Lines Matching +full:int +full:- +full:fwd +full:- +full:mask
92 #include "openbsd-compat/sys-queue.h"
119 #define HOSTKEY_PROOF_RSA_ALGS "rsa-sha2-512,rsa-sha2-256"
128 extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */
132 * command line, or the Hostname specified for the user-supplied name in a
156 volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */
157 static int last_was_cr; /* Last character was a newline. */
158 static int exit_status; /* Used to store the command exit status. */
159 static int connection_in; /* Connection to server (input). */
160 static int connection_out; /* Connection to server (output). */
161 static int need_rekeying; /* Set to non-zero if rekeying is requested. */
162 static int session_closed; /* In SSH2: login session closed. */
165 static int hostkeys_update_complete;
166 static int session_setup_complete;
169 int session_ident = -1;
173 int escape_pending;
174 int escape_char;
180 int id;
190 int ref_count;
222 window_change_handler(int sig) in window_change_handler()
232 signal_handler(int sig) in signal_handler()
247 if (muxserver_sock == -1 || !options.control_persist in set_control_persist_exit_time()
266 #define SSH_X11_VALID_DISPLAY_CHARS ":/.-_"
267 static int
286 #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
288 int
297 int got_data = 0, generated = 0, do_unlink = 0, r; in client_x11_get_proto()
309 return -1; in client_x11_get_proto()
311 if (xauth_path != NULL && stat(xauth_path, &st) == -1) { in client_x11_get_proto()
329 return -1; in client_x11_get_proto()
339 * avoid nasty fail-open behaviour in the X server. in client_x11_get_proto()
344 return -1; in client_x11_get_proto()
352 return -1; in client_x11_get_proto()
357 xasprintf(&cmd, "%s -f %s generate %s %s " in client_x11_get_proto()
363 if (timeout < UINT_MAX - X11_TIMEOUT_SLACK) in client_x11_get_proto()
370 xasprintf(&cmd, "%s -f %s generate %s %s " in client_x11_get_proto()
380 if (SSH_TIME_T_MAX - timeout < now) in client_x11_get_proto()
401 generated ? "-f " : "" , in client_x11_get_proto()
424 return -1; in client_x11_get_proto()
444 snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", in client_x11_get_proto()
469 static int
470 client_global_request_reply(int type, u_int32_t seq, struct ssh *ssh) in client_global_request_reply()
476 if (gc->cb != NULL) in client_global_request_reply()
477 gc->cb(ssh, type, seq, gc->ctx); in client_global_request_reply()
478 if (--gc->ref_count <= 0) { in client_global_request_reply()
497 int r; in server_alive_check()
514 static int
517 int r; in send_chaff()
519 if (ssh->kex == NULL || (ssh->kex->flags & KEX_HAS_PING) == 0) in send_chaff()
537 u_int interval_ms, int starting) in set_next_interval()
556 * interval-to-interval time unpredictable. in set_next_interval()
562 interval_ns -= fuzz_ns; in set_next_interval()
572 * Performs keystroke timing obfuscation. Returns non-zero if the
575 static int
577 int channel_did_enqueue) in obfuscate_keystroke_timing()
579 static int active; in obfuscate_keystroke_timing()
582 int just_started = 0, had_keystroke = 0; in obfuscate_keystroke_timing()
631 * fixed time intervals to hide inter-keystroke timing. in obfuscate_keystroke_timing()
667 n = (now.tv_sec - next_interval.tv_sec) * 1000LL * 1000 * 1000; in obfuscate_keystroke_timing()
668 n += now.tv_nsec - next_interval.tv_nsec; in obfuscate_keystroke_timing()
684 u_int *npfd_allocp, u_int *npfd_activep, int channel_did_enqueue, in client_wait_until_can_do_something()
685 sigset_t *sigsetp, int *conn_in_readyp, int *conn_out_readyp) in client_wait_until_can_do_something()
