diff options
author | Colin Watson <cjwatson@debian.org> | 2010-08-23 23:52:36 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-08-23 23:52:36 +0100 |
commit | 78799892cb1858927be02be9737c594052e3f910 (patch) | |
tree | ac3dc2e848ab9dc62fe4252e01e52c3d456f628f /auth2-hostbased.c | |
parent | 3875951bb76a9ec62634ae4026c9cc885d933477 (diff) | |
parent | 31e30b835fd9695d3b6647cab4867001b092e28f (diff) |
* New upstream release (http://www.openssh.com/txt/release-5.6):
- Added a ControlPersist option to ssh_config(5) that automatically
starts a background ssh(1) multiplex master when connecting. This
connection can stay alive indefinitely, or can be set to automatically
close after a user-specified duration of inactivity (closes: #335697,
#350898, #454787, #500573, #550262).
- Support AuthorizedKeysFile, AuthorizedPrincipalsFile,
HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5)
Match blocks (closes: #549858).
- sftp(1): fix ls in working directories that contain globbing
characters in their pathnames (LP: #530714).
Diffstat (limited to 'auth2-hostbased.c')
-rw-r--r-- | auth2-hostbased.c | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 32c06bbdc..700631558 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-hostbased.c,v 1.13 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -141,9 +141,10 @@ int | |||
141 | hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | 141 | hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, |
142 | Key *key) | 142 | Key *key) |
143 | { | 143 | { |
144 | const char *resolvedname, *ipaddr, *lookup; | 144 | const char *resolvedname, *ipaddr, *lookup, *reason; |
145 | HostStatus host_status; | 145 | HostStatus host_status; |
146 | int len; | 146 | int len; |
147 | char *fp; | ||
147 | 148 | ||
148 | if (auth_key_is_revoked(key, 0)) | 149 | if (auth_key_is_revoked(key, 0)) |
149 | return 0; | 150 | return 0; |
@@ -174,16 +175,40 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | |||
174 | } | 175 | } |
175 | debug2("userauth_hostbased: access allowed by auth_rhosts2"); | 176 | debug2("userauth_hostbased: access allowed by auth_rhosts2"); |
176 | 177 | ||
178 | if (key_is_cert(key) && | ||
179 | key_cert_check_authority(key, 1, 0, lookup, &reason)) { | ||
180 | error("%s", reason); | ||
181 | auth_debug_add("%s", reason); | ||
182 | return 0; | ||
183 | } | ||
184 | |||
177 | host_status = check_key_in_hostfiles(pw, key, lookup, | 185 | host_status = check_key_in_hostfiles(pw, key, lookup, |
178 | _PATH_SSH_SYSTEM_HOSTFILE, | 186 | _PATH_SSH_SYSTEM_HOSTFILE, |
179 | options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); | 187 | options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); |
180 | 188 | ||
181 | /* backward compat if no key has been found. */ | 189 | /* backward compat if no key has been found. */ |
182 | if (host_status == HOST_NEW) | 190 | if (host_status == HOST_NEW) { |
183 | host_status = check_key_in_hostfiles(pw, key, lookup, | 191 | host_status = check_key_in_hostfiles(pw, key, lookup, |
184 | _PATH_SSH_SYSTEM_HOSTFILE2, | 192 | _PATH_SSH_SYSTEM_HOSTFILE2, |
185 | options.ignore_user_known_hosts ? NULL : | 193 | options.ignore_user_known_hosts ? NULL : |
186 | _PATH_SSH_USER_HOSTFILE2); | 194 | _PATH_SSH_USER_HOSTFILE2); |
195 | } | ||
196 | |||
197 | if (host_status == HOST_OK) { | ||
198 | if (key_is_cert(key)) { | ||
199 | fp = key_fingerprint(key->cert->signature_key, | ||
200 | SSH_FP_MD5, SSH_FP_HEX); | ||
201 | verbose("Accepted certificate ID \"%s\" signed by " | ||
202 | "%s CA %s from %s@%s", key->cert->key_id, | ||
203 | key_type(key->cert->signature_key), fp, | ||
204 | cuser, lookup); | ||
205 | } else { | ||
206 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
207 | verbose("Accepted %s public key %s from %s@%s", | ||
208 | key_type(key), fp, cuser, lookup); | ||
209 | } | ||
210 | xfree(fp); | ||
211 | } | ||
187 | 212 | ||
188 | return (host_status == HOST_OK); | 213 | return (host_status == HOST_OK); |
189 | } | 214 | } |