| version 1.279, 2017/05/30 08:52:19 |
version 1.280, 2017/05/30 14:13:40 |
|
|
| const struct hostkey_entry *host_found, *ip_found; |
const struct hostkey_entry *host_found, *ip_found; |
| int len, cancelled_forwarding = 0; |
int len, cancelled_forwarding = 0; |
| int local = sockaddr_is_local(hostaddr); |
int local = sockaddr_is_local(hostaddr); |
| int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; |
int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; |
| int hostkey_trusted = 0; /* Known or explicitly accepted by user */ |
int hostkey_trusted = 0; /* Known or explicitly accepted by user */ |
| struct hostkeys *host_hostkeys, *ip_hostkeys; |
struct hostkeys *host_hostkeys, *ip_hostkeys; |
| u_int i; |
u_int i; |
|
|
| |
|
| retry: |
retry: |
| /* Reload these as they may have changed on cert->key downgrade */ |
/* Reload these as they may have changed on cert->key downgrade */ |
| want_cert = key_is_cert(host_key); |
want_cert = sshkey_is_cert(host_key); |
| type = key_type(host_key); |
type = sshkey_type(host_key); |
| |
|
| /* |
/* |
| * Check if the host key is present in the user's list of known |
* Check if the host key is present in the user's list of known |
|
|
| if (host_status == HOST_CHANGED && |
if (host_status == HOST_CHANGED && |
| (ip_status != HOST_CHANGED || |
(ip_status != HOST_CHANGED || |
| (ip_found != NULL && |
(ip_found != NULL && |
| !key_equal(ip_found->key, host_found->key)))) |
!sshkey_equal(ip_found->key, host_found->key)))) |
| host_ip_differ = 1; |
host_ip_differ = 1; |
| } else |
} else |
| ip_status = host_status; |
ip_status = host_status; |
|
|
| warn_changed_key(host_key); |
warn_changed_key(host_key); |
| error("Add correct host key in %.100s to get rid of this message.", |
error("Add correct host key in %.100s to get rid of this message.", |
| user_hostfiles[0]); |
user_hostfiles[0]); |
| error("Offending %s key in %s:%lu", key_type(host_found->key), |
error("Offending %s key in %s:%lu", |
| |
sshkey_type(host_found->key), |
| host_found->file, host_found->line); |
host_found->file, host_found->line); |
| |
|
| /* |
/* |
|
|
| * search normally. |
* search normally. |
| */ |
*/ |
| debug("No matching CA found. Retry with plain key"); |
debug("No matching CA found. Retry with plain key"); |
| raw_key = key_from_private(host_key); |
if ((r = sshkey_from_private(host_key, &raw_key)) != 0) |
| if (key_drop_cert(raw_key) != 0) |
fatal("%s: sshkey_from_private: %s", |
| fatal("Couldn't drop certificate"); |
__func__, ssh_err(r)); |
| |
if ((r = sshkey_drop_cert(raw_key)) != 0) |
| |
fatal("Couldn't drop certificate: %s", ssh_err(r)); |
| host_key = raw_key; |
host_key = raw_key; |
| goto retry; |
goto retry; |
| } |
} |
| if (raw_key != NULL) |
if (raw_key != NULL) |
| key_free(raw_key); |
sshkey_free(raw_key); |
| free(ip); |
free(ip); |
| free(host); |
free(host); |
| if (host_hostkeys != NULL) |
if (host_hostkeys != NULL) |
|
|
| free(fp); |
free(fp); |
| free(cafp); |
free(cafp); |
| if (r == 0 && host_key != NULL) { |
if (r == 0 && host_key != NULL) { |
| key_free(previous_host_key); |
sshkey_free(previous_host_key); |
| previous_host_key = key_from_private(host_key); |
r = sshkey_from_private(host_key, &previous_host_key); |
| } |
} |
| |
|
| return r; |
return r; |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshconnect.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh