a69bb5SSascha Wildner 	}
82350a69bb5SSascha Wildner 	/* success */
82450a69bb5SSascha Wildner 	*names = ctx.names;
82550a69bb5SSascha Wildner 	*nnames = ctx.nnames;
82650a69bb5SSascha Wildner 	ctx.names = NULL;
82750a69bb5SSascha Wildner 	ctx.nnames = 0;
82850a69bb5SSascha Wildner 	return;
82950a69bb5SSascha Wildner  fail:
83050a69bb5SSascha Wildner 	for (i = 0; i < ctx.nnames; i++)
83150a69bb5SSascha Wildner 		free(ctx.names[i]);
83250a69bb5SSascha Wildner 	free(ctx.names);
83350a69bb5SSascha Wildner }
83450a69bb5SSascha Wildner 
83550a69bb5SSascha Wildner #define MAX_OTHER_NAMES	8 /* Maximum number of names to list */
83650a69bb5SSascha Wildner static char *
other_hostkeys_message(const char * host,const char * ip,const struct sshkey * key,char ** user_hostfiles,u_int num_user_hostfiles,char ** system_hostfiles,u_int num_system_hostfiles)83750a69bb5SSascha Wildner other_hostkeys_message(const char *host, const char *ip,
83850a69bb5SSascha Wildner     const struct sshkey *key,
83950a69bb5SSascha Wildner     char **user_hostfiles, u_int num_user_hostfiles,
84050a69bb5SSascha Wildner     char **system_hostfiles, u_int num_system_hostfiles)
84150a69bb5SSascha Wildner {
84250a69bb5SSascha Wildner 	char *ret = NULL, **othernames = NULL;
84350a69bb5SSascha Wildner 	u_int i, n, num_othernames = 0;
84450a69bb5SSascha Wildner 
84550a69bb5SSascha Wildner 	hostkeys_find_by_key(host, ip, key,
84650a69bb5SSascha Wildner 	    user_hostfiles, num_user_hostfiles,
84750a69bb5SSascha Wildner 	    system_hostfiles, num_system_hostfiles,
84850a69bb5SSascha Wildner 	    &othernames, &num_othernames);
84950a69bb5SSascha Wildner 	if (num_othernames == 0)
850ee116499SAntonio Huete Jimenez 		return xstrdup("This key is not known by any other names.");
85150a69bb5SSascha Wildner 
85250a69bb5SSascha Wildner 	xasprintf(&ret, "This host key is known by the following other "
85350a69bb5SSascha Wildner 	    "names/addresses:");
85450a69bb5SSascha Wildner 
85550a69bb5SSascha Wildner 	n = num_othernames;
85650a69bb5SSascha Wildner 	if (n > MAX_OTHER_NAMES)
85750a69bb5SSascha Wildner 		n = MAX_OTHER_NAMES;
85850a69bb5SSascha Wildner 	for (i = 0; i < n; i++) {
85950a69bb5SSascha Wildner 		xextendf(&ret, "\n", "    %s", othernames[i]);
86050a69bb5SSascha Wildner 	}
86150a69bb5SSascha Wildner 	if (n < num_othernames) {
86250a69bb5SSascha Wildner 		xextendf(&ret, "\n", "    (%d additional names omitted)",
86350a69bb5SSascha Wildner 		    num_othernames - n);
86450a69bb5SSascha Wildner 	}
86550a69bb5SSascha Wildner 	for (i = 0; i < num_othernames; i++)
86650a69bb5SSascha Wildner 		free(othernames[i]);
86750a69bb5SSascha Wildner 	free(othernames);
86850a69bb5SSascha Wildner 	return ret;
86950a69bb5SSascha Wildner }
87050a69bb5SSascha Wildner 
87150a69bb5SSascha Wildner void
load_hostkeys_command(struct hostkeys * hostkeys,const char * command_template,const char * invocation,const struct ssh_conn_info * cinfo,const struct sshkey * host_key,const char * hostfile_hostname)87250a69bb5SSascha Wildner load_hostkeys_command(struct hostkeys *hostkeys, const char *command_template,
87350a69bb5SSascha Wildner     const char *invocation, const struct ssh_conn_info *cinfo,
87450a69bb5SSascha Wildner     const struct sshkey *host_key, const char *hostfile_hostname)
87550a69bb5SSascha Wildner {
87650a69bb5SSascha Wildner 	int r, i, ac = 0;
87750a69bb5SSascha Wildner 	char *key_fp = NULL, *keytext = NULL, *tmp;
87850a69bb5SSascha Wildner 	char *command = NULL, *tag = NULL, **av = NULL;
87950a69bb5SSascha Wildner 	FILE *f = NULL;
88050a69bb5SSascha Wildner 	pid_t pid;
88150a69bb5SSascha Wildner 	void (*osigchld)(int);
88250a69bb5SSascha Wildner 
88350a69bb5SSascha Wildner 	xasprintf(&tag, "KnownHostsCommand-%s", invocation);
88450a69bb5SSascha Wildner 
88550a69bb5SSascha Wildner 	if (host_key != NULL) {
88650a69bb5SSascha Wildner 		if ((key_fp = sshkey_fingerprint(host_key,
88750a69bb5SSascha Wildner 		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
88850a69bb5SSascha Wildner 			fatal_f("sshkey_fingerprint failed");
88950a69bb5SSascha Wildner 		if ((r = sshkey_to_base64(host_key, &keytext)) != 0)
89050a69bb5SSascha Wildner 			fatal_fr(r, "sshkey_to_base64 failed");
89150a69bb5SSascha Wildner 	}
89250a69bb5SSascha Wildner 	/*
89350a69bb5SSascha Wildner 	 * NB. all returns later this function should go via "out" to
89450a69bb5SSascha Wildner 	 * ensure the original SIGCHLD handler is restored properly.
89550a69bb5SSascha Wildner 	 */
89650a69bb5SSascha Wildner 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
89750a69bb5SSascha Wildner 
89850a69bb5SSascha Wildner 	/* Turn the command into an argument vector */
89950a69bb5SSascha Wildner 	if (argv_split(command_template, &ac, &av, 0) != 0) {
90050a69bb5SSascha Wildner 		error("%s \"%s\" contains invalid quotes", tag,
90150a69bb5SSascha Wildner 		    command_template);
90250a69bb5SSascha Wildner 		goto out;
90350a69bb5SSascha Wildner 	}
90450a69bb5SSascha Wildner 	if (ac == 0) {
90550a69bb5SSascha Wildner 		error("%s \"%s\" yielded no arguments", tag,
90650a69bb5SSascha Wildner 		    command_template);
90750a69bb5SSascha Wildner 		goto out;
90850a69bb5SSascha Wildner 	}
90950a69bb5SSascha Wildner 	for (i = 1; i < ac; i++) {
91050a69bb5SSascha Wildner 		tmp = percent_dollar_expand(av[i],
91150a69bb5SSascha Wildner 		    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
91250a69bb5SSascha Wildner 		    "H", hostfile_hostname,
91350a69bb5SSascha Wildner 		    "I", invocation,
91450a69bb5SSascha Wildner 		    "t", host_key == NULL ? "NONE" : sshkey_ssh_name(host_key),
91550a69bb5SSascha Wildner 		    "f", key_fp == NULL ? "NONE" : key_fp,
91650a69bb5SSascha Wildner 		    "K", keytext == NULL ? "NONE" : keytext,
91750a69bb5SSascha Wildner 		    (char *)NULL);
91850a69bb5SSascha Wildner 		if (tmp == NULL)
91950a69bb5SSascha Wildner 			fatal_f("percent_expand failed");
92050a69bb5SSascha Wildner 		free(av[i]);
92150a69bb5SSascha Wildner 		av[i] = tmp;
92250a69bb5SSascha Wildner 	}
92350a69bb5SSascha Wildner 	/* Prepare a printable command for logs, etc. */
92450a69bb5SSascha Wildner 	command = argv_assemble(ac, av);
92550a69bb5SSascha Wildner 
92650a69bb5SSascha Wildner 	if ((pid = subprocess(tag, command, ac, av, &f,
92750a69bb5SSascha Wildner 	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_UNSAFE_PATH|
92850a69bb5SSascha Wildner 	    SSH_SUBPROCESS_PRESERVE_ENV, NULL, NULL, NULL)) == 0)
92950a69bb5SSascha Wildner 		goto out;
93050a69bb5SSascha Wildner 
93150a69bb5SSascha Wildner 	load_hostkeys_file(hostkeys, hostfile_hostname, tag, f, 1);
93250a69bb5SSascha Wildner 
93350a69bb5SSascha Wildner 	if (exited_cleanly(pid, tag, command, 0) != 0)
93450a69bb5SSascha Wildner 		fatal("KnownHostsCommand failed");
93550a69bb5SSascha Wildner 
93650a69bb5SSascha Wildner  out:
93750a69bb5SSascha Wildner 	if (f != NULL)
93850a69bb5SSascha Wildner 		fclose(f);
93950a69bb5SSascha Wildner 	ssh_signal(SIGCHLD, osigchld);
94050a69bb5SSascha Wildner 	for (i = 0; i < ac; i++)
94150a69bb5SSascha Wildner 		free(av[i]);
94250a69bb5SSascha Wildner 	free(av);
94350a69bb5SSascha Wildner 	free(tag);
94450a69bb5SSascha Wildner 	free(command);
94550a69bb5SSascha Wildner 	free(key_fp);
94650a69bb5SSascha Wildner 	free(keytext);
94750a69bb5SSascha Wildner }
94850a69bb5SSascha Wildner 
94918de8d7fSPeter Avalos /*
95018de8d7fSPeter Avalos  * check whether the supplied host key is valid, return -1 if the key
9511c188a7fSPeter Avalos  * is not valid. user_hostfile[0] will not be updated if 'readonly' is true.
