-/* $OpenBSD: dns.c,v 1.36 2017/09/01 05:53:56 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.37 2017/09/14 04:32:21 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
free(dnskey_digest);
}
- if (*flags & DNS_VERIFY_FOUND) {
+ free(hostkey_digest); /* from sshkey_fingerprint_raw() */
+ freerrset(fingerprints);
+
+ if (*flags & DNS_VERIFY_FOUND)
if (*flags & DNS_VERIFY_MATCH)
debug("matching host key fingerprint found in DNS");
- else if (counter == fingerprints->rri_nrdatas)
- *flags |= DNS_VERIFY_MISSING;
else
debug("mismatching host key fingerprint found in DNS");
- } else
+ else
debug("no host key fingerprint found in DNS");
- free(hostkey_digest); /* from sshkey_fingerprint_raw() */
- freerrset(fingerprints);
-
return 0;
}
-/* $OpenBSD: dns.h,v 1.16 2017/09/01 05:53:56 djm Exp $ */
+/* $OpenBSD: dns.h,v 1.17 2017/09/14 04:32:21 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
#define DNS_VERIFY_FOUND 0x00000001
#define DNS_VERIFY_MATCH 0x00000002
#define DNS_VERIFY_SECURE 0x00000004
-#define DNS_VERIFY_MISSING 0x00000008
int verify_host_key_dns(const char *, struct sockaddr *,
struct sshkey *, int *);
-/* $OpenBSD: sshconnect.c,v 1.286 2017/09/12 06:32:07 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.287 2017/09/14 04:32:21 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
static int show_other_keys(struct hostkeys *, struct sshkey *);
static void warn_changed_key(struct sshkey *);
-static void warn_missing_key(struct sshkey *);
/* Expand a proxy command */
static char *
free(ra);
free(fp);
}
- if (options.verify_host_key_dns &&
- options.strict_host_key_checking &&
- !matching_host_key_dns) {
- snprintf(msg, sizeof(msg),
- "Are you sure you want to continue connecting "
- "(yes/no)? ");
- if (!confirm(msg))
- goto fail;
- msg[0] = '\0';
- }
hostkey_trusted = 1;
break;
case HOST_NEW:
if (flags & DNS_VERIFY_MATCH) {
matching_host_key_dns = 1;
} else {
- if (flags & DNS_VERIFY_MISSING) {
- warn_missing_key(plain);
- error("Add this host key to "
- "the SSHFP RR in DNS to get rid "
- "of this message.");
- } else {
- warn_changed_key(plain);
- error("Update the SSHFP RR in DNS "
- "with the new host key to get rid "
- "of this message.");
- }
+ warn_changed_key(plain);
+ error("Update the SSHFP RR in DNS "
+ "with the new host key to get rid "
+ "of this message.");
}
}
}
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that a host key has just been changed.");
error("The fingerprint for the %s key sent by the remote host is\n%s.",
- sshkey_type(host_key), fp);
+ key_type(host_key), fp);
error("Please contact your system administrator.");
free(fp);
}
-static void
-warn_missing_key(struct sshkey *host_key)
-{
- char *fp;
-
- fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
- SSH_FP_DEFAULT);
- if (fp == NULL)
- fatal("%s: sshkey_fingerprint fail", __func__);
-
- error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
- error("@ WARNING: REMOTE HOST IDENTIFICATION IS MISSING @");
- error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
- error("The fingerprint for the %s key sent by the remote host is\n%s.",
- sshkey_type(host_key), fp);
- error("Please contact your system administrator.");
-
- free(fp);
-}
/*
* Execute a local command
*/
projects / thirdparty / openssh-portable.git / commitdiff
