auth2-hostbased.c (204917) | auth2-hostbased.c (215116) |
---|---|
1/* $OpenBSD: auth2-hostbased.c,v 1.13 2010/03/04 10:36:03 djm Exp $ */ | 1/* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */ |
2/* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. --- 126 unchanged lines hidden (view full) --- 136 return authenticated; 137} 138 139/* return 1 if given hostkey is allowed */ 140int 141hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, 142 Key *key) 143{ | 2/* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. --- 126 unchanged lines hidden (view full) --- 136 return authenticated; 137} 138 139/* return 1 if given hostkey is allowed */ 140int 141hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, 142 Key *key) 143{ |
144 const char *resolvedname, *ipaddr, *lookup; | 144 const char *resolvedname, *ipaddr, *lookup, *reason; |
145 HostStatus host_status; 146 int len; | 145 HostStatus host_status; 146 int len; |
147 char *fp; |
|
147 148 if (auth_key_is_revoked(key)) 149 return 0; 150 151 resolvedname = get_canonical_hostname(options.use_dns); 152 ipaddr = get_remote_ipaddr(); 153 154 debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", --- 14 unchanged lines hidden (view full) --- 169 "client sends %s, but we resolve %s to %s", 170 chost, ipaddr, resolvedname); 171 if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) 172 return 0; 173 lookup = resolvedname; 174 } 175 debug2("userauth_hostbased: access allowed by auth_rhosts2"); 176 | 148 149 if (auth_key_is_revoked(key)) 150 return 0; 151 152 resolvedname = get_canonical_hostname(options.use_dns); 153 ipaddr = get_remote_ipaddr(); 154 155 debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", --- 14 unchanged lines hidden (view full) --- 170 "client sends %s, but we resolve %s to %s", 171 chost, ipaddr, resolvedname); 172 if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) 173 return 0; 174 lookup = resolvedname; 175 } 176 debug2("userauth_hostbased: access allowed by auth_rhosts2"); 177 |
178 if (key_is_cert(key) && 179 key_cert_check_authority(key, 1, 0, lookup, &reason)) { 180 error("%s", reason); 181 auth_debug_add("%s", reason); 182 return 0; 183 } 184 |
|
177 host_status = check_key_in_hostfiles(pw, key, lookup, 178 _PATH_SSH_SYSTEM_HOSTFILE, 179 options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); 180 181 /* backward compat if no key has been found. */ | 185 host_status = check_key_in_hostfiles(pw, key, lookup, 186 _PATH_SSH_SYSTEM_HOSTFILE, 187 options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); 188 189 /* backward compat if no key has been found. */ |
182 if (host_status == HOST_NEW) | 190 if (host_status == HOST_NEW) { |
183 host_status = check_key_in_hostfiles(pw, key, lookup, 184 _PATH_SSH_SYSTEM_HOSTFILE2, 185 options.ignore_user_known_hosts ? NULL : 186 _PATH_SSH_USER_HOSTFILE2); | 191 host_status = check_key_in_hostfiles(pw, key, lookup, 192 _PATH_SSH_SYSTEM_HOSTFILE2, 193 options.ignore_user_known_hosts ? NULL : 194 _PATH_SSH_USER_HOSTFILE2); |
195 } |
|
187 | 196 |
197 if (host_status == HOST_OK) { 198 if (key_is_cert(key)) { 199 fp = key_fingerprint(key->cert->signature_key, 200 SSH_FP_MD5, SSH_FP_HEX); 201 verbose("Accepted certificate ID \"%s\" signed by " 202 "%s CA %s from %s@%s", key->cert->key_id, 203 key_type(key->cert->signature_key), fp, 204 cuser, lookup); 205 } else { 206 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 207 verbose("Accepted %s public key %s from %s@%s", 208 key_type(key), fp, cuser, lookup); 209 } 210 xfree(fp); 211 } 212 |
|
188 return (host_status == HOST_OK); 189} 190 191Authmethod method_hostbased = { 192 "hostbased", 193 userauth_hostbased, 194 &options.hostbased_authentication 195}; | 213 return (host_status == HOST_OK); 214} 215 216Authmethod method_hostbased = { 217 "hostbased", 218 userauth_hostbased, 219 &options.hostbased_authentication 220}; |