diff options
author | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
commit | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch) | |
tree | 3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /sshconnect2.c | |
parent | 6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff) | |
parent | 66bf74a92131b7effe49fb0eefe5225151869dc5 (diff) |
Import openssh_7.6p1.orig.tar.gz
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 141 |
1 files changed, 77 insertions, 64 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index f8a54beea..be9397e48 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.255 2017/03/11 23:40:26 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -93,7 +93,7 @@ char *xxx_host; | |||
93 | struct sockaddr *xxx_hostaddr; | 93 | struct sockaddr *xxx_hostaddr; |
94 | 94 | ||
95 | static int | 95 | static int |
96 | verify_host_key_callback(Key *hostkey, struct ssh *ssh) | 96 | verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) |
97 | { | 97 | { |
98 | if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) | 98 | if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) |
99 | fatal("Host key verification failed."); | 99 | fatal("Host key verification failed."); |
@@ -217,7 +217,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
217 | kex->server_version_string=server_version_string; | 217 | kex->server_version_string=server_version_string; |
218 | kex->verify_host_key=&verify_host_key_callback; | 218 | kex->verify_host_key=&verify_host_key_callback; |
219 | 219 | ||
220 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); | 220 | ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); |
221 | 221 | ||
222 | /* remove ext-info from the KEX proposals for rekeying */ | 222 | /* remove ext-info from the KEX proposals for rekeying */ |
223 | myproposal[PROPOSAL_KEX_ALGS] = | 223 | myproposal[PROPOSAL_KEX_ALGS] = |
@@ -287,16 +287,16 @@ struct cauthmethod { | |||
287 | int *batch_flag; /* flag in option struct that disables method */ | 287 | int *batch_flag; /* flag in option struct that disables method */ |
288 | }; | 288 | }; |
289 | 289 | ||
290 | int input_userauth_service_accept(int, u_int32_t, void *); | 290 | int input_userauth_service_accept(int, u_int32_t, struct ssh *); |
291 | int input_userauth_ext_info(int, u_int32_t, void *); | 291 | int input_userauth_ext_info(int, u_int32_t, struct ssh *); |
292 | int input_userauth_success(int, u_int32_t, void *); | 292 | int input_userauth_success(int, u_int32_t, struct ssh *); |
293 | int input_userauth_success_unexpected(int, u_int32_t, void *); | 293 | int input_userauth_success_unexpected(int, u_int32_t, struct ssh *); |
294 | int input_userauth_failure(int, u_int32_t, void *); | 294 | int input_userauth_failure(int, u_int32_t, struct ssh *); |
295 | int input_userauth_banner(int, u_int32_t, void *); | 295 | int input_userauth_banner(int, u_int32_t, struct ssh *); |
296 | int input_userauth_error(int, u_int32_t, void *); | 296 | int input_userauth_error(int, u_int32_t, struct ssh *); |
297 | int input_userauth_info_req(int, u_int32_t, void *); | 297 | int input_userauth_info_req(int, u_int32_t, struct ssh *); |
298 | int input_userauth_pk_ok(int, u_int32_t, void *); | 298 | int input_userauth_pk_ok(int, u_int32_t, struct ssh *); |
299 | int input_userauth_passwd_changereq(int, u_int32_t, void *); | 299 | int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); |
300 | 300 | ||
301 | int userauth_none(Authctxt *); | 301 | int userauth_none(Authctxt *); |
302 | int userauth_pubkey(Authctxt *); | 302 | int userauth_pubkey(Authctxt *); |
@@ -306,11 +306,11 @@ int userauth_hostbased(Authctxt *); | |||
306 | 306 | ||
307 | #ifdef GSSAPI | 307 | #ifdef GSSAPI |
