diff options
-rw-r--r-- | examples/knownhosts.c | 143 |
1 files changed, 73 insertions, 70 deletions
diff --git a/examples/knownhosts.c b/examples/knownhosts.c index 2c538dac..b7833d35 100644 --- a/examples/knownhosts.c +++ b/examples/knownhosts.c @@ -32,82 +32,85 @@ clients must be made or how a client should react. #define strncasecmp _strnicmp #endif -int verify_knownhost(ssh_session session){ - enum ssh_known_hosts_e state; - char buf[10]; - unsigned char *hash = NULL; - size_t hlen; - ssh_key srv_pubkey; - int rc; - - rc = ssh_get_server_publickey(session, &srv_pubkey); - if (rc < 0) { - return -1; - } - - rc = ssh_get_publickey_hash(srv_pubkey, - SSH_PUBLICKEY_HASH_SHA256, - &hash, - &hlen); - ssh_key_free(srv_pubkey); - if (rc < 0) { - return -1; - } - - state = ssh_session_is_known_server(session); - - switch(state){ - case SSH_KNOWN_HOSTS_OK: - break; /* ok */ +int verify_knownhost(ssh_session session) +{ + enum ssh_known_hosts_e state; + char buf[10]; + unsigned char *hash = NULL; + size_t hlen; + ssh_key srv_pubkey; + int rc; + + rc = ssh_get_server_publickey(session, &srv_pubkey); + if (rc < 0) { + return -1; + } + + rc = ssh_get_publickey_hash(srv_pubkey, + SSH_PUBLICKEY_HASH_SHA256, + &hash, + &hlen); + ssh_key_free(srv_pubkey); + if (rc < 0) { + return -1; + } + + state = ssh_session_is_known_server(session); + + switch(state) { case SSH_KNOWN_HOSTS_CHANGED: - fprintf(stderr,"Host key for server changed : server's one is now :\n"); - ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen); - ssh_clean_pubkey_hash(&hash); - fprintf(stderr,"For security reason, connection will be stopped\n"); - return -1; + fprintf(stderr,"Host key for server changed : server's one is now :\n"); + ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen); + ssh_clean_pubkey_hash(&hash); + fprintf(stderr,"For security reason, connection will be stopped\n"); + return -1; case SSH_KNOWN_HOSTS_OTHER: - fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n"); - fprintf(stderr,"An attacker might change the default server key to confuse your client" - "into thinking the key does not exist\n" - "We advise you to rerun the client with -d or -r for more safety.\n"); - return -1; + fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n"); + fprintf(stderr,"An attacker might change the default server key to confuse your client" + "into thinking the key does not exist\n" + "We advise you to rerun the client with -d or -r for more safety.\n"); + return -1; case SSH_KNOWN_HOSTS_NOT_FOUND: - fprintf(stderr,"Could not find known host file. If you accept the host key here,\n"); - fprintf(stderr,"the file will be automatically created.\n"); - /* fallback to SSH_SERVER_NOT_KNOWN behavior */ - FALL_THROUGH; + fprintf(stderr,"Could not find known host file. If you accept the host key here,\n"); + fprintf(stderr,"the file will be automatically created.\n"); + /* fallback to SSH_SERVER_NOT_KNOWN behavior */ + FALL_THROUGH; case SSH_SERVER_NOT_KNOWN: - fprintf(stderr, - "The server is unknown. Do you trust the host key (yes/no)?\n"); - ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen); + fprintf(stderr, + "The server is unknown. Do you trust the host key (yes/no)?\n"); + ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen); - if (fgets(buf, sizeof(buf), stdin) == NULL) { - ssh_clean_pubkey_hash(&hash); - return -1; - } - if(strncasecmp(buf,"yes",3)!=0){ - ssh_clean_pubkey_hash(&hash); - return -1; - } - fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n"); - if (fgets(buf, sizeof(buf), stdin) == NULL) { - ssh_clean_pubkey_hash(&hash); - return -1; - } - if(strncasecmp(buf,"yes",3)==0){ - if (ssh_write_knownhost(session) < 0) { - ssh_clean_pubkey_hash(&hash); - fprintf(stderr, "error %s\n", strerror(errno)); - return -1; + if (fgets(buf, sizeof(buf), stdin) == NULL) { + ssh_clean_pubkey_hash(&hash); + return -1; + } + if(strncasecmp(buf,"yes",3)!=0){ + ssh_clean_pubkey_hash(&hash); + return -1; + } + fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n"); + if (fgets(buf, sizeof(buf), stdin) == NULL) { + ssh_clean_pubkey_hash(&hash); + return -1; + } + if(strncasecmp(buf,"yes",3)==0){ + if (ssh_write_knownhost(session) < 0) { + ssh_clean_pubkey_hash(&hash); + fprintf(stderr, "error %s\n", strerror(errno)); + return -1; + } } - } - break; + break; case SSH_KNOWN_HOSTS_ERROR: - ssh_clean_pubkey_hash(&hash); - fprintf(stderr,"%s",ssh_get_error(session)); - return -1; - } - ssh_clean_pubkey_hash(&hash); - return 0; + ssh_clean_pubkey_hash(&hash); + fprintf(stderr,"%s",ssh_get_error(session)); + return -1; + case SSH_KNOWN_HOSTS_OK: + break; /* ok */ + } + + ssh_clean_pubkey_hash(&hash); + + return 0; } |