blob: 0b33ea58b8ef7213df27945137c62c22cca73889 [file] [log] [blame]
deraadt@openbsd.org72687c82019-11-13 04:47:52 +00001/* $OpenBSD: sshconnect.c,v 1.323 2019/11/13 04:47:52 deraadt Exp $ */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10002/*
Damien Miller95def091999-11-25 00:26:21 +11003 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11006 * Code to connect to a remote host, and to perform the client side of the
7 * login (authentication) dialog.
Damien Millere4340be2000-09-16 13:29:08 +11008 *
9 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110014 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100015
16#include "includes.h"
Damien Miller9cf6d072006-03-15 11:29:24 +110017
18#include <sys/types.h>
19#include <sys/wait.h>
Damien Millerf17883e2006-03-15 11:45:54 +110020#include <sys/stat.h>
Damien Miller8ec8c3e2006-07-10 20:35:38 +100021#include <sys/socket.h>
Damien Miller9aec9192006-08-05 10:57:45 +100022#ifdef HAVE_SYS_TIME_H
23# include <sys/time.h>
24#endif
Damien Miller8ec8c3e2006-07-10 20:35:38 +100025
djm@openbsd.orgac2e3022018-02-23 02:34:33 +000026#include <net/if.h>
Damien Miller8ec8c3e2006-07-10 20:35:38 +100027#include <netinet/in.h>
Darren Tucker46aa3e02006-09-02 15:32:40 +100028#include <arpa/inet.h>
Damien Miller03e20032006-03-15 11:16:59 +110029
Damien Millerc7b06362006-03-15 11:53:45 +110030#include <ctype.h>
Darren Tucker39972492006-07-12 22:22:46 +100031#include <errno.h>
Darren Tucker6e7fe1c2010-01-08 17:07:22 +110032#include <fcntl.h>
Damien Millerb8fe89c2006-07-24 14:51:00 +100033#include <netdb.h>
Damien Miller6645e7a2006-03-15 14:42:54 +110034#ifdef HAVE_PATHS_H
Damien Miller03e20032006-03-15 11:16:59 +110035#include <paths.h>
Damien Miller6645e7a2006-03-15 14:42:54 +110036#endif
Damien Miller9f2abc42006-07-10 20:53:08 +100037#include <pwd.h>
djm@openbsd.org45404282017-06-24 05:37:44 +000038#ifdef HAVE_POLL_H
39#include <poll.h>
40#endif
Damien Miller9c0c31d2010-10-12 13:30:44 +110041#include <signal.h>
Damien Millera7a73ee2006-08-05 11:37:59 +100042#include <stdio.h>
Damien Millere7a1e5c2006-08-05 11:34:19 +100043#include <stdlib.h>
deraadt@openbsd.org72687c82019-11-13 04:47:52 +000044#include <stdarg.h>
Damien Millere3476ed2006-07-24 14:13:33 +100045#include <string.h>
Damien Millere6b3b612006-07-24 14:01:23 +100046#include <unistd.h>
Darren Tuckerb59162d2018-02-23 15:20:42 +110047#ifdef HAVE_IFADDRS_H
48# include <ifaddrs.h>
49#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +100050
Damien Millerd4a8b7e1999-10-27 13:42:43 +100051#include "xmalloc.h"
Damien Millerd7834352006-08-05 12:39:39 +100052#include "hostfile.h"
53#include "ssh.h"
markus@openbsd.orgcecee2d2018-07-09 21:03:30 +000054#include "sshbuf.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100055#include "packet.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100056#include "compat.h"
markus@openbsd.org5467fbc2018-07-11 18:53:29 +000057#include "sshkey.h"
Damien Millereba71ba2000-04-29 23:57:08 +100058#include "sshconnect.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000059#include "log.h"
Damien Miller7acefbb2014-07-18 14:11:24 +100060#include "misc.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000061#include "readconf.h"
62#include "atomicio.h"
Damien Miller37876e92003-05-15 10:19:46 +100063#include "dns.h"
Damien Miller1262b662013-08-21 02:44:24 +100064#include "monitor_fdpass.h"
Damien Miller0a80ca12010-02-27 07:55:05 +110065#include "ssh2.h"
Damien Millerb7576772006-07-10 20:23:39 +100066#include "version.h"
djm@openbsd.org5e39a492014-12-04 02:24:32 +000067#include "authfile.h"
68#include "ssherr.h"
jcs@openbsd.orgf361df42015-11-15 22:26:49 +000069#include "authfd.h"
djm@openbsd.org0a843d92018-12-27 03:25:24 +000070#include "kex.h"
Damien Miller37876e92003-05-15 10:19:46 +100071
markus@openbsd.org54d90ac2017-05-30 08:52:19 +000072struct sshkey *previous_host_key = NULL;
Damien Miller1383bd82000-04-06 12:32:37 +100073
Damien Millerc1af1d52005-11-05 15:08:57 +110074static int matching_host_key_dns = 0;
Damien Miller7392ae62003-06-11 22:05:25 +100075
Damien Millera41ccca2010-10-07 22:07:32 +110076static pid_t proxy_command_pid = 0;
77
Ben Lindstromf9c48842002-06-11 16:37:51 +000078/* import */
djm@openbsd.orgccef7c42018-11-16 06:17:38 +000079extern int debug_flag;
Damien Milleraae6c611999-12-06 11:47:28 +110080extern Options options;
Damien Miller34132e52000-01-14 15:45:46 +110081extern char *__progname;
Damien Milleraae6c611999-12-06 11:47:28 +110082
markus@openbsd.org54d90ac2017-05-30 08:52:19 +000083static int show_other_keys(struct hostkeys *, struct sshkey *);
84static void warn_changed_key(struct sshkey *);
Ben Lindstrom3ed66402002-08-01 01:21:56 +000085
Damien Miller1262b662013-08-21 02:44:24 +100086/* Expand a proxy command */
87static char *
88expand_proxy_command(const char *proxy_command, const char *user,
djm@openbsd.orgfbe24b12019-09-13 04:27:35 +000089 const char *host, const char *host_arg, int port)
Damien Miller1262b662013-08-21 02:44:24 +100090{
91 char *tmp, *ret, strport[NI_MAXSERV];
92
Damien Miller0faf7472013-10-17 11:47:23 +110093 snprintf(strport, sizeof strport, "%d", port);
Damien Miller1262b662013-08-21 02:44:24 +100094 xasprintf(&tmp, "exec %s", proxy_command);
djm@openbsd.orgfbe24b12019-09-13 04:27:35 +000095 ret = percent_expand(tmp,
96 "h", host,
97 "n", host_arg,
98 "p", strport,
99 "r", options.user,
100 (char *)NULL);
Damien Miller1262b662013-08-21 02:44:24 +1000101 free(tmp);
102 return ret;
103}
104
djm@openbsd.orgccef7c42018-11-16 06:17:38 +0000105static void
106stderr_null(void)
107{
108 int devnull;
109
110 if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
111 error("Can't open %s for stderr redirection: %s",
112 _PATH_DEVNULL, strerror(errno));
113 return;
114 }
115 if (devnull == STDERR_FILENO)
116 return;
117 if (dup2(devnull, STDERR_FILENO) == -1)
118 error("Cannot redirect stderr to %s", _PATH_DEVNULL);
119 if (devnull > STDERR_FILENO)
120 close(devnull);
121}
122
Damien Miller1262b662013-08-21 02:44:24 +1000123/*
124 * Connect to the given ssh server using a proxy command that passes a
125 * a connected fd back to us.
126 */
127static int
djm@openbsd.orgfbe24b12019-09-13 04:27:35 +0000128ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
129 const char *host_arg, u_short port, const char *proxy_command)
Damien Miller1262b662013-08-21 02:44:24 +1000130{
131 char *command_string;
132 int sp[2], sock;
133 pid_t pid;
134 char *shell;
135
136 if ((shell = getenv("SHELL")) == NULL)
137 shell = _PATH_BSHELL;
138
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000139 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) == -1)
Damien Miller1262b662013-08-21 02:44:24 +1000140 fatal("Could not create socketpair to communicate with "
141 "proxy dialer: %.100s", strerror(errno));
142
143 command_string = expand_proxy_command(proxy_command, options.user,
djm@openbsd.orgfbe24b12019-09-13 04:27:35 +0000144 host_arg, host, port);
Damien Miller1262b662013-08-21 02:44:24 +1000145 debug("Executing proxy dialer command: %.500s", command_string);
146
147 /* Fork and execute the proxy command. */
148 if ((pid = fork()) == 0) {
149 char *argv[10];
150
Damien Miller1262b662013-08-21 02:44:24 +1000151 close(sp[1]);
152 /* Redirect stdin and stdout. */
153 if (sp[0] != 0) {
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000154 if (dup2(sp[0], 0) == -1)
Damien Miller1262b662013-08-21 02:44:24 +1000155 perror("dup2 stdin");
156 }
157 if (sp[0] != 1) {
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000158 if (dup2(sp[0], 1) == -1)
Damien Miller1262b662013-08-21 02:44:24 +1000159 perror("dup2 stdout");
160 }
161 if (sp[0] >= 2)
162 close(sp[0]);
163
164 /*
djm@openbsd.orgccef7c42018-11-16 06:17:38 +0000165 * Stderr is left for non-ControlPersist connections is so
166 * error messages may be printed on the user's terminal.
Damien Miller1262b662013-08-21 02:44:24 +1000167 */
dtucker@openbsd.org7fca94e2018-11-18 22:43:29 +0000168 if (!debug_flag && options.control_path != NULL &&
169 options.control_persist)
djm@openbsd.orgccef7c42018-11-16 06:17:38 +0000170 stderr_null();
171
Damien Miller1262b662013-08-21 02:44:24 +1000172 argv[0] = shell;
173 argv[1] = "-c";
174 argv[2] = command_string;
175 argv[3] = NULL;
176
177 /*
178 * Execute the proxy command.
179 * Note that we gave up any extra privileges above.
180 */
181 execv(argv[0], argv);
182 perror(argv[0]);
183 exit(1);
184 }
185 /* Parent. */
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000186 if (pid == -1)
Damien Miller1262b662013-08-21 02:44:24 +1000187 fatal("fork failed: %.100s", strerror(errno));
188 close(sp[0]);
189 free(command_string);
190
191 if ((sock = mm_receive_fd(sp[1])) == -1)
192 fatal("proxy dialer did not pass back a connection");
markus@openbsd.orgfc77ccd2016-01-14 22:56:56 +0000193 close(sp[1]);
Damien Miller1262b662013-08-21 02:44:24 +1000194
195 while (waitpid(pid, NULL, 0) == -1)
196 if (errno != EINTR)
197 fatal("Couldn't wait for child: %s", strerror(errno));
198
199 /* Set the connection file descriptors. */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000200 if (ssh_packet_set_connection(ssh, sock, sock) == NULL)
201 return -1; /* ssh_packet_set_connection logs error */
Damien Miller1262b662013-08-21 02:44:24 +1000202
203 return 0;
204}
205
Damien Miller95def091999-11-25 00:26:21 +1100206/*
207 * Connect to the given ssh server using a proxy command.
