Cross Reference: /freebsd-11-stable/crypto/openssh/auth2-hostbased.c

Deleted Added

sdiff udiff text old ( 204917 ) new ( 215116 )

full compact

auth2-hostbased.c (204917)	auth2-hostbased.c (215116)
1/* $OpenBSD: auth2-hostbased.c,v 1.13 2010/03/04 10:36:03 djm Exp $ */	1/* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */
2/* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. --- 126 unchanged lines hidden (view full) --- 136 return authenticated; 137} 138 139/* return 1 if given hostkey is allowed / 140int 141hostbased_key_allowed(struct passwd pw, const char cuser, char chost, 142 Key key) 143*{	2/* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. --- 126 unchanged lines hidden (view full) --- 136 return authenticated; 137} 138 139/* return 1 if given hostkey is allowed / 140int 141hostbased_key_allowed(struct passwd pw, const char cuser, char chost, 142 Key key) 143*{
144 const char resolvedname, ipaddr, *lookup;	144 const char resolvedname, ipaddr, lookup, reason;
145 HostStatus host_status; 146 int len;	145 HostStatus host_status; 146 int len;
	147 char *fp;
147 148 if (auth_key_is_revoked(key)) 149 return 0; 150 151 resolvedname = get_canonical_hostname(options.use_dns); 152 ipaddr = get_remote_ipaddr(); 153 154 debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", --- 14 unchanged lines hidden (view full) --- 169 "client sends %s, but we resolve %s to %s", 170 chost, ipaddr, resolvedname); 171 if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) 172 return 0; 173 lookup = resolvedname; 174 } 175 debug2("userauth_hostbased: access allowed by auth_rhosts2"); 176	148 149 if (auth_key_is_revoked(key)) 150 return 0; 151 152 resolvedname = get_canonical_hostname(options.use_dns); 153 ipaddr = get_remote_ipaddr(); 154 155 debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", --- 14 unchanged lines hidden (view full) --- 170 "client sends %s, but we resolve %s to %s", 171 chost, ipaddr, resolvedname); 172 if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) 173 return 0; 174 lookup = resolvedname; 175 } 176 debug2("userauth_hostbased: access allowed by auth_rhosts2"); 177
	178 if (key_is_cert(key) && 179 key_cert_check_authority(key, 1, 0, lookup, &reason)) { 180 error("%s", reason); 181 auth_debug_add("%s", reason); 182 return 0; 183 } 184
177 host_status = check_key_in_hostfiles(pw, key, lookup, 178 _PATH_SSH_SYSTEM_HOSTFILE, 179 options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); 180 181 /* backward compat if no key has been found. */	185 host_status = check_key_in_hostfiles(pw, key, lookup, 186 _PATH_SSH_SYSTEM_HOSTFILE, 187 options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); 188 189 /* backward compat if no key has been found. */
182 if (host_status == HOST_NEW)	190 if (host_status == HOST_NEW) {
183 host_status = check_key_in_hostfiles(pw, key, lookup, 184 _PATH_SSH_SYSTEM_HOSTFILE2, 185 options.ignore_user_known_hosts ? NULL : 186 _PATH_SSH_USER_HOSTFILE2);	191 host_status = check_key_in_hostfiles(pw, key, lookup, 192 _PATH_SSH_SYSTEM_HOSTFILE2, 193 options.ignore_user_known_hosts ? NULL : 194 _PATH_SSH_USER_HOSTFILE2);
	195 }
187	196
	197 if (host_status == HOST_OK) { 198 if (key_is_cert(key)) { 199 fp = key_fingerprint(key->cert->signature_key, 200 SSH_FP_MD5, SSH_FP_HEX); 201 verbose("Accepted certificate ID \"%s\" signed by " 202 "%s CA %s from %s@%s", key->cert->key_id, 203 key_type(key->cert->signature_key), fp, 204 cuser, lookup); 205 } else { 206 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 207 verbose("Accepted %s public key %s from %s@%s", 208 key_type(key), fp, cuser, lookup); 209 } 210 xfree(fp); 211 } 212
188 return (host_status == HOST_OK); 189} 190 191Authmethod method_hostbased = { 192 "hostbased", 193 userauth_hostbased, 194 &options.hostbased_authentication 195};	213 return (host_status == HOST_OK); 214} 215 216Authmethod method_hostbased = { 217 "hostbased", 218 userauth_hostbased, 219 &options.hostbased_authentication 220};