diff options
| author | Damien Miller <djm@mindrot.org> | 2013-04-23 15:17:52 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-04-23 15:17:52 +1000 |
| commit | 4ce189d9108c62090a0dd5dea973d175328440db (patch) | |
| tree | 94f59288486756c522514572f4d9962e865790b2 | |
| parent | 5cbec4c25954b184e43bf3d3ac09e65eb474f5f9 (diff) | |
- djm@cvs.openbsd.org 2013/03/07 00:19:59
[auth2-pubkey.c monitor.c]
reconstruct the original username that was sent by the client, which may
have included a style (e.g. "root:skey") when checking public key
signatures. Fixes public key and hostbased auth when the client specified
a style; ok markus@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth2-pubkey.c | 10 | ||||
| -rw-r--r-- | monitor.c | 30 |
3 files changed, 32 insertions, 14 deletions
| @@ -13,6 +13,12 @@ | |||
| 13 | - djm@cvs.openbsd.org 2013/03/06 23:36:53 | 13 | - djm@cvs.openbsd.org 2013/03/06 23:36:53 |
| 14 | [readconf.c] | 14 | [readconf.c] |
| 15 | g/c unused variable (-Wunused) | 15 | g/c unused variable (-Wunused) |
| 16 | - djm@cvs.openbsd.org 2013/03/07 00:19:59 | ||
| 17 | [auth2-pubkey.c monitor.c] | ||
| 18 | reconstruct the original username that was sent by the client, which may | ||
| 19 | have included a style (e.g. "root:skey") when checking public key | ||
| 20 | signatures. Fixes public key and hostbased auth when the client specified | ||
| 21 | a style; ok markus@ | ||
| 16 | 22 | ||
| 17 | 20130418 | 23 | 20130418 |
| 18 | - (djm) [config.guess config.sub] Update to last versions before they switch | 24 | - (djm) [config.guess config.sub] Update to last versions before they switch |
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 3ff6faa8b..c28bef7a2 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-pubkey.c,v 1.34 2013/02/14 21:35:59 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.35 2013/03/07 00:19:59 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -75,7 +75,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 75 | { | 75 | { |
| 76 | Buffer b; | 76 | Buffer b; |
| 77 | Key *key = NULL; | 77 | Key *key = NULL; |
| 78 | char *pkalg; | 78 | char *pkalg, *userstyle; |
| 79 | u_char *pkblob, *sig; | 79 | u_char *pkblob, *sig; |
| 80 | u_int alen, blen, slen; | 80 | u_int alen, blen, slen; |
| 81 | int have_sig, pktype; | 81 | int have_sig, pktype; |
| @@ -127,7 +127,11 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 127 | } | 127 | } |
| 128 | /* reconstruct packet */ | 128 | /* reconstruct packet */ |
| 129 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 129 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
| 130 | buffer_put_cstring(&b, authctxt->user); | 130 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
| 131 | authctxt->style ? ":" : "", | ||
| 132 | authctxt->style ? authctxt->style : ""); | ||
| 133 | buffer_put_cstring(&b, userstyle); | ||
| 134 | free(userstyle); | ||
| 131 | buffer_put_cstring(&b, | 135 | buffer_put_cstring(&b, |
| 132 | datafellows & SSH_BUG_PKSERVICE ? | 136 | datafellows & SSH_BUG_PKSERVICE ? |
| 133 | "ssh-userauth" : | 137 | "ssh-userauth" : |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.121 2013/03/07 00:19:59 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -1237,7 +1237,7 @@ static int | |||
| 1237 | monitor_valid_userblob(u_char *data, u_int datalen) | 1237 | monitor_valid_userblob(u_char *data, u_int datalen) |
