SSH: implement host key checking.

Change-Id: I5f10bd801bb5cf43e58193c41e62d9ea2f9cb645 Task-number: QTCREATORBUG-13339 Reviewed-by: Joerg Bornemann <[email protected]>
author: Christian Kandeler <[email protected]> 2014-11-12 16:50:04 +0100
committer: Christian Kandeler <[email protected]> 2014-12-15 16:15:04 +0100
commit: 62a83f911365eab71e7260484517ef6c739d5192 (patch)
tree: 383e1a9dffe1b4faca642ee06d05517c9e8488ca /src/libs/ssh/sshkeyexchange.cpp
parent: be4a0306965aecc701b0890d5339ed7f596e7793 (diff)
1 files changed, 41 insertions, 2 deletions
diff --git a/src/libs/ssh/sshkeyexchange.cpp b/src/libs/ssh/sshkeyexchange.cpp
index ec9dca1d33f..f427b1273d4 100644
--- a/src/libs/ssh/sshkeyexchange.cpp
+++ b/src/libs/ssh/sshkeyexchange.cpp
@@ -76,8 +76,9 @@ namespace {
 
 } // anonymous namespace
 
-SshKeyExchange::SshKeyExchange(SshSendFacility &sendFacility)
-    : m_sendFacility(sendFacility)
+SshKeyExchange::SshKeyExchange(const SshConnectionParameters &connParams,
+                               SshSendFacility &sendFacility)
+    : m_connParams(connParams), m_sendFacility(sendFacility)
 {
 }
 
@@ -210,8 +211,46 @@ void SshKeyExchange::sendNewKeysPacket(const SshIncomingPacket &dhReply,
             "Invalid signature in SSH_MSG_KEXDH_REPLY packet.");
     }
 
+    checkHostKey(reply.k_s);
+
     m_sendFacility.sendNewKeysPacket();
 }
 
+void SshKeyExchange::checkHostKey(const QByteArray &hostKey)
+{
+    if (m_connParams.hostKeyCheckingMode == SshHostKeyCheckingNone) {
+        if (m_connParams.hostKeyDatabase)
+            m_connParams.hostKeyDatabase->insertHostKey(m_connParams.host, hostKey);
+        return;
+    }
+
+    if (!m_connParams.hostKeyDatabase) {
+        throw SshClientException(SshInternalError,
+                                 SSH_TR("Host key database must exist "
+                                        "if host key checking is enabled."));
+    }
+
+    switch (m_connParams.hostKeyDatabase->matchHostKey(m_connParams.host, hostKey)) {
+    case SshHostKeyDatabase::KeyLookupMatch:
+        return; // Nothing to do.
+    case SshHostKeyDatabase::KeyLookupMismatch:
+        if (m_connParams.hostKeyCheckingMode != SshHostKeyCheckingAllowMismatch)
+            throwHostKeyException();
+        break;
+    case SshHostKeyDatabase::KeyLookupNoMatch:
+        if (m_connParams.hostKeyCheckingMode == SshHostKeyCheckingStrict)
+            throwHostKeyException();
+        break;
+    }
+    m_connParams.hostKeyDatabase->insertHostKey(m_connParams.host, hostKey);
+}
+
+void SshKeyExchange::throwHostKeyException()
+{
+    throw SshServerException(SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE, "Host key changed",
+                             SSH_TR("Host key of machine \"%1\" has changed.")
+                             .arg(m_connParams.host));
+}
+
 } // namespace Internal
 } // namespace QSsh
author	Christian Kandeler <[email protected]>	2014-11-12 16:50:04 +0100
committer	Christian Kandeler <[email protected]>	2014-12-15 16:15:04 +0100
commit	62a83f911365eab71e7260484517ef6c739d5192 (patch)
tree	383e1a9dffe1b4faca642ee06d05517c9e8488ca /src/libs/ssh/sshkeyexchange.cpp
parent	be4a0306965aecc701b0890d5339ed7f596e7793 (diff)