3 files changed, 18 insertions, 8 deletions

diff --git a/ChangeLog b/ChangeLog
index 61cb11b52..3372e37d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,9 @@
    - markus@cvs.openbsd.org 2001/04/18 21:57:42                            
      [readpass.c ssh-add.c]                                                
      call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
+   - markus@cvs.openbsd.org 2001/04/18 22:03:45                           
+     [auth2.c sshconnect2.c]                                              
+     use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
 
 20010418
   - OpenBSD CVS Sync                            
@@ -5168,4 +5171,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1141 2001/04/19 20:33:07 mouring Exp $
+$Id: ChangeLog,v 1.1142 2001/04/19 20:35:40 mouring Exp $
diff --git a/auth2.c b/auth2.c
index cd6b27685..be07be914 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.52 2001/04/12 19:15:24 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.53 2001/04/18 22:03:44 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -799,19 +799,23 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, const char *chost,
         const char *resolvedname, *ipaddr, *lookup;
         struct stat st;
         char *user_hostfile;
-        int host_status;
+        int host_status, len;
 
         resolvedname = get_canonical_hostname(options.reverse_mapping_check);
         ipaddr = get_remote_ipaddr();
 
-        debug2("userauth_hostbased: resolvedname %s ipaddr %s",
-            resolvedname, ipaddr);
+        debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
+            chost, resolvedname, ipaddr);
 
         if (options.hostbased_uses_name_from_packet_only) {
                 if (auth_rhosts2(pw, cuser, chost, chost) == 0)
                         return 0;
                 lookup = chost;
         } else {
+                if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
+                        debug2("stripping trailing dot from chost %s", chost);
+                        chost[len - 1] = '\0';
+                }
                 if (strcasecmp(resolvedname, chost) != 0)
                         log("userauth_hostbased mismatch: "
                             "client sends %s, but we resolve %s to %s",
diff --git a/sshconnect2.c b/sshconnect2.c
index baa4e7028..ac3ad013b 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.71 2001/04/18 22:03:45 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -816,14 +816,17 @@ userauth_hostbased(Authctxt *authctxt)
         u_char *signature, *blob;
         char *chost, *pkalg, *p;
         u_int blen, slen;
-        int ok, i, found = 0;
+        int ok, i, len, found = 0;
 
         p = get_local_name(packet_get_connection_in());
         if (p == NULL) {
                 error("userauth_hostbased: cannot get local ipaddr/name");
                 return 0;
         }
-        chost = xstrdup(p);
+        len = strlen(p) + 2;
+        chost = xmalloc(len);
+        strlcpy(chost, p, len);
+        strlcat(chost, ".", len);
         debug2("userauth_hostbased: chost %s", chost);
         /* check for a useful key */
         for (i = 0; i < authctxt->nkeys; i++) {