summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth2-pubkey.c27
1 files changed, 16 insertions, 11 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index b1b5b747b..41b34aed2 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.54 2015/10/27 01:44:45 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.55 2016/01/27 00:53:12 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -79,19 +79,19 @@ userauth_pubkey(Authctxt *authctxt)
79{ 79{
80 Buffer b; 80 Buffer b;
81 Key *key = NULL; 81 Key *key = NULL;
82 char *pkalg, *userstyle; 82 char *pkalg, *userstyle, *fp = NULL;
83 u_char *pkblob, *sig; 83 u_char *pkblob, *sig;
84 u_int alen, blen, slen; 84 u_int alen, blen, slen;
85 int have_sig, pktype; 85 int have_sig, pktype;
86 int authenticated = 0; 86 int authenticated = 0;
87 87
88 if (!authctxt->valid) { 88 if (!authctxt->valid) {
89 debug2("userauth_pubkey: disabled because of invalid user"); 89 debug2("%s: disabled because of invalid user", __func__);
90 return 0; 90 return 0;
91 } 91 }
92 have_sig = packet_get_char(); 92 have_sig = packet_get_char();
93 if (datafellows & SSH_BUG_PKAUTH) { 93 if (datafellows & SSH_BUG_PKAUTH) {
94 debug2("userauth_pubkey: SSH_BUG_PKAUTH"); 94 debug2("%s: SSH_BUG_PKAUTH", __func__);
95 /* no explicit pkalg given */ 95 /* no explicit pkalg given */
96 pkblob = packet_get_string(&blen); 96 pkblob = packet_get_string(&blen);
97 buffer_init(&b); 97 buffer_init(&b);
@@ -106,18 +106,18 @@ userauth_pubkey(Authctxt *authctxt)
106 pktype = key_type_from_name(pkalg); 106 pktype = key_type_from_name(pkalg);
107 if (pktype == KEY_UNSPEC) { 107 if (pktype == KEY_UNSPEC) {
108 /* this is perfectly legal */ 108 /* this is perfectly legal */
109 logit("userauth_pubkey: unsupported public key algorithm: %s", 109 logit("%s: unsupported public key algorithm: %s",
110 pkalg); 110 __func__, pkalg);
111 goto done; 111 goto done;
112 } 112 }
113 key = key_from_blob(pkblob, blen); 113 key = key_from_blob(pkblob, blen);
114 if (key == NULL) { 114 if (key == NULL) {
115 error("userauth_pubkey: cannot decode key: %s", pkalg); 115 error("%s: cannot decode key: %s", __func__, pkalg);
116 goto done; 116 goto done;
117 } 117 }
118 if (key->type != pktype) { 118 if (key->type != pktype) {
119 error("userauth_pubkey: type mismatch for decoded key " 119 error("%s: type mismatch for decoded key "
120 "(received %d, expected %d)", key->type, pktype); 120 "(received %d, expected %d)", __func__, key->type, pktype);
121 goto done; 121 goto done;
122 } 122 }
123 if (key_type_plain(key->type) == KEY_RSA && 123 if (key_type_plain(key->type) == KEY_RSA &&
@@ -126,6 +126,7 @@ userauth_pubkey(Authctxt *authctxt)
126 "signature scheme"); 126 "signature scheme");
127 goto done; 127 goto done;
128 } 128 }
129 fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT);
129 if (auth2_userkey_already_used(authctxt, key)) { 130 if (auth2_userkey_already_used(authctxt, key)) {
130 logit("refusing previously-used %s key", key_type(key)); 131 logit("refusing previously-used %s key", key_type(key));
131 goto done; 132 goto done;
@@ -138,6 +139,8 @@ userauth_pubkey(Authctxt *authctxt)
138 } 139 }
139 140
140 if (have_sig) { 141 if (have_sig) {
142 debug3("%s: have signature for %s %s",
143 __func__, sshkey_type(key), fp);
141 sig = packet_get_string(&slen); 144 sig = packet_get_string(&slen);
142 packet_check_eom(); 145 packet_check_eom();
143 buffer_init(&b); 146 buffer_init(&b);
@@ -183,7 +186,8 @@ userauth_pubkey(Authctxt *authctxt)
183 buffer_free(&b); 186 buffer_free(&b);
184 free(sig); 187 free(sig);
185 } else { 188 } else {
186 debug("test whether pkalg/pkblob are acceptable"); 189 debug("%s: test whether pkalg/pkblob are acceptable for %s %s",
190 __func__, sshkey_type(key), fp);
187 packet_check_eom(); 191 packet_check_eom();
188 192
189 /* XXX fake reply and always send PK_OK ? */ 193 /* XXX fake reply and always send PK_OK ? */
@@ -206,11 +210,12 @@ userauth_pubkey(Authctxt *authctxt)
206 if (authenticated != 1) 210 if (authenticated != 1)
207 auth_clear_options(); 211 auth_clear_options();
208done: 212done:
209 debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); 213 debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
210 if (key != NULL) 214 if (key != NULL)
211 key_free(key); 215 key_free(key);
212 free(pkalg); 216 free(pkalg);
213 free(pkblob); 217 free(pkblob);
218 free(fp);
214 return authenticated; 219 return authenticated;
215} 220}
216 221