diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2014-12-23 22:42:48 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-01-09 00:13:35 +1100 |
| commit | 5191df927db282d3123ca2f34a04d8d96153911a (patch) | |
| tree | 753b6b2d184072f6db142b9352fc61f879a37bae /auth2-hostbased.c | |
| parent | 8abd80315d3419b20e6938f74d37e2e2b547f0b7 (diff) | |
upstream commit
KNF and add a little more debug()
Diffstat (limited to 'auth2-hostbased.c')
| -rw-r--r-- | auth2-hostbased.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index b7ae35356..eb6bee50b 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-hostbased.c,v 1.19 2014/12/21 22:27:56 djm Exp $ */ | 1 | /* $OpenBSD: auth2-hostbased.c,v 1.20 2014/12/23 22:42:48 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -163,7 +163,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | |||
| 163 | resolvedname = get_canonical_hostname(options.use_dns); | 163 | resolvedname = get_canonical_hostname(options.use_dns); |
| 164 | ipaddr = get_remote_ipaddr(); | 164 | ipaddr = get_remote_ipaddr(); |
| 165 | 165 | ||
| 166 | debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", | 166 | debug2("%s: chost %s resolvedname %s ipaddr %s", __func__, |
| 167 | chost, resolvedname, ipaddr); | 167 | chost, resolvedname, ipaddr); |
| 168 | 168 | ||
| 169 | if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { | 169 | if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { |
| @@ -172,19 +172,27 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | |||
| 172 | } | 172 | } |
| 173 | 173 | ||
| 174 | if (options.hostbased_uses_name_from_packet_only) { | 174 | if (options.hostbased_uses_name_from_packet_only) { |
| 175 | if (auth_rhosts2(pw, cuser, chost, chost) == 0) | 175 | if (auth_rhosts2(pw, cuser, chost, chost) == 0) { |
| 176 | debug2("%s: auth_rhosts2 refused " | ||
| 177 | "user \"%.100s\" host \"%.100s\" (from packet)", | ||
| 178 | __func__, cuser, chost); | ||
| 176 | return 0; | 179 | return 0; |
| 180 | } | ||
| 177 | lookup = chost; | 181 | lookup = chost; |
| 178 | } else { | 182 | } else { |
| 179 | if (strcasecmp(resolvedname, chost) != 0) | 183 | if (strcasecmp(resolvedname, chost) != 0) |
| 180 | logit("userauth_hostbased mismatch: " | 184 | logit("userauth_hostbased mismatch: " |
| 181 | "client sends %s, but we resolve %s to %s", | 185 | "client sends %s, but we resolve %s to %s", |
| 182 | chost, ipaddr, resolvedname); | 186 | chost, ipaddr, resolvedname); |
| 183 | if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) | 187 | if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) { |
| 188 | debug2("%s: auth_rhosts2 refused " | ||
| 189 | "user \"%.100s\" host \"%.100s\" addr \"%.100s\"", | ||
| 190 | __func__, cuser, resolvedname, ipaddr); | ||
| 184 | return 0; | 191 | return 0; |
| 192 | } | ||
| 185 | lookup = resolvedname; | 193 | lookup = resolvedname; |
| 186 | } | 194 | } |
| 187 | debug2("userauth_hostbased: access allowed by auth_rhosts2"); | 195 | debug2("%s: access allowed by auth_rhosts2", __func__); |
| 188 | 196 | ||
| 189 | if (key_is_cert(key) && | 197 | if (key_is_cert(key) && |
| 190 | key_cert_check_authority(key, 1, 0, lookup, &reason)) { | 198 | key_cert_check_authority(key, 1, 0, lookup, &reason)) { |