summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/monitor.c b/monitor.c
index 8002aca86..98362948f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.210 2020/03/13 03:17:07 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.214 2020/08/27 01:07:09 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -698,7 +698,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
698 698
699 if ((key = get_hostkey_by_index(keyid)) != NULL) { 699 if ((key = get_hostkey_by_index(keyid)) != NULL) {
700 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, 700 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
701 options.sk_provider, compat)) != 0) 701 options.sk_provider, NULL, compat)) != 0)
702 fatal("%s: sshkey_sign failed: %s", 702 fatal("%s: sshkey_sign failed: %s",
703 __func__, ssh_err(r)); 703 __func__, ssh_err(r));
704 } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && 704 } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
@@ -1433,7 +1433,8 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1433 const u_char *signature, *data, *blob; 1433 const u_char *signature, *data, *blob;
1434 char *sigalg = NULL, *fp = NULL; 1434 char *sigalg = NULL, *fp = NULL;
1435 size_t signaturelen, datalen, bloblen; 1435 size_t signaturelen, datalen, bloblen;
1436 int r, ret, req_presence = 0, valid_data = 0, encoded_ret; 1436 int r, ret, req_presence = 0, req_verify = 0, valid_data = 0;
1437 int encoded_ret;
1437 struct sshkey_sig_details *sig_details = NULL; 1438 struct sshkey_sig_details *sig_details = NULL;
1438 1439
1439 if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 || 1440 if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 ||
@@ -1498,6 +1499,18 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1498 ssh_remote_port(ssh)); 1499 ssh_remote_port(ssh));
1499 ret = SSH_ERR_SIGNATURE_INVALID; 1500 ret = SSH_ERR_SIGNATURE_INVALID;
1500 } 1501 }
1502 req_verify = (options.pubkey_auth_options &
1503 PUBKEYAUTH_VERIFY_REQUIRED) || key_opts->require_verify;
1504 if (req_verify &&
1505 (sig_details->sk_flags & SSH_SK_USER_VERIFICATION_REQD) == 0) {
1506 error("public key %s %s signature for %s%s from %.128s "
1507 "port %d rejected: user verification requirement "
1508 "not met ", sshkey_type(key), fp,
1509 authctxt->valid ? "" : "invalid user ",
1510 authctxt->user, ssh_remote_ipaddr(ssh),
1511 ssh_remote_port(ssh));
1512 ret = SSH_ERR_SIGNATURE_INVALID;
1513 }
1501 } 1514 }
1502 auth2_record_key(authctxt, ret == 0, key); 1515 auth2_record_key(authctxt, ret == 0, key);
1503 1516
@@ -1614,7 +1627,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
1614 if (fd0 != 0) 1627 if (fd0 != 0)
1615 error("%s: fd0 %d != 0", __func__, fd0); 1628 error("%s: fd0 %d != 0", __func__, fd0);
1616 1629
1617 /* slave is not needed */ 1630 /* slave side of pty is not needed */
1618 close(s->ttyfd); 1631 close(s->ttyfd);
1619 s->ttyfd = s->ptyfd; 1632 s->ttyfd = s->ptyfd;
1620 /* no need to dup() because nobody closes ptyfd */ 1633 /* no need to dup() because nobody closes ptyfd */
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 18:04:32 +0000