208 */
Ben Lindstrombba81212001-06-25 05:01:22 +0000209static int
djm@openbsd.orgfbe24b12019-09-13 04:27:35 +0000210ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
211 u_short port, const char *proxy_command)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000212{
Damien Miller1262b662013-08-21 02:44:24 +1000213 char *command_string;
Damien Miller95def091999-11-25 00:26:21 +1100214 int pin[2], pout[2];
Damien Miller166fca82000-04-20 07:42:21 +1000215 pid_t pid;
Damien Miller1262b662013-08-21 02:44:24 +1000216 char *shell;
Damien Miller1d824ab2007-09-17 11:58:04 +1000217
Damien Miller38d9a962010-10-07 22:07:11 +1100218 if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
Damien Miller1d824ab2007-09-17 11:58:04 +1000219 shell = _PATH_BSHELL;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000220
Damien Miller95def091999-11-25 00:26:21 +1100221 /* Create pipes for communicating with the proxy. */
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000222 if (pipe(pin) == -1 || pipe(pout) == -1)
Damien Miller95def091999-11-25 00:26:21 +1100223 fatal("Could not create pipes to communicate with the proxy: %.100s",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100224 strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000225
Damien Miller1262b662013-08-21 02:44:24 +1000226 command_string = expand_proxy_command(proxy_command, options.user,
djm@openbsd.orgfbe24b12019-09-13 04:27:35 +0000227 host_arg, host, port);
Damien Miller95def091999-11-25 00:26:21 +1100228 debug("Executing proxy command: %.500s", command_string);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000229
Damien Miller95def091999-11-25 00:26:21 +1100230 /* Fork and execute the proxy command. */
231 if ((pid = fork()) == 0) {
232 char *argv[10];
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000233
Damien Miller95def091999-11-25 00:26:21 +1100234 /* Redirect stdin and stdout. */
235 close(pin[1]);
236 if (pin[0] != 0) {
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000237 if (dup2(pin[0], 0) == -1)
Damien Miller95def091999-11-25 00:26:21 +1100238 perror("dup2 stdin");
239 close(pin[0]);
240 }
241 close(pout[0]);
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000242 if (dup2(pout[1], 1) == -1)
Damien Miller95def091999-11-25 00:26:21 +1100243 perror("dup2 stdout");
244 /* Cannot be 1 because pin allocated two descriptors. */
245 close(pout[1]);
246
djm@openbsd.orgccef7c42018-11-16 06:17:38 +0000247 /*
248 * Stderr is left for non-ControlPersist connections is so
249 * error messages may be printed on the user's terminal.
250 */
dtucker@openbsd.org7fca94e2018-11-18 22:43:29 +0000251 if (!debug_flag && options.control_path != NULL &&
252 options.control_persist)
djm@openbsd.orgccef7c42018-11-16 06:17:38 +0000253 stderr_null();
254
Damien Miller1d824ab2007-09-17 11:58:04 +1000255 argv[0] = shell;
Damien Miller95def091999-11-25 00:26:21 +1100256 argv[1] = "-c";
257 argv[2] = command_string;
258 argv[3] = NULL;
259
260 /* Execute the proxy command. Note that we gave up any
261 extra privileges above. */
Damien Miller6fb6fd52011-01-16 23:17:45 +1100262 signal(SIGPIPE, SIG_DFL);
Kevin Stevesfcd5d602001-01-07 11:45:22 +0000263 execv(argv[0], argv);
264 perror(argv[0]);
Damien Miller95def091999-11-25 00:26:21 +1100265 exit(1);
266 }
267 /* Parent. */
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000268 if (pid == -1)
Damien Miller95def091999-11-25 00:26:21 +1100269 fatal("fork failed: %.100s", strerror(errno));
Damien Miller8c4e18a2002-09-19 12:05:02 +1000270 else
271 proxy_command_pid = pid; /* save pid to clean up later */
Damien Miller95def091999-11-25 00:26:21 +1100272
273 /* Close child side of the descriptors. */
274 close(pin[0]);
275 close(pout[1]);
276
277 /* Free the command name. */
Darren Tuckera627d422013-06-02 07:31:17 +1000278 free(command_string);
Damien Miller95def091999-11-25 00:26:21 +1100279
280 /* Set the connection file descriptors. */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000281 if (ssh_packet_set_connection(ssh, pout[0], pin[1]) == NULL)
282 return -1; /* ssh_packet_set_connection logs error */
Damien Miller95def091999-11-25 00:26:21 +1100283
Ben Lindstromf9cedb92001-08-06 21:07:11 +0000284 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000285}
286
Damien Millera41ccca2010-10-07 22:07:32 +1100287void
288ssh_kill_proxy_command(void)
289{
290 /*
291 * Send SIGHUP to proxy command if used. We don't wait() in
292 * case it hangs and instead rely on init to reap the child
293 */
294 if (proxy_command_pid > 1)
Damien Miller45fcdaa2010-10-07 22:07:58 +1100295 kill(proxy_command_pid, SIGHUP);
Damien Millera41ccca2010-10-07 22:07:32 +1100296}
297
Darren Tuckerb59162d2018-02-23 15:20:42 +1100298#ifdef HAVE_IFADDRS_H
Damien Miller95def091999-11-25 00:26:21 +1100299/*
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000300 * Search a interface address list (returned from getifaddrs(3)) for an
djm@openbsd.org001aa552018-04-10 00:10:49 +0000301 * address that matches the desired address family on the specified interface.
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000302 * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure.
303 */
304static int
305check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs,
306 struct sockaddr_storage *resultp, socklen_t *rlenp)
307{
308 struct sockaddr_in6 *sa6;
309 struct sockaddr_in *sa;
310 struct in6_addr *v6addr;
311 const struct ifaddrs *ifa;
312 int allow_local;
313
314 /*
315 * Prefer addresses that are not loopback or linklocal, but use them
316 * if nothing else matches.
317 */
318 for (allow_local = 0; allow_local < 2; allow_local++) {
319 for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
320 if (ifa->ifa_addr == NULL || ifa->ifa_name == NULL ||
321 (ifa->ifa_flags & IFF_UP) == 0 ||
322 ifa->ifa_addr->sa_family != af ||
323 strcmp(ifa->ifa_name, options.bind_interface) != 0)
324 continue;
325 switch (ifa->ifa_addr->sa_family) {
326 case AF_INET:
327 sa = (struct sockaddr_in *)ifa->ifa_addr;
328 if (!allow_local && sa->sin_addr.s_addr ==
329 htonl(INADDR_LOOPBACK))
330 continue;
331 if (*rlenp < sizeof(struct sockaddr_in)) {
332 error("%s: v4 addr doesn't fit",
333 __func__);
334 return -1;
335 }
336 *rlenp = sizeof(struct sockaddr_in);
337 memcpy(resultp, sa, *rlenp);
338 return 0;
339 case AF_INET6:
340 sa6 = (struct sockaddr_in6 *)ifa->ifa_addr;
341 v6addr = &sa6->sin6_addr;
342 if (!allow_local &&
343 (IN6_IS_ADDR_LINKLOCAL(v6addr) ||
344 IN6_IS_ADDR_LOOPBACK(v6addr)))
345 continue;
346 if (*rlenp < sizeof(struct sockaddr_in6)) {
347 error("%s: v6 addr doesn't fit",
348 __func__);
349 return -1;
350 }
351 *rlenp = sizeof(struct sockaddr_in6);
352 memcpy(resultp, sa6, *rlenp);
353 return 0;
354 }
355 }
356 }
357 return -1;
358}
Darren Tuckerb59162d2018-02-23 15:20:42 +1100359#endif
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000360
361/*
dtucker@openbsd.org3ba6e682018-07-19 23:03:16 +0000362 * Creates a socket for use as the ssh connection.
Damien Miller95def091999-11-25 00:26:21 +1100363 */
Ben Lindstrombba81212001-06-25 05:01:22 +0000364static int
dtucker@openbsd.org95d41e92018-07-19 10:28:47 +0000365ssh_create_socket(struct addrinfo *ai)
Damien Miller95def091999-11-25 00:26:21 +1100366{
dtucker@openbsd.org258dc8b2018-07-18 11:34:04 +0000367 int sock, r;
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000368 struct sockaddr_storage bindaddr;
369 socklen_t bindaddrlen = 0;
Damien Millerd1a7a9c2014-02-07 09:24:33 +1100370 struct addrinfo hints, *res = NULL;
Darren Tuckerb59162d2018-02-23 15:20:42 +1100371#ifdef HAVE_IFADDRS_H
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000372 struct ifaddrs *ifaddrs = NULL;
Darren Tuckerb59162d2018-02-23 15:20:42 +1100373#endif
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000374 char ntop[NI_MAXHOST];
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000375
Darren Tucker7bd98e72010-01-10 10:31:12 +1100376 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000377 if (sock == -1) {
Darren Tuckere6e52f82013-10-10 10:28:07 +1100378 error("socket: %s", strerror(errno));
Darren Tucker6e7fe1c2010-01-08 17:07:22 +1100379 return -1;
380 }
381 fcntl(sock, F_SETFD, FD_CLOEXEC);
Ben Lindstrome0f88042001-04-30 13:06:24 +0000382
383 /* Bind the socket to an alternative local IP address */
dtucker@openbsd.org95d41e92018-07-19 10:28:47 +0000384 if (options.bind_address == NULL && options.bind_interface == NULL)
Ben Lindstrome0f88042001-04-30 13:06:24 +0000385 return sock;
386
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000387 if (options.bind_address != NULL) {
Damien Millerd1a7a9c2014-02-07 09:24:33 +1100388 memset(&hints, 0, sizeof(hints));
389 hints.ai_family = ai->ai_family;
390 hints.ai_socktype = ai->ai_socktype;
391 hints.ai_protocol = ai->ai_protocol;
392 hints.ai_flags = AI_PASSIVE;
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000393 if ((r = getaddrinfo(options.bind_address, NULL,
394 &hints, &res)) != 0) {
Damien Millerd1a7a9c2014-02-07 09:24:33 +1100395 error("getaddrinfo: %s: %s", options.bind_address,
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000396 ssh_gai_strerror(r));
397 goto fail;
Damien Millerd1a7a9c2014-02-07 09:24:33 +1100398 }
dtucker@openbsd.org3e19fb92018-02-23 04:18:46 +0000399 if (res == NULL) {
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000400 error("getaddrinfo: no addrs");
401 goto fail;
dtucker@openbsd.org3e19fb92018-02-23 04:18:46 +0000402 }
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000403 memcpy(&bindaddr, res->ai_addr, res->ai_addrlen);
404 bindaddrlen = res->ai_addrlen;
405 } else if (options.bind_interface != NULL) {
Darren Tuckerb59162d2018-02-23 15:20:42 +1100406#ifdef HAVE_IFADDRS_H
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000407 if ((r = getifaddrs(&ifaddrs)) != 0) {
408 error("getifaddrs: %s: %s", options.bind_interface,
409 strerror(errno));
410 goto fail;
411 }
412 bindaddrlen = sizeof(bindaddr);
413 if (check_ifaddrs(options.bind_interface, ai->ai_family,
414 ifaddrs, &bindaddr, &bindaddrlen) != 0) {
415 logit("getifaddrs: %s: no suitable addresses",
416 options.bind_interface);
417 goto fail;
418 }
Darren Tuckerb59162d2018-02-23 15:20:42 +1100419#else
420 error("BindInterface not supported on this platform.");
421#endif
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000422 }
423 if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen,
424 ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST)) != 0) {
425 error("%s: getnameinfo failed: %s", __func__,
426 ssh_gai_strerror(r));
427 goto fail;
Ben Lindstrome0f88042001-04-30 13:06:24 +0000428 }
dtucker@openbsd.org258dc8b2018-07-18 11:34:04 +0000429 if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000430 error("bind %s: %s", ntop, strerror(errno));
431 goto fail;
Ben Lindstrome0f88042001-04-30 13:06:24 +0000432 }
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000433 debug("%s: bound to %s", __func__, ntop);
434 /* success */
435 goto out;
436fail:
437 close(sock);
438 sock = -1;
439 out:
Damien Millerd1a7a9c2014-02-07 09:24:33 +1100440 if (res != NULL)
441 freeaddrinfo(res);
Darren Tuckerb59162d2018-02-23 15:20:42 +1100442#ifdef HAVE_IFADDRS_H
djm@openbsd.orgac2e3022018-02-23 02:34:33 +0000443 if (ifaddrs != NULL)
444 freeifaddrs(ifaddrs);
Darren Tuckerb59162d2018-02-23 15:20:42 +1100445#endif
Damien Miller95def091999-11-25 00:26:21 +1100446 return sock;
447}
448
djm@openbsd.org45404282017-06-24 05:37:44 +0000449/*
Damien Miller34132e52000-01-14 15:45:46 +1100450 * Opens a TCP/IP connection to the remote server on the given host.
