Attachment #1052 for bug #910




	char *user_hostfile;
	struct stat st;
	HostStatus host_status;
        u_short port;

	/* Check if we know the host and its host key. */
	found = key_new(key->type);
	host_status = check_host_in_hostfile(sysfile, host, port, key, found, NULL);

	if (host_status != HOST_OK && userfile != NULL) {
		user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);

		} else {
			temporarily_use_uid(pw);
			host_status = check_host_in_hostfile(user_hostfile,
			    host, port, key, found, NULL);
			restore_uid();
		}
		xfree(user_hostfile);

Lines 187-193 hostfile_check_key(int bits, const Key * Link Here

(-)openssh-4.2p1-orig/hostfile.c (-11 / +17 lines)
187		187
188	static HostStatus	188	static HostStatus
189	check_host_in_hostfile_by_key_or_type(const char *filename,	189	check_host_in_hostfile_by_key_or_type(const char *filename,
190	const char host, const Key key, int keytype, Key found, int numret)	190	const char host, u_short port, const Key key, int keytype, Key found, int numret)
191	{	191	{
192	FILE *f;	192	FILE *f;
193	char line[8192];	193	char line[8192];
Lines 195-200 check_host_in_hostfile_by_key_or_type(co Link Here
195	u_int kbits;	195	u_int kbits;
196	char cp, cp2, *hashed_host;	196	char cp, cp2, *hashed_host;
197	HostStatus end_return;	197	HostStatus end_return;
		198	char host_port[1024];
		199
		200	snprintf(host_port, sizeof host_port, "%.200s:%hu", host, port);
198		201
199	debug3("check_host_in_hostfile: filename %s", filename);	202	debug3("check_host_in_hostfile: filename %s", filename);
200		203
Lines 226-235 check_host_in_hostfile_by_key_or_type(co Link Here
226	;	229	;
227		230
228	/* Check if the host name matches. */	231	/* Check if the host name matches. */
229	if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) {	232	if (match_hostname(host_port, cp, (u_int) (cp2 - cp)) != 1) {
230	if (*cp != HASH_DELIM)	233	if (*cp != HASH_DELIM)
231	continue;	234	continue;
232	hashed_host = host_hash(host, cp, (u_int) (cp2 - cp));	235	hashed_host = host_hash(host_port, cp, (u_int) (cp2 - cp));
233	if (hashed_host == NULL) {	236	if (hashed_host == NULL) {
234	debug("Invalid hashed host line %d of %s",	237	debug("Invalid hashed host line %d of %s",
235	linenum, filename);	238	linenum, filename);
Lines 259-265 check_host_in_hostfile_by_key_or_type(co Link Here
259	continue;	262	continue;
260	}	263	}
261		264
262	if (!hostfile_check_key(kbits, found, host, filename, linenum))	265	if (!hostfile_check_key(kbits, found, host_port, filename, linenum))
263	continue;	266	continue;
264		267
265	/* Check if the current key is the same as the given key. */	268	/* Check if the current key is the same as the given key. */
Lines 287-306 check_host_in_hostfile_by_key_or_type(co Link Here
287	}	290	}
288		291
289	HostStatus	292	HostStatus
290	check_host_in_hostfile(const char filename, const char host, const Key *key,	293	check_host_in_hostfile(const char filename, const char host, u_short port, const Key *key,
291	Key found, int numret)	294	Key found, int numret)
292	{	295	{
293	if (key == NULL)	296	if (key == NULL)
294	fatal("no key to look up");	297	fatal("no key to look up");
295	return (check_host_in_hostfile_by_key_or_type(filename, host, key, 0,	298	return (check_host_in_hostfile_by_key_or_type(filename, host, port, key, 0,
296	found, numret));	299	found, numret));
297	}	300	}
298		301
299	int	302	int
300	lookup_key_in_hostfile_by_type(const char filename, const char host,	303	lookup_key_in_hostfile_by_type(const char filename, const char host, u_short port,
301	int keytype, Key found, int numret)	304	int keytype, Key found, int numret)
302	{	305	{
303	return (check_host_in_hostfile_by_key_or_type(filename, host, NULL,	306	return (check_host_in_hostfile_by_key_or_type(filename, host, port, NULL,
304	keytype, found, numret) == HOST_FOUND);	307	keytype, found, numret) == HOST_FOUND);
305	}	308	}
306		309
Lines 310-322 lookup_key_in_hostfile_by_type(const cha Link Here
310	*/	313	*/
311		314
312	int	315	int
313	add_host_to_hostfile(const char filename, const char host, const Key *key,	316	add_host_to_hostfile(const char filename, const char host, u_short port, const Key *key,
314	int store_hash)	317	int store_hash)
315	{	318	{
316	FILE *f;	319	FILE *f;
317	int success = 0;	320	int success = 0;
318	char *hashed_host = NULL;	321	char *hashed_host = NULL;
		322	char host_port[1024];
319		323
		324	snprintf(host_port, sizeof host_port, "%.200s:%hu", host, port);
		325
320	if (key == NULL)	326	if (key == NULL)
321	return 1; /* XXX ? */	327	return 1; /* XXX ? */
322	f = fopen(filename, "a");	328	f = fopen(filename, "a");
Lines 324-336 add_host_to_hostfile(const char *filenam Link Here
324	return 0;	330	return 0;
325		331
326	if (store_hash) {	332	if (store_hash) {
327	if ((hashed_host = host_hash(host, NULL, 0)) == NULL) {	333	if ((hashed_host = host_hash(host_port, NULL, 0)) == NULL) {
328	error("add_host_to_hostfile: host_hash failed");	334	error("add_host_to_hostfile: host_hash failed");
329	fclose(f);	335	fclose(f);
330	return 0;	336	return 0;
331	}	337	}
332	}	338	}
333	fprintf(f, "%s ", store_hash ? hashed_host : host);	339	fprintf(f, "%s ", store_hash ? hashed_host : host_port);
334		340
335	if (key_write(key, f)) {	341	if (key_write(key, f)) {
336	success = 1;	342	success = 1;

