summaryrefslogtreecommitdiff
path: root/ssh-keysign.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2011-07-17 01:29:56 +0100
committerColin Watson <cjwatson@debian.org>2011-07-17 01:29:56 +0100
commit29922445eda8a76d957af24db452a084ffc91bd9 (patch)
treee8573993a48c716f6b673b76a4a374fcfcb2aa71 /ssh-keysign.c
parentc6b39c8b787eefb1764cc23afeba3797ac89f056 (diff)
* Backport from upstream:
- Make hostbased auth with ECDSA keys work correctly (closes: #633368).
Diffstat (limited to 'ssh-keysign.c')
-rw-r--r--ssh-keysign.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c
index d05156005..aa1be91f5 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -150,9 +150,10 @@ main(int argc, char **argv)
150{ 150{
151 Buffer b; 151 Buffer b;
152 Options options; 152 Options options;
153 Key *keys[2], *key = NULL; 153#define NUM_KEYTYPES 3
154 Key *keys[NUM_KEYTYPES], *key = NULL;
154 struct passwd *pw; 155 struct passwd *pw;
155 int key_fd[2], i, found, version = 2, fd; 156 int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
156 u_char *signature, *data; 157 u_char *signature, *data;
157 char *host; 158 char *host;
158 u_int slen, dlen; 159 u_int slen, dlen;
@@ -165,8 +166,10 @@ main(int argc, char **argv)
165 if (fd > 2) 166 if (fd > 2)
166 close(fd); 167 close(fd);
167 168
168 key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); 169 i = 0;
169 key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); 170 key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
171 key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
172 key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
170 173
171 original_real_uid = getuid(); /* XXX readconf.c needs this */ 174 original_real_uid = getuid(); /* XXX readconf.c needs this */
172 if ((pw = getpwuid(original_real_uid)) == NULL) 175 if ((pw = getpwuid(original_real_uid)) == NULL)
@@ -191,7 +194,11 @@ main(int argc, char **argv)
191 fatal("ssh-keysign not enabled in %s", 194 fatal("ssh-keysign not enabled in %s",
192 _PATH_HOST_CONFIG_FILE); 195 _PATH_HOST_CONFIG_FILE);
193 196
194 if (key_fd[0] == -1 && key_fd[1] == -1) 197 for (i = found = 0; i < NUM_KEYTYPES; i++) {
198 if (key_fd[i] != -1)
199 found = 1;
200 }
201 if (found == 0)
195 fatal("could not open any host key"); 202 fatal("could not open any host key");
196 203
197 OpenSSL_add_all_algorithms(); 204 OpenSSL_add_all_algorithms();
@@ -200,7 +207,7 @@ main(int argc, char **argv)
200 RAND_seed(rnd, sizeof(rnd)); 207 RAND_seed(rnd, sizeof(rnd));
201 208
202 found = 0; 209 found = 0;
203 for (i = 0; i < 2; i++) { 210 for (i = 0; i < NUM_KEYTYPES; i++) {
204 keys[i] = NULL; 211 keys[i] = NULL;
205 if (key_fd[i] == -1) 212 if (key_fd[i] == -1)
206 continue; 213 continue;
@@ -230,7 +237,7 @@ main(int argc, char **argv)
230 xfree(host); 237 xfree(host);
231 238
232 found = 0; 239 found = 0;
233 for (i = 0; i < 2; i++) { 240 for (i = 0; i < NUM_KEYTYPES; i++) {
234 if (keys[i] != NULL && 241 if (keys[i] != NULL &&
235 key_equal_public(key, keys[i])) { 242 key_equal_public(key, keys[i])) {
236 found = 1; 243 found = 1;