Commit 28c44b39 authored by Niels Möller's avatar Niels Möller
Browse files

* src/lsh.c (do_lsh_lookup): If the user decides to trust the key,

add it to the spki_context.

Rev: src/lsh.c:1.140
parent 69b175aa
......@@ -419,10 +419,12 @@ do_lsh_lookup(struct lookup_verifier *c,
}
else
{
struct sexp *acl;
verbose("SPKI authorization failed.\n");
if (!self->sloppy)
{
werror("lsh: Server's hostkey is not trusted. Disconnecting.\n");
werror("Server's hostkey is not trusted. Disconnecting.\n");
return NULL;
}
......@@ -443,21 +445,25 @@ do_lsh_lookup(struct lookup_verifier *c,
self->host->ip, fingerprint), 0, 1))
return NULL;
}
acl = sexp_l(2, sexp_a(ATOM_ACL),
sexp_l(3, sexp_a(ATOM_ENTRY),
subject->key,
sexp_l(2, sexp_a(ATOM_TAG),
self->access,
-1),
-1),
-1);
/* Remember this key. We don't want to ask again for key re-exchange */
spki_add_acl(self->db, acl);
/* Write an ACL to disk. */
if (self->file)
{
A_WRITE(self->file, ssh_format("\n; ACL for host %lS\n", self->host->ip));
A_WRITE(self->file,
sexp_format(sexp_l(2, sexp_a(ATOM_ACL),
sexp_l(3, sexp_a(ATOM_ENTRY),
subject->key,
sexp_l(2, sexp_a(ATOM_TAG),
self->access,
-1),
-1),
-1),
SEXP_TRANSPORT, 0));
sexp_format(acl, SEXP_TRANSPORT, 0));
A_WRITE(self->file, ssh_format("\n"));
}
}
......@@ -958,7 +964,7 @@ do_lsh_default_handler(struct exception_handler *s,
CAST_SUBTYPE(io_exception, exc, e);
*self->status = EXIT_FAILURE;
werror("lsh: %z, (errno = %i)\n", e->msg, exc->error);
werror("%z, (errno = %i)\n", e->msg, exc->error);
}
else
switch(e->type)
......@@ -971,7 +977,7 @@ do_lsh_default_handler(struct exception_handler *s,
case EXC_CHANNEL_REQUEST:
case EXC_CHANNEL_OPEN:
werror("lsh: %z\n", e->msg);
werror("%z\n", e->msg);
*self->status = EXIT_FAILURE;
break;
default:
......@@ -1050,7 +1056,7 @@ int main(int argc, char **argv)
* or not anybody is still using it. */
close(STDOUT_FILENO);
if (open("/dev/null", O_WRONLY) != STDOUT_FILENO)
werror("lsh: Strange: Final redirect of stdout to /dev/null failed.\n");
werror("Strange: Final redirect of stdout to /dev/null failed.\n");
#endif
io_run(backend);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment