version 1.90, 2010/11/23 02:35:50 |
version 1.91, 2010/11/29 23:45:51 |
|
|
check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, |
check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, |
const char *sysfile, const char *userfile) |
const char *sysfile, const char *userfile) |
{ |
{ |
Key *found; |
|
char *user_hostfile; |
char *user_hostfile; |
struct stat st; |
struct stat st; |
HostStatus host_status; |
HostStatus host_status; |
|
struct hostkeys *hostkeys; |
|
const struct hostkey_entry *found; |
|
|
/* Check if we know the host and its host key. */ |
hostkeys = init_hostkeys(); |
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
load_hostkeys(hostkeys, host, sysfile); |
host_status = check_host_in_hostfile(sysfile, host, key, found, NULL); |
if (userfile != NULL) { |
|
|
if (host_status != HOST_OK && userfile != NULL) { |
|
user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); |
user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); |
if (options.strict_modes && |
if (options.strict_modes && |
(stat(user_hostfile, &st) == 0) && |
(stat(user_hostfile, &st) == 0) && |
|
|
user_hostfile); |
user_hostfile); |
} else { |
} else { |
temporarily_use_uid(pw); |
temporarily_use_uid(pw); |
host_status = check_host_in_hostfile(user_hostfile, |
load_hostkeys(hostkeys, host, user_hostfile); |
host, key, found, NULL); |
|
restore_uid(); |
restore_uid(); |
} |
} |
xfree(user_hostfile); |
xfree(user_hostfile); |
} |
} |
key_free(found); |
host_status = check_key_in_hostkeys(hostkeys, key, &found); |
|
if (host_status == HOST_REVOKED) |
|
error("WARNING: revoked key for %s attempted authentication", |
|
found->host); |
|
else if (host_status == HOST_OK) |
|
debug("%s: key for %s found at %s:%ld", __func__, |
|
found->host, found->file, found->line); |
|
else |
|
debug("%s: key for host %s not found", __func__, host); |
|
|
debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ? |
free_hostkeys(hostkeys); |
"ok" : "not found", host); |
|
return host_status; |
return host_status; |
} |
} |
|
|