search for: host_found

Howdy -- I have a number of servers with host keys validated by certificates. These systems are behind a load-balanced frontend, and the certificates are signed as valid for the DNS name used by that common frontend address. This works well for the primary use case of the systems; however, when wishing to address only a single unit within the pool, the certificate cannot be used to validate that

...openssh-4.3p2-kylie/hostfile.c 2006-05-04 13:51:10.000000000 -0500 @@ -254,8 +254,10 @@ check_host_in_hostfile_by_key_or_type(co if (key == NULL) { /* we found a key of the requested type */ - if (found->type == keytype) + if (found->type == keytype) { + fclose(f); return HOST_FOUND; + } continue; }

...NULL) + free(thishost); + + return hostlist; +} + int lookup_key_in_hostfile_by_type(const char *filename, const char *host, int keytype, Key *found, int *numret) --- hostfile.h 2004/10/02 21:45:51 1.1 +++ hostfile.h 2004/10/02 21:56:52 @@ -18,11 +18,18 @@ HOST_OK, HOST_NEW, HOST_CHANGED, HOST_FOUND } HostStatus; +typedef struct HostList { + char *host; + struct HostList *next; +} HostList; + int hostfile_read_key(char **, u_int *, Key *); HostStatus check_host_in_hostfile(const char *, const char *, const Key *, Key *, int *); int add_host_to_hostfile(const char *, const ch...

...*cinfo, HostStatus host_status = -1, ip_status = -1; struct sshkey *raw_key = NULL; char *ip = NULL, *host = NULL; - char hostline[1000], *hostp, *fp, *ra; + char hostline[1000], *hostp, *fp, *cafp, *ra; char msg[1024]; const char *type, *fail_reason = NULL; const struct hostkey_entry *host_found = NULL, *ip_found = NULL; @@ -973,6 +973,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; int hostkey_trusted = 0; /* Known or explicitly accepted by user */ struct hostkeys *host_hostkeys, *ip_hostkeys; +...

...t.c +++ b/sshconnect.c @@ -718,13 +718,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, Key *raw_key = NULL; char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp, *ra; - char msg[1024]; + char msg[2048]; const char *type; const struct hostkey_entry *host_found, *ip_found; int len, cancelled_forwarding = 0; int local = sockaddr_is_local(hostaddr); int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; - struct hostkeys *host_hostkeys, *ip_hostkeys; + struct hostkeys *host_hostkeys, *ip_hostkeys, *key_hostkeys = NULL; u_int i; /* @@ -758...

...* XXX Should permit the user to change to use the new id. - * This could be done by converting the host key to an - * identifying sentence, tell that the host identifies itself - * by that sentence, and ask the user if he/she whishes to - * accept the authentication. - */ break; case HOST_FOUND: fatal("internal error"); @@ -1014,6 +957,83 @@ return (found); } +static int +ask_connect_with_new_key(const char *host, Key *host_key, const char* ip, + const char* type, HostStatus ip_status, const char *user_hostfile) +{ + char *fp; + const char *hostp; + int r; + char hostli...