summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog4
-rw-r--r--canohost.c20
-rw-r--r--ssh-keysign.c4
-rw-r--r--sshconnect2.c17
4 files changed, 27 insertions, 18 deletions
diff --git a/ChangeLog b/ChangeLog
index 866e4aa46..7624812b1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,10 @@
14 [key.c] 14 [key.c]
15 Ignore and log any Protocol 1 keys where the claimed size is not equal to 15 Ignore and log any Protocol 1 keys where the claimed size is not equal to
16 the actual size. Noted by Derek Martin, ok djm@ 16 the actual size. Noted by Derek Martin, ok djm@
17 - dtucker@cvs.openbsd.org 2010/01/13 01:20:20
18 [canohost.c ssh-keysign.c sshconnect2.c]
19 Make HostBased authentication work with a ProxyCommand. bz #1569, patch
20 from imorgan at nas nasa gov, ok djm@
17 21
1820100112 2220100112
19 - (dtucker) OpenBSD CVS Sync 23 - (dtucker) OpenBSD CVS Sync
diff --git a/canohost.c b/canohost.c
index 22b19bb9f..ef94d9155 100644
--- a/canohost.c
+++ b/canohost.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: canohost.c,v 1.65 2009/05/27 06:31:25 andreas Exp $ */ 1/* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -27,6 +27,7 @@
27#include <stdlib.h> 27#include <stdlib.h>
28#include <string.h> 28#include <string.h>
29#include <stdarg.h> 29#include <stdarg.h>
30#include <unistd.h>
30 31
31#include "xmalloc.h" 32#include "xmalloc.h"
32#include "packet.h" 33#include "packet.h"
@@ -301,9 +302,22 @@ get_local_ipaddr(int sock)
301} 302}
302 303
303char * 304char *
304get_local_name(int sock) 305get_local_name(int fd)
305{ 306{
306 return get_socket_address(sock, 0, NI_NAMEREQD); 307 char *host, myname[NI_MAXHOST];
308
309 /* Assume we were passed a socket */
310 if ((host = get_socket_address(fd, 0, NI_NAMEREQD)) != NULL)
311 return host;
312
313 /* Handle the case where we were passed a pipe */
314 if (gethostname(myname, sizeof(myname)) == -1) {
315 verbose("get_local_name: gethostname: %s", strerror(errno));
316 } else {
317 host = xstrdup(myname);
318 }
319
320 return host;
307} 321}
308 322
309void 323void
diff --git a/ssh-keysign.c b/ssh-keysign.c
index c4bc7e56e..0fdcebbd2 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keysign.c,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: ssh-keysign.c,v 1.30 2010/01/13 01:20:20 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -222,7 +222,7 @@ main(int argc, char **argv)
222 if ((fd == STDIN_FILENO) || (fd == STDOUT_FILENO)) 222 if ((fd == STDIN_FILENO) || (fd == STDOUT_FILENO))
223 fatal("bad fd"); 223 fatal("bad fd");
224 if ((host = get_local_name(fd)) == NULL) 224 if ((host = get_local_name(fd)) == NULL)
225 fatal("cannot get sockname for fd"); 225 fatal("cannot get local name for fd");
226 226
227 data = buffer_get_string(&b, &dlen); 227 data = buffer_get_string(&b, &dlen);
228 if (valid_request(pw, host, &key, data, dlen) < 0) 228 if (valid_request(pw, host, &key, data, dlen) < 0)
diff --git a/sshconnect2.c b/sshconnect2.c
index ed40a9d70..e81064dae 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.178 2010/01/11 04:46:45 dtucker Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.179 2010/01/13 01:20:20 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1514,7 +1514,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
1514 debug2("ssh_keysign called"); 1514 debug2("ssh_keysign called");
1515 1515
1516 if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { 1516 if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
1517 error("ssh_keysign: no installed: %s", strerror(errno)); 1517 error("ssh_keysign: not installed: %s", strerror(errno));
1518 return -1; 1518 return -1;
1519 } 1519 }
1520 if (fflush(stdout) != 0) 1520 if (fflush(stdout) != 0)
@@ -1586,7 +1586,7 @@ userauth_hostbased(Authctxt *authctxt)
1586 Sensitive *sensitive = authctxt->sensitive; 1586 Sensitive *sensitive = authctxt->sensitive;
1587 Buffer b; 1587 Buffer b;
1588 u_char *signature, *blob; 1588 u_char *signature, *blob;
1589 char *chost, *pkalg, *p, myname[NI_MAXHOST]; 1589 char *chost, *pkalg, *p;
1590 const char *service; 1590 const char *service;
1591 u_int blen, slen; 1591 u_int blen, slen;
1592 int ok, i, found = 0; 1592 int ok, i, found = 0;
@@ -1610,16 +1610,7 @@ userauth_hostbased(Authctxt *authctxt)
1610 return 0; 1610 return 0;
1611 } 1611 }
1612 /* figure out a name for the client host */ 1612 /* figure out a name for the client host */
1613 p = NULL; 1613 p = get_local_name(packet_get_connection_in());
1614 if (packet_connection_is_on_socket())
1615 p = get_local_name(packet_get_connection_in());
1616 if (p == NULL) {
1617 if (gethostname(myname, sizeof(myname)) == -1) {
1618 verbose("userauth_hostbased: gethostname: %s",
1619 strerror(errno));
1620 } else
1621 p = xstrdup(myname);
1622 }
1623 if (p == NULL) { 1614 if (p == NULL) {
1624 error("userauth_hostbased: cannot get local ipaddr/name"); 1615 error("userauth_hostbased: cannot get local ipaddr/name");
1625 key_free(private); 1616 key_free(private);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 14:02:51 +0000