+/* return ok if key exists in sysfile or userfile */
+HostStatus
+check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+ const char *sysfile, const char *userfile)
+{
+ Key *found;
+ char *user_hostfile;
+ struct stat st;
+ HostStatus host_status;
+
+ /* Check if we know the host and its host key. */
+ found = key_new(key->type);
+ host_status = check_host_in_hostfile(sysfile, host, key, found, NULL);
+
+ if (host_status != HOST_OK && userfile != NULL) {
+ user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
+ if (options.strict_modes &&
+ (stat(user_hostfile, &st) == 0) &&
+ ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+ (st.st_mode & 022) != 0)) {
+ log("Authentication refused for %.100s: "
+ "bad owner or modes for %.200s",
+ pw->pw_name, user_hostfile);
+ } else {
+ temporarily_use_uid(pw);
+ host_status = check_host_in_hostfile(user_hostfile,
+ host, key, found, NULL);
+ restore_uid();
+ }
+ xfree(user_hostfile);
+ }
+ key_free(found);
+
+ debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ?
+ "ok" : "not found", host);
+ return host_status;
+}
+
+