451 * The address of the remote host will be returned in hostaddr.
dtucker@openbsd.org95d41e92018-07-19 10:28:47 +0000452 * If port is 0, the default port will be used.
Damien Miller95def091999-11-25 00:26:21 +1100453 * Connection_attempts specifies the maximum number of tries (one per
454 * second). If proxy_command is non-NULL, it specifies the command (with %h
455 * and %p substituted for host and port, respectively) to use to contact
456 * the daemon.
457 */
Damien Miller0faf7472013-10-17 11:47:23 +1100458static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000459ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
Damien Miller0faf7472013-10-17 11:47:23 +1100460 struct sockaddr_storage *hostaddr, u_short port, int family,
dtucker@openbsd.org95d41e92018-07-19 10:28:47 +0000461 int connection_attempts, int *timeout_ms, int want_keepalive)
Damien Miller95def091999-11-25 00:26:21 +1100462{
dtucker@openbsd.org483b3b62019-02-01 03:52:23 +0000463 int on = 1, saved_timeout_ms = *timeout_ms;
djm@openbsd.org7c779912018-01-23 05:17:04 +0000464 int oerrno, sock = -1, attempt;
Ben Lindstrombf555ba2001-01-18 02:04:35 +0000465 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
Damien Miller0faf7472013-10-17 11:47:23 +1100466 struct addrinfo *ai;
Damien Miller95def091999-11-25 00:26:21 +1100467
dtucker@openbsd.org95d41e92018-07-19 10:28:47 +0000468 debug2("%s", __func__);
djm@openbsd.org88b6fcd2015-11-19 08:23:27 +0000469 memset(ntop, 0, sizeof(ntop));
470 memset(strport, 0, sizeof(strport));
Damien Miller95def091999-11-25 00:26:21 +1100471
Damien Miller56e5e6a2006-04-23 12:08:59 +1000472 for (attempt = 0; attempt < connection_attempts; attempt++) {
Damien Millerf4bcd102006-10-24 03:02:23 +1000473 if (attempt > 0) {
474 /* Sleep a moment before retrying. */
475 sleep(1);
Damien Miller95def091999-11-25 00:26:21 +1100476 debug("Trying again...");
Damien Millerf4bcd102006-10-24 03:02:23 +1000477 }
Damien Miller56e5e6a2006-04-23 12:08:59 +1000478 /*
479 * Loop through addresses for this host, and try each one in
480 * sequence until the connection succeeds.
481 */
Damien Miller34132e52000-01-14 15:45:46 +1100482 for (ai = aitop; ai; ai = ai->ai_next) {
Damien Miller0faf7472013-10-17 11:47:23 +1100483 if (ai->ai_family != AF_INET &&
djm@openbsd.org7c779912018-01-23 05:17:04 +0000484 ai->ai_family != AF_INET6) {
485 errno = EAFNOSUPPORT;
Damien Miller34132e52000-01-14 15:45:46 +1100486 continue;
djm@openbsd.org7c779912018-01-23 05:17:04 +0000487 }
Damien Miller34132e52000-01-14 15:45:46 +1100488 if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
489 ntop, sizeof(ntop), strport, sizeof(strport),
490 NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
djm@openbsd.org7c779912018-01-23 05:17:04 +0000491 oerrno = errno;
djm@openbsd.org46152af2015-09-04 04:55:24 +0000492 error("%s: getnameinfo failed", __func__);
djm@openbsd.org7c779912018-01-23 05:17:04 +0000493 errno = oerrno;
Damien Miller34132e52000-01-14 15:45:46 +1100494 continue;
495 }
496 debug("Connecting to %.200s [%.100s] port %s.",
497 host, ntop, strport);
Damien Miller95def091999-11-25 00:26:21 +1100498
Damien Miller34132e52000-01-14 15:45:46 +1100499 /* Create a socket for connecting. */
dtucker@openbsd.org95d41e92018-07-19 10:28:47 +0000500 sock = ssh_create_socket(ai);
stsp@openbsd.orga60c5dc2018-01-23 18:33:49 +0000501 if (sock < 0) {
Ben Lindstromf9cedb92001-08-06 21:07:11 +0000502 /* Any error is already output */
djm@openbsd.org7c779912018-01-23 05:17:04 +0000503 errno = 0;
Damien Miller34132e52000-01-14 15:45:46 +1100504 continue;
stsp@openbsd.orga60c5dc2018-01-23 18:33:49 +0000505 }
Damien Miller95def091999-11-25 00:26:21 +1100506
dtucker@openbsd.org483b3b62019-02-01 03:52:23 +0000507 *timeout_ms = saved_timeout_ms;
Damien Millerb78d5eb2003-05-16 11:39:04 +1000508 if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
Damien Miller67bd0622007-09-17 12:06:57 +1000509 timeout_ms) >= 0) {
Damien Miller34132e52000-01-14 15:45:46 +1100510 /* Successful connection. */
Ben Lindstroma3700052001-04-05 23:26:32 +0000511 memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
Damien Miller95def091999-11-25 00:26:21 +1100512 break;
Damien Miller34132e52000-01-14 15:45:46 +1100513 } else {
djm@openbsd.org7c779912018-01-23 05:17:04 +0000514 oerrno = errno;
Ben Lindstrom728aa7e2002-07-15 17:48:11 +0000515 debug("connect to address %s port %s: %s",
516 ntop, strport, strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100517 close(sock);
Damien Miller56e5e6a2006-04-23 12:08:59 +1000518 sock = -1;
djm@openbsd.org7c779912018-01-23 05:17:04 +0000519 errno = oerrno;
Damien Miller95def091999-11-25 00:26:21 +1100520 }
Damien Miller95def091999-11-25 00:26:21 +1100521 }
Damien Miller56e5e6a2006-04-23 12:08:59 +1000522 if (sock != -1)
Damien Miller34132e52000-01-14 15:45:46 +1100523 break; /* Successful connection. */
Damien Miller95def091999-11-25 00:26:21 +1100524 }
Damien Miller34132e52000-01-14 15:45:46 +1100525
Damien Miller95def091999-11-25 00:26:21 +1100526 /* Return failure if we didn't get a successful connection. */
Damien Miller56e5e6a2006-04-23 12:08:59 +1000527 if (sock == -1) {
Darren Tuckerb2161e32005-01-20 11:00:46 +1100528 error("ssh: connect to host %s port %s: %s",
djm@openbsd.org7c779912018-01-23 05:17:04 +0000529 host, strport, errno == 0 ? "failure" : strerror(errno));
530 return -1;
Ben Lindstroma6cd75c2002-07-11 04:00:19 +0000531 }
Damien Miller95def091999-11-25 00:26:21 +1100532
533 debug("Connection established.");
534
Damien Miller12c150e2003-12-17 16:31:10 +1100535 /* Set SO_KEEPALIVE if requested. */
Damien Miller67bd0622007-09-17 12:06:57 +1000536 if (want_keepalive &&
Ben Lindstrombf555ba2001-01-18 02:04:35 +0000537 setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000538 sizeof(on)) == -1)
Ben Lindstrombf555ba2001-01-18 02:04:35 +0000539 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100540
541 /* Set the connection. */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000542 if (ssh_packet_set_connection(ssh, sock, sock) == NULL)
543 return -1; /* ssh_packet_set_connection logs error */
Damien Miller95def091999-11-25 00:26:21 +1100544
djm@openbsd.org2aefdf12019-09-13 04:31:19 +0000545 return 0;
Damien Miller95def091999-11-25 00:26:21 +1100546}
547
Damien Miller0faf7472013-10-17 11:47:23 +1100548int
djm@openbsd.orgfbe24b12019-09-13 04:27:35 +0000549ssh_connect(struct ssh *ssh, const char *host, const char *host_arg,
550 struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port,
551 int family, int connection_attempts, int *timeout_ms, int want_keepalive)
Damien Miller0faf7472013-10-17 11:47:23 +1100552{
markus@openbsd.org8e7bac32019-02-27 19:37:01 +0000553 int in, out;
554
Damien Miller0faf7472013-10-17 11:47:23 +1100555 if (options.proxy_command == NULL) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000556 return ssh_connect_direct(ssh, host, addrs, hostaddr, port,
dtucker@openbsd.org95d41e92018-07-19 10:28:47 +0000557 family, connection_attempts, timeout_ms, want_keepalive);
Damien Miller0faf7472013-10-17 11:47:23 +1100558 } else if (strcmp(options.proxy_command, "-") == 0) {
deraadt@openbsd.org4d28fa72019-06-28 13:35:04 +0000559 if ((in = dup(STDIN_FILENO)) == -1 ||
560 (out = dup(STDOUT_FILENO)) == -1) {
markus@openbsd.org8e7bac32019-02-27 19:37:01 +0000561 if (in >= 0)
562 close(in);
563 error("%s: dup() in/out failed", __func__);
564 return -1; /* ssh_packet_set_connection logs error */
565 }
566 if ((ssh_packet_set_connection(ssh, in, out)) == NULL)
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000567 return -1; /* ssh_packet_set_connection logs error */
568 return 0;
Damien Miller0faf7472013-10-17 11:47:23 +1100569 } else if (options.proxy_use_fdpass) {
djm@openbsd.orgfbe24b12019-09-13 04:27:35 +0000570 return ssh_proxy_fdpass_connect(ssh, host, host_arg, port,
Damien Miller0faf7472013-10-17 11:47:23 +1100571 options.proxy_command);
572 }
djm@openbsd.orgfbe24b12019-09-13 04:27:35 +0000573 return ssh_proxy_connect(ssh, host, host_arg, port,
574 options.proxy_command);
Damien Miller0faf7472013-10-17 11:47:23 +1100575}
576
Ben Lindstromb6c06d92001-02-10 23:21:09 +0000577/* defaults to 'no' */
Ben Lindstrombba81212001-06-25 05:01:22 +0000578static int
dtucker@openbsd.org05b9a462019-01-24 17:00:29 +0000579confirm(const char *prompt, const char *fingerprint)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000580{
Damien Miller49d795c2002-01-22 23:34:12 +1100581 const char *msg, *again = "Please type 'yes' or 'no': ";
dtucker@openbsd.org05b9a462019-01-24 17:00:29 +0000582 const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
Damien Miller49d795c2002-01-22 23:34:12 +1100583 char *p;
584 int ret = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000585
Ben Lindstromb6c06d92001-02-10 23:21:09 +0000586 if (options.batch_mode)
587 return 0;
dtucker@openbsd.org05b9a462019-01-24 17:00:29 +0000588 for (msg = prompt;;msg = fingerprint ? again_fp : again) {
Damien Miller49d795c2002-01-22 23:34:12 +1100589 p = read_passphrase(msg, RP_ECHO);
djm@openbsd.orge0ce54c2017-12-06 05:06:21 +0000590 if (p == NULL)
591 return 0;
592 p[strcspn(p, "\n")] = '\0';
593 if (p[0] == '\0' || strcasecmp(p, "no") == 0)
