diff options
Diffstat (limited to 'clientloop.c')
| -rw-r--r-- | clientloop.c | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/clientloop.c b/clientloop.c index 4289a4081..064816234 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.c,v 1.289 2016/09/30 09:19:13 markus Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.291 2017/03/10 05:01:13 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -991,7 +991,7 @@ process_cmdline(void) | |||
| 991 | CHANNEL_CANCEL_PORT_STATIC, | 991 | CHANNEL_CANCEL_PORT_STATIC, |
| 992 | &options.fwd_opts) > 0; | 992 | &options.fwd_opts) > 0; |
| 993 | if (!ok) { | 993 | if (!ok) { |
| 994 | logit("Unkown port forwarding."); | 994 | logit("Unknown port forwarding."); |
| 995 | goto out; | 995 | goto out; |
| 996 | } | 996 | } |
| 997 | logit("Canceled forwarding."); | 997 | logit("Canceled forwarding."); |
| @@ -2391,6 +2391,26 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx) | |||
| 2391 | } | 2391 | } |
| 2392 | 2392 | ||
| 2393 | /* | 2393 | /* |
| 2394 | * Returns non-zero if the key is accepted by HostkeyAlgorithms. | ||
| 2395 | * Made slightly less trivial by the multiple RSA signature algorithm names. | ||
| 2396 | */ | ||
| 2397 | static int | ||
| 2398 | key_accepted_by_hostkeyalgs(const struct sshkey *key) | ||
| 2399 | { | ||
| 2400 | const char *ktype = sshkey_ssh_name(key); | ||
| 2401 | const char *hostkeyalgs = options.hostkeyalgorithms != NULL ? | ||
| 2402 | options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG; | ||
| 2403 | |||
| 2404 | if (key == NULL || key->type == KEY_UNSPEC) | ||
| 2405 | return 0; | ||
| 2406 | if (key->type == KEY_RSA && | ||
| 2407 | (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || | ||
| 2408 | match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) | ||
| 2409 | return 1; | ||
| 2410 | return match_pattern_list(ktype, hostkeyalgs, 0) == 1; | ||
| 2411 | } | ||
| 2412 | |||
| 2413 | /* | ||
| 2394 | * Handle hostkeys-00@openssh.com global request to inform the client of all | 2414 | * Handle hostkeys-00@openssh.com global request to inform the client of all |
| 2395 | * the server's hostkeys. The keys are checked against the user's | 2415 | * the server's hostkeys. The keys are checked against the user's |
| 2396 | * HostkeyAlgorithms preference before they are accepted. | 2416 | * HostkeyAlgorithms preference before they are accepted. |
| @@ -2436,10 +2456,7 @@ client_input_hostkeys(void) | |||
| 2436 | sshkey_type(key), fp); | 2456 | sshkey_type(key), fp); |
| 2437 | free(fp); | 2457 | free(fp); |
| 2438 | 2458 | ||
| 2439 | /* Check that the key is accepted in HostkeyAlgorithms */ | 2459 | if (!key_accepted_by_hostkeyalgs(key)) { |
| 2440 | if (match_pattern_list(sshkey_ssh_name(key), | ||
| 2441 | options.hostkeyalgorithms ? options.hostkeyalgorithms : | ||
| 2442 | KEX_DEFAULT_PK_ALG, 0) != 1) { | ||
| 2443 | debug3("%s: %s key not permitted by HostkeyAlgorithms", | 2460 | debug3("%s: %s key not permitted by HostkeyAlgorithms", |
| 2444 | __func__, sshkey_ssh_name(key)); | 2461 | __func__, sshkey_ssh_name(key)); |
| 2445 | continue; | 2462 | continue; |