Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/trunk/ttssh2/ttxssh/dns.c

Contents of /trunk/ttssh2/ttxssh/dns.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 9125 - (show annotations) (download) (as text)
Sat Jan 16 05:20:14 2021 UTC (3 years, 2 months ago) by zmatsuo
File MIME type: text/x-csrc
File size: 5279 byte(s) 
dnsapi.dll の DnsQuery_A(), DnsFree() を遅延ロード指定なしで使えるようにした

- compat_win に追加
1 /*
2 * (C) 2011- TeraTerm Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #include <memory.h>
30
31 #include "ttxssh.h"
32 #include "ssh.h"
33 #include "key.h"
34 #include "dns.h"
35 #include "compat_windns.h" //#include <windns.h>
36
37 int is_numeric_hostname(const char *hostname)
38 {
39 struct addrinfo hints, *res;
40
41 if (!hostname) {
42 return -1;
43 }
44
45 memset(&hints, 0, sizeof(hints));
46 hints.ai_family = PF_UNSPEC;
47 hints.ai_flags = AI_NUMERICHOST;
48
49 if (getaddrinfo(hostname, NULL, &hints, &res) == 0) {
50 freeaddrinfo(res);
51 return 1;
52 }
53
54 return 0;
55 }
56
57 int verify_hostkey_dns(PTInstVar pvar, char *hostname, Key *key)
58 {
59 DNS_STATUS status;
60 PDNS_RECORD rec, p;
61 PDNS_SSHFP_DATA t;
62 int hostkey_alg, hostkey_dtype, hostkey_dlen;
63 digest_algorithm dgst_alg;
64 BYTE *hostkey_digest = NULL;
65 int found = DNS_VERIFY_NOTFOUND;
66
67 if (pDnsQuery_A == NULL) {
68 // DnsQuery �� Windows 2000 ������������������������
69 return DNS_VERIFY_NONE;
70 }
71
72 switch (key->type) {
73 case KEY_RSA:
74 hostkey_alg = SSHFP_KEY_RSA;
75 break;
76 case KEY_DSA:
77 hostkey_alg = SSHFP_KEY_DSA;
78 break;
79 case KEY_ECDSA256:
80 case KEY_ECDSA384:
81 case KEY_ECDSA521:
82 hostkey_alg = SSHFP_KEY_ECDSA;
83 break;
84 case KEY_ED25519:
85 hostkey_alg = SSHFP_KEY_ED25519;
86 break;
87 default: // Un-supported algorithm
88 hostkey_alg = SSHFP_KEY_RESERVED;
89 }
90 logprintf(LOG_LEVEL_VERBOSE, "verify_hostkey_dns: key type = %d, SSHFP type = %d", key->type, hostkey_alg);
91
92 status = pDnsQuery_A(hostname, DNS_TYPE_SSHFP, DNS_QUERY_STANDARD, NULL, &rec, NULL);
93
94 if (status == 0) {
95 for (p=rec; p!=NULL; p=p->pNext) {
96 if (p->wType == DNS_TYPE_SSHFP) {
97 t = (PDNS_SSHFP_DATA)&(p->Data.Null);
98 logprintf(LOG_LEVEL_VERBOSE,
99 "verify_hostkey_dns: SSHFP RR: Algorithm = %d, Digest type = %d",
100 t->Algorithm, t->DigestType);
101 if (t->Algorithm == SSHFP_KEY_RESERVED) {
102 logputs(LOG_LEVEL_WARNING,
103 "verify_hostkey_dns: Invalid key algorithm (SSHFP_KEY_RESERVED)");
104 continue; // skip invalid record
105 }
106 if (t->Algorithm == hostkey_alg) {
107 if (hostkey_digest == NULL || t->DigestType != hostkey_dtype) {
108 switch (t->DigestType) {
109 case SSHFP_HASH_SHA1:
110 if (hostkey_alg != SSHFP_KEY_RSA && hostkey_alg != SSHFP_KEY_DSA) {
111 // SHA1 does not allowed to use with ECDSA and ED25519 key
112 logprintf(LOG_LEVEL_VERBOSE,
113 "verify_hostkey_dns: not allowed digest type. "
114 "Algorithm = %d, Digest type = %d",
115 t->Algorithm, t->DigestType);
116 dgst_alg = -1;
117 }
118 else {
119 dgst_alg = SSH_DIGEST_SHA1;
120 }
121 break;
122 case SSHFP_HASH_SHA256:
123 dgst_alg = SSH_DIGEST_SHA256;
124 break;
125 default:
126 dgst_alg = -1;
127 }
128
129 if (dgst_alg == -1)
130 continue; // skip invalid/un-supported hash type.
131
132 hostkey_dtype = t->DigestType;
133 free(hostkey_digest);
134 hostkey_digest = key_fingerprint_raw(key, dgst_alg, &hostkey_dlen);
135 if (!hostkey_digest)
136 continue;
137 }
138 if (hostkey_dlen == p->wDataLength-2 && memcmp(hostkey_digest, t->Digest, hostkey_dlen) == 0) {
139 found = DNS_VERIFY_MATCH;
140 logputs(LOG_LEVEL_INFO, "verify_hostkey_dns: key matched");
141 }
142 else {
143 logputs(LOG_LEVEL_WARNING, "verify_hostkey_dns: key mismatched");
144 found = DNS_VERIFY_MISMATCH;
145 break;
146 }
147 }
148 else {
149 if (found == DNS_VERIFY_NOTFOUND)
150 found = DNS_VERIFY_DIFFERENTTYPE;
151 }
152 }
153 else {
154 logprintf(LOG_LEVEL_VERBOSE, "verify_hostkey_dns: not SSHFP RR (%d)", p->wType);
155 }
156 }
157 pDnsFree(rec, DnsFreeRecordList);
158 }
159 else {
160 logputs(LOG_LEVEL_VERBOSE, "verify_hostkey_dns: DnsQuery failed.");
161 }
162
163 free(hostkey_digest);
164 return found;
165 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help