aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2019-06-27 19:29:04 +0200
committerAndreas Schneider <asn@cryptomilk.org>2019-06-28 08:06:35 +0200
commit09da4d9b27cb11c369d1ad6fcf7a885169724bca (patch)
treed9a3fe3c8f9ad1a37a50e1549dc801a392396182
parent3bc5f88f77c38144cf8d0bb08fcc51c6f19367e3 (diff)
downloadlibssh-09da4d9b27cb11c369d1ad6fcf7a885169724bca.tar.gz
libssh-09da4d9b27cb11c369d1ad6fcf7a885169724bca.tar.xz
libssh-09da4d9b27cb11c369d1ad6fcf7a885169724bca.zip
knownhosts: Do not fail if global known_hosts file is inaccessible
Previously, if the global known_hosts file (default: /etc/ssh/ssh_known_hosts) was inaccessible, the check for known hosts failed. This makes the check to fail if both files are inaccessible. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 4adb13d9e31506e8bb36fedd9a81f3e70f8545cc)
-rw-r--r--src/knownhosts.c36
1 files changed, 26 insertions, 10 deletions
diff --git a/src/knownhosts.c b/src/knownhosts.c
index 746d2bde..0b417d13 100644
--- a/src/knownhosts.c
+++ b/src/knownhosts.c
@@ -638,14 +638,15 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
struct ssh_list *entry_list = NULL;
struct ssh_iterator *it = NULL;
char *host_port = NULL;
- bool ok;
+ bool global_known_hosts_found = false;
+ bool known_hosts_found = false;
int rc;
if (session->opts.knownhosts == NULL) {
if (ssh_options_apply(session) < 0) {
ssh_set_error(session,
SSH_REQUEST_DENIED,
- "Can't find a known_hosts file");
+ "Cannot find a known_hosts file");
return SSH_KNOWN_HOSTS_NOT_FOUND;
}
@@ -653,23 +654,38 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
if (session->opts.knownhosts == NULL &&
session->opts.global_knownhosts == NULL) {
+ ssh_set_error(session,
+ SSH_REQUEST_DENIED,
+ "No path set for a known_hosts file");
+
return SSH_KNOWN_HOSTS_NOT_FOUND;
}
if (session->opts.knownhosts != NULL) {
- ok = ssh_file_readaccess_ok(session->opts.knownhosts);
- if (!ok) {
- return SSH_KNOWN_HOSTS_NOT_FOUND;
+ known_hosts_found = ssh_file_readaccess_ok(session->opts.knownhosts);
+ if (!known_hosts_found) {
+ SSH_LOG(SSH_LOG_WARN, "Cannot access file %s",
+ session->opts.knownhosts);
}
}
if (session->opts.global_knownhosts != NULL) {
- ok = ssh_file_readaccess_ok(session->opts.global_knownhosts);
- if (!ok) {
- return SSH_KNOWN_HOSTS_NOT_FOUND;
+ global_known_hosts_found =
+ ssh_file_readaccess_ok(session->opts.global_knownhosts);
+ if (!global_known_hosts_found) {
+ SSH_LOG(SSH_LOG_WARN, "Cannot access file %s",
+ session->opts.global_knownhosts);
}
}
+ if ((!known_hosts_found) && (!global_known_hosts_found)) {
+ ssh_set_error(session,
+ SSH_REQUEST_DENIED,
+ "Cannot find a known_hosts file");
+
+ return SSH_KNOWN_HOSTS_NOT_FOUND;
+ }
+
host_port = ssh_session_get_host_port(session);
if (host_port == NULL) {
return SSH_KNOWN_HOSTS_ERROR;
@@ -682,7 +698,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
if (rc != 0) {
SAFE_FREE(host_port);
ssh_list_free(entry_list);
- return SSH_KNOWN_HOSTS_UNKNOWN;
+ return SSH_KNOWN_HOSTS_ERROR;
}
}
@@ -693,7 +709,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
SAFE_FREE(host_port);
if (rc != 0) {
ssh_list_free(entry_list);
- return SSH_KNOWN_HOSTS_UNKNOWN;
+ return SSH_KNOWN_HOSTS_ERROR;
}
}