- djm@cvs.openbsd.org 2008/01/19 23:09:49

[openssh.git] / sshconnect2.c

diff --git a/sshconnect2.c b/sshconnect2.c
index 27e5442e96876002bad473c6bb5f93e5a7e3891c..5bb7723682496638db03c4e27ad4ecc7a86c9c07 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.159 2006/08/01 23:22:48 stevesk Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.165 2008/01/19 23:09:49 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -26,24 +26,29 @@
 #include "includes.h"
 
 #include <sys/types.h>
+#include <sys/socket.h>
 #include <sys/wait.h>
 #include <sys/stat.h>
 
 #include <errno.h>
+#include <netdb.h>
+#include <pwd.h>
+#include <signal.h>
+#include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
 
 #include "openbsd-compat/sys-queue.h"
 
+#include "xmalloc.h"
 #include "ssh.h"
 #include "ssh2.h"
-#include "xmalloc.h"
 #include "buffer.h"
 #include "packet.h"
 #include "compat.h"
-#include "bufaux.h"
 #include "cipher.h"
+#include "key.h"
 #include "kex.h"
 #include "myproposal.h"
 #include "sshconnect.h"
@@ -125,7 +130,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
                    options.hostkeyalgorithms;
 
        if (options.rekey_limit)
-               packet_set_rekey_limit(options.rekey_limit);
+               packet_set_rekey_limit((u_int32_t)options.rekey_limit);
 
        /* start key exchange */
        kex = kex_setup(myproposal);
@@ -374,7 +379,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
        debug3("input_userauth_banner");
        msg = packet_get_string(NULL);
        lang = packet_get_string(NULL);
-       if (options.log_level > SYSLOG_LEVEL_QUIET)
+       if (options.log_level >= SYSLOG_LEVEL_INFO)
                fprintf(stderr, "%s", msg);
        xfree(msg);
        xfree(lang);
@@ -505,25 +510,18 @@ userauth_gssapi(Authctxt *authctxt)
 
        /* Check to see if the mechanism is usable before we offer it */
        while (mech < gss_supported->count && !ok) {
-               if (gssctxt)
-                       ssh_gssapi_delete_ctx(&gssctxt);
-               ssh_gssapi_build_ctx(&gssctxt);
-               ssh_gssapi_set_oid(gssctxt, &gss_supported->elements[mech]);
-
                /* My DER encoding requires length<128 */
                if (gss_supported->elements[mech].length < 128 &&
-                   !GSS_ERROR(ssh_gssapi_import_name(gssctxt,
-                   authctxt->host))) {
+                   ssh_gssapi_check_mechanism(&gssctxt, 
+                   &gss_supported->elements[mech], authctxt->host)) {
                        ok = 1; /* Mechanism works */
                } else {
                        mech++;
                }
        }
 
-       if (!ok) {
-               ssh_gssapi_delete_ctx(&gssctxt);
+       if (!ok)
                return 0;
-       }
 
        authctxt->methoddata=(void *)gssctxt;
 
@@ -1310,7 +1308,7 @@ userauth_hostbased(Authctxt *authctxt)
        Sensitive *sensitive = authctxt->sensitive;
        Buffer b;
        u_char *signature, *blob;
-       char *chost, *pkalg, *p;
+       char *chost, *pkalg, *p, myname[NI_MAXHOST];
        const char *service;
        u_int blen, slen;
        int ok, i, len, found = 0;
@@ -1334,7 +1332,16 @@ userauth_hostbased(Authctxt *authctxt)
                return 0;
        }
        /* figure out a name for the client host */
-       p = get_local_name(packet_get_connection_in());
+       p = NULL;
+       if (packet_connection_is_on_socket())
+               p = get_local_name(packet_get_connection_in());
+       if (p == NULL) {
+               if (gethostname(myname, sizeof(myname)) == -1) {
+                       verbose("userauth_hostbased: gethostname: %s", 
+                           strerror(errno));
+               } else
+                       p = xstrdup(myname);
+       }
        if (p == NULL) {
                error("userauth_hostbased: cannot get local ipaddr/name");
                key_free(private);