PageRenderTime 102ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/src/netbsd/src/crypto/external/bsd/openssh/dist/hostfile.c

https://bitbucket.org/killerpenguinassassins/open_distrib_devel
C | 488 lines | 354 code | 53 blank | 81 comment | 145 complexity | 657ace4defa7a3a337a674f5177f6e39 MD5 | raw file
Possible License(s): CC0-1.0, MIT, LGPL-2.0, LGPL-3.0, WTFPL, GPL-2.0, BSD-2-Clause, AGPL-3.0, CC-BY-SA-3.0, MPL-2.0, JSON, BSD-3-Clause-No-Nuclear-License-2014, LGPL-2.1, CPL-1.0, AGPL-1.0, 0BSD, ISC, Apache-2.0, GPL-3.0, IPL-1.0, MPL-2.0-no-copyleft-exception, BSD-3-Clause 
    

  1. /*	$NetBSD: hostfile.c,v 1.4 2011/07/25 03:03:10 christos Exp $	*/
    2. 

  2. /* $OpenBSD: hostfile.c,v 1.50 2010/12/04 13:31:37 djm Exp $ */
    3. 

  3. /*
    4. 

  4.  * Author: Tatu Ylonen <ylo@cs.hut.fi>
    5. 

  5.  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
    6. 

  6.  *                    All rights reserved
    7. 

  7.  * Functions for manipulating the known hosts files.
    8. 

  8.  *
    9. 

  9.  * As far as I am concerned, the code I have written for this software
    10. 

  10.  * can be used freely for any purpose.  Any derived versions of this
    11. 

  11.  * software must be clearly marked as such, and if the derived work is
    12. 

  12.  * incompatible with the protocol description in the RFC file, it must be
    13. 

  13.  * called by a name other than "ssh" or "Secure Shell".
    14. 

  14.  *
    15. 

  15.  *
    16. 

  16.  * Copyright (c) 1999, 2000 Markus Friedl.  All rights reserved.
    17. 

  17.  * Copyright (c) 1999 Niels Provos.  All rights reserved.
    18. 

  18.  *
    19. 

  19.  * Redistribution and use in source and binary forms, with or without
    20. 

  20.  * modification, are permitted provided that the following conditions
    21. 

  21.  * are met:
    22. 

  22.  * 1. Redistributions of source code must retain the above copyright
    23. 

  23.  *    notice, this list of conditions and the following disclaimer.
    24. 

  24.  * 2. Redistributions in binary form must reproduce the above copyright
    25. 

  25.  *    notice, this list of conditions and the following disclaimer in the
    26. 

  26.  *    documentation and/or other materials provided with the distribution.
    27. 

  27.  *
    28. 

  28.  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
    29. 

  29.  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
    30. 

  30.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
    31. 

  31.  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
    32. 

  32.  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
    33. 

  33.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    34. 

  34.  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    35. 

  35.  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    36. 

  36.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
    37. 

  37.  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    38. 

  38.  */
    39. 

  39. 

  40. #include "includes.h"
    41. 

  41. __RCSID("$NetBSD: hostfile.c,v 1.4 2011/07/25 03:03:10 christos Exp $");
    42. 

  42. #include <sys/types.h>
    43. 

  43. 

  44. #include <netinet/in.h>
    45. 

  45. 

  46. #include <openssl/hmac.h>
    47. 

  47. #include <openssl/sha.h>
    48. 

  48. 

  49. #include <resolv.h>
    50. 

  50. #include <stdio.h>
    51. 

  51. #include <stdlib.h>
    52. 

  52. #include <string.h>
    53. 

  53. 

  54. #include "xmalloc.h"
    55. 

  55. #include "match.h"
    56. 

  56. #include "key.h"
    57. 

  57. #include "hostfile.h"
    58. 

  58. #include "log.h"
    59. 

  59. #include "misc.h"
    60. 

  60. 

  61. struct hostkeys {
    62. 

  62. 	struct hostkey_entry *entries;
    63. 

  63. 	u_int num_entries;
    64. 

  64. };
    65. 

  65. 

  66. static int
    67. 

  67. extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
    68. 

  68. {
    69. 

  69. 	char *p, *b64salt;
    70. 

  70. 	u_int b64len;
    71. 