| 1238 | { | 1238 | { |
| 1239 | Buffer b; | 1239 | Buffer b; |
| 1240 | char *p; | 1240 | char *p, *userstyle; |
| 1241 | u_int len; | 1241 | u_int len; |
| 1242 | int fail = 0; | 1242 | int fail = 0; |
| 1243 | 1243 | ||
| @@ -1262,19 +1262,23 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
| 1262 | } | 1262 | } |
| 1263 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1263 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
| 1264 | fail++; | 1264 | fail++; |
| 1265 | p = buffer_get_string(&b, NULL); | 1265 | p = buffer_get_cstring(&b, NULL); |
| 1266 | if (strcmp(authctxt->user, p) != 0) { | 1266 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
| 1267 | authctxt->style ? ":" : "", | ||
| 1268 | authctxt->style ? authctxt->style : ""); | ||
| 1269 | if (strcmp(userstyle, p) != 0) { | ||
| 1267 | logit("wrong user name passed to monitor: expected %s != %.100s", | 1270 | logit("wrong user name passed to monitor: expected %s != %.100s", |
| 1268 | authctxt->user, p); | 1271 | userstyle, p); |
| 1269 | fail++; | 1272 | fail++; |
| 1270 | } | 1273 | } |
| 1274 | xfree(userstyle); | ||
| 1271 | xfree(p); | 1275 | xfree(p); |
| 1272 | buffer_skip_string(&b); | 1276 | buffer_skip_string(&b); |
| 1273 | if (datafellows & SSH_BUG_PKAUTH) { | 1277 | if (datafellows & SSH_BUG_PKAUTH) { |
| 1274 | if (!buffer_get_char(&b)) | 1278 | if (!buffer_get_char(&b)) |
| 1275 | fail++; | 1279 | fail++; |
| 1276 | } else { | 1280 | } else { |
| 1277 | p = buffer_get_string(&b, NULL); | 1281 | p = buffer_get_cstring(&b, NULL); |
| 1278 | if (strcmp("publickey", p) != 0) | 1282 | if (strcmp("publickey", p) != 0) |
| 1279 | fail++; | 1283 | fail++; |
| 1280 | xfree(p); | 1284 | xfree(p); |
| @@ -1294,7 +1298,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
| 1294 | char *chost) | 1298 | char *chost) |
| 1295 | { | 1299 | { |
| 1296 | Buffer b; | 1300 | Buffer b; |
| 1297 | char *p; | 1301 | char *p, *userstyle; |
| 1298 | u_int len; | 1302 | u_int len; |
| 1299 | int fail = 0; | 1303 | int fail = 0; |
| 1300 | 1304 | ||
| @@ -1310,15 +1314,19 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
| 1310 | 1314 | ||
| 1311 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1315 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
| 1312 | fail++; | 1316 | fail++; |
| 1313 | p = buffer_get_string(&b, NULL); | 1317 | p = buffer_get_cstring(&b, NULL); |
| 1314 | if (strcmp(authctxt->user, p) != 0) { | 1318 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
| 1319 | authctxt->style ? ":" : "", | ||
| 1320 | authctxt->style ? authctxt->style : ""); | ||
| 1321 | if (strcmp(userstyle, p) != 0) { | ||
| 1315 | logit("wrong user name passed to monitor: expected %s != %.100s", | 1322 | logit("wrong user name passed to monitor: expected %s != %.100s", |
| 1316 | authctxt->user, p); | 1323 | userstyle, p); |
| 1317 | fail++; | 1324 | fail++; |
| 1318 | } | 1325 | } |
| 1326 | free(userstyle); | ||
| 1319 | xfree(p); | 1327 | xfree(p); |
| 1320 | buffer_skip_string(&b); /* service */ | 1328 | buffer_skip_string(&b); /* service */ |
| 1321 | p = buffer_get_string(&b, NULL); | 1329 | p = buffer_get_cstring(&b, NULL); |
| 1322 | if (strcmp(p, "hostbased") != 0) | 1330 | if (strcmp(p, "hostbased") != 0) |
| 1323 | fail++; | 1331 | fail++; |
| 1324 | xfree(p); | 1332 | xfree(p); |