diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-07-04 00:19:40 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-07-04 00:19:40 +0000 |
| commit | 5d35a2f5828cfb0a8579228d80e8bec60c8f8c64 (patch) | |
| tree | d166c5fa709b6c87f4d18888cddda02ed95b2f4f /ssh-keysign.c | |
| parent | 43ce2c86a89a512e3c9361b40155db8bbef3f441 (diff) | |
- markus@cvs.openbsd.org 2002/07/03 14:21:05
[ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
re-enable ssh-keysign's sbit, but make ssh-keysign read
/etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
globally. based on discussions with deraadt, itojun and sommerfeld;
ok itojun@
Diffstat (limited to 'ssh-keysign.c')
| -rw-r--r-- | ssh-keysign.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c index bed2b9874..06d28efa8 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
| @@ -22,7 +22,7 @@ | |||
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | */ | 23 | */ |
| 24 | #include "includes.h" | 24 | #include "includes.h" |
| 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $"); | 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $"); |
| 26 | 26 | ||
| 27 | #include <openssl/evp.h> | 27 | #include <openssl/evp.h> |
| 28 | #include <openssl/rand.h> | 28 | #include <openssl/rand.h> |
| @@ -30,6 +30,7 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $"); | |||
| 30 | 30 | ||
| 31 | #include "log.h" | 31 | #include "log.h" |
| 32 | #include "key.h" | 32 | #include "key.h" |
| 33 | #include "ssh.h" | ||
| 33 | #include "ssh2.h" | 34 | #include "ssh2.h" |
| 34 | #include "misc.h" | 35 | #include "misc.h" |
| 35 | #include "xmalloc.h" | 36 | #include "xmalloc.h" |
| @@ -39,6 +40,9 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $"); | |||
| 39 | #include "msg.h" | 40 | #include "msg.h" |
| 40 | #include "canohost.h" | 41 | #include "canohost.h" |
| 41 | #include "pathnames.h" | 42 | #include "pathnames.h" |
| 43 | #include "readconf.h" | ||
| 44 | |||
| 45 | uid_t original_real_uid; /* XXX readconf.c needs this */ | ||
| 42 | 46 | ||
| 43 | #ifdef HAVE___PROGNAME | 47 | #ifdef HAVE___PROGNAME |
| 44 | extern char *__progname; | 48 | extern char *__progname; |
| @@ -136,6 +140,7 @@ int | |||
| 136 | main(int argc, char **argv) | 140 | main(int argc, char **argv) |
| 137 | { | 141 | { |
| 138 | Buffer b; | 142 | Buffer b; |
| 143 | Options options; | ||
| 139 | Key *keys[2], *key; | 144 | Key *keys[2], *key; |
| 140 | struct passwd *pw; | 145 | struct passwd *pw; |
| 141 | int key_fd[2], i, found, version = 2, fd; | 146 | int key_fd[2], i, found, version = 2, fd; |
| @@ -158,6 +163,15 @@ main(int argc, char **argv) | |||
| 158 | log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); | 163 | log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); |
| 159 | #endif | 164 | #endif |
| 160 | 165 | ||
| 166 | /* verify that ssh-keysign is enabled by the admin */ | ||
| 167 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | ||
| 168 | initialize_options(&options); | ||
| 169 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); | ||
| 170 | fill_default_options(&options); | ||
| 171 | if (options.hostbased_authentication != 1) | ||
| 172 | fatal("Hostbased authentication not enabled in %s", | ||
| 173 | _PATH_HOST_CONFIG_FILE); | ||
| 174 | |||
| 161 | if (key_fd[0] == -1 && key_fd[1] == -1) | 175 | if (key_fd[0] == -1 && key_fd[1] == -1) |
| 162 | fatal("could not open any host key"); | 176 | fatal("could not open any host key"); |
| 163 | 177 | ||