Damien Miller49d795c2002-01-22 23:34:12 +1100594 ret = 0;
dtucker@openbsd.org05b9a462019-01-24 17:00:29 +0000595 else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
596 strcasecmp(p, fingerprint) == 0))
Damien Miller49d795c2002-01-22 23:34:12 +1100597 ret = 1;
Darren Tuckera627d422013-06-02 07:31:17 +1000598 free(p);
Damien Miller49d795c2002-01-22 23:34:12 +1100599 if (ret != -1)
600 return ret;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000601 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000602}
603
Damien Miller0a80ca12010-02-27 07:55:05 +1100604static int
djm@openbsd.orgecac7e12018-09-20 03:30:44 +0000605check_host_cert(const char *host, const struct sshkey *key)
Damien Miller0a80ca12010-02-27 07:55:05 +1100606{
607 const char *reason;
djm@openbsd.orgecac7e12018-09-20 03:30:44 +0000608 int r;
Damien Miller0a80ca12010-02-27 07:55:05 +1100609
djm@openbsd.orgecac7e12018-09-20 03:30:44 +0000610 if (sshkey_cert_check_authority(key, 1, 0, host, &reason) != 0) {
Damien Miller0a80ca12010-02-27 07:55:05 +1100611 error("%s", reason);
612 return 0;
613 }
djm@openbsd.orgecac7e12018-09-20 03:30:44 +0000614 if (sshbuf_len(key->cert->critical) != 0) {
Damien Miller4e270b02010-04-16 15:56:21 +1000615 error("Certificate for %s contains unsupported "
616 "critical options(s)", host);
Damien Miller0a80ca12010-02-27 07:55:05 +1100617 return 0;
618 }
djm@openbsd.orgecac7e12018-09-20 03:30:44 +0000619 if ((r = sshkey_check_cert_sigtype(key,
620 options.ca_sign_algorithms)) != 0) {
621 logit("%s: certificate signature algorithm %s: %s", __func__,
622 (key->cert == NULL || key->cert->signature_type == NULL) ?
623 "(null)" : key->cert->signature_type, ssh_err(r));
624 return 0;
625 }
626
Damien Miller0a80ca12010-02-27 07:55:05 +1100627 return 1;
628}
629
Damien Millerd925dcd2010-12-01 12:21:51 +1100630static int
631sockaddr_is_local(struct sockaddr *hostaddr)
632{
633 switch (hostaddr->sa_family) {
634 case AF_INET:
635 return (ntohl(((struct sockaddr_in *)hostaddr)->
636 sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
637 case AF_INET6:
638 return IN6_IS_ADDR_LOOPBACK(
639 &(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
640 default:
641 return 0;
642 }
643}
644
645/*
646 * Prepare the hostname and ip address strings that are used to lookup
647 * host keys in known_hosts files. These may have a port number appended.
648 */
649void
650get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
651 u_short port, char **hostfile_hostname, char **hostfile_ipaddr)
652{
653 char ntop[NI_MAXHOST];
654 socklen_t addrlen;
655
656 switch (hostaddr == NULL ? -1 : hostaddr->sa_family) {
657 case -1:
658 addrlen = 0;
659 break;
660 case AF_INET:
661 addrlen = sizeof(struct sockaddr_in);
662 break;
663 case AF_INET6:
664 addrlen = sizeof(struct sockaddr_in6);
665 break;
666 default:
667 addrlen = sizeof(struct sockaddr);
668 break;
669 }
670
671 /*
672 * We don't have the remote ip-address for connections
673 * using a proxy command
674 */
675 if (hostfile_ipaddr != NULL) {
676 if (options.proxy_command == NULL) {
677 if (getnameinfo(hostaddr, addrlen,
678 ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0)
djm@openbsd.org9ce86c92015-01-28 22:36:00 +0000679 fatal("%s: getnameinfo failed", __func__);
Damien Millerd925dcd2010-12-01 12:21:51 +1100680 *hostfile_ipaddr = put_host_port(ntop, port);
681 } else {
682 *hostfile_ipaddr = xstrdup("<no hostip for proxy "
683 "command>");
684 }
685 }
686
687 /*
688 * Allow the user to record the key under a different name or
689 * differentiate a non-standard port. This is useful for ssh
690 * tunneling over forwarded connections or if you run multiple
691 * sshd's on different ports on the same machine.
692 */
693 if (hostfile_hostname != NULL) {
694 if (options.host_key_alias != NULL) {
695 *hostfile_hostname = xstrdup(options.host_key_alias);
696 debug("using hostkeyalias: %s", *hostfile_hostname);
697 } else {
698 *hostfile_hostname = put_host_port(hostname, port);
699 }
700 }
701}
702
Damien Miller95def091999-11-25 00:26:21 +1100703/*
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000704 * check whether the supplied host key is valid, return -1 if the key
Damien Miller295ee632011-05-29 21:42:31 +1000705 * is not valid. user_hostfile[0] will not be updated if 'readonly' is true.
Damien Miller95def091999-11-25 00:26:21 +1100706 */
Damien Millerda828392006-08-05 11:35:45 +1000707#define RDRW 0
708#define RDONLY 1
709#define ROQUIET 2
Ben Lindstrombba81212001-06-25 05:01:22 +0000710static int
Damien Millerda828392006-08-05 11:35:45 +1000711check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
markus@openbsd.org54d90ac2017-05-30 08:52:19 +0000712 struct sshkey *host_key, int readonly,
Damien Miller295ee632011-05-29 21:42:31 +1000713 char **user_hostfiles, u_int num_user_hostfiles,
714 char **system_hostfiles, u_int num_system_hostfiles)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000715{
Damien Miller95def091999-11-25 00:26:21 +1100716 HostStatus host_status;
717 HostStatus ip_status;
markus@openbsd.org54d90ac2017-05-30 08:52:19 +0000718 struct sshkey *raw_key = NULL;
Damien Miller295ee632011-05-29 21:42:31 +1000719 char *ip = NULL, *host = NULL;
720 char hostline[1000], *hostp, *fp, *ra;
Damien Miller49d795c2002-01-22 23:34:12 +1100721 char msg[1024];
Damien Miller295ee632011-05-29 21:42:31 +1000722 const char *type;
Damien Millerd925dcd2010-12-01 12:21:51 +1100723 const struct hostkey_entry *host_found, *ip_found;
dtucker@openbsd.org05b9a462019-01-24 17:00:29 +0000724 int len, cancelled_forwarding = 0, confirmed;
Damien Miller295ee632011-05-29 21:42:31 +1000725 int local = sockaddr_is_local(hostaddr);
markus@openbsd.orgbeb965b2017-05-30 14:13:40 +0000726 int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
djm@openbsd.org8d4f8722015-01-26 03:04:45 +0000727 int hostkey_trusted = 0; /* Known or explicitly accepted by user */
Damien Miller295ee632011-05-29 21:42:31 +1000728 struct hostkeys *host_hostkeys, *ip_hostkeys;
729 u_int i;
Damien Miller34132e52000-01-14 15:45:46 +1100730
731 /*
732 * Force accepting of the host key for loopback/localhost. The
733 * problem is that if the home directory is NFS-mounted to multiple
734 * machines, localhost will refer to a different machine in each of
735 * them, and the user will get bogus HOST_CHANGED warnings. This
736 * essentially disables host authentication for localhost; however,
737 * this is probably not a real problem.
738 */
Ben Lindstrom3cecc9a2001-10-03 17:39:38 +0000739 if (options.no_host_authentication_for_localhost == 1 && local &&
740 options.host_key_alias == NULL) {
Ben Lindstrom5c1fbab2001-01-03 03:51:15 +0000741 debug("Forcing accepting of host key for "
742 "loopback/localhost.");
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000743 return 0;
Damien Miller34132e52000-01-14 15:45:46 +1100744 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000745
Damien Milleraae6c611999-12-06 11:47:28 +1100746 /*
Damien Millerd925dcd2010-12-01 12:21:51 +1100747 * Prepare the hostname and address strings used for hostkey lookup.
748 * In some cases, these will have a port number appended.
Damien Milleraae6c611999-12-06 11:47:28 +1100749 */
Damien Millerd925dcd2010-12-01 12:21:51 +1100750 get_hostfile_hostname_ipaddr(hostname, hostaddr, port, &host, &ip);
Darren Tucker78913e02008-06-13 04:47:34 +1000751
752 /*
Ben Lindstrom5c1fbab2001-01-03 03:51:15 +0000753 * Turn off check_host_ip if the connection is to localhost, via proxy
754 * command or if we don't have a hostname to compare with
755 */
Darren Tuckerda345532006-07-10 23:04:19 +1000756 if (options.check_host_ip && (local ||
757 strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
Damien Milleraae6c611999-12-06 11:47:28 +1100758 options.check_host_ip = 0;
759
Damien Millerd925dcd2010-12-01 12:21:51 +1100760 host_hostkeys = init_hostkeys();
Damien Miller295ee632011-05-29 21:42:31 +1000761 for (i = 0; i < num_user_hostfiles; i++)
762 load_hostkeys(host_hostkeys, host, user_hostfiles[i]);
763 for (i = 0; i < num_system_hostfiles; i++)
764 load_hostkeys(host_hostkeys, host, system_hostfiles[i]);
Damien Millerd925dcd2010-12-01 12:21:51 +1100765
766 ip_hostkeys = NULL;
767 if (!want_cert && options.check_host_ip) {
768 ip_hostkeys = init_hostkeys();
Damien Miller295ee632011-05-29 21:42:31 +1000769 for (i = 0; i < num_user_hostfiles; i++)
770 load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]);
771 for (i = 0; i < num_system_hostfiles; i++)
772 load_hostkeys(ip_hostkeys, ip, system_hostfiles[i]);
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000773 }
774
Damien Miller0a80ca12010-02-27 07:55:05 +1100775 retry:
Damien Millerd925dcd2010-12-01 12:21:51 +1100776 /* Reload these as they may have changed on cert->key downgrade */
markus@openbsd.orgbeb965b2017-05-30 14:13:40 +0000777 want_cert = sshkey_is_cert(host_key);
778 type = sshkey_type(host_key);
Damien Miller0a80ca12010-02-27 07:55:05 +1100779
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000780 /*
Damien Miller788f2122005-11-05 15:14:59 +1100781 * Check if the host key is present in the user's list of known
Damien Miller5428f641999-11-25 11:54:57 +1100782 * hosts or in the systemwide list.
