Attachment #1297 for bug #616




	debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
	    chost, resolvedname, ipaddr);

	if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
		debug2("stripping trailing dot from chost %s", chost);
		chost[len - 1] = '\0';
	}
	if (options.hostbased_uses_name_from_packet_only) {
		if (auth_rhosts2(pw, cuser, chost, chost) == 0)
			return 0;
		lookup = chost;
	} else {
		if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
			debug2("stripping trailing dot from chost %s", chost);
			chost[len - 1] = '\0';
		}
		if (strcasecmp(resolvedname, chost) != 0)
			logit("userauth_hostbased mismatch: "
			    "client sends %s, but we resolve %s to %s",




#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <unistd.h>

#include "xmalloc.h"
#include "packet.h"

char *
get_local_name(int sock)
{
	char *p, host[NI_MAXHOST], ntop[NI_MAXHOST];
	struct addrinfo *ai;
	int r;

	p = get_socket_address(sock, 0, NI_NAMEREQD);
	if (p == NULL) {
		if (gethostname(host, sizeof(host)) == -1) {
			error("get_local_name: gethostname failed: %s",
				strerror(errno));
			return NULL;
		}

		if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
			error("get_local_name: getaddrinfo %s failed: %s", host,
			    r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
			return NULL;
		}

		/* Work around Linux IPv6 weirdness */
		if (ai->ai_addr->sa_family == AF_INET6)
			ai->ai_addrlen = sizeof(struct sockaddr_in6);

		ipv64_normalise_mapped(ai->ai_addr, ai->ai_addrlen);

		/* Get the address in ascii. */
		if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
		    sizeof(ntop), NULL, 0, NI_NAMEREQD)) != 0) {
			error("get_local_name: getnameinfo %d failed: %s", NI_NAMEREQD,
			    r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
			freeaddrinfo(ai);
			return NULL;
		}
		freeaddrinfo(ai);
		return xstrdup(ntop);
	}
	return p;
}

/*




/* $OpenBSD: sshconnect2.c,v 1.162 2006/08/30 00:06:51 dtucker Exp $ */
/*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *

#include <sys/stat.h>

#include <errno.h>
#include <netdb.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>

	Sensitive *sensitive = authctxt->sensitive;
	Buffer b;
	u_char *signature, *blob;
	char *chost, *pkalg, *p;
	const char *service;
	u_int blen, slen;
	int ok, i, len, found = 0;

		return 0;
	}
	/* figure out a name for the client host */
	p = get_local_name(packet_get_connection_in());
	if (packet_connection_is_on_socket())
		p = get_local_name(packet_get_connection_in());
	if (p == NULL) {
		if (gethostname(myname, sizeof(myname)) == -1) {
			verbose("userauth_hostbased: gethostname: %s", 
			    strerror(errno));
		} else
			p = xstrdup(myname);
	}
	if (p == NULL) {
		error("userauth_hostbased: cannot get local ipaddr/name");
		key_free(private);

Return to bug 616

Lines 151-165 Link Here

(-)auth2-hostbased.c (-4 / +4 lines)
151	debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",	151	debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
152	chost, resolvedname, ipaddr);	152	chost, resolvedname, ipaddr);
153		153
		154	if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
		155	debug2("stripping trailing dot from chost %s", chost);
		156	chost[len - 1] = '\0';
		157	}
154	if (options.hostbased_uses_name_from_packet_only) {	158	if (options.hostbased_uses_name_from_packet_only) {
155	if (auth_rhosts2(pw, cuser, chost, chost) == 0)	159	if (auth_rhosts2(pw, cuser, chost, chost) == 0)
156	return 0;	160	return 0;
157	lookup = chost;	161	lookup = chost;
158	} else {	162	} else {
159	if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
160	debug2("stripping trailing dot from chost %s", chost);
161	chost[len - 1] = '\0';
162	}
163	if (strcasecmp(resolvedname, chost) != 0)	163	if (strcasecmp(resolvedname, chost) != 0)
164	logit("userauth_hostbased mismatch: "	164	logit("userauth_hostbased mismatch: "
165	"client sends %s, but we resolve %s to %s",	165	"client sends %s, but we resolve %s to %s",

Lines 27-32 Link Here

(-)canohost.c (-1 / +37 lines)
27	#include <stdlib.h>	27	#include <stdlib.h>
28	#include <string.h>	28	#include <string.h>
29	#include <stdarg.h>	29	#include <stdarg.h>
		30	#include <unistd.h>
30		31
31	#include "xmalloc.h"	32	#include "xmalloc.h"
32	#include "packet.h"	33	#include "packet.h"
Lines 300-306 Link Here
300	char *	301	char *
301	get_local_name(int sock)	302	get_local_name(int sock)
302	{	303	{
303	return get_socket_address(sock, 0, NI_NAMEREQD);	304	char *p, host[NI_MAXHOST], ntop[NI_MAXHOST];
		305	struct addrinfo *ai;
		306	int r;
		307
		308	p = get_socket_address(sock, 0, NI_NAMEREQD);
		309	if (p == NULL) {
		310	if (gethostname(host, sizeof(host)) == -1) {
		311	error("get_local_name: gethostname failed: %s",
		312	strerror(errno));
		313	return NULL;
		314	}
		315
		316	if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
		317	error("get_local_name: getaddrinfo %s failed: %s", host,
		318	r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
		319	return NULL;
		320	}
		321
		322	/* Work around Linux IPv6 weirdness */
		323	if (ai->ai_addr->sa_family == AF_INET6)
		324	ai->ai_addrlen = sizeof(struct sockaddr_in6);
		325
		326	ipv64_normalise_mapped(ai->ai_addr, ai->ai_addrlen);
		327
		328	/* Get the address in ascii. */
		329	if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
		330	sizeof(ntop), NULL, 0, NI_NAMEREQD)) != 0) {
		331	error("get_local_name: getnameinfo %d failed: %s", NI_NAMEREQD,
		332	r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
		333	freeaddrinfo(ai);
		334	return NULL;
		335	}
		336	freeaddrinfo(ai);
		337	return xstrdup(ntop);
		338	}
		339	return p;
304	}	340	}
305		341
306	/*	342	/*

Lines 1-4 Link Here

(-)sshconnect2.c (-13 / +3 lines)
1	/* $OpenBSD: sshconnect2.c,v 1.164 2007/05/17 23:53:41 jolan Exp $ */	1	/* $OpenBSD: sshconnect2.c,v 1.162 2006/08/30 00:06:51 dtucker Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
Lines 31-37 Link Here
31	#include <sys/stat.h>	31	#include <sys/stat.h>
32		32
33	#include <errno.h>	33	#include <errno.h>
34	#include <netdb.h>
35	#include <pwd.h>	34	#include <pwd.h>
36	#include <signal.h>	35	#include <signal.h>
37	#include <stdarg.h>	36	#include <stdarg.h>
Lines 1308-1314 Link Here
1308	Sensitive *sensitive = authctxt->sensitive;	1307	Sensitive *sensitive = authctxt->sensitive;
1309	Buffer b;	1308	Buffer b;
1310	u_char signature, blob;	1309	u_char signature, blob;
1311	char chost, pkalg, *p, myname[NI_MAXHOST];	1310	char chost, pkalg, *p;
1312	const char *service;	1311	const char *service;
1313	u_int blen, slen;	1312	u_int blen, slen;
1314	int ok, i, len, found = 0;	1313	int ok, i, len, found = 0;
Lines 1332-1347 Link Here
1332	return 0;	1331	return 0;
1333	}	1332	}
1334	/* figure out a name for the client host */	1333	/* figure out a name for the client host */
1335	p = NULL;	1334	p = get_local_name(packet_get_connection_in());
1336	if (packet_connection_is_on_socket())
1337	p = get_local_name(packet_get_connection_in());
1338	if (p == NULL) {
1339	if (gethostname(myname, sizeof(myname)) == -1) {
1340	verbose("userauth_hostbased: gethostname: %s",
1341	strerror(errno));
1342	} else
1343	p = xstrdup(myname);
1344	}
1345	if (p == NULL) {	1335	if (p == NULL) {
1346	error("userauth_hostbased: cannot get local ipaddr/name");	1336	error("userauth_hostbased: cannot get local ipaddr/name");
1347	key_free(private);	1337	key_free(private);