diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2001-04-18 22:03:46 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-04-18 22:03:46 +0000 |
commit | 06a5ec82fe2fe8820d32fe68523c63f2cfec86aa (patch) | |
tree | cab68406a07a7abed59ad8e7c804f6a066f749b6 | |
parent | c5beb2be5e83854cdde5316abc584ad33442980e (diff) |
use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
-rw-r--r-- | usr.bin/ssh/auth2.c | 12 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 9 |
2 files changed, 14 insertions, 7 deletions
diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 56c2be7e4fe..1cd40d5e47d 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.52 2001/04/12 19:15:24 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.53 2001/04/18 22:03:44 markus Exp $"); #include <openssl/evp.h> @@ -741,19 +741,23 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, const char *chost, const char *resolvedname, *ipaddr, *lookup; struct stat st; char *user_hostfile; - int host_status; + int host_status, len; resolvedname = get_canonical_hostname(options.reverse_mapping_check); ipaddr = get_remote_ipaddr(); - debug2("userauth_hostbased: resolvedname %s ipaddr %s", - resolvedname, ipaddr); + debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", + chost, resolvedname, ipaddr); if (options.hostbased_uses_name_from_packet_only) { if (auth_rhosts2(pw, cuser, chost, chost) == 0) return 0; lookup = chost; } else { + if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { + debug2("stripping trailing dot from chost %s", chost); + chost[len - 1] = '\0'; + } if (strcasecmp(resolvedname, chost) != 0) log("userauth_hostbased mismatch: " "client sends %s, but we resolve %s to %s", diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index baa4e702851..ac3ad013bbc 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.71 2001/04/18 22:03:45 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -816,14 +816,17 @@ userauth_hostbased(Authctxt *authctxt) u_char *signature, *blob; char *chost, *pkalg, *p; u_int blen, slen; - int ok, i, found = 0; + int ok, i, len, found = 0; p = get_local_name(packet_get_connection_in()); if (p == NULL) { error("userauth_hostbased: cannot get local ipaddr/name"); return 0; } - chost = xstrdup(p); + len = strlen(p) + 2; + chost = xmalloc(len); + strlcpy(chost, p, len); + strlcat(chost, ".", len); debug2("userauth_hostbased: chost %s", chost); /* check for a useful key */ for (i = 0; i < authctxt->nkeys; i++) { |