- markus@cvs.openbsd.org 2001/10/25 21:14:32
[ssh-keygen.1 ssh-keygen.c]
better docu for fingerprinting, ok deraadt@
+ - markus@cvs.openbsd.org 2001/10/29 19:27:15
+ [sshconnect2.c]
+ hostbased: check for client hostkey before building chost
20011109
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.84 2001/10/29 19:27:15 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
u_int blen, slen;
int ok, i, len, found = 0;
- p = get_local_name(packet_get_connection_in());
- if (p == NULL) {
- error("userauth_hostbased: cannot get local ipaddr/name");
- return 0;
- }
- len = strlen(p) + 2;
- chost = xmalloc(len);
- strlcpy(chost, p, len);
- strlcat(chost, ".", len);
- debug2("userauth_hostbased: chost %s", chost);
/* check for a useful key */
for (i = 0; i < authctxt->nkeys; i++) {
private = authctxt->keys[i];
}
}
if (!found) {
- xfree(chost);
+ debug("userauth_hostbased: no more client hostkeys");
return 0;
}
if (key_to_blob(private, &blob, &blen) == 0) {
key_free(private);
- xfree(chost);
return 0;
}
+ /* figure out a name for the client host */
+ p = get_local_name(packet_get_connection_in());
+ if (p == NULL) {
+ error("userauth_hostbased: cannot get local ipaddr/name");
+ key_free(private);
+ return 0;
+ }
+ len = strlen(p) + 2;
+ chost = xmalloc(len);
+ strlcpy(chost, p, len);
+ strlcat(chost, ".", len);
+ debug2("userauth_hostbased: chost %s", chost);
+
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
pkalg = xstrdup(key_ssh_name(private));
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
- debug2("xxx: chost %s", chost);
ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
key_free(private);
buffer_free(&b);