strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes

report and patch from res AT qoxp.net (bz#1200); ok markus@

diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c
index a467a74..2c0c375 100644 (file)
--- a/usr.bin/ssh/auth2-hostbased.c
+++ b/usr.bin/ssh/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.11 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.12 2008/07/17 08:51:07 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -150,15 +150,16 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
        debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
            chost, resolvedname, ipaddr);
 
+       if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
+               debug2("stripping trailing dot from chost %s", chost);
+               chost[len - 1] = '\0';
+       }
+
        if (options.hostbased_uses_name_from_packet_only) {
                if (auth_rhosts2(pw, cuser, chost, chost) == 0)
                        return 0;
                lookup = chost;
        } else {
-               if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
-                       debug2("stripping trailing dot from chost %s", chost);
-                       chost[len - 1] = '\0';
-               }
                if (strcasecmp(resolvedname, chost) != 0)
                        logit("userauth_hostbased mismatch: "
                            "client sends %s, but we resolve %s to %s",