Remove undocumented legacy options UserKnownHostsFile2 and

GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
accept multiple paths per line and making their defaults include
known_hosts2; ok markus

1 files changed, 36 insertions, 36 deletions

diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index c4c5082d07c..6f8646e2c9d 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.233 2011/05/23 03:52:55 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.234 2011/05/24 07:15:47 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -657,28 +657,30 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
 
 /*
  * check whether the supplied host key is valid, return -1 if the key
- * is not valid. the user_hostfile will not be updated if 'readonly' is true.
+ * is not valid. user_hostfile[0] will not be updated if 'readonly' is true.
  */
 #define RDRW	0
 #define RDONLY	1
 #define ROQUIET	2
 static int
 check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
-    Key *host_key, int readonly, char *user_hostfile,
-    char *system_hostfile)
+    Key *host_key, int readonly,
+    char **user_hostfiles, u_int num_user_hostfiles,
+    char **system_hostfiles, u_int num_system_hostfiles)
 {
+	HostStatus host_status;
+	HostStatus ip_status;
 	Key *raw_key = NULL;
-	const char *type;
 	char *ip = NULL, *host = NULL;
 	char hostline[1000], *hostp, *fp, *ra;
-	HostStatus host_status;
-	HostStatus ip_status;
-	int r, want_cert = key_is_cert(host_key), host_ip_differ = 0;
-	int local = sockaddr_is_local(hostaddr);
 	char msg[1024];
+	const char *type;
+	const struct hostkey_entry *host_found, *ip_found;
 	int len, cancelled_forwarding = 0;
+	int local = sockaddr_is_local(hostaddr);
+	int r, want_cert = key_is_cert(host_key), host_ip_differ = 0;
 	struct hostkeys *host_hostkeys, *ip_hostkeys;
-	const struct hostkey_entry *host_found, *ip_found;
+	u_int i;
 
 	/*
 	 * Force accepting of the host key for loopback/localhost. The
@@ -710,14 +712,18 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 		options.check_host_ip = 0;
 
 	host_hostkeys = init_hostkeys();
-	load_hostkeys(host_hostkeys, host, user_hostfile);
-	load_hostkeys(host_hostkeys, host, system_hostfile);
+	for (i = 0; i < num_user_hostfiles; i++)
+		load_hostkeys(host_hostkeys, host, user_hostfiles[i]);
+	for (i = 0; i < num_system_hostfiles; i++)
+		load_hostkeys(host_hostkeys, host, system_hostfiles[i]);
 
 	ip_hostkeys = NULL;
 	if (!want_cert && options.check_host_ip) {
 		ip_hostkeys = init_hostkeys();
-		load_hostkeys(ip_hostkeys, ip, user_hostfile);
-		load_hostkeys(ip_hostkeys, ip, system_hostfile);
+		for (i = 0; i < num_user_hostfiles; i++)
+			load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]);
+		for (i = 0; i < num_system_hostfiles; i++)
+			load_hostkeys(ip_hostkeys, ip, system_hostfiles[i]);
 	}
 
  retry:
@@ -762,11 +768,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 				logit("%s host key for IP address "
 				    "'%.128s' not in list of known hosts.",
 				    type, ip);
-			else if (!add_host_to_hostfile(user_hostfile, ip,
+			else if (!add_host_to_hostfile(user_hostfiles[0], ip,
 			    host_key, options.hash_known_hosts))
 				logit("Failed to add the %s host key for IP "
 				    "address '%.128s' to the list of known "
-				    "hosts (%.30s).", type, ip, user_hostfile);
+				    "hosts (%.30s).", type, ip,
+				    user_hostfiles[0]);
 			else
 				logit("Warning: Permanently added the %s host "
 				    "key for IP address '%.128s' to the list "
@@ -785,7 +792,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 		    port != SSH_DEFAULT_PORT) {
 			debug("checking without port identifier");
 			if (check_host_key(hostname, hostaddr, 0, host_key,
-			    ROQUIET, user_hostfile, system_hostfile) == 0) {
+			    ROQUIET, user_hostfiles, num_user_hostfiles,
+			    system_hostfiles, num_system_hostfiles) == 0) {
 				debug("found matching key w/out port");
 				break;
 			}
@@ -850,25 +858,25 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 			hostp = hostline;
 			if (options.hash_known_hosts) {
 				/* Add hash of host and IP separately */
-				r = add_host_to_hostfile(user_hostfile, host,
-				    host_key, options.hash_known_hosts) &&
-				    add_host_to_hostfile(user_hostfile, ip,
+				r = add_host_to_hostfile(user_hostfiles[0],
+				    host, host_key, options.hash_known_hosts) &&
+				    add_host_to_hostfile(user_hostfiles[0], ip,
 				    host_key, options.hash_known_hosts);
 			} else {
 				/* Add unhashed "host,ip" */
-				r = add_host_to_hostfile(user_hostfile,
+				r = add_host_to_hostfile(user_hostfiles[0],
 				    hostline, host_key,
 				    options.hash_known_hosts);
 			}
 		} else {
-			r = add_host_to_hostfile(user_hostfile, host, host_key,
-			    options.hash_known_hosts);
+			r = add_host_to_hostfile(user_hostfiles[0], host,
+			    host_key, options.hash_known_hosts);
 			hostp = host;
 		}
 
 		if (!r)
 			logit("Failed to add the host to the list of known "
-			    "hosts (%.500s).", user_hostfile);
+			    "hosts (%.500s).", user_hostfiles[0]);
 		else
 			logit("Warning: Permanently added '%.200s' (%s) to the "
 			    "list of known hosts.", hostp, type);
@@ -929,7 +937,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 		/* The host key has changed. */
 		warn_changed_key(host_key);
 		error("Add correct host key in %.100s to get rid of this message.",
-		    user_hostfile);
+		    user_hostfiles[0]);
 		error("Offending %s key in %s:%lu", key_type(host_found->key),
 		    host_found->file, host_found->line);
 
@@ -1074,7 +1082,6 @@ fail:
 int
 verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
 {
-	struct stat st;
 	int flags = 0;
 	char *fp;
 
@@ -1102,16 +1109,9 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
 		}
 	}
 
-	/* return ok if the key can be found in an old keyfile */
-	if (stat(options.system_hostfile2, &st) == 0 ||
-	    stat(options.user_hostfile2, &st) == 0) {
-		if (check_host_key(host, hostaddr, options.port, host_key,
-		    RDONLY, options.user_hostfile2,
-		    options.system_hostfile2) == 0)
-			return 0;
-	}
-	return check_host_key(host, hostaddr, options.port, host_key,
-	    RDRW, options.user_hostfile, options.system_hostfile);
+	return check_host_key(host, hostaddr, options.port, host_key, RDRW,
+	    options.user_hostfiles, options.num_user_hostfiles,
+	    options.system_hostfiles, options.num_system_hostfiles);
 }
 
 /*