summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c47
1 files changed, 10 insertions, 37 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 0713a9de8..e64982283 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.74 2017/12/21 00:00:28 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.75 2018/01/23 05:27:21 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -100,26 +100,10 @@ userauth_pubkey(struct ssh *ssh)
100 debug2("%s: disabled because of invalid user", __func__); 100 debug2("%s: disabled because of invalid user", __func__);
101 return 0; 101 return 0;
102 } 102 }
103 if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0) 103 if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
104 fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r)); 104 (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
105 if (ssh->compat & SSH_BUG_PKAUTH) { 105 (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
106 debug2("%s: SSH_BUG_PKAUTH", __func__); 106 fatal("%s: parse request failed: %s", __func__, ssh_err(r));
107 if ((b = sshbuf_new()) == NULL)
108 fatal("%s: sshbuf_new failed", __func__);
109 /* no explicit pkalg given */
110 /* so we have to extract the pkalg from the pkblob */
111 /* XXX use sshbuf_from() */
112 if ((r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
113 (r = sshbuf_put(b, pkblob, blen)) != 0 ||
114 (r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0)
115 fatal("%s: failed: %s", __func__, ssh_err(r));
116 sshbuf_free(b);
117 } else {
118 if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
119 (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
120 fatal("%s: sshpkt_get_cstring failed: %s",
121 __func__, ssh_err(r));
122 }
123 pktype = sshkey_type_from_name(pkalg); 107 pktype = sshkey_type_from_name(pkalg);
124 if (pktype == KEY_UNSPEC) { 108 if (pktype == KEY_UNSPEC) {
125 /* this is perfectly legal */ 109 /* this is perfectly legal */
@@ -188,22 +172,11 @@ userauth_pubkey(struct ssh *ssh)
188 authctxt->style ? authctxt->style : ""); 172 authctxt->style ? authctxt->style : "");
189 if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || 173 if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
190 (r = sshbuf_put_cstring(b, userstyle)) != 0 || 174 (r = sshbuf_put_cstring(b, userstyle)) != 0 ||
191 (r = sshbuf_put_cstring(b, ssh->compat & SSH_BUG_PKSERVICE ? 175 (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
192 "ssh-userauth" : authctxt->service)) != 0) 176 (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
193 fatal("%s: build packet failed: %s", 177 (r = sshbuf_put_u8(b, have_sig)) != 0 ||
194 __func__, ssh_err(r)); 178 (r = sshbuf_put_cstring(b, pkalg) != 0) ||
195 if (ssh->compat & SSH_BUG_PKAUTH) { 179 (r = sshbuf_put_string(b, pkblob, blen)) != 0)
196 if ((r = sshbuf_put_u8(b, have_sig)) != 0)
197 fatal("%s: build packet failed: %s",
198 __func__, ssh_err(r));
199 } else {
200 if ((r = sshbuf_put_cstring(b, "publickey")) != 0 ||
201 (r = sshbuf_put_u8(b, have_sig)) != 0 ||
202 (r = sshbuf_put_cstring(b, pkalg) != 0))
203 fatal("%s: build packet failed: %s",
204 __func__, ssh_err(r));
205 }
206 if ((r = sshbuf_put_string(b, pkblob, blen)) != 0)
207 fatal("%s: build packet failed: %s", 180 fatal("%s: build packet failed: %s",
208 __func__, ssh_err(r)); 181 __func__, ssh_err(r));
209#ifdef DEBUG_PK 182#ifdef DEBUG_PK