783 */
Damien Millerd925dcd2010-12-01 12:21:51 +1100784 host_status = check_key_in_hostkeys(host_hostkeys, host_key,
785 &host_found);
786
Damien Miller5428f641999-11-25 11:54:57 +1100787 /*
Damien Miller5428f641999-11-25 11:54:57 +1100788 * Also perform check for the ip address, skip the check if we are
Damien Miller0a80ca12010-02-27 07:55:05 +1100789 * localhost, looking for a certificate, or the hostname was an ip
790 * address to begin with.
Damien Miller5428f641999-11-25 11:54:57 +1100791 */
Damien Millerd925dcd2010-12-01 12:21:51 +1100792 if (!want_cert && ip_hostkeys != NULL) {
793 ip_status = check_key_in_hostkeys(ip_hostkeys, host_key,
794 &ip_found);
Damien Miller95def091999-11-25 00:26:21 +1100795 if (host_status == HOST_CHANGED &&
djm@openbsd.org2aefdf12019-09-13 04:31:19 +0000796 (ip_status != HOST_CHANGED ||
Damien Millerd925dcd2010-12-01 12:21:51 +1100797 (ip_found != NULL &&
markus@openbsd.orgbeb965b2017-05-30 14:13:40 +0000798 !sshkey_equal(ip_found->key, host_found->key))))
Damien Miller95def091999-11-25 00:26:21 +1100799 host_ip_differ = 1;
Damien Miller95def091999-11-25 00:26:21 +1100800 } else
801 ip_status = host_status;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000802
Damien Miller95def091999-11-25 00:26:21 +1100803 switch (host_status) {
804 case HOST_OK:
805 /* The host is known and the key matches. */
Damien Miller0a80ca12010-02-27 07:55:05 +1100806 debug("Host '%.200s' is known and matches the %s host %s.",
807 host, type, want_cert ? "certificate" : "key");
Damien Millerd925dcd2010-12-01 12:21:51 +1100808 debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",
809 host_found->file, host_found->line);
djm@openbsd.org6f8ca3b2017-06-24 05:35:05 +0000810 if (want_cert &&
811 !check_host_cert(options.host_key_alias == NULL ?
812 hostname : options.host_key_alias, host_key))
Damien Miller0a80ca12010-02-27 07:55:05 +1100813 goto fail;
Ben Lindstrom5c1fbab2001-01-03 03:51:15 +0000814 if (options.check_host_ip && ip_status == HOST_NEW) {
Damien Miller0a80ca12010-02-27 07:55:05 +1100815 if (readonly || want_cert)
Damien Miller996acd22003-04-09 20:59:48 +1000816 logit("%s host key for IP address "
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000817 "'%.128s' not in list of known hosts.",
Ben Lindstrom5c1fbab2001-01-03 03:51:15 +0000818 type, ip);
Damien Miller295ee632011-05-29 21:42:31 +1000819 else if (!add_host_to_hostfile(user_hostfiles[0], ip,
Damien Millere1776152005-03-01 21:47:37 +1100820 host_key, options.hash_known_hosts))
Damien Miller996acd22003-04-09 20:59:48 +1000821 logit("Failed to add the %s host key for IP "
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000822 "address '%.128s' to the list of known "
dtucker@openbsd.org496aeb22015-05-28 05:41:29 +0000823 "hosts (%.500s).", type, ip,
Damien Miller295ee632011-05-29 21:42:31 +1000824 user_hostfiles[0]);
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000825 else
Damien Miller996acd22003-04-09 20:59:48 +1000826 logit("Warning: Permanently added the %s host "
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000827 "key for IP address '%.128s' to the list "
828 "of known hosts.", type, ip);
Damien Miller10288242008-06-30 00:04:03 +1000829 } else if (options.visual_host_key) {
djm@openbsd.org9ce86c92015-01-28 22:36:00 +0000830 fp = sshkey_fingerprint(host_key,
djm@openbsd.org56d1c832014-12-21 22:27:55 +0000831 options.fingerprint_hash, SSH_FP_DEFAULT);
djm@openbsd.org9ce86c92015-01-28 22:36:00 +0000832 ra = sshkey_fingerprint(host_key,
djm@openbsd.org56d1c832014-12-21 22:27:55 +0000833 options.fingerprint_hash, SSH_FP_RANDOMART);
djm@openbsd.org9ce86c92015-01-28 22:36:00 +0000834 if (fp == NULL || ra == NULL)
835 fatal("%s: sshkey_fingerprint fail", __func__);
djm@openbsd.orgac3451d2015-09-04 03:57:38 +0000836 logit("Host key fingerprint is %s\n%s", fp, ra);
Darren Tuckera627d422013-06-02 07:31:17 +1000837 free(ra);
838 free(fp);
Damien Miller95def091999-11-25 00:26:21 +1100839 }
djm@openbsd.org8d4f8722015-01-26 03:04:45 +0000840 hostkey_trusted = 1;
Damien Miller95def091999-11-25 00:26:21 +1100841 break;
842 case HOST_NEW:
Damien Millerda828392006-08-05 11:35:45 +1000843 if (options.host_key_alias == NULL && port != 0 &&
844 port != SSH_DEFAULT_PORT) {
845 debug("checking without port identifier");
Damien Millerece92c82008-11-03 19:25:03 +1100846 if (check_host_key(hostname, hostaddr, 0, host_key,
Damien Miller295ee632011-05-29 21:42:31 +1000847 ROQUIET, user_hostfiles, num_user_hostfiles,
848 system_hostfiles, num_system_hostfiles) == 0) {
Damien Millerda828392006-08-05 11:35:45 +1000849 debug("found matching key w/out port");
850 break;
851 }
852 }
Damien Miller0a80ca12010-02-27 07:55:05 +1100853 if (readonly || want_cert)
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000854 goto fail;
Damien Miller95def091999-11-25 00:26:21 +1100855 /* The host is new. */
djm@openbsd.org22376d22017-09-03 23:33:13 +0000856 if (options.strict_host_key_checking ==
857 SSH_STRICT_HOSTKEY_YES) {
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000858 /*
859 * User has requested strict host key checking. We
860 * will not add the host key automatically. The only
861 * alternative left is to abort.
862 */
863 error("No %s host key is known for %.200s and you "
864 "have requested strict checking.", type, host);
865 goto fail;
djm@openbsd.org22376d22017-09-03 23:33:13 +0000866 } else if (options.strict_host_key_checking ==
867 SSH_STRICT_HOSTKEY_ASK) {
Damien Miller7392ae62003-06-11 22:05:25 +1000868 char msg1[1024], msg2[1024];
869
Damien Millerd925dcd2010-12-01 12:21:51 +1100870 if (show_other_keys(host_hostkeys, host_key))
Damien Miller7392ae62003-06-11 22:05:25 +1000871 snprintf(msg1, sizeof(msg1),
Damien Miller0dc1bef2005-07-17 17:22:45 +1000872 "\nbut keys of different type are already"
873 " known for this host.");
Damien Miller7392ae62003-06-11 22:05:25 +1000874 else
875 snprintf(msg1, sizeof(msg1), ".");
Damien Miller95def091999-11-25 00:26:21 +1100876 /* The default */
djm@openbsd.org9ce86c92015-01-28 22:36:00 +0000877 fp = sshkey_fingerprint(host_key,
djm@openbsd.org56d1c832014-12-21 22:27:55 +0000878 options.fingerprint_hash, SSH_FP_DEFAULT);
djm@openbsd.org9ce86c92015-01-28 22:36:00 +0000879 ra = sshkey_fingerprint(host_key,
djm@openbsd.org56d1c832014-12-21 22:27:55 +0000880 options.fingerprint_hash, SSH_FP_RANDOMART);
djm@openbsd.org9ce86c92015-01-28 22:36:00 +0000881 if (fp == NULL || ra == NULL)
882 fatal("%s: sshkey_fingerprint fail", __func__);
Damien Miller7392ae62003-06-11 22:05:25 +1000883 msg2[0] = '\0';
Damien Miller7392ae62003-06-11 22:05:25 +1000884 if (options.verify_host_key_dns) {
Damien Miller150b5572003-11-17 21:19:29 +1100885 if (matching_host_key_dns)
Damien Miller7392ae62003-06-11 22:05:25 +1000886 snprintf(msg2, sizeof(msg2),
887 "Matching host key fingerprint"
888 " found in DNS.\n");
889 else
890 snprintf(msg2, sizeof(msg2),
891 "No matching host key fingerprint"
892 " found in DNS.\n");
893 }
Damien Miller49d795c2002-01-22 23:34:12 +1100894 snprintf(msg, sizeof(msg),
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000895 "The authenticity of host '%.200s (%s)' can't be "
Ben Lindstrom3ed66402002-08-01 01:21:56 +0000896 "established%s\n"
Damien Miller10288242008-06-30 00:04:03 +1000897 "%s key fingerprint is %s.%s%s\n%s"
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000898 "Are you sure you want to continue connecting "
dtucker@openbsd.org05b9a462019-01-24 17:00:29 +0000899 "(yes/no/[fingerprint])? ",
Damien Miller10288242008-06-30 00:04:03 +1000900 host, ip, msg1, type, fp,
901 options.visual_host_key ? "\n" : "",
902 options.visual_host_key ? ra : "",
903 msg2);
Darren Tuckera627d422013-06-02 07:31:17 +1000904 free(ra);
dtucker@openbsd.org05b9a462019-01-24 17:00:29 +0000905 confirmed = confirm(msg, fp);
Darren Tuckera627d422013-06-02 07:31:17 +1000906 free(fp);
dtucker@openbsd.org05b9a462019-01-24 17:00:29 +0000907 if (!confirmed)
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000908 goto fail;
djm@openbsd.org8d4f8722015-01-26 03:04:45 +0000909 hostkey_trusted = 1; /* user explicitly confirmed */
Damien Miller95def091999-11-25 00:26:21 +1100910 }
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000911 /*
djm@openbsd.org22376d22017-09-03 23:33:13 +0000912 * If in "new" or "off" strict mode, add the key automatically
913 * to the local known_hosts file.