Lines 19-28 typedef enum { Link Here

(-)openssh-4.2p1-orig/hostfile.h (-3 / +3 lines)
19	} HostStatus;	19	} HostStatus;
20		20
21	int hostfile_read_key(char *, u_int , Key *);	21	int hostfile_read_key(char *, u_int , Key *);
22	HostStatus check_host_in_hostfile(const char , const char ,	22	HostStatus check_host_in_hostfile(const char , const char , u_short,
23	const Key , Key , int *);	23	const Key , Key , int *);
24	int add_host_to_hostfile(const char , const char , const Key *, int);	24	int add_host_to_hostfile(const char , const char , u_short, const Key *, int);
25	int lookup_key_in_hostfile_by_type(const char , const char ,	25	int lookup_key_in_hostfile_by_type(const char , const char , u_short,
26	int, Key , int );	26	int, Key , int );
27		27
28	#define HASH_MAGIC "\|1\|"	28	#define HASH_MAGIC "\|1\|"




	 * hosts or in the systemwide list.
	 */
	host_file = user_hostfile;
	host_status = check_host_in_hostfile(host_file, host, options.port, host_key,
	    file_key, &host_line);
	if (host_status == HOST_NEW) {
		host_file = system_hostfile;
		host_status = check_host_in_hostfile(host_file, host, options.port, host_key,
		    file_key, &host_line);
	}
	/*

