summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog16
-rw-r--r--auth2.c33
-rw-r--r--compat.c14
-rw-r--r--compat.h5
-rw-r--r--next-posix.h4
-rw-r--r--sshconnect2.c21
6 files changed, 68 insertions, 25 deletions
diff --git a/ChangeLog b/ChangeLog
index f598574cc..f5d13bc5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,19 @@
120001204
2 - (bal) More C functions defined in NeXT that are unaccessable without
3 defining -POSIX.
4 - (bal) OpenBSD CVS updates:
5 - markus@cvs.openbsd.org 2000/12/03 11:29:04
6 [compat.c]
7 remove fallback to SSH_BUG_HMAC now that the drafts are updated
8 - markus@cvs.openbsd.org 2000/12/03 11:27:55
9 [compat.c]
10 correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat
11 - markus@cvs.openbsd.org 2000/12/03 11:15:03
12 [auth2.c compat.c compat.h sshconnect2.c]
13 support f-secure/ssh.com 2.0.12; ok niels@
14
120001203 1520001203
2- (bal) OpenBSD CVS updates: 16 - (bal) OpenBSD CVS updates:
3 - markus@cvs.openbsd.org 2000/11/30 22:54:31 17 - markus@cvs.openbsd.org 2000/11/30 22:54:31
4 [channels.c] 18 [channels.c]
5 debug->warn if tried to do -R style fwd w/o client requesting this; 19 debug->warn if tried to do -R style fwd w/o client requesting this;
diff --git a/auth2.c b/auth2.c
index 8e8edf920..030e28da1 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2.c,v 1.21 2000/11/12 19:50:37 markus Exp $"); 26RCSID("$OpenBSD: auth2.c,v 1.22 2000/12/03 11:15:02 markus Exp $");
27 27
28#ifdef HAVE_OSF_SIA 28#ifdef HAVE_OSF_SIA
29# include <sia.h> 29# include <sia.h>
@@ -434,14 +434,27 @@ userauth_pubkey(Authctxt *authctxt)
434 return 0; 434 return 0;
435 } 435 }
436 have_sig = packet_get_char(); 436 have_sig = packet_get_char();
437 pkalg = packet_get_string(&alen); 437 if (datafellows & SSH_BUG_PKAUTH) {
438 debug2("userauth_pubkey: SSH_BUG_PKAUTH");
439 /* no explicit pkalg given */
440 pkblob = packet_get_string(&blen);
441 buffer_init(&b);
442 buffer_append(&b, pkblob, blen);
443 /* so we have to extract the pkalg from the pkblob */
444 pkalg = buffer_get_string(&b, &alen);
445 buffer_free(&b);
446 } else {
447 pkalg = packet_get_string(&alen);
448 pkblob = packet_get_string(&blen);
449 }
438 pktype = key_type_from_name(pkalg); 450 pktype = key_type_from_name(pkalg);
439 if (pktype == KEY_UNSPEC) { 451 if (pktype == KEY_UNSPEC) {
440 log("bad pkalg %s", pkalg); 452 /* this is perfectly legal */
453 log("userauth_pubkey: unsupported public key algorithm: %s", pkalg);
441 xfree(pkalg); 454 xfree(pkalg);
455 xfree(pkblob);
442 return 0; 456 return 0;
443 } 457 }
444 pkblob = packet_get_string(&blen);
445 key = key_from_blob(pkblob, blen); 458 key = key_from_blob(pkblob, blen);
446 if (key != NULL) { 459 if (key != NULL) {
447 if (have_sig) { 460 if (have_sig) {
@@ -457,12 +470,16 @@ userauth_pubkey(Authctxt *authctxt)
457 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 470 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
458 buffer_put_cstring(&b, authctxt->user); 471 buffer_put_cstring(&b, authctxt->user);
459 buffer_put_cstring(&b, 472 buffer_put_cstring(&b,
460 datafellows & SSH_BUG_PUBKEYAUTH ? 473 datafellows & SSH_BUG_PKSERVICE ?
