Attachment #3390 for bug #3157




	    found) == HOST_FOUND);
}

int
lookup_marker_in_hostkeys(struct hostkeys *hostkeys, int want_marker)
{
	u_int i;

	for (i = 0; i < hostkeys->num_entries; i++) {
		if (hostkeys->entries[i].marker == (HostkeyMarker)want_marker)
			return 1;
	}
	return 0;
}

static int
write_host_entry(FILE *f, const char *host, const char *ip,
    const struct sshkey *key, int store_hash)

Lines 39-44 HostStatus check_key_in_hostkeys(struct hostkeys , struct sshkey , Link Here

(-)a/hostfile.h (+1 lines)
39	const struct hostkey_entry **);	39	const struct hostkey_entry **);
40	int lookup_key_in_hostkeys_by_type(struct hostkeys *, int,	40	int lookup_key_in_hostkeys_by_type(struct hostkeys *, int,
41	const struct hostkey_entry **);	41	const struct hostkey_entry **);
		42	int lookup_marker_in_hostkeys(struct hostkeys *, int);
42		43
43	int hostfile_read_key(char *, u_int , struct sshkey *);	44	int hostfile_read_key(char *, u_int , struct sshkey *);
44	int add_host_to_hostfile(const char , const char ,	45	int add_host_to_hostfile(const char , const char ,

Lines 130-140 order_hostkeyalgs(char host, struct sockaddr hostaddr, u_short port) Link Here

(-)a/sshconnect2.c (-3 / +15 lines)
130	while ((alg = strsep(&avail, ",")) && *alg != '\0') {	130	while ((alg = strsep(&avail, ",")) && *alg != '\0') {
131	if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)	131	if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
132	fatal("%s: unknown alg %s", __func__, alg);	132	fatal("%s: unknown alg %s", __func__, alg);
		133	/*
		134	* If we have a @cert-authority marker in known_hosts then
		135	* prefer all certificate algorithms.
		136	*/
		137	if (sshkey_type_is_cert(ktype) &&
		138	lookup_marker_in_hostkeys(hostkeys, MRK_CA)) {
		139	ALG_APPEND(first, alg);
		140	continue;
		141	}
		142	/* If the key appears in known_hosts then prefer it */
133	if (lookup_key_in_hostkeys_by_type(hostkeys,	143	if (lookup_key_in_hostkeys_by_type(hostkeys,
134	sshkey_type_plain(ktype), NULL))	144	sshkey_type_plain(ktype), NULL)) {
135	ALG_APPEND(first, alg);	145	ALG_APPEND(first, alg);
136	else	146	continue;
137	ALG_APPEND(last, alg);	147	}
		148	/* Otherwise, put it last */
		149	ALG_APPEND(last, alg);
138	}	150	}
139	#undef ALG_APPEND	151	#undef ALG_APPEND
140	xasprintf(&ret, "%s%s%s", first,	152	xasprintf(&ret, "%s%s%s", first,

Return to bug 3157

Lines 404-409 lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype, Link Here

(-)a/hostfile.c (+12 lines)
404	found) == HOST_FOUND);	404	found) == HOST_FOUND);
405	}	405	}
406		406
		407	int
		408	lookup_marker_in_hostkeys(struct hostkeys *hostkeys, int want_marker)
		409	{
		410	u_int i;
		411
		412	for (i = 0; i < hostkeys->num_entries; i++) {
		413	if (hostkeys->entries[i].marker == (HostkeyMarker)want_marker)
		414	return 1;
		415	}
		416	return 0;
		417	}
		418
407	static int	419	static int
408	write_host_entry(FILE f, const char host, const char *ip,	420	write_host_entry(FILE f, const char host, const char *ip,
409	const struct sshkey *key, int store_hash)	421	const struct sshkey *key, int store_hash)