diff options
Diffstat (limited to 'auth2-hostbased.c')
| -rw-r--r-- | auth2-hostbased.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 359393291..764ceff74 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-hostbased.c,v 1.36 2018/07/31 03:10:27 djm Exp $ */ | 1 | /* $OpenBSD: auth2-hostbased.c,v 1.38 2018/09/20 03:28:06 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -79,7 +79,7 @@ userauth_hostbased(struct ssh *ssh) | |||
| 79 | cuser, chost, pkalg, slen); | 79 | cuser, chost, pkalg, slen); |
| 80 | #ifdef DEBUG_PK | 80 | #ifdef DEBUG_PK |
| 81 | debug("signature:"); | 81 | debug("signature:"); |
| 82 | sshbuf_dump_data(sig, siglen, stderr); | 82 | sshbuf_dump_data(sig, slen, stderr); |
| 83 | #endif | 83 | #endif |
| 84 | pktype = sshkey_type_from_name(pkalg); | 84 | pktype = sshkey_type_from_name(pkalg); |
| 85 | if (pktype == KEY_UNSPEC) { | 85 | if (pktype == KEY_UNSPEC) { |
| @@ -112,6 +112,13 @@ userauth_hostbased(struct ssh *ssh) | |||
| 112 | __func__, sshkey_type(key)); | 112 | __func__, sshkey_type(key)); |
| 113 | goto done; | 113 | goto done; |
| 114 | } | 114 | } |
| 115 | if ((r = sshkey_check_cert_sigtype(key, | ||
| 116 | options.ca_sign_algorithms)) != 0) { | ||
| 117 | logit("%s: certificate signature algorithm %s: %s", __func__, | ||
| 118 | (key->cert == NULL || key->cert->signature_type == NULL) ? | ||
| 119 | "(null)" : key->cert->signature_type, ssh_err(r)); | ||
| 120 | goto done; | ||
| 121 | } | ||
| 115 | 122 | ||
| 116 | if (!authctxt->valid || authctxt->user == NULL) { | 123 | if (!authctxt->valid || authctxt->user == NULL) { |
| 117 | debug2("%s: disabled because of invalid user", __func__); | 124 | debug2("%s: disabled because of invalid user", __func__); |