461 "ssh-userauth" : 474 "ssh-userauth" :
462 authctxt->service); 475 authctxt->service);
463 buffer_put_cstring(&b, "publickey"); 476 if (datafellows & SSH_BUG_PKAUTH) {
464 buffer_put_char(&b, have_sig); 477 buffer_put_char(&b, have_sig);
465 buffer_put_cstring(&b, key_ssh_name(key)); 478 } else {
479 buffer_put_cstring(&b, "publickey");
480 buffer_put_char(&b, have_sig);
481 buffer_put_cstring(&b, key_ssh_name(key));
482 }
466 buffer_put_string(&b, pkblob, blen); 483 buffer_put_string(&b, pkblob, blen);
467#ifdef DEBUG_PK 484#ifdef DEBUG_PK
468 buffer_dump(&b); 485 buffer_dump(&b);
diff --git a/compat.c b/compat.c
index 362c3cb83..b4e99a928 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: compat.c,v 1.27 2000/10/31 09:31:58 markus Exp $"); 26RCSID("$OpenBSD: compat.c,v 1.30 2000/12/03 11:29:04 markus Exp $");
27 27
28#include "ssh.h" 28#include "ssh.h"
29#include "packet.h" 29#include "packet.h"
@@ -64,17 +64,19 @@ compat_datafellows(const char *version)
64 } check[] = { 64 } check[] = {
65 { "^OpenSSH[-_]2\\.[012]", SSH_OLD_SESSIONID }, 65 { "^OpenSSH[-_]2\\.[012]", SSH_OLD_SESSIONID },
66 { "MindTerm", 0 }, 66 { "MindTerm", 0 },
67 { "^2\\.1\\.0 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 67 { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
68 SSH_OLD_SESSIONID }, 68 SSH_OLD_SESSIONID },
69 { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 69 { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
70 SSH_OLD_SESSIONID| 70 SSH_OLD_SESSIONID|
71 SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD }, 71 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD },
72 { "^2\\.[23]\\.0 ", SSH_BUG_HMAC}, 72 { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
73 SSH_OLD_SESSIONID|SSH_BUG_PKAUTH|
74 SSH_BUG_PKSERVICE|SSH_BUG_X11FWD },
75 { "^2\\.[23]\\.0", SSH_BUG_HMAC},
73 { "^2\\.[2-9]\\.", 0 }, 76 { "^2\\.[2-9]\\.", 0 },
74 { "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */ 77 { "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */
75 { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID}, 78 { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID},
76 { "^1\\.7 SecureFX", SSH_OLD_SESSIONID}, 79 { "^1\\.7 SecureFX", SSH_OLD_SESSIONID},
77 { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */
78 { NULL, 0 } 80 { NULL, 0 }
79 }; 81 };
80 /* process table, return first match */ 82 /* process table, return first match */
diff --git a/compat.h b/compat.h
index f14efafa7..86e471506 100644
--- a/compat.h
+++ b/compat.h
@@ -21,7 +21,7 @@
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24/* RCSID("$OpenBSD: compat.h,v 1.11 2000/10/14 12:16:56 markus Exp $"); */ 24/* RCSID("$OpenBSD: compat.h,v 1.12 2000/12/03 11:15:03 markus Exp $"); */
25 25
26#ifndef COMPAT_H 26#ifndef COMPAT_H
27#define COMPAT_H 27#define COMPAT_H
@@ -32,10 +32,11 @@
32#define SSH_PROTO_2 0x04 32#define SSH_PROTO_2 0x04
33 33
34#define SSH_BUG_SIGBLOB 0x01 34#define SSH_BUG_SIGBLOB 0x01
35#define SSH_BUG_PUBKEYAUTH 0x02 35#define SSH_BUG_PKSERVICE 0x02
36#define SSH_BUG_HMAC 0x04 36#define SSH_BUG_HMAC 0x04
37#define SSH_BUG_X11FWD 0x08 37#define SSH_BUG_X11FWD 0x08
38#define SSH_OLD_SESSIONID 0x10 38#define SSH_OLD_SESSIONID 0x10
39#define SSH_BUG_PKAUTH 0x20
39 40
40void enable_compat13(void); 41void enable_compat13(void);
41void enable_compat20(void); 42void enable_compat20(void);
diff --git a/next-posix.h b/next-posix.h
index 466877546..92002060b 100644
--- a/next-posix.h
+++ b/next-posix.h
@@ -37,9 +37,11 @@
37pid_t posix_wait(int *status); 37pid_t posix_wait(int *status);
