diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | canohost.c | 20 | ||||
-rw-r--r-- | ssh-keysign.c | 4 | ||||
-rw-r--r-- | sshconnect2.c | 17 |
4 files changed, 27 insertions, 18 deletions
@@ -14,6 +14,10 @@ [key.c] Ignore and log any Protocol 1 keys where the claimed size is not equal to the actual size. Noted by Derek Martin, ok djm@ + - dtucker@cvs.openbsd.org 2010/01/13 01:20:20 + [canohost.c ssh-keysign.c sshconnect2.c] + Make HostBased authentication work with a ProxyCommand. bz #1569, patch + from imorgan at nas nasa gov, ok djm@ 20100112 - (dtucker) OpenBSD CVS Sync diff --git a/canohost.c b/canohost.c index 22b19bb9f..ef94d9155 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.65 2009/05/27 06:31:25 andreas Exp $ */ +/* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -27,6 +27,7 @@ #include <stdlib.h> #include <string.h> #include <stdarg.h> +#include <unistd.h> #include "xmalloc.h" #include "packet.h" @@ -301,9 +302,22 @@ get_local_ipaddr(int sock) } char * -get_local_name(int sock) +get_local_name(int fd) { - return get_socket_address(sock, 0, NI_NAMEREQD); + char *host, myname[NI_MAXHOST]; + + /* Assume we were passed a socket */ + if ((host = get_socket_address(fd, 0, NI_NAMEREQD)) != NULL) + return host; + + /* Handle the case where we were passed a pipe */ + if (gethostname(myname, sizeof(myname)) == -1) { + verbose("get_local_name: gethostname: %s", strerror(errno)); + } else { + host = xstrdup(myname); + } + + return host; } void diff --git a/ssh-keysign.c b/ssh-keysign.c index c4bc7e56e..0fdcebbd2 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.30 2010/01/13 01:20:20 dtucker Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -222,7 +222,7 @@ main(int argc, char **argv) if ((fd == STDIN_FILENO) || (fd == STDOUT_FILENO)) fatal("bad fd"); if ((host = get_local_name(fd)) == NULL) - fatal("cannot get sockname for fd"); + fatal("cannot get local name for fd"); data = buffer_get_string(&b, &dlen); if (valid_request(pw, host, &key, data, dlen) < 0) diff --git a/sshconnect2.c b/sshconnect2.c index ed40a9d70..e81064dae 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.178 2010/01/11 04:46:45 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.179 2010/01/13 01:20:20 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1514,7 +1514,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, debug2("ssh_keysign called"); if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { - error("ssh_keysign: no installed: %s", strerror(errno)); + error("ssh_keysign: not installed: %s", strerror(errno)); return -1; } if (fflush(stdout) != 0) @@ -1586,7 +1586,7 @@ userauth_hostbased(Authctxt *authctxt) Sensitive *sensitive = authctxt->sensitive; Buffer b; u_char *signature, *blob; - char *chost, *pkalg, *p, myname[NI_MAXHOST]; + char *chost, *pkalg, *p; const char *service; u_int blen, slen; int ok, i, found = 0; @@ -1610,16 +1610,7 @@ userauth_hostbased(Authctxt *authctxt) return 0; } /* figure out a name for the client host */ - p = NULL; - if (packet_connection_is_on_socket()) - p = get_local_name(packet_get_connection_in()); - if (p == NULL) { - if (gethostname(myname, sizeof(myname)) == -1) { - verbose("userauth_hostbased: gethostname: %s", - strerror(errno)); - } else - p = xstrdup(myname); - } + p = get_local_name(packet_get_connection_in()); if (p == NULL) { error("userauth_hostbased: cannot get local ipaddr/name"); key_free(private); |