diff options
author | Darren Tucker <dtucker@zip.com.au> | 2006-07-10 15:04:19 +0200 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2006-07-10 15:04:19 +0200 |
commit | da3455356100dbcb5d1ff9f0556386ca5f788795 (patch) | |
tree | 013d0f5e5bca486e4e72387d94980fc81d402a50 | |
parent | - djm@cvs.openbsd.org 2006/07/10 12:08:08 (diff) | |
download | openssh-da3455356100dbcb5d1ff9f0556386ca5f788795.tar.xz openssh-da3455356100dbcb5d1ff9f0556386ca5f788795.zip |
- dtucker@cvs.openbsd.org 2006/07/10 12:46:51
[misc.c misc.h sshd.8 sshconnect.c]
Add port identifier to known_hosts for non-default ports, based originally
on a patch from Devin Nate in bz#910.
For any connection using the default port or using a HostKeyAlias the
format is unchanged, otherwise the host name or address is enclosed
within square brackets in the same format as sshd's ListenAddress.
Tested by many, ok markus@.
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | misc.c | 20 | ||||
-rw-r--r-- | misc.h | 3 | ||||
-rw-r--r-- | sshconnect.c | 25 | ||||
-rw-r--r-- | sshd.8 | 9 |
5 files changed, 53 insertions, 14 deletions
@@ -96,6 +96,14 @@ [channels.c] fix misparsing of SOCKS 5 packets that could result in a crash; reported by mk@ ok markus@ + - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 + [misc.c misc.h sshd.8 sshconnect.c] + Add port identifier to known_hosts for non-default ports, based originally + on a patch from Devin Nate in bz#910. + For any connection using the default port or using a HostKeyAlias the + format is unchanged, otherwise the host name or address is enclosed + within square brackets in the same format as sshd's ListenAddress. + Tested by many, ok markus@. 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when @@ -4829,4 +4837,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4383 2006/07/10 12:21:02 djm Exp $ +$Id: ChangeLog,v 1.4384 2006/07/10 13:04:19 dtucker Exp $ @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.55 2006/07/09 15:15:10 stevesk Exp $ */ +/* $OpenBSD: misc.c,v 1.56 2006/07/10 12:46:51 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -45,6 +45,7 @@ #include "misc.h" #include "log.h" #include "xmalloc.h" +#include "ssh.h" /* remove newline at end of string */ char * @@ -337,6 +338,23 @@ convtime(const char *s) } /* + * Returns a standardized host+port identifier string. + * Caller must free returned string. + */ +char * +put_host_port(const char *host, u_short port) +{ + char *hoststr; + + if (port == 0 || port == SSH_DEFAULT_PORT) + return(xstrdup(host)); + if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) + fatal("put_host_port: asprintf: %s", strerror(errno)); + debug3("put_host_port: %s", hoststr); + return hoststr; +} + +/* * Search for next delimiter between hostnames/addresses and ports. * Argument may be modified (for termination). * Returns *cp if parsing succeeds. @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.32 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: misc.h,v 1.33 2006/07/10 12:46:51 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -28,6 +28,7 @@ int unset_nonblock(int); void set_nodelay(int); int a2port(const char *); int a2tun(const char *, int *); +char *put_host_port(const char *, u_short); char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); diff --git a/sshconnect.c b/sshconnect.c index 3bc455eb4..f8450eadf 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.188 2006/07/06 16:03:53 stevesk Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.189 2006/07/10 12:46:51 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -514,12 +514,12 @@ confirm(const char *prompt) * is not valid. the user_hostfile will not be updated if 'readonly' is true. */ static int -check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, +check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key, int readonly, const char *user_hostfile, const char *system_hostfile) { Key *file_key; const char *type = key_type(host_key); - char *ip = NULL; + char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp; HostStatus host_status; HostStatus ip_status; @@ -570,7 +570,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) fatal("check_host_key: getnameinfo failed"); - ip = xstrdup(ntop); + ip = put_host_port(ntop, options.port); } else { ip = xstrdup("<no hostip for proxy command>"); } @@ -578,18 +578,21 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, * Turn off check_host_ip if the connection is to localhost, via proxy * command or if we don't have a hostname to compare with */ - if (options.check_host_ip && - (local || strcmp(host, ip) == 0 || options.proxy_command != NULL)) + if (options.check_host_ip && (local || + strcmp(hostname, ip) == 0 || options.proxy_command != NULL)) options.check_host_ip = 0; /* - * Allow the user to record the key under a different name. This is - * useful for ssh tunneling over forwarded connections or if you run - * multiple sshd's on different ports on the same machine. + * Allow the user to record the key under a different name or + * differentiate a non-standard port. This is useful for ssh + * tunneling over forwarded connections or if you run multiple + * sshd's on different ports on the same machine. */ if (options.host_key_alias != NULL) { - host = options.host_key_alias; + host = xstrdup(options.host_key_alias); debug("using hostkeyalias: %s", host); + } else { + host = put_host_port(hostname, options.port); } /* @@ -851,10 +854,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, } xfree(ip); + xfree(host); return 0; fail: xfree(ip); + xfree(host); return -1; } @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.230 2006/02/24 20:31:31 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.231 2006/07/10 12:46:52 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -588,6 +588,13 @@ A pattern may also be preceded by to indicate negation: if the host name matches a negated pattern, it is not accepted (by that line) even if it matched another pattern on the line. +A hostname or address may optionally be enclosed within +.Ql \&[ +and +.Ql \&] +brackets then followed by +.Ql \&: +and and a non-standard port number. .Pp Alternately, hostnames may be stored in a hashed form which hides host names and addresses should the file's contents be disclosed. |