diff options
Diffstat (limited to 'hostfile.c')
| -rw-r--r-- | hostfile.c | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/hostfile.c b/hostfile.c index cd28bf446..fc7f84c79 100644 --- a/hostfile.c +++ b/hostfile.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: hostfile.c,v 1.46 2009/10/11 23:03:15 djm Exp $ */ | 1 | /* $OpenBSD: hostfile.c,v 1.47 2010/02/26 20:29:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -199,7 +199,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename, | |||
| 199 | { | 199 | { |
| 200 | FILE *f; | 200 | FILE *f; |
| 201 | char line[8192]; | 201 | char line[8192]; |
| 202 | int linenum = 0; | 202 | int linenum = 0, want_cert = key_is_cert(key); |
| 203 | u_int kbits; | 203 | u_int kbits; |
| 204 | char *cp, *cp2, *hashed_host; | 204 | char *cp, *cp2, *hashed_host; |
| 205 | HostStatus end_return; | 205 | HostStatus end_return; |
| @@ -229,6 +229,23 @@ check_host_in_hostfile_by_key_or_type(const char *filename, | |||
| 229 | if (!*cp || *cp == '#' || *cp == '\n') | 229 | if (!*cp || *cp == '#' || *cp == '\n') |
| 230 | continue; | 230 | continue; |
| 231 | 231 | ||
| 232 | /* | ||
| 233 | * Ignore CA keys when looking for raw keys. | ||
| 234 | * Ignore raw keys when looking for CA keys. | ||
| 235 | */ | ||
| 236 | if (strncasecmp(cp, CA_MARKER, sizeof(CA_MARKER) - 1) == 0 && | ||
| 237 | (cp[sizeof(CA_MARKER) - 1] == ' ' || | ||
| 238 | cp[sizeof(CA_MARKER) - 1] == '\t')) { | ||
| 239 | if (want_cert) { | ||
| 240 | /* Skip the marker and following whitespace */ | ||
| 241 | cp += sizeof(CA_MARKER); | ||
| 242 | for (; *cp == ' ' || *cp == '\t'; cp++) | ||
| 243 | ; | ||
| 244 | } else | ||
| 245 | continue; | ||
| 246 | } else if (want_cert) | ||
| 247 | continue; | ||
| 248 | |||
| 232 | /* Find the end of the host name portion. */ | 249 | /* Find the end of the host name portion. */ |
| 233 | for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++) | 250 | for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++) |
| 234 | ; | 251 | ; |
| @@ -273,8 +290,14 @@ check_host_in_hostfile_by_key_or_type(const char *filename, | |||
| 273 | continue; | 290 | continue; |
| 274 | 291 | ||
| 275 | /* Check if the current key is the same as the given key. */ | 292 | /* Check if the current key is the same as the given key. */ |
| 276 | if (key_equal(key, found)) { | 293 | if (want_cert && key_equal(key->cert->signature_key, found)) { |
| 277 | /* Ok, they match. */ | 294 | /* Found CA cert for key */ |
| 295 | debug3("check_host_in_hostfile: CA match line %d", | ||
| 296 | linenum); | ||
| 297 | fclose(f); | ||
| 298 | return HOST_OK; | ||
| 299 | } else if (!want_cert && key_equal(key, found)) { | ||
| 300 | /* Found identical key */ | ||
| 278 | debug3("check_host_in_hostfile: match line %d", linenum); | 301 | debug3("check_host_in_hostfile: match line %d", linenum); |
| 279 | fclose(f); | 302 | fclose(f); |
| 280 | return HOST_OK; | 303 | return HOST_OK; |