diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 19:57:33 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 19:57:33 +0000 |
commit | 1bad256822046e2cc9e3a85a1c622e4ebaa2b97e (patch) | |
tree | 555991823221bbb1cbd3c13c1518349a0e06829b /ssh.c | |
parent | f666fec2d553955c26c999cb687877454eeca3ee (diff) |
- markus@cvs.openbsd.org 2002/05/23 19:24:30
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 21 |
1 files changed, 14 insertions, 7 deletions
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: ssh.c,v 1.172 2002/05/22 23:18:25 deraadt Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.173 2002/05/23 19:24:30 markus Exp $"); |
44 | 44 | ||
45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
@@ -132,10 +132,7 @@ char *host; | |||
132 | struct sockaddr_storage hostaddr; | 132 | struct sockaddr_storage hostaddr; |
133 | 133 | ||
134 | /* Private host keys. */ | 134 | /* Private host keys. */ |
135 | struct { | 135 | Sensitive sensitive_data; |
136 | Key **keys; | ||
137 | int nkeys; | ||
138 | } sensitive_data; | ||
139 | 136 | ||
140 | /* Original real UID. */ | 137 | /* Original real UID. */ |
141 | uid_t original_real_uid; | 138 | uid_t original_real_uid; |
@@ -689,6 +686,7 @@ again: | |||
689 | */ | 686 | */ |
690 | sensitive_data.nkeys = 0; | 687 | sensitive_data.nkeys = 0; |
691 | sensitive_data.keys = NULL; | 688 | sensitive_data.keys = NULL; |
689 | sensitive_data.external_keysign = 0; | ||
692 | if (!cerr && (options.rhosts_rsa_authentication || | 690 | if (!cerr && (options.rhosts_rsa_authentication || |
693 | options.hostbased_authentication)) { | 691 | options.hostbased_authentication)) { |
694 | sensitive_data.nkeys = 3; | 692 | sensitive_data.nkeys = 3; |
@@ -699,6 +697,16 @@ again: | |||
699 | _PATH_HOST_DSA_KEY_FILE, "", NULL); | 697 | _PATH_HOST_DSA_KEY_FILE, "", NULL); |
700 | sensitive_data.keys[2] = key_load_private_type(KEY_RSA, | 698 | sensitive_data.keys[2] = key_load_private_type(KEY_RSA, |
701 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | 699 | _PATH_HOST_RSA_KEY_FILE, "", NULL); |
700 | |||
701 | if (sensitive_data.keys[0] == NULL && | ||
702 | sensitive_data.keys[1] == NULL && | ||
703 | sensitive_data.keys[2] == NULL) { | ||
704 | sensitive_data.keys[1] = key_load_public( | ||
705 | _PATH_HOST_DSA_KEY_FILE, NULL); | ||
706 | sensitive_data.keys[2] = key_load_public( | ||
707 | _PATH_HOST_RSA_KEY_FILE, NULL); | ||
708 | sensitive_data.external_keysign = 1; | ||
709 | } | ||
702 | } | 710 | } |
703 | /* | 711 | /* |
704 | * Get rid of any extra privileges that we may have. We will no | 712 | * Get rid of any extra privileges that we may have. We will no |
@@ -758,8 +766,7 @@ again: | |||
758 | signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ | 766 | signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ |
759 | 767 | ||
760 | /* Log into the remote system. This never returns if the login fails. */ | 768 | /* Log into the remote system. This never returns if the login fails. */ |
761 | ssh_login(sensitive_data.keys, sensitive_data.nkeys, | 769 | ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, pw); |
762 | host, (struct sockaddr *)&hostaddr, pw); | ||
763 | 770 | ||
764 | /* We no longer need the private host keys. Clear them now. */ | 771 | /* We no longer need the private host keys. Clear them now. */ |
765 | if (sensitive_data.nkeys != 0) { | 772 | if (sensitive_data.nkeys != 0) { |