summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--monitor.c38
2 files changed, 37 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 6836a24cf..515d12474 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -87,6 +87,11 @@
87 - markus@cvs.openbsd.org 2002/06/04 19:42:35 87 - markus@cvs.openbsd.org 2002/06/04 19:42:35
88 [monitor.c] 88 [monitor.c]
89 only allow enabled authentication methods; ok provos@ 89 only allow enabled authentication methods; ok provos@
90 - markus@cvs.openbsd.org 2002/06/04 19:53:40
91 [monitor.c]
92 save the session id (hash) for ssh2 (it will be passed with the
93 initial sign request) and verify that this value is used during
94 authentication; ok provos@
90 95
9120020604 9620020604
92 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed 97 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@@ -771,4 +776,4 @@
771 - (stevesk) entropy.c: typo in debug message 776 - (stevesk) entropy.c: typo in debug message
772 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 777 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
773 778
774$Id: ChangeLog,v 1.2167 2002/06/06 20:57:17 mouring Exp $ 779$Id: ChangeLog,v 1.2168 2002/06/06 20:58:19 mouring Exp $
diff --git a/monitor.c b/monitor.c
index 6fe0afd7e..a96ca04d5 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor.c,v 1.12 2002/06/04 19:42:35 markus Exp $"); 28RCSID("$OpenBSD: monitor.c,v 1.13 2002/06/04 19:53:40 markus Exp $");
29 29
30#include <openssl/dh.h> 30#include <openssl/dh.h>
31 31
@@ -128,6 +128,8 @@ static int key_blobtype = MM_NOKEY;
128static u_char *hostbased_cuser = NULL; 128static u_char *hostbased_cuser = NULL;
129static u_char *hostbased_chost = NULL; 129static u_char *hostbased_chost = NULL;
130static char *auth_method = "unknown"; 130static char *auth_method = "unknown";
131static int session_id2_len = 0;
132static u_char *session_id2 = NULL;
131 133
132struct mon_table { 134struct mon_table {
133 enum monitor_reqtype type; 135 enum monitor_reqtype type;
@@ -454,6 +456,13 @@ mm_answer_sign(int socket, Buffer *m)
454 if (datlen != 20) 456 if (datlen != 20)
455 fatal("%s: data length incorrect: %d", __FUNCTION__, datlen); 457 fatal("%s: data length incorrect: %d", __FUNCTION__, datlen);
456 458
459 /* save session id, it will be passed on the first call */
460 if (session_id2_len == 0) {
461 session_id2_len = datlen;
462 session_id2 = xmalloc(session_id2_len);
463 memcpy(session_id2, p, session_id2_len);
464 }
465
457 if ((key = get_hostkey_by_index(keyid)) == NULL) 466 if ((key = get_hostkey_by_index(keyid)) == NULL)
458 fatal("%s: no hostkey from index %d", __FUNCTION__, keyid); 467 fatal("%s: no hostkey from index %d", __FUNCTION__, keyid);
459 if (key_sign(key, &signature, &siglen, p, datlen) < 0) 468 if (key_sign(key, &signature, &siglen, p, datlen) < 0)
@@ -819,17 +828,25 @@ monitor_valid_userblob(u_char *data, u_int datalen)
819 u_char *p; 828 u_char *p;
820 u_int len; 829 u_int len;
821 int fail = 0; 830 int fail = 0;
822 int session_id2_len = 20 /*XXX should get from [net] */;
823 831
824 buffer_init(&b); 832 buffer_init(&b);
825 buffer_append(&b, data, datalen); 833 buffer_append(&b, data, datalen);
826 834
827 if (datafellows & SSH_OLD_SESSIONID) { 835 if (datafellows & SSH_OLD_SESSIONID) {
836 p = buffer_ptr(&b);
837 len = buffer_len(&b);
838 if ((session_id2 == NULL) ||
839 (len < session_id2_len) ||
840 (memcmp(p, session_id2, session_id2_len) != 0))
841 fail++;
828 buffer_consume(&b, session_id2_len); 842 buffer_consume(&b, session_id2_len);
829 } else { 843 } else {
830 xfree(buffer_get_string(&b, &len)); 844 p = buffer_get_string(&b, &len);
831 if (len != session_id2_len) 845 if ((session_id2 == NULL) ||
846 (len != session_id2_len) ||
847 (memcmp(p, session_id2, session_id2_len) != 0))
832 fail++; 848 fail++;
849 xfree(p);
833 } 850 }
834 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 851 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
835 fail++; 852 fail++;
@@ -868,14 +885,17 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser,
868 u_char *p; 885 u_char *p;
869 u_int len; 886 u_int len;
870 int fail = 0; 887 int fail = 0;
871 int session_id2_len = 20 /*XXX should get from [net] */;
872 888
873 buffer_init(&b); 889 buffer_init(&b);
874 buffer_append(&b, data, datalen); 890 buffer_append(&b, data, datalen);
875 891
876 xfree(buffer_get_string(&b, &len)); 892 p = buffer_get_string(&b, &len);
877 if (len != session_id2_len) 893 if ((session_id2 == NULL) ||
894 (len != session_id2_len) ||
895 (memcmp(p, session_id2, session_id2_len) != 0))
878 fail++; 896 fail++;
897 xfree(p);
898
879 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 899 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
880 fail++; 900 fail++;
881 p = buffer_get_string(&b, NULL); 901 p = buffer_get_string(&b, NULL);
@@ -1334,6 +1354,10 @@ mm_get_kex(Buffer *m)
1334 kex = xmalloc(sizeof(*kex)); 1354 kex = xmalloc(sizeof(*kex));
1335 memset(kex, 0, sizeof(*kex)); 1355 memset(kex, 0, sizeof(*kex));
1336 kex->session_id = buffer_get_string(m, &kex->session_id_len); 1356 kex->session_id = buffer_get_string(m, &kex->session_id_len);
1357 if ((session_id2 == NULL) ||
1358 (kex->session_id_len != session_id2_len) ||
1359 (memcmp(kex->session_id, session_id2, session_id2_len) != 0))
1360 fatal("mm_get_get: internal error: bad session id");
1337 kex->we_need = buffer_get_int(m); 1361 kex->we_need = buffer_get_int(m);
1338 kex->server = 1; 1362 kex->server = 1;
1339 kex->hostkey_type = buffer_get_int(m); 1363 kex->hostkey_type = buffer_get_int(m);