| 38 |
#include "ssh.h" |
#include "ssh.h" |
| 39 |
#include "key.h" |
#include "key.h" |
| 40 |
#include "hosts.h" |
#include "hosts.h" |
| 41 |
|
#include "dns.h" |
| 42 |
|
|
| 43 |
#include <openssl/bn.h> |
#include <openssl/bn.h> |
| 44 |
#include <openssl/evp.h> |
#include <openssl/evp.h> |
| 52 |
#include <direct.h> |
#include <direct.h> |
| 53 |
#include <memory.h> |
#include <memory.h> |
| 54 |
|
|
|
#include <windns.h> |
|
|
|
|
|
#define DNS_TYPE_SSHFP 44 |
|
|
typedef struct { |
|
|
BYTE Algorithm; |
|
|
BYTE DigestType; |
|
|
BYTE Digest[1]; |
|
|
} DNS_SSHFP_DATA, *PDNS_SSHFP_DATA; |
|
|
enum verifydns_result { |
|
|
DNS_VERIFY_NONE, |
|
|
DNS_VERIFY_NOTFOUND, |
|
|
DNS_VERIFY_MATCH, |
|
|
DNS_VERIFY_MISMATCH, |
|
|
DNS_VERIFY_DIFFERENTTYPE, |
|
|
DNS_VERIFY_AUTH_MATCH, |
|
|
DNS_VERIFY_AUTH_MISMATCH, |
|
|
DNS_VERIFY_AUTH_DIFFERENTTYPE |
|
|
}; |
|
| 55 |
|
|
| 56 |
static HFONT DlgHostsAddFont; |
static HFONT DlgHostsAddFont; |
| 57 |
static HFONT DlgHostsReplaceFont; |
static HFONT DlgHostsReplaceFont; |
| 1738 |
} |
} |
| 1739 |
} |
} |
| 1740 |
|
|
|
int is_numeric_hostname(const char *hostname) |
|
|
{ |
|
|
struct addrinfo hints, *ai; |
|
|
|
|
|
if (hostname == NULL) { |
|
|
return -1; |
|
|
} |
|
|
|
|
|
memset(&hints, 0, sizeof(hints)); |
|
|
hints.ai_socktype = SOCK_DGRAM; |
|
|
hints.ai_flags = AI_NUMERICHOST; |
|
|
|
|
|
if (getaddrinfo(hostname, NULL, &hints, &ai) == 0) { |
|
|
freeaddrinfo(ai); |
|
|
return 1; |
|
|
} |
|
|
|
|
|
return 0; |
|
|
} |
|
|
|
|
|
int verify_hostkey_dns(char FAR *hostname, Key *key) |
|
|
{ |
|
|
DNS_STATUS status; |
|
|
PDNS_RECORD rec, p; |
|
|
PDNS_SSHFP_DATA t; |
|
|
int hostkey_alg, hostkey_dtype, hostkey_dlen; |
|
|
BYTE *hostkey_digest; |
|
|
int found = DNS_VERIFY_NOTFOUND; |
|
|
|
|
|
switch (key->type) { |
|
|
case KEY_RSA: |
|
|
hostkey_alg = SSHFP_KEY_RSA; |
|
|
hostkey_dtype = SSHFP_HASH_SHA1; |
|
|
break; |
|
|
case KEY_DSA: |
|
|
hostkey_alg = SSHFP_KEY_DSA; |
|
|
hostkey_dtype = SSHFP_HASH_SHA1; |
|
|
break; |
|
|
case KEY_ECDSA256: |
|
|
case KEY_ECDSA384: |
|
|
case KEY_ECDSA521: |
|
|
hostkey_alg = SSHFP_KEY_ECDSA; |
|
|
hostkey_dtype = SSHFP_HASH_SHA256; |
|
|
break; |
|
|
default: // Un-supported algorithm |
|
|
hostkey_alg = SSHFP_KEY_RESERVED; |
|
|
hostkey_dtype = SSHFP_HASH_RESERVED; |
|
|
} |
|
|
|
|
|
if (hostkey_alg) { |
|
|
hostkey_digest = key_fingerprint_raw(key, hostkey_dtype, &hostkey_dlen); |
|
|
} |
|
|
else { |
|
|
hostkey_digest = NULL; |
|
|
} |
|
|
|
|
|
status = DnsQuery(hostname, DNS_TYPE_SSHFP, DNS_QUERY_STANDARD, NULL, &rec, NULL); |
|
|
|
|
|
if (status == 0) { |
|
|
for (p=rec; p!=NULL; p=p->pNext) { |
|
|
if (p->wType == DNS_TYPE_SSHFP) { |
|
|
t = (PDNS_SSHFP_DATA)&(p->Data.Null); |
|
|
if (t->Algorithm == hostkey_alg && t->DigestType == hostkey_dtype) { |
|
|
if (hostkey_dlen == p->wDataLength-2 && memcmp(hostkey_digest, t->Digest, hostkey_dlen) == 0) { |
|
|
found = DNS_VERIFY_MATCH; |
|
|
break; |
|
|
} |
|
|
else { |
|
|
found = DNS_VERIFY_MISMATCH; |
|
|
break; |
|
|
} |
|
|
} |
|
|
else { |
|
|
found = DNS_VERIFY_DIFFERENTTYPE; |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
free(hostkey_digest); |
|
|
DnsRecordListFree(rec, DnsFreeRecordList); |
|
|
return found; |
|
|
} |
|
|
|
|
| 1741 |
// |
// |
| 1742 |
// サーバから送られてきたホスト公開鍵の妥当性をチェックする |
// サーバから送られてきたホスト公開鍵の妥当性をチェックする |
| 1743 |
// |
// |
Tera Term
Parent Directory
Revision Log
Patch