Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Aug 2005 16:11:51 +0400 (MSD)
From:      Michael Bushkov <bushman@rsu.ru>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/84515: Update port: secuirty/openssh-portable to support nsswitch
Message-ID:  <200508031211.j73CBpjf031132@stinger.cc.rsu.ru>
Resent-Message-ID: <200508031230.j73CUEGV005179@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         84515
>Category:       ports
>Synopsis:       Update port: secuirty/openssh-portable to support nsswitch
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 03 12:30:14 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Michael Bushkov
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
Rostov State University
>Environment:
System: FreeBSD stinger.cc.rsu.ru 5.2-CURRENT FreeBSD 5.2-CURRENT #1: Fri Jun 25 12:56:22 MSD 2004 bushman@stinger.cc.rsu.ru:/usr/obj/usr/src/sys/STINGER i386

>Description:
	The port was modified to support using the nsswitch source
	instead of usual files (such as ssh_known_hosts2). Previous
	files functionality was moved to the "files" nsswitch source.
	
	nsdispatch function presence test was added to the Makefile
	user can prevent the port from using nsswitch by undefining
	the USE_NSSWITCH variable
  	
>How-To-Repeat:
>Fix:
--- patch begins here ---
diff -urN openssh-portable.orig/Makefile openssh-portable/Makefile
--- openssh-portable.orig/Makefile	Wed Aug  3 15:46:03 2005
+++ openssh-portable/Makefile	Wed Aug  3 15:35:29 2005
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	openssh
-PORTVERSION=	4.1.0.1
+PORTVERSION=	4.1.0.2
 .if defined(OPENSSH_SNAPSHOT)
 PORTREVISION!=	date -v-1d +%Y%m%d
 .endif
@@ -51,6 +51,15 @@
 		ssh_host_dsa_key ssh_host_dsa_key.pub
 ETCOLD=		${PREFIX}/etc
 PORTABLE_SUFFIX=	-portable
+
+USE_NSSWITCH=	yes
+
+.if defined(USE_NSSWITCH)
+CFLAGS+=	-DUSE_NSSWITCH
+.endif
+
+USE_AUTOCONF_VER=	253
+AUTOCONF_ARGS+=	-o configure configure.ac
 
 .if exists(/usr/include/security/pam_modules.h)
 CONFIGURE_ARGS+=	--with-pam
diff -urN openssh-portable.orig/files/patch-auth-rh.rsa.c openssh-portable/files/patch-auth-rh.rsa.c
--- openssh-portable.orig/files/patch-auth-rh.rsa.c	Thu Jan  1 03:00:00 1970
+++ openssh-portable/files/patch-auth-rh.rsa.c	Wed Aug  3 15:35:29 2005
@@ -0,0 +1,21 @@
+--- auth-rh-rsa.orig	Mon Nov 17 13:13:41 2003
++++ auth-rh-rsa.c	Mon Jul 18 14:49:50 2005
+@@ -40,9 +40,17 @@
+ 	if (!auth_rhosts(pw, cuser))
+ 		return 0;
+ 
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++	host_status = check_key_in_nsswitch(pw, client_host_key, chost);
++	
++	if (host_status == HOST_NEW)
++		host_status = check_key_in_user_hostfile(pw, client_host_key, chost,
++	    	options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
++#else /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ 	host_status = check_key_in_hostfiles(pw, client_host_key,
+ 	    chost, _PATH_SSH_SYSTEM_HOSTFILE,
+-	    options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
++	    options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);	
++#endif /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ 
+ 	return (host_status == HOST_OK);
+ }
diff -urN openssh-portable.orig/files/patch-auth.c openssh-portable/files/patch-auth.c
--- openssh-portable.orig/files/patch-auth.c	Wed Aug  3 15:46:03 2005
