- djm@cvs.openbsd.org 2005/03/02 01:00:06

     [sshconnect.c]
     fix addition of new hashed hostnames when CheckHostIP=yes;
     found and ok dtucker@

2 files changed, 30 insertions, 11 deletions

diff --git a/ChangeLog b/ChangeLog
index 459edc97f..a5554745f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,10 @@
      spelling (occurance -> occurrence);
      use prompt before examples;
      grammar;
+   - djm@cvs.openbsd.org 2005/03/02 01:00:06
+     [sshconnect.c]
+     fix addition of new hashed hostnames when CheckHostIP=yes;
+     found and ok dtucker@
 
 20050301
  - (djm) OpenBSD CVS sync:
@@ -2254,4 +2258,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3684 2005/03/02 01:05:06 djm Exp $
+$Id: ChangeLog,v 1.3685 2005/03/02 01:06:51 djm Exp $
diff --git a/sshconnect.c b/sshconnect.c
index bafe7ba92..49190560d 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.160 2005/03/01 10:40:27 djm Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $");
 
 #include <openssl/bn.h>
 
@@ -554,7 +554,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
         char hostline[1000], *hostp, *fp;
         HostStatus host_status;
         HostStatus ip_status;
-        int local = 0, host_ip_differ = 0;
+        int r, local = 0, host_ip_differ = 0;
         int salen;
         char ntop[NI_MAXHOST];
         char msg[1024];
@@ -734,18 +734,33 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                         if (!confirm(msg))
                                 goto fail;
                 }
-                if (options.check_host_ip && ip_status == HOST_NEW) {
-                        snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
-                        hostp = hostline;
-                } else
-                        hostp = host;
-
                 /*
                  * If not in strict mode, add the key automatically to the
                  * local known_hosts file.
                  */
-                if (!add_host_to_hostfile(user_hostfile, hostp, host_key,
-                    options.hash_known_hosts))
+                if (options.check_host_ip && ip_status == HOST_NEW) {
+                        snprintf(hostline, sizeof(hostline), "%s,%s",
+                            host, ip);
+                        hostp = hostline;
+                        if (options.hash_known_hosts) {
+                                /* Add hash of host and IP separately */
+                                r = add_host_to_hostfile(user_hostfile, host,
+                                    host_key, options.hash_known_hosts) &&
+                                    add_host_to_hostfile(user_hostfile, ip,
+                                    host_key, options.hash_known_hosts);
+                        } else {
+                                /* Add unhashed "host,ip" */
+                                r = add_host_to_hostfile(user_hostfile,
+                                    hostline, host_key,
+                                    options.hash_known_hosts);
+                        }
+                } else {
+                        r = add_host_to_hostfile(user_hostfile, host, host_key,
+                            options.hash_known_hosts);
+                        hostp = host;
+                }
+
+                if (!r)
                         logit("Failed to add the host to the list of known "
                             "hosts (%.500s).", user_hostfile);
                 else