diff options
| author | Damien Miller <djm@mindrot.org> | 2011-02-18 09:18:45 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2011-02-18 09:18:45 +1100 |
| commit | 0588beba3987853d02b849e92a243ec0a38aa4fb (patch) | |
| tree | 3dbbffd40a567d179ef54e45dc0bb640fe54854b /ssh-keysign.c | |
| parent | ea676a642264ee45f3f1191096d8d51a376061a4 (diff) | |
- djm@cvs.openbsd.org 2011/02/16 00:31:14
[ssh-keysign.c]
make hostbased auth with ECDSA keys work correctly. Based on patch
by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
Diffstat (limited to 'ssh-keysign.c')
| -rw-r--r-- | ssh-keysign.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c index d05156005..4172491c2 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keysign.c,v 1.35 2010/08/31 12:33:38 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keysign.c,v 1.36 2011/02/16 00:31:14 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -150,9 +150,10 @@ main(int argc, char **argv) | |||
| 150 | { | 150 | { |
| 151 | Buffer b; | 151 | Buffer b; |
| 152 | Options options; | 152 | Options options; |
| 153 | Key *keys[2], *key = NULL; | 153 | #define NUM_KEYTYPES 3 |
| 154 | Key *keys[NUM_KEYTYPES], *key = NULL; | ||
| 154 | struct passwd *pw; | 155 | struct passwd *pw; |
| 155 | int key_fd[2], i, found, version = 2, fd; | 156 | int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; |
| 156 | u_char *signature, *data; | 157 | u_char *signature, *data; |
| 157 | char *host; | 158 | char *host; |
| 158 | u_int slen, dlen; | 159 | u_int slen, dlen; |
| @@ -165,8 +166,10 @@ main(int argc, char **argv) | |||
| 165 | if (fd > 2) | 166 | if (fd > 2) |
| 166 | close(fd); | 167 | close(fd); |
| 167 | 168 | ||
| 168 | key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | 169 | i = 0; |
| 169 | key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); | 170 | key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
| 171 | key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); | ||
| 172 | key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | ||
| 170 | 173 | ||
| 171 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | 174 | original_real_uid = getuid(); /* XXX readconf.c needs this */ |
| 172 | if ((pw = getpwuid(original_real_uid)) == NULL) | 175 | if ((pw = getpwuid(original_real_uid)) == NULL) |
| @@ -191,7 +194,11 @@ main(int argc, char **argv) | |||
| 191 | fatal("ssh-keysign not enabled in %s", | 194 | fatal("ssh-keysign not enabled in %s", |
| 192 | _PATH_HOST_CONFIG_FILE); | 195 | _PATH_HOST_CONFIG_FILE); |
| 193 | 196 | ||
| 194 | if (key_fd[0] == -1 && key_fd[1] == -1) | 197 | for (i = found = 0; i < NUM_KEYTYPES; i++) { |
| 198 | if (key_fd[i] != -1) | ||
| 199 | found = 1; | ||
| 200 | } | ||
| 201 | if (found == 0) | ||
| 195 | fatal("could not open any host key"); | 202 | fatal("could not open any host key"); |
| 196 | 203 | ||
| 197 | OpenSSL_add_all_algorithms(); | 204 | OpenSSL_add_all_algorithms(); |
| @@ -200,7 +207,7 @@ main(int argc, char **argv) | |||
| 200 | RAND_seed(rnd, sizeof(rnd)); | 207 | RAND_seed(rnd, sizeof(rnd)); |
| 201 | 208 | ||
| 202 | found = 0; | 209 | found = 0; |
| 203 | for (i = 0; i < 2; i++) { | 210 | for (i = 0; i < NUM_KEYTYPES; i++) { |
| 204 | keys[i] = NULL; | 211 | keys[i] = NULL; |
| 205 | if (key_fd[i] == -1) | 212 | if (key_fd[i] == -1) |
| 206 | continue; | 213 | continue; |
| @@ -230,7 +237,7 @@ main(int argc, char **argv) | |||
| 230 | xfree(host); | 237 | xfree(host); |
| 231 | 238 | ||
| 232 | found = 0; | 239 | found = 0; |
| 233 | for (i = 0; i < 2; i++) { | 240 | for (i = 0; i < NUM_KEYTYPES; i++) { |
| 234 | if (keys[i] != NULL && | 241 | if (keys[i] != NULL && |
| 235 | key_equal_public(key, keys[i])) { | 242 | key_equal_public(key, keys[i])) { |
| 236 | found = 1; | 243 | found = 1; |