+++ openssh-portable/files/patch-auth.c	Wed Aug  3 15:35:29 2005
@@ -1,6 +1,6 @@
---- auth.c.orig	Thu Aug 12 14:40:25 2004
-+++ auth.c	Mon Sep 20 05:04:48 2004
-@@ -208,6 +208,17 @@
+--- auth.orig.c	Mon Jul 18 14:12:19 2005
++++ auth.c	Mon Jul 18 14:12:32 2005
+@@ -214,6 +214,17 @@
  		return 0;
  #endif
  
@@ -18,7 +18,81 @@
  	/* We found no reason not to let this user try to log on... */
  	return 1;
  }
-@@ -472,7 +483,7 @@
+@@ -386,6 +397,65 @@
+ 	return expand_filename(options.authorized_keys_file2, pw);
+ }
+ 
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++/* return ok if key exists in sysfile or userfile */
++HostStatus
++check_key_in_user_hostfile(struct passwd *pw, Key *key, const char *host,
++    const char *userfile)
++{
++	Key *found;
++	char *user_hostfile;
++	struct stat st;
++	HostStatus host_status;
++
++	/* we allow to pass NULL in userfile - this makes code look similar to the
++	 * version without nsswitch support */
++	if (userfile == NULL)
++		return (HOST_NEW);
++	
++	/* Check if we know the host and its host key. */
++	found = key_new(key->type);
++
++	host_status = HOST_NEW;
++	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
++	if (options.strict_modes &&
++		(stat(user_hostfile, &st) == 0) &&
++		((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
++		(st.st_mode & 022) != 0)) {
++		logit("Authentication refused for %.100s: "
++			"bad owner or modes for %.200s",
++			pw->pw_name, user_hostfile);
++	} else {
++		temporarily_use_uid(pw);
++		host_status = check_host_in_hostfile(user_hostfile,
++			host, key, found, NULL);
++		restore_uid();
++	}
++	xfree(user_hostfile);
++	key_free(found);
++
++	debug2("check_key_in_hostfiles: key %s for %s", host_status == HOST_OK ?
++	    "ok" : "not found", host);
++	return host_status;
++}
++
++/* return ok if key exists in sysfile or userfile */
++HostStatus
++check_key_in_nsswitch(struct passwd *pw, Key *key, const char *host)
++{
++	Key *found;
++	HostStatus host_status;
++
++	/* Check if we know the host and its host key. */
++	found = key_new(key->type);
++	host_status = nsswitch_check_host(host, key, found);
++	key_free(found);
++
++	debug2("check_key_in_nsswitch: key %s for %s", host_status == HOST_OK ?
++	    "ok" : "not found", host);
++	return host_status;
++}
++#else /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ /* return ok if key exists in sysfile or userfile */
+ HostStatus
+ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+@@ -423,6 +493,7 @@
+ 	    "ok" : "not found", host);
+ 	return host_status;
+ }
++#endif /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ 
+ 
+ /*
+@@ -524,7 +595,7 @@
  	if (!allowed_user(pw))
  		return (NULL);
  #ifdef HAVE_LOGIN_CAP
diff -urN openssh-portable.orig/files/patch-auth.h openssh-portable/files/patch-auth.h
--- openssh-portable.orig/files/patch-auth.h	Thu Jan  1 03:00:00 1970
+++ openssh-portable/files/patch-auth.h	Wed Aug  3 15:35:29 2005
@@ -0,0 +1,21 @@
+--- auth.orig.h	Mon Jul 18 14:12:19 2005
++++ auth.h	Mon Jul 18 14:12:32 2005
+@@ -170,9 +170,18 @@
+ int
+ secure_filename(FILE *, const char *, struct passwd *, char *, size_t);
+ 
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++HostStatus
++check_key_in_user_hostfile(struct passwd *, Key *, const char *,
