version 1.69, 2017/04/30 23:10:43 |
version 1.70, 2017/04/30 23:18:44 |
|
|
HostStatus end_return = HOST_NEW; |
HostStatus end_return = HOST_NEW; |
int want_cert = sshkey_is_cert(k); |
int want_cert = sshkey_is_cert(k); |
HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; |
HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; |
int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2; |
|
|
|
if (found != NULL) |
if (found != NULL) |
*found = NULL; |
*found = NULL; |
|
|
for (i = 0; i < hostkeys->num_entries; i++) { |
for (i = 0; i < hostkeys->num_entries; i++) { |
if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1) |
|
continue; |
|
if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1) |
|
continue; |
|
if (hostkeys->entries[i].marker != want_marker) |
if (hostkeys->entries[i].marker != want_marker) |
continue; |
continue; |
if (k == NULL) { |
if (k == NULL) { |
|
|
return 0; |
return 0; |
} |
} |
|
|
/* XXX might need a knob for this later */ |
|
/* Don't remove RSA1 keys */ |
|
if (l->key->type == KEY_RSA1) { |
|
fprintf(ctx->out, "%s\n", l->line); |
|
return 0; |
|
} |
|
|
|
/* |
/* |
* If this line contains one of the keys that we will be |
* If this line contains one of the keys that we will be |
* adding later, then don't change it and mark the key for |
* adding later, then don't change it and mark the key for |
|
|
lineinfo.keytype = sshkey_type_from_name(ktype); |
lineinfo.keytype = sshkey_type_from_name(ktype); |
|
|
/* |
/* |
* Assume RSA1 if the first component is a short |
* Assume legacy RSA1 if the first component is a short |
* decimal number. |
* decimal number. |
*/ |
*/ |
if (lineinfo.keytype == KEY_UNSPEC && l < 8 && |
if (lineinfo.keytype == KEY_UNSPEC && l < 8 && |
strspn(ktype, "0123456789") == l) |
strspn(ktype, "0123456789") == l) |
lineinfo.keytype = KEY_RSA1; |
goto bad; |
|
|
/* |
/* |
* Check that something other than whitespace follows |
* Check that something other than whitespace follows |