		Key *ip_key = key_new(host_key->type);

		ip_file = user_hostfile;
		ip_status = check_host_in_hostfile(ip_file, ip, options.port, host_key,
		    ip_key, &ip_line);
		if (ip_status == HOST_NEW) {
			ip_file = system_hostfile;
			ip_status = check_host_in_hostfile(ip_file, ip, options.port,
			    host_key, ip_key, &ip_line);
		}
		if (host_status == HOST_CHANGED &&

				logit("%s host key for IP address "
				    "'%.128s' not in list of known hosts.",
				    type, ip);
			else if (!add_host_to_hostfile(user_hostfile, ip, options.port,
			    host_key, options.hash_known_hosts))
				logit("Failed to add the %s host key for IP "
				    "address '%.128s:%hu' to the list of known "
				    "hosts (%.30s).", type, ip, options.port, user_hostfile);
			else
				logit("Warning: Permanently added the %s host "
				    "key for IP address '%.128s:%hu' to the list "
				    "of known hosts.", type, ip, options.port);
		}
		break;
	case HOST_NEW:

			hostp = hostline;
			if (options.hash_known_hosts) {
				/* Add hash of host and IP separately */
				r = add_host_to_hostfile(user_hostfile, host, options.port, 
				    host_key, options.hash_known_hosts) &&
				    add_host_to_hostfile(user_hostfile, ip, options.port,
				    host_key, options.hash_known_hosts);
			} else {
				/* Add unhashed "host,ip" */
				r = add_host_to_hostfile(user_hostfile,
				    hostline, options.port, host_key,
				    options.hash_known_hosts);
			}
		} else {
			r = add_host_to_hostfile(user_hostfile, host, options.port, host_key,
			    options.hash_known_hosts);
			hostp = host;
		}

			logit("Failed to add the host to the list of known "
			    "hosts (%.500s).", user_hostfile);
		else
			logit("Warning: Permanently added '%.200s:%hu' (%s) to the "
			    "list of known hosts.", hostp, options.port, type);
		break;
	case HOST_CHANGED:
		if (options.check_host_ip && host_ip_differ) {

}

static int
show_key_from_file(const char *file, const char *host, u_short port, int keytype)
{
	Key *found;
	char *fp;
	int line, ret;

	found = key_new(keytype);
	if ((ret = lookup_key_in_hostfile_by_type(file, host, port,
	    keytype, found, &line))) {
		fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
		logit("WARNING: %s key found for host %s\n"

		if (type[i] == key->type)
			continue;
		if (type[i] != KEY_RSA1 &&
		    show_key_from_file(options.user_hostfile2, host, options.port, type[i])) {
			found = 1;
			continue;
		}
		if (type[i] != KEY_RSA1 &&
		    show_key_from_file(options.system_hostfile2, host, options.port, type[i])) {
			found = 1;
			continue;
		}
		if (show_key_from_file(options.user_hostfile, host, options.port, type[i])) {
			found = 1;
			continue;
		}
		if (show_key_from_file(options.system_hostfile, host, options.port, type[i])) {
			found = 1;
			continue;
		}

Return to bug 910

Lines 379-388 check_key_in_hostfiles(struct passwd *pw Link Here

(-)openssh-4.2p1-orig/auth.c (-2 / +3 lines)
379	char *user_hostfile;	379	char *user_hostfile;
380	struct stat st;	380	struct stat st;
381	HostStatus host_status;	381	HostStatus host_status;
		382	u_short port;
382		383
383	/* Check if we know the host and its host key. */	384	/* Check if we know the host and its host key. */
384	found = key_new(key->type);	385	found = key_new(key->type);
385	host_status = check_host_in_hostfile(sysfile, host, key, found, NULL);	386	host_status = check_host_in_hostfile(sysfile, host, port, key, found, NULL);
386		387
387	if (host_status != HOST_OK && userfile != NULL) {	388	if (host_status != HOST_OK && userfile != NULL) {
388	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);	389	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
Lines 396-402 check_key_in_hostfiles(struct passwd *pw Link Here
396	} else {	397	} else {
397	temporarily_use_uid(pw);	398	temporarily_use_uid(pw);
398	host_status = check_host_in_hostfile(user_hostfile,	399	host_status = check_host_in_hostfile(user_hostfile,
399	host, key, found, NULL);	400	host, port, key, found, NULL);
400	restore_uid();	401	restore_uid();
401	}	402	}
402	xfree(user_hostfile);	403	xfree(user_hostfile);