308 | int userauth_gssapi(Authctxt *authctxt); | 308 | int userauth_gssapi(Authctxt *authctxt); |
309 | int input_gssapi_response(int type, u_int32_t, void *); | 309 | int input_gssapi_response(int type, u_int32_t, struct ssh *); |
310 | int input_gssapi_token(int type, u_int32_t, void *); | 310 | int input_gssapi_token(int type, u_int32_t, struct ssh *); |
311 | int input_gssapi_hash(int type, u_int32_t, void *); | 311 | int input_gssapi_hash(int type, u_int32_t, struct ssh *); |
312 | int input_gssapi_error(int, u_int32_t, void *); | 312 | int input_gssapi_error(int, u_int32_t, struct ssh *); |
313 | int input_gssapi_errtok(int, u_int32_t, void *); | 313 | int input_gssapi_errtok(int, u_int32_t, struct ssh *); |
314 | #endif | 314 | #endif |
315 | 315 | ||
316 | void userauth(Authctxt *, char *); | 316 | void userauth(Authctxt *, char *); |
@@ -319,7 +319,7 @@ static int sign_and_send_pubkey(Authctxt *, Identity *); | |||
319 | static void pubkey_prepare(Authctxt *); | 319 | static void pubkey_prepare(Authctxt *); |
320 | static void pubkey_cleanup(Authctxt *); | 320 | static void pubkey_cleanup(Authctxt *); |
321 | static void pubkey_reset(Authctxt *); | 321 | static void pubkey_reset(Authctxt *); |
322 | static Key *load_identity_file(Identity *); | 322 | static struct sshkey *load_identity_file(Identity *); |
323 | 323 | ||
324 | static Authmethod *authmethod_get(char *authlist); | 324 | static Authmethod *authmethod_get(char *authlist); |
325 | static Authmethod *authmethod_lookup(const char *name); | 325 | static Authmethod *authmethod_lookup(const char *name); |
@@ -397,10 +397,12 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
397 | (r = sshpkt_send(ssh)) != 0) | 397 | (r = sshpkt_send(ssh)) != 0) |
398 | fatal("%s: %s", __func__, ssh_err(r)); | 398 | fatal("%s: %s", __func__, ssh_err(r)); |
399 | 399 | ||
400 | ssh->authctxt = &authctxt; | ||
400 | ssh_dispatch_init(ssh, &input_userauth_error); | 401 | ssh_dispatch_init(ssh, &input_userauth_error); |
401 | ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); | 402 | ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); |
402 | ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); | 403 | ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); |
403 | ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ | 404 | ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ |
405 | ssh->authctxt = NULL; | ||
404 | 406 | ||
405 | pubkey_cleanup(&authctxt); | 407 | pubkey_cleanup(&authctxt); |
406 | ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); | 408 | ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); |
@@ -412,10 +414,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
412 | 414 | ||
413 | /* ARGSUSED */ | 415 | /* ARGSUSED */ |
414 | int | 416 | int |
415 | input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt) | 417 | input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) |
416 | { | 418 | { |
417 | Authctxt *authctxt = ctxt; | 419 | Authctxt *authctxt = ssh->authctxt; |
418 | struct ssh *ssh = active_state; | ||
419 | int r; | 420 | int r; |
420 | 421 | ||
421 | if (ssh_packet_remaining(ssh) > 0) { | 422 | if (ssh_packet_remaining(ssh) > 0) { |
@@ -446,9 +447,9 @@ input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt) | |||
446 | 447 | ||
447 | /* ARGSUSED */ | 448 | /* ARGSUSED */ |
448 | int | 449 | int |
449 | input_userauth_ext_info(int type, u_int32_t seqnr, void *ctxt) | 450 | input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) |
450 | { | 451 | { |
451 | return kex_input_ext_info(type, seqnr, active_state); | 452 | return kex_input_ext_info(type, seqnr, ssh); |
452 | } | 453 | } |
453 | 454 | ||
454 | void | 455 | void |
@@ -468,7 +469,8 @@ userauth(Authctxt *authctxt, char *authlist) | |||
