tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2001/10/29 19:27:15 

[sshconnect2.c]
     hostbased: check for client hostkey before building chost
This commit is contained in:
Damien Miller 2001-11-12 11:02:03 +11:00
parent eb5fec6494
commit 91c1847733
2 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -17,6 +17,9 @@
- markus@cvs.openbsd.org 2001/10/25 21:14:32 - markus@cvs.openbsd.org 2001/10/25 21:14:32
[ssh-keygen.1 ssh-keygen.c] [ssh-keygen.1 ssh-keygen.c]
better docu for fingerprinting, ok deraadt@ better docu for fingerprinting, ok deraadt@
- markus@cvs.openbsd.org 2001/10/29 19:27:15
[sshconnect2.c]
hostbased: check for client hostkey before building chost
20011109 20011109
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
@ -6826,4 +6829,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1639 2001/11/11 23:52:44 djm Exp $ $Id: ChangeLog,v 1.1640 2001/11/12 00:02:03 djm Exp $

29
sshconnect2.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $"); RCSID("$OpenBSD: sshconnect2.c,v 1.84 2001/10/29 19:27:15 markus Exp $");
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -836,16 +836,6 @@ userauth_hostbased(Authctxt *authctxt)
u_int blen, slen; u_int blen, slen;
int ok, i, len, found = 0; int ok, i, len, found = 0;
p = get_local_name(packet_get_connection_in());
if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name");
return 0;
}
len = strlen(p) + 2;
chost = xmalloc(len);
strlcpy(chost, p, len);
strlcat(chost, ".", len);
debug2("userauth_hostbased: chost %s", chost);
/* check for a useful key */ /* check for a useful key */
for (i = 0; i < authctxt->nkeys; i++) { for (i = 0; i < authctxt->nkeys; i++) {
private = authctxt->keys[i]; private = authctxt->keys[i];
@ -857,14 +847,26 @@ userauth_hostbased(Authctxt *authctxt)
} }
} }
if (!found) { if (!found) {
xfree(chost); debug("userauth_hostbased: no more client hostkeys");
return 0; return 0;
} }
if (key_to_blob(private, &blob, &blen) == 0) { if (key_to_blob(private, &blob, &blen) == 0) {
key_free(private); key_free(private);
xfree(chost);
return 0; return 0;
} }
/* figure out a name for the client host */
p = get_local_name(packet_get_connection_in());
if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name");
key_free(private);
return 0;
}
len = strlen(p) + 2;
chost = xmalloc(len);
strlcpy(chost, p, len);
strlcat(chost, ".", len);
debug2("userauth_hostbased: chost %s", chost);
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service; authctxt->service;
pkalg = xstrdup(key_ssh_name(private)); pkalg = xstrdup(key_ssh_name(private));
@ -882,7 +884,6 @@ userauth_hostbased(Authctxt *authctxt)
#ifdef DEBUG_PK #ifdef DEBUG_PK
buffer_dump(&b); buffer_dump(&b);
#endif #endif
debug2("xxx: chost %s", chost);
ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
key_free(private); key_free(private);
buffer_free(&b); buffer_free(&b);