688 int ret, oready; in client_wait_until_can_do_something()
734 if (ret == -1) { in client_wait_until_can_do_something()
792 int r; in client_process_net_input()
814 client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx) in client_status_confirm()
818 int r, tochan; in client_status_confirm()
824 if (cr->action == CONFIRM_TTY && in client_status_confirm()
827 cr->action = CONFIRM_CLOSE; in client_status_confirm()
831 c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE; in client_status_confirm()
835 cr->request_type, c->self); in client_status_confirm()
839 "%s request failed\r\n", cr->request_type); in client_status_confirm()
843 cr->request_type, c->self); in client_status_confirm()
846 if (cr->action == CONFIRM_CLOSE && c->self == session_ident) in client_status_confirm()
853 debug3_f("channel %d: mux request: %s", c->self, in client_status_confirm()
854 cr->request_type); in client_status_confirm()
855 if ((r = sshbuf_put(c->extended, errmsg, in client_status_confirm()
860 if (cr->action == CONFIRM_TTY) { in client_status_confirm()
865 if (c->self == session_ident) in client_status_confirm()
869 } else if (cr->action == CONFIRM_CLOSE) { in client_status_confirm()
884 client_expect_confirm(struct ssh *ssh, int id, const char *request, in client_expect_confirm()
889 cr->request_type = request; in client_expect_confirm()
890 cr->action = action; in client_expect_confirm()
903 if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) { in client_register_global_confirm()
904 if (++last_gc->ref_count >= INT_MAX) in client_register_global_confirm()
905 fatal_f("last_gc->ref_count = %d", in client_register_global_confirm()
906 last_gc->ref_count); in client_register_global_confirm()
911 gc->cb = cb; in client_register_global_confirm()
912 gc->ctx = ctx; in client_register_global_confirm()
913 gc->ref_count = 1; in client_register_global_confirm()
918 * Returns non-zero if the client is able to handle a hostkeys-00@openssh.com
921 static int
943 (session_ident != -1 && !session_setup_complete)) { in client_repledge()
954 * forcing known_hosts to be read-only or via unveil(2). in client_repledge()
962 if (pledge("stdio unix inet dns proc tty", NULL) == -1) in client_repledge()
967 if (pledge("stdio unix proc tty", NULL) == -1) in client_repledge()
971 if (pledge("stdio proc tty", NULL) == -1) in client_repledge()
976 * - might be able to get rid of proc if we kill ~^Z in client_repledge()
977 * - ssh -N (no session) in client_repledge()
978 * - stdio forwarding in client_repledge()
979 * - sessions without tty in client_repledge()
986 void (*handler)(int); in process_cmdline()
988 int ok, delete = 0, local = 0, remote = 0, dynamic = 0; in process_cmdline()
989 struct Forward fwd; in process_cmdline() local
991 memset(&fwd, 0, sizeof(fwd)); in process_cmdline()
1000 if (*s == '-') in process_cmdline()
1001 s++; /* Skip cmdline '-', if any */ in process_cmdline()
1007 logit(" -L[bind_address:]port:host:hostport " in process_cmdline()
1009 logit(" -R[bind_address:]port:host:hostport " in process_cmdline()
1011 logit(" -D[bind_address:]port " in process_cmdline()
1013 logit(" -KL[bind_address:]port " in process_cmdline()
1015 logit(" -KR[bind_address:]port " in process_cmdline()
1017 logit(" -KD[bind_address:]port " in process_cmdline()
1053 if (!parse_forward(&fwd, s, 1, 0)) { in process_cmdline()
1058 ok = channel_request_rforward_cancel(ssh, &fwd) == 0; in process_cmdline()
1060 ok = channel_cancel_lport_listener(ssh, &fwd, in process_cmdline()
