RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-02-25 18:30:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2002/02/04 11:58:10

Browse Source 
[auth2.c]
     cross checking of announced vs actual pktype in pubkey/hostbaed auth; ok stevesk@
This commit is contained in:
Damien Miller 2002-02-05 12:26:03 +11:00
parent 4d4d53f399
commit 9b74bfc5be
2 changed files with 86 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -81,6 +81,10 @@
- stevesk@cvs.openbsd.org 2002/02/04 00:53:39 - stevesk@cvs.openbsd.org 2002/02/04 00:53:39
[ssh-agent.c] [ssh-agent.c]
unneeded includes unneeded includes
- markus@cvs.openbsd.org 2002/02/04 11:58:10
[auth2.c]
cross checking of announced vs actual pktype in pubkey/hostbaed auth;
ok stevesk@
20020130 20020130
- (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
@ -7483,4 +7487,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1821 2002/02/05 01:25:28 djm Exp $ $Id: ChangeLog,v 1.1822 2002/02/05 01:26:03 djm Exp $

149
auth2.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth2.c,v 1.83 2002/01/29 14:32:03 markus Exp $"); RCSID("$OpenBSD: auth2.c,v 1.84 2002/02/04 11:58:10 markus Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
@ -397,7 +397,7 @@ static int
userauth_pubkey(Authctxt *authctxt) userauth_pubkey(Authctxt *authctxt)
{ {
Buffer b; Buffer b;
Key *key; Key *key = NULL;
char *pkalg, *pkblob, *sig; char *pkalg, *pkblob, *sig;
u_int alen, blen, slen; u_int alen, blen, slen;
int have_sig, pktype; int have_sig, pktype;
@ -424,72 +424,80 @@ userauth_pubkey(Authctxt *authctxt)
pktype = key_type_from_name(pkalg); pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) { if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */ /* this is perfectly legal */
log("userauth_pubkey: unsupported public key algorithm: %s", pkalg); log("userauth_pubkey: unsupported public key algorithm: %s",
xfree(pkalg); pkalg);
xfree(pkblob); goto done;
return 0;
} }
key = key_from_blob(pkblob, blen); key = key_from_blob(pkblob, blen);
if (key != NULL) { if (key == NULL) {
if (have_sig) { error("userauth_pubkey: cannot decode key: %s", pkalg);
sig = packet_get_string(&slen); goto done;
packet_check_eom();
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
} else {
buffer_put_string(&b, session_id2, session_id2_len);
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->user);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
if (datafellows & SSH_BUG_PKAUTH) {
buffer_put_char(&b, have_sig);
} else {
buffer_put_cstring(&b, "publickey");
buffer_put_char(&b, have_sig);
buffer_put_cstring(&b, pkalg);
}
buffer_put_string(&b, pkblob, blen);
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
/* test for correct signature */
if (user_key_allowed(authctxt->pw, key) &&
key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
authenticated = 1;
buffer_clear(&b);
xfree(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
/*
* XXX this allows testing whether a user is allowed
* to login: if you happen to have a valid pubkey this
* message is sent. the message is NEVER sent at all
* if a user is not allowed to login. is this an
* issue? -markus
*/
if (user_key_allowed(authctxt->pw, key)) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
packet_send();
packet_write_wait();
authctxt->postponed = 1;
}
}
if (authenticated != 1)
auth_clear_options();
key_free(key);
} }
if (key->type != pktype) {
error("userauth_pubkey: type mismatch for decoded key "
"(received %d, expected %d)", key->type, pktype);
goto done;
}
if (have_sig) {
sig = packet_get_string(&slen);
packet_check_eom();
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
} else {
buffer_put_string(&b, session_id2, session_id2_len);
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->user);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
if (datafellows & SSH_BUG_PKAUTH) {
buffer_put_char(&b, have_sig);
} else {
buffer_put_cstring(&b, "publickey");
buffer_put_char(&b, have_sig);
buffer_put_cstring(&b, pkalg);
}
buffer_put_string(&b, pkblob, blen);
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
/* test for correct signature */
if (user_key_allowed(authctxt->pw, key) &&
key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
authenticated = 1;
buffer_clear(&b);
xfree(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
/*
* XXX this allows testing whether a user is allowed
* to login: if you happen to have a valid pubkey this
* message is sent. the message is NEVER sent at all
* if a user is not allowed to login. is this an
* issue? -markus
*/
if (user_key_allowed(authctxt->pw, key)) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
packet_send();
packet_write_wait();
authctxt->postponed = 1;
}
}
if (authenticated != 1)
auth_clear_options();
done:
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
if (key != NULL)
key_free(key);
xfree(pkalg); xfree(pkalg);
xfree(pkblob); xfree(pkblob);
#ifdef HAVE_CYGWIN #ifdef HAVE_CYGWIN
@ -503,7 +511,7 @@ static int
userauth_hostbased(Authctxt *authctxt) userauth_hostbased(Authctxt *authctxt)
{ {
Buffer b; Buffer b;
Key *key; Key *key = NULL;
char *pkalg, *pkblob, *sig, *cuser, *chost, *service; char *pkalg, *pkblob, *sig, *cuser, *chost, *service;
u_int alen, blen, slen; u_int alen, blen, slen;
int pktype; int pktype;
@ -537,7 +545,12 @@ userauth_hostbased(Authctxt *authctxt)
} }
key = key_from_blob(pkblob, blen); key = key_from_blob(pkblob, blen);
if (key == NULL) { if (key == NULL) {
debug("userauth_hostbased: cannot decode key: %s", pkalg); error("userauth_hostbased: cannot decode key: %s", pkalg);
goto done;
}
if (key->type != pktype) {
error("userauth_hostbased: type mismatch for decoded key "
"(received %d, expected %d)", key->type, pktype);
goto done; goto done;
} }
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
@ -562,10 +575,10 @@ userauth_hostbased(Authctxt *authctxt)
authenticated = 1; authenticated = 1;
buffer_clear(&b); buffer_clear(&b);
key_free(key);
done: done:
debug2("userauth_hostbased: authenticated %d", authenticated); debug2("userauth_hostbased: authenticated %d", authenticated);
if (key != NULL)
key_free(key);
xfree(pkalg); xfree(pkalg);
xfree(pkblob); xfree(pkblob);
xfree(cuser); xfree(cuser);