upstream commit

Refactor hostkeys_foreach() and dependent code Deal with IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing changed ok markus@ as part of larger commit
author: djm@openbsd.org <djm@openbsd.org> 2015-02-16 22:08:57 +0000
committer: Damien Miller <djm@mindrot.org> 2015-02-17 09:32:31 +1100
commit: 6c5c949782d86a6e7d58006599c7685bfcd01685 (patch)
tree: 7a3f58c507d8aacaefae9880bcfcc924aa2b891b /ssh-keygen.c
parent: 51b082ccbe633dc970df1d1f4c9c0497115fe721 (diff)
1 files changed, 39 insertions, 32 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2c6a56839..9b2068254 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.261 2015/01/30 01:10:33 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.262 2015/02/16 22:08:57 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1052,40 +1052,47 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
        char *hashed, *cp, *hosts, *ohosts;
        int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
-        /* Retain invalid lines when hashing, but mark file as invalid. */
+        switch (l->status) {
-        if (l->status == HKF_STATUS_INVALID) {
+        case HKF_STATUS_OK:
+        case HKF_STATUS_MATCHED:
+                /*
+                 * Don't hash hosts already already hashed, with wildcard
+                 * characters or a CA/revocation marker.
+                 */
+                if ((l->match & HKF_MATCH_HOST_HASHED) != 0 ||
+                    has_wild || l->marker != MRK_NONE) {
+                        fprintf(ctx->out, "%s\n", l->line);
+                        if (has_wild && !find_host) {
+                                fprintf(stderr, "%s:%ld: ignoring host name "
+                                    "with wildcard: %.64s\n", l->path,
+                                    l->linenum, l->hosts);
+                        }
+                        return 0;
+                }
+                /*
+                 * Split any comma-separated hostnames from the host list,
+                 * hash and store separately.
+                 */
+                ohosts = hosts = xstrdup(l->hosts);
+                while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
+                        if ((hashed = host_hash(cp, NULL, 0)) == NULL)
+                                fatal("hash_host failed");
+                        fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
+                        ctx->has_unhashed = 1;
+                }
+                free(ohosts);
+                return 0;
+        case HKF_STATUS_INVALID:
+                /* Retain invalid lines, but mark file as invalid. */
                ctx->invalid = 1;
                fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum);
+                /* FALLTHROUGH */
+        default:
                fprintf(ctx->out, "%s\n", l->line);
                return 0;
        }
+        /* NOTREACHED */
-        /*
+        return -1;
-         * Don't hash hosts already already hashed, with wildcard characters
-         * or a CA/revocation marker.
-         */
-        if (l->was_hashed || has_wild || l->marker != MRK_NONE) {
-                fprintf(ctx->out, "%s\n", l->line);
-                if (has_wild && !find_host) {
-                        fprintf(stderr, "%s:%ld: ignoring host name "
-                            "with wildcard: %.64s\n", l->path,
-                            l->linenum, l->hosts);
-                }
-                return 0;
-        }
-        /*
-         * Split any comma-separated hostnames from the host list,
-         * hash and store separately.
-         */
-        ohosts = hosts = xstrdup(l->hosts);
-        while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
-                if ((hashed = host_hash(cp, NULL, 0)) == NULL)
-                        fatal("hash_host failed");
-                fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
-                ctx->has_unhashed = 1;
-        }
-        free(ohosts);
-        return 0;
 }
 static int
@@ -1093,7 +1100,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
 {
        struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
-        if (l->status == HKF_STATUS_HOST_MATCHED) {
+        if (l->status == HKF_STATUS_MATCHED) {
                if (delete_host) {
                        if (l->marker != MRK_NONE) {
                                /* Don't remove CA and revocation lines */
@@ -1180,7 +1187,7 @@ do_known_hosts(struct passwd *pw, const char *name)
        /* XXX support identity_file == "-" for stdin */
        if ((r = hostkeys_foreach(identity_file,
            hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,
-            name, find_host ? HKF_WANT_MATCH_HOST : 0)) != 0)
+            name, NULL, find_host ? HKF_WANT_MATCH : 0)) != 0)
                fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
        if (inplace)
author	djm@openbsd.org <djm@openbsd.org>	2015-02-16 22:08:57 +0000
committer	Damien Miller <djm@mindrot.org>	2015-02-17 09:32:31 +1100
commit	6c5c949782d86a6e7d58006599c7685bfcd01685 (patch)
tree	7a3f58c507d8aacaefae9880bcfcc924aa2b891b /ssh-keygen.c
parent	51b082ccbe633dc970df1d1f4c9c0497115fe721 (diff)

diff --git a/ssh-keygen.c b/ssh-keygen.c index 2c6a56839..9b2068254 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keygen.c,v 1.261 2015/01/30 01:10:33 djm Exp $ */	1	/* $OpenBSD: ssh-keygen.c,v 1.262 2015/02/16 22:08:57 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1052,40 +1052,47 @@ known_hosts_hash(struct hostkey_foreach_line l, void _ctx)
1052	char hashed, cp, hosts, ohosts;	1052	char hashed, cp, hosts, ohosts;
1053	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);	1053	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
1054		1054
1055	/* Retain invalid lines when hashing, but mark file as invalid. */	1055	switch (l->status) {
1056	if (l->status == HKF_STATUS_INVALID) {	1056	case HKF_STATUS_OK:
		1057	case HKF_STATUS_MATCHED:
		1058	/*
		1059	* Don't hash hosts already already hashed, with wildcard
		1060	* characters or a CA/revocation marker.
