[openssh-unix-announce] OpenSSH 3.5 released

Markus Friedl markus at openbsd.org
Thu Oct 17 03:24:02 EST 2002


On Wed, Oct 16, 2002 at 03:21:01PM +0200, Markus Friedl wrote:
> On Wed, Oct 16, 2002 at 02:57:10PM +0200, Reinhard Zierke wrote:
> > My /etc/ssh/ssh_config basically is
> > 
> > Host rz?spc? rz?spc??
> >    ...
> >    HostbasedAuthentication yes
> >    ...
> > 
> > Host *
> >    ...
> >    HostbasedAuthentication no
> >    ...
> > 

i'm very wrong, it's a bug.

this patch (a little bit ugly) should fix this problem:

Index: ssh.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
retrieving revision 1.186
diff -u -r1.186 ssh.c
--- ssh.c	19 Sep 2002 01:58:18 -0000	1.186
+++ ssh.c	16 Oct 2002 17:02:46 -0000
@@ -118,6 +118,7 @@
  * configuration file.
  */
 char *host;
+char *orighost;
 
 /* socket address the host resolves to */
 struct sockaddr_storage hostaddr;
@@ -503,6 +504,7 @@
 	/* Check that we got a host name. */
 	if (!host)
 		usage();
+	orighost = host;
 
 	SSLeay_add_all_algorithms();
 	ERR_load_crypto_strings();
Index: sshconnect2.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshconnect2.c,v
retrieving revision 1.107
diff -u -r1.107 sshconnect2.c
--- sshconnect2.c	1 Jul 2002 19:48:46 -0000	1.107
+++ sshconnect2.c	16 Oct 2002 17:18:19 -0000
@@ -51,6 +51,7 @@
 /* import */
 extern char *client_version_string;
 extern char *server_version_string;
+extern char *orighost;			/* XXX */
 extern Options options;
 
 /*
@@ -904,10 +905,12 @@
 	Buffer b;
 	struct stat st;
 	pid_t pid;
-	int to[2], from[2], status, version = 2;
+	int to[2], from[2], status, version = 3;
 
 	debug("ssh_keysign called");
 
+	if (orighost == NULL)
+		return -1;
 	if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
 		error("ssh_keysign: no installed: %s", strerror(errno));
 		return -1;
@@ -945,6 +948,7 @@
 	close(to[0]);
 
 	buffer_init(&b);
+	buffer_put_cstring(&b, orighost);
 	buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
 	buffer_put_string(&b, data, datalen);
 	msg_send(to[1], version, &b);
Index: ssh-keysign.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keysign.c,v
retrieving revision 1.7
diff -u -r1.7 ssh-keysign.c
--- ssh-keysign.c	3 Jul 2002 14:21:05 -0000	1.7
+++ ssh-keysign.c	16 Oct 2002 17:18:28 -0000
@@ -137,9 +137,9 @@
 	Options options;
 	Key *keys[2], *key;
 	struct passwd *pw;
-	int key_fd[2], i, found, version = 2, fd;
+	int key_fd[2], i, found, version = 3, fd;
 	u_char *signature, *data;
-	char *host;
+	char *host, *remotehost;
 	u_int slen, dlen;
 	u_int32_t rnd[256];
 
@@ -153,15 +153,6 @@
 	log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
 #endif
 
-	/* verify that ssh-keysign is enabled by the admin */
-	original_real_uid = getuid();	/* XXX readconf.c needs this */
-	initialize_options(&options);
-	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
-	fill_default_options(&options);
-	if (options.hostbased_authentication != 1)
-		fatal("Hostbased authentication not enabled in %s",
-		    _PATH_HOST_CONFIG_FILE);
-
 	if (key_fd[0] == -1 && key_fd[1] == -1)
 		fatal("could not open any host key");
 
@@ -200,6 +191,18 @@
 		fatal("msg_recv failed");
 	if (buffer_get_char(&b) != version)
 		fatal("bad version");
+
+	/* verify that ssh-keysign is enabled by the admin */
+	remotehost = buffer_get_string(&b, NULL);
+	original_real_uid = getuid();	/* XXX readconf.c needs this */
+	initialize_options(&options);
+	(void)read_config_file(_PATH_HOST_CONFIG_FILE, remotehost, &options);
+	fill_default_options(&options);
+	xfree(remotehost);
+	if (options.hostbased_authentication != 1)
+		fatal("Hostbased authentication not enabled in %s",
+		    _PATH_HOST_CONFIG_FILE);
+
 	fd = buffer_get_int(&b);
 	if ((fd == STDIN_FILENO) || (fd == STDOUT_FILENO))
 		fatal("bad fd");



More information about the openssh-unix-dev mailing list