++    const char *);
++
++HostStatus
++check_key_in_nsswitch(struct passwd *, Key *, const char *);
++#else /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ HostStatus
+ check_key_in_hostfiles(struct passwd *, Key *, const char *,
+     const char *, const char *);
++#endif /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ 
+ /* hostkey handling */
+ Key	*get_hostkey_by_index(int);
diff -urN openssh-portable.orig/files/patch-auth2-hostbased.c openssh-portable/files/patch-auth2-hostbased.c
--- openssh-portable.orig/files/patch-auth2-hostbased.c	Thu Jan  1 03:00:00 1970
+++ openssh-portable/files/patch-auth2-hostbased.c	Wed Aug  3 15:35:29 2005
@@ -0,0 +1,31 @@
+--- auth2-hostbased.orig.c	Mon Jul 18 14:12:19 2005
++++ auth2-hostbased.c	Mon Jul 18 14:12:32 2005
+@@ -161,6 +161,20 @@
+ 	}
+ 	debug2("userauth_hostbased: access allowed by auth_rhosts2");
+ 
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++	host_status = check_key_in_nsswitch(pw, key, lookup);
++	
++	if (host_status == HOST_NEW) {
++		host_status = check_key_in_user_hostfile(pw, key, lookup,
++	    	options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
++
++		/* backward compat if no key has been found. */
++		if (host_status == HOST_NEW)
++			host_status = check_key_in_user_hostfile(pw, key, lookup,
++		    	options.ignore_user_known_hosts ? NULL :
++			    _PATH_SSH_USER_HOSTFILE2);
++	}
++#else /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ 	host_status = check_key_in_hostfiles(pw, key, lookup,
+ 	    _PATH_SSH_SYSTEM_HOSTFILE,
+ 	    options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
+@@ -171,6 +185,7 @@
+ 		    _PATH_SSH_SYSTEM_HOSTFILE2,
+ 		    options.ignore_user_known_hosts ? NULL :
+ 		    _PATH_SSH_USER_HOSTFILE2);
++#endif /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ 
+ 	return (host_status == HOST_OK);
+ }
diff -urN openssh-portable.orig/files/patch-config.h.in openssh-portable/files/patch-config.h.in
--- openssh-portable.orig/files/patch-config.h.in	Thu Jan  1 03:00:00 1970
+++ openssh-portable/files/patch-config.h.in	Wed Aug  3 15:35:29 2005
@@ -0,0 +1,26 @@
+--- config.h.in.orig	Mon Jul 18 14:12:19 2005
++++ config.h.in	Mon Jul 18 14:18:53 2005
+@@ -766,6 +766,9 @@
+ /* Define to 1 if you have the `ngetaddrinfo' function. */
+ #undef HAVE_NGETADDRINFO
+ 
++/* Have an nsdispatch function */
++#undef HAVE_NSDISPATCH
++
+ /* Define to 1 if you have the `nsleep' function. */
+ #undef HAVE_NSLEEP
+ 
+@@ -1163,11 +1166,9 @@
+ /* log for bad login attempts */
+ #undef _PATH_BTMP
+ 
+-/* Define to `__inline__' or `__inline' if that's what the C compiler
+-   calls it, or to nothing if 'inline' is not supported under any name.  */
+-#ifndef __cplusplus
++/* Define as `__inline' if that's what the C compiler calls it, or to nothing
++   if it is not supported. */
+ #undef inline
+-#endif
+ 
+ /* type to use in place of socklen_t if not defined */
+ #undef socklen_t
diff -urN openssh-portable.orig/files/patch-configure.ac openssh-portable/files/patch-configure.ac
--- openssh-portable.orig/files/patch-configure.ac	Thu Jan  1 03:00:00 1970
+++ openssh-portable/files/patch-configure.ac	Wed Aug  3 15:35:29 2005
@@ -0,0 +1,12 @@
+--- configure.ac.orig	Mon Jul 18 14:12:19 2005