		1061	*/
		1062	if ((l->match & HKF_MATCH_HOST_HASHED) != 0 \|\|
		1063	has_wild \|\| l->marker != MRK_NONE) {
		1064	fprintf(ctx->out, "%s\n", l->line);
		1065	if (has_wild && !find_host) {
		1066	fprintf(stderr, "%s:%ld: ignoring host name "
		1067	"with wildcard: %.64s\n", l->path,
		1068	l->linenum, l->hosts);
		1069	}
		1070	return 0;
		1071	}
		1072	/*
		1073	* Split any comma-separated hostnames from the host list,
		1074	* hash and store separately.
		1075	*/
		1076	ohosts = hosts = xstrdup(l->hosts);
		1077	while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
		1078	if ((hashed = host_hash(cp, NULL, 0)) == NULL)
		1079	fatal("hash_host failed");
		1080	fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
		1081	ctx->has_unhashed = 1;
		1082	}
		1083	free(ohosts);
		1084	return 0;
		1085	case HKF_STATUS_INVALID:
		1086	/* Retain invalid lines, but mark file as invalid. */
1057	ctx->invalid = 1;	1087	ctx->invalid = 1;
1058	fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum);	1088	fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum);
		1089	/* FALLTHROUGH */
		1090	default:
1059	fprintf(ctx->out, "%s\n", l->line);	1091	fprintf(ctx->out, "%s\n", l->line);
1060	return 0;	1092	return 0;
1061	}	1093	}
1062		1094	/* NOTREACHED */
1063	/*	1095	return -1;
1064	* Don't hash hosts already already hashed, with wildcard characters
1065	* or a CA/revocation marker.
1066	*/
1067	if (l->was_hashed \|\| has_wild \|\| l->marker != MRK_NONE) {
1068	fprintf(ctx->out, "%s\n", l->line);
1069	if (has_wild && !find_host) {
1070	fprintf(stderr, "%s:%ld: ignoring host name "
1071	"with wildcard: %.64s\n", l->path,
1072	l->linenum, l->hosts);
1073	}
1074	return 0;
1075	}
1076	/*
1077	* Split any comma-separated hostnames from the host list,
1078	* hash and store separately.
1079	*/
1080	ohosts = hosts = xstrdup(l->hosts);
1081	while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
1082	if ((hashed = host_hash(cp, NULL, 0)) == NULL)
1083	fatal("hash_host failed");
1084	fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
1085	ctx->has_unhashed = 1;
1086	}
1087	free(ohosts);
1088	return 0;
1089	}	1096	}
1090		1097
1091	static int	1098	static int
@@ -1093,7 +1100,7 @@ known_hosts_find_delete(struct hostkey_foreach_line l, void _ctx)
1093	{	1100	{
1094	struct known_hosts_ctx ctx = (struct known_hosts_ctx )_ctx;	1101	struct known_hosts_ctx ctx = (struct known_hosts_ctx )_ctx;
1095		1102
1096	if (l->status == HKF_STATUS_HOST_MATCHED) {	1103	if (l->status == HKF_STATUS_MATCHED) {
1097	if (delete_host) {	1104	if (delete_host) {
1098	if (l->marker != MRK_NONE) {	1105	if (l->marker != MRK_NONE) {
1099	/* Don't remove CA and revocation lines */	1106	/* Don't remove CA and revocation lines */
@@ -1180,7 +1187,7 @@ do_known_hosts(struct passwd pw, const char name)
1180	/* XXX support identity_file == "-" for stdin */	1187	/* XXX support identity_file == "-" for stdin */
1181	if ((r = hostkeys_foreach(identity_file,	1188	if ((r = hostkeys_foreach(identity_file,
1182	hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,	1189	hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,
1183	name, find_host ? HKF_WANT_MATCH_HOST : 0)) != 0)	1190	name, NULL, find_host ? HKF_WANT_MATCH : 0)) != 0)
1184	fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));	1191	fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
1185		1192
1186	if (inplace)	1193	if (inplace)