1063 ok = channel_cancel_lport_listener(ssh, &fwd, in process_cmdline()
1072 /* -R specs can be both dynamic or not, so check both. */ in process_cmdline()
1074 if (!parse_forward(&fwd, s, 0, remote) && in process_cmdline()
1075 !parse_forward(&fwd, s, 1, remote)) { in process_cmdline()
1079 } else if (!parse_forward(&fwd, s, dynamic, remote)) { in process_cmdline()
1084 if (!channel_setup_local_fwd_listener(ssh, &fwd, in process_cmdline()
1090 if (channel_request_remote_forwarding(ssh, &fwd) < 0) { in process_cmdline()
1102 free(fwd.listen_host); in process_cmdline()
1103 free(fwd.listen_path); in process_cmdline()
1104 free(fwd.connect_host); in process_cmdline()
1105 free(fwd.connect_path); in process_cmdline()
1117 unsigned int flags;
1135 print_escape_help(struct sshbuf *b, int escape_char, int mux_client, in print_escape_help()
1136 int using_stderr) in print_escape_help()
1138 unsigned int i, suppress_flags; in print_escape_help()
1139 int r; in print_escape_help()
1154 if ((r = sshbuf_putf(b, " %c%-3s - %s\r\n", in print_escape_help()
1160 " %c%c - send the escape character by typing it twice\r\n" in print_escape_help()
1169 static int
1172 char *buf, int len) in process_escapes()
1175 int r, bytes = 0; in process_escapes()
1181 if (c == NULL || c->filter_ctx == NULL || len <= 0) in process_escapes()
1184 efc = (struct escape_filter_ctx *)c->filter_ctx; in process_escapes()
1190 if (efc->escape_pending) { in process_escapes()
1193 efc->escape_pending = 0; in process_escapes()
1200 efc->escape_char)) != 0) in process_escapes()
1202 if (c && c->ctl_chan != -1) { in process_escapes()
1207 return -1; in process_escapes()
1209 case 'Z' - 64: in process_escapes()
1211 if (c && c->ctl_chan != -1) { in process_escapes()
1214 if (ch == 'Z' - 64) in process_escapes()
1221 efc->escape_char, b)) != 0) in process_escapes()
1228 efc->escape_char)) != 0) in process_escapes()
1239 "%cB\r\n", efc->escape_char)) != 0) in process_escapes()
1241 channel_request_start(ssh, c->self, "break", 0); in process_escapes()
1248 if (ssh->compat & SSH_BUG_NOREKEY) in process_escapes()
1250 "support re-keying"); in process_escapes()
1258 if (c && c->ctl_chan != -1) in process_escapes()
1263 efc->escape_char, ch)) != 0) in process_escapes()
1269 log_change_level(--options.log_level); in process_escapes()
1275 efc->escape_char, ch, in process_escapes()
1281 if (c->ctl_chan != -1) in process_escapes()
1296 "[backgrounded]\n", efc->escape_char)) != 0) in process_escapes()
1301 if (pid == -1) { in process_escapes()
1313 return -1; in process_escapes()
1315 print_escape_help(berr, efc->escape_char, in process_escapes()
1316 (c && c->ctl_chan != -1), in process_escapes()
1322 efc->escape_char)) != 0) in process_escapes()
1331 if (c && c->ctl_chan != -1) in process_escapes()
1343 if (ch != efc->escape_char) { in process_escapes()
1345 efc->escape_char)) != 0) in process_escapes()
1357 if (last_was_cr && ch == efc->escape_char) { in process_escapes()
1362 efc->escape_pending = 1; in process_escapes()
1401 client_new_escape_filter_ctx(int escape_char) in client_new_escape_filter_ctx()
1406 ret->escape_pending = 0; in client_new_escape_filter_ctx()
1407 ret->escape_char = escape_char; in client_new_escape_filter_ctx()
1413 client_filter_cleanup(struct ssh *ssh, int cid, void *ctx) in client_filter_cleanup()
1418 int
1419 client_simple_escape_filter(struct ssh *ssh, Channel *c, char *buf, int len) in client_simple_escape_filter()
1421 if (c->extended_usage != CHAN_EXTENDED_WRITE) in client_simple_escape_filter()
