diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-02-16 22:08:57 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-02-17 09:32:31 +1100 |
| commit | 6c5c949782d86a6e7d58006599c7685bfcd01685 (patch) | |
| tree | 7a3f58c507d8aacaefae9880bcfcc924aa2b891b /clientloop.c | |
| parent | 51b082ccbe633dc970df1d1f4c9c0497115fe721 (diff) | |
upstream commit
Refactor hostkeys_foreach() and dependent code Deal with
IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
changed ok markus@ as part of larger commit
Diffstat (limited to 'clientloop.c')
| -rw-r--r-- | clientloop.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/clientloop.c b/clientloop.c index 7b54b6eb0..c6f8e9dc1 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.c,v 1.267 2015/01/26 03:04:45 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.268 2015/02/16 22:08:57 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -2102,8 +2102,9 @@ client_input_hostkeys(void) | |||
| 2102 | struct sshbuf *buf = NULL; | 2102 | struct sshbuf *buf = NULL; |
| 2103 | struct sshkey *key = NULL, **tmp, **keys = NULL; | 2103 | struct sshkey *key = NULL, **tmp, **keys = NULL; |
| 2104 | int r, success = 1; | 2104 | int r, success = 1; |
| 2105 | char *fp, *host_str = NULL; | 2105 | char *fp, *host_str = NULL, *ip_str = NULL; |
| 2106 | static int hostkeys_seen = 0; /* XXX use struct ssh */ | 2106 | static int hostkeys_seen = 0; /* XXX use struct ssh */ |
| 2107 | extern struct sockaddr_storage hostaddr; /* XXX from ssh.c */ | ||
| 2107 | 2108 | ||
| 2108 | /* | 2109 | /* |
| 2109 | * NB. Return success for all cases other than protocol error. The | 2110 | * NB. Return success for all cases other than protocol error. The |
| @@ -2148,16 +2149,24 @@ client_input_hostkeys(void) | |||
| 2148 | key = NULL; | 2149 | key = NULL; |
| 2149 | } | 2150 | } |
| 2150 | 2151 | ||
| 2151 | debug3("%s: received %u keys from server", __func__, nkeys); | ||
| 2152 | if (nkeys == 0) { | 2152 | if (nkeys == 0) { |
| 2153 | error("%s: server sent no hostkeys", __func__); | 2153 | error("%s: server sent no hostkeys", __func__); |
| 2154 | goto out; | 2154 | goto out; |
| 2155 | } | 2155 | } |
| 2156 | 2156 | ||
| 2157 | get_hostfile_hostname_ipaddr(host, NULL, options.port, &host_str, NULL); | 2157 | get_hostfile_hostname_ipaddr(host, |
| 2158 | options.check_host_ip ? (struct sockaddr *)&hostaddr : NULL, | ||
| 2159 | options.port, &host_str, options.check_host_ip ? &ip_str : NULL); | ||
| 2158 | 2160 | ||
| 2159 | if ((r = hostfile_replace_entries(options.user_hostfiles[0], host_str, | 2161 | debug3("%s: update known hosts for %s%s%s with %u keys from server", |
| 2160 | keys, nkeys, options.hash_known_hosts, 1)) != 0) { | 2162 | __func__, host_str, |
| 2163 | options.check_host_ip ? " " : "", | ||
| 2164 | options.check_host_ip ? ip_str : "", nkeys); | ||
| 2165 | |||
| 2166 | if ((r = hostfile_replace_entries(options.user_hostfiles[0], | ||
| 2167 | host_str, options.check_host_ip ? ip_str : NULL, | ||
| 2168 | keys, nkeys, options.hash_known_hosts, 0, | ||
| 2169 | options.fingerprint_hash)) != 0) { | ||
| 2161 | error("%s: hostfile_replace_entries failed: %s", | 2170 | error("%s: hostfile_replace_entries failed: %s", |
| 2162 | __func__, ssh_err(r)); | 2171 | __func__, ssh_err(r)); |
| 2163 | goto out; | 2172 | goto out; |
| @@ -2166,6 +2175,7 @@ client_input_hostkeys(void) | |||
| 2166 | /* Success */ | 2175 | /* Success */ |
| 2167 | out: | 2176 | out: |
| 2168 | free(host_str); | 2177 | free(host_str); |
| 2178 | free(ip_str); | ||
| 2169 | sshkey_free(key); | 2179 | sshkey_free(key); |
| 2170 | for (i = 0; i < nkeys; i++) | 2180 | for (i = 0; i < nkeys; i++) |
| 2171 | sshkey_free(keys[i]); | 2181 | sshkey_free(keys[i]); |