468 | for (;;) { | 469 | for (;;) { |
469 | Authmethod *method = authmethod_get(authlist); | 470 | Authmethod *method = authmethod_get(authlist); |
470 | if (method == NULL) | 471 | if (method == NULL) |
471 | fatal("Permission denied (%s).", authlist); | 472 | fatal("%s@%s: Permission denied (%s).", |
473 | authctxt->server_user, authctxt->host, authlist); | ||
472 | authctxt->method = method; | 474 | authctxt->method = method; |
473 | 475 | ||
474 | /* reset the per method handler */ | 476 | /* reset the per method handler */ |
@@ -488,7 +490,7 @@ userauth(Authctxt *authctxt, char *authlist) | |||
488 | 490 | ||
489 | /* ARGSUSED */ | 491 | /* ARGSUSED */ |
490 | int | 492 | int |
491 | input_userauth_error(int type, u_int32_t seq, void *ctxt) | 493 | input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) |
492 | { | 494 | { |
493 | fatal("input_userauth_error: bad message during authentication: " | 495 | fatal("input_userauth_error: bad message during authentication: " |
494 | "type %d", type); | 496 | "type %d", type); |
@@ -497,7 +499,7 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt) | |||
497 | 499 | ||
498 | /* ARGSUSED */ | 500 | /* ARGSUSED */ |
499 | int | 501 | int |
500 | input_userauth_banner(int type, u_int32_t seq, void *ctxt) | 502 | input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) |
501 | { | 503 | { |
502 | char *msg, *lang; | 504 | char *msg, *lang; |
503 | u_int len; | 505 | u_int len; |
@@ -514,9 +516,9 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) | |||
514 | 516 | ||
515 | /* ARGSUSED */ | 517 | /* ARGSUSED */ |
516 | int | 518 | int |
517 | input_userauth_success(int type, u_int32_t seq, void *ctxt) | 519 | input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) |
518 | { | 520 | { |
519 | Authctxt *authctxt = ctxt; | 521 | Authctxt *authctxt = ssh->authctxt; |
520 | 522 | ||
521 | if (authctxt == NULL) | 523 | if (authctxt == NULL) |
522 | fatal("input_userauth_success: no authentication context"); | 524 | fatal("input_userauth_success: no authentication context"); |
@@ -531,9 +533,9 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) | |||
531 | } | 533 | } |
532 | 534 | ||
533 | int | 535 | int |
534 | input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) | 536 | input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) |
535 | { | 537 | { |
536 | Authctxt *authctxt = ctxt; | 538 | Authctxt *authctxt = ssh->authctxt; |
537 | 539 | ||
538 | if (authctxt == NULL) | 540 | if (authctxt == NULL) |
539 | fatal("%s: no authentication context", __func__); | 541 | fatal("%s: no authentication context", __func__); |
@@ -545,9 +547,9 @@ input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) | |||
545 | 547 | ||
546 | /* ARGSUSED */ | 548 | /* ARGSUSED */ |
547 | int | 549 | int |
548 | input_userauth_failure(int type, u_int32_t seq, void *ctxt) | 550 | input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) |
549 | { | 551 | { |
550 | Authctxt *authctxt = ctxt; | 552 | Authctxt *authctxt = ssh->authctxt; |
551 | char *authlist = NULL; | 553 | char *authlist = NULL; |
552 | int partial; | 554 | int partial; |
553 | 555 | ||
@@ -571,10 +573,10 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) | |||
571 | 573 | ||
572 | /* ARGSUSED */ | 574 | /* ARGSUSED */ |
573 | int | 575 | int |
574 | input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | 576 | input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) |
575 | { | 577 | { |
576 | Authctxt *authctxt = ctxt; | 578 | Authctxt *authctxt = ssh->authctxt; |
577 | Key *key = NULL; | 579 | struct sshkey *key = NULL; |
578 | Identity *id = NULL; | 580 | Identity *id = NULL; |
579 | Buffer b; | 581 | Buffer b; |
580 | int pktype, sent = 0; | 582 | int pktype, sent = 0; |