1424 return process_escapes(ssh, c, c->input, c->output, c->extended, in client_simple_escape_filter()
1429 client_channel_closed(struct ssh *ssh, int id, int force, void *arg) in client_channel_closed()
1442 int
1443 client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, in client_loop()
1444 int ssh2_chan_id) in client_loop()
1449 int channel_did_enqueue = 0, r; in client_loop()
1451 int conn_in_ready, conn_out_ready; in client_loop()
1461 NULL) == -1) in client_loop()
1467 NULL) == -1) in client_loop()
1473 NULL) == -1) in client_loop()
1479 if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) in client_loop()
1484 if (pledge("stdio unix inet dns proc tty", NULL) == -1) in client_loop()
1495 exit_status = -1; in client_loop()
1504 * Set signal handlers, (e.g. to restore non-blocking mode) in client_loop()
1520 if (session_ident != -1) { in client_loop()
1534 if (sigemptyset(&bsigset) == -1 || in client_loop()
1535 sigaddset(&bsigset, SIGHUP) == -1 || in client_loop()
1536 sigaddset(&bsigset, SIGINT) == -1 || in client_loop()
1537 sigaddset(&bsigset, SIGQUIT) == -1 || in client_loop()
1538 sigaddset(&bsigset, SIGTERM) == -1) in client_loop()
1577 if (sigprocmask(SIG_BLOCK, &bsigset, &osigset) == -1) in client_loop()
1584 if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1) in client_loop()
1667 verbose("Killed by signal %d.", (int) received_signal); in client_loop()
1672 total_time = monotime_double() - start_time; in client_loop()
1688 int rchan, u_int rwindow, u_int rmaxpack) in client_request_forwarded_tcpip()
1694 int r; in client_request_forwarded_tcpip()
1713 listen_address, listen_port, "forwarded-tcpip", in client_request_forwarded_tcpip()
1717 if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { in client_request_forwarded_tcpip()
1733 (r = sshbuf_put_stringb(c->output, b)) != 0) { in client_request_forwarded_tcpip()
1748 const char *request_type, int rchan) in client_request_forwarded_streamlocal()
1752 int r; in client_request_forwarded_streamlocal()
1763 "forwarded-streamlocal@openssh.com", "forwarded-streamlocal"); in client_request_forwarded_streamlocal()
1769 client_request_x11(struct ssh *ssh, const char *request_type, int rchan) in client_request_x11()
1774 int r, sock; in client_request_x11()
1778 error("Warning: this is probably a break-in attempt by a " in client_request_x11()
1799 c = channel_new(ssh, "x11-connection", in client_request_x11()
1800 SSH_CHANNEL_X11_OPEN, sock, sock, -1, in client_request_x11()
1802 c->force_drain = 1; in client_request_x11()
1807 client_request_agent(struct ssh *ssh, const char *request_type, int rchan) in client_request_agent()
1810 int r, sock; in client_request_agent()
1814 error("Warning: this is probably a break-in attempt by a " in client_request_agent()
1828 if ((r = ssh_agent_bind_hostkey(sock, ssh->kex->initial_hostkey, in client_request_agent()
1829 ssh->kex->session_id, ssh->kex->initial_sig, 1)) == 0) in client_request_agent()
1834 c = channel_new(ssh, "agent-connection", in client_request_agent()
1835 SSH_CHANNEL_OPEN, sock, sock, -1, in client_request_agent()
1838 c->force_drain = 1; in client_request_agent()
1843 client_request_tun_fwd(struct ssh *ssh, int tun_mode, in client_request_tun_fwd()
1844 int local_tun, int remote_tun, channel_open_fn *cb, void *cbctx) in client_request_tun_fwd()
1847 int r, fd; in client_request_tun_fwd()
1856 if ((fd = tun_open(local_tun, tun_mode, &ifname)) == -1) { in client_request_tun_fwd()
1862 c = channel_new(ssh, "tun-connection", SSH_CHANNEL_OPENING, fd, fd, -1, in client_request_tun_fwd()