38#define wait(a) posix_wait(a) 38#define wait(a) posix_wait(a)
39 39
40/* #ifdef POSIX wrapped functions that need defining */ 40/* #ifdef wrapped functions that need defining for clean compiling */
41pid_t getppid(void); 41pid_t getppid(void);
42void vhangup(void); 42void vhangup(void);
43int innetgr(const char *netgroup, const char *host, const char *user,
44 const char *domain);
43 45
44/* TERMCAP */ 46/* TERMCAP */
45int tcgetattr(int fd, struct termios *t); 47int tcgetattr(int fd, struct termios *t);
diff --git a/sshconnect2.c b/sshconnect2.c
index 69d9c49e3..036519fad 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.30 2000/12/03 11:15:04 markus Exp $");
27 27
28#include <openssl/bn.h> 28#include <openssl/bn.h>
29#include <openssl/rsa.h> 29#include <openssl/rsa.h>
@@ -647,8 +647,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
647 int ret = -1; 647 int ret = -1;
648 int have_sig = 1; 648 int have_sig = 1;
649 649
650 debug3("sign_and_send_pubkey");
650 if (key_to_blob(k, &blob, &bloblen) == 0) { 651 if (key_to_blob(k, &blob, &bloblen) == 0) {
651 /* we cannot handle this key */ 652 /* we cannot handle this key */
653 debug3("sign_and_send_pubkey: cannot handle key");
652 return 0; 654 return 0;
653 } 655 }
654 /* data to be signed */ 656 /* data to be signed */
@@ -663,12 +665,16 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
663 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 665 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
664 buffer_put_cstring(&b, authctxt->server_user); 666 buffer_put_cstring(&b, authctxt->server_user);
665 buffer_put_cstring(&b, 667 buffer_put_cstring(&b,
666 datafellows & SSH_BUG_PUBKEYAUTH ? 668 datafellows & SSH_BUG_PKSERVICE ?
667 "ssh-userauth" : 669 "ssh-userauth" :
668 authctxt->service); 670 authctxt->service);
669 buffer_put_cstring(&b, authctxt->method->name); 671 if (datafellows & SSH_BUG_PKAUTH) {
670 buffer_put_char(&b, have_sig); 672 buffer_put_char(&b, have_sig);
671 buffer_put_cstring(&b, key_ssh_name(k)); 673 } else {
674 buffer_put_cstring(&b, authctxt->method->name);
675 buffer_put_char(&b, have_sig);
676 buffer_put_cstring(&b, key_ssh_name(k));
677 }
672 buffer_put_string(&b, blob, bloblen); 678 buffer_put_string(&b, blob, bloblen);
673 679
674 /* generate signature */ 680 /* generate signature */
@@ -681,7 +687,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
681#ifdef DEBUG_PK 687#ifdef DEBUG_PK
682 buffer_dump(&b); 688 buffer_dump(&b);
683#endif 689#endif
684 if (datafellows & SSH_BUG_PUBKEYAUTH) { 690 if (datafellows & SSH_BUG_PKSERVICE) {
685 buffer_clear(&b); 691 buffer_clear(&b);
686 buffer_append(&b, session_id2, session_id2_len); 692 buffer_append(&b, session_id2, session_id2_len);
687 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 693 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
@@ -689,7 +695,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
689 buffer_put_cstring(&b, authctxt->service); 695 buffer_put_cstring(&b, authctxt->service);
690 buffer_put_cstring(&b, authctxt->method->name); 696 buffer_put_cstring(&b, authctxt->method->name);
691 buffer_put_char(&b, have_sig); 697 buffer_put_char(&b, have_sig);
692 buffer_put_cstring(&b, key_ssh_name(k)); 698 if (!(datafellows & SSH_BUG_PKAUTH))
699 buffer_put_cstring(&b, key_ssh_name(k));
693 buffer_put_string(&b, blob, bloblen); 700 buffer_put_string(&b, blob, bloblen);
694 } 701 }
695 xfree(blob); 702 xfree(blob);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-19 19:22:27 +0000