95218de8d7fSPeter Avalos  */
95318de8d7fSPeter Avalos #define RDRW	0
95418de8d7fSPeter Avalos #define RDONLY	1
95518de8d7fSPeter Avalos #define ROQUIET	2
95618de8d7fSPeter Avalos static int
check_host_key(char * hostname,const struct ssh_conn_info * cinfo,struct sockaddr * hostaddr,u_short port,struct sshkey * host_key,int readonly,int clobber_port,char ** user_hostfiles,u_int num_user_hostfiles,char ** system_hostfiles,u_int num_system_hostfiles,const char * hostfile_command)95750a69bb5SSascha Wildner check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
95850a69bb5SSascha Wildner     struct sockaddr *hostaddr, u_short port,
95950a69bb5SSascha Wildner     struct sshkey *host_key, int readonly, int clobber_port,
9601c188a7fSPeter Avalos     char **user_hostfiles, u_int num_user_hostfiles,
96150a69bb5SSascha Wildner     char **system_hostfiles, u_int num_system_hostfiles,
96250a69bb5SSascha Wildner     const char *hostfile_command)
96318de8d7fSPeter Avalos {
96450a69bb5SSascha Wildner 	HostStatus host_status = -1, ip_status = -1;
965ce74bacaSMatthew Dillon 	struct sshkey *raw_key = NULL;
9661c188a7fSPeter Avalos 	char *ip = NULL, *host = NULL;
9671c188a7fSPeter Avalos 	char hostline[1000], *hostp, *fp, *ra;
96818de8d7fSPeter Avalos 	char msg[1024];
969*ba1276acSMatthew Dillon 	const char *type, *fail_reason = NULL;
97050a69bb5SSascha Wildner 	const struct hostkey_entry *host_found = NULL, *ip_found = NULL;
971664f4763Szrj 	int len, cancelled_forwarding = 0, confirmed;
9721c188a7fSPeter Avalos 	int local = sockaddr_is_local(hostaddr);
973ce74bacaSMatthew Dillon 	int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
974e9778795SPeter Avalos 	int hostkey_trusted = 0; /* Known or explicitly accepted by user */
9751c188a7fSPeter Avalos 	struct hostkeys *host_hostkeys, *ip_hostkeys;
9761c188a7fSPeter Avalos 	u_int i;
97718de8d7fSPeter Avalos 
97818de8d7fSPeter Avalos 	/*
97918de8d7fSPeter Avalos 	 * Force accepting of the host key for loopback/localhost. The
98018de8d7fSPeter Avalos 	 * problem is that if the home directory is NFS-mounted to multiple
98118de8d7fSPeter Avalos 	 * machines, localhost will refer to a different machine in each of
98218de8d7fSPeter Avalos 	 * them, and the user will get bogus HOST_CHANGED warnings.  This
98318de8d7fSPeter Avalos 	 * essentially disables host authentication for localhost; however,
98418de8d7fSPeter Avalos 	 * this is probably not a real problem.
98518de8d7fSPeter Avalos 	 */
98618de8d7fSPeter Avalos 	if (options.no_host_authentication_for_localhost == 1 && local &&
98718de8d7fSPeter Avalos 	    options.host_key_alias == NULL) {
98818de8d7fSPeter Avalos 		debug("Forcing accepting of host key for "
98918de8d7fSPeter Avalos 		    "loopback/localhost.");
99050a69bb5SSascha Wildner 		options.update_hostkeys = 0;
99118de8d7fSPeter Avalos 		return 0;
99218de8d7fSPeter Avalos 	}
99318de8d7fSPeter Avalos 
99418de8d7fSPeter Avalos 	/*
995*ba1276acSMatthew Dillon 	 * Don't ever try to write an invalid name to a known hosts file.
996*ba1276acSMatthew Dillon 	 * Note: do this before get_hostfile_hostname_ipaddr() to catch
997*ba1276acSMatthew Dillon 	 * '[' or ']' in the name before they are added.
998*ba1276acSMatthew Dillon 	 */
999*ba1276acSMatthew Dillon 	if (strcspn(hostname, "@?*#[]|'\'\"\\") != strlen(hostname)) {
1000*ba1276acSMatthew Dillon 		debug_f("invalid hostname \"%s\"; will not record: %s",
1001*ba1276acSMatthew Dillon 		    hostname, fail_reason);
1002*ba1276acSMatthew Dillon 		readonly = RDONLY;
1003*ba1276acSMatthew Dillon 	}
1004*ba1276acSMatthew Dillon 
1005*ba1276acSMatthew Dillon 	/*
10069f304aafSPeter Avalos 	 * Prepare the hostname and address strings used for hostkey lookup.
10079f304aafSPeter Avalos 	 * In some cases, these will have a port number appended.
100818de8d7fSPeter Avalos 	 */
100950a69bb5SSascha Wildner 	get_hostfile_hostname_ipaddr(hostname, hostaddr,
101050a69bb5SSascha Wildner 	    clobber_port ? 0 : port, &host, &ip);
101118de8d7fSPeter Avalos 
101218de8d7fSPeter Avalos 	/*
101318de8d7fSPeter Avalos 	 * Turn off check_host_ip if the connection is to localhost, via proxy
101418de8d7fSPeter Avalos 	 * command or if we don't have a hostname to compare with
101518de8d7fSPeter Avalos 	 */
101618de8d7fSPeter Avalos 	if (options.check_host_ip && (local ||
101718de8d7fSPeter Avalos 	    strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
101818de8d7fSPeter Avalos 		options.check_host_ip = 0;
101918de8d7fSPeter Avalos 
10209f304aafSPeter Avalos 	host_hostkeys = init_hostkeys();
10211c188a7fSPeter Avalos 	for (i = 0; i < num_user_hostfiles; i++)
102250a69bb5SSascha Wildner 		load_hostkeys(host_hostkeys, host, user_hostfiles[i], 0);
10231c188a7fSPeter Avalos 	for (i = 0; i < num_system_hostfiles; i++)
102450a69bb5SSascha Wildner 		load_hostkeys(host_hostkeys, host, system_hostfiles[i], 0);
102550a69bb5SSascha Wildner 	if (hostfile_command != NULL && !clobber_port) {
102650a69bb5SSascha Wildner 		load_hostkeys_command(host_hostkeys, hostfile_command,
102750a69bb5SSascha Wildner 		    "HOSTNAME", cinfo, host_key, host);
102850a69bb5SSascha Wildner 	}
10299f304aafSPeter Avalos 
10309f304aafSPeter Avalos 	ip_hostkeys = NULL;
10319f304aafSPeter Avalos 	if (!want_cert && options.check_host_ip) {
10329f304aafSPeter Avalos 		ip_hostkeys = init_hostkeys();
10331c188a7fSPeter Avalos 		for (i = 0; i < num_user_hostfiles; i++)
103450a69bb5SSascha Wildner 			load_hostkeys(ip_hostkeys, ip, user_hostfiles[i], 0);
10351c188a7fSPeter Avalos 		for (i = 0; i < num_system_hostfiles; i++)
103650a69bb5SSascha Wildner 			load_hostkeys(ip_hostkeys, ip, system_hostfiles[i], 0);
103750a69bb5SSascha Wildner 		if (hostfile_command != NULL && !clobber_port) {
103850a69bb5SSascha Wildner 			load_hostkeys_command(ip_hostkeys, hostfile_command,
103950a69bb5SSascha Wildner 			    "ADDRESS", cinfo, host_key, ip);
104050a69bb5SSascha Wildner 		}
104118de8d7fSPeter Avalos 	}
104218de8d7fSPeter Avalos 
1043856ea928SPeter Avalos  retry:
1044*ba1276acSMatthew Dillon 	if (!hostkey_accepted_by_hostkeyalgs(host_key)) {
1045*ba1276acSMatthew Dillon 		error("host key %s not permitted by HostkeyAlgorithms",
1046*ba1276acSMatthew Dillon 		    sshkey_ssh_name(host_key));
1047*ba1276acSMatthew Dillon 		goto fail;
1048*ba1276acSMatthew Dillon 	}
1049*ba1276acSMatthew Dillon 
10509f304aafSPeter Avalos 	/* Reload these as they may have changed on cert->key downgrade */
1051ce74bacaSMatthew Dillon 	want_cert = sshkey_is_cert(host_key);
1052ce74bacaSMatthew Dillon 	type = sshkey_type(host_key);
1053856ea928SPeter Avalos 
105418de8d7fSPeter Avalos 	/*
105518de8d7fSPeter Avalos 	 * Check if the host key is present in the user's list of known
105618de8d7fSPeter Avalos 	 * hosts or in the systemwide list.
