ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

knownhosts: Do not fail if global known_hosts file is inaccessible

Просмотр исходного кода 
Previously, if the global known_hosts file (default:
/etc/ssh/ssh_known_hosts) was inaccessible, the check for known hosts
failed.  This makes the check to fail if both files are inaccessible.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Anderson Toshiyuki Sasaki 2019-06-27 19:29:04 +02:00 коммит произвёл Andreas Schneider
родитель da50b12051
Коммит 4adb13d9e3
1 изменённых файлов: 26 добавлений и 10 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

36
src/knownhosts.c
Просмотреть файл

@ -638,14 +638,15 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
struct ssh_list *entry_list = NULL; struct ssh_list *entry_list = NULL;
struct ssh_iterator *it = NULL; struct ssh_iterator *it = NULL;
char *host_port = NULL; char *host_port = NULL;
bool ok; bool global_known_hosts_found = false;
bool known_hosts_found = false;
int rc; int rc;
if (session->opts.knownhosts == NULL) { if (session->opts.knownhosts == NULL) {
if (ssh_options_apply(session) < 0) { if (ssh_options_apply(session) < 0) {
ssh_set_error(session, ssh_set_error(session,
SSH_REQUEST_DENIED, SSH_REQUEST_DENIED,
"Can't find a known_hosts file"); "Cannot find a known_hosts file");
return SSH_KNOWN_HOSTS_NOT_FOUND; return SSH_KNOWN_HOSTS_NOT_FOUND;
} }
@ -653,23 +654,38 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
if (session->opts.knownhosts == NULL && if (session->opts.knownhosts == NULL &&
session->opts.global_knownhosts == NULL) { session->opts.global_knownhosts == NULL) {
ssh_set_error(session,
SSH_REQUEST_DENIED,
"No path set for a known_hosts file");
return SSH_KNOWN_HOSTS_NOT_FOUND; return SSH_KNOWN_HOSTS_NOT_FOUND;
} }
if (session->opts.knownhosts != NULL) { if (session->opts.knownhosts != NULL) {
ok = ssh_file_readaccess_ok(session->opts.knownhosts); known_hosts_found = ssh_file_readaccess_ok(session->opts.knownhosts);
if (!ok) { if (!known_hosts_found) {
return SSH_KNOWN_HOSTS_NOT_FOUND; SSH_LOG(SSH_LOG_WARN, "Cannot access file %s",
session->opts.knownhosts);
} }
} }
if (session->opts.global_knownhosts != NULL) { if (session->opts.global_knownhosts != NULL) {
ok = ssh_file_readaccess_ok(session->opts.global_knownhosts); global_known_hosts_found =
if (!ok) { ssh_file_readaccess_ok(session->opts.global_knownhosts);
return SSH_KNOWN_HOSTS_NOT_FOUND; if (!global_known_hosts_found) {
SSH_LOG(SSH_LOG_WARN, "Cannot access file %s",
session->opts.global_knownhosts);
} }
} }
if ((!known_hosts_found) && (!global_known_hosts_found)) {
ssh_set_error(session,
SSH_REQUEST_DENIED,
"Cannot find a known_hosts file");
return SSH_KNOWN_HOSTS_NOT_FOUND;
}
host_port = ssh_session_get_host_port(session); host_port = ssh_session_get_host_port(session);
if (host_port == NULL) { if (host_port == NULL) {
return SSH_KNOWN_HOSTS_ERROR; return SSH_KNOWN_HOSTS_ERROR;
@ -682,7 +698,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
if (rc != 0) { if (rc != 0) {
SAFE_FREE(host_port); SAFE_FREE(host_port);
ssh_list_free(entry_list); ssh_list_free(entry_list);
return SSH_KNOWN_HOSTS_UNKNOWN; return SSH_KNOWN_HOSTS_ERROR;
} }
} }
@ -693,7 +709,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
SAFE_FREE(host_port); SAFE_FREE(host_port);
if (rc != 0) { if (rc != 0) {
ssh_list_free(entry_list); ssh_list_free(entry_list);
return SSH_KNOWN_HOSTS_UNKNOWN; return SSH_KNOWN_HOSTS_ERROR;
} }
} }