  71. 	int ret;
    72. 

  72. 

  73. 	if (l < sizeof(HASH_MAGIC) - 1) {
    74. 

  74. 		debug2("extract_salt: string too short");
    75. 

  75. 		return (-1);
    76. 

  76. 	}
    77. 

  77. 	if (strncmp(s, HASH_MAGIC, sizeof(HASH_MAGIC) - 1) != 0) {
    78. 

  78. 		debug2("extract_salt: invalid magic identifier");
    79. 

  79. 		return (-1);
    80. 

  80. 	}
    81. 

  81. 	s += sizeof(HASH_MAGIC) - 1;
    82. 

  82. 	l -= sizeof(HASH_MAGIC) - 1;
    83. 

  83. 	if ((p = memchr(s, HASH_DELIM, l)) == NULL) {
    84. 

  84. 		debug2("extract_salt: missing salt termination character");
    85. 

  85. 		return (-1);
    86. 

  86. 	}
    87. 

  87. 

  88. 	b64len = p - s;
    89. 

  89. 	/* Sanity check */
    90. 

  90. 	if (b64len == 0 || b64len > 1024) {
    91. 

  91. 		debug2("extract_salt: bad encoded salt length %u", b64len);
    92. 

  92. 		return (-1);
    93. 

  93. 	}
    94. 

  94. 	b64salt = xmalloc(1 + b64len);
    95. 

  95. 	memcpy(b64salt, s, b64len);
    96. 

  96. 	b64salt[b64len] = '\0';
    97. 

  97. 

  98. 	ret = __b64_pton(b64salt, salt, salt_len);
    99. 

  99. 	xfree(b64salt);
    100. 

  100. 	if (ret == -1) {
    101. 

  101. 		debug2("extract_salt: salt decode error");
    102. 

  102. 		return (-1);
    103. 

  103. 	}
    104. 

  104. 	if (ret != SHA_DIGEST_LENGTH) {
    105. 

  105. 		debug2("extract_salt: expected salt len %d, got %d",
    106. 

  106. 		    SHA_DIGEST_LENGTH, ret);
    107. 

  107. 		return (-1);
    108. 

  108. 	}
    109. 

  109. 

  110. 	return (0);
    111. 

  111. }
    112. 

  112. 

  113. char *
    114. 

  114. host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
    115. 

  115. {
    116. 

  116. 	const EVP_MD *md = EVP_sha1();
    117. 

  117. 	HMAC_CTX mac_ctx;
    118. 

  118. 	char salt[256], result[256], uu_salt[512], uu_result[512];
    119. 

  119. 	static char encoded[1024];
    120. 

  120. 	u_int i, len;
    121. 

  121. 

  122. 	len = EVP_MD_size(md);
    123. 

  123. 

  124. 	if (name_from_hostfile == NULL) {
    125. 

  125. 		/* Create new salt */
    126. 

  126. 		for (i = 0; i < len; i++)
    127. 

  127. 			salt[i] = arc4random();
    128. 

  128. 	} else {
    129. 

  129. 		/* Extract salt from known host entry */
    130. 

  130. 		if (extract_salt(name_from_hostfile, src_len, salt,
    131. 

  131. 		    sizeof(salt)) == -1)
    132. 

  132. 			return (NULL);
    133. 

  133. 	}
    134. 

  134. 

  135. 	HMAC_Init(&mac_ctx, salt, len, md);
    136. 

  136. 	HMAC_Update(&mac_ctx, host, strlen(host));
    137. 

  137. 	HMAC_Final(&mac_ctx, result, NULL);
    138. 

  138. 	HMAC_cleanup(&mac_ctx);
    139. 

  139. 

  140. 	if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
    141. 

  141. 	    __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
    142. 

  142. 		fatal("host_hash: __b64_ntop failed");
    143. 

  143. 

  144. 	snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt,
    145. 

  145. 	    HASH_DELIM, uu_result);
    146. 

  146. 

  147. 	return (encoded);
    148. 

  148. }
    149. 

  149. 

  150. /*
    151. 

  151.  * Parses an RSA (number of bits, e, n) or DSA key from a string.  Moves the
    152. 

  152.  * pointer over the key.  Skips any whitespace at the beginning and at end.
    153. 

  153.  */
    154. 

