diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-08-23 23:52:36 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-08-23 23:52:36 +0100 |
| commit | 78799892cb1858927be02be9737c594052e3f910 (patch) | |
| tree | ac3dc2e848ab9dc62fe4252e01e52c3d456f628f /auth-rsa.c | |
| parent | 3875951bb76a9ec62634ae4026c9cc885d933477 (diff) | |
| parent | 31e30b835fd9695d3b6647cab4867001b092e28f (diff) | |
* New upstream release (http://www.openssh.com/txt/release-5.6):
- Added a ControlPersist option to ssh_config(5) that automatically
starts a background ssh(1) multiplex master when connecting. This
connection can stay alive indefinitely, or can be set to automatically
close after a user-specified duration of inactivity (closes: #335697,
#350898, #454787, #500573, #550262).
- Support AuthorizedKeysFile, AuthorizedPrincipalsFile,
HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5)
Match blocks (closes: #549858).
- sftp(1): fix ls in working directories that contain globbing
characters in their pathnames (LP: #530714).
Diffstat (limited to 'auth-rsa.c')
| -rw-r--r-- | auth-rsa.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index 250e9cf78..7afcaee31 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-rsa.c,v 1.74 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.78 2010/07/13 23:13:16 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -34,11 +34,11 @@ | |||
| 34 | #include "uidswap.h" | 34 | #include "uidswap.h" |
| 35 | #include "match.h" | 35 | #include "match.h" |
| 36 | #include "buffer.h" | 36 | #include "buffer.h" |
| 37 | #include "auth-options.h" | ||
| 38 | #include "pathnames.h" | 37 | #include "pathnames.h" |
| 39 | #include "log.h" | 38 | #include "log.h" |
| 40 | #include "servconf.h" | 39 | #include "servconf.h" |
| 41 | #include "key.h" | 40 | #include "key.h" |
| 41 | #include "auth-options.h" | ||
| 42 | #include "hostfile.h" | 42 | #include "hostfile.h" |
| 43 | #include "auth.h" | 43 | #include "auth.h" |
| 44 | #ifdef GSSAPI | 44 | #ifdef GSSAPI |
| @@ -116,7 +116,7 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) | |||
| 116 | MD5_Final(mdbuf, &md); | 116 | MD5_Final(mdbuf, &md); |
| 117 | 117 | ||
| 118 | /* Verify that the response is the original challenge. */ | 118 | /* Verify that the response is the original challenge. */ |
| 119 | if (memcmp(response, mdbuf, 16) != 0) { | 119 | if (timingsafe_bcmp(response, mdbuf, 16) != 0) { |
| 120 | /* Wrong answer. */ | 120 | /* Wrong answer. */ |
| 121 | return (0); | 121 | return (0); |
| 122 | } | 122 | } |
| @@ -256,7 +256,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
| 256 | */ | 256 | */ |
| 257 | if (!auth_parse_options(pw, key_options, file, linenum)) | 257 | if (!auth_parse_options(pw, key_options, file, linenum)) |
| 258 | continue; | 258 | continue; |
| 259 | 259 | if (key_is_cert_authority) | |
| 260 | continue; | ||
| 260 | /* break out, this key is allowed */ | 261 | /* break out, this key is allowed */ |
| 261 | allowed = 1; | 262 | allowed = 1; |
| 262 | break; | 263 | break; |