[BACK]Return to clientloop.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/clientloop.c between version 1.346 and 1.347

version 1.346, 2020/09/16 03:07:31 version 1.347, 2020/10/03 08:12:59
Line 1814 
Line 1814 
          */           */
         struct sshkey **old_keys;          struct sshkey **old_keys;
         size_t nold;          size_t nold;
   
           /* Various special cases. */
           int wildcard_hostspec;  /* saw wildcard or pattern-list host name */
           int ca_available;       /* saw CA key for this host */
 };  };
   
 static void  static void
Line 1845 
Line 1849 
         if (l->status != HKF_STATUS_MATCHED || l->key == NULL)          if (l->status != HKF_STATUS_MATCHED || l->key == NULL)
                 return 0;                  return 0;
   
           if (l->marker == MRK_REVOKE)
                   return 0;
           if (l->marker == MRK_CA) {
                   ctx->ca_available = 1;
                   return 0;
           }
   
           /* UpdateHostkeys is skipped for wildcard host names */
           if (strchr(l->hosts, '*') != NULL ||
               strchr(l->hosts, ',') != NULL) {
                   debug3("%s: hostkeys file %s:%ld contains wildcard or pattern",
                        __func__, l->path, l->linenum);
                   ctx->wildcard_hostspec = 1;
           }
   
         /* Mark off keys we've already seen for this host */          /* Mark off keys we've already seen for this host */
         for (i = 0; i < ctx->nkeys; i++) {          for (i = 0; i < ctx->nkeys; i++) {
                 if (sshkey_equal(l->key, ctx->keys[i])) {                  if (sshkey_equal(l->key, ctx->keys[i])) {
Line 2190 
Line 2209 
         debug3("%s: %zu keys from server: %zu new, %zu retained. %zu to remove",          debug3("%s: %zu keys from server: %zu new, %zu retained. %zu to remove",
             __func__, ctx->nkeys, ctx->nnew, ctx->nkeys - ctx->nnew, ctx->nold);              __func__, ctx->nkeys, ctx->nnew, ctx->nkeys - ctx->nnew, ctx->nold);
   
         if (ctx->nnew == 0 && ctx->nold != 0) {          if (ctx->wildcard_hostspec && (ctx->nnew != 0 || ctx->nold != 0)) {
                   debug("%s: wildcard known hosts name found, "
                       "skipping UserKnownHostsFile update", __func__);
                   goto out;
           } else if (sshkey_type_is_cert(ssh->kex->hostkey_type) &&
               ctx->ca_available &&
               (ssh->kex->flags & KEX_HOSTCERT_CONVERT) == 0) {
                   debug("%s: server offered certificate host key, "
                       "skipping UserKnownHostsFile update", __func__);
                   goto out;
           } else if (ctx->nnew == 0 && ctx->nold != 0) {
                 /* We have some keys to remove. Just do it. */                  /* We have some keys to remove. Just do it. */
                 update_known_hosts(ctx);                  update_known_hosts(ctx);
         } else if (ctx->nnew != 0) {          } else if (ctx->nnew != 0) {
Legend:
Removed from v.1.346  
changed lines
  Added in v.1.347