diff options
| author | Damien Miller <djm@mindrot.org> | 2010-08-05 13:04:50 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-08-05 13:04:50 +1000 |
| commit | c158331f8c7e059c6c1d099bffc7f5fc6087ddbd (patch) | |
| tree | f1998f0fb52e5fb666ee67064a424af45e941f6b /ssh.c | |
| parent | 1da638895916bc061ff6aca9f373d48a9776810b (diff) | |
- djm@cvs.openbsd.org 2010/08/04 05:42:47
[auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
[ssh-keysign.c ssh.c]
enable certificates for hostbased authentication, from Iain Morgan;
"looks ok" markus@
Diffstat (limited to 'ssh.c')
| -rw-r--r-- | ssh.c | 24 |
1 files changed, 16 insertions, 8 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.c,v 1.344 2010/07/19 09:15:12 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.345 2010/08/04 05:42:47 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -774,26 +774,34 @@ main(int ac, char **av) | |||
| 774 | sensitive_data.external_keysign = 0; | 774 | sensitive_data.external_keysign = 0; |
| 775 | if (options.rhosts_rsa_authentication || | 775 | if (options.rhosts_rsa_authentication || |
| 776 | options.hostbased_authentication) { | 776 | options.hostbased_authentication) { |
| 777 | sensitive_data.nkeys = 3; | 777 | sensitive_data.nkeys = 5; |
| 778 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, | 778 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, |
| 779 | sizeof(Key)); | 779 | sizeof(Key)); |
| 780 | 780 | ||
| 781 | PRIV_START; | 781 | PRIV_START; |
| 782 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, | 782 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, |
| 783 | _PATH_HOST_KEY_FILE, "", NULL, NULL); | 783 | _PATH_HOST_KEY_FILE, "", NULL, NULL); |
| 784 | sensitive_data.keys[1] = key_load_private_type(KEY_DSA, | 784 | sensitive_data.keys[1] = key_load_private_cert(KEY_DSA, |
| 785 | _PATH_HOST_DSA_KEY_FILE, "", NULL); | ||
| 786 | sensitive_data.keys[2] = key_load_private_cert(KEY_RSA, | ||
| 787 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | ||
| 788 | sensitive_data.keys[3] = key_load_private_type(KEY_DSA, | ||
| 785 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); | 789 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); |
| 786 | sensitive_data.keys[2] = key_load_private_type(KEY_RSA, | 790 | sensitive_data.keys[4] = key_load_private_type(KEY_RSA, |
| 787 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); | 791 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); |
| 788 | PRIV_END; | 792 | PRIV_END; |
| 789 | 793 | ||
| 790 | if (options.hostbased_authentication == 1 && | 794 | if (options.hostbased_authentication == 1 && |
| 791 | sensitive_data.keys[0] == NULL && | 795 | sensitive_data.keys[0] == NULL && |
| 792 | sensitive_data.keys[1] == NULL && | 796 | sensitive_data.keys[3] == NULL && |
| 793 | sensitive_data.keys[2] == NULL) { | 797 | sensitive_data.keys[4] == NULL) { |
| 794 | sensitive_data.keys[1] = key_load_public( | 798 | sensitive_data.keys[1] = key_load_cert( |
| 799 | _PATH_HOST_DSA_KEY_FILE); | ||
| 800 | sensitive_data.keys[2] = key_load_cert( | ||
| 801 | _PATH_HOST_RSA_KEY_FILE); | ||
| 802 | sensitive_data.keys[3] = key_load_public( | ||
| 795 | _PATH_HOST_DSA_KEY_FILE, NULL); | 803 | _PATH_HOST_DSA_KEY_FILE, NULL); |
| 796 | sensitive_data.keys[2] = key_load_public( | 804 | sensitive_data.keys[4] = key_load_public( |
| 797 | _PATH_HOST_RSA_KEY_FILE, NULL); | 805 | _PATH_HOST_RSA_KEY_FILE, NULL); |
| 798 | sensitive_data.external_keysign = 1; | 806 | sensitive_data.external_keysign = 1; |
| 799 | } | 807 | } |