diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-12 23:34:34 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-12 23:34:34 +0000 |
commit | 5eabda303aa26c77e4c383230db9ce9d9175e580 (patch) | |
tree | a084d793ff9789b41920bb259c7ff309d21eba24 /ssh.c | |
parent | 0998872972ec9a059204344cf0bec64123b3e28c (diff) |
- markus@cvs.openbsd.org 2001/04/12 19:15:26
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 42 |
1 files changed, 32 insertions, 10 deletions
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: ssh.c,v 1.111 2001/04/12 14:29:09 markus Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.112 2001/04/12 19:15:25 markus Exp $"); |
43 | 43 | ||
44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
45 | #include <openssl/err.h> | 45 | #include <openssl/err.h> |
@@ -130,8 +130,11 @@ struct sockaddr_storage hostaddr; | |||
130 | */ | 130 | */ |
131 | volatile int received_window_change_signal = 0; | 131 | volatile int received_window_change_signal = 0; |
132 | 132 | ||
133 | /* Host private key. */ | 133 | /* Private host keys. */ |
134 | Key *host_private_key = NULL; | 134 | struct { |
135 | Key **keys; | ||
136 | int nkeys; | ||
137 | } sensitive_data; | ||
135 | 138 | ||
136 | /* Original real UID. */ | 139 | /* Original real UID. */ |
137 | uid_t original_real_uid; | 140 | uid_t original_real_uid; |
@@ -646,9 +649,18 @@ main(int ac, char **av) | |||
646 | * authentication. This must be done before releasing extra | 649 | * authentication. This must be done before releasing extra |
647 | * privileges, because the file is only readable by root. | 650 | * privileges, because the file is only readable by root. |
648 | */ | 651 | */ |
649 | if (ok && (options.protocol & SSH_PROTO_1)) { | 652 | sensitive_data.nkeys = 0; |
650 | host_private_key = key_load_private_type(KEY_RSA1, | 653 | sensitive_data.keys = NULL; |
654 | if (ok && (options.rhosts_rsa_authentication || | ||
655 | options.hostbased_authentication)) { | ||
656 | sensitive_data.nkeys = 3; | ||
657 | sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); | ||
658 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, | ||
651 | _PATH_HOST_KEY_FILE, "", NULL); | 659 | _PATH_HOST_KEY_FILE, "", NULL); |
660 | sensitive_data.keys[1] = key_load_private_type(KEY_DSA, | ||
661 | _PATH_HOST_DSA_KEY_FILE, "", NULL); | ||
662 | sensitive_data.keys[2] = key_load_private_type(KEY_RSA, | ||
663 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | ||
652 | } | 664 | } |
653 | /* | 665 | /* |
654 | * Get rid of any extra privileges that we may have. We will no | 666 | * Get rid of any extra privileges that we may have. We will no |
@@ -707,11 +719,21 @@ main(int ac, char **av) | |||
707 | tilde_expand_filename(options.user_hostfile2, original_real_uid); | 719 | tilde_expand_filename(options.user_hostfile2, original_real_uid); |
708 | 720 | ||
709 | /* Log into the remote system. This never returns if the login fails. */ | 721 | /* Log into the remote system. This never returns if the login fails. */ |
710 | ssh_login(host_private_key, host, (struct sockaddr *)&hostaddr, pw); | 722 | ssh_login(sensitive_data.keys, sensitive_data.nkeys, |
711 | 723 | host, (struct sockaddr *)&hostaddr, pw); | |
712 | /* We no longer need the host private key. Clear it now. */ | 724 | |
713 | if (host_private_key != NULL) | 725 | /* We no longer need the private host keys. Clear them now. */ |
714 | key_free(host_private_key); /* Destroys contents safely */ | 726 | if (sensitive_data.nkeys != 0) { |
727 | for (i = 0; i < sensitive_data.nkeys; i++) { | ||
728 | if (sensitive_data.keys[i] != NULL) { | ||
729 | /* Destroys contents safely */ | ||
730 | debug3("clear hostkey %d", i); | ||
731 | key_free(sensitive_data.keys[i]); | ||
732 | sensitive_data.keys[i] = NULL; | ||
733 | } | ||
734 | } | ||
735 | xfree(sensitive_data.keys); | ||
736 | } | ||
715 | 737 | ||
716 | exit_status = compat20 ? ssh_session2() : ssh_session(); | 738 | exit_status = compat20 ? ssh_session2() : ssh_session(); |
717 | packet_close(); | 739 | packet_close(); |