X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/884dc78b37d30d2afc7a88c60fd6a88563d126d7..9fe5dd17d0bd5700215ec3ba072d3f875d34cd39:/openssh/auth2-hostbased.c

diff --git a/openssh/auth2-hostbased.c b/openssh/auth2-hostbased.c
index 2bde7bb..041051c 100644
--- a/openssh/auth2-hostbased.c
+++ b/openssh/auth2-hostbased.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: auth2-hostbased.c,v 1.12 2008/07/17 08:51:07 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -23,26 +24,34 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2-hostbased.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
 
-#include "ssh2.h"
+#include <sys/types.h>
+
+#include <pwd.h>
+#include <string.h>
+#include <stdarg.h>
+
 #include "xmalloc.h"
+#include "ssh2.h"
 #include "packet.h"
 #include "buffer.h"
 #include "log.h"
 #include "servconf.h"
 #include "compat.h"
-#include "bufaux.h"
-#include "auth.h"
 #include "key.h"
+#include "hostfile.h"
+#include "auth.h"
 #include "canohost.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
 #include "monitor_wrap.h"
 #include "pathnames.h"
 
 /* import */
 extern ServerOptions options;
 extern u_char *session_id2;
-extern int session_id2_len;
+extern u_int session_id2_len;
 
 static int
 userauth_hostbased(Authctxt *authctxt)
@@ -77,7 +86,7 @@ userauth_hostbased(Authctxt *authctxt)
 	pktype = key_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 		/* this is perfectly legal */
-		log("userauth_hostbased: unsupported "
+		logit("userauth_hostbased: unsupported "
 		    "public key algorithm: %s", pkalg);
 		goto done;
 	}
@@ -114,7 +123,7 @@ userauth_hostbased(Authctxt *authctxt)
 			buffer_len(&b))) == 1)
 		authenticated = 1;
 
-	buffer_clear(&b);
+	buffer_free(&b);
 done:
 	debug2("userauth_hostbased: authenticated %d", authenticated);
 	if (key != NULL)
@@ -136,23 +145,24 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
 	HostStatus host_status;
 	int len;
 
-	resolvedname = get_canonical_hostname(options.verify_reverse_mapping);
+	resolvedname = get_canonical_hostname(options.use_dns);
 	ipaddr = get_remote_ipaddr();
 
 	debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
 	    chost, resolvedname, ipaddr);
 
+	if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
+		debug2("stripping trailing dot from chost %s", chost);
+		chost[len - 1] = '\0';
+	}
+
 	if (options.hostbased_uses_name_from_packet_only) {
 		if (auth_rhosts2(pw, cuser, chost, chost) == 0)
 			return 0;
 		lookup = chost;
 	} else {
-		if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
-			debug2("stripping trailing dot from chost %s", chost);
-			chost[len - 1] = '\0';
-		}
 		if (strcasecmp(resolvedname, chost) != 0)
-			log("userauth_hostbased mismatch: "
+			logit("userauth_hostbased mismatch: "
 			    "client sends %s, but we resolve %s to %s",
 			    chost, ipaddr, resolvedname);
 		if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0)