1864 c->datagram = 1; in client_request_tun_fwd()
1868 channel_register_filter(ssh, c->self, sys_tun_infilter, in client_request_tun_fwd()
1873 channel_register_open_confirm(ssh, c->self, cb, cbctx); in client_request_tun_fwd()
1877 (r = sshpkt_put_u32(ssh, c->self)) != 0 || in client_request_tun_fwd()
1878 (r = sshpkt_put_u32(ssh, c->local_window_max)) != 0 || in client_request_tun_fwd()
1879 (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || in client_request_tun_fwd()
1889 static int
1890 client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) in client_input_channel_open()
1894 int r; in client_input_channel_open()
1908 if (strcmp(ctype, "forwarded-tcpip") == 0) { in client_input_channel_open()
1911 } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { in client_input_channel_open()
1915 } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { in client_input_channel_open()
1918 if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { in client_input_channel_open()
1922 c->remote_id = rchan; in client_input_channel_open()
1923 c->have_remote_id = 1; in client_input_channel_open()
1924 c->remote_window = rwindow; in client_input_channel_open()
1925 c->remote_maxpacket = rmaxpack; in client_input_channel_open()
1926 if (c->type != SSH_CHANNEL_CONNECTING) { in client_input_channel_open()
1928 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || in client_input_channel_open()
1929 (r = sshpkt_put_u32(ssh, c->self)) != 0 || in client_input_channel_open()
1930 (r = sshpkt_put_u32(ssh, c->local_window)) != 0 || in client_input_channel_open()
1931 (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || in client_input_channel_open()
1951 static int
1952 client_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) in client_input_channel_req()
1958 int r, success = 0; in client_input_channel_req()
1980 } else if (strcmp(rtype, "exit-status") == 0) { in client_input_channel_req()
1983 if (c->ctl_chan != -1) { in client_input_channel_req()
1986 } else if ((int)id == session_ident) { in client_input_channel_req()
1992 debug_f("no sink for exit-status on channel %d", in client_input_channel_req()
1998 if (reply && c != NULL && !(c->flags & CHAN_CLOSE_SENT)) { in client_input_channel_req()
1999 if (!c->have_remote_id) in client_input_channel_req()
2000 fatal_f("channel %d: no remote_id", c->self); in client_input_channel_req()
2003 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || in client_input_channel_req()
2024 u_int *keys_match; /* mask of HKF_MATCH_* from hostfile.h */
2025 int *keys_verified; /* flag for new keys verified by server */
2037 int complex_hostspec; /* wildcard or manual pattern-list host name */
2038 int ca_available; /* saw CA key for this host */
2039 int old_key_seen; /* saw old key with other name/addr */
2040 int other_name_seen; /* saw key with other name/addr */
2050 for (i = 0; i < ctx->nkeys; i++) in hostkeys_update_ctx_free()
2051 sshkey_free(ctx->keys[i]); in hostkeys_update_ctx_free()
2052 free(ctx->keys); in hostkeys_update_ctx_free()
2053 free(ctx->keys_match); in hostkeys_update_ctx_free()
2054 free(ctx->keys_verified); in hostkeys_update_ctx_free()
2055 for (i = 0; i < ctx->nold; i++) in hostkeys_update_ctx_free()
2056 sshkey_free(ctx->old_keys[i]); in hostkeys_update_ctx_free()
2057 free(ctx->old_keys); in hostkeys_update_ctx_free()
2058 free(ctx->host_str); in hostkeys_update_ctx_free()
2059 free(ctx->ip_str); in hostkeys_update_ctx_free()
2064 * Returns non-zero if a known_hosts hostname list is not of a form that
2068 static int