++++ configure.ac	Mon Jul 18 14:12:32 2005
+@@ -279,6 +279,9 @@
+ 	fi
+ 	;;
+ *-*-freebsd*)
++# Check for the nsdispatch presence - in order to make
++# nsswitch use possible
++	AC_CHECK_FUNC(nsdispatch,[AC_DEFINE(HAVE_NSDISPATCH,1,[Have an nsdispatch function])])
+ 	check_for_libcrypt_later=1
+ 	;;
+ *-*-bsdi*)
diff -urN openssh-portable.orig/files/patch-hostfile.c openssh-portable/files/patch-hostfile.c
--- openssh-portable.orig/files/patch-hostfile.c	Thu Jan  1 03:00:00 1970
+++ openssh-portable/files/patch-hostfile.c	Wed Aug  3 15:35:29 2005
@@ -0,0 +1,175 @@
+--- hostfile.c.orig	Mon Mar 14 15:08:12 2005
++++ hostfile.c	Mon Jul 18 15:27:23 2005
+@@ -38,16 +38,172 @@
+ #include "includes.h"
+ RCSID("$OpenBSD: hostfile.c,v 1.34 2005/03/10 22:01:05 deraadt Exp $");
+ 
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++#include <sys/types.h>
++#include <nsswitch.h>
++#include <stdarg.h>
++#endif /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ #include <resolv.h>
+ #include <openssl/hmac.h>
+ #include <openssl/sha.h>
+ 
+ #include "packet.h"
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++#include "pathnames.h"
++#endif /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ #include "match.h"
+ #include "key.h"
+ #include "hostfile.h"
+ #include "log.h"
+ #include "xmalloc.h"
++
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++
++#ifndef NSDB_SSH_HOSTKEYS
++#define NSDB_SSH_HOSTKEYS "ssh_hostkeys"
++#endif /* NSDB_SSH_HOSTKEYS */
++
++struct nsswitch_files_configuration {
++	char *system_hostfile;
++	char *system_hostfile2;
++};
++
++static	struct nsswitch_files_configuration	nsswitch_files_conf = {
++	_PATH_SSH_SYSTEM_HOSTFILE,
++	_PATH_SSH_SYSTEM_HOSTFILE2
++	};
++	
++void	nsswitch_set_system_hostfiles(char *system_hostfile, 
++	char *system_hostfile2)
++{
++	nsswitch_files_conf.system_hostfile = system_hostfile;
++	nsswitch_files_conf.system_hostfile2 = system_hostfile2;
++}
++
++static	HostStatus	check_host_in_hostfile_by_key_or_type(const char *, 
++	const char *, const Key *, int, Key *, int *);
++
++enum constants {
++	CHECK_HOST,
++	LOOKUP_KEY_BY_TYPE
++};
++
++static const ns_src defaultsrc[] = {
++	{ NSSRC_FILES, NS_SUCCESS },
++	{ NULL, 0 }
++};
++
++static	int	files_check_host_by_key_or_type(void *, void *, va_list);
++
++/* files backend implementation */
++static	int
++files_check_host_by_key_or_type(void *result, void *mdata, va_list ap)
++{
++	const char	*host;
++	const Key	*key;
++	Key		*found;
++	int		keytype;
++	
++	int rv, numret;
++	char * filename;
++	enum constants how;
++	
++	how = (enum constants)mdata;
++	switch (how) {
++	case CHECK_HOST:
++		host = va_arg(ap, const char *);
++		key = va_arg(ap, const Key *);
++		found = va_arg(ap, Key *);
++		break;
++	case LOOKUP_KEY_BY_TYPE:
++		host = va_arg(ap, const char *);
++		keytype = va_arg(ap, int);
++		found = va_arg(ap, Key *);
++		break;
++	default:
++		return NS_NOTFOUND;
++	}
++	
++	switch (how) {
++	case CHECK_HOST:	
++		filename = nsswitch_files_conf.system_hostfile;
++		rv = check_host_in_hostfile_by_key_or_type(filename, host, key, 0,
++	    	found, &numret);	
++		if (rv == HOST_NEW) {
++			filename = nsswitch_files_conf.system_hostfile2;
++			rv = check_host_in_hostfile_by_key_or_type(filename, host, key, 0,
++	    	found, &numret);	
