[src/netbsd-1-6]: src/crypto/dist/ssh Pull up revision 1.4 (requested by itoj...

[lukem <lukem%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/7725fb4f6d8b
branches:  netbsd-1-6
changeset: 528336:7725fb4f6d8b
user:      lukem <lukem%NetBSD.org@localhost>
date:      Wed Jul 03 23:01:21 2002 +0000

description:
Pull up revision 1.4 (requested by itojun in ticket #428):
make ssh-keysign read /etc/ssh/ssh_config
and exit if HostbasedAuthentication is disabled globally. based on discussions
with deraadt, itojun and sommerfeld; ok itojun@
sync w/openbsd

diffstat:

 crypto/dist/ssh/ssh-keysign.c |  16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)

diffs (51 lines):

diff -r cc5d73aa99f8 -r 7725fb4f6d8b crypto/dist/ssh/ssh-keysign.c
--- a/crypto/dist/ssh/ssh-keysign.c     Wed Jul 03 23:01:12 2002 +0000
+++ b/crypto/dist/ssh/ssh-keysign.c     Wed Jul 03 23:01:21 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ssh-keysign.c,v 1.1.1.1.2.4 2002/07/03 11:49:17 lukem Exp $    */
+/*     $NetBSD: ssh-keysign.c,v 1.1.1.1.2.5 2002/07/03 23:01:21 lukem Exp $    */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -31,6 +31,7 @@
 
 #include "log.h"
 #include "key.h"
+#include "ssh.h"
 #include "ssh2.h"
 #include "misc.h"
 #include "xmalloc.h"
@@ -40,6 +41,9 @@
 #include "msg.h"
 #include "canohost.h"
 #include "pathnames.h"
+#include "readconf.h"
+
+uid_t original_real_uid;       /* XXX readconf.c needs this */
 
 static int
 valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
@@ -131,6 +135,7 @@
 main(int argc, char **argv)
 {
        Buffer b;
+       Options options;
        Key *keys[2], *key;
        struct passwd *pw;
        int key_fd[2], i, found, version = 2, fd;
@@ -149,6 +154,15 @@
        log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
 #endif
 
+       /* verify that ssh-keysign is enabled by the admin */
+       original_real_uid = getuid();   /* XXX readconf.c needs this */
+       initialize_options(&options);
+       (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
+       fill_default_options(&options);
+       if (options.hostbased_authentication != 1)
+               fatal("Hostbased authentication not enabled in %s",
+                   _PATH_HOST_CONFIG_FILE);
+
        if (key_fd[0] == -1 && key_fd[1] == -1)
                fatal("could not open any host key");