-/* $OpenBSD: ssh.c,v 1.545 2020/12/20 23:38:00 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.546 2020/12/20 23:40:19 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
}
}
-#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \
- "C", cinfo->conn_hash_hex, \
- "L", cinfo->shorthost, \
- "i", cinfo->uidstr, \
- "k", cinfo->keyalias, \
- "l", cinfo->thishost, \
- "n", cinfo->host_arg, \
- "p", cinfo->portstr
-
/*
* Expands the set of percent_expand options used by the majority of keywords
* in the client that support percent expansion.
const struct ssh_conn_info *cinfo)
{
return percent_expand(str,
- /* values from statics above */
- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
- /* values from arguments */
- "d", cinfo->homedir,
- "h", cinfo->remhost,
- "r", cinfo->remuser,
- "u", cinfo->locuser,
+ DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
(char *)NULL);
}
char *ret;
ret = percent_dollar_expand(str,
- /* values from statics above */
- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
- /* values from arguments */
- "d", cinfo->homedir,
- "h", cinfo->remhost,
- "r", cinfo->remuser,
- "u", cinfo->locuser,
+ DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
(char *)NULL);
if (ret == NULL)
fatal("invalid environment variable expansion");
/* Log into the remote system. Never returns if the login fails. */
ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr,
- options.port, pw, timeout_ms);
+ options.port, pw, timeout_ms, cinfo);
if (ssh_packet_connection_is_on_socket(ssh)) {
verbose("Authenticated to %s ([%s]:%d).", host,
debug3("expanding LocalCommand: %s", options.local_command);
cp = options.local_command;
options.local_command = percent_expand(cp,
- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
- "d", cinfo->homedir,
- "h", cinfo->remhost,
- "r", cinfo->remuser,
- "u", cinfo->locuser,
+ DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
"T", tun_fwd_ifname == NULL ? "NONE" : tun_fwd_ifname,
(char *)NULL);
debug3("expanded LocalCommand: %s", options.local_command);
-/* $OpenBSD: sshconnect.c,v 1.347 2020/12/20 23:38:00 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.348 2020/12/20 23:40:19 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#define RDONLY 1
#define ROQUIET 2
static int
-check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
- struct sshkey *host_key, int readonly,
+check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
+ struct sockaddr *hostaddr, u_short port,
+ struct sshkey *host_key, int readonly, int clobber_port,
char **user_hostfiles, u_int num_user_hostfiles,
char **system_hostfiles, u_int num_system_hostfiles)
{
* Prepare the hostname and address strings used for hostkey lookup.
* In some cases, these will have a port number appended.
*/
- get_hostfile_hostname_ipaddr(hostname, hostaddr, port, &host, &ip);
+ get_hostfile_hostname_ipaddr(hostname, hostaddr,
+ clobber_port ? 0 : port, &host, &ip);
/*
* Turn off check_host_ip if the connection is to localhost, via proxy
break;
case HOST_NEW:
if (options.host_key_alias == NULL && port != 0 &&
- port != SSH_DEFAULT_PORT) {
+ port != SSH_DEFAULT_PORT && !clobber_port) {
debug("checking without port identifier");
- if (check_host_key(hostname, hostaddr, 0, host_key,
- ROQUIET, user_hostfiles, num_user_hostfiles,
+ if (check_host_key(hostname, cinfo, hostaddr, 0,
+ host_key, ROQUIET, 1,
+ user_hostfiles, num_user_hostfiles,
system_hostfiles, num_system_hostfiles) == 0) {
debug("found matching key w/out port");
break;
/* returns 0 if key verifies or -1 if key does NOT verify */
int
-verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
+verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
+ const struct ssh_conn_info *cinfo)
{
u_int i;
int r = -1, flags = 0;
}
}
}
- r = check_host_key(host, hostaddr, options.port, host_key, RDRW,
- options.user_hostfiles, options.num_user_hostfiles,
+ r = check_host_key(host, cinfo, hostaddr, options.port, host_key,
+ RDRW, 0, options.user_hostfiles, options.num_user_hostfiles,
options.system_hostfiles, options.num_system_hostfiles);
out:
*/
void
ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
- struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms)
+ struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms,
+ const struct ssh_conn_info *cinfo)
{
char *host;
char *server_user, *local_user;
/* key exchange */
/* authenticate user */
debug("Authenticating to %s:%d as '%s'", host, port, server_user);
- ssh_kex2(ssh, host, hostaddr, port);
+ ssh_kex2(ssh, host, hostaddr, port, cinfo);
ssh_userauth2(ssh, local_user, server_user, host, sensitive);
free(local_user);
free(host);
-/* $OpenBSD: sshconnect.h,v 1.44 2020/12/17 23:26:11 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.45 2020/12/20 23:40:19 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
struct addrinfo;
struct ssh;
+struct hostkeys;
+struct ssh_conn_info;
+
+/* default argument for client percent expansions */
+#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(conn_info) \
+ "C", conn_info->conn_hash_hex, \
+ "L", conn_info->shorthost, \
+ "i", conn_info->uidstr, \
+ "k", conn_info->keyalias, \
+ "l", conn_info->thishost, \
+ "n", conn_info->host_arg, \
+ "p", conn_info->portstr, \
+ "d", conn_info->homedir, \
+ "h", conn_info->remhost, \
+ "r", conn_info->remuser, \
+ "u", conn_info->locuser
int ssh_connect(struct ssh *, const char *, const char *,
struct addrinfo *, struct sockaddr_storage *, u_short,
void ssh_kill_proxy_command(void);
void ssh_login(struct ssh *, Sensitive *, const char *,
- struct sockaddr *, u_short, struct passwd *, int);
+ struct sockaddr *, u_short, struct passwd *, int,
+ const struct ssh_conn_info *);
-int verify_host_key(char *, struct sockaddr *, struct sshkey *);
+int verify_host_key(char *, struct sockaddr *, struct sshkey *,
+ const struct ssh_conn_info *);
void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short,
char **, char **);
-void ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short);
+void ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short,
+ const struct ssh_conn_info *);
void ssh_userauth2(struct ssh *ssh, const char *, const char *,
char *, Sensitive *);
-/* $OpenBSD: sshconnect2.c,v 1.337 2020/12/20 23:36:51 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.338 2020/12/20 23:40:19 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
u_char *session_id2 = NULL;
u_int session_id2_len = 0;
-char *xxx_host;
-struct sockaddr *xxx_hostaddr;
+static char *xxx_host;
+static struct sockaddr *xxx_hostaddr;
+static const struct ssh_conn_info *xxx_conn_info;
static int
verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
{
- if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
+ if (verify_host_key(xxx_host, xxx_hostaddr, hostkey,
+ xxx_conn_info) == -1)
fatal("Host key verification failed.");
return 0;
}
}
static char *
-order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
+order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port,
+ const struct ssh_conn_info *cinfo)
{
char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL;
char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL;
}
void
-ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
+ const struct ssh_conn_info *cinfo)
{
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
char *s, *all_key;
xxx_host = host;
xxx_hostaddr = hostaddr;
+ xxx_conn_info = cinfo;
/*
* If the user has not specified HostkeyAlgorithms, or has only
/* Query known_hosts and prefer algorithms that appear there */
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
compat_pkalg_proposal(
- order_hostkeyalgs(host, hostaddr, port));
+ order_hostkeyalgs(host, hostaddr, port, cinfo));
} else {
/* Use specified HostkeyAlgorithms exactly */
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
projects / thirdparty / openssh-portable.git / commitdiff
