[key.c]
Ignore and log any Protocol 1 keys where the claimed size is not equal to
the actual size. Noted by Derek Martin, ok djm@
+ - dtucker@cvs.openbsd.org 2010/01/13 01:20:20
+ [canohost.c ssh-keysign.c sshconnect2.c]
+ Make HostBased authentication work with a ProxyCommand. bz #1569, patch
+ from imorgan at nas nasa gov, ok djm@
20100112
- (dtucker) OpenBSD CVS Sync
-/* $OpenBSD: canohost.c,v 1.65 2009/05/27 06:31:25 andreas Exp $ */
+/* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
+#include <unistd.h>
#include "xmalloc.h"
#include "packet.h"
}
char *
-get_local_name(int sock)
+get_local_name(int fd)
{
- return get_socket_address(sock, 0, NI_NAMEREQD);
+ char *host, myname[NI_MAXHOST];
+
+ /* Assume we were passed a socket */
+ if ((host = get_socket_address(fd, 0, NI_NAMEREQD)) != NULL)
+ return host;
+
+ /* Handle the case where we were passed a pipe */
+ if (gethostname(myname, sizeof(myname)) == -1) {
+ verbose("get_local_name: gethostname: %s", strerror(errno));
+ } else {
+ host = xstrdup(myname);
+ }
+
+ return host;
}
void
-/* $OpenBSD: ssh-keysign.c,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.30 2010/01/13 01:20:20 dtucker Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
if ((fd == STDIN_FILENO) || (fd == STDOUT_FILENO))
fatal("bad fd");
if ((host = get_local_name(fd)) == NULL)
- fatal("cannot get sockname for fd");
+ fatal("cannot get local name for fd");
data = buffer_get_string(&b, &dlen);
if (valid_request(pw, host, &key, data, dlen) < 0)
-/* $OpenBSD: sshconnect2.c,v 1.178 2010/01/11 04:46:45 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.179 2010/01/13 01:20:20 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
debug2("ssh_keysign called");
if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
- error("ssh_keysign: no installed: %s", strerror(errno));
+ error("ssh_keysign: not installed: %s", strerror(errno));
return -1;
}
if (fflush(stdout) != 0)
Sensitive *sensitive = authctxt->sensitive;
Buffer b;
u_char *signature, *blob;
- char *chost, *pkalg, *p, myname[NI_MAXHOST];
+ char *chost, *pkalg, *p;
const char *service;
u_int blen, slen;
int ok, i, found = 0;
return 0;
}
/* figure out a name for the client host */
- p = NULL;
- if (packet_connection_is_on_socket())
- p = get_local_name(packet_get_connection_in());
- if (p == NULL) {
- if (gethostname(myname, sizeof(myname)) == -1) {
- verbose("userauth_hostbased: gethostname: %s",
- strerror(errno));
- } else
- p = xstrdup(myname);
- }
+ p = get_local_name(packet_get_connection_in());
if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name");
key_free(private);