@@ -702,9 +704,9 @@ userauth_gssapi(Authctxt *authctxt) | |||
702 | } | 704 | } |
703 | 705 | ||
704 | static OM_uint32 | 706 | static OM_uint32 |
705 | process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) | 707 | process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) |
706 | { | 708 | { |
707 | Authctxt *authctxt = ctxt; | 709 | Authctxt *authctxt = ssh->authctxt; |
708 | Gssctxt *gssctxt = authctxt->methoddata; | 710 | Gssctxt *gssctxt = authctxt->methoddata; |
709 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | 711 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; |
710 | gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; | 712 | gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; |
@@ -757,9 +759,9 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) | |||
757 | 759 | ||
758 | /* ARGSUSED */ | 760 | /* ARGSUSED */ |
759 | int | 761 | int |
760 | input_gssapi_response(int type, u_int32_t plen, void *ctxt) | 762 | input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) |
761 | { | 763 | { |
762 | Authctxt *authctxt = ctxt; | 764 | Authctxt *authctxt = ssh->authctxt; |
763 | Gssctxt *gssctxt; | 765 | Gssctxt *gssctxt; |
764 | int oidlen; | 766 | int oidlen; |
765 | char *oidv; | 767 | char *oidv; |
@@ -787,7 +789,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
787 | 789 | ||
788 | free(oidv); | 790 | free(oidv); |
789 | 791 | ||
790 | if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { | 792 | if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) { |
791 | /* Start again with next method on list */ | 793 | /* Start again with next method on list */ |
792 | debug("Trying to start again"); | 794 | debug("Trying to start again"); |
793 | userauth(authctxt, NULL); | 795 | userauth(authctxt, NULL); |
@@ -798,9 +800,9 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
798 | 800 | ||
799 | /* ARGSUSED */ | 801 | /* ARGSUSED */ |
800 | int | 802 | int |
801 | input_gssapi_token(int type, u_int32_t plen, void *ctxt) | 803 | input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) |
802 | { | 804 | { |
803 | Authctxt *authctxt = ctxt; | 805 | Authctxt *authctxt = ssh->authctxt; |
804 | gss_buffer_desc recv_tok; | 806 | gss_buffer_desc recv_tok; |
805 | OM_uint32 status; | 807 | OM_uint32 status; |
806 | u_int slen; | 808 | u_int slen; |
@@ -813,7 +815,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) | |||
813 | 815 | ||
814 | packet_check_eom(); | 816 | packet_check_eom(); |
815 | 817 | ||
816 | status = process_gssapi_token(ctxt, &recv_tok); | 818 | status = process_gssapi_token(ssh, &recv_tok); |
817 | 819 | ||
818 | free(recv_tok.value); | 820 | free(recv_tok.value); |
819 | 821 | ||
@@ -827,9 +829,9 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) | |||
827 | 829 | ||
828 | /* ARGSUSED */ | 830 | /* ARGSUSED */ |
829 | int | 831 | int |
830 | input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | 832 | input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) |
831 | { | 833 | { |
832 | Authctxt *authctxt = ctxt; | 834 | Authctxt *authctxt = ssh->authctxt; |
833 | Gssctxt *gssctxt; | 835 | Gssctxt *gssctxt; |
834 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | 836 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; |
835 | gss_buffer_desc recv_tok; | 837 | gss_buffer_desc recv_tok; |
@@ -858,7 +860,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
858 | 860 | ||
859 | /* ARGSUSED */ | 861 | /* ARGSUSED */ |
860 | int | 862 | int |
861 | input_gssapi_error(int type, u_int32_t plen, void *ctxt) | 863 | input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) |
862 | { | 864 | { |
863 | char *msg; | 865 | char *msg; |
864 | char *lang; | 866 | char *lang; |
@@ -893,7 +895,7 @@ int | |||