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000914 */
Damien Miller1227d4c2005-03-02 12:06:51 +1100915 if (options.check_host_ip && ip_status == HOST_NEW) {
Damien Millerd925dcd2010-12-01 12:21:51 +1100916 snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
Damien Miller1227d4c2005-03-02 12:06:51 +1100917 hostp = hostline;
918 if (options.hash_known_hosts) {
919 /* Add hash of host and IP separately */
Damien Miller295ee632011-05-29 21:42:31 +1000920 r = add_host_to_hostfile(user_hostfiles[0],
921 host, host_key, options.hash_known_hosts) &&
922 add_host_to_hostfile(user_hostfiles[0], ip,
Damien Miller1227d4c2005-03-02 12:06:51 +1100923 host_key, options.hash_known_hosts);
924 } else {
925 /* Add unhashed "host,ip" */
Damien Miller295ee632011-05-29 21:42:31 +1000926 r = add_host_to_hostfile(user_hostfiles[0],
Damien Miller1227d4c2005-03-02 12:06:51 +1100927 hostline, host_key,
928 options.hash_known_hosts);
929 }
930 } else {
Damien Miller295ee632011-05-29 21:42:31 +1000931 r = add_host_to_hostfile(user_hostfiles[0], host,
932 host_key, options.hash_known_hosts);
Damien Miller1227d4c2005-03-02 12:06:51 +1100933 hostp = host;
934 }
935
936 if (!r)
Damien Miller996acd22003-04-09 20:59:48 +1000937 logit("Failed to add the host to the list of known "
Damien Miller295ee632011-05-29 21:42:31 +1000938 "hosts (%.500s).", user_hostfiles[0]);
Damien Miller95def091999-11-25 00:26:21 +1100939 else
Damien Miller996acd22003-04-09 20:59:48 +1000940 logit("Warning: Permanently added '%.200s' (%s) to the "
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000941 "list of known hosts.", hostp, type);
Damien Miller95def091999-11-25 00:26:21 +1100942 break;
Damien Miller1aed65e2010-03-04 21:53:35 +1100943 case HOST_REVOKED:
944 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
945 error("@ WARNING: REVOKED HOST KEY DETECTED! @");
946 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
947 error("The %s host key for %s is marked as revoked.", type, host);
948 error("This could mean that a stolen key is being used to");
949 error("impersonate this host.");
950
951 /*
952 * If strict host key checking is in use, the user will have
953 * to edit the key manually and we can only abort.
954 */
djm@openbsd.org22376d22017-09-03 23:33:13 +0000955 if (options.strict_host_key_checking !=
956 SSH_STRICT_HOSTKEY_OFF) {
Damien Miller1aed65e2010-03-04 21:53:35 +1100957 error("%s host key for %.200s was revoked and you have "
958 "requested strict checking.", type, host);
959 goto fail;
960 }
961 goto continue_unsafe;
962
Damien Miller95def091999-11-25 00:26:21 +1100963 case HOST_CHANGED:
Damien Miller0a80ca12010-02-27 07:55:05 +1100964 if (want_cert) {
965 /*
966 * This is only a debug() since it is valid to have
967 * CAs with wildcard DNS matches that don't match
968 * all hosts that one might visit.
969 */
970 debug("Host certificate authority does not "
Damien Millerd925dcd2010-12-01 12:21:51 +1100971 "match %s in %s:%lu", CA_MARKER,
972 host_found->file, host_found->line);
Damien Miller0a80ca12010-02-27 07:55:05 +1100973 goto fail;
974 }
Damien Millerda828392006-08-05 11:35:45 +1000975 if (readonly == ROQUIET)
976 goto fail;
Damien Miller95def091999-11-25 00:26:21 +1100977 if (options.check_host_ip && host_ip_differ) {
Darren Tucker3f9fdc72004-06-22 12:56:01 +1000978 char *key_msg;
Damien Miller95def091999-11-25 00:26:21 +1100979 if (ip_status == HOST_NEW)
Darren Tucker3f9fdc72004-06-22 12:56:01 +1000980 key_msg = "is unknown";
Damien Miller95def091999-11-25 00:26:21 +1100981 else if (ip_status == HOST_OK)
Darren Tucker3f9fdc72004-06-22 12:56:01 +1000982 key_msg = "is unchanged";
Damien Miller95def091999-11-25 00:26:21 +1100983 else
Darren Tucker3f9fdc72004-06-22 12:56:01 +1000984 key_msg = "has a different value";
Damien Miller95def091999-11-25 00:26:21 +1100985 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
986 error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
987 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
Damien Millere247cc42000-05-07 12:03:14 +1000988 error("The %s host key for %s has changed,", type, host);
Darren Tuckerff4454d2008-06-13 10:21:51 +1000989 error("and the key for the corresponding IP address %s", ip);
Darren Tucker3f9fdc72004-06-22 12:56:01 +1000990 error("%s. This could either mean that", key_msg);
Damien Miller95def091999-11-25 00:26:21 +1100991 error("DNS SPOOFING is happening or the IP address for the host");
Ben Lindstrom46c16222000-12-22 01:43:59 +0000992 error("and its host key have changed at the same time.");
Ben Lindstrom5c1fbab2001-01-03 03:51:15 +0000993 if (ip_status != HOST_NEW)
Damien Millerd925dcd2010-12-01 12:21:51 +1100994 error("Offending key for IP in %s:%lu",
995 ip_found->file, ip_found->line);
Damien Miller95def091999-11-25 00:26:21 +1100996 }
997 /* The host key has changed. */
Damien Miller5a388972003-11-17 21:10:47 +1100998 warn_changed_key(host_key);
Damien Miller95def091999-11-25 00:26:21 +1100999 error("Add correct host key in %.100s to get rid of this message.",
Damien Miller295ee632011-05-29 21:42:31 +10001000 user_hostfiles[0]);
markus@openbsd.orgbeb965b2017-05-30 14:13:40 +00001001 error("Offending %s key in %s:%lu",
1002 sshkey_type(host_found->key),
Damien Millerd925dcd2010-12-01 12:21:51 +11001003 host_found->file, host_found->line);
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001004
Damien Miller5428f641999-11-25 11:54:57 +11001005 /*
1006 * If strict host key checking is in use, the user will have
1007 * to edit the key manually and we can only abort.
1008 */
djm@openbsd.org22376d22017-09-03 23:33:13 +00001009 if (options.strict_host_key_checking !=
1010 SSH_STRICT_HOSTKEY_OFF) {
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001011 error("%s host key for %.200s has changed and you have "
1012 "requested strict checking.", type, host);
1013 goto fail;
1014 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001015
Damien Miller1aed65e2010-03-04 21:53:35 +11001016 continue_unsafe:
Damien Miller5428f641999-11-25 11:54:57 +11001017 /*
1018 * If strict host key checking has not been requested, allow
Damien Miller941ac452003-06-04 20:31:53 +10001019 * the connection but without MITM-able authentication or
Damien Miller437edb92006-08-05 09:11:13 +10001020 * forwarding.
Damien Miller5428f641999-11-25 11:54:57 +11001021 */
Damien Miller95def091999-11-25 00:26:21 +11001022 if (options.password_authentication) {
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001023 error("Password authentication is disabled to avoid "
1024 "man-in-the-middle attacks.");
Damien Miller95def091999-11-25 00:26:21 +11001025 options.password_authentication = 0;
Darren Tucker068e01f2008-07-02 22:33:55 +10001026 cancelled_forwarding = 1;
Damien Miller95def091999-11-25 00:26:21 +11001027 }
Damien Miller941ac452003-06-04 20:31:53 +10001028 if (options.kbd_interactive_authentication) {
1029 error("Keyboard-interactive authentication is disabled"
1030 " to avoid man-in-the-middle attacks.");
1031 options.kbd_interactive_authentication = 0;
1032 options.challenge_response_authentication = 0;
Darren Tucker068e01f2008-07-02 22:33:55 +10001033 cancelled_forwarding = 1;
Damien Miller941ac452003-06-04 20:31:53 +10001034 }
1035 if (options.challenge_response_authentication) {
1036 error("Challenge/response authentication is disabled"
1037 " to avoid man-in-the-middle attacks.");
1038 options.challenge_response_authentication = 0;
Darren Tucker068e01f2008-07-02 22:33:55 +10001039 cancelled_forwarding = 1;
Damien Miller941ac452003-06-04 20:31:53 +10001040 }
Damien Miller95def091999-11-25 00:26:21 +11001041 if (options.forward_agent) {
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001042 error("Agent forwarding is disabled to avoid "
1043 "man-in-the-middle attacks.");
Damien Miller95def091999-11-25 00:26:21 +11001044 options.forward_agent = 0;
Darren Tucker068e01f2008-07-02 22:33:55 +10001045 cancelled_forwarding = 1;
Damien Miller95def091999-11-25 00:26:21 +11001046 }
Ben Lindstromc72745a2000-12-02 19:03:54 +00001047 if (options.forward_x11) {
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001048 error("X11 forwarding is disabled to avoid "
1049 "man-in-the-middle attacks.");
Ben Lindstromc72745a2000-12-02 19:03:54 +00001050 options.forward_x11 = 0;
Darren Tucker068e01f2008-07-02 22:33:55 +10001051 cancelled_forwarding = 1;
Ben Lindstromc72745a2000-12-02 19:03:54 +00001052 }
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001053 if (options.num_local_forwards > 0 ||
1054 options.num_remote_forwards > 0) {
1055 error("Port forwarding is disabled to avoid "
1056 "man-in-the-middle attacks.");
1057 options.num_local_forwards =
Damien Miller9f0f5c62001-12-21 14:45:46 +11001058 options.num_remote_forwards = 0;
Darren Tucker068e01f2008-07-02 22:33:55 +10001059 cancelled_forwarding = 1;
Ben Lindstromc72745a2000-12-02 19:03:54 +00001060 }
Damien Miller437edb92006-08-05 09:11:13 +10001061 if (options.tun_open != SSH_TUNMODE_NO) {
1062 error("Tunnel forwarding is disabled to avoid "
1063 "man-in-the-middle attacks.");
1064 options.tun_open = SSH_TUNMODE_NO;
Darren Tucker068e01f2008-07-02 22:33:55 +10001065 cancelled_forwarding = 1;
Damien Miller437edb92006-08-05 09:11:13 +10001066 }
Darren Tucker068e01f2008-07-02 22:33:55 +10001067 if (options.exit_on_forward_failure && cancelled_forwarding)
1068 fatal("Error: forwarding disabled due to host key "
1069 "check failure");
1070
Damien Miller5428f641999-11-25 11:54:57 +11001071 /*
1072 * XXX Should permit the user to change to use the new id.
1073 * This could be done by converting the host key to an
1074 * identifying sentence, tell that the host identifies itself
Darren Tuckere2b36742010-01-13 22:42:34 +11001075 * by that sentence, and ask the user if he/she wishes to
Damien Miller5428f641999-11-25 11:54:57 +11001076 * accept the authentication.
