diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-01-23 05:27:21 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-01-23 16:40:29 +1100 |
| commit | 14b5c635d1190633b23ac3372379517fb645b0c2 (patch) | |
| tree | 8ef70b4660b04ba6add4c314d52f84375cb16788 /sshconnect2.c | |
| parent | 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb (diff) | |
upstream commit
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 55 |
1 files changed, 10 insertions, 45 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index be9397e48..870c3d270 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.267 2018/01/23 05:27:21 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -578,7 +578,6 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) | |||
| 578 | Authctxt *authctxt = ssh->authctxt; | 578 | Authctxt *authctxt = ssh->authctxt; |
| 579 | struct sshkey *key = NULL; | 579 | struct sshkey *key = NULL; |
| 580 | Identity *id = NULL; | 580 | Identity *id = NULL; |
| 581 | Buffer b; | ||
| 582 | int pktype, sent = 0; | 581 | int pktype, sent = 0; |
| 583 | u_int alen, blen; | 582 | u_int alen, blen; |
| 584 | char *pkalg, *fp; | 583 | char *pkalg, *fp; |
| @@ -586,18 +585,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) | |||
| 586 | 585 | ||
| 587 | if (authctxt == NULL) | 586 | if (authctxt == NULL) |
| 588 | fatal("input_userauth_pk_ok: no authentication context"); | 587 | fatal("input_userauth_pk_ok: no authentication context"); |
| 589 | if (datafellows & SSH_BUG_PKOK) { | 588 | |
| 590 | /* this is similar to SSH_BUG_PKAUTH */ | 589 | pkalg = packet_get_string(&alen); |
| 591 | debug2("input_userauth_pk_ok: SSH_BUG_PKOK"); | 590 | pkblob = packet_get_string(&blen); |
| 592 | pkblob = packet_get_string(&blen); | ||
| 593 | buffer_init(&b); | ||
| 594 | buffer_append(&b, pkblob, blen); | ||
| 595 | pkalg = buffer_get_string(&b, &alen); | ||
| 596 | buffer_free(&b); | ||
| 597 | } else { | ||
| 598 | pkalg = packet_get_string(&alen); | ||
| 599 | pkblob = packet_get_string(&blen); | ||
| 600 | } | ||
| 601 | packet_check_eom(); | 591 | packet_check_eom(); |
| 602 | 592 | ||
| 603 | debug("Server accepts key: pkalg %s blen %u", pkalg, blen); | 593 | debug("Server accepts key: pkalg %s blen %u", pkalg, blen); |
| @@ -1100,17 +1090,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
| 1100 | } | 1090 | } |
| 1101 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 1091 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
| 1102 | buffer_put_cstring(&b, authctxt->server_user); | 1092 | buffer_put_cstring(&b, authctxt->server_user); |
| 1103 | buffer_put_cstring(&b, | 1093 | buffer_put_cstring(&b, authctxt->service); |
| 1104 | datafellows & SSH_BUG_PKSERVICE ? | 1094 | buffer_put_cstring(&b, authctxt->method->name); |
| 1105 | "ssh-userauth" : | 1095 | buffer_put_char(&b, have_sig); |
| 1106 | authctxt->service); | 1096 | buffer_put_cstring(&b, key_sign_encode(id->key)); |
| 1107 | if (datafellows & SSH_BUG_PKAUTH) { | ||
| 1108 | buffer_put_char(&b, have_sig); | ||
| 1109 | } else { | ||
| 1110 | buffer_put_cstring(&b, authctxt->method->name); | ||
| 1111 | buffer_put_char(&b, have_sig); | ||
| 1112 | buffer_put_cstring(&b, key_sign_encode(id->key)); | ||
| 1113 | } | ||
| 1114 | buffer_put_string(&b, blob, bloblen); | 1097 | buffer_put_string(&b, blob, bloblen); |
| 1115 | 1098 | ||
| 1116 | /* | 1099 | /* |
| @@ -1170,19 +1153,6 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
| 1170 | #ifdef DEBUG_PK | 1153 | #ifdef DEBUG_PK |
| 1171 | buffer_dump(&b); | 1154 | buffer_dump(&b); |
| 1172 | #endif | 1155 | #endif |
| 1173 | if (datafellows & SSH_BUG_PKSERVICE) { | ||
| 1174 | buffer_clear(&b); | ||
