version 1.346, 2020/09/16 03:07:31 |
version 1.347, 2020/10/03 08:12:59 |
|
|
*/ |
*/ |
struct sshkey **old_keys; |
struct sshkey **old_keys; |
size_t nold; |
size_t nold; |
|
|
|
/* Various special cases. */ |
|
int wildcard_hostspec; /* saw wildcard or pattern-list host name */ |
|
int ca_available; /* saw CA key for this host */ |
}; |
}; |
|
|
static void |
static void |
|
|
if (l->status != HKF_STATUS_MATCHED || l->key == NULL) |
if (l->status != HKF_STATUS_MATCHED || l->key == NULL) |
return 0; |
return 0; |
|
|
|
if (l->marker == MRK_REVOKE) |
|
return 0; |
|
if (l->marker == MRK_CA) { |
|
ctx->ca_available = 1; |
|
return 0; |
|
} |
|
|
|
/* UpdateHostkeys is skipped for wildcard host names */ |
|
if (strchr(l->hosts, '*') != NULL || |
|
strchr(l->hosts, ',') != NULL) { |
|
debug3("%s: hostkeys file %s:%ld contains wildcard or pattern", |
|
__func__, l->path, l->linenum); |
|
ctx->wildcard_hostspec = 1; |
|
} |
|
|
/* Mark off keys we've already seen for this host */ |
/* Mark off keys we've already seen for this host */ |
for (i = 0; i < ctx->nkeys; i++) { |
for (i = 0; i < ctx->nkeys; i++) { |
if (sshkey_equal(l->key, ctx->keys[i])) { |
if (sshkey_equal(l->key, ctx->keys[i])) { |
|
|
debug3("%s: %zu keys from server: %zu new, %zu retained. %zu to remove", |
debug3("%s: %zu keys from server: %zu new, %zu retained. %zu to remove", |
__func__, ctx->nkeys, ctx->nnew, ctx->nkeys - ctx->nnew, ctx->nold); |
__func__, ctx->nkeys, ctx->nnew, ctx->nkeys - ctx->nnew, ctx->nold); |
|
|
if (ctx->nnew == 0 && ctx->nold != 0) { |
if (ctx->wildcard_hostspec && (ctx->nnew != 0 || ctx->nold != 0)) { |
|
debug("%s: wildcard known hosts name found, " |
|
"skipping UserKnownHostsFile update", __func__); |
|
goto out; |
|
} else if (sshkey_type_is_cert(ssh->kex->hostkey_type) && |
|
ctx->ca_available && |
|
(ssh->kex->flags & KEX_HOSTCERT_CONVERT) == 0) { |
|
debug("%s: server offered certificate host key, " |
|
"skipping UserKnownHostsFile update", __func__); |
|
goto out; |
|
} else if (ctx->nnew == 0 && ctx->nold != 0) { |
/* We have some keys to remove. Just do it. */ |
/* We have some keys to remove. Just do it. */ |
update_known_hosts(ctx); |
update_known_hosts(ctx); |
} else if (ctx->nnew != 0) { |
} else if (ctx->nnew != 0) { |