893 | userauth_passwd(Authctxt *authctxt) | 895 | userauth_passwd(Authctxt *authctxt) |
894 | { | 896 | { |
895 | static int attempt = 0; | 897 | static int attempt = 0; |
896 | char prompt[150]; | 898 | char prompt[256]; |
897 | char *password; | 899 | char *password; |
898 | const char *host = options.host_key_alias ? options.host_key_alias : | 900 | const char *host = options.host_key_alias ? options.host_key_alias : |
899 | authctxt->host; | 901 | authctxt->host; |
@@ -929,11 +931,11 @@ userauth_passwd(Authctxt *authctxt) | |||
929 | */ | 931 | */ |
930 | /* ARGSUSED */ | 932 | /* ARGSUSED */ |
931 | int | 933 | int |
932 | input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | 934 | input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) |
933 | { | 935 | { |
934 | Authctxt *authctxt = ctxt; | 936 | Authctxt *authctxt = ssh->authctxt; |
935 | char *info, *lang, *password = NULL, *retype = NULL; | 937 | char *info, *lang, *password = NULL, *retype = NULL; |
936 | char prompt[150]; | 938 | char prompt[256]; |
937 | const char *host; | 939 | const char *host; |
938 | 940 | ||
939 | debug2("input_userauth_passwd_changereq"); | 941 | debug2("input_userauth_passwd_changereq"); |
@@ -1015,7 +1017,7 @@ static int | |||
1015 | identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | 1017 | identity_sign(struct identity *id, u_char **sigp, size_t *lenp, |
1016 | const u_char *data, size_t datalen, u_int compat) | 1018 | const u_char *data, size_t datalen, u_int compat) |
1017 | { | 1019 | { |
1018 | Key *prv; | 1020 | struct sshkey *prv; |
1019 | int ret; | 1021 | int ret; |
1020 | 1022 | ||
1021 | /* the agent supports this key */ | 1023 | /* the agent supports this key */ |
@@ -1035,6 +1037,11 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | |||
1035 | /* load the private key from the file */ | 1037 | /* load the private key from the file */ |
1036 | if ((prv = load_identity_file(id)) == NULL) | 1038 | if ((prv = load_identity_file(id)) == NULL) |
1037 | return SSH_ERR_KEY_NOT_FOUND; | 1039 | return SSH_ERR_KEY_NOT_FOUND; |
1040 | if (id->key != NULL && !sshkey_equal_public(prv, id->key)) { | ||
1041 | error("%s: private key %s contents do not match public", | ||
1042 | __func__, id->filename); | ||
1043 | return SSH_ERR_KEY_NOT_FOUND; | ||
1044 | } | ||
1038 | ret = sshkey_sign(prv, sigp, lenp, data, datalen, | 1045 | ret = sshkey_sign(prv, sigp, lenp, data, datalen, |
1039 | key_sign_encode(prv), compat); | 1046 | key_sign_encode(prv), compat); |
1040 | sshkey_free(prv); | 1047 | sshkey_free(prv); |
@@ -1225,10 +1232,10 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) | |||
1225 | return 1; | 1232 | return 1; |
1226 | } | 1233 | } |
1227 | 1234 | ||
1228 | static Key * | 1235 | static struct sshkey * |
1229 | load_identity_file(Identity *id) | 1236 | load_identity_file(Identity *id) |
1230 | { | 1237 | { |
1231 | Key *private = NULL; | 1238 | struct sshkey *private = NULL; |
1232 | char prompt[300], *passphrase, *comment; | 1239 | char prompt[300], *passphrase, *comment; |
1233 | int r, perm_ok = 0, quit = 0, i; | 1240 | int r, perm_ok = 0, quit = 0, i; |
1234 | struct stat st; | 1241 | struct stat st; |
@@ -1317,8 +1324,6 @@ pubkey_prepare(Authctxt *authctxt) | |||
1317 | /* list of keys stored in the filesystem and PKCS#11 */ | 1324 | /* list of keys stored in the filesystem and PKCS#11 */ |
1318 | for (i = 0; i < options.num_identity_files; i++) { | 1325 | for (i = 0; i < options.num_identity_files; i++) { |
1319 | key = options.identity_keys[i]; | 1326 | key = options.identity_keys[i]; |
1320 | if (key && key->type == KEY_RSA1) | ||
1321 | continue; | ||
1322 | if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) | 1327 | if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) |