1077 */
Damien Miller95def091999-11-25 00:26:21 +11001078 break;
Ben Lindstrom3ed66402002-08-01 01:21:56 +00001079 case HOST_FOUND:
1080 fatal("internal error");
1081 break;
Damien Miller95def091999-11-25 00:26:21 +11001082 }
Ben Lindstromc72745a2000-12-02 19:03:54 +00001083
Ben Lindstrom5c1fbab2001-01-03 03:51:15 +00001084 if (options.check_host_ip && host_status != HOST_CHANGED &&
1085 ip_status == HOST_CHANGED) {
Damien Miller49d795c2002-01-22 23:34:12 +11001086 snprintf(msg, sizeof(msg),
1087 "Warning: the %s host key for '%.200s' "
1088 "differs from the key for the IP address '%.128s'"
Damien Millerd925dcd2010-12-01 12:21:51 +11001089 "\nOffending key for IP in %s:%lu",
1090 type, host, ip, ip_found->file, ip_found->line);
Damien Miller49d795c2002-01-22 23:34:12 +11001091 if (host_status == HOST_OK) {
1092 len = strlen(msg);
1093 snprintf(msg + len, sizeof(msg) - len,
Damien Millerd925dcd2010-12-01 12:21:51 +11001094 "\nMatching host key in %s:%lu",
1095 host_found->file, host_found->line);
Damien Miller49d795c2002-01-22 23:34:12 +11001096 }
djm@openbsd.org22376d22017-09-03 23:33:13 +00001097 if (options.strict_host_key_checking ==
1098 SSH_STRICT_HOSTKEY_ASK) {
Damien Miller49d795c2002-01-22 23:34:12 +11001099 strlcat(msg, "\nAre you sure you want "
1100 "to continue connecting (yes/no)? ", sizeof(msg));
dtucker@openbsd.org05b9a462019-01-24 17:00:29 +00001101 if (!confirm(msg, NULL))
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001102 goto fail;
djm@openbsd.org22376d22017-09-03 23:33:13 +00001103 } else if (options.strict_host_key_checking !=
1104 SSH_STRICT_HOSTKEY_OFF) {
1105 logit("%s", msg);
1106 error("Exiting, you have requested strict checking.");
1107 goto fail;
Damien Miller49d795c2002-01-22 23:34:12 +11001108 } else {
Damien Millerab2db412003-06-02 19:09:13 +10001109 logit("%s", msg);
Ben Lindstrom5c1fbab2001-01-03 03:51:15 +00001110 }
1111 }
1112
djm@openbsd.org8d4f8722015-01-26 03:04:45 +00001113 if (!hostkey_trusted && options.update_hostkeys) {
1114 debug("%s: hostkey not known or explicitly trusted: "
1115 "disabling UpdateHostkeys", __func__);
1116 options.update_hostkeys = 0;
1117 }
1118
Darren Tuckera627d422013-06-02 07:31:17 +10001119 free(ip);
1120 free(host);
Damien Millerd925dcd2010-12-01 12:21:51 +11001121 if (host_hostkeys != NULL)
1122 free_hostkeys(host_hostkeys);
1123 if (ip_hostkeys != NULL)
1124 free_hostkeys(ip_hostkeys);
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001125 return 0;
1126
1127fail:
Damien Miller1aed65e2010-03-04 21:53:35 +11001128 if (want_cert && host_status != HOST_REVOKED) {
Damien Miller0a80ca12010-02-27 07:55:05 +11001129 /*
1130 * No matching certificate. Downgrade cert to raw key and
1131 * search normally.
1132 */
1133 debug("No matching CA found. Retry with plain key");
markus@openbsd.orgbeb965b2017-05-30 14:13:40 +00001134 if ((r = sshkey_from_private(host_key, &raw_key)) != 0)
1135 fatal("%s: sshkey_from_private: %s",
1136 __func__, ssh_err(r));
1137 if ((r = sshkey_drop_cert(raw_key)) != 0)
1138 fatal("Couldn't drop certificate: %s", ssh_err(r));
Damien Miller0a80ca12010-02-27 07:55:05 +11001139 host_key = raw_key;
1140 goto retry;
1141 }
dtucker@openbsd.orgf1f047f2018-02-07 22:52:45 +00001142 sshkey_free(raw_key);
Darren Tuckera627d422013-06-02 07:31:17 +10001143 free(ip);
1144 free(host);
Damien Millerd925dcd2010-12-01 12:21:51 +11001145 if (host_hostkeys != NULL)
1146 free_hostkeys(host_hostkeys);
1147 if (ip_hostkeys != NULL)
1148 free_hostkeys(ip_hostkeys);
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001149 return -1;
1150}
1151
Damien Miller37876e92003-05-15 10:19:46 +10001152/* returns 0 if key verifies or -1 if key does NOT verify */
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001153int
markus@openbsd.org54d90ac2017-05-30 08:52:19 +00001154verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001155{
djm@openbsd.orgf96516d2015-11-19 01:09:38 +00001156 u_int i;
Damien Miller6b37fbb2014-07-04 08:59:24 +10001157 int r = -1, flags = 0;
djm@openbsd.orgf96516d2015-11-19 01:09:38 +00001158 char valid[64], *fp = NULL, *cafp = NULL;
djm@openbsd.org5e39a492014-12-04 02:24:32 +00001159 struct sshkey *plain = NULL;
Damien Millerd925dcd2010-12-01 12:21:51 +11001160
djm@openbsd.org5e39a492014-12-04 02:24:32 +00001161 if ((fp = sshkey_fingerprint(host_key,
djm@openbsd.org56d1c832014-12-21 22:27:55 +00001162 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
djm@openbsd.org5e39a492014-12-04 02:24:32 +00001163 error("%s: fingerprint host key: %s", __func__, ssh_err(r));
1164 r = -1;
1165 goto out;
1166 }
Ben Lindstromd6481ea2001-06-25 04:37:41 +00001167
djm@openbsd.orgf96516d2015-11-19 01:09:38 +00001168 if (sshkey_is_cert(host_key)) {
1169 if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
1170 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
1171 error("%s: fingerprint CA key: %s",
1172 __func__, ssh_err(r));
1173 r = -1;
1174 goto out;
1175 }
1176 sshkey_format_cert_validity(host_key->cert,
1177 valid, sizeof(valid));
1178 debug("Server host certificate: %s %s, serial %llu "
1179 "ID \"%s\" CA %s %s valid %s",
1180 sshkey_ssh_name(host_key), fp,
djm@openbsd.org8ca915f2015-11-20 01:45:29 +00001181 (unsigned long long)host_key->cert->serial,
1182 host_key->cert->key_id,
djm@openbsd.orgf96516d2015-11-19 01:09:38 +00001183 sshkey_ssh_name(host_key->cert->signature_key), cafp,
1184 valid);
1185 for (i = 0; i < host_key->cert->nprincipals; i++) {
1186 debug2("Server host certificate hostname: %s",
1187 host_key->cert->principals[i]);
1188 }
1189 } else {
djm@openbsd.org97f4d302017-04-30 23:13:25 +00001190 debug("Server host key: %s %s", sshkey_ssh_name(host_key), fp);
djm@openbsd.orgf96516d2015-11-19 01:09:38 +00001191 }
djm@openbsd.org5e39a492014-12-04 02:24:32 +00001192
1193 if (sshkey_equal(previous_host_key, host_key)) {
1194 debug2("%s: server host key %s %s matches cached key",
1195 __func__, sshkey_type(host_key), fp);
1196 r = 0;
1197 goto out;
1198 }
1199
1200 /* Check in RevokedHostKeys file if specified */
1201 if (options.revoked_host_keys != NULL) {
1202 r = sshkey_check_revoked(host_key, options.revoked_host_keys);
1203 switch (r) {
1204 case 0:
1205 break; /* not revoked */
1206 case SSH_ERR_KEY_REVOKED:
1207 error("Host key %s %s revoked by file %s",
1208 sshkey_type(host_key), fp,
1209 options.revoked_host_keys);
1210 r = -1;
1211 goto out;
1212 default:
1213 error("Error checking host key %s %s in "
1214 "revoked keys file %s: %s", sshkey_type(host_key),
1215 fp, options.revoked_host_keys, ssh_err(r));
1216 r = -1;
1217 goto out;
1218 }
Damien Miller6b37fbb2014-07-04 08:59:24 +10001219 }
1220
Damien Miller7d6a9fb2014-04-20 13:23:43 +10001221 if (options.verify_host_key_dns) {
1222 /*
1223 * XXX certs are not yet supported for DNS, so downgrade
1224 * them and try the plain key.
1225 */
djm@openbsd.org5e39a492014-12-04 02:24:32 +00001226 if ((r = sshkey_from_private(host_key, &plain)) != 0)
1227 goto out;
1228 if (sshkey_is_cert(plain))
1229 sshkey_drop_cert(plain);
Damien Miller7d6a9fb2014-04-20 13:23:43 +10001230 if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
1231 if (flags & DNS_VERIFY_FOUND) {
1232 if (options.verify_host_key_dns == 1 &&
1233 flags & DNS_VERIFY_MATCH &&
1234 flags & DNS_VERIFY_SECURE) {
Damien Miller6b37fbb2014-07-04 08:59:24 +10001235 r = 0;
djm@openbsd.org5e39a492014-12-04 02:24:32 +00001236 goto out;
Damien Miller7d6a9fb2014-04-20 13:23:43 +10001237 }
1238 if (flags & DNS_VERIFY_MATCH) {
1239 matching_host_key_dns = 1;
1240 } else {
djm@openbsd.orgaea59a02017-09-14 04:32:21 +00001241 warn_changed_key(plain);
1242 error("Update the SSHFP RR in DNS "
1243 "with the new host key to get rid "
1244 "of this message.");
Damien Miller7d6a9fb2014-04-20 13:23:43 +10001245 }
Damien Miller150b5572003-11-17 21:19:29 +11001246 }
Damien Miller37876e92003-05-15 10:19:46 +10001247 }
1248 }
Damien Miller6b37fbb2014-07-04 08:59:24 +10001249 r = check_host_key(host, hostaddr, options.port, host_key, RDRW,
Damien Miller295ee632011-05-29 21:42:31 +10001250 options.user_hostfiles, options.num_user_hostfiles,
1251 options.system_hostfiles, options.num_system_hostfiles);
Damien Miller6b37fbb2014-07-04 08:59:24 +10001252
djm@openbsd.org5e39a492014-12-04 02:24:32 +00001253out:
1254 sshkey_free(plain);
1255 free(fp);
djm@openbsd.orgf96516d2015-11-19 01:09:38 +00001256 free(cafp);
Damien Miller6b37fbb2014-07-04 08:59:24 +10001257 if (r == 0 && host_key != NULL) {
markus@openbsd.orgbeb965b2017-05-30 14:13:40 +00001258 sshkey_free(previous_host_key);
1259 r = sshkey_from_private(host_key, &previous_host_key);
Damien Miller6b37fbb2014-07-04 08:59:24 +10001260 }
1261
1262 return r;
Damien Millera34a28b1999-12-14 10:47:15 +11001263}
Damien Miller037a0dc1999-12-07 15:38:31 +11001264
Damien Miller396691a2000-01-20 22:44:08 +11001265/*
1266 * Starts a dialog with the server, and authenticates the current user on the
1267 * server. This does not need any extra privileges. The basic connection
1268 * to the server must already have been established before this is called.