++		}
++						
++		debug3("files_check_host_by_key_or_type: CHECK_HOST - %d", rv);			
++		if (result != NULL)
++			*((int *)result) = rv;
++		return ((rv == HOST_NEW) ? NS_NOTFOUND : NS_SUCCESS);
++	
++	case LOOKUP_KEY_BY_TYPE:
++		filename = nsswitch_files_conf.system_hostfile;
++		rv = (check_host_in_hostfile_by_key_or_type(filename, host, NULL,
++	    	keytype, found, &numret) == HOST_FOUND);		
++		if (rv == 0) {
++			filename = nsswitch_files_conf.system_hostfile2;
++			rv = (check_host_in_hostfile_by_key_or_type(filename, host, NULL,
++		    	keytype, found, &numret) == HOST_FOUND);
++		}
++
++		debug3("files_check_host_by_key_or_type: LOOKUP_KEY_BY_TYPE - %d", rv);			
++		if (result != NULL)
++			*((int *)result) = rv;
++		return ((rv == 0) ? NS_NOTFOUND : NS_SUCCESS);
++	}
++	
++	return (NS_NOTFOUND);
++}
++
++/* nsswitch interface functions implementation */
++HostStatus 
++nsswitch_check_host(const char *host, const Key *key, Key *found)
++{
++	static const ns_dtab dtab[] = {
++		{ NSSRC_FILES, files_check_host_by_key_or_type, (void *)CHECK_HOST },
++		{ NULL, NULL, NULL }
++	};
++	
++	int	rv;
++	HostStatus result;
++
++	if (key == NULL)
++		fatal("no key to look up");
++
++	result = HOST_NEW;
++	rv = nsdispatch(&result, dtab, NSDB_SSH_HOSTKEYS, "check_host_by_key", defaultsrc,
++	    host, key, found);
++	
++	if (rv == NS_SUCCESS)
++		return (result);
++	else
++		return (HOST_NEW);	
++}
++
++int	
++nsswitch_lookup_key_by_type(const char *host, int keytype, Key *found)
++{
++	static const ns_dtab dtab[] = {
++		{ NSSRC_FILES, files_check_host_by_key_or_type, (void *)LOOKUP_KEY_BY_TYPE },
++		{ NULL, NULL, NULL }
++	};
++	
++	int	rv, result;
++
++	result = 0;
++	rv = nsdispatch(&result, dtab, NSDB_SSH_HOSTKEYS, "lookup_key_by_type", defaultsrc,
++	    host, keytype, found);
++	
++	if (rv == NS_SUCCESS)
++		return (result);
++	else
++		return (0);
++}
++#endif /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ 
+ static int
+ extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
diff -urN openssh-portable.orig/files/patch-hostfile.h openssh-portable/files/patch-hostfile.h
--- openssh-portable.orig/files/patch-hostfile.h	Thu Jan  1 03:00:00 1970
+++ openssh-portable/files/patch-hostfile.h	Wed Aug  3 15:35:29 2005
@@ -0,0 +1,20 @@
+--- hostfile.h.orig	Mon Jul 18 14:12:19 2005
++++ hostfile.h	Mon Jul 18 14:12:32 2005
+@@ -30,4 +30,17 @@
+ 
+ char	*host_hash(const char *, const char *, u_int);
+ 
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++/*
++ * Nsswitch declarations
++ * Here 2 functions are defined. Both are equivalents of the correspondent
++ * *_hostfile functions (defined above). But functions below don't have the
++ * 'file' argument, because they use nsswitch data source instead
++ */
++
++void nsswitch_set_system_hostfiles(char *, char *);
++HostStatus nsswitch_check_host(const char *, const Key *, Key *);
++int	nsswitch_lookup_key_by_type(const char *, int, Key *);
++#endif /* HAVE_NSDISPATCH && USE_NSSWITCH */
++
+ #endif
diff -urN openssh-portable.orig/files/patch-sshconnect.c openssh-portable/files/patch-sshconnect.c
--- openssh-portable.orig/files/patch-sshconnect.c	Thu Jan  1 03:00:00 1970
+++ openssh-portable/files/patch-sshconnect.c	Wed Aug  3 15:35:29 2005
@@ -0,0 +1,101 @@
