Trailing dot is not removed from client hostname if HostbasedUsesNameFromPacketOnly is yes
Markus Friedl
markus at openbsd.org
Sun Sep 14 01:34:56 EST 2003
AFAIK HostbasedUsesNameFromPacketOnly means: use the _exact_
value from the packet. This is why the dot is not
removed. Moreover, HostbasedUsesNameFromPacketOnly is
not recommended and experimental. The client
needs to be changed to have truely random names in
the hostbased packets.
On Sat, Sep 13, 2003 at 03:19:44AM -0400, Carson Gaspar wrote:
> If HostbasedUsesNameFromPacketOnly is set to yes, sshd does not remove
> the trailing dot from the client supplied hostname, causing sshd to
> attempt to look up "foo.example.com." (note trailing period) in
> known_hosts and .shosts instead of "foo.example.com"
>
> Trivial patch attached.
>
> --
> Carson
> --- auth2-hostbased.c.DIST 2003-09-13 03:05:22.921075000 -0400
> +++ auth2-hostbased.c 2003-09-13 03:06:10.206073000 -0400
> @@ -142,15 +142,15 @@
> debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
> chost, resolvedname, ipaddr);
>
> + if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
> + debug2("stripping trailing dot from chost %s", chost);
> + chost[len - 1] = '\0';
> + }
> if (options.hostbased_uses_name_from_packet_only) {
> if (auth_rhosts2(pw, cuser, chost, chost) == 0)
> return 0;
> lookup = chost;
> } else {
> - if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
> - debug2("stripping trailing dot from chost %s", chost);
> - chost[len - 1] = '\0';
> - }
> if (strcasecmp(resolvedname, chost) != 0)
> logit("userauth_hostbased mismatch: "
> "client sends %s, but we resolve %s to %s",
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list