Mercurial > dropbear
comparison cli-kex.c @ 849:754d7bee1068 ecc
Merge
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 08 Nov 2013 23:32:13 +0800 |
| parents | 6c69e7df3621 f4bb964c8678 |
| children | 7507b174bba0 |
comparison
equal
deleted
inserted
replaced
| 848:6c69e7df3621 | 849:754d7bee1068 |
|---|---|
| 182 ses.requirenext[0] = SSH_MSG_NEWKEYS; | 182 ses.requirenext[0] = SSH_MSG_NEWKEYS; |
| 183 ses.requirenext[1] = 0; | 183 ses.requirenext[1] = 0; |
| 184 TRACE(("leave recv_msg_kexdh_init")) | 184 TRACE(("leave recv_msg_kexdh_init")) |
| 185 } | 185 } |
| 186 | 186 |
| 187 static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen) { | 187 static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen, |
| 188 const char* algoname) { | |
| 188 | 189 |
| 189 char* fp = NULL; | 190 char* fp = NULL; |
| 190 FILE *tty = NULL; | 191 FILE *tty = NULL; |
| 191 char response = 'z'; | 192 char response = 'z'; |
| 192 | 193 |
| 193 fp = sign_key_fingerprint(keyblob, keybloblen); | 194 fp = sign_key_fingerprint(keyblob, keybloblen); |
| 194 if (cli_opts.always_accept_key) { | 195 if (cli_opts.always_accept_key) { |
| 195 fprintf(stderr, "\nHost '%s' key accepted unconditionally.\n(fingerprint %s)\n", | 196 fprintf(stderr, "\nHost '%s' key accepted unconditionally.\n(%s fingerprint %s)\n", |
| 196 cli_opts.remotehost, | 197 cli_opts.remotehost, |
| 198 algoname, | |
| 197 fp); | 199 fp); |
| 198 m_free(fp); | 200 m_free(fp); |
| 199 return; | 201 return; |
| 200 } | 202 } |
| 201 fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n) ", | 203 fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(%s fingerprint %s)\nDo you want to continue connecting? (y/n) ", |
| 202 cli_opts.remotehost, | 204 cli_opts.remotehost, |
| 205 algoname, | |
| 203 fp); | 206 fp); |
| 204 m_free(fp); | 207 m_free(fp); |
| 205 | 208 |
| 206 tty = fopen(_PATH_TTY, "r"); | 209 tty = fopen(_PATH_TTY, "r"); |
| 207 if (tty) { | 210 if (tty) { |
| 292 if (cli_opts.no_hostkey_check) { | 295 if (cli_opts.no_hostkey_check) { |
| 293 fprintf(stderr, "Caution, skipping hostkey check for %s\n", cli_opts.remotehost); | 296 fprintf(stderr, "Caution, skipping hostkey check for %s\n", cli_opts.remotehost); |
| 294 return; | 297 return; |
| 295 } | 298 } |
| 296 | 299 |
| 300 algoname = signkey_name_from_type(ses.newkeys->algo_hostkey, &algolen); | |
| 301 | |
| 297 hostsfile = open_known_hosts_file(&readonly); | 302 hostsfile = open_known_hosts_file(&readonly); |
| 298 if (!hostsfile) { | 303 if (!hostsfile) { |
| 299 ask_to_confirm(keyblob, keybloblen); | 304 ask_to_confirm(keyblob, keybloblen, algoname); |
| 300 /* ask_to_confirm will exit upon failure */ | 305 /* ask_to_confirm will exit upon failure */ |
| 301 return; | 306 return; |
| 302 } | 307 } |
| 303 | 308 |
| 304 line = buf_new(MAX_KNOWNHOSTS_LINE); | 309 line = buf_new(MAX_KNOWNHOSTS_LINE); |
| 305 hostlen = strlen(cli_opts.remotehost); | 310 hostlen = strlen(cli_opts.remotehost); |
| 306 algoname = signkey_name_from_type(ses.newkeys->algo_hostkey, &algolen); | |
| 307 | 311 |
| 308 do { | 312 do { |
| 309 if (buf_getline(line, hostsfile) == DROPBEAR_FAILURE) { | 313 if (buf_getline(line, hostsfile) == DROPBEAR_FAILURE) { |
| 310 TRACE(("failed reading line: prob EOF")) | 314 TRACE(("failed reading line: prob EOF")) |
| 311 break; | 315 break; |
| 354 goto out; | 358 goto out; |
| 355 } | 359 } |
| 356 | 360 |
| 357 /* The keys didn't match. eep. Note that we're "leaking" | 361 /* The keys didn't match. eep. Note that we're "leaking" |
| 358 the fingerprint strings here, but we're exiting anyway */ | 362 the fingerprint strings here, but we're exiting anyway */ |
| 359 dropbear_exit("\n\nHost key mismatch for %s !\n" | 363 dropbear_exit("\n\n%s host key mismatch for %s !\n" |
| 360 "Fingerprint is %s\n" | 364 "Fingerprint is %s\n" |
| 361 "Expected %s\n" | 365 "Expected %s\n" |
| 362 "If you know that the host key is correct you can\nremove the bad entry from ~/.ssh/known_hosts", | 366 "If you know that the host key is correct you can\nremove the bad entry from ~/.ssh/known_hosts", |
| 367 algoname, | |
| 363 cli_opts.remotehost, | 368 cli_opts.remotehost, |
| 364 sign_key_fingerprint(keyblob, keybloblen), | 369 sign_key_fingerprint(keyblob, keybloblen), |
| 365 fingerprint ? fingerprint : "UNKNOWN"); | 370 fingerprint ? fingerprint : "UNKNOWN"); |
| 366 } while (1); /* keep going 'til something happens */ | 371 } while (1); /* keep going 'til something happens */ |
| 367 | 372 |
| 368 /* Key doesn't exist yet */ | 373 /* Key doesn't exist yet */ |
| 369 ask_to_confirm(keyblob, keybloblen); | 374 ask_to_confirm(keyblob, keybloblen, algoname); |
| 370 | 375 |
| 371 /* If we get here, they said yes */ | 376 /* If we get here, they said yes */ |
| 372 | 377 |
| 373 if (readonly) { | 378 if (readonly) { |
| 374 TRACE(("readonly")) | 379 TRACE(("readonly")) |