|
Lines 1881-1886
update_known_hosts(struct hostkeys_update_ctx *ctx)
Link Here
|
| 1881 |
SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE; |
1881 |
SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE; |
| 1882 |
char *fp, *response; |
1882 |
char *fp, *response; |
| 1883 |
size_t i; |
1883 |
size_t i; |
|
|
1884 |
struct stat sb; |
| 1884 |
|
1885 |
|
| 1885 |
for (i = 0; i < ctx->nkeys; i++) { |
1886 |
for (i = 0; i < ctx->nkeys; i++) { |
| 1886 |
if (ctx->keys_seen[i] != 2) |
1887 |
if (ctx->keys_seen[i] != 2) |
|
Lines 1927-1945
update_known_hosts(struct hostkeys_update_ctx *ctx)
Link Here
|
| 1927 |
if (was_raw) |
1928 |
if (was_raw) |
| 1928 |
enter_raw_mode(1); |
1929 |
enter_raw_mode(1); |
| 1929 |
} |
1930 |
} |
| 1930 |
|
1931 |
if (options.update_hostkeys == 0) |
|
|
1932 |
return; |
| 1931 |
/* |
1933 |
/* |
| 1932 |
* Now that all the keys are verified, we can go ahead and replace |
1934 |
* Now that all the keys are verified, we can go ahead and replace |
| 1933 |
* them in known_hosts (assuming SSH_UPDATE_HOSTKEYS_ASK didn't |
1935 |
* them in known_hosts (assuming SSH_UPDATE_HOSTKEYS_ASK didn't |
| 1934 |
* cancel the operation). |
1936 |
* cancel the operation). |
| 1935 |
*/ |
1937 |
*/ |
| 1936 |
if (options.update_hostkeys != 0 && |
1938 |
for (i = 0; i < options.num_user_hostfiles; i++) { |
| 1937 |
(r = hostfile_replace_entries(options.user_hostfiles[0], |
1939 |
/* |
| 1938 |
ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys, |
1940 |
* NB. keys are only added to hostfiles[0], for the rest we |
| 1939 |
options.hash_known_hosts, 0, |
1941 |
* just delete the hostname entries. |
| 1940 |
options.fingerprint_hash)) != 0) |
1942 |
*/ |
| 1941 |
error("%s: hostfile_replace_entries failed: %s", |
1943 |
if (stat(options.user_hostfiles[i], &sb) != 0) { |
| 1942 |
__func__, ssh_err(r)); |
1944 |
if (errno == ENOENT) { |
|
|
1945 |
debug("%s: known hosts file %s does not exist", |
| 1946 |
__func__, strerror(errno)); |
| 1947 |
} else { |
| 1948 |
error("%s: known hosts file %s inaccessible", |
| 1949 |
__func__, strerror(errno)); |
| 1950 |
} |
| 1951 |
continue; |
| 1952 |
} |
| 1953 |
if ((r = hostfile_replace_entries(options.user_hostfiles[i], |
| 1954 |
ctx->host_str, ctx->ip_str, |
| 1955 |
i == 0 ? ctx->keys : NULL, i == 0 ? ctx->nkeys : 0, |
| 1956 |
options.hash_known_hosts, 0, |
| 1957 |
options.fingerprint_hash)) != 0) { |
| 1958 |
error("%s: hostfile_replace_entries failed for %s: %s", |
| 1959 |
__func__, options.user_hostfiles[i], ssh_err(r)); |
| 1960 |
} |
| 1961 |
} |
| 1943 |
} |
1962 |
} |
| 1944 |
|
1963 |
|
| 1945 |
static void |
1964 |
static void |
|
Lines 2132-2142
client_input_hostkeys(struct ssh *ssh)
Link Here
|
| 2132 |
options.check_host_ip ? &ctx->ip_str : NULL); |
2151 |
options.check_host_ip ? &ctx->ip_str : NULL); |
| 2133 |
|
2152 |
|
| 2134 |
/* Find which keys we already know about. */ |
2153 |
/* Find which keys we already know about. */ |
| 2135 |
if ((r = hostkeys_foreach(options.user_hostfiles[0], hostkeys_find, |
2154 |
for (i = 0; i < options.num_user_hostfiles; i++) { |
| 2136 |
ctx, ctx->host_str, ctx->ip_str, |
2155 |
debug("%s: searching %s for %s / %s", __func__, |
| 2137 |
HKF_WANT_PARSE_KEY|HKF_WANT_MATCH)) != 0) { |
2156 |
options.user_hostfiles[i], ctx->host_str, ctx->ip_str); |
| 2138 |
error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); |
2157 |
if ((r = hostkeys_foreach(options.user_hostfiles[i], |
| 2139 |
goto out; |
2158 |
hostkeys_find, ctx, ctx->host_str, ctx->ip_str, |
|
|
2159 |
HKF_WANT_PARSE_KEY|HKF_WANT_MATCH)) != 0) { |
| 2160 |
if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) { |
| 2161 |
error("%s: hostkeys file %s does not exist", |
| 2162 |
__func__, options.user_hostfiles[i]); |
| 2163 |
continue; |
| 2164 |
} |
| 2165 |
error("%s: hostkeys_foreach failed for %s: %s", |
| 2166 |
__func__, options.user_hostfiles[i], ssh_err(r)); |
| 2167 |
goto out; |
| 2168 |
} |
| 2140 |
} |
2169 |
} |
| 2141 |
|
2170 |
|
| 2142 |
/* Figure out if we have any new keys to add */ |
2171 |
/* Figure out if we have any new keys to add */ |