diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 19:57:33 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 19:57:33 +0000 |
| commit | 1bad256822046e2cc9e3a85a1c622e4ebaa2b97e (patch) | |
| tree | 555991823221bbb1cbd3c13c1518349a0e06829b /ssh.c | |
| parent | f666fec2d553955c26c999cb687877454eeca3ee (diff) | |
- markus@cvs.openbsd.org 2002/05/23 19:24:30
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
Diffstat (limited to 'ssh.c')
| -rw-r--r-- | ssh.c | 21 |
1 files changed, 14 insertions, 7 deletions
| @@ -40,7 +40,7 @@ | |||
| 40 | */ | 40 | */ |
| 41 | 41 | ||
| 42 | #include "includes.h" | 42 | #include "includes.h" |
| 43 | RCSID("$OpenBSD: ssh.c,v 1.172 2002/05/22 23:18:25 deraadt Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.173 2002/05/23 19:24:30 markus Exp $"); |
| 44 | 44 | ||
| 45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
| 46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
| @@ -132,10 +132,7 @@ char *host; | |||
| 132 | struct sockaddr_storage hostaddr; | 132 | struct sockaddr_storage hostaddr; |
| 133 | 133 | ||
| 134 | /* Private host keys. */ | 134 | /* Private host keys. */ |
| 135 | struct { | 135 | Sensitive sensitive_data; |
| 136 | Key **keys; | ||
| 137 | int nkeys; | ||
| 138 | } sensitive_data; | ||
| 139 | 136 | ||
| 140 | /* Original real UID. */ | 137 | /* Original real UID. */ |
| 141 | uid_t original_real_uid; | 138 | uid_t original_real_uid; |
| @@ -689,6 +686,7 @@ again: | |||
| 689 | */ | 686 | */ |
| 690 | sensitive_data.nkeys = 0; | 687 | sensitive_data.nkeys = 0; |
| 691 | sensitive_data.keys = NULL; | 688 | sensitive_data.keys = NULL; |
| 689 | sensitive_data.external_keysign = 0; | ||
| 692 | if (!cerr && (options.rhosts_rsa_authentication || | 690 | if (!cerr && (options.rhosts_rsa_authentication || |
| 693 | options.hostbased_authentication)) { | 691 | options.hostbased_authentication)) { |
| 694 | sensitive_data.nkeys = 3; | 692 | sensitive_data.nkeys = 3; |
| @@ -699,6 +697,16 @@ again: | |||
| 699 | _PATH_HOST_DSA_KEY_FILE, "", NULL); | 697 | _PATH_HOST_DSA_KEY_FILE, "", NULL); |
| 700 | sensitive_data.keys[2] = key_load_private_type(KEY_RSA, | 698 | sensitive_data.keys[2] = key_load_private_type(KEY_RSA, |
| 701 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | 699 | _PATH_HOST_RSA_KEY_FILE, "", NULL); |
| 700 | |||
| 701 | if (sensitive_data.keys[0] == NULL && | ||
| 702 | sensitive_data.keys[1] == NULL && | ||
| 703 | sensitive_data.keys[2] == NULL) { | ||
| 704 | sensitive_data.keys[1] = key_load_public( | ||
| 705 | _PATH_HOST_DSA_KEY_FILE, NULL); | ||
| 706 | sensitive_data.keys[2] = key_load_public( | ||
| 707 | _PATH_HOST_RSA_KEY_FILE, NULL); | ||
| 708 | sensitive_data.external_keysign = 1; | ||
| 709 | } | ||
| 702 | } | 710 | } |
| 703 | /* | 711 | /* |
| 704 | * Get rid of any extra privileges that we may have. We will no | 712 | * Get rid of any extra privileges that we may have. We will no |
| @@ -758,8 +766,7 @@ again: | |||
| 758 | signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ | 766 | signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ |
| 759 | 767 | ||
| 760 | /* Log into the remote system. This never returns if the login fails. */ | 768 | /* Log into the remote system. This never returns if the login fails. */ |
| 761 | ssh_login(sensitive_data.keys, sensitive_data.nkeys, | 769 | ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, pw); |
| 762 | host, (struct sockaddr *)&hostaddr, pw); | ||
| 763 | 770 | ||
| 764 | /* We no longer need the private host keys. Clear them now. */ | 771 | /* We no longer need the private host keys. Clear them now. */ |
| 765 | if (sensitive_data.nkeys != 0) { | 772 | if (sensitive_data.nkeys != 0) { |