diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 1999-10-03 21:50:05 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 1999-10-03 21:50:05 +0000 |
| commit | dce30fe4c3eed210d1830b1bb7d5434ad4f15607 (patch) | |
| tree | 2d57dbe7a3d712ad0e757a1b39965798ed6c67ba /usr.bin/ssh/ssh.h | |
| parent | 99b7880be93ded91810507804eb4226b2ee29edd (diff) | |
add code to detect DNS spoofing:
the main idea is to not only store the host key for the hostname but
also for the according IP address. When we check the host key in the
known_hosts file, we also check the key against the according IP address.
When the server key changes, host_status = HOST_CHANGED. If
check_host_in_hostfile() returns differing status for the IP address
that means that either DNS was spoofed or that the IP address
for the host and the host key changed at the same time.
Diffstat (limited to 'usr.bin/ssh/ssh.h')
| -rw-r--r-- | usr.bin/ssh/ssh.h | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index 05812fc2761..10b04bfb213 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -13,7 +13,7 @@ Generic header file for ssh. */ -/* RCSID("$Id: ssh.h,v 1.5 1999/10/01 02:38:10 provos Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.6 1999/10/03 21:50:04 provos Exp $"); */ #ifndef SSH_H #define SSH_H @@ -244,7 +244,8 @@ void record_logout(int pid, const char *ttyname); second. This returns true on success, and zero on failure. If the connection is successful, this calls packet_set_connection for the connection. */ -int ssh_connect(const char *host, int port, int connection_attempts, +int ssh_connect(const char *host, struct sockaddr_in *hostaddr, + int port, int connection_attempts, int anonymous, uid_t original_real_uid, const char *proxy_command); @@ -254,8 +255,9 @@ int ssh_connect(const char *host, int port, int connection_attempts, If login fails, this function prints an error and never returns. This initializes the random state, and leaves it initialized (it will also have references from the packet module). */ -void ssh_login(int host_key_valid, RSA *host_key, - const char *host, Options *options, uid_t original_real_uid); +void ssh_login(int host_key_valid, RSA *host_key, const char *host, + struct sockaddr_in *hostaddr, Options *options, + uid_t original_real_uid); /*------------ Definitions for various authentication methods. -------*/ @@ -315,10 +317,11 @@ int match_hostname(const char *host, const char *pattern, unsigned int len); Returns HOST_OK if the host is known and has the specified key, HOST_NEW if the host is not known, and HOST_CHANGED if the host is known but used to have a different host key. The host must be in all lowercase. */ -typedef enum { HOST_OK, HOST_NEW, HOST_CHANGED } HostStatus; +typedef enum { HOST_OK, HOST_NEW, HOST_CHANGED, HOST_DIFFER } HostStatus; HostStatus check_host_in_hostfile(const char *filename, const char *host, unsigned int bits, - BIGNUM *e, BIGNUM *n); + BIGNUM *e, BIGNUM *n, + BIGNUM *ke, BIGNUM *kn); /* Appends an entry to the host file. Returns false if the entry could not be appended. */ |