Lines 608-618 check_host_key(char *host, struct sockad Link Here

(-)openssh-4.2p1-orig/sshconnect.c (-21 / +21 lines)
608	* hosts or in the systemwide list.	608	* hosts or in the systemwide list.
609	*/	609	*/
610	host_file = user_hostfile;	610	host_file = user_hostfile;
611	host_status = check_host_in_hostfile(host_file, host, host_key,	611	host_status = check_host_in_hostfile(host_file, host, options.port, host_key,
612	file_key, &host_line);	612	file_key, &host_line);
613	if (host_status == HOST_NEW) {	613	if (host_status == HOST_NEW) {
614	host_file = system_hostfile;	614	host_file = system_hostfile;
615	host_status = check_host_in_hostfile(host_file, host, host_key,	615	host_status = check_host_in_hostfile(host_file, host, options.port, host_key,
616	file_key, &host_line);	616	file_key, &host_line);
617	}	617	}
618	/*	618	/*
Lines 623-633 check_host_key(char *host, struct sockad Link Here
623	Key *ip_key = key_new(host_key->type);	623	Key *ip_key = key_new(host_key->type);
624		624
625	ip_file = user_hostfile;	625	ip_file = user_hostfile;
626	ip_status = check_host_in_hostfile(ip_file, ip, host_key,	626	ip_status = check_host_in_hostfile(ip_file, ip, options.port, host_key,
627	ip_key, &ip_line);	627	ip_key, &ip_line);
628	if (ip_status == HOST_NEW) {	628	if (ip_status == HOST_NEW) {
629	ip_file = system_hostfile;	629	ip_file = system_hostfile;
630	ip_status = check_host_in_hostfile(ip_file, ip,	630	ip_status = check_host_in_hostfile(ip_file, ip, options.port,
631	host_key, ip_key, &ip_line);	631	host_key, ip_key, &ip_line);
632	}	632	}
633	if (host_status == HOST_CHANGED &&	633	if (host_status == HOST_CHANGED &&
Lines 651-665 check_host_key(char *host, struct sockad Link Here
651	logit("%s host key for IP address "	651	logit("%s host key for IP address "
652	"'%.128s' not in list of known hosts.",	652	"'%.128s' not in list of known hosts.",
653	type, ip);	653	type, ip);
654	else if (!add_host_to_hostfile(user_hostfile, ip,	654	else if (!add_host_to_hostfile(user_hostfile, ip, options.port,
655	host_key, options.hash_known_hosts))	655	host_key, options.hash_known_hosts))
656	logit("Failed to add the %s host key for IP "	656	logit("Failed to add the %s host key for IP "
657	"address '%.128s' to the list of known "	657	"address '%.128s:%hu' to the list of known "
658	"hosts (%.30s).", type, ip, user_hostfile);	658	"hosts (%.30s).", type, ip, options.port, user_hostfile);
659	else	659	else
660	logit("Warning: Permanently added the %s host "	660	logit("Warning: Permanently added the %s host "
661	"key for IP address '%.128s' to the list "	661	"key for IP address '%.128s:%hu' to the list "
662	"of known hosts.", type, ip);	662	"of known hosts.", type, ip, options.port);
663	}	663	}
664	break;	664	break;
665	case HOST_NEW:	665	case HOST_NEW:
Lines 718-735 check_host_key(char *host, struct sockad Link Here
718	hostp = hostline;	718	hostp = hostline;
719	if (options.hash_known_hosts) {	719	if (options.hash_known_hosts) {
720	/* Add hash of host and IP separately */	720	/* Add hash of host and IP separately */
721	r = add_host_to_hostfile(user_hostfile, host,	721	r = add_host_to_hostfile(user_hostfile, host, options.port,
722	host_key, options.hash_known_hosts) &&	722	host_key, options.hash_known_hosts) &&
723	add_host_to_hostfile(user_hostfile, ip,	723	add_host_to_hostfile(user_hostfile, ip, options.port,