105718de8d7fSPeter Avalos 	 */
10589f304aafSPeter Avalos 	host_status = check_key_in_hostkeys(host_hostkeys, host_key,
10599f304aafSPeter Avalos 	    &host_found);
10609f304aafSPeter Avalos 
106118de8d7fSPeter Avalos 	/*
106250a69bb5SSascha Wildner 	 * If there are no hostfiles, or if the hostkey was found via
106350a69bb5SSascha Wildner 	 * KnownHostsCommand, then don't try to touch the disk.
106450a69bb5SSascha Wildner 	 */
106550a69bb5SSascha Wildner 	if (!readonly && (num_user_hostfiles == 0 ||
106650a69bb5SSascha Wildner 	    (host_found != NULL && host_found->note != 0)))
106750a69bb5SSascha Wildner 		readonly = RDONLY;
106850a69bb5SSascha Wildner 
106950a69bb5SSascha Wildner 	/*
107018de8d7fSPeter Avalos 	 * Also perform check for the ip address, skip the check if we are
1071856ea928SPeter Avalos 	 * localhost, looking for a certificate, or the hostname was an ip
1072856ea928SPeter Avalos 	 * address to begin with.
107318de8d7fSPeter Avalos 	 */
10749f304aafSPeter Avalos 	if (!want_cert && ip_hostkeys != NULL) {
10759f304aafSPeter Avalos 		ip_status = check_key_in_hostkeys(ip_hostkeys, host_key,
10769f304aafSPeter Avalos 		    &ip_found);
107718de8d7fSPeter Avalos 		if (host_status == HOST_CHANGED &&
10789f304aafSPeter Avalos 		    (ip_status != HOST_CHANGED ||
10799f304aafSPeter Avalos 		    (ip_found != NULL &&
1080ce74bacaSMatthew Dillon 		    !sshkey_equal(ip_found->key, host_found->key))))
108118de8d7fSPeter Avalos 			host_ip_differ = 1;
108218de8d7fSPeter Avalos 	} else
108318de8d7fSPeter Avalos 		ip_status = host_status;
108418de8d7fSPeter Avalos 
108518de8d7fSPeter Avalos 	switch (host_status) {
108618de8d7fSPeter Avalos 	case HOST_OK:
108718de8d7fSPeter Avalos 		/* The host is known and the key matches. */
1088856ea928SPeter Avalos 		debug("Host '%.200s' is known and matches the %s host %s.",
1089856ea928SPeter Avalos 		    host, type, want_cert ? "certificate" : "key");
10909f304aafSPeter Avalos 		debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",
10919f304aafSPeter Avalos 		    host_found->file, host_found->line);
109250a69bb5SSascha Wildner 		if (want_cert) {
109350a69bb5SSascha Wildner 			if (sshkey_cert_check_host(host_key,
109450a69bb5SSascha Wildner 			    options.host_key_alias == NULL ?
109550a69bb5SSascha Wildner 			    hostname : options.host_key_alias, 0,
109650a69bb5SSascha Wildner 			    options.ca_sign_algorithms, &fail_reason) != 0) {
109750a69bb5SSascha Wildner 				error("%s", fail_reason);
1098856ea928SPeter Avalos 				goto fail;
109950a69bb5SSascha Wildner 			}
110050a69bb5SSascha Wildner 			/*
110150a69bb5SSascha Wildner 			 * Do not attempt hostkey update if a certificate was
110250a69bb5SSascha Wildner 			 * successfully matched.
110350a69bb5SSascha Wildner 			 */
110450a69bb5SSascha Wildner 			if (options.update_hostkeys != 0) {
110550a69bb5SSascha Wildner 				options.update_hostkeys = 0;
110650a69bb5SSascha Wildner 				debug3_f("certificate host key in use; "
110750a69bb5SSascha Wildner 				    "disabling UpdateHostkeys");
110850a69bb5SSascha Wildner 			}
110950a69bb5SSascha Wildner 		}
111050a69bb5SSascha Wildner 		/* Turn off UpdateHostkeys if key was in system known_hosts */
111150a69bb5SSascha Wildner 		if (options.update_hostkeys != 0 &&
111250a69bb5SSascha Wildner 		    (path_in_hostfiles(host_found->file,
111350a69bb5SSascha Wildner 		    system_hostfiles, num_system_hostfiles) ||
111450a69bb5SSascha Wildner 		    (ip_status == HOST_OK && ip_found != NULL &&
111550a69bb5SSascha Wildner 		    path_in_hostfiles(ip_found->file,
111650a69bb5SSascha Wildner 		    system_hostfiles, num_system_hostfiles)))) {
111750a69bb5SSascha Wildner 			options.update_hostkeys = 0;
111850a69bb5SSascha Wildner 			debug3_f("host key found in GlobalKnownHostsFile; "
111950a69bb5SSascha Wildner 			    "disabling UpdateHostkeys");
112050a69bb5SSascha Wildner 		}
112150a69bb5SSascha Wildner 		if (options.update_hostkeys != 0 && host_found->note) {
112250a69bb5SSascha Wildner 			options.update_hostkeys = 0;
112350a69bb5SSascha Wildner 			debug3_f("host key found via KnownHostsCommand; "
112450a69bb5SSascha Wildner 			    "disabling UpdateHostkeys");
112550a69bb5SSascha Wildner 		}
112618de8d7fSPeter Avalos 		if (options.check_host_ip && ip_status == HOST_NEW) {
1127856ea928SPeter Avalos 			if (readonly || want_cert)
112818de8d7fSPeter Avalos 				logit("%s host key for IP address "
112918de8d7fSPeter Avalos 				    "'%.128s' not in list of known hosts.",
113018de8d7fSPeter Avalos 				    type, ip);
11311c188a7fSPeter Avalos 			else if (!add_host_to_hostfile(user_hostfiles[0], ip,
113218de8d7fSPeter Avalos 			    host_key, options.hash_known_hosts))
113318de8d7fSPeter Avalos 				logit("Failed to add the %s host key for IP "
113418de8d7fSPeter Avalos 				    "address '%.128s' to the list of known "
1135e9778795SPeter Avalos 				    "hosts (%.500s).", type, ip,
11361c188a7fSPeter Avalos 				    user_hostfiles[0]);
113718de8d7fSPeter Avalos 			else
113818de8d7fSPeter Avalos 				logit("Warning: Permanently added the %s host "
113918de8d7fSPeter Avalos 				    "key for IP address '%.128s' to the list "
114018de8d7fSPeter Avalos 				    "of known hosts.", type, ip);
114118de8d7fSPeter Avalos 		} else if (options.visual_host_key) {
1142e9778795SPeter Avalos 			fp = sshkey_fingerprint(host_key,
1143e9778795SPeter Avalos 			    options.fingerprint_hash, SSH_FP_DEFAULT);
1144e9778795SPeter Avalos 			ra = sshkey_fingerprint(host_key,
1145e9778795SPeter Avalos 			    options.fingerprint_hash, SSH_FP_RANDOMART);
1146e9778795SPeter Avalos 			if (fp == NULL || ra == NULL)
114750a69bb5SSascha Wildner 				fatal_f("sshkey_fingerprint failed");
1148e9778795SPeter Avalos 			logit("Host key fingerprint is %s\n%s", fp, ra);
114936e94dc5SPeter Avalos 			free(ra);
115036e94dc5SPeter Avalos 			free(fp);
115118de8d7fSPeter Avalos 		}
1152e9778795SPeter Avalos 		hostkey_trusted = 1;
115318de8d7fSPeter Avalos 		break;
115418de8d7fSPeter Avalos 	case HOST_NEW:
115518de8d7fSPeter Avalos 		if (options.host_key_alias == NULL && port != 0 &&
115650a69bb5SSascha Wildner 		    port != SSH_DEFAULT_PORT && !clobber_port) {
115718de8d7fSPeter Avalos 			debug("checking without port identifier");
115850a69bb5SSascha Wildner 			if (check_host_key(hostname, cinfo, hostaddr, 0,
115950a69bb5SSascha Wildner 			    host_key, ROQUIET, 1,
116050a69bb5SSascha Wildner 			    user_hostfiles, num_user_hostfiles,
116150a69bb5SSascha Wildner 			    system_hostfiles, num_system_hostfiles,
116250a69bb5SSascha Wildner 			    hostfile_command) == 0) {
116318de8d7fSPeter Avalos 				debug("found matching key w/out port");
116418de8d7fSPeter Avalos 				break;
116518de8d7fSPeter Avalos 			}
116618de8d7fSPeter Avalos 		}
1167856ea928SPeter Avalos 		if (readonly || want_cert)
116818de8d7fSPeter Avalos 			goto fail;
116918de8d7fSPeter Avalos 		/* The host is new. */
1170ce74bacaSMatthew Dillon 		if (options.strict_host_key_checking ==
1171ce74bacaSMatthew Dillon 		    SSH_STRICT_HOSTKEY_YES) {
117218de8d7fSPeter Avalos 			/*
117318de8d7fSPeter Avalos 			 * User has requested strict host key checking.  We
117418de8d7fSPeter Avalos 			 * will not add the host key automatically.  The only
117518de8d7fSPeter Avalos 			 * alternative left is to abort.