2086 /* callback to search for ctx->keys in known_hosts */
2087 static int
2094 if (l->key == NULL) in hostkeys_find()
2096 if (l->status != HKF_STATUS_MATCHED) { in hostkeys_find()
2097 /* Record if one of the keys appears on a non-matching line */ in hostkeys_find()
2098 for (i = 0; i < ctx->nkeys; i++) { in hostkeys_find()
2099 if (sshkey_equal(l->key, ctx->keys[i])) { in hostkeys_find()
2100 ctx->other_name_seen = 1; in hostkeys_find()
2103 sshkey_ssh_name(ctx->keys[i]), in hostkeys_find()
2104 l->path, l->linenum); in hostkeys_find()
2112 if (l->marker != MRK_NONE) { in hostkeys_find()
2114 l->path, l->linenum); in hostkeys_find()
2115 ctx->complex_hostspec = 1; in hostkeys_find()
2120 if (ctx->ip_str != NULL && strchr(l->hosts, ',') != NULL) { in hostkeys_find()
2121 if ((l->match & HKF_MATCH_HOST) == 0) { in hostkeys_find()
2123 ctx->other_name_seen = 1; in hostkeys_find()
2125 "at %s:%ld", ctx->ip_str, l->path, l->linenum); in hostkeys_find()
2127 } else if ((l->match & HKF_MATCH_IP) == 0) { in hostkeys_find()
2129 ctx->other_name_seen = 1; in hostkeys_find()
2131 "at %s:%ld", ctx->host_str, l->path, l->linenum); in hostkeys_find()
2139 if (hostspec_is_complex(l->hosts)) { in hostkeys_find()
2141 l->path, l->linenum); in hostkeys_find()
2142 ctx->complex_hostspec = 1; in hostkeys_find()
2147 for (i = 0; i < ctx->nkeys; i++) { in hostkeys_find()
2148 if (!sshkey_equal(l->key, ctx->keys[i])) in hostkeys_find()
2151 sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum); in hostkeys_find()
2152 ctx->keys_match[i] |= l->match; in hostkeys_find()
2156 debug3_f("deprecated %s key at %s:%ld", sshkey_ssh_name(l->key), in hostkeys_find()
2157 l->path, l->linenum); in hostkeys_find()
2158 if ((tmp = recallocarray(ctx->old_keys, ctx->nold, ctx->nold + 1, in hostkeys_find()
2159 sizeof(*ctx->old_keys))) == NULL) in hostkeys_find()
2160 fatal_f("recallocarray failed nold = %zu", ctx->nold); in hostkeys_find()
2161 ctx->old_keys = tmp; in hostkeys_find()
2162 ctx->old_keys[ctx->nold++] = l->key; in hostkeys_find()
2163 l->key = NULL; in hostkeys_find()
2168 /* callback to search for ctx->old_keys in known_hosts under other names */
2169 static int
2174 int hashed; in hostkeys_check_old()
2177 if (l->status == HKF_STATUS_MATCHED || l->key == NULL) in hostkeys_check_old()
2180 hashed = l->match & (HKF_MATCH_HOST_HASHED|HKF_MATCH_IP_HASHED); in hostkeys_check_old()
2181 for (i = 0; i < ctx->nold; i++) { in hostkeys_check_old()
2182 if (!sshkey_equal(l->key, ctx->old_keys[i])) in hostkeys_check_old()
2185 sshkey_ssh_name(ctx->old_keys[i]), l->path, l->linenum, in hostkeys_check_old()
2186 hashed ? "[HASHED]" : l->hosts); in hostkeys_check_old()
2187 ctx->old_key_seen = 1; in hostkeys_check_old()
2195 * on success or -1 on failure. Updates ctx->old_key_seen if deprecated keys
2198 static int
2202 int r; in check_old_keys_othernames()
2204 debug2_f("checking for %zu deprecated keys", ctx->nold); in check_old_keys_othernames()
2207 options.user_hostfiles[i], ctx->host_str, in check_old_keys_othernames()
2208 ctx->ip_str ? ctx->ip_str : "(none)"); in check_old_keys_othernames()
2210 hostkeys_check_old, ctx, ctx->host_str, ctx->ip_str, in check_old_keys_othernames()
2219 return -1; in check_old_keys_othernames()
2236 int r, was_raw = 0, first = 1; in update_known_hosts()
2237 int asking = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK; in update_known_hosts()
2243 for (i = 0; i < ctx->nkeys; i++) { in update_known_hosts()
2244 if (!ctx->keys_verified[i]) in update_known_hosts()
