diff options
author | Damien Miller <djm@mindrot.org> | 2001-11-12 11:02:03 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2001-11-12 11:02:03 +1100 |
commit | 91c1847733ea76286cb43e0c1dfe0a18f62e35a8 (patch) | |
tree | 1f147f2fcee99a88439bf1563504d58855048119 | |
parent | eb5fec6494e65d461b01275555a2b978574862c0 (diff) |
- markus@cvs.openbsd.org 2001/10/29 19:27:15
[sshconnect2.c]
hostbased: check for client hostkey before building chost
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | sshconnect2.c | 29 |
2 files changed, 19 insertions, 15 deletions
@@ -17,6 +17,9 @@ | |||
17 | - markus@cvs.openbsd.org 2001/10/25 21:14:32 | 17 | - markus@cvs.openbsd.org 2001/10/25 21:14:32 |
18 | [ssh-keygen.1 ssh-keygen.c] | 18 | [ssh-keygen.1 ssh-keygen.c] |
19 | better docu for fingerprinting, ok deraadt@ | 19 | better docu for fingerprinting, ok deraadt@ |
20 | - markus@cvs.openbsd.org 2001/10/29 19:27:15 | ||
21 | [sshconnect2.c] | ||
22 | hostbased: check for client hostkey before building chost | ||
20 | 23 | ||
21 | 20011109 | 24 | 20011109 |
22 | - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) | 25 | - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) |
@@ -6826,4 +6829,4 @@ | |||
6826 | - Wrote replacements for strlcpy and mkdtemp | 6829 | - Wrote replacements for strlcpy and mkdtemp |
6827 | - Released 1.0pre1 | 6830 | - Released 1.0pre1 |
6828 | 6831 | ||
6829 | $Id: ChangeLog,v 1.1639 2001/11/11 23:52:44 djm Exp $ | 6832 | $Id: ChangeLog,v 1.1640 2001/11/12 00:02:03 djm Exp $ |
diff --git a/sshconnect2.c b/sshconnect2.c index 705aa4561..66dccf600 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.84 2001/10/29 19:27:15 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
@@ -836,16 +836,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
836 | u_int blen, slen; | 836 | u_int blen, slen; |
837 | int ok, i, len, found = 0; | 837 | int ok, i, len, found = 0; |
838 | 838 | ||
839 | p = get_local_name(packet_get_connection_in()); | ||
840 | if (p == NULL) { | ||
841 | error("userauth_hostbased: cannot get local ipaddr/name"); | ||
842 | return 0; | ||
843 | } | ||
844 | len = strlen(p) + 2; | ||
845 | chost = xmalloc(len); | ||
846 | strlcpy(chost, p, len); | ||
847 | strlcat(chost, ".", len); | ||
848 | debug2("userauth_hostbased: chost %s", chost); | ||
849 | /* check for a useful key */ | 839 | /* check for a useful key */ |
850 | for (i = 0; i < authctxt->nkeys; i++) { | 840 | for (i = 0; i < authctxt->nkeys; i++) { |
851 | private = authctxt->keys[i]; | 841 | private = authctxt->keys[i]; |
@@ -857,14 +847,26 @@ userauth_hostbased(Authctxt *authctxt) | |||
857 | } | 847 | } |
858 | } | 848 | } |
859 | if (!found) { | 849 | if (!found) { |
860 | xfree(chost); | 850 | debug("userauth_hostbased: no more client hostkeys"); |
861 | return 0; | 851 | return 0; |
862 | } | 852 | } |
863 | if (key_to_blob(private, &blob, &blen) == 0) { | 853 | if (key_to_blob(private, &blob, &blen) == 0) { |
864 | key_free(private); | 854 | key_free(private); |
865 | xfree(chost); | ||
866 | return 0; | 855 | return 0; |
867 | } | 856 | } |
857 | /* figure out a name for the client host */ | ||
858 | p = get_local_name(packet_get_connection_in()); | ||
859 | if (p == NULL) { | ||
860 | error("userauth_hostbased: cannot get local ipaddr/name"); | ||
861 | key_free(private); | ||
862 | return 0; | ||
863 | } | ||
864 | len = strlen(p) + 2; | ||
865 | chost = xmalloc(len); | ||
866 | strlcpy(chost, p, len); | ||
867 | strlcat(chost, ".", len); | ||
868 | debug2("userauth_hostbased: chost %s", chost); | ||
869 | |||
868 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | 870 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : |
869 | authctxt->service; | 871 | authctxt->service; |
870 | pkalg = xstrdup(key_ssh_name(private)); | 872 | pkalg = xstrdup(key_ssh_name(private)); |
@@ -882,7 +884,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
882 | #ifdef DEBUG_PK | 884 | #ifdef DEBUG_PK |
883 | buffer_dump(&b); | 885 | buffer_dump(&b); |
884 | #endif | 886 | #endif |
885 | debug2("xxx: chost %s", chost); | ||
886 | ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); | 887 | ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); |
887 | key_free(private); | 888 | key_free(private); |
888 | buffer_free(&b); | 889 | buffer_free(&b); |