117618de8d7fSPeter Avalos 			 */
117718de8d7fSPeter Avalos 			error("No %s host key is known for %.200s and you "
117818de8d7fSPeter Avalos 			    "have requested strict checking.", type, host);
117918de8d7fSPeter Avalos 			goto fail;
1180ce74bacaSMatthew Dillon 		} else if (options.strict_host_key_checking ==
1181ce74bacaSMatthew Dillon 		    SSH_STRICT_HOSTKEY_ASK) {
118250a69bb5SSascha Wildner 			char *msg1 = NULL, *msg2 = NULL;
118318de8d7fSPeter Avalos 
118450a69bb5SSascha Wildner 			xasprintf(&msg1, "The authenticity of host "
118550a69bb5SSascha Wildner 			    "'%.200s (%s)' can't be established", host, ip);
118650a69bb5SSascha Wildner 
118750a69bb5SSascha Wildner 			if (show_other_keys(host_hostkeys, host_key)) {
118850a69bb5SSascha Wildner 				xextendf(&msg1, "\n", "but keys of different "
118950a69bb5SSascha Wildner 				    "type are already known for this host.");
119050a69bb5SSascha Wildner 			} else
119150a69bb5SSascha Wildner 				xextendf(&msg1, "", ".");
119250a69bb5SSascha Wildner 
1193e9778795SPeter Avalos 			fp = sshkey_fingerprint(host_key,
1194e9778795SPeter Avalos 			    options.fingerprint_hash, SSH_FP_DEFAULT);
1195e9778795SPeter Avalos 			ra = sshkey_fingerprint(host_key,
1196e9778795SPeter Avalos 			    options.fingerprint_hash, SSH_FP_RANDOMART);
1197e9778795SPeter Avalos 			if (fp == NULL || ra == NULL)
119850a69bb5SSascha Wildner 				fatal_f("sshkey_fingerprint failed");
119950a69bb5SSascha Wildner 			xextendf(&msg1, "\n", "%s key fingerprint is %s.",
120050a69bb5SSascha Wildner 			    type, fp);
120150a69bb5SSascha Wildner 			if (options.visual_host_key)
120250a69bb5SSascha Wildner 				xextendf(&msg1, "\n", "%s", ra);
120318de8d7fSPeter Avalos 			if (options.verify_host_key_dns) {
120450a69bb5SSascha Wildner 				xextendf(&msg1, "\n",
120550a69bb5SSascha Wildner 				    "%s host key fingerprint found in DNS.",
120650a69bb5SSascha Wildner 				    matching_host_key_dns ?
120750a69bb5SSascha Wildner 				    "Matching" : "No matching");
120818de8d7fSPeter Avalos 			}
120950a69bb5SSascha Wildner 			/* msg2 informs for other names matching this key */
121050a69bb5SSascha Wildner 			if ((msg2 = other_hostkeys_message(host, ip, host_key,
121150a69bb5SSascha Wildner 			    user_hostfiles, num_user_hostfiles,
121250a69bb5SSascha Wildner 			    system_hostfiles, num_system_hostfiles)) != NULL)
121350a69bb5SSascha Wildner 				xextendf(&msg1, "\n", "%s", msg2);
121450a69bb5SSascha Wildner 
121550a69bb5SSascha Wildner 			xextendf(&msg1, "\n",
121618de8d7fSPeter Avalos 			    "Are you sure you want to continue connecting "
121750a69bb5SSascha Wildner 			    "(yes/no/[fingerprint])? ");
121850a69bb5SSascha Wildner 
121950a69bb5SSascha Wildner 			confirmed = confirm(msg1, fp);
122036e94dc5SPeter Avalos 			free(ra);
122136e94dc5SPeter Avalos 			free(fp);
122250a69bb5SSascha Wildner 			free(msg1);
122350a69bb5SSascha Wildner 			free(msg2);
1224664f4763Szrj 			if (!confirmed)
122518de8d7fSPeter Avalos 				goto fail;
1226e9778795SPeter Avalos 			hostkey_trusted = 1; /* user explicitly confirmed */
122718de8d7fSPeter Avalos 		}
122818de8d7fSPeter Avalos 		/*
1229ce74bacaSMatthew Dillon 		 * If in "new" or "off" strict mode, add the key automatically
1230ce74bacaSMatthew Dillon 		 * to the local known_hosts file.
123118de8d7fSPeter Avalos 		 */
123218de8d7fSPeter Avalos 		if (options.check_host_ip && ip_status == HOST_NEW) {
12339f304aafSPeter Avalos 			snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
123418de8d7fSPeter Avalos 			hostp = hostline;
123518de8d7fSPeter Avalos 			if (options.hash_known_hosts) {
123618de8d7fSPeter Avalos 				/* Add hash of host and IP separately */
12371c188a7fSPeter Avalos 				r = add_host_to_hostfile(user_hostfiles[0],
12381c188a7fSPeter Avalos 				    host, host_key, options.hash_known_hosts) &&
12391c188a7fSPeter Avalos 				    add_host_to_hostfile(user_hostfiles[0], ip,
124018de8d7fSPeter Avalos 				    host_key, options.hash_known_hosts);
124118de8d7fSPeter Avalos 			} else {
124218de8d7fSPeter Avalos 				/* Add unhashed "host,ip" */
12431c188a7fSPeter Avalos 				r = add_host_to_hostfile(user_hostfiles[0],
124418de8d7fSPeter Avalos 				    hostline, host_key,
124518de8d7fSPeter Avalos 				    options.hash_known_hosts);
124618de8d7fSPeter Avalos 			}
124718de8d7fSPeter Avalos 		} else {
12481c188a7fSPeter Avalos 			r = add_host_to_hostfile(user_hostfiles[0], host,
12491c188a7fSPeter Avalos 			    host_key, options.hash_known_hosts);
125018de8d7fSPeter Avalos 			hostp = host;
125118de8d7fSPeter Avalos 		}
125218de8d7fSPeter Avalos 
125318de8d7fSPeter Avalos 		if (!r)
125418de8d7fSPeter Avalos 			logit("Failed to add the host to the list of known "
12551c188a7fSPeter Avalos 			    "hosts (%.500s).", user_hostfiles[0]);
125618de8d7fSPeter Avalos 		else
125718de8d7fSPeter Avalos 			logit("Warning: Permanently added '%.200s' (%s) to the "
125818de8d7fSPeter Avalos 			    "list of known hosts.", hostp, type);
125918de8d7fSPeter Avalos 		break;
1260856ea928SPeter Avalos 	case HOST_REVOKED:
1261856ea928SPeter Avalos 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1262856ea928SPeter Avalos 		error("@       WARNING: REVOKED HOST KEY DETECTED!               @");
1263856ea928SPeter Avalos 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1264856ea928SPeter Avalos 		error("The %s host key for %s is marked as revoked.", type, host);
1265856ea928SPeter Avalos 		error("This could mean that a stolen key is being used to");
1266856ea928SPeter Avalos 		error("impersonate this host.");
1267856ea928SPeter Avalos 
1268856ea928SPeter Avalos 		/*
1269856ea928SPeter Avalos 		 * If strict host key checking is in use, the user will have
1270856ea928SPeter Avalos 		 * to edit the key manually and we can only abort.