  154. 

  155. int
    156. 

  156. hostfile_read_key(char **cpp, u_int *bitsp, Key *ret)
    157. 

  157. {
    158. 

  158. 	char *cp;
    159. 

  159. 

  160. 	/* Skip leading whitespace. */
    161. 

  161. 	for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++)
    162. 

  162. 		;
    163. 

  163. 

  164. 	if (key_read(ret, &cp) != 1)
    165. 

  165. 		return 0;
    166. 

  166. 

  167. 	/* Skip trailing whitespace. */
    168. 

  168. 	for (; *cp == ' ' || *cp == '\t'; cp++)
    169. 

  169. 		;
    170. 

  170. 

  171. 	/* Return results. */
    172. 

  172. 	*cpp = cp;
    173. 

  173. 	if (bitsp != NULL)
    174. 

  174. 		*bitsp = key_size(ret);
    175. 

  175. 	return 1;
    176. 

  176. }
    177. 

  177. 

  178. static int
    179. 

  179. hostfile_check_key(int bits, const Key *key, const char *host,
    180. 

  180.     const char *filename, u_long linenum)
    181. 

  181. {
    182. 

  182. 	if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL)
    183. 

  183. 		return 1;
    184. 

  184. 	if (bits != BN_num_bits(key->rsa->n)) {
    185. 

  185. 		logit("Warning: %s, line %lu: keysize mismatch for host %s: "
    186. 

  186. 		    "actual %d vs. announced %d.",
    187. 

  187. 		    filename, linenum, host, BN_num_bits(key->rsa->n), bits);
    188. 

  188. 		logit("Warning: replace %d with %d in %s, line %lu.",
    189. 

  189. 		    bits, BN_num_bits(key->rsa->n), filename, linenum);
    190. 

  190. 	}
    191. 

  191. 	return 1;
    192. 

  192. }
    193. 

  193. 

  194. static HostkeyMarker
    195. 

  195. check_markers(char **cpp)
    196. 

  196. {
    197. 

  197. 	char marker[32], *sp, *cp = *cpp;
    198. 

  198. 	int ret = MRK_NONE;
    199. 

  199. 

  200. 	while (*cp == '@') {
    201. 

  201. 		/* Only one marker is allowed */
    202. 

  202. 		if (ret != MRK_NONE)
    203. 

  203. 			return MRK_ERROR;
    204. 

  204. 		/* Markers are terminated by whitespace */
    205. 

  205. 		if ((sp = strchr(cp, ' ')) == NULL &&
    206. 

  206. 		    (sp = strchr(cp, '\t')) == NULL)
    207. 

  207. 			return MRK_ERROR;
    208. 

  208. 		/* Extract marker for comparison */
    209. 

  209. 		if (sp <= cp + 1 || sp >= cp + sizeof(marker))
    210. 

  210. 			return MRK_ERROR;
    211. 

  211. 		memcpy(marker, cp, sp - cp);
    212. 

  212. 		marker[sp - cp] = '\0';
    213. 

  213. 		if (strcmp(marker, CA_MARKER) == 0)
    214. 

  214. 			ret = MRK_CA;
    215. 

  215. 		else if (strcmp(marker, REVOKE_MARKER) == 0)
    216. 

  216. 			ret = MRK_REVOKE;
    217. 

  217. 		else
    218. 

  218. 			return MRK_ERROR;
    219. 

  219. 

  220. 		/* Skip past marker and any whitespace that follows it */
    221. 

  221. 		cp = sp;
    222. 

  222. 		for (; *cp == ' ' || *cp == '\t'; cp++)
    223. 

  223. 			;
    224. 

  224. 	}
    225. 

  225. 	*cpp = cp;
    226. 

  226. 	return ret;
    227. 

  227. }
    228. 

  228. 

  229. struct hostkeys *
    230. 

  230. init_hostkeys(void)
    231. 

  231. {
    232. 

  232. 	struct hostkeys *ret = xcalloc(1, sizeof(*ret));
    233. 

  233. 

  234. 	ret->entries = NULL;
    235. 

  235. 	return ret;
    236. 

  236. }
    237. 

  237. 

  238. void
    239. 

  239. load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
    240. 

  240. {
    241. 

