diff options
Diffstat (limited to 'auth2.c')
| -rw-r--r-- | auth2.c | 33 |
1 files changed, 25 insertions, 8 deletions
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth2.c,v 1.21 2000/11/12 19:50:37 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.22 2000/12/03 11:15:02 markus Exp $"); |
| 27 | 27 | ||
| 28 | #ifdef HAVE_OSF_SIA | 28 | #ifdef HAVE_OSF_SIA |
| 29 | # include <sia.h> | 29 | # include <sia.h> |
| @@ -434,14 +434,27 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 434 | return 0; | 434 | return 0; |
| 435 | } | 435 | } |
| 436 | have_sig = packet_get_char(); | 436 | have_sig = packet_get_char(); |
| 437 | pkalg = packet_get_string(&alen); | 437 | if (datafellows & SSH_BUG_PKAUTH) { |
| 438 | debug2("userauth_pubkey: SSH_BUG_PKAUTH"); | ||
| 439 | /* no explicit pkalg given */ | ||
| 440 | pkblob = packet_get_string(&blen); | ||
| 441 | buffer_init(&b); | ||
| 442 | buffer_append(&b, pkblob, blen); | ||
| 443 | /* so we have to extract the pkalg from the pkblob */ | ||
| 444 | pkalg = buffer_get_string(&b, &alen); | ||
| 445 | buffer_free(&b); | ||
| 446 | } else { | ||
| 447 | pkalg = packet_get_string(&alen); | ||
| 448 | pkblob = packet_get_string(&blen); | ||
| 449 | } | ||
| 438 | pktype = key_type_from_name(pkalg); | 450 | pktype = key_type_from_name(pkalg); |
| 439 | if (pktype == KEY_UNSPEC) { | 451 | if (pktype == KEY_UNSPEC) { |
| 440 | log("bad pkalg %s", pkalg); | 452 | /* this is perfectly legal */ |
| 453 | log("userauth_pubkey: unsupported public key algorithm: %s", pkalg); | ||
| 441 | xfree(pkalg); | 454 | xfree(pkalg); |
| 455 | xfree(pkblob); | ||
| 442 | return 0; | 456 | return 0; |
| 443 | } | 457 | } |
| 444 | pkblob = packet_get_string(&blen); | ||
| 445 | key = key_from_blob(pkblob, blen); | 458 | key = key_from_blob(pkblob, blen); |
| 446 | if (key != NULL) { | 459 | if (key != NULL) { |
| 447 | if (have_sig) { | 460 | if (have_sig) { |
| @@ -457,12 +470,16 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 457 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 470 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
| 458 | buffer_put_cstring(&b, authctxt->user); | 471 | buffer_put_cstring(&b, authctxt->user); |
| 459 | buffer_put_cstring(&b, | 472 | buffer_put_cstring(&b, |
| 460 | datafellows & SSH_BUG_PUBKEYAUTH ? | 473 | datafellows & SSH_BUG_PKSERVICE ? |
| 461 | "ssh-userauth" : | 474 | "ssh-userauth" : |
| 462 | authctxt->service); | 475 | authctxt->service); |
| 463 | buffer_put_cstring(&b, "publickey"); | 476 | if (datafellows & SSH_BUG_PKAUTH) { |
| 464 | buffer_put_char(&b, have_sig); | 477 | buffer_put_char(&b, have_sig); |
| 465 | buffer_put_cstring(&b, key_ssh_name(key)); | 478 | } else { |
| 479 | buffer_put_cstring(&b, "publickey"); | ||
| 480 | buffer_put_char(&b, have_sig); | ||
| 481 | buffer_put_cstring(&b, key_ssh_name(key)); | ||
| 482 | } | ||
| 466 | buffer_put_string(&b, pkblob, blen); | 483 | buffer_put_string(&b, pkblob, blen); |
| 467 | #ifdef DEBUG_PK | 484 | #ifdef DEBUG_PK |
| 468 | buffer_dump(&b); | 485 | buffer_dump(&b); |