version 1.13, 2010/03/04 10:36:03 |
version 1.14, 2010/08/04 05:42:47 |
|
|
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, |
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, |
Key *key) |
Key *key) |
{ |
{ |
const char *resolvedname, *ipaddr, *lookup; |
const char *resolvedname, *ipaddr, *lookup, *reason; |
HostStatus host_status; |
HostStatus host_status; |
int len; |
int len; |
|
char *fp; |
|
|
if (auth_key_is_revoked(key)) |
if (auth_key_is_revoked(key)) |
return 0; |
return 0; |
|
|
} |
} |
debug2("userauth_hostbased: access allowed by auth_rhosts2"); |
debug2("userauth_hostbased: access allowed by auth_rhosts2"); |
|
|
|
if (key_is_cert(key) && |
|
key_cert_check_authority(key, 1, 0, lookup, &reason)) { |
|
error("%s", reason); |
|
auth_debug_add("%s", reason); |
|
return 0; |
|
} |
|
|
host_status = check_key_in_hostfiles(pw, key, lookup, |
host_status = check_key_in_hostfiles(pw, key, lookup, |
_PATH_SSH_SYSTEM_HOSTFILE, |
_PATH_SSH_SYSTEM_HOSTFILE, |
options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); |
options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); |
|
|
/* backward compat if no key has been found. */ |
/* backward compat if no key has been found. */ |
if (host_status == HOST_NEW) |
if (host_status == HOST_NEW) { |
host_status = check_key_in_hostfiles(pw, key, lookup, |
host_status = check_key_in_hostfiles(pw, key, lookup, |
_PATH_SSH_SYSTEM_HOSTFILE2, |
_PATH_SSH_SYSTEM_HOSTFILE2, |
options.ignore_user_known_hosts ? NULL : |
options.ignore_user_known_hosts ? NULL : |
_PATH_SSH_USER_HOSTFILE2); |
_PATH_SSH_USER_HOSTFILE2); |
|
} |
|
|
|
if (host_status == HOST_OK) { |
|
if (key_is_cert(key)) { |
|
fp = key_fingerprint(key->cert->signature_key, |
|
SSH_FP_MD5, SSH_FP_HEX); |
|
verbose("Accepted certificate ID \"%s\" signed by " |
|
"%s CA %s from %s@%s", key->cert->key_id, |
|
key_type(key->cert->signature_key), fp, |
|
cuser, lookup); |
|
} else { |
|
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
|
verbose("Accepted %s public key %s from %s@%s", |
|
key_type(key), fp, cuser, lookup); |
|
} |
|
xfree(fp); |
|
} |
|
|
return (host_status == HOST_OK); |
return (host_status == HOST_OK); |
} |
} |