summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2020-10-18 12:04:32 +0100
committerColin Watson <cjwatson@debian.org>2020-10-18 12:04:32 +0100
commit2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb (patch)
tree336445493163aa0370cb7830d97ebd8819b2e2c5 /monitor.c
parent202f5a676221c244cd450086c334c2b59f339e86 (diff)
parent279261e1ea8150c7c64ab5fe7cb4a4ea17acbb29 (diff)
Import openssh_8.4p1.orig.tar.gz
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/monitor.c b/monitor.c
index b6e855d5d..4cf79dfc9 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.210 2020/03/13 03:17:07 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.214 2020/08/27 01:07:09 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -679,7 +679,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
679 679
680 if ((key = get_hostkey_by_index(keyid)) != NULL) { 680 if ((key = get_hostkey_by_index(keyid)) != NULL) {
681 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, 681 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
682 options.sk_provider, compat)) != 0) 682 options.sk_provider, NULL, compat)) != 0)
683 fatal("%s: sshkey_sign failed: %s", 683 fatal("%s: sshkey_sign failed: %s",
684 __func__, ssh_err(r)); 684 __func__, ssh_err(r));
685 } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && 685 } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
@@ -1387,7 +1387,8 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1387 const u_char *signature, *data, *blob; 1387 const u_char *signature, *data, *blob;
1388 char *sigalg = NULL, *fp = NULL; 1388 char *sigalg = NULL, *fp = NULL;
1389 size_t signaturelen, datalen, bloblen; 1389 size_t signaturelen, datalen, bloblen;
1390 int r, ret, req_presence = 0, valid_data = 0, encoded_ret; 1390 int r, ret, req_presence = 0, req_verify = 0, valid_data = 0;
1391 int encoded_ret;
1391 struct sshkey_sig_details *sig_details = NULL; 1392 struct sshkey_sig_details *sig_details = NULL;
1392 1393
1393 if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 || 1394 if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 ||
@@ -1452,6 +1453,18 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1452 ssh_remote_port(ssh)); 1453 ssh_remote_port(ssh));
1453 ret = SSH_ERR_SIGNATURE_INVALID; 1454 ret = SSH_ERR_SIGNATURE_INVALID;
1454 } 1455 }
1456 req_verify = (options.pubkey_auth_options &
1457 PUBKEYAUTH_VERIFY_REQUIRED) || key_opts->require_verify;
1458 if (req_verify &&
1459 (sig_details->sk_flags & SSH_SK_USER_VERIFICATION_REQD) == 0) {
1460 error("public key %s %s signature for %s%s from %.128s "
1461 "port %d rejected: user verification requirement "
1462 "not met ", sshkey_type(key), fp,
1463 authctxt->valid ? "" : "invalid user ",
1464 authctxt->user, ssh_remote_ipaddr(ssh),
1465 ssh_remote_port(ssh));
1466 ret = SSH_ERR_SIGNATURE_INVALID;
1467 }
1455 } 1468 }
1456 auth2_record_key(authctxt, ret == 0, key); 1469 auth2_record_key(authctxt, ret == 0, key);
1457 1470
@@ -1568,7 +1581,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
1568 if (fd0 != 0) 1581 if (fd0 != 0)
1569 error("%s: fd0 %d != 0", __func__, fd0); 1582 error("%s: fd0 %d != 0", __func__, fd0);
1570 1583
1571 /* slave is not needed */ 1584 /* slave side of pty is not needed */
1572 close(s->ttyfd); 1585 close(s->ttyfd);
1573 s->ttyfd = s->ptyfd; 1586 s->ttyfd = s->ptyfd;
1574 /* no need to dup() because nobody closes ptyfd */ 1587 /* no need to dup() because nobody closes ptyfd */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 18:50:10 +0000