summaryrefslogtreecommitdiff
path: root/auth2-hostbased.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2-hostbased.c')
-rw-r--r--auth2-hostbased.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 359393291..764ceff74 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-hostbased.c,v 1.36 2018/07/31 03:10:27 djm Exp $ */ 1/* $OpenBSD: auth2-hostbased.c,v 1.38 2018/09/20 03:28:06 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -79,7 +79,7 @@ userauth_hostbased(struct ssh *ssh)
79 cuser, chost, pkalg, slen); 79 cuser, chost, pkalg, slen);
80#ifdef DEBUG_PK 80#ifdef DEBUG_PK
81 debug("signature:"); 81 debug("signature:");
82 sshbuf_dump_data(sig, siglen, stderr); 82 sshbuf_dump_data(sig, slen, stderr);
83#endif 83#endif
84 pktype = sshkey_type_from_name(pkalg); 84 pktype = sshkey_type_from_name(pkalg);
85 if (pktype == KEY_UNSPEC) { 85 if (pktype == KEY_UNSPEC) {
@@ -112,6 +112,13 @@ userauth_hostbased(struct ssh *ssh)
112 __func__, sshkey_type(key)); 112 __func__, sshkey_type(key));
113 goto done; 113 goto done;
114 } 114 }
115 if ((r = sshkey_check_cert_sigtype(key,
116 options.ca_sign_algorithms)) != 0) {
117 logit("%s: certificate signature algorithm %s: %s", __func__,
118 (key->cert == NULL || key->cert->signature_type == NULL) ?
119 "(null)" : key->cert->signature_type, ssh_err(r));
120 goto done;
121 }
115 122
116 if (!authctxt->valid || authctxt->user == NULL) { 123 if (!authctxt->valid || authctxt->user == NULL) {
117 debug2("%s: disabled because of invalid user", __func__); 124 debug2("%s: disabled because of invalid user", __func__);