diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-19 20:40:45 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-19 20:40:45 +0000 |
| commit | 671388f2338ddb335b01f1c3cf545caa9f90649e (patch) | |
| tree | b43a722ec745e4be91af596d0f0603f3c1715e18 | |
| parent | 4aa603c150b6315f45d1f9d115203ad44a4d86f8 (diff) | |
- markus@cvs.openbsd.org 2001/04/18 23:43:26
[auth2.c compat.c sshconnect2.c]
more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
(however the 2.1.0 server seems to work only if debug is enabled...)
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth2.c | 20 | ||||
| -rw-r--r-- | compat.c | 5 | ||||
| -rw-r--r-- | sshconnect2.c | 16 |
4 files changed, 20 insertions, 27 deletions
| @@ -12,6 +12,10 @@ | |||
| 12 | - markus@cvs.openbsd.org 2001/04/18 22:48:26 | 12 | - markus@cvs.openbsd.org 2001/04/18 22:48:26 |
| 13 | [auth2.c] | 13 | [auth2.c] |
| 14 | no longer const | 14 | no longer const |
| 15 | - markus@cvs.openbsd.org 2001/04/18 23:43:26 | ||
| 16 | [auth2.c compat.c sshconnect2.c] | ||
| 17 | more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now | ||
| 18 | (however the 2.1.0 server seems to work only if debug is enabled...) | ||
| 15 | 19 | ||
| 16 | 20010418 | 20 | 20010418 |
| 17 | - OpenBSD CVS Sync | 21 | - OpenBSD CVS Sync |
| @@ -5174,4 +5178,4 @@ | |||
| 5174 | - Wrote replacements for strlcpy and mkdtemp | 5178 | - Wrote replacements for strlcpy and mkdtemp |
| 5175 | - Released 1.0pre1 | 5179 | - Released 1.0pre1 |
| 5176 | 5180 | ||
| 5177 | $Id: ChangeLog,v 1.1143 2001/04/19 20:38:06 mouring Exp $ | 5181 | $Id: ChangeLog,v 1.1144 2001/04/19 20:40:45 mouring Exp $ |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth2.c,v 1.54 2001/04/18 22:48:26 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.55 2001/04/18 23:43:25 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
| 29 | 29 | ||
| @@ -534,8 +534,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 534 | { | 534 | { |
| 535 | Buffer b; | 535 | Buffer b; |
| 536 | Key *key; | 536 | Key *key; |
| 537 | char *pkalg, *pkblob, *sig; | 537 | char *pkalg, *pkblob, *sig, *cuser, *chost, *service; |
| 538 | char *cuser, *chost; | ||
| 539 | u_int alen, blen, slen; | 538 | u_int alen, blen, slen; |
| 540 | int pktype; | 539 | int pktype; |
| 541 | int authenticated = 0; | 540 | int authenticated = 0; |
| @@ -571,21 +570,14 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 571 | debug("userauth_hostbased: cannot decode key: %s", pkalg); | 570 | debug("userauth_hostbased: cannot decode key: %s", pkalg); |
| 572 | goto done; | 571 | goto done; |
| 573 | } | 572 | } |
| 573 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | ||
| 574 | authctxt->service; | ||
| 574 | buffer_init(&b); | 575 | buffer_init(&b); |
| 575 | if (datafellows & SSH_OLD_SESSIONID) { | 576 | buffer_put_string(&b, session_id2, session_id2_len); |
| 576 | buffer_append(&b, session_id2, session_id2_len); | ||
| 577 | } else { | ||
| 578 | buffer_put_string(&b, session_id2, session_id2_len); | ||
| 579 | } | ||
| 580 | if (datafellows & SSH_BUG_HBSERVICE) | ||
| 581 | debug("SSH_BUG_HBSERVICE"); | ||
| 582 | /* reconstruct packet */ | 577 | /* reconstruct packet */ |
| 583 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 578 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
| 584 | buffer_put_cstring(&b, authctxt->user); | 579 | buffer_put_cstring(&b, authctxt->user); |
| 585 | buffer_put_cstring(&b, | 580 | buffer_put_cstring(&b, service); |
| 586 | datafellows & SSH_BUG_HBSERVICE ? | ||
| 587 | "ssh-userauth" : | ||
| 588 | authctxt->service); | ||
| 589 | buffer_put_cstring(&b, "hostbased"); | 581 | buffer_put_cstring(&b, "hostbased"); |