| 1175 | buffer_append(&b, session_id2, session_id2_len); | ||
| 1176 | skip = session_id2_len; | ||
| 1177 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | ||
| 1178 | buffer_put_cstring(&b, authctxt->server_user); | ||
| 1179 | buffer_put_cstring(&b, authctxt->service); | ||
| 1180 | buffer_put_cstring(&b, authctxt->method->name); | ||
| 1181 | buffer_put_char(&b, have_sig); | ||
| 1182 | if (!(datafellows & SSH_BUG_PKAUTH)) | ||
| 1183 | buffer_put_cstring(&b, key_ssh_name(id->key)); | ||
| 1184 | buffer_put_string(&b, blob, bloblen); | ||
| 1185 | } | ||
| 1186 | free(blob); | 1156 | free(blob); |
| 1187 | 1157 | ||
| 1188 | /* append signature */ | 1158 | /* append signature */ |
| @@ -1224,8 +1194,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) | |||
| 1224 | packet_put_cstring(authctxt->service); | 1194 | packet_put_cstring(authctxt->service); |
| 1225 | packet_put_cstring(authctxt->method->name); | 1195 | packet_put_cstring(authctxt->method->name); |
| 1226 | packet_put_char(have_sig); | 1196 | packet_put_char(have_sig); |
| 1227 | if (!(datafellows & SSH_BUG_PKAUTH)) | 1197 | packet_put_cstring(key_sign_encode(id->key)); |
| 1228 | packet_put_cstring(key_sign_encode(id->key)); | ||
| 1229 | packet_put_string(blob, bloblen); | 1198 | packet_put_string(blob, bloblen); |
| 1230 | free(blob); | 1199 | free(blob); |
| 1231 | packet_send(); | 1200 | packet_send(); |
| @@ -1741,7 +1710,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 1741 | struct ssh *ssh = active_state; | 1710 | struct ssh *ssh = active_state; |
| 1742 | struct sshkey *private = NULL; | 1711 | struct sshkey *private = NULL; |
| 1743 | struct sshbuf *b = NULL; | 1712 | struct sshbuf *b = NULL; |
| 1744 | const char *service; | ||
| 1745 | u_char *sig = NULL, *keyblob = NULL; | 1713 | u_char *sig = NULL, *keyblob = NULL; |
| 1746 | char *fp = NULL, *chost = NULL, *lname = NULL; | 1714 | char *fp = NULL, *chost = NULL, *lname = NULL; |
| 1747 | size_t siglen = 0, keylen = 0; | 1715 | size_t siglen = 0, keylen = 0; |
| @@ -1812,9 +1780,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 1812 | xasprintf(&chost, "%s.", lname); | 1780 | xasprintf(&chost, "%s.", lname); |
| 1813 | debug2("%s: chost %s", __func__, chost); | 1781 | debug2("%s: chost %s", __func__, chost); |
| 1814 | 1782 | ||
| 1815 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | ||
| 1816 | authctxt->service; | ||
| 1817 | |||
| 1818 | /* construct data */ | 1783 | /* construct data */ |
| 1819 | if ((b = sshbuf_new()) == NULL) { | 1784 | if ((b = sshbuf_new()) == NULL) { |
| 1820 | error("%s: sshbuf_new failed", __func__); | 1785 | error("%s: sshbuf_new failed", __func__); |
| @@ -1827,7 +1792,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 1827 | if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || | 1792 | if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || |
| 1828 | (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || | 1793 | (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || |
| 1829 | (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || | 1794 | (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || |
| 1830 | (r = sshbuf_put_cstring(b, service)) != 0 || | 1795 | (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || |
| 1831 | (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || | 1796 | (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || |
| 1832 | (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || | 1797 | (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || |
| 1833 | (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || | 1798 | (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || |