- markus@cvs.openbsd.org 2001/10/29 19:27:15
[sshconnect2.c]
hostbased: check for client hostkey before building chost
diff --git a/sshconnect2.c b/sshconnect2.c
index 705aa45..66dccf6 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.84 2001/10/29 19:27:15 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -836,16 +836,6 @@
u_int blen, slen;
int ok, i, len, found = 0;
- p = get_local_name(packet_get_connection_in());
- if (p == NULL) {
- error("userauth_hostbased: cannot get local ipaddr/name");
- return 0;
- }
- len = strlen(p) + 2;
- chost = xmalloc(len);
- strlcpy(chost, p, len);
- strlcat(chost, ".", len);
- debug2("userauth_hostbased: chost %s", chost);
/* check for a useful key */
for (i = 0; i < authctxt->nkeys; i++) {
private = authctxt->keys[i];
@@ -857,14 +847,26 @@
}
}
if (!found) {
- xfree(chost);
+ debug("userauth_hostbased: no more client hostkeys");
return 0;
}
if (key_to_blob(private, &blob, &blen) == 0) {
key_free(private);
- xfree(chost);
return 0;
}
+ /* figure out a name for the client host */
+ p = get_local_name(packet_get_connection_in());
+ if (p == NULL) {
+ error("userauth_hostbased: cannot get local ipaddr/name");
+ key_free(private);
+ return 0;
+ }
+ len = strlen(p) + 2;
+ chost = xmalloc(len);
+ strlcpy(chost, p, len);
+ strlcat(chost, ".", len);
+ debug2("userauth_hostbased: chost %s", chost);
+
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
pkalg = xstrdup(key_ssh_name(private));
@@ -882,7 +884,6 @@
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
- debug2("xxx: chost %s", chost);
ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
key_free(private);
buffer_free(&b);