tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2001/04/18 22:03:45

Browse Source 
[auth2.c sshconnect2.c]
     use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
This commit is contained in:
Ben Lindstrom 2001-04-19 20:35:40 +00:00
parent 5eb97b6f3d
commit 2bffd6fd1b
3 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -6,6 +6,9 @@
- markus@cvs.openbsd.org 2001/04/18 21:57:42 - markus@cvs.openbsd.org 2001/04/18 21:57:42
[readpass.c ssh-add.c] [readpass.c ssh-add.c]
call askpass from ssh, too, based on work by roth@feep.net, ok deraadt call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
- markus@cvs.openbsd.org 2001/04/18 22:03:45
[auth2.c sshconnect2.c]
use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
20010418 20010418
- OpenBSD CVS Sync - OpenBSD CVS Sync
@ -5168,4 +5171,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1141 2001/04/19 20:33:07 mouring Exp $ $Id: ChangeLog,v 1.1142 2001/04/19 20:35:40 mouring Exp $

12
auth2.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth2.c,v 1.52 2001/04/12 19:15:24 markus Exp $"); RCSID("$OpenBSD: auth2.c,v 1.53 2001/04/18 22:03:44 markus Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
@ -799,19 +799,23 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, const char *chost,
const char *resolvedname, *ipaddr, *lookup; const char *resolvedname, *ipaddr, *lookup;
struct stat st; struct stat st;
char *user_hostfile; char *user_hostfile;
int host_status; int host_status, len;
resolvedname = get_canonical_hostname(options.reverse_mapping_check); resolvedname = get_canonical_hostname(options.reverse_mapping_check);
ipaddr = get_remote_ipaddr(); ipaddr = get_remote_ipaddr();
debug2("userauth_hostbased: resolvedname %s ipaddr %s", debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
resolvedname, ipaddr); chost, resolvedname, ipaddr);
if (options.hostbased_uses_name_from_packet_only) { if (options.hostbased_uses_name_from_packet_only) {
if (auth_rhosts2(pw, cuser, chost, chost) == 0) if (auth_rhosts2(pw, cuser, chost, chost) == 0)
return 0; return 0;
lookup = chost; lookup = chost;
} else { } else {
if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
debug2("stripping trailing dot from chost %s", chost);
chost[len - 1] = '\0';
}
if (strcasecmp(resolvedname, chost) != 0) if (strcasecmp(resolvedname, chost) != 0)
log("userauth_hostbased mismatch: " log("userauth_hostbased mismatch: "
"client sends %s, but we resolve %s to %s", "client sends %s, but we resolve %s to %s",

9
sshconnect2.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $"); RCSID("$OpenBSD: sshconnect2.c,v 1.71 2001/04/18 22:03:45 markus Exp $");
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -816,14 +816,17 @@ userauth_hostbased(Authctxt *authctxt)
u_char *signature, *blob; u_char *signature, *blob;
char *chost, *pkalg, *p; char *chost, *pkalg, *p;
u_int blen, slen; u_int blen, slen;
int ok, i, found = 0; int ok, i, len, found = 0;
p = get_local_name(packet_get_connection_in()); p = get_local_name(packet_get_connection_in());
if (p == NULL) { if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name"); error("userauth_hostbased: cannot get local ipaddr/name");
return 0; return 0;
} }
chost = xstrdup(p); len = strlen(p) + 2;
chost = xmalloc(len);
strlcpy(chost, p, len);
strlcat(chost, ".", len);
debug2("userauth_hostbased: chost %s", chost); debug2("userauth_hostbased: chost %s", chost);
/* check for a useful key */ /* check for a useful key */
for (i = 0; i < authctxt->nkeys; i++) { for (i = 0; i < authctxt->nkeys; i++) {