-/* $OpenBSD: sshconnect2.c,v 1.153 2006/05/08 10:49:48 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.165 2008/01/19 23:09:49 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "includes.h"
#include <sys/types.h>
+#include <sys/socket.h>
#include <sys/wait.h>
#include <sys/stat.h>
+#include <errno.h>
+#include <netdb.h>
+#include <pwd.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
#include "openbsd-compat/sys-queue.h"
+#include "xmalloc.h"
#include "ssh.h"
#include "ssh2.h"
-#include "xmalloc.h"
#include "buffer.h"
#include "packet.h"
#include "compat.h"
-#include "bufaux.h"
#include "cipher.h"
+#include "key.h"
#include "kex.h"
#include "myproposal.h"
#include "sshconnect.h"
#include "canohost.h"
#include "msg.h"
#include "pathnames.h"
+#include "uidswap.h"
#ifdef GSSAPI
#include "ssh-gss.h"
options.hostkeyalgorithms;
if (options.rekey_limit)
- packet_set_rekey_limit(options.rekey_limit);
+ packet_set_rekey_limit((u_int32_t)options.rekey_limit);
/* start key exchange */
kex = kex_setup(myproposal);
debug3("input_userauth_banner");
msg = packet_get_string(NULL);
lang = packet_get_string(NULL);
- if (options.log_level > SYSLOG_LEVEL_QUIET)
+ if (options.log_level >= SYSLOG_LEVEL_INFO)
fprintf(stderr, "%s", msg);
xfree(msg);
xfree(lang);
/* Check to see if the mechanism is usable before we offer it */
while (mech < gss_supported->count && !ok) {
- if (gssctxt)
- ssh_gssapi_delete_ctx(&gssctxt);
- ssh_gssapi_build_ctx(&gssctxt);
- ssh_gssapi_set_oid(gssctxt, &gss_supported->elements[mech]);
-
/* My DER encoding requires length<128 */
if (gss_supported->elements[mech].length < 128 &&
- !GSS_ERROR(ssh_gssapi_import_name(gssctxt,
- authctxt->host))) {
+ ssh_gssapi_check_mechanism(&gssctxt,
+ &gss_supported->elements[mech], authctxt->host)) {
ok = 1; /* Mechanism works */
} else {
mech++;
}
}
- if (!ok) {
- ssh_gssapi_delete_ctx(&gssctxt);
+ if (!ok)
return 0;
- }
authctxt->methoddata=(void *)gssctxt;
return -1;
}
if (pid == 0) {
- seteuid(getuid());
- setuid(getuid());
+ permanently_drop_suid(getuid());
close(from[0]);
if (dup2(from[1], STDOUT_FILENO) < 0)
fatal("ssh_keysign: dup2: %s", strerror(errno));
Sensitive *sensitive = authctxt->sensitive;
Buffer b;
u_char *signature, *blob;
- char *chost, *pkalg, *p;
+ char *chost, *pkalg, *p, myname[NI_MAXHOST];
const char *service;
u_int blen, slen;
int ok, i, len, found = 0;
return 0;
}
/* figure out a name for the client host */
- p = get_local_name(packet_get_connection_in());
+ p = NULL;
+ if (packet_connection_is_on_socket())
+ p = get_local_name(packet_get_connection_in());
+ if (p == NULL) {
+ if (gethostname(myname, sizeof(myname)) == -1) {
+ verbose("userauth_hostbased: gethostname: %s",
+ strerror(errno));
+ } else
+ p = xstrdup(myname);
+ }
if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name");
key_free(private);
andersk / openssh.git / blobdiff