1269 * If login fails, this function prints an error and never returns.
1270 * This function does not require super-user privileges.
1271 */
1272void
djm@openbsd.org0a843d92018-12-27 03:25:24 +00001273ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
Damien Millerd925dcd2010-12-01 12:21:51 +11001274 struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms)
Damien Miller396691a2000-01-20 22:44:08 +11001275{
Damien Miller0faf7472013-10-17 11:47:23 +11001276 char *host;
Damien Millereba71ba2000-04-29 23:57:08 +10001277 char *server_user, *local_user;
1278
Damien Millereba71ba2000-04-29 23:57:08 +10001279 local_user = xstrdup(pw->pw_name);
1280 server_user = options.user ? options.user : local_user;
Damien Miller396691a2000-01-20 22:44:08 +11001281
1282 /* Convert the user-supplied hostname into all lowercase. */
1283 host = xstrdup(orighost);
Damien Miller0faf7472013-10-17 11:47:23 +11001284 lowercase(host);
Damien Miller396691a2000-01-20 22:44:08 +11001285
1286 /* Exchange protocol version identification strings with the server. */
djm@openbsd.org0a843d92018-12-27 03:25:24 +00001287 if (kex_exchange_identification(ssh, timeout_ms, NULL) != 0)
1288 cleanup_exit(255); /* error already logged */
Damien Miller396691a2000-01-20 22:44:08 +11001289
1290 /* Put the connection into non-blocking mode. */
djm@openbsd.org0a843d92018-12-27 03:25:24 +00001291 ssh_packet_set_nonblocking(ssh);
Damien Miller396691a2000-01-20 22:44:08 +11001292
Damien Miller396691a2000-01-20 22:44:08 +11001293 /* key exchange */
Damien Miller396691a2000-01-20 22:44:08 +11001294 /* authenticate user */
dtucker@openbsd.orgbb2289e2015-04-14 04:17:03 +00001295 debug("Authenticating to %s:%d as '%s'", host, port, server_user);
djm@openbsd.org0a843d92018-12-27 03:25:24 +00001296 ssh_kex2(ssh, host, hostaddr, port);
1297 ssh_userauth2(ssh, local_user, server_user, host, sensitive);
Darren Tuckera627d422013-06-02 07:31:17 +10001298 free(local_user);
dtucker@openbsd.org1c554a52019-05-03 03:27:38 +00001299 free(host);
Damien Miller396691a2000-01-20 22:44:08 +11001300}
Damien Miller79438cc2001-02-16 12:34:57 +11001301
Ben Lindstrom3ed66402002-08-01 01:21:56 +00001302/* print all known host keys for a given host, but skip keys of given type */
1303static int
markus@openbsd.org54d90ac2017-05-30 08:52:19 +00001304show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
Ben Lindstrom3ed66402002-08-01 01:21:56 +00001305{
Damien Miller106bf1c2013-12-29 17:54:03 +11001306 int type[] = {
Damien Miller106bf1c2013-12-29 17:54:03 +11001307 KEY_RSA,
1308 KEY_DSA,
1309 KEY_ECDSA,
1310 KEY_ED25519,
markus@openbsd.org1b11ea72018-02-23 15:58:37 +00001311 KEY_XMSS,
Damien Miller106bf1c2013-12-29 17:54:03 +11001312 -1
1313 };
Damien Millerd925dcd2010-12-01 12:21:51 +11001314 int i, ret = 0;
1315 char *fp, *ra;
1316 const struct hostkey_entry *found;
Ben Lindstrom3ed66402002-08-01 01:21:56 +00001317
1318 for (i = 0; type[i] != -1; i++) {
1319 if (type[i] == key->type)
1320 continue;
Damien Millerd925dcd2010-12-01 12:21:51 +11001321 if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
Ben Lindstrom3ed66402002-08-01 01:21:56 +00001322 continue;
djm@openbsd.org9ce86c92015-01-28 22:36:00 +00001323 fp = sshkey_fingerprint(found->key,
djm@openbsd.org56d1c832014-12-21 22:27:55 +00001324 options.fingerprint_hash, SSH_FP_DEFAULT);
djm@openbsd.org9ce86c92015-01-28 22:36:00 +00001325 ra = sshkey_fingerprint(found->key,
djm@openbsd.org56d1c832014-12-21 22:27:55 +00001326 options.fingerprint_hash, SSH_FP_RANDOMART);
djm@openbsd.org9ce86c92015-01-28 22:36:00 +00001327 if (fp == NULL || ra == NULL)
1328 fatal("%s: sshkey_fingerprint fail", __func__);
Damien Millerd925dcd2010-12-01 12:21:51 +11001329 logit("WARNING: %s key found for host %s\n"
1330 "in %s:%lu\n"
1331 "%s key fingerprint %s.",
markus@openbsd.org5467fbc2018-07-11 18:53:29 +00001332 sshkey_type(found->key),
Damien Millerd925dcd2010-12-01 12:21:51 +11001333 found->host, found->file, found->line,
markus@openbsd.org5467fbc2018-07-11 18:53:29 +00001334 sshkey_type(found->key), fp);
Damien Millerd925dcd2010-12-01 12:21:51 +11001335 if (options.visual_host_key)
1336 logit("%s", ra);
Darren Tuckera627d422013-06-02 07:31:17 +10001337 free(ra);
1338 free(fp);
Damien Millerd925dcd2010-12-01 12:21:51 +11001339 ret = 1;
Ben Lindstrom3ed66402002-08-01 01:21:56 +00001340 }
Damien Millerd925dcd2010-12-01 12:21:51 +11001341 return ret;
Ben Lindstrom3ed66402002-08-01 01:21:56 +00001342}
Damien Miller5a388972003-11-17 21:10:47 +11001343
1344static void
markus@openbsd.org54d90ac2017-05-30 08:52:19 +00001345warn_changed_key(struct sshkey *host_key)
Damien Miller5a388972003-11-17 21:10:47 +11001346{
1347 char *fp;
Damien Miller5a388972003-11-17 21:10:47 +11001348
djm@openbsd.org9ce86c92015-01-28 22:36:00 +00001349 fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
djm@openbsd.org56d1c832014-12-21 22:27:55 +00001350 SSH_FP_DEFAULT);
djm@openbsd.org9ce86c92015-01-28 22:36:00 +00001351 if (fp == NULL)
1352 fatal("%s: sshkey_fingerprint fail", __func__);
Damien Miller5a388972003-11-17 21:10:47 +11001353
1354 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1355 error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
1356 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1357 error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
1358 error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
Damien Miller05c89972011-01-06 22:42:04 +11001359 error("It is also possible that a host key has just been changed.");
Damien Miller5a388972003-11-17 21:10:47 +11001360 error("The fingerprint for the %s key sent by the remote host is\n%s.",
markus@openbsd.org5467fbc2018-07-11 18:53:29 +00001361 sshkey_type(host_key), fp);
Damien Miller5a388972003-11-17 21:10:47 +11001362 error("Please contact your system administrator.");
1363
Darren Tuckera627d422013-06-02 07:31:17 +10001364 free(fp);
Damien Miller5a388972003-11-17 21:10:47 +11001365}
Damien Millerd27b9472005-12-13 19:29:02 +11001366
1367/*
1368 * Execute a local command
1369 */
1370int
1371ssh_local_cmd(const char *args)
1372{
1373 char *shell;
1374 pid_t pid;
1375 int status;
Damien Millered3a8eb2011-01-07 10:02:52 +11001376 void (*osighand)(int);
Damien Millerd27b9472005-12-13 19:29:02 +11001377
1378 if (!options.permit_local_command ||
1379 args == NULL || !*args)
1380 return (1);
1381
Damien Miller38d9a962010-10-07 22:07:11 +11001382 if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
Damien Millerd27b9472005-12-13 19:29:02 +11001383 shell = _PATH_BSHELL;
1384
Damien Millered3a8eb2011-01-07 10:02:52 +11001385 osighand = signal(SIGCHLD, SIG_DFL);
Damien Millerd27b9472005-12-13 19:29:02 +11001386 pid = fork();
1387 if (pid == 0) {
Damien Miller6fb6fd52011-01-16 23:17:45 +11001388 signal(SIGPIPE, SIG_DFL);
Damien Millerd27b9472005-12-13 19:29:02 +11001389 debug3("Executing %s -c \"%s\"", shell, args);
1390 execl(shell, shell, "-c", args, (char *)NULL);
1391 error("Couldn't execute %s -c \"%s\": %s",
1392 shell, args, strerror(errno));
1393 _exit(1);
1394 } else if (pid == -1)
1395 fatal("fork failed: %.100s", strerror(errno));
1396 while (waitpid(pid, &status, 0) == -1)
1397 if (errno != EINTR)
1398 fatal("Couldn't wait for child: %s", strerror(errno));
Damien Millered3a8eb2011-01-07 10:02:52 +11001399 signal(SIGCHLD, osighand);
Damien Millerd27b9472005-12-13 19:29:02 +11001400
1401 if (!WIFEXITED(status))
1402 return (1);
1403
1404 return (WEXITSTATUS(status));
1405}
jcs@openbsd.orgf361df42015-11-15 22:26:49 +00001406
1407void
djm@openbsd.org4f7a56d2019-06-21 04:21:04 +00001408maybe_add_key_to_agent(char *authfile, struct sshkey *private,
djm@openbsd.orgd9e5cf02018-02-10 09:25:34 +00001409 char *comment, char *passphrase)
jcs@openbsd.orgf361df42015-11-15 22:26:49 +00001410{
1411 int auth_sock = -1, r;
djm@openbsd.orgeebec622019-10-31 21:20:38 +00001412 const char *skprovider = NULL;
jcs@openbsd.orgf361df42015-11-15 22:26:49 +00001413
1414 if (options.add_keys_to_agent == 0)
1415 return;
1416
1417 if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
1418 debug3("no authentication agent, not adding key");
1419 return;
1420 }
1421
1422 if (options.add_keys_to_agent == 2 &&
1423 !ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
1424 debug3("user denied adding this key");
dtucker@openbsd.org566b3a42017-03-10 03:22:40 +00001425 close(auth_sock);
jcs@openbsd.orgf361df42015-11-15 22:26:49 +00001426 return;
1427 }
markus@openbsd.org2c557442019-11-12 19:33:08 +00001428 if (sshkey_is_sk(private))
djm@openbsd.orgeebec622019-10-31 21:20:38 +00001429 skprovider = options.sk_provider;
jcs@openbsd.orgf361df42015-11-15 22:26:49 +00001430 if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,
djm@openbsd.orgeebec622019-10-31 21:20:38 +00001431 (options.add_keys_to_agent == 3), 0, skprovider)) == 0)
jcs@openbsd.orgf361df42015-11-15 22:26:49 +00001432 debug("identity added to agent: %s", authfile);
1433 else
1434 debug("could not add identity to agent: %s (%d)", authfile, r);
dtucker@openbsd.org566b3a42017-03-10 03:22:40 +00001435 close(auth_sock);
jcs@openbsd.orgf361df42015-11-15 22:26:49 +00001436}