- dtucker@cvs.openbsd.org 2010/01/13 01:20:20
[canohost.c ssh-keysign.c sshconnect2.c]
Make HostBased authentication work with a ProxyCommand. bz #1569, patch
from imorgan at nas nasa gov, ok djm@
diff --git a/ChangeLog b/ChangeLog
index 866e4aa..7624812 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,10 @@
[key.c]
Ignore and log any Protocol 1 keys where the claimed size is not equal to
the actual size. Noted by Derek Martin, ok djm@
+ - dtucker@cvs.openbsd.org 2010/01/13 01:20:20
+ [canohost.c ssh-keysign.c sshconnect2.c]
+ Make HostBased authentication work with a ProxyCommand. bz #1569, patch
+ from imorgan at nas nasa gov, ok djm@
20100112
- (dtucker) OpenBSD CVS Sync
diff --git a/canohost.c b/canohost.c
index 22b19bb..ef94d91 100644
--- a/canohost.c
+++ b/canohost.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: canohost.c,v 1.65 2009/05/27 06:31:25 andreas Exp $ */
+/* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -27,6 +27,7 @@
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
+#include <unistd.h>
#include "xmalloc.h"
#include "packet.h"
@@ -301,9 +302,22 @@
}
char *
-get_local_name(int sock)
+get_local_name(int fd)
{
- return get_socket_address(sock, 0, NI_NAMEREQD);
+ char *host, myname[NI_MAXHOST];
+
+ /* Assume we were passed a socket */
+ if ((host = get_socket_address(fd, 0, NI_NAMEREQD)) != NULL)
+ return host;
+
+ /* Handle the case where we were passed a pipe */
+ if (gethostname(myname, sizeof(myname)) == -1) {
+ verbose("get_local_name: gethostname: %s", strerror(errno));
+ } else {
+ host = xstrdup(myname);
+ }
+
+ return host;
}
void
diff --git a/ssh-keysign.c b/ssh-keysign.c
index c4bc7e5..0fdcebb 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.30 2010/01/13 01:20:20 dtucker Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@@ -222,7 +222,7 @@
if ((fd == STDIN_FILENO) || (fd == STDOUT_FILENO))
fatal("bad fd");
if ((host = get_local_name(fd)) == NULL)
- fatal("cannot get sockname for fd");
+ fatal("cannot get local name for fd");
data = buffer_get_string(&b, &dlen);
if (valid_request(pw, host, &key, data, dlen) < 0)
diff --git a/sshconnect2.c b/sshconnect2.c
index ed40a9d..e81064d 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.178 2010/01/11 04:46:45 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.179 2010/01/13 01:20:20 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1514,7 +1514,7 @@
debug2("ssh_keysign called");
if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
- error("ssh_keysign: no installed: %s", strerror(errno));
+ error("ssh_keysign: not installed: %s", strerror(errno));
return -1;
}
if (fflush(stdout) != 0)
@@ -1586,7 +1586,7 @@
Sensitive *sensitive = authctxt->sensitive;
Buffer b;
u_char *signature, *blob;
- char *chost, *pkalg, *p, myname[NI_MAXHOST];
+ char *chost, *pkalg, *p;
const char *service;
u_int blen, slen;
int ok, i, found = 0;
@@ -1610,16 +1610,7 @@
return 0;
}
/* figure out a name for the client host */
- p = NULL;
- if (packet_connection_is_on_socket())
- p = get_local_name(packet_get_connection_in());
- if (p == NULL) {
- if (gethostname(myname, sizeof(myname)) == -1) {
- verbose("userauth_hostbased: gethostname: %s",
- strerror(errno));
- } else
- p = xstrdup(myname);
- }
+ p = get_local_name(packet_get_connection_in());
if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name");
key_free(private);