  241. 	FILE *f;
    242. 

  242. 	char line[8192];
    243. 

  243. 	u_long linenum = 0, num_loaded = 0;
    244. 

  244. 	char *cp, *cp2, *hashed_host;
    245. 

  245. 	HostkeyMarker marker;
    246. 

  246. 	Key *key;
    247. 

  247. 	int kbits;
    248. 

  248. 

  249. 	if ((f = fopen(path, "r")) == NULL)
    250. 

  250. 		return;
    251. 

  251. 	debug3("%s: loading entries for host \"%.100s\" from file \"%s\"",
    252. 

  252. 	    __func__, host, path);
    253. 

  253. 	while (read_keyfile_line(f, path, line, sizeof(line), &linenum) == 0) {
    254. 

  254. 		cp = line;
    255. 

  255. 

  256. 		/* Skip any leading whitespace, comments and empty lines. */
    257. 

  257. 		for (; *cp == ' ' || *cp == '\t'; cp++)
    258. 

  258. 			;
    259. 

  259. 		if (!*cp || *cp == '#' || *cp == '\n')
    260. 

  260. 			continue;
    261. 

  261. 

  262. 		if ((marker = check_markers(&cp)) == MRK_ERROR) {
    263. 

  263. 			verbose("%s: invalid marker at %s:%lu",
    264. 

  264. 			    __func__, path, linenum);
    265. 

  265. 			continue;
    266. 

  266. 		}
    267. 

  267. 

  268. 		/* Find the end of the host name portion. */
    269. 

  269. 		for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++)
    270. 

  270. 			;
    271. 

  271. 

  272. 		/* Check if the host name matches. */
    273. 

  273. 		if (match_hostname(host, cp, (u_int) (cp2 - cp)) != 1) {
    274. 

  274. 			if (*cp != HASH_DELIM)
    275. 

  275. 				continue;
    276. 

  276. 			hashed_host = host_hash(host, cp, (u_int) (cp2 - cp));
    277. 

  277. 			if (hashed_host == NULL) {
    278. 

  278. 				debug("Invalid hashed host line %lu of %s",
    279. 

  279. 				    linenum, path);
    280. 

  280. 				continue;
    281. 

  281. 			}
    282. 

  282. 			if (strncmp(hashed_host, cp, (u_int) (cp2 - cp)) != 0)
    283. 

  283. 				continue;
    284. 

  284. 		}
    285. 

  285. 

  286. 		/* Got a match.  Skip host name. */
    287. 

  287. 		cp = cp2;
    288. 

  288. 

  289. 		/*
    290. 

  290. 		 * Extract the key from the line.  This will skip any leading
    291. 

  291. 		 * whitespace.  Ignore badly formatted lines.
    292. 

  292. 		 */
    293. 

  293. 		key = key_new(KEY_UNSPEC);
    294. 

  294. 		if (!hostfile_read_key(&cp, &kbits, key)) {
    295. 

  295. 			key_free(key);
    296. 

  296. 			key = key_new(KEY_RSA1);
    297. 

  297. 			if (!hostfile_read_key(&cp, &kbits, key)) {
    298. 

  298. 				key_free(key);
    299. 

  299. 				continue;
    300. 

  300. 			}
    301. 

  301. 		}
    302. 

  302. 		if (!hostfile_check_key(kbits, key, host, path, linenum))
    303. 

  303. 			continue;
    304. 

  304. 

  305. 		debug3("%s: found %skey type %s in file %s:%lu", __func__,
    306. 

  306. 		    marker == MRK_NONE ? "" :
    307. 

  307. 		    (marker == MRK_CA ? "ca " : "revoked "),
    308. 

  308. 		    key_type(key), path, linenum);
    309. 

  309. 		hostkeys->entries = xrealloc(hostkeys->entries,
    310. 

  310. 		    hostkeys->num_entries + 1, sizeof(*hostkeys->entries));
    311. 

  311. 		hostkeys->entries[hostkeys->num_entries].host = xstrdup(host);
    312. 

  312. 		hostkeys->entries[hostkeys->num_entries].file = xstrdup(path);
    313. 

  313. 		hostkeys->entries[hostkeys->num_entries].line = linenum;
    314. 

  314. 		hostkeys->entries[hostkeys->num_entries].key = key;
    315. 