| 590 | buffer_put_string(&b, pkalg, alen); | 582 | buffer_put_string(&b, pkalg, alen); |
| 591 | buffer_put_string(&b, pkblob, blen); | 583 | buffer_put_string(&b, pkblob, blen); |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: compat.c,v 1.46 2001/04/12 19:15:24 markus Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.47 2001/04/18 23:43:25 markus Exp $"); |
| 27 | 27 | ||
| 28 | #ifdef HAVE_LIBPCRE | 28 | #ifdef HAVE_LIBPCRE |
| 29 | # include <pcreposix.h> | 29 | # include <pcreposix.h> |
| @@ -92,7 +92,8 @@ compat_datafellows(const char *version) | |||
| 92 | { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 92 | { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| 93 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 93 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| 94 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 94 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
| 95 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5 }, | 95 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| |
| 96 | SSH_BUG_HBSERVICE }, | ||
| 96 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 97 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| 97 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 98 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| 98 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 99 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
diff --git a/sshconnect2.c b/sshconnect2.c index ac3ad013b..14e3d401a 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.71 2001/04/18 22:03:45 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.72 2001/04/18 23:43:26 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
| 29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
| @@ -815,6 +815,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 815 | Buffer b; | 815 | Buffer b; |
| 816 | u_char *signature, *blob; | 816 | u_char *signature, *blob; |
| 817 | char *chost, *pkalg, *p; | 817 | char *chost, *pkalg, *p; |
| 818 | const char *service; | ||
| 818 | u_int blen, slen; | 819 | u_int blen, slen; |
| 819 | int ok, i, len, found = 0; | 820 | int ok, i, len, found = 0; |
| 820 | 821 | ||
| @@ -847,20 +848,15 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 847 | xfree(chost); | 848 | xfree(chost); |
| 848 | return 0; | 849 | return 0; |
| 849 | } | 850 | } |
| 851 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | ||
| 852 | authctxt->service; | ||
| 850 | pkalg = xstrdup(key_ssh_name(private)); | 853 | pkalg = xstrdup(key_ssh_name(private)); |
| 851 | buffer_init(&b); | 854 | buffer_init(&b); |
| 852 | if (datafellows & SSH_OLD_SESSIONID) { | ||
| 853 | buffer_append(&b, session_id2, session_id2_len); | ||
| 854 | } else { | ||
| 855 | buffer_put_string(&b, session_id2, session_id2_len); | ||
| 856 | } | ||
| 857 | /* construct data */ | 855 | /* construct data */ |
| 856 | buffer_put_string(&b, session_id2, session_id2_len); | ||
| 858 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 857 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
| 859 | buffer_put_cstring(&b, authctxt->server_user); | 858 | buffer_put_cstring(&b, authctxt->server_user); |
| 860 | buffer_put_cstring(&b, | 859 | buffer_put_cstring(&b, service); |
| 861 | datafellows & SSH_BUG_HBSERVICE ? | ||
| 862 | "ssh-userauth" : | ||
| 863 | authctxt->service); | ||
| 864 | buffer_put_cstring(&b, authctxt->method->name); | 860 | buffer_put_cstring(&b, authctxt->method->name); |
| 865 | buffer_put_cstring(&b, pkalg); | 861 | buffer_put_cstring(&b, pkalg); |
| 866 | buffer_put_string(&b, blob, blen); | 862 | buffer_put_string(&b, blob, blen); |