724	host_key, options.hash_known_hosts);	724	host_key, options.hash_known_hosts);
725	} else {	725	} else {
726	/* Add unhashed "host,ip" */	726	/* Add unhashed "host,ip" */
727	r = add_host_to_hostfile(user_hostfile,	727	r = add_host_to_hostfile(user_hostfile,
728	hostline, host_key,	728	hostline, options.port, host_key,
729	options.hash_known_hosts);	729	options.hash_known_hosts);
730	}	730	}
731	} else {	731	} else {
732	r = add_host_to_hostfile(user_hostfile, host, host_key,	732	r = add_host_to_hostfile(user_hostfile, host, options.port, host_key,
733	options.hash_known_hosts);	733	options.hash_known_hosts);
734	hostp = host;	734	hostp = host;
735	}	735	}
Lines 738-745 check_host_key(char *host, struct sockad Link Here
738	logit("Failed to add the host to the list of known "	738	logit("Failed to add the host to the list of known "
739	"hosts (%.500s).", user_hostfile);	739	"hosts (%.500s).", user_hostfile);
740	else	740	else
741	logit("Warning: Permanently added '%.200s' (%s) to the "	741	logit("Warning: Permanently added '%.200s:%hu' (%s) to the "
742	"list of known hosts.", hostp, type);	742	"list of known hosts.", hostp, options.port, type);
743	break;	743	break;
744	case HOST_CHANGED:	744	case HOST_CHANGED:
745	if (options.check_host_ip && host_ip_differ) {	745	if (options.check_host_ip && host_ip_differ) {
Lines 961-974 ssh_put_password(char *password) Link Here
961	}	961	}
962		962
963	static int	963	static int
964	show_key_from_file(const char file, const char host, int keytype)	964	show_key_from_file(const char file, const char host, u_short port, int keytype)
965	{	965	{
966	Key *found;	966	Key *found;
967	char *fp;	967	char *fp;
968	int line, ret;	968	int line, ret;
969		969
970	found = key_new(keytype);	970	found = key_new(keytype);
971	if ((ret = lookup_key_in_hostfile_by_type(file, host,	971	if ((ret = lookup_key_in_hostfile_by_type(file, host, port,
972	keytype, found, &line))) {	972	keytype, found, &line))) {
973	fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);	973	fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
974	logit("WARNING: %s key found for host %s\n"	974	logit("WARNING: %s key found for host %s\n"
Lines 993-1012 show_other_keys(const char host, Key k Link Here
993	if (type[i] == key->type)	993	if (type[i] == key->type)
994	continue;	994	continue;
995	if (type[i] != KEY_RSA1 &&	995	if (type[i] != KEY_RSA1 &&
996	show_key_from_file(options.user_hostfile2, host, type[i])) {	996	show_key_from_file(options.user_hostfile2, host, options.port, type[i])) {
997	found = 1;	997	found = 1;
998	continue;	998	continue;
999	}	999	}
1000	if (type[i] != KEY_RSA1 &&	1000	if (type[i] != KEY_RSA1 &&
1001	show_key_from_file(options.system_hostfile2, host, type[i])) {	1001	show_key_from_file(options.system_hostfile2, host, options.port, type[i])) {
1002	found = 1;	1002	found = 1;
1003	continue;	1003	continue;
1004	}	1004	}
1005	if (show_key_from_file(options.user_hostfile, host, type[i])) {	1005	if (show_key_from_file(options.user_hostfile, host, options.port, type[i])) {
1006	found = 1;	1006	found = 1;
1007	continue;	1007	continue;
1008	}	1008	}
1009	if (show_key_from_file(options.system_hostfile, host, type[i])) {	1009	if (show_key_from_file(options.system_hostfile, host, options.port, type[i])) {
1010	found = 1;	1010	found = 1;
1011	continue;	1011	continue;
1012	}	1012	}