upstream: plumb ssh_conn_info through to sshconnect.c; feedback/ok

markus@

OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0

1 files changed, 17 insertions, 12 deletions

diff --git a/sshconnect.c b/sshconnect.c
index c17e44ae2..6e7f83430 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.347 2020/12/20 23:38:00 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.348 2020/12/20 23:40:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -873,8 +873,9 @@ other_hostkeys_message(const char *host, const char *ip,
 #define RDONLY	1
 #define ROQUIET	2
 static int
-check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
-    struct sshkey *host_key, int readonly,
+check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
+    struct sockaddr *hostaddr, u_short port,
+    struct sshkey *host_key, int readonly, int clobber_port,
     char **user_hostfiles, u_int num_user_hostfiles,
     char **system_hostfiles, u_int num_system_hostfiles)
 {
@@ -912,7 +913,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 	 * Prepare the hostname and address strings used for hostkey lookup.
 	 * In some cases, these will have a port number appended.
 	 */
-	get_hostfile_hostname_ipaddr(hostname, hostaddr, port, &host, &ip);
+	get_hostfile_hostname_ipaddr(hostname, hostaddr,
+	    clobber_port ? 0 : port, &host, &ip);
 
 	/*
 	 * Turn off check_host_ip if the connection is to localhost, via proxy
@@ -1021,10 +1023,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 		break;
 	case HOST_NEW:
 		if (options.host_key_alias == NULL && port != 0 &&
-		    port != SSH_DEFAULT_PORT) {
+		    port != SSH_DEFAULT_PORT && !clobber_port) {
 			debug("checking without port identifier");
-			if (check_host_key(hostname, hostaddr, 0, host_key,
-			    ROQUIET, user_hostfiles, num_user_hostfiles,
+			if (check_host_key(hostname, cinfo, hostaddr, 0,
+			    host_key, ROQUIET, 1,
+			    user_hostfiles, num_user_hostfiles,
 			    system_hostfiles, num_system_hostfiles) == 0) {
 				debug("found matching key w/out port");
 				break;
@@ -1338,7 +1341,8 @@ fail:
 
 /* returns 0 if key verifies or -1 if key does NOT verify */
 int
-verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
+verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
+    const struct ssh_conn_info *cinfo)
 {
 	u_int i;
 	int r = -1, flags = 0;
@@ -1432,8 +1436,8 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
 			}
 		}
 	}
-	r = check_host_key(host, hostaddr, options.port, host_key, RDRW,
-	    options.user_hostfiles, options.num_user_hostfiles,
+	r = check_host_key(host, cinfo, hostaddr, options.port, host_key,
+	    RDRW, 0, options.user_hostfiles, options.num_user_hostfiles,
 	    options.system_hostfiles, options.num_system_hostfiles);
 
 out:
@@ -1457,7 +1461,8 @@ out:
  */
 void
 ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
-    struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms)
+    struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms,
+    const struct ssh_conn_info *cinfo)
 {
 	char *host;
 	char *server_user, *local_user;
@@ -1480,7 +1485,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
 	/* key exchange */
 	/* authenticate user */
 	debug("Authenticating to %s:%d as '%s'", host, port, server_user);
-	ssh_kex2(ssh, host, hostaddr, port);
+	ssh_kex2(ssh, host, hostaddr, port, cinfo);
 	ssh_userauth2(ssh, local_user, server_user, host, sensitive);
 	free(local_user);
 	free(host);