2246 if ((fp = sshkey_fingerprint(ctx->keys[i], in update_known_hosts()
2252 sshkey_type(ctx->keys[i]), fp); in update_known_hosts()
2256 for (i = 0; i < ctx->nold; i++) { in update_known_hosts()
2257 if ((fp = sshkey_fingerprint(ctx->old_keys[i], in update_known_hosts()
2263 sshkey_type(ctx->old_keys[i]), fp); in update_known_hosts()
2318 ctx->host_str, ctx->ip_str, in update_known_hosts()
2319 i == 0 ? ctx->keys : NULL, i == 0 ? ctx->nkeys : 0, in update_known_hosts()
2329 client_global_hostkeys_prove_confirm(struct ssh *ssh, int type, in client_global_hostkeys_prove_confirm()
2335 int r, plaintype; in client_global_hostkeys_prove_confirm()
2341 if (ctx->nnew == 0) in client_global_hostkeys_prove_confirm()
2342 fatal_f("ctx->nnew == 0"); /* sanity */ in client_global_hostkeys_prove_confirm()
2350 ssh->kex->hostkey_alg)) == KEY_RSA) in client_global_hostkeys_prove_confirm()
2351 rsa_kexalg = ssh->kex->hostkey_alg; in client_global_hostkeys_prove_confirm()
2355 * Expect a signature for each of the ctx->nnew private keys we in client_global_hostkeys_prove_confirm()
2357 * ctx->keys where the corresponding ctx->keys_match[i] == 0. in client_global_hostkeys_prove_confirm()
2359 for (ndone = i = 0; i < ctx->nkeys; i++) { in client_global_hostkeys_prove_confirm()
2360 if (ctx->keys_match[i]) in client_global_hostkeys_prove_confirm()
2362 plaintype = sshkey_type_plain(ctx->keys[i]->type); in client_global_hostkeys_prove_confirm()
2366 "hostkeys-prove-00@openssh.com")) != 0 || in client_global_hostkeys_prove_confirm()
2368 ssh->kex->session_id)) != 0 || in client_global_hostkeys_prove_confirm()
2369 (r = sshkey_puts(ctx->keys[i], signdata)) != 0) in client_global_hostkeys_prove_confirm()
2378 "for %s key %zu", sshkey_type(ctx->keys[i]), i); in client_global_hostkeys_prove_confirm()
2384 * proofs. Otherwise, accept only RSA-SHA256/512 signatures. in client_global_hostkeys_prove_confirm()
2392 sshkey_free(ctx->keys[i]); in client_global_hostkeys_prove_confirm()
2393 ctx->keys[i] = NULL; in client_global_hostkeys_prove_confirm()
2398 sshkey_type(ctx->keys[i]), i, alg); in client_global_hostkeys_prove_confirm()
2400 if ((r = sshkey_verify(ctx->keys[i], sig, siglen, in client_global_hostkeys_prove_confirm()
2404 sshkey_type(ctx->keys[i]), i); in client_global_hostkeys_prove_confirm()
2408 ctx->keys_verified[i] = 1; in client_global_hostkeys_prove_confirm()
2412 if (ndone != ctx->nnew) in client_global_hostkeys_prove_confirm()
2413 fatal_f("ndone != ctx->nnew (%zu / %zu)", ndone, ctx->nnew); in client_global_hostkeys_prove_confirm()
2428 * Handle hostkeys-00@openssh.com global request to inform the client of all
2432 static int
2439 int r, prove_sent = 0; in client_input_hostkeys()
2441 static int hostkeys_seen = 0; /* XXX use struct ssh */ in client_input_hostkeys()
2483 for (i = 0; i < ctx->nkeys; i++) { in client_input_hostkeys()
2484 if (sshkey_equal(key, ctx->keys[i])) { in client_input_hostkeys()
2491 if ((tmp = recallocarray(ctx->keys, ctx->nkeys, ctx->nkeys + 1, in client_input_hostkeys()
2492 sizeof(*ctx->keys))) == NULL) in client_input_hostkeys()
2494 ctx->nkeys); in client_input_hostkeys()
2495 ctx->keys = tmp; in client_input_hostkeys()
2496 ctx->keys[ctx->nkeys++] = key; in client_input_hostkeys()
2500 if (ctx->nkeys == 0) { in client_input_hostkeys()
2505 if ((ctx->keys_match = calloc(ctx->nkeys, in client_input_hostkeys()
2506 sizeof(*ctx->keys_match))) == NULL || in client_input_hostkeys()
2507 (ctx->keys_verified = calloc(ctx->nkeys, in client_input_hostkeys()
2508 sizeof(*ctx->keys_verified))) == NULL) in client_input_hostkeys()