1271856ea928SPeter Avalos 		 */
1272ce74bacaSMatthew Dillon 		if (options.strict_host_key_checking !=
1273ce74bacaSMatthew Dillon 		    SSH_STRICT_HOSTKEY_OFF) {
1274856ea928SPeter Avalos 			error("%s host key for %.200s was revoked and you have "
1275856ea928SPeter Avalos 			    "requested strict checking.", type, host);
1276856ea928SPeter Avalos 			goto fail;
1277856ea928SPeter Avalos 		}
1278856ea928SPeter Avalos 		goto continue_unsafe;
1279856ea928SPeter Avalos 
128018de8d7fSPeter Avalos 	case HOST_CHANGED:
1281856ea928SPeter Avalos 		if (want_cert) {
1282856ea928SPeter Avalos 			/*
1283856ea928SPeter Avalos 			 * This is only a debug() since it is valid to have
1284856ea928SPeter Avalos 			 * CAs with wildcard DNS matches that don't match
1285856ea928SPeter Avalos 			 * all hosts that one might visit.
1286856ea928SPeter Avalos 			 */
1287856ea928SPeter Avalos 			debug("Host certificate authority does not "
12889f304aafSPeter Avalos 			    "match %s in %s:%lu", CA_MARKER,
12899f304aafSPeter Avalos 			    host_found->file, host_found->line);
1290856ea928SPeter Avalos 			goto fail;
1291856ea928SPeter Avalos 		}
129218de8d7fSPeter Avalos 		if (readonly == ROQUIET)
129318de8d7fSPeter Avalos 			goto fail;
129418de8d7fSPeter Avalos 		if (options.check_host_ip && host_ip_differ) {
129518de8d7fSPeter Avalos 			char *key_msg;
129618de8d7fSPeter Avalos 			if (ip_status == HOST_NEW)
129718de8d7fSPeter Avalos 				key_msg = "is unknown";
129818de8d7fSPeter Avalos 			else if (ip_status == HOST_OK)
129918de8d7fSPeter Avalos 				key_msg = "is unchanged";
130018de8d7fSPeter Avalos 			else
130118de8d7fSPeter Avalos 				key_msg = "has a different value";
130218de8d7fSPeter Avalos 			error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
130318de8d7fSPeter Avalos 			error("@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @");
130418de8d7fSPeter Avalos 			error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
130518de8d7fSPeter Avalos 			error("The %s host key for %s has changed,", type, host);
130618de8d7fSPeter Avalos 			error("and the key for the corresponding IP address %s", ip);
130718de8d7fSPeter Avalos 			error("%s. This could either mean that", key_msg);
130818de8d7fSPeter Avalos 			error("DNS SPOOFING is happening or the IP address for the host");
130918de8d7fSPeter Avalos 			error("and its host key have changed at the same time.");
131018de8d7fSPeter Avalos 			if (ip_status != HOST_NEW)
13119f304aafSPeter Avalos 				error("Offending key for IP in %s:%lu",
13129f304aafSPeter Avalos 				    ip_found->file, ip_found->line);
131318de8d7fSPeter Avalos 		}
131418de8d7fSPeter Avalos 		/* The host key has changed. */
131518de8d7fSPeter Avalos 		warn_changed_key(host_key);
1316*ba1276acSMatthew Dillon 		if (num_user_hostfiles > 0 || num_system_hostfiles > 0) {
1317*ba1276acSMatthew Dillon 			error("Add correct host key in %.100s to get rid "
1318*ba1276acSMatthew Dillon 			    "of this message.", num_user_hostfiles > 0 ?
1319*ba1276acSMatthew Dillon 			    user_hostfiles[0] : system_hostfiles[0]);
1320*ba1276acSMatthew Dillon 		}
1321ce74bacaSMatthew Dillon 		error("Offending %s key in %s:%lu",
1322ce74bacaSMatthew Dillon 		    sshkey_type(host_found->key),
13239f304aafSPeter Avalos 		    host_found->file, host_found->line);
132418de8d7fSPeter Avalos 
132518de8d7fSPeter Avalos 		/*
132618de8d7fSPeter Avalos 		 * If strict host key checking is in use, the user will have
132718de8d7fSPeter Avalos 		 * to edit the key manually and we can only abort.
132818de8d7fSPeter Avalos 		 */
1329ce74bacaSMatthew Dillon 		if (options.strict_host_key_checking !=
1330ce74bacaSMatthew Dillon 		    SSH_STRICT_HOSTKEY_OFF) {
133150a69bb5SSascha Wildner 			error("Host key for %.200s has changed and you have "
133250a69bb5SSascha Wildner 			    "requested strict checking.", host);
133318de8d7fSPeter Avalos 			goto fail;
133418de8d7fSPeter Avalos 		}
133518de8d7fSPeter Avalos 
1336856ea928SPeter Avalos  continue_unsafe:
133718de8d7fSPeter Avalos 		/*
133818de8d7fSPeter Avalos 		 * If strict host key checking has not been requested, allow
133918de8d7fSPeter Avalos 		 * the connection but without MITM-able authentication or
134018de8d7fSPeter Avalos 		 * forwarding.
134118de8d7fSPeter Avalos 		 */
134218de8d7fSPeter Avalos 		if (options.password_authentication) {
134318de8d7fSPeter Avalos 			error("Password authentication is disabled to avoid "
134418de8d7fSPeter Avalos 			    "man-in-the-middle attacks.");
134518de8d7fSPeter Avalos 			options.password_authentication = 0;
134618de8d7fSPeter Avalos 			cancelled_forwarding = 1;
134718de8d7fSPeter Avalos 		}
134818de8d7fSPeter Avalos 		if (options.kbd_interactive_authentication) {
134918de8d7fSPeter Avalos 			error("Keyboard-interactive authentication is disabled"
135018de8d7fSPeter Avalos 			    " to avoid man-in-the-middle attacks.");
135118de8d7fSPeter Avalos 			options.kbd_interactive_authentication = 0;
135218de8d7fSPeter Avalos 			cancelled_forwarding = 1;
135318de8d7fSPeter Avalos 		}
135418de8d7fSPeter Avalos 		if (options.forward_agent) {
135518de8d7fSPeter Avalos 			error("Agent forwarding is disabled to avoid "
135618de8d7fSPeter Avalos 			    "man-in-the-middle attacks.");
135718de8d7fSPeter Avalos 			options.forward_agent = 0;
135818de8d7fSPeter Avalos 			cancelled_forwarding = 1;
135918de8d7fSPeter Avalos 		}
136018de8d7fSPeter Avalos 		if (options.forward_x11) {
136118de8d7fSPeter Avalos 			error("X11 forwarding is disabled to avoid "
136218de8d7fSPeter Avalos 			    "man-in-the-middle attacks.");
136318de8d7fSPeter Avalos 			options.forward_x11 = 0;
136418de8d7fSPeter Avalos 			cancelled_forwarding = 1;
136518de8d7fSPeter Avalos 		}
136618de8d7fSPeter Avalos 		if (options.num_local_forwards > 0 ||
136718de8d7fSPeter Avalos 		    options.num_remote_forwards > 0) {
136818de8d7fSPeter Avalos 			error("Port forwarding is disabled to avoid "
136918de8d7fSPeter Avalos 			    "man-in-the-middle attacks.");
137018de8d7fSPeter Avalos 			options.num_local_forwards =
137118de8d7fSPeter Avalos 			    options.num_remote_forwards = 0;
137218de8d7fSPeter Avalos 			cancelled_forwarding = 1;
137318de8d7fSPeter Avalos 		}
137418de8d7fSPeter Avalos 		if (options.tun_open != SSH_TUNMODE_NO) {
137518de8d7fSPeter Avalos 			error("Tunnel forwarding is disabled to avoid "
137618de8d7fSPeter Avalos 			    "man-in-the-middle attacks.");
137718de8d7fSPeter Avalos 			options.tun_open = SSH_TUNMODE_NO;
137818de8d7fSPeter Avalos 			cancelled_forwarding = 1;
137918de8d7fSPeter Avalos 		}
138050a69bb5SSascha Wildner 		if (options.update_hostkeys != 0) {
138150a69bb5SSascha Wildner 			error("UpdateHostkeys is disabled because the host "
138250a69bb5SSascha Wildner 			    "key is not trusted.");
138350a69bb5SSascha Wildner 			options.update_hostkeys = 0;
138450a69bb5SSascha Wildner 		}
138518de8d7fSPeter Avalos 		if (options.exit_on_forward_failure && cancelled_forwarding)
138618de8d7fSPeter Avalos 			fatal("Error: forwarding disabled due to host key "
138718de8d7fSPeter Avalos 			    "check failure");
138818de8d7fSPeter Avalos 
138918de8d7fSPeter Avalos 		/*
139018de8d7fSPeter Avalos 		 * XXX Should permit the user to change to use the new id.
