tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2011/02/16 00:31:14 

[ssh-keysign.c]
     make hostbased auth with ECDSA keys work correctly. Based on patch
     by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
This commit is contained in:
Damien Miller 2011-02-18 09:18:45 +11:00
parent ea676a6422
commit 0588beba39
2 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
20110218
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/02/16 00:31:14
[ssh-keysign.c]
make hostbased auth with ECDSA keys work correctly. Based on patch
by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
20110206 20110206
- (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
selinux code. Patch from Leonardo Chiquitto selinux code. Patch from Leonardo Chiquitto

23
ssh-keysign.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keysign.c,v 1.35 2010/08/31 12:33:38 djm Exp $ */ /* $OpenBSD: ssh-keysign.c,v 1.36 2011/02/16 00:31:14 djm Exp $ */
/* /*
* Copyright (c) 2002 Markus Friedl. All rights reserved. * Copyright (c) 2002 Markus Friedl. All rights reserved.
* *
@ -150,9 +150,10 @@ main(int argc, char **argv)
{ {
Buffer b; Buffer b;
Options options; Options options;
Key *keys[2], *key = NULL; #define NUM_KEYTYPES 3
Key *keys[NUM_KEYTYPES], *key = NULL;
struct passwd *pw; struct passwd *pw;
int key_fd[2], i, found, version = 2, fd; int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
u_char *signature, *data; u_char *signature, *data;
char *host; char *host;
u_int slen, dlen; u_int slen, dlen;
@ -165,8 +166,10 @@ main(int argc, char **argv)
if (fd > 2) if (fd > 2)
close(fd); close(fd);
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); i = 0;
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
original_real_uid = getuid(); /* XXX readconf.c needs this */ original_real_uid = getuid(); /* XXX readconf.c needs this */
if ((pw = getpwuid(original_real_uid)) == NULL) if ((pw = getpwuid(original_real_uid)) == NULL)
@ -191,7 +194,11 @@ main(int argc, char **argv)
fatal("ssh-keysign not enabled in %s", fatal("ssh-keysign not enabled in %s",
_PATH_HOST_CONFIG_FILE); _PATH_HOST_CONFIG_FILE);
if (key_fd[0] == -1 && key_fd[1] == -1) for (i = found = 0; i < NUM_KEYTYPES; i++) {
if (key_fd[i] != -1)
found = 1;
}
if (found == 0)
fatal("could not open any host key"); fatal("could not open any host key");
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
@ -200,7 +207,7 @@ main(int argc, char **argv)
RAND_seed(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd));
found = 0; found = 0;
for (i = 0; i < 2; i++) { for (i = 0; i < NUM_KEYTYPES; i++) {
keys[i] = NULL; keys[i] = NULL;
if (key_fd[i] == -1) if (key_fd[i] == -1)
continue; continue;
@ -230,7 +237,7 @@ main(int argc, char **argv)
xfree(host); xfree(host);
found = 0; found = 0;
for (i = 0; i < 2; i++) { for (i = 0; i < NUM_KEYTYPES; i++) {
if (keys[i] != NULL && if (keys[i] != NULL &&
key_equal_public(key, keys[i])) { key_equal_public(key, keys[i])) {
found = 1; found = 1;