- djm@cvs.openbsd.org 2013/03/07 00:19:59

[auth2-pubkey.c monitor.c] reconstruct the original username that was sent by the client, which may have included a style (e.g. "root:skey") when checking public key signatures. Fixes public key and hostbased auth when the client specified a style; ok markus@
author: Damien Miller <djm@mindrot.org> 2013-04-23 15:17:52 +1000
committer: Damien Miller <djm@mindrot.org> 2013-04-23 15:17:52 +1000
commit: 4ce189d9108c62090a0dd5dea973d175328440db (patch)
tree: 94f59288486756c522514572f4d9962e865790b2 /monitor.c
parent: 5cbec4c25954b184e43bf3d3ac09e65eb474f5f9 (diff)
1 files changed, 19 insertions, 11 deletions
diff --git a/monitor.c b/monitor.c
index 6560740b6..34d7e1805 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.121 2013/03/07 00:19:59 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1237,7 +1237,7 @@ static int
 monitor_valid_userblob(u_char *data, u_int datalen)
 {
        Buffer b;
-        char *p;
+        char *p, *userstyle;
        u_int len;
        int fail = 0;
@@ -1262,19 +1262,23 @@ monitor_valid_userblob(u_char *data, u_int datalen)
        }
        if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
                fail++;
-        p = buffer_get_string(&b, NULL);
+        p = buffer_get_cstring(&b, NULL);
-        if (strcmp(authctxt->user, p) != 0) {
+        xasprintf(&userstyle, "%s%s%s", authctxt->user,
+            authctxt->style ? ":" : "",
+            authctxt->style ? authctxt->style : "");
+        if (strcmp(userstyle, p) != 0) {
                logit("wrong user name passed to monitor: expected %s != %.100s",
-                    authctxt->user, p);
+                    userstyle, p);
                fail++;
        }
+        xfree(userstyle);
        xfree(p);
        buffer_skip_string(&b);
        if (datafellows & SSH_BUG_PKAUTH) {
                if (!buffer_get_char(&b))
                        fail++;
        } else {
-                p = buffer_get_string(&b, NULL);
+                p = buffer_get_cstring(&b, NULL);
                if (strcmp("publickey", p) != 0)
                        fail++;
                xfree(p);
@@ -1294,7 +1298,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
    char *chost)
 {
        Buffer b;
-        char *p;
+        char *p, *userstyle;
        u_int len;
        int fail = 0;
@@ -1310,15 +1314,19 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
        if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
                fail++;
-        p = buffer_get_string(&b, NULL);
+        p = buffer_get_cstring(&b, NULL);
-        if (strcmp(authctxt->user, p) != 0) {
+        xasprintf(&userstyle, "%s%s%s", authctxt->user,
+            authctxt->style ? ":" : "",
+            authctxt->style ? authctxt->style : "");
+        if (strcmp(userstyle, p) != 0) {
                logit("wrong user name passed to monitor: expected %s != %.100s",
-                    authctxt->user, p);
+                    userstyle, p);
                fail++;
        }
+        free(userstyle);
        xfree(p);
        buffer_skip_string(&b); /* service */
-        p = buffer_get_string(&b, NULL);
+        p = buffer_get_cstring(&b, NULL);
        if (strcmp(p, "hostbased") != 0)
                fail++;
        xfree(p);
author	Damien Miller <djm@mindrot.org>	2013-04-23 15:17:52 +1000
committer	Damien Miller <djm@mindrot.org>	2013-04-23 15:17:52 +1000
commit	4ce189d9108c62090a0dd5dea973d175328440db (patch)
tree	94f59288486756c522514572f4d9962e865790b2 /monitor.c
parent	5cbec4c25954b184e43bf3d3ac09e65eb474f5f9 (diff)