  315. 		hostkeys->entries[hostkeys->num_entries].marker = marker;
    316. 

  316. 		hostkeys->num_entries++;
    317. 

  317. 		num_loaded++;
    318. 

  318. 	}
    319. 

  319. 	debug3("%s: loaded %lu keys", __func__, num_loaded);
    320. 

  320. 	fclose(f);
    321. 

  321. 	return;
    322. 

  322. }	
    323. 

  323. 

  324. void
    325. 

  325. free_hostkeys(struct hostkeys *hostkeys)
    326. 

  326. {
    327. 

  327. 	u_int i;
    328. 

  328. 

  329. 	for (i = 0; i < hostkeys->num_entries; i++) {
    330. 

  330. 		xfree(hostkeys->entries[i].host);
    331. 

  331. 		xfree(hostkeys->entries[i].file);
    332. 

  332. 		key_free(hostkeys->entries[i].key);
    333. 

  333. 		bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
    334. 

  334. 	}
    335. 

  335. 	if (hostkeys->entries != NULL)
    336. 

  336. 		xfree(hostkeys->entries);
    337. 

  337. 	hostkeys->entries = NULL;
    338. 

  338. 	hostkeys->num_entries = 0;
    339. 

  339. 	xfree(hostkeys);
    340. 

  340. }
    341. 

  341. 

  342. static int
    343. 

  343. check_key_not_revoked(struct hostkeys *hostkeys, Key *k)
    344. 

  344. {
    345. 

  345. 	int is_cert = key_is_cert(k);
    346. 

  346. 	u_int i;
    347. 

  347. 

  348. 	for (i = 0; i < hostkeys->num_entries; i++) {
    349. 

  349. 		if (hostkeys->entries[i].marker != MRK_REVOKE)
    350. 

  350. 			continue;
    351. 

  351. 		if (key_equal_public(k, hostkeys->entries[i].key))
    352. 

  352. 			return -1;
    353. 

  353. 		if (is_cert &&
    354. 

  354. 		    key_equal_public(k->cert->signature_key,
    355. 

  355. 		    hostkeys->entries[i].key))
    356. 

  356. 			return -1;
    357. 

  357. 	}
    358. 

  358. 	return 0;
    359. 

  359. }
    360. 

  360. 

  361. /*
    362. 

  362.  * Match keys against a specified key, or look one up by key type.
    363. 

  363.  *
    364. 

  364.  * If looking for a keytype (key == NULL) and one is found then return
    365. 

  365.  * HOST_FOUND, otherwise HOST_NEW.
    366. 

  366.  *
    367. 

  367.  * If looking for a key (key != NULL):
    368. 

  368.  *  1. If the key is a cert and a matching CA is found, return HOST_OK
    369. 

  369.  *  2. If the key is not a cert and a matching key is found, return HOST_OK
    370. 

  370.  *  3. If no key matches but a key with a different type is found, then
    371. 

  371.  *     return HOST_CHANGED
    372. 

  372.  *  4. If no matching keys are found, then return HOST_NEW.
    373. 

  373.  *
    374. 

  374.  * Finally, check any found key is not revoked.
    375. 

  375.  */
    376. 

  376. static HostStatus
    377. 

  377. check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
    378. 

  378.     Key *k, int keytype, const struct hostkey_entry **found)
    379. 

  379. {
    380. 

  380. 	u_int i;
    381. 

  381. 	HostStatus end_return = HOST_NEW;
    382. 

  382. 	int want_cert = key_is_cert(k);
    383. 

  383. 	HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE;
    384. 

  384. 	int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2;
    385. 

  385. 

  386. 	if (found != NULL)
    387. 

  387. 		*found = NULL;
    388. 

  388. 

  389. 	for (i = 0; i < hostkeys->num_entries; i++) {
    390. 

  390. 		if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1)
    391. 

  391. 			continue;
    392. 

  392. 		if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1)
    393. 

  393. 			continue;
    394. 

  394. 		if (hostkeys->entries[i].marker != want_marker)
    395. 

  395. 			continue;
    396. 

  396. 		if (k == NULL) {
    397. 

  397. 			if (hostkeys->entries[i].key->type != keytype)
    398. 

  398. 				continue;
    399. 

  399. 			end_return = HOST_FOUND;
    400. 

