diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-06-27 19:29:04 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-28 08:06:35 +0200 |
commit | 09da4d9b27cb11c369d1ad6fcf7a885169724bca (patch) | |
tree | d9a3fe3c8f9ad1a37a50e1549dc801a392396182 | |
parent | 3bc5f88f77c38144cf8d0bb08fcc51c6f19367e3 (diff) | |
download | libssh-09da4d9b27cb11c369d1ad6fcf7a885169724bca.tar.gz libssh-09da4d9b27cb11c369d1ad6fcf7a885169724bca.tar.xz libssh-09da4d9b27cb11c369d1ad6fcf7a885169724bca.zip |
knownhosts: Do not fail if global known_hosts file is inaccessible
Previously, if the global known_hosts file (default:
/etc/ssh/ssh_known_hosts) was inaccessible, the check for known hosts
failed. This makes the check to fail if both files are inaccessible.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4adb13d9e31506e8bb36fedd9a81f3e70f8545cc)
-rw-r--r-- | src/knownhosts.c | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/src/knownhosts.c b/src/knownhosts.c index 746d2bde..0b417d13 100644 --- a/src/knownhosts.c +++ b/src/knownhosts.c @@ -638,14 +638,15 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session) struct ssh_list *entry_list = NULL; struct ssh_iterator *it = NULL; char *host_port = NULL; - bool ok; + bool global_known_hosts_found = false; + bool known_hosts_found = false; int rc; if (session->opts.knownhosts == NULL) { if (ssh_options_apply(session) < 0) { ssh_set_error(session, SSH_REQUEST_DENIED, - "Can't find a known_hosts file"); + "Cannot find a known_hosts file"); return SSH_KNOWN_HOSTS_NOT_FOUND; } @@ -653,23 +654,38 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session) if (session->opts.knownhosts == NULL && session->opts.global_knownhosts == NULL) { + ssh_set_error(session, + SSH_REQUEST_DENIED, + "No path set for a known_hosts file"); + return SSH_KNOWN_HOSTS_NOT_FOUND; } if (session->opts.knownhosts != NULL) { - ok = ssh_file_readaccess_ok(session->opts.knownhosts); - if (!ok) { - return SSH_KNOWN_HOSTS_NOT_FOUND; + known_hosts_found = ssh_file_readaccess_ok(session->opts.knownhosts); + if (!known_hosts_found) { + SSH_LOG(SSH_LOG_WARN, "Cannot access file %s", + session->opts.knownhosts); } } if (session->opts.global_knownhosts != NULL) { - ok = ssh_file_readaccess_ok(session->opts.global_knownhosts); - if (!ok) { - return SSH_KNOWN_HOSTS_NOT_FOUND; + global_known_hosts_found = + ssh_file_readaccess_ok(session->opts.global_knownhosts); + if (!global_known_hosts_found) { + SSH_LOG(SSH_LOG_WARN, "Cannot access file %s", + session->opts.global_knownhosts); } } + if ((!known_hosts_found) && (!global_known_hosts_found)) { + ssh_set_error(session, + SSH_REQUEST_DENIED, + "Cannot find a known_hosts file"); + + return SSH_KNOWN_HOSTS_NOT_FOUND; + } + host_port = ssh_session_get_host_port(session); if (host_port == NULL) { return SSH_KNOWN_HOSTS_ERROR; @@ -682,7 +698,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session) if (rc != 0) { SAFE_FREE(host_port); ssh_list_free(entry_list); - return SSH_KNOWN_HOSTS_UNKNOWN; + return SSH_KNOWN_HOSTS_ERROR; } } @@ -693,7 +709,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session) SAFE_FREE(host_port); if (rc != 0) { ssh_list_free(entry_list); - return SSH_KNOWN_HOSTS_UNKNOWN; + return SSH_KNOWN_HOSTS_ERROR; } } |