1323 | continue; | 1328 | continue; |
1324 | options.identity_keys[i] = NULL; | 1329 | options.identity_keys[i] = NULL; |
@@ -1347,7 +1352,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1347 | if (r != SSH_ERR_AGENT_NOT_PRESENT) | 1352 | if (r != SSH_ERR_AGENT_NOT_PRESENT) |
1348 | debug("%s: ssh_get_authentication_socket: %s", | 1353 | debug("%s: ssh_get_authentication_socket: %s", |
1349 | __func__, ssh_err(r)); | 1354 | __func__, ssh_err(r)); |
1350 | } else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) { | 1355 | } else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) { |
1351 | if (r != SSH_ERR_AGENT_NO_IDENTITIES) | 1356 | if (r != SSH_ERR_AGENT_NO_IDENTITIES) |
1352 | debug("%s: ssh_fetch_identitylist: %s", | 1357 | debug("%s: ssh_fetch_identitylist: %s", |
1353 | __func__, ssh_err(r)); | 1358 | __func__, ssh_err(r)); |
@@ -1471,7 +1476,7 @@ try_identity(Identity *id) | |||
1471 | key_type(id->key), id->filename); | 1476 | key_type(id->key), id->filename); |
1472 | return (0); | 1477 | return (0); |
1473 | } | 1478 | } |
1474 | return (id->key->type != KEY_RSA1); | 1479 | return 1; |
1475 | } | 1480 | } |
1476 | 1481 | ||
1477 | int | 1482 | int |
@@ -1479,6 +1484,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
1479 | { | 1484 | { |
1480 | Identity *id; | 1485 | Identity *id; |
1481 | int sent = 0; | 1486 | int sent = 0; |
1487 | char *fp; | ||
1482 | 1488 | ||
1483 | while ((id = TAILQ_FIRST(&authctxt->keys))) { | 1489 | while ((id = TAILQ_FIRST(&authctxt->keys))) { |
1484 | if (id->tried++) | 1490 | if (id->tried++) |
@@ -1493,8 +1499,16 @@ userauth_pubkey(Authctxt *authctxt) | |||
1493 | */ | 1499 | */ |
1494 | if (id->key != NULL) { | 1500 | if (id->key != NULL) { |
1495 | if (try_identity(id)) { | 1501 | if (try_identity(id)) { |
1496 | debug("Offering %s public key: %s", | 1502 | if ((fp = sshkey_fingerprint(id->key, |
1497 | key_type(id->key), id->filename); | 1503 | options.fingerprint_hash, |
1504 | SSH_FP_DEFAULT)) == NULL) { | ||
1505 | error("%s: sshkey_fingerprint failed", | ||
1506 | __func__); | ||
1507 | return 0; | ||
1508 | } | ||
1509 | debug("Offering public key: %s %s %s", | ||
1510 | sshkey_type(id->key), fp, id->filename); | ||
1511 | free(fp); | ||
1498 | sent = send_pubkey_test(authctxt, id); | 1512 | sent = send_pubkey_test(authctxt, id); |
1499 | } | 1513 | } |
1500 | } else { | 1514 | } else { |
@@ -1552,9 +1566,9 @@ userauth_kbdint(Authctxt *authctxt) | |||
1552 | * parse INFO_REQUEST, prompt user and send INFO_RESPONSE | 1566 | * parse INFO_REQUEST, prompt user and send INFO_RESPONSE |
1553 | */ | 1567 | */ |
1554 | int | 1568 | int |
1555 | input_userauth_info_req(int type, u_int32_t seq, void *ctxt) | 1569 | input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) |
1556 | { | 1570 | { |
1557 | Authctxt *authctxt = ctxt; | 1571 | Authctxt *authctxt = ssh->authctxt; |
1558 | char *name, *inst, *lang, *prompt, *response; | 1572 | char *name, *inst, *lang, *prompt, *response; |
1559 | u_int num_prompts, i; | 1573 | u_int num_prompts, i; |
1560 | int echo = 0; | 1574 | int echo = 0; |
@@ -1755,7 +1769,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
1755 | private = NULL; | 1769 | private = NULL; |
1756 | for (i = 0; i < authctxt->sensitive->nkeys; i++) { | 1770 | for (i = 0; i < authctxt->sensitive->nkeys; i++) { |
1757 | if (authctxt->sensitive->keys[i] == NULL || | 1771 | if (authctxt->sensitive->keys[i] == NULL || |
1758 | authctxt->sensitive->keys[i]->type == KEY_RSA1 || | ||
1759 | authctxt->sensitive->keys[i]->type == KEY_UNSPEC) | 1772 | authctxt->sensitive->keys[i]->type == KEY_UNSPEC) |
1760 | continue; | 1773 | continue; |
1761 | if (match_pattern_list( | 1774 | if (match_pattern_list( |