diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-19 20:35:40 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-19 20:35:40 +0000 |
| commit | 2bffd6fd1b27351c0be1df55e42d5f616dccb051 (patch) | |
| tree | b71c24b396baa3889e87a2f795381f66c19c5d4d | |
| parent | 5eb97b6f3d878e6b40cfa73a18bacc293ea6b1ad (diff) | |
- markus@cvs.openbsd.org 2001/04/18 22:03:45
[auth2.c sshconnect2.c]
use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | auth2.c | 12 | ||||
| -rw-r--r-- | sshconnect2.c | 9 |
3 files changed, 18 insertions, 8 deletions
| @@ -6,6 +6,9 @@ | |||
| 6 | - markus@cvs.openbsd.org 2001/04/18 21:57:42 | 6 | - markus@cvs.openbsd.org 2001/04/18 21:57:42 |
| 7 | [readpass.c ssh-add.c] | 7 | [readpass.c ssh-add.c] |
| 8 | call askpass from ssh, too, based on work by roth@feep.net, ok deraadt | 8 | call askpass from ssh, too, based on work by roth@feep.net, ok deraadt |
| 9 | - markus@cvs.openbsd.org 2001/04/18 22:03:45 | ||
| 10 | [auth2.c sshconnect2.c] | ||
| 11 | use FDQN with trailing dot in the hostbased auth packets, ok deraadt@ | ||
| 9 | 12 | ||
| 10 | 20010418 | 13 | 20010418 |
| 11 | - OpenBSD CVS Sync | 14 | - OpenBSD CVS Sync |
| @@ -5168,4 +5171,4 @@ | |||
| 5168 | - Wrote replacements for strlcpy and mkdtemp | 5171 | - Wrote replacements for strlcpy and mkdtemp |
| 5169 | - Released 1.0pre1 | 5172 | - Released 1.0pre1 |
| 5170 | 5173 | ||
| 5171 | $Id: ChangeLog,v 1.1141 2001/04/19 20:33:07 mouring Exp $ | 5174 | $Id: ChangeLog,v 1.1142 2001/04/19 20:35:40 mouring Exp $ |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth2.c,v 1.52 2001/04/12 19:15:24 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.53 2001/04/18 22:03:44 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
| 29 | 29 | ||
| @@ -799,19 +799,23 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, const char *chost, | |||
| 799 | const char *resolvedname, *ipaddr, *lookup; | 799 | const char *resolvedname, *ipaddr, *lookup; |
| 800 | struct stat st; | 800 | struct stat st; |
| 801 | char *user_hostfile; | 801 | char *user_hostfile; |
| 802 | int host_status; | 802 | int host_status, len; |
| 803 | 803 | ||
| 804 | resolvedname = get_canonical_hostname(options.reverse_mapping_check); | 804 | resolvedname = get_canonical_hostname(options.reverse_mapping_check); |
| 805 | ipaddr = get_remote_ipaddr(); | 805 | ipaddr = get_remote_ipaddr(); |
| 806 | 806 | ||
| 807 | debug2("userauth_hostbased: resolvedname %s ipaddr %s", | 807 | debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", |
| 808 | resolvedname, ipaddr); | 808 | chost, resolvedname, ipaddr); |
| 809 | 809 | ||
| 810 | if (options.hostbased_uses_name_from_packet_only) { | 810 | if (options.hostbased_uses_name_from_packet_only) { |
| 811 | if (auth_rhosts2(pw, cuser, chost, chost) == 0) | 811 | if (auth_rhosts2(pw, cuser, chost, chost) == 0) |
| 812 | return 0; | 812 | return 0; |
| 813 | lookup = chost; | 813 | lookup = chost; |
| 814 | } else { | 814 | } else { |
| 815 | if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { | ||
| 816 | debug2("stripping trailing dot from chost %s", chost); | ||
| 817 | chost[len - 1] = '\0'; | ||
| 818 | } | ||
| 815 | if (strcasecmp(resolvedname, chost) != 0) | 819 | if (strcasecmp(resolvedname, chost) != 0) |
| 816 | log("userauth_hostbased mismatch: " | 820 | log("userauth_hostbased mismatch: " |
| 817 | "client sends %s, but we resolve %s to %s", | 821 | "client sends %s, but we resolve %s to %s", |
diff --git a/sshconnect2.c b/sshconnect2.c index baa4e7028..ac3ad013b 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.71 2001/04/18 22:03:45 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
| 29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
| @@ -816,14 +816,17 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 816 | u_char *signature, *blob; | 816 | u_char *signature, *blob; |
| 817 | char *chost, *pkalg, *p; | 817 | char *chost, *pkalg, *p; |
| 818 | u_int blen, slen; | 818 | u_int blen, slen; |
| 819 | int ok, i, found = 0; | 819 | int ok, i, len, found = 0; |
| 820 | 820 | ||
| 821 | p = get_local_name(packet_get_connection_in()); | 821 | p = get_local_name(packet_get_connection_in()); |
| 822 | if (p == NULL) { | 822 | if (p == NULL) { |
| 823 | error("userauth_hostbased: cannot get local ipaddr/name"); | 823 | error("userauth_hostbased: cannot get local ipaddr/name"); |
| 824 | return 0; | 824 | return 0; |
| 825 | } | 825 | } |
| 826 | chost = xstrdup(p); | 826 | len = strlen(p) + 2; |
| 827 | chost = xmalloc(len); | ||
| 828 | strlcpy(chost, p, len); | ||
| 829 | strlcat(chost, ".", len); | ||
| 827 | debug2("userauth_hostbased: chost %s", chost); | 830 | debug2("userauth_hostbased: chost %s", chost); |
| 828 | /* check for a useful key */ | 831 | /* check for a useful key */ |
| 829 | for (i = 0; i < authctxt->nkeys; i++) { | 832 | for (i = 0; i < authctxt->nkeys; i++) { |