139118de8d7fSPeter Avalos 		 * This could be done by converting the host key to an
139218de8d7fSPeter Avalos 		 * identifying sentence, tell that the host identifies itself
139350a69bb5SSascha Wildner 		 * by that sentence, and ask the user if they wish to
139418de8d7fSPeter Avalos 		 * accept the authentication.
139518de8d7fSPeter Avalos 		 */
139618de8d7fSPeter Avalos 		break;
139718de8d7fSPeter Avalos 	case HOST_FOUND:
139818de8d7fSPeter Avalos 		fatal("internal error");
139918de8d7fSPeter Avalos 		break;
140018de8d7fSPeter Avalos 	}
140118de8d7fSPeter Avalos 
140218de8d7fSPeter Avalos 	if (options.check_host_ip && host_status != HOST_CHANGED &&
140318de8d7fSPeter Avalos 	    ip_status == HOST_CHANGED) {
140418de8d7fSPeter Avalos 		snprintf(msg, sizeof(msg),
140518de8d7fSPeter Avalos 		    "Warning: the %s host key for '%.200s' "
140618de8d7fSPeter Avalos 		    "differs from the key for the IP address '%.128s'"
14079f304aafSPeter Avalos 		    "\nOffending key for IP in %s:%lu",
14089f304aafSPeter Avalos 		    type, host, ip, ip_found->file, ip_found->line);
140918de8d7fSPeter Avalos 		if (host_status == HOST_OK) {
141018de8d7fSPeter Avalos 			len = strlen(msg);
141118de8d7fSPeter Avalos 			snprintf(msg + len, sizeof(msg) - len,
14129f304aafSPeter Avalos 			    "\nMatching host key in %s:%lu",
14139f304aafSPeter Avalos 			    host_found->file, host_found->line);
141418de8d7fSPeter Avalos 		}
1415ce74bacaSMatthew Dillon 		if (options.strict_host_key_checking ==
1416ce74bacaSMatthew Dillon 		    SSH_STRICT_HOSTKEY_ASK) {
141718de8d7fSPeter Avalos 			strlcat(msg, "\nAre you sure you want "
141818de8d7fSPeter Avalos 			    "to continue connecting (yes/no)? ", sizeof(msg));
1419664f4763Szrj 			if (!confirm(msg, NULL))
142018de8d7fSPeter Avalos 				goto fail;
1421ce74bacaSMatthew Dillon 		} else if (options.strict_host_key_checking !=
1422ce74bacaSMatthew Dillon 		    SSH_STRICT_HOSTKEY_OFF) {
1423ce74bacaSMatthew Dillon 			logit("%s", msg);
1424ce74bacaSMatthew Dillon 			error("Exiting, you have requested strict checking.");
1425ce74bacaSMatthew Dillon 			goto fail;
142618de8d7fSPeter Avalos 		} else {
142718de8d7fSPeter Avalos 			logit("%s", msg);
142818de8d7fSPeter Avalos 		}
142918de8d7fSPeter Avalos 	}
143018de8d7fSPeter Avalos 
1431e9778795SPeter Avalos 	if (!hostkey_trusted && options.update_hostkeys) {
143250a69bb5SSascha Wildner 		debug_f("hostkey not known or explicitly trusted: "
143350a69bb5SSascha Wildner 		    "disabling UpdateHostkeys");
1434e9778795SPeter Avalos 		options.update_hostkeys = 0;
1435e9778795SPeter Avalos 	}
1436e9778795SPeter Avalos 
143736e94dc5SPeter Avalos 	free(ip);
143836e94dc5SPeter Avalos 	free(host);
14399f304aafSPeter Avalos 	if (host_hostkeys != NULL)
14409f304aafSPeter Avalos 		free_hostkeys(host_hostkeys);
14419f304aafSPeter Avalos 	if (ip_hostkeys != NULL)
14429f304aafSPeter Avalos 		free_hostkeys(ip_hostkeys);
144318de8d7fSPeter Avalos 	return 0;
144418de8d7fSPeter Avalos 
144518de8d7fSPeter Avalos fail:
1446856ea928SPeter Avalos 	if (want_cert && host_status != HOST_REVOKED) {
1447856ea928SPeter Avalos 		/*
1448856ea928SPeter Avalos 		 * No matching certificate. Downgrade cert to raw key and
1449856ea928SPeter Avalos 		 * search normally.
1450856ea928SPeter Avalos 		 */
1451856ea928SPeter Avalos 		debug("No matching CA found. Retry with plain key");
1452ce74bacaSMatthew Dillon 		if ((r = sshkey_from_private(host_key, &raw_key)) != 0)
145350a69bb5SSascha Wildner 			fatal_fr(r, "decode key");
1454ce74bacaSMatthew Dillon 		if ((r = sshkey_drop_cert(raw_key)) != 0)
145550a69bb5SSascha Wildner 			fatal_r(r, "Couldn't drop certificate");
1456856ea928SPeter Avalos 		host_key = raw_key;
1457856ea928SPeter Avalos 		goto retry;
1458856ea928SPeter Avalos 	}
1459ce74bacaSMatthew Dillon 	sshkey_free(raw_key);
146036e94dc5SPeter Avalos 	free(ip);
146136e94dc5SPeter Avalos 	free(host);
14629f304aafSPeter Avalos 	if (host_hostkeys != NULL)
14639f304aafSPeter Avalos 		free_hostkeys(host_hostkeys);
14649f304aafSPeter Avalos 	if (ip_hostkeys != NULL)
14659f304aafSPeter Avalos 		free_hostkeys(ip_hostkeys);
146618de8d7fSPeter Avalos 	return -1;
146718de8d7fSPeter Avalos }
146818de8d7fSPeter Avalos 
146918de8d7fSPeter Avalos /* returns 0 if key verifies or -1 if key does NOT verify */
147018de8d7fSPeter Avalos int
verify_host_key(char * host,struct sockaddr * hostaddr,struct sshkey * host_key,const struct ssh_conn_info * cinfo)147150a69bb5SSascha Wildner verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
147250a69bb5SSascha Wildner     const struct ssh_conn_info *cinfo)
147318de8d7fSPeter Avalos {
1474e9778795SPeter Avalos 	u_int i;
147536e94dc5SPeter Avalos 	int r = -1, flags = 0;
1476e9778795SPeter Avalos 	char valid[64], *fp = NULL, *cafp = NULL;
1477e9778795SPeter Avalos 	struct sshkey *plain = NULL;
14789f304aafSPeter Avalos 
1479e9778795SPeter Avalos 	if ((fp = sshkey_fingerprint(host_key,
1480e9778795SPeter Avalos 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
148150a69bb5SSascha Wildner 		error_fr(r, "fingerprint host key");
1482e9778795SPeter Avalos 		r = -1;
1483e9778795SPeter Avalos 		goto out;
1484e9778795SPeter Avalos 	}
148518de8d7fSPeter Avalos 
1486e9778795SPeter Avalos 	if (sshkey_is_cert(host_key)) {
1487e9778795SPeter Avalos 		if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
1488e9778795SPeter Avalos 		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
148950a69bb5SSascha Wildner 			error_fr(r, "fingerprint CA key");
1490e9778795SPeter Avalos 			r = -1;
1491e9778795SPeter Avalos 			goto out;
1492e9778795SPeter Avalos 		}
1493e9778795SPeter Avalos 		sshkey_format_cert_validity(host_key->cert,
1494e9778795SPeter Avalos 		    valid, sizeof(valid));
1495e9778795SPeter Avalos 		debug("Server host certificate: %s %s, serial %llu "
1496e9778795SPeter Avalos 		    "ID \"%s\" CA %s %s valid %s",
1497e9778795SPeter Avalos 		    sshkey_ssh_name(host_key), fp,
1498e9778795SPeter Avalos 		    (unsigned long long)host_key->cert->serial,
1499e9778795SPeter Avalos 		    host_key->cert->key_id,
1500e9778795SPeter Avalos 		    sshkey_ssh_name(host_key->cert->signature_key), cafp,
1501e9778795SPeter Avalos 		    valid);
1502e9778795SPeter Avalos 		for (i = 0; i < host_key->cert->nprincipals; i++) {
1503e9778795SPeter Avalos 			debug2("Server host certificate hostname: %s",
1504e9778795SPeter Avalos 			    host_key->cert->principals[i]);
1505e9778795SPeter Avalos 		}
1506e9778795SPeter Avalos 	} else {
1507ce74bacaSMatthew Dillon 		debug("Server host key: %s %s", sshkey_ssh_name(host_key), fp);
1508e9778795SPeter Avalos 	}
1509e9778795SPeter Avalos 
1510e9778795SPeter Avalos 	if (sshkey_equal(previous_host_key, host_key)) {
151150a69bb5SSascha Wildner 		debug2_f("server host key %s %s matches cached key",
151250a69bb5SSascha Wildner 		    sshkey_type(host_key), fp);
1513e9778795SPeter Avalos 		r = 0;
1514e9778795SPeter Avalos 		goto out;
1515e9778795SPeter Avalos 	}
1516e9778795SPeter Avalos 
1517e9778795SPeter Avalos 	/* Check in RevokedHostKeys file if specified */
1518e9778795SPeter Avalos 	if (options.revoked_host_keys != NULL) {
1519e9778795SPeter Avalos 		r = sshkey_check_revoked(host_key, options.revoked_host_keys);
1520e9778795SPeter Avalos 		switch (r) {
1521e9778795SPeter Avalos 		case 0:
1522e9778795SPeter Avalos 			break; /* not revoked */
1523e9778795SPeter Avalos 		case SSH_ERR_KEY_REVOKED:
1524e9778795SPeter Avalos 			error("Host key %s %s revoked by file %s",
1525e9778795SPeter Avalos 			    sshkey_type(host_key), fp,
1526e9778795SPeter Avalos 			    options.revoked_host_keys);
1527e9778795SPeter Avalos 			r = -1;
1528e9778795SPeter Avalos 			goto out;
1529e9778795SPeter Avalos 		default:
153050a69bb5SSascha Wildner 			error_r(r, "Error checking host key %s %s in "
153150a69bb5SSascha Wildner 			    "revoked keys file %s", sshkey_type(host_key),
153250a69bb5SSascha Wildner 			    fp, options.revoked_host_keys);
1533e9778795SPeter Avalos 			r = -1;
1534e9778795SPeter Avalos 			goto out;
1535e9778795SPeter Avalos 		}
153636e94dc5SPeter Avalos 	}
153736e94dc5SPeter Avalos 
153836e94dc5SPeter Avalos 	if (options.verify_host_key_dns) {
153936e94dc5SPeter Avalos 		/*
154036e94dc5SPeter Avalos 		 * XXX certs are not yet supported for DNS, so downgrade
154136e94dc5SPeter Avalos 		 * them and try the plain key.
