summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh.c
diff options
context:
space:
mode:
authormarkus <markus@openbsd.org>2002-05-23 19:24:30 +0000
committermarkus <markus@openbsd.org>2002-05-23 19:24:30 +0000
commit44c8244ece9217d496fc443fa69111407c31d7d7 (patch)
tree0dd69a2ed4e0b02a6fa5d97badc5c2340a71e341 /usr.bin/ssh/ssh.c
parentsync (diff)
downloadwireguard-openbsd-44c8244ece9217d496fc443fa69111407c31d7d7.tar.xz
wireguard-openbsd-44c8244ece9217d496fc443fa69111407c31d7d7.zip
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication
in protocol v2 (needs to access the hostkeys).
Diffstat (limited to 'usr.bin/ssh/ssh.c')
-rw-r--r--usr.bin/ssh/ssh.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 7022d04b616..a9dbea47030 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.172 2002/05/22 23:18:25 deraadt Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.173 2002/05/23 19:24:30 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -124,10 +124,7 @@ char *host;
struct sockaddr_storage hostaddr;
/* Private host keys. */
-struct {
- Key **keys;
- int nkeys;
-} sensitive_data;
+Sensitive sensitive_data;
/* Original real UID. */
uid_t original_real_uid;
@@ -669,6 +666,7 @@ again:
*/
sensitive_data.nkeys = 0;
sensitive_data.keys = NULL;
+ sensitive_data.external_keysign = 0;
if (!cerr && (options.rhosts_rsa_authentication ||
options.hostbased_authentication)) {
sensitive_data.nkeys = 3;
@@ -679,6 +677,16 @@ again:
_PATH_HOST_DSA_KEY_FILE, "", NULL);
sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
_PATH_HOST_RSA_KEY_FILE, "", NULL);
+
+ if (sensitive_data.keys[0] == NULL &&
+ sensitive_data.keys[1] == NULL &&
+ sensitive_data.keys[2] == NULL) {
+ sensitive_data.keys[1] = key_load_public(
+ _PATH_HOST_DSA_KEY_FILE, NULL);
+ sensitive_data.keys[2] = key_load_public(
+ _PATH_HOST_RSA_KEY_FILE, NULL);
+ sensitive_data.external_keysign = 1;
+ }
}
/*
* Get rid of any extra privileges that we may have. We will no
@@ -738,8 +746,7 @@ again:
signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
/* Log into the remote system. This never returns if the login fails. */
- ssh_login(sensitive_data.keys, sensitive_data.nkeys,
- host, (struct sockaddr *)&hostaddr, pw);
+ ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, pw);
/* We no longer need the private host keys. Clear them now. */
if (sensitive_data.nkeys != 0) {
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.