tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-28 08:14:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2002/11/07 22:08:07

Browse Source 
[readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
     we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
     because HostbasedAuthentication might be enabled based on the
     target host and ssh-keysign(8) does not know the remote hostname
     and not trust ssh(1) about the hostname, so we add a new option
     EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
This commit is contained in:
Ben Lindstrom 2002-11-09 15:52:31 +00:00
parent c2faa4a504
commit b6df73b06a
5 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@ -25,6 +25,13 @@
- markus@cvs.openbsd.org 2002/11/07 16:28:47 - markus@cvs.openbsd.org 2002/11/07 16:28:47
[sshd.c] [sshd.c]
log to stderr if -ie is given, bug #414, prj@po.cwru.edu log to stderr if -ie is given, bug #414, prj@po.cwru.edu
- markus@cvs.openbsd.org 2002/11/07 22:08:07
[readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
because HostbasedAuthentication might be enabled based on the
target host and ssh-keysign(8) does not know the remote hostname
and not trust ssh(1) about the hostname, so we add a new option
EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
20021021 20021021
- (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from
@ -802,4 +809,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284; save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@ ok provos@
$Id: ChangeLog,v 1.2507 2002/11/09 15:50:03 mouring Exp $ $Id: ChangeLog,v 1.2508 2002/11/09 15:52:31 mouring Exp $

11
readconf.c
View File

@ -12,7 +12,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $"); RCSID("$OpenBSD: readconf.c,v 1.101 2002/11/07 22:08:07 markus Exp $");
#include "ssh.h" #include "ssh.h"
#include "xmalloc.h" #include "xmalloc.h"
@ -114,6 +114,7 @@ typedef enum {
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
oClearAllForwardings, oNoHostAuthenticationForLocalhost, oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign,
oDeprecated oDeprecated
} OpCodes; } OpCodes;
@ -185,6 +186,7 @@ static struct {
{ "bindaddress", oBindAddress }, { "bindaddress", oBindAddress },
{ "smartcarddevice", oSmartcardDevice }, { "smartcarddevice", oSmartcardDevice },
{ "clearallforwardings", oClearAllForwardings }, { "clearallforwardings", oClearAllForwardings },
{ "enablesshkeysign", oEnableSSHKeysign },
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
{ NULL, oBadOption } { NULL, oBadOption }
}; };
@ -669,6 +671,10 @@ parse_int:
*intptr = value; *intptr = value;
break; break;
case oEnableSSHKeysign:
intptr = &options->enable_ssh_keysign;
goto parse_flag;
case oDeprecated: case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"", debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword); filename, linenum, keyword);
@ -792,6 +798,7 @@ initialize_options(Options * options)
options->preferred_authentications = NULL; options->preferred_authentications = NULL;
options->bind_address = NULL; options->bind_address = NULL;
options->smartcard_device = NULL; options->smartcard_device = NULL;
options->enable_ssh_keysign = - 1;
options->no_host_authentication_for_localhost = - 1; options->no_host_authentication_for_localhost = - 1;
} }
@ -907,6 +914,8 @@ fill_default_options(Options * options)
clear_forwardings(options); clear_forwardings(options);
if (options->no_host_authentication_for_localhost == - 1) if (options->no_host_authentication_for_localhost == - 1)
options->no_host_authentication_for_localhost = 0; options->no_host_authentication_for_localhost = 0;
if (options->enable_ssh_keysign == -1)
options->enable_ssh_keysign = 0;
/* options->proxy_command should not be set by default */ /* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */ /* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */

4
readconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */ /* $OpenBSD: readconf.h,v 1.44 2002/11/07 22:08:07 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -99,6 +99,8 @@ typedef struct {
int num_remote_forwards; int num_remote_forwards;
Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
int clear_forwardings; int clear_forwardings;
int enable_ssh_keysign;
int no_host_authentication_for_localhost; int no_host_authentication_for_localhost;
} Options; } Options;

4
ssh-keysign.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $ .\" $OpenBSD: ssh-keysign.8,v 1.4 2002/11/07 22:08:07 markus Exp $
.\" .\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\" .\"
@ -42,7 +42,7 @@ is disabled by default and can only be enabled in the
the global client configuration file the global client configuration file
.Pa /etc/ssh/ssh_config .Pa /etc/ssh/ssh_config
by setting by setting
.Cm HostbasedAuthentication .Cm EnableSSHKeysign
to to
.Dq yes . .Dq yes .
.Pp .Pp

6
ssh-keysign.c
View File

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $"); RCSID("$OpenBSD: ssh-keysign.c,v 1.8 2002/11/07 22:08:07 markus Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/rand.h> #include <openssl/rand.h>
@ -168,8 +168,8 @@ main(int argc, char **argv)
initialize_options(&options); initialize_options(&options);
(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
fill_default_options(&options); fill_default_options(&options);
if (options.hostbased_authentication != 1) if (options.enable_ssh_keysign != 1)
fatal("Hostbased authentication not enabled in %s", fatal("ssh-keysign not enabled in %s",
_PATH_HOST_CONFIG_FILE); _PATH_HOST_CONFIG_FILE);
if (key_fd[0] == -1 && key_fd[1] == -1) if (key_fd[0] == -1 && key_fd[1] == -1)