  400. 			if (found != NULL)
    401. 

  401. 				*found = hostkeys->entries + i;
    402. 

  402. 			k = hostkeys->entries[i].key;
    403. 

  403. 			break;
    404. 

  404. 		}
    405. 

  405. 		if (want_cert) {
    406. 

  406. 			if (key_equal_public(k->cert->signature_key,
    407. 

  407. 			    hostkeys->entries[i].key)) {
    408. 

  408. 				/* A matching CA exists */
    409. 

  409. 				end_return = HOST_OK;
    410. 

  410. 				if (found != NULL)
    411. 

  411. 					*found = hostkeys->entries + i;
    412. 

  412. 				break;
    413. 

  413. 			}
    414. 

  414. 		} else {
    415. 

  415. 			if (key_equal(k, hostkeys->entries[i].key)) {
    416. 

  416. 				end_return = HOST_OK;
    417. 

  417. 				if (found != NULL)
    418. 

  418. 					*found = hostkeys->entries + i;
    419. 

  419. 				break;
    420. 

  420. 			}
    421. 

  421. 			/* A non-maching key exists */
    422. 

  422. 			end_return = HOST_CHANGED;
    423. 

  423. 			if (found != NULL)
    424. 

  424. 				*found = hostkeys->entries + i;
    425. 

  425. 		}
    426. 

  426. 	}
    427. 

  427. 	if (check_key_not_revoked(hostkeys, k) != 0) {
    428. 

  428. 		end_return = HOST_REVOKED;
    429. 

  429. 		if (found != NULL)
    430. 

  430. 			*found = NULL;
    431. 

  431. 	}
    432. 

  432. 	return end_return;
    433. 

  433. }
    434. 

  434. 	
    435. 

  435. HostStatus
    436. 

  436. check_key_in_hostkeys(struct hostkeys *hostkeys, Key *key,
    437. 

  437.     const struct hostkey_entry **found)
    438. 

  438. {
    439. 

  439. 	if (key == NULL)
    440. 

  440. 		fatal("no key to look up");
    441. 

  441. 	return check_hostkeys_by_key_or_type(hostkeys, key, 0, found);
    442. 

  442. }
    443. 

  443. 

  444. int
    445. 

  445. lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype,
    446. 

  446.     const struct hostkey_entry **found)
    447. 

  447. {
    448. 

  448. 	return (check_hostkeys_by_key_or_type(hostkeys, NULL, keytype,
    449. 

  449. 	    found) == HOST_FOUND);
    450. 

  450. }
    451. 

  451. 

  452. /*
    453. 

  453.  * Appends an entry to the host file.  Returns false if the entry could not
    454. 

  454.  * be appended.
    455. 

  455.  */
    456. 

  456. 

  457. int
    458. 

  458. add_host_to_hostfile(const char *filename, const char *host, const Key *key,
    459. 

  459.     int store_hash)
    460. 

  460. {
    461. 

  461. 	FILE *f;
    462. 

  462. 	int success = 0;
    463. 

  463. 	char *hashed_host = NULL;
    464. 

  464. 

  465. 	if (key == NULL)
    466. 

  466. 		return 1;	/* XXX ? */
    467. 

  467. 	f = fopen(filename, "a");
    468. 

  468. 	if (!f)
    469. 

  469. 		return 0;
    470. 

  470. 

  471. 	if (store_hash) {
    472. 

  472. 		if ((hashed_host = host_hash(host, NULL, 0)) == NULL) {
    473. 

  473. 			error("add_host_to_hostfile: host_hash failed");
    474. 

  474. 			fclose(f);
    475. 

  475. 			return 0;
    476. 

  476. 		}
    477. 

  477. 	}
    478. 

  478. 	fprintf(f, "%s ", store_hash ? hashed_host : host);
    479. 

  479. 

  480. 	if (key_write(key, f)) {
    481. 

  481. 		success = 1;
    482. 

  482. 	} else {
    483. 

  483. 		error("add_host_to_hostfile: saving key in %s failed", filename);
    484. 

  484. 	}
    485. 

  485. 	fprintf(f, "\n");
    486. 

  486. 	fclose(f);
    487. 

  487. 	return success;
    488. 

  488. }
    489. 

  489.