2513 options.port, &ctx->host_str, in client_input_hostkeys()
2514 options.check_host_ip ? &ctx->ip_str : NULL); in client_input_hostkeys()
2519 options.user_hostfiles[i], ctx->host_str, in client_input_hostkeys()
2520 ctx->ip_str ? ctx->ip_str : "(none)"); in client_input_hostkeys()
2522 hostkeys_find, ctx, ctx->host_str, ctx->ip_str, in client_input_hostkeys()
2536 ctx->nnew = ctx->nincomplete = 0; in client_input_hostkeys()
2538 for (i = 0; i < ctx->nkeys; i++) { in client_input_hostkeys()
2539 if (ctx->keys_match[i] == 0) in client_input_hostkeys()
2540 ctx->nnew++; in client_input_hostkeys()
2541 if ((ctx->keys_match[i] & want) != want) in client_input_hostkeys()
2542 ctx->nincomplete++; in client_input_hostkeys()
2546 "%zu incomplete match. %zu to remove", ctx->nkeys, ctx->nnew, in client_input_hostkeys()
2547 ctx->nkeys - ctx->nnew - ctx->nincomplete, in client_input_hostkeys()
2548 ctx->nincomplete, ctx->nold); in client_input_hostkeys()
2550 if (ctx->nnew == 0 && ctx->nold == 0) { in client_input_hostkeys()
2556 if (ctx->complex_hostspec) { in client_input_hostkeys()
2561 if (ctx->other_name_seen) { in client_input_hostkeys()
2573 if (ctx->nold != 0) { in client_input_hostkeys()
2576 if (ctx->old_key_seen) { in client_input_hostkeys()
2579 ctx->host_str, ctx->ip_str == NULL ? "" : ",", in client_input_hostkeys()
2580 ctx->ip_str == NULL ? "" : ctx->ip_str); in client_input_hostkeys()
2585 if (ctx->nnew == 0) { in client_input_hostkeys()
2595 * We have received previously-unseen keys from the server. in client_input_hostkeys()
2598 debug3_f("asking server to prove ownership for %zu keys", ctx->nnew); in client_input_hostkeys()
2601 "hostkeys-prove-00@openssh.com")) != 0 || in client_input_hostkeys()
2603 fatal_fr(r, "prepare hostkeys-prove"); in client_input_hostkeys()
2606 for (i = 0; i < ctx->nkeys; i++) { in client_input_hostkeys()
2607 if (ctx->keys_match[i]) in client_input_hostkeys()
2610 if ((r = sshkey_putb(ctx->keys[i], buf)) != 0 || in client_input_hostkeys()
2612 fatal_fr(r, "assemble hostkeys-prove"); in client_input_hostkeys()
2615 fatal_fr(r, "send hostkeys-prove"); in client_input_hostkeys()
2638 static int
2639 client_input_global_request(int type, u_int32_t seq, struct ssh *ssh) in client_input_global_request()
2643 int r, success = 0; in client_input_global_request()
2650 if (strcmp(rtype, "hostkeys-00@openssh.com") == 0) in client_input_global_request()
2666 client_send_env(struct ssh *ssh, int id, const char *name, const char *val) in client_send_env()
2668 int r; in client_send_env()
2679 client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, in client_session2_setup()
2680 const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd, in client_session2_setup()
2684 int matched, r; in client_session2_setup()
2700 if (ioctl(in_fd, TIOCGWINSZ, &ws) == -1) in client_session2_setup()
2703 channel_request_start(ssh, id, "pty-req", 1); in client_session2_setup()
2711 fatal_fr(r, "build pty-req"); in client_session2_setup()
2714 ssh_tty_make_modes(ssh, -1, tiop); in client_session2_setup()
2716 fatal_fr(r, "send pty-req"); in client_session2_setup()
2718 c->client_tty = 1; in client_session2_setup()
2767 (int)len, (const u_char*)sshbuf_ptr(cmd)); in client_session2_setup()
2773 (int)len, (const u_char*)sshbuf_ptr(cmd)); in client_session2_setup()
2820 if (options.control_path != NULL && muxserver_sock != -1) in client_stop_mux()
2834 cleanup_exit(int i) in cleanup_exit()
2837 if (options.control_path != NULL && muxserver_sock != -1) in cleanup_exit()