summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2001-04-18 22:03:46 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2001-04-18 22:03:46 +0000
commit06a5ec82fe2fe8820d32fe68523c63f2cfec86aa (patch)
treecab68406a07a7abed59ad8e7c804f6a066f749b6
parentc5beb2be5e83854cdde5316abc584ad33442980e (diff)
use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
-rw-r--r--usr.bin/ssh/auth2.c12
-rw-r--r--usr.bin/ssh/sshconnect2.c9
2 files changed, 14 insertions, 7 deletions
diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c
index 56c2be7e4fe..1cd40d5e47d 100644
--- a/usr.bin/ssh/auth2.c
+++ b/usr.bin/ssh/auth2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.52 2001/04/12 19:15:24 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.53 2001/04/18 22:03:44 markus Exp $");
#include <openssl/evp.h>
@@ -741,19 +741,23 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, const char *chost,
const char *resolvedname, *ipaddr, *lookup;
struct stat st;
char *user_hostfile;
- int host_status;
+ int host_status, len;
resolvedname = get_canonical_hostname(options.reverse_mapping_check);
ipaddr = get_remote_ipaddr();
- debug2("userauth_hostbased: resolvedname %s ipaddr %s",
- resolvedname, ipaddr);
+ debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
+ chost, resolvedname, ipaddr);
if (options.hostbased_uses_name_from_packet_only) {
if (auth_rhosts2(pw, cuser, chost, chost) == 0)
return 0;
lookup = chost;
} else {
+ if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
+ debug2("stripping trailing dot from chost %s", chost);
+ chost[len - 1] = '\0';
+ }
if (strcasecmp(resolvedname, chost) != 0)
log("userauth_hostbased mismatch: "
"client sends %s, but we resolve %s to %s",
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index baa4e702851..ac3ad013bbc 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.71 2001/04/18 22:03:45 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -816,14 +816,17 @@ userauth_hostbased(Authctxt *authctxt)
u_char *signature, *blob;
char *chost, *pkalg, *p;
u_int blen, slen;
- int ok, i, found = 0;
+ int ok, i, len, found = 0;
p = get_local_name(packet_get_connection_in());
if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name");
return 0;
}
- chost = xstrdup(p);
+ len = strlen(p) + 2;
+ chost = xmalloc(len);
+ strlcpy(chost, p, len);
+ strlcat(chost, ".", len);
debug2("userauth_hostbased: chost %s", chost);
/* check for a useful key */
for (i = 0; i < authctxt->nkeys; i++) {