154236e94dc5SPeter Avalos 		 */
1543e9778795SPeter Avalos 		if ((r = sshkey_from_private(host_key, &plain)) != 0)
1544e9778795SPeter Avalos 			goto out;
1545e9778795SPeter Avalos 		if (sshkey_is_cert(plain))
1546e9778795SPeter Avalos 			sshkey_drop_cert(plain);
154736e94dc5SPeter Avalos 		if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
154818de8d7fSPeter Avalos 			if (flags & DNS_VERIFY_FOUND) {
154918de8d7fSPeter Avalos 				if (options.verify_host_key_dns == 1 &&
155018de8d7fSPeter Avalos 				    flags & DNS_VERIFY_MATCH &&
155136e94dc5SPeter Avalos 				    flags & DNS_VERIFY_SECURE) {
155236e94dc5SPeter Avalos 					r = 0;
1553e9778795SPeter Avalos 					goto out;
155436e94dc5SPeter Avalos 				}
155518de8d7fSPeter Avalos 				if (flags & DNS_VERIFY_MATCH) {
155618de8d7fSPeter Avalos 					matching_host_key_dns = 1;
155718de8d7fSPeter Avalos 				} else {
155836e94dc5SPeter Avalos 					warn_changed_key(plain);
155936e94dc5SPeter Avalos 					error("Update the SSHFP RR in DNS "
156036e94dc5SPeter Avalos 					    "with the new host key to get rid "
156136e94dc5SPeter Avalos 					    "of this message.");
156218de8d7fSPeter Avalos 				}
156318de8d7fSPeter Avalos 			}
156418de8d7fSPeter Avalos 		}
156536e94dc5SPeter Avalos 	}
156650a69bb5SSascha Wildner 	r = check_host_key(host, cinfo, hostaddr, options.port, host_key,
156750a69bb5SSascha Wildner 	    RDRW, 0, options.user_hostfiles, options.num_user_hostfiles,
156850a69bb5SSascha Wildner 	    options.system_hostfiles, options.num_system_hostfiles,
156950a69bb5SSascha Wildner 	    options.known_hosts_command);
157036e94dc5SPeter Avalos 
1571e9778795SPeter Avalos out:
1572e9778795SPeter Avalos 	sshkey_free(plain);
1573e9778795SPeter Avalos 	free(fp);
1574e9778795SPeter Avalos 	free(cafp);
157536e94dc5SPeter Avalos 	if (r == 0 && host_key != NULL) {
1576ce74bacaSMatthew Dillon 		sshkey_free(previous_host_key);
1577ce74bacaSMatthew Dillon 		r = sshkey_from_private(host_key, &previous_host_key);
157836e94dc5SPeter Avalos 	}
157936e94dc5SPeter Avalos 
158036e94dc5SPeter Avalos 	return r;
158118de8d7fSPeter Avalos }
158218de8d7fSPeter Avalos 
158318de8d7fSPeter Avalos /*
158418de8d7fSPeter Avalos  * Starts a dialog with the server, and authenticates the current user on the
158518de8d7fSPeter Avalos  * server.  This does not need any extra privileges.  The basic connection
158618de8d7fSPeter Avalos  * to the server must already have been established before this is called.
158718de8d7fSPeter Avalos  * If login fails, this function prints an error and never returns.
158818de8d7fSPeter Avalos  * This function does not require super-user privileges.
158918de8d7fSPeter Avalos  */
159018de8d7fSPeter Avalos void
ssh_login(struct ssh * ssh,Sensitive * sensitive,const char * orighost,struct sockaddr * hostaddr,u_short port,struct passwd * pw,int timeout_ms,const struct ssh_conn_info * cinfo)1591664f4763Szrj ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
159250a69bb5SSascha Wildner     struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms,
159350a69bb5SSascha Wildner     const struct ssh_conn_info *cinfo)
159418de8d7fSPeter Avalos {
159536e94dc5SPeter Avalos 	char *host;
159618de8d7fSPeter Avalos 	char *server_user, *local_user;
15970cbfa66cSDaniel Fojt 	int r;
159818de8d7fSPeter Avalos 
159918de8d7fSPeter Avalos 	local_user = xstrdup(pw->pw_name);
160018de8d7fSPeter Avalos 	server_user = options.user ? options.user : local_user;
160118de8d7fSPeter Avalos 
160218de8d7fSPeter Avalos 	/* Convert the user-supplied hostname into all lowercase. */
160318de8d7fSPeter Avalos 	host = xstrdup(orighost);
160436e94dc5SPeter Avalos 	lowercase(host);
160518de8d7fSPeter Avalos 
160618de8d7fSPeter Avalos 	/* Exchange protocol version identification strings with the server. */
16070cbfa66cSDaniel Fojt 	if ((r = kex_exchange_identification(ssh, timeout_ms, NULL)) != 0)
16080cbfa66cSDaniel Fojt 		sshpkt_fatal(ssh, r, "banner exchange");
160918de8d7fSPeter Avalos 
161018de8d7fSPeter Avalos 	/* Put the connection into non-blocking mode. */
1611664f4763Szrj 	ssh_packet_set_nonblocking(ssh);
161218de8d7fSPeter Avalos 
161318de8d7fSPeter Avalos 	/* key exchange */
161418de8d7fSPeter Avalos 	/* authenticate user */
1615e9778795SPeter Avalos 	debug("Authenticating to %s:%d as '%s'", host, port, server_user);
161650a69bb5SSascha Wildner 	ssh_kex2(ssh, host, hostaddr, port, cinfo);
1617664f4763Szrj 	ssh_userauth2(ssh, local_user, server_user, host, sensitive);
161836e94dc5SPeter Avalos 	free(local_user);
16190cbfa66cSDaniel Fojt 	free(host);
162018de8d7fSPeter Avalos }
162118de8d7fSPeter Avalos 
162218de8d7fSPeter Avalos /* print all known host keys for a given host, but skip keys of given type */
162318de8d7fSPeter Avalos static int
show_other_keys(struct hostkeys * hostkeys,struct sshkey * key)1624ce74bacaSMatthew Dillon show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
162518de8d7fSPeter Avalos {
162636e94dc5SPeter Avalos 	int type[] = {
162736e94dc5SPeter Avalos 		KEY_RSA,
1628*ba1276acSMatthew Dillon #ifdef WITH_DSA
162936e94dc5SPeter Avalos 		KEY_DSA,
1630*ba1276acSMatthew Dillon #endif
163136e94dc5SPeter Avalos 		KEY_ECDSA,
163236e94dc5SPeter Avalos 		KEY_ED25519,
1633664f4763Szrj 		KEY_XMSS,
163436e94dc5SPeter Avalos 		-1
163536e94dc5SPeter Avalos 	};
16369f304aafSPeter Avalos 	int i, ret = 0;
16379f304aafSPeter Avalos 	char *fp, *ra;
16389f304aafSPeter Avalos 	const struct hostkey_entry *found;
163918de8d7fSPeter Avalos 
164018de8d7fSPeter Avalos 	for (i = 0; type[i] != -1; i++) {
164118de8d7fSPeter Avalos 		if (type[i] == key->type)
164218de8d7fSPeter Avalos 			continue;
164350a69bb5SSascha Wildner 		if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i],
164450a69bb5SSascha Wildner 		    -1, &found))
164518de8d7fSPeter Avalos 			continue;
1646e9778795SPeter Avalos 		fp = sshkey_fingerprint(found->key,
1647e9778795SPeter Avalos 		    options.fingerprint_hash, SSH_FP_DEFAULT);
1648e9778795SPeter Avalos 		ra = sshkey_fingerprint(found->key,
1649e9778795SPeter Avalos 		    options.fingerprint_hash, SSH_FP_RANDOMART);
