summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--sshconnect2.c29
2 files changed, 19 insertions, 15 deletions
diff --git a/ChangeLog b/ChangeLog
index 299163363..c42294e3d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,9 @@
17 - markus@cvs.openbsd.org 2001/10/25 21:14:32 17 - markus@cvs.openbsd.org 2001/10/25 21:14:32
18 [ssh-keygen.1 ssh-keygen.c] 18 [ssh-keygen.1 ssh-keygen.c]
19 better docu for fingerprinting, ok deraadt@ 19 better docu for fingerprinting, ok deraadt@
20 - markus@cvs.openbsd.org 2001/10/29 19:27:15
21 [sshconnect2.c]
22 hostbased: check for client hostkey before building chost
20 23
2120011109 2420011109
22 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) 25 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
@@ -6826,4 +6829,4 @@
6826 - Wrote replacements for strlcpy and mkdtemp 6829 - Wrote replacements for strlcpy and mkdtemp
6827 - Released 1.0pre1 6830 - Released 1.0pre1
6828 6831
6829$Id: ChangeLog,v 1.1639 2001/11/11 23:52:44 djm Exp $ 6832$Id: ChangeLog,v 1.1640 2001/11/12 00:02:03 djm Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index 705aa4561..66dccf600 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.84 2001/10/29 19:27:15 markus Exp $");
27 27
28#include <openssl/bn.h> 28#include <openssl/bn.h>
29#include <openssl/md5.h> 29#include <openssl/md5.h>
@@ -836,16 +836,6 @@ userauth_hostbased(Authctxt *authctxt)
836 u_int blen, slen; 836 u_int blen, slen;
837 int ok, i, len, found = 0; 837 int ok, i, len, found = 0;
838 838
839 p = get_local_name(packet_get_connection_in());
840 if (p == NULL) {
841 error("userauth_hostbased: cannot get local ipaddr/name");
842 return 0;
843 }
844 len = strlen(p) + 2;
845 chost = xmalloc(len);
846 strlcpy(chost, p, len);
847 strlcat(chost, ".", len);
848 debug2("userauth_hostbased: chost %s", chost);
849 /* check for a useful key */ 839 /* check for a useful key */
850 for (i = 0; i < authctxt->nkeys; i++) { 840 for (i = 0; i < authctxt->nkeys; i++) {
851 private = authctxt->keys[i]; 841 private = authctxt->keys[i];
@@ -857,14 +847,26 @@ userauth_hostbased(Authctxt *authctxt)
857 } 847 }
858 } 848 }
859 if (!found) { 849 if (!found) {
860 xfree(chost); 850 debug("userauth_hostbased: no more client hostkeys");
861 return 0; 851 return 0;
862 } 852 }
863 if (key_to_blob(private, &blob, &blen) == 0) { 853 if (key_to_blob(private, &blob, &blen) == 0) {
864 key_free(private); 854 key_free(private);
865 xfree(chost);
866 return 0; 855 return 0;
867 } 856 }
857 /* figure out a name for the client host */
858 p = get_local_name(packet_get_connection_in());
859 if (p == NULL) {
860 error("userauth_hostbased: cannot get local ipaddr/name");
861 key_free(private);
862 return 0;
863 }
864 len = strlen(p) + 2;
865 chost = xmalloc(len);
866 strlcpy(chost, p, len);
867 strlcat(chost, ".", len);
868 debug2("userauth_hostbased: chost %s", chost);
869
868 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : 870 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
869 authctxt->service; 871 authctxt->service;
870 pkalg = xstrdup(key_ssh_name(private)); 872 pkalg = xstrdup(key_ssh_name(private));
@@ -882,7 +884,6 @@ userauth_hostbased(Authctxt *authctxt)
882#ifdef DEBUG_PK 884#ifdef DEBUG_PK
883 buffer_dump(&b); 885 buffer_dump(&b);
884#endif 886#endif
885 debug2("xxx: chost %s", chost);
886 ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); 887 ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
887 key_free(private); 888 key_free(private);
888 buffer_free(&b); 889 buffer_free(&b);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 09:31:56 +0000