version 1.19, 2014/12/21 22:27:56 |
version 1.20, 2014/12/23 22:42:48 |
|
|
resolvedname = get_canonical_hostname(options.use_dns); |
resolvedname = get_canonical_hostname(options.use_dns); |
ipaddr = get_remote_ipaddr(); |
ipaddr = get_remote_ipaddr(); |
|
|
debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", |
debug2("%s: chost %s resolvedname %s ipaddr %s", __func__, |
chost, resolvedname, ipaddr); |
chost, resolvedname, ipaddr); |
|
|
if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { |
if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { |
|
|
} |
} |
|
|
if (options.hostbased_uses_name_from_packet_only) { |
if (options.hostbased_uses_name_from_packet_only) { |
if (auth_rhosts2(pw, cuser, chost, chost) == 0) |
if (auth_rhosts2(pw, cuser, chost, chost) == 0) { |
|
debug2("%s: auth_rhosts2 refused " |
|
"user \"%.100s\" host \"%.100s\" (from packet)", |
|
__func__, cuser, chost); |
return 0; |
return 0; |
|
} |
lookup = chost; |
lookup = chost; |
} else { |
} else { |
if (strcasecmp(resolvedname, chost) != 0) |
if (strcasecmp(resolvedname, chost) != 0) |
logit("userauth_hostbased mismatch: " |
logit("userauth_hostbased mismatch: " |
"client sends %s, but we resolve %s to %s", |
"client sends %s, but we resolve %s to %s", |
chost, ipaddr, resolvedname); |
chost, ipaddr, resolvedname); |
if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) |
if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) { |
|
debug2("%s: auth_rhosts2 refused " |
|
"user \"%.100s\" host \"%.100s\" addr \"%.100s\"", |
|
__func__, cuser, resolvedname, ipaddr); |
return 0; |
return 0; |
|
} |
lookup = resolvedname; |
lookup = resolvedname; |
} |
} |
debug2("userauth_hostbased: access allowed by auth_rhosts2"); |
debug2("%s: access allowed by auth_rhosts2", __func__); |
|
|
if (key_is_cert(key) && |
if (key_is_cert(key) && |
key_cert_check_authority(key, 1, 0, lookup, &reason)) { |
key_cert_check_authority(key, 1, 0, lookup, &reason)) { |