1650e9778795SPeter Avalos 		if (fp == NULL || ra == NULL)
165150a69bb5SSascha Wildner 			fatal_f("sshkey_fingerprint fail");
16529f304aafSPeter Avalos 		logit("WARNING: %s key found for host %s\n"
16539f304aafSPeter Avalos 		    "in %s:%lu\n"
16549f304aafSPeter Avalos 		    "%s key fingerprint %s.",
1655664f4763Szrj 		    sshkey_type(found->key),
16569f304aafSPeter Avalos 		    found->host, found->file, found->line,
1657664f4763Szrj 		    sshkey_type(found->key), fp);
16589f304aafSPeter Avalos 		if (options.visual_host_key)
16599f304aafSPeter Avalos 			logit("%s", ra);
166036e94dc5SPeter Avalos 		free(ra);
166136e94dc5SPeter Avalos 		free(fp);
16629f304aafSPeter Avalos 		ret = 1;
166318de8d7fSPeter Avalos 	}
16649f304aafSPeter Avalos 	return ret;
166518de8d7fSPeter Avalos }
166618de8d7fSPeter Avalos 
166718de8d7fSPeter Avalos static void
warn_changed_key(struct sshkey * host_key)1668ce74bacaSMatthew Dillon warn_changed_key(struct sshkey *host_key)
166918de8d7fSPeter Avalos {
167018de8d7fSPeter Avalos 	char *fp;
167118de8d7fSPeter Avalos 
1672e9778795SPeter Avalos 	fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
1673e9778795SPeter Avalos 	    SSH_FP_DEFAULT);
1674e9778795SPeter Avalos 	if (fp == NULL)
167550a69bb5SSascha Wildner 		fatal_f("sshkey_fingerprint fail");
167618de8d7fSPeter Avalos 
167718de8d7fSPeter Avalos 	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
167818de8d7fSPeter Avalos 	error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
167918de8d7fSPeter Avalos 	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
168018de8d7fSPeter Avalos 	error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
168118de8d7fSPeter Avalos 	error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
16829f304aafSPeter Avalos 	error("It is also possible that a host key has just been changed.");
168318de8d7fSPeter Avalos 	error("The fingerprint for the %s key sent by the remote host is\n%s.",
1684664f4763Szrj 	    sshkey_type(host_key), fp);
168518de8d7fSPeter Avalos 	error("Please contact your system administrator.");
168618de8d7fSPeter Avalos 
168736e94dc5SPeter Avalos 	free(fp);
168818de8d7fSPeter Avalos }
168918de8d7fSPeter Avalos 
169018de8d7fSPeter Avalos /*
169118de8d7fSPeter Avalos  * Execute a local command
169218de8d7fSPeter Avalos  */
169318de8d7fSPeter Avalos int
ssh_local_cmd(const char * args)169418de8d7fSPeter Avalos ssh_local_cmd(const char *args)
169518de8d7fSPeter Avalos {
169618de8d7fSPeter Avalos 	char *shell;
169718de8d7fSPeter Avalos 	pid_t pid;
169818de8d7fSPeter Avalos 	int status;
16999f304aafSPeter Avalos 	void (*osighand)(int);
170018de8d7fSPeter Avalos 
170118de8d7fSPeter Avalos 	if (!options.permit_local_command ||
170218de8d7fSPeter Avalos 	    args == NULL || !*args)
170318de8d7fSPeter Avalos 		return (1);
170418de8d7fSPeter Avalos 
17059f304aafSPeter Avalos 	if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
170618de8d7fSPeter Avalos 		shell = _PATH_BSHELL;
170718de8d7fSPeter Avalos 
17080cbfa66cSDaniel Fojt 	osighand = ssh_signal(SIGCHLD, SIG_DFL);
170918de8d7fSPeter Avalos 	pid = fork();
171018de8d7fSPeter Avalos 	if (pid == 0) {
17110cbfa66cSDaniel Fojt 		ssh_signal(SIGPIPE, SIG_DFL);
171218de8d7fSPeter Avalos 		debug3("Executing %s -c \"%s\"", shell, args);
171318de8d7fSPeter Avalos 		execl(shell, shell, "-c", args, (char *)NULL);
171418de8d7fSPeter Avalos 		error("Couldn't execute %s -c \"%s\": %s",
171518de8d7fSPeter Avalos 		    shell, args, strerror(errno));
171618de8d7fSPeter Avalos 		_exit(1);
171718de8d7fSPeter Avalos 	} else if (pid == -1)
171818de8d7fSPeter Avalos 		fatal("fork failed: %.100s", strerror(errno));
171918de8d7fSPeter Avalos 	while (waitpid(pid, &status, 0) == -1)
172018de8d7fSPeter Avalos 		if (errno != EINTR)
172118de8d7fSPeter Avalos 			fatal("Couldn't wait for child: %s", strerror(errno));
17220cbfa66cSDaniel Fojt 	ssh_signal(SIGCHLD, osighand);
172318de8d7fSPeter Avalos 
172418de8d7fSPeter Avalos 	if (!WIFEXITED(status))
172518de8d7fSPeter Avalos 		return (1);
172618de8d7fSPeter Avalos 
172718de8d7fSPeter Avalos 	return (WEXITSTATUS(status));
172818de8d7fSPeter Avalos }
1729e9778795SPeter Avalos 
1730e9778795SPeter Avalos void
maybe_add_key_to_agent(const char * authfile,struct sshkey * private,const char * comment,const char * passphrase)17310cbfa66cSDaniel Fojt maybe_add_key_to_agent(const char *authfile, struct sshkey *private,
17320cbfa66cSDaniel Fojt     const char *comment, const char *passphrase)
1733e9778795SPeter Avalos {
1734e9778795SPeter Avalos 	int auth_sock = -1, r;
17350cbfa66cSDaniel Fojt 	const char *skprovider = NULL;
1736e9778795SPeter Avalos 
1737e9778795SPeter Avalos 	if (options.add_keys_to_agent == 0)
1738e9778795SPeter Avalos 		return;
1739e9778795SPeter Avalos 
1740e9778795SPeter Avalos 	if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
1741e9778795SPeter Avalos 		debug3("no authentication agent, not adding key");
1742e9778795SPeter Avalos 		return;
1743e9778795SPeter Avalos 	}
1744e9778795SPeter Avalos 
1745e9778795SPeter Avalos 	if (options.add_keys_to_agent == 2 &&
1746e9778795SPeter Avalos 	    !ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
1747e9778795SPeter Avalos 		debug3("user denied adding this key");
1748ce74bacaSMatthew Dillon 		close(auth_sock);
1749e9778795SPeter Avalos 		return;
1750e9778795SPeter Avalos 	}
17510cbfa66cSDaniel Fojt 	if (sshkey_is_sk(private))
17520cbfa66cSDaniel Fojt 		skprovider = options.sk_provider;
17530cbfa66cSDaniel Fojt 	if ((r = ssh_add_identity_constrained(auth_sock, private,
175450a69bb5SSascha Wildner 	    comment == NULL ? authfile : comment,
175550a69bb5SSascha Wildner 	    options.add_keys_to_agent_lifespan,
1756ee116499SAntonio Huete Jimenez 	    (options.add_keys_to_agent == 3), 0, skprovider, NULL, 0)) == 0)
1757e9778795SPeter Avalos 		debug("identity added to agent: %s", authfile);
1758e9778795SPeter Avalos 	else
1759e9778795SPeter Avalos 		debug("could not add identity to agent: %s (%d)", authfile, r);
1760ce74bacaSMatthew Dillon 	close(auth_sock);
1761e9778795SPeter Avalos }
1762