+--- sshconnect.c.orig	Mon Jul 18 14:12:19 2005
++++ sshconnect.c	Mon Jul 18 14:12:32 2005
+@@ -637,9 +637,15 @@
+ 	host_status = check_host_in_hostfile(host_file, host, host_key,
+ 	    file_key, &host_line);
+ 	if (host_status == HOST_NEW) {
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++		host_file = "nsswitch";
++		host_line = 0;
++		host_status = nsswitch_check_host(host, host_key, file_key);
++#else /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ 		host_file = system_hostfile;
+ 		host_status = check_host_in_hostfile(host_file, host, host_key,
+ 		    file_key, &host_line);
++#endif
+ 	}
+ 	/*
+ 	 * Also perform check for the ip address, skip the check if we are
+@@ -652,9 +658,15 @@
+ 		ip_status = check_host_in_hostfile(ip_file, ip, host_key,
+ 		    ip_key, &ip_line);
+ 		if (ip_status == HOST_NEW) {
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++			ip_file = "nsswitch";
++			ip_line = 0;
++			ip_status = nsswitch_check_host(ip, host_key, ip_key);			
++#else /* HAVE_NSDISPATCH && USE_NSSWITCH */
+ 			ip_file = system_hostfile;
+ 			ip_status = check_host_in_hostfile(ip_file, ip,
+ 			    host_key, ip_key, &ip_line);
++#endif
+ 		}
+ 		if (host_status == HOST_CHANGED &&
+ 		    (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key)))
+@@ -1008,6 +1020,30 @@
+ 	return (ret);
+ }
+ 
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++static int
++show_key_from_nsswitch(const char *host, int keytype)
++{
++	Key *found;
++	char *fp;
++	int ret;
++
++	found = key_new(keytype);
++	if ((ret = nsswitch_lookup_key_by_type(host,
++	    keytype, found))) {
++		fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
++		logit("WARNING: %s key found for host %s\n"
++		    "via nsswitch\n"
++		    "%s key fingerprint %s.",
++		    key_type(found), host,
++		    key_type(found), fp);
++		xfree(fp);
++	}
++	key_free(found);
++	return (ret);	
++}
++#endif /* HAVE_NSDISPATCH && USE_NSSWITCH */
++
+ /* print all known host keys for a given host, but skip keys of given type */
+ static int
+ show_other_keys(const char *host, Key *key)
+@@ -1018,24 +1054,35 @@
+ 	for (i = 0; type[i] != -1; i++) {
+ 		if (type[i] == key->type)
+ 			continue;
++		
++#if defined (HAVE_NSDISPATCH) && defined (USE_NSSWITCH)
++		if (show_key_from_nsswitch(host, type[i])) {
++			found = 1;
++			continue;
++		}
++#endif /* HAVE_NSDISPATCH && USE_NSSWITCH */		
+ 		if (type[i] != KEY_RSA1 &&
+ 		    show_key_from_file(options.user_hostfile2, host, type[i])) {
+ 			found = 1;
+ 			continue;
+ 		}
++#if !( defined (HAVE_NSDISPATCH)) || !( defined (USE_NSSWITCH))
+ 		if (type[i] != KEY_RSA1 &&
+ 		    show_key_from_file(options.system_hostfile2, host, type[i])) {
+ 			found = 1;
+ 			continue;
+ 		}
++#endif /* !HAVE_NSDISPATCH || !USE_NSSWITCH */
+ 		if (show_key_from_file(options.user_hostfile, host, type[i])) {
+ 			found = 1;
+ 			continue;
+ 		}
++#if !( defined (HAVE_NSDISPATCH)) || !( defined (USE_NSSWITCH))
+ 		if (show_key_from_file(options.system_hostfile, host, type[i])) {
+ 			found = 1;
+ 			continue;
+ 		}
++#endif /* !HAVE_NSDISPATCH || !USE_NSSWITCH */
+ 		debug2("no key of type %d for host %s", type[i], host);
+ 	}
+ 	return (found);
--- patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508031211.j73CBpjf031132>