Attachment 980 Details for Bug 910 – Simplified version of attachment id #946.

[patch] Simplified version of attachment id #946.

openssh-910.patch (text/plain), 5.43 KB, created by Darren Tucker on 2005-10-03 15:08:34 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Darren Tucker

Created: 2005-10-03 15:08:34 AEST

Size: 5.43 KB

patch

obsolete

>Index: misc.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/misc.c,v
>retrieving revision 1.49
>diff -u -p -r1.49 misc.c
>--- misc.c	14 Jul 2005 07:05:02 -0000	1.49
>+++ misc.c	3 Oct 2005 03:04:57 -0000
>@@ -29,6 +29,7 @@ RCSID("$OpenBSD: misc.c,v 1.34 2005/07/0
> #include "misc.h"
> #include "log.h"
> #include "xmalloc.h"
>+#include "ssh.h"
> 
> /* remove newline at end of string */
> char *
>@@ -277,6 +278,28 @@ convtime(const char *s)
> }
> 
> /*
>+ * Returns a standardized host+port identifier string.
>+ * Caller must free returned string.
>+ */
>+char *
>+put_host_port(const char *host, u_short port)
>+{
>+	int ret;
>+	char *hoststr;
>+	size_t len;
>+
>+	if (port == 0 || port == SSH_DEFAULT_PORT)
>+		return(xstrdup(host));
>+	len = strlen(host) + sizeof(port) * 4 + 4;
>+	hoststr = xmalloc(len);
>+	ret = snprintf(hoststr, len, "[%s]:%d", host, (int)port);
>+	if (ret == -1 || (size_t)ret >= len)
>+		fatal("put_host_port: snprintf: %s", strerror(errno));
>+	debug3("put_host_port: %s", hoststr);
>+	return hoststr;
>+}
>+
>+/*
>  * Search for next delimiter between hostnames/addresses and ports.
>  * Argument may be modified (for termination).
>  * Returns *cp if parsing succeeds.
>Index: misc.h
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/misc.h,v
>retrieving revision 1.28
>diff -u -p -r1.28 misc.h
>--- misc.h	14 Jul 2005 07:07:21 -0000	1.28
>+++ misc.h	3 Oct 2005 01:19:15 -0000
>@@ -20,6 +20,7 @@ int	 set_nonblock(int);
> int	 unset_nonblock(int);
> void	 set_nodelay(int);
> int	 a2port(const char *);
>+char	*put_host_port(const char *, u_short);
> char	*hpdelim(char **);
> char	*cleanhostname(char *);
> char	*colon(char *);
>Index: sshconnect.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshconnect.c,v
>retrieving revision 1.135
>diff -u -p -r1.135 sshconnect.c
>--- sshconnect.c	17 Jul 2005 07:22:46 -0000	1.135
>+++ sshconnect.c	3 Oct 2005 01:41:32 -0000
>@@ -519,12 +519,12 @@ confirm(const char *prompt)
>  * is not valid. the user_hostfile will not be updated if 'readonly' is true.
>  */
> static int
>-check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
>+check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
>     int readonly, const char *user_hostfile, const char *system_hostfile)
> {
> 	Key *file_key;
> 	const char *type = key_type(host_key);
>-	char *ip = NULL;
>+	char *ip = NULL, *host = NULL;
> 	char hostline[1000], *hostp, *fp;
> 	HostStatus host_status;
> 	HostStatus ip_status;
>@@ -576,6 +576,7 @@ check_host_key(char *host, struct sockad
> 		    NULL, 0, NI_NUMERICHOST) != 0)
> 			fatal("check_host_key: getnameinfo failed");
> 		ip = xstrdup(ntop);
>+		ip = put_host_port(ntop, options.port);
> 	} else {
> 		ip = xstrdup("<no hostip for proxy command>");
> 	}
>@@ -583,18 +584,21 @@ check_host_key(char *host, struct sockad
> 	 * Turn off check_host_ip if the connection is to localhost, via proxy
> 	 * command or if we don't have a hostname to compare with
> 	 */
>-	if (options.check_host_ip &&
>-	    (local || strcmp(host, ip) == 0 || options.proxy_command != NULL))
>+	if (options.check_host_ip && (local ||
>+	    strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
> 		options.check_host_ip = 0;
> 
> 	/*
>-	 * Allow the user to record the key under a different name. This is
>-	 * useful for ssh tunneling over forwarded connections or if you run
>-	 * multiple sshd's on different ports on the same machine.
>+	 * Allow the user to record the key under a different name or
>+	 * differentiate a non-standard port.  This is useful for ssh
>+	 * tunneling over forwarded connections or if you run multiple
>+	 * sshd's on different ports on the same machine.
> 	 */
> 	if (options.host_key_alias != NULL) {
>-		host = options.host_key_alias;
>+		host = xstrdup(options.host_key_alias);
> 		debug("using hostkeyalias: %s", host);
>+	} else {
>+		host = put_host_port(hostname, options.port);
> 	}
> 
> 	/*
>@@ -856,10 +860,12 @@ check_host_key(char *host, struct sockad
> 	}
> 
> 	xfree(ip);
>+	xfree(host);
> 	return 0;
> 
> fail:
> 	xfree(ip);
>+	xfree(host);
> 	return -1;
> }
> 
>Index: sshconnect2.c
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshconnect2.c,v
>retrieving revision 1.131
>diff -u -p -r1.131 sshconnect2.c
>--- sshconnect2.c	31 Aug 2005 09:46:27 -0000	1.131
>+++ sshconnect2.c	3 Oct 2005 02:25:14 -0000
>@@ -1303,6 +1303,8 @@ userauth_hostbased(Authctxt *authctxt)
> 	u_int blen, slen;
> 	int ok, i, len, found = 0;
> 
>+	debug("%s called", __func__);
>+
> 	/* check for a useful key */
> 	for (i = 0; i < sensitive->nkeys; i++) {
> 		private = sensitive->keys[i];
>Index: sshd.8
>===================================================================
>RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd.8,v
>retrieving revision 1.166
>diff -u -p -r1.166 sshd.8
>--- sshd.8	16 Jun 2005 03:19:07 -0000	1.166
>+++ sshd.8	3 Oct 2005 01:58:57 -0000
>@@ -552,6 +552,13 @@ A pattern may also be preceded by
> to indicate negation: if the host name matches a negated
> pattern, it is not accepted (by that line) even if it matched another
> pattern on the line.
>+A hostname or address may optionally be enclosed within
>+.Ql \&[
>+and
>+.Ql \&]
>+brackets then followed by
>+.Ql \&:
>+and and a non-standard port number.
> .Pp
> Alternately, hostnames may be stored in a hashed form which hides host names
> and addresses should the file's contents be disclosed.

Actions: View | Diff

Attachments on bug 910: 716 | 717 | 719 | 912 | 913 | 914 | 920 | 946 | 